Home
%3CLINGO-SUB%20id%3D%22lingo-sub-856835%22%20slang%3D%22en-US%22%3EMITRE%20ATT%26amp%3BCK%20technique%20info%20in%20Microsoft%20Defender%20ATP%20alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-856835%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%3CFONT%20face%3D%22%26quot%3BSegoe%20UI%26quot%3B%2Csans-serif%22%20size%3D%222%22%20style%3D%22background-color%3A%20%23ffffff%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Csans-serif%3B%20font-size%3A%2013.33px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EFollowing%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Defender-ATP%2FMicrosoft-Defender-ATP-alert-categories-are-now-aligned-with%2Fba-p%2F732748%22%20target%3D%22_self%22%3Ethe%20alignment%20of%20Microsoft%20Defender%20ATP%3C%2FA%3E%20alert%20categories%20with%3CA%20href%3D%22https%3A%2F%2Fattack.mitre.org%2Ftactics%2Fenterprise%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20MITRE%20ATT%26amp%3BCK%20tactics%3C%2FA%3E%2C%20we%20are%20now%20enhancing%20our%20alerts%20to%20include%20%3CA%20href%3D%22https%3A%2F%2Fattack.mitre.org%2Fmatrices%2Fenterprise%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMITRE%20ATT%26amp%3BCK%20technique%3C%2FA%3E%20information.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.0pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%22%3EFor%20example%2C%20each%20of%20the%20following%20alerts%20will%20now%20show%20corresponding%20ATT%26amp%3BCK%20technique%20IDs%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.0pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20637px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F131912iAD40FA3CD994D5FF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22MITREAT1.PNG%22%20title%3D%22MITREAT1.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.0pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20599px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F131913iDAE4320FACC0C3CC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22MITREAT2.PNG%22%20title%3D%22MITREAT2.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.0pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%22%3EThis%20change%20points%20security%20analysts%20to%20more%20information%20about%20attacker%20activities%20that%20trigger%20the%20alerts.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.0pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%22%3EFrom%20each%20alert%2C%20you%20can%20consult%20the%20%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fattack.mitre.org%252Fmatrices%252Fenterprise%252F%26amp%3Bdata%3D02%257C01%257Chafeld%2540microsoft.com%257Cba751ef4c8334e03618a08d7267362da%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637020149349491102%26amp%3Bsdata%3DW8S%252FWYxpvwH98fhskKyidAtUVOH2zELTOh3cEL7DO7o%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMITRE%20ATT%26amp%3BCK%20matrix%3C%2FA%3E%20for%20generalized%20information%20about%20the%20techniques%2C%20including%20their%20potential%20impact%20and%20how%20they%20have%20been%20used%20in%20known%20attacks.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-856835%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010.0pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20928px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F131916i8CC134EDC67B4A1B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22MDATP%2BATT%26amp%3BCK1.png%22%20title%3D%22MDATP%2BATT%26amp%3BCK1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22margin-left%3A%20.25in%3B%22%3E%3CFONT%20face%3D%22%26quot%3BSegoe%20UI%26quot%3B%2Csans-serif%22%20size%3D%222%22%20style%3D%22background-color%3A%20%23ffffff%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Csans-serif%3B%20font-size%3A%2013.33px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EFollowing%20%3CA%20style%3D%22background-color%3A%20transparent%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23146cac%3B%20text-decoration%3A%20underline%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Defender-ATP%2FMicrosoft-Defender-ATP-alert-categories-are-now-aligned-with%2Fba-p%2F732748%22%20target%3D%22_self%22%3Ethe%20alignment%20of%20Microsoft%20Defender%20ATP%3C%2FA%3E%20alert%20categories%20with%3CA%20style%3D%22background-color%3A%20transparent%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23146cac%3B%20text-decoration%3A%20underline%3B%22%20href%3D%22https%3A%2F%2Fattack.mitre.org%2Ftactics%2Fenterprise%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20MITRE%20ATT%26amp%3BCK%20tactics%3C%2FA%3E%2C%20we%20are%20now%20enhancing%20our%20alerts%20to%20include%20%3CA%20style%3D%22background-color%3A%20transparent%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23146cac%3B%20text-decoration%3A%20underline%3B%22%20href%3D%22https%3A%2F%2Fattack.mitre.org%2Fmatrices%2Fenterprise%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMITRE%20ATT%26amp%3BCK%20technique%3C%2FA%3E%20information.%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

Following the alignment of Microsoft Defender ATP alert categories with MITRE ATT&CK tactics, we are now enhancing our alerts to include MITRE ATT&CK technique information.

 

For example, each of the following alerts will now show corresponding ATT&CK technique IDs:

MITREAT1.PNG

 

MITREAT2.PNG

 

This change points security analysts to more information about attacker activities that trigger the alerts.

From each alert, you can consult the MITRE ATT&CK matrix for generalized information about the techniques, including their potential impact and how they have been used in known attacks.