Azure ATP Security Alerts External IDs

%3CLINGO-SUB%20id%3D%22lingo-sub-1179229%22%20slang%3D%22en-US%22%3EAzure%20ATP%20Security%20Alerts%20External%20IDs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1179229%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Experts%2C%3C%2FP%3E%3CP%3EIs%20there%20any%20method%20to%20find%20out%20Azure%20Alerts%20external%20ID%20to%20MITRE%20techniques%20ID%3F%3C%2FP%3E%3CP%3EFor%20example%26nbsp%3B%3C%2FP%3E%3CP%3ENew%26nbsp%3Bsecurity%26nbsp%3Balert%26nbsp%3Bname%20Unique%26nbsp%3Bexternal%26nbsp%3BID%20Severity%20MITRE%26nbsp%3BATT%26amp%3BCK%26nbsp%3BMatrix%E2%84%A2%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-reconnaissance-alerts%23account-enumeration-reconnaissance-external-id-2003%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAccount%26nbsp%3Benumeration%26nbsp%3Breconnaissance%3C%2FA%3E%3C%2FTD%3E%3CTD%3E2003%3C%2FTD%3E%3CTD%3EMedium%3C%2FTD%3E%3CTD%3EDiscovery%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20filter%20out%20exact%20Technique%20id%20in%20MITRE%20ATT%26amp%3BCK%2C%20Currently%20it%20is%20given%20as%20Matrix%20only.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20Advanced.%26nbsp%3B%3C%2FP%3E%3CP%3EAdarsh%20Pandey%3C%2FP%3E%3CP%3E(Security%20Engineer%20%7C%20SecIntel)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1244617%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20Security%20Alerts%20External%20IDs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1244617%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F561799%22%20target%3D%22_blank%22%3E%40Adarsh2019%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%26nbsp%3B%3CSPAN%3EAdarsh%2C%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ELet%20me%20talk%20to%20the%20team%20and%20see%20if%20we%20can%20get%20more%20specific%20as%20you%20requested.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EGershon%2C%20CxE%20Security%20(AATP%20and%20MCAS)%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi Experts,

Is there any method to find out Azure Alerts external ID to MITRE techniques ID?

For example 

New security alert name Unique external ID Severity MITRE ATT&CK Matrix™

Account enumeration reconnaissance2003MediumDiscovery

 

I want to filter out exact Technique id in MITRE ATT&CK, Currently it is given as Matrix only.

 

Thanks in Advanced. 

Adarsh Pandey

(Security Engineer | SecIntel)

1 Reply
Highlighted

@Adarsh2019 

Hi Adarsh, 

 

Let me talk to the team and see if we can get more specific as you requested. 

 

Thanks

Gershon, CxE Security (AATP and MCAS)