MITRE ATT&CK technique info in Microsoft Defender ATP alerts

Microsoft

Sep 16, 2019

Following the alignment of Microsoft Defender ATP alert categories with MITRE ATT&CK tactics, we are now enhancing our alerts to include MITRE ATT&CK technique information.

For example, each of the following alerts will now show corresponding ATT&CK technique IDs:

This change points security analysts to more information about attacker activities that trigger the alerts.

From each alert, you can consult the MITRE ATT&CK matrix for generalized information about the techniques, including their potential impact and how they have been used in known attacks.

Published Sep 16, 2019

Version 1.0

Hadar Feldman

Microsoft

Joined August 21, 2017

View Profile

Microsoft Defender for Endpoint Blog

When evaluating various solutions, your peers value hearing from people like you who’ve used the product. Review Defender for Endpoint by filling out a Gartner Peer Insights survey and receive a $25 USD gift card (for customers only). Microsoft Privacy Statement

Blog Post

MITRE ATT&CK technique info in Microsoft Defender ATP alerts

Share