Jun 23 2021 11:56 AM
Team,
We are working on building certain correlation threat use case for Endpoints and cloud instances running with Defender and would like to know the list of rules in Defender with the MITRE Tactics and Techniques mappings.
Jun 27 2021 12:36 PM
Jul 29 2022 12:02 AM
Morning,
As @akudrati already stated; Azure is supporting MITRE ATT&CK mapping. You can connect the Microsoft Defender for Endpoint (and also the other products like MDI, Def4O365, etc.) to Sentinel via the native built-in Data Connectors in Microsoft Sentinel.
Furthermore, Microsoft Defender is also doing a mapping to the MITRE ATT&CK table. When you click on an alert, on the right side of the screen a blade comes in, and in the alert details section you see MITRE ATT&CK Techniques and below that the mapped technique.