Threat protection - (CWPP) Microsoft Defender for Cloud

Azure Security Center threat detection map. This can help map the threat detection capabilities of ASC to the public stories that exist out there to further understanding of ASC.

Get Started. It's Free
or sign up with your email address
Threat protection - (CWPP) Microsoft Defender for Cloud by Mind Map: Threat protection - (CWPP) Microsoft Defender for Cloud

1. Defender for SQL (PaaS\IaaS\On-Prem)

1.1. SQL Injection

1.2. Suspicious Logins

1.3. SQL Brute Force

1.4. High priv SQL commands

1.5. Unusual Export location

1.6. vulnerability assessment

1.6.1. permission configurations

1.6.2. feature configurations

1.6.3. database settings

2. Windows

2.1. Crash dump analysis

2.1.1. Shell code discovered

2.1.2. Code injection discovered

2.1.3. Masquerading Windows Module Detected

2.2. Fileless attack

2.2.1. memory process contains attack toolkit

2.2.2. shell code

2.3. Microsoft Defender for Endpoint

2.3.1. PowerShell scripts

2.3.2. Fileless malware

2.3.3. Credential dumping

2.4. Event ID 4688 - A new process has been created

2.5. SQL Brute Force

2.6. Cypto mining attack

2.7. Integrated vulnerability assessment solution for Azure and hybrid machines

3. Linux

3.1. AuditD

3.2. crypto mining campaign

3.3. bash scripts

3.4. password spray

3.5. Microsoft Defender for Endpoint: Linux

3.5.1. EDR for Linux

3.5.2. Behavior monitoring and blocking

3.5.3. AntiVirus Solution

3.6. Fileless Attack

3.7. Integrated vulnerability assessment solution for Azure and hybrid machines

4. Azure PaaS

4.1. Azure Storage

4.1.1. Malware Hash Reputation Analysis

4.1.2. Phishing campaigns, unusual access

4.2. Azure Cosmos Database

4.3. Azure Network Layer

4.4. Azure KeyVault

4.5. Azure Resource Manager - Management APIs

4.6. Azure App Service

4.7. Azure Database for Open Source relational databases

4.7.1. PostgreSQL

4.7.2. MySQL

4.7.3. MariaDB

4.8. DNS

4.8.1. Data exfiltration from your Azure resources using DNS tunneling

4.8.2. Malware communicating with C&C server

4.8.3. Communication with malicious domains as phishing and crypto mining

4.8.4. DNS attacks - communication with malicious DNS resolvers

5. Defender for Containers

5.1. Architecture

5.2. Kubernetes (AKS, EKS, K8S via ARC) (cluster)

5.2.1. Gate Keeper - Policy Control

5.2.2. Runtime Vulnerability assessments (AKS)

5.2.3. creation of high privileged roles

5.2.4. abnormal service account operation and abnormal managed identity association

5.2.5. creation of sensitive mounts

5.2.6. Excessive role permissions assigned in Kubernetes cluster

5.2.7. Anomalous pod deployment

5.2.8. exposed K8s dashboards

5.3. Host level (node) Daemon set

5.3.1. web shell detection

5.3.2. Suspicious Logins

5.3.3. Privileged container creation

5.3.4. SSH Server hosted in container

5.3.5. suspicious access to API

5.3.6. Exposed Docker API \ Services

5.4. Azure Container Registry

5.4.1. Vulnerability management

6. Kill chain intents

6.1. PreAttack

6.2. IntialAccess

6.3. Persistence

6.4. PrivilegeEscalation

6.5. DefensiveEvasion

6.6. CredentialAccess

6.7. Discovery

6.8. LateralMovement

6.9. Execution

6.10. Collection

6.11. Exfiltration

6.12. CommandAndControl

6.13. Impact

7. Security Analytics

7.1. Integrated threat intelligence

7.1.1. Microsoft Threat Intelligence Center (MSTIC)

7.1.1.1. Outbound communication to a malicious IP address

7.1.2. Digital Crimes Unit

7.1.3. 3rd Party Lists

7.1.4. Cloud Service Provider sharing

7.1.5. Instruments

7.1.5.1. Sample Zoos

7.1.5.2. Original research

7.1.5.3. Dark markets

7.1.5.4. Threat feeds

7.1.5.5. Sinkholes & Honeypots

7.1.5.6. Detonation & sandboxes

7.1.5.7. Customer IR intelligence

7.2. Behavioral analytics

7.2.1. Suspicious process execution

7.2.2. Hidden malware and exploitation attempts

7.2.3. Lateral movement and internal reconnaissance

7.2.4. Malicious PowerShell Scripts

7.2.5. Outgoing attacks

7.3. Anomaly detection

7.3.1. Inbound RDP/SSH Brute force attacks

8. 450 Unique Detections

9. Test Drive Microsoft Defender for Cloud

9.1. Simulations

10. Last Updated: 7/5/2022

11. IoT

12. Provide Feedback ? - Sarahah - SwiftSolves