Following the alignment of Microsoft Defender ATP alert categories with MITRE ATT&CK tactics, we are now enhancing our alerts to include MITRE ATT&CK technique information.
For example, each of the following alerts will now show corresponding ATT&CK technique IDs:
This change points security analysts to more information about attacker activities that trigger the alerts.
From each alert, you can consult the MITRE ATT&CK matrix for generalized information about the techniques, including their potential impact and how they have been used in known attacks.
Published Sep 16, 2019
Version 1.0Hadar Feldman
Microsoft
Joined August 21, 2017
Microsoft Defender for Endpoint Blog
Microsoft Defender for Endpoint disrupts ransomware with industry-leading endpoint security, providing comprehensive protection across all platforms and devices.