MS Defender ATP and Antivirus Rules with MITRE mapping

ajeeshneelamkavil · ‎Jun 23 2021

Team,

We are working on building certain correlation threat use case for Endpoints and cloud instances running with Defender and would like to know the list of rules in Defender with the MITRE Tactics and Techniques mappings.

pvanberlo · ‎Jun 27 2021

I’ve not seen this before, so not sure if this is available in an easy to consume list somewhere. Perhaps someone else knows.

akudrati · ‎Jul 28 2022

@pvanberlo Check this out.

MITRE ATT&CK® mappings released for built-in Azure security controls - Microsoft Security Blog

Tiennes · ‎Jul 29 2022

Morning,

As @akudrati already stated; Azure is supporting MITRE ATT&CK mapping. You can connect the Microsoft Defender for Endpoint (and also the other products like MDI, Def4O365, etc.) to Sentinel via the native built-in Data Connectors in Microsoft Sentinel.

Furthermore, Microsoft Defender is also doing a mapping to the MITRE ATT&CK table. When you click on an alert, on the right side of the screen a blade comes in, and in the alert details section you see MITRE ATT&CK Techniques and below that the mapped technique.

MS Defender ATP and Antivirus Rules with MITRE mapping

MS Defender ATP and Antivirus Rules with MITRE mapping

Re: MS Defender ATP and Antivirus Rules with MITRE mapping

Re: MS Defender ATP and Antivirus Rules with MITRE mapping

Re: MS Defender ATP and Antivirus Rules with MITRE mapping

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

MS Defender ATP and Antivirus Rules with MITRE mapping

MS Defender ATP and Antivirus Rules with MITRE mapping

Re: MS Defender ATP and Antivirus Rules with MITRE mapping

Re: MS Defender ATP and Antivirus Rules with MITRE mapping

Re: MS Defender ATP and Antivirus Rules with MITRE mapping