Threat protection for Azure Defender

Azure Security Center threat detection map. This can help map the threat detection capabilities of ASC to the public stories that exist out there to further understanding of ASC.

Get Started. It's Free
or sign up with your email address
Threat protection for Azure Defender by Mind Map: Threat protection for Azure Defender

1. Windows

1.1. Crash dump analysis

1.1.1. Shell code discovered

1.1.2. Code injection discovered

1.1.3. Masquerading Windows Module Detected

1.2. Fileless attack

1.2.1. memory process contains attack toolkit

1.2.2. shell code

1.3. Microsoft Defender for Endpoint

1.3.1. PowerShell scripts

1.3.2. Fileless malware

1.3.3. Credential dumping

1.4. Event ID 4688 - A new process has been created

1.5. SQL Brute Force

1.6. Cypto mining attack

1.7. Integrated vulnerability assessment solution for Azure and hybrid machines

2. Linux

2.1. AuditD

2.2. crypto mining campaign

2.3. bash scripts

2.4. password spray

2.5. Fileless Attack

2.6. Integrated vulnerability assessment solution for Azure and hybrid machines

3. Azure PaaS

3.1. SQL Database PaaS\IaaS\On-Prem

3.1.1. SQL Injection

3.1.2. Suspicious Logins

3.1.3. SQL Brute Force

3.1.4. High priv SQL commands

3.1.5. Unusual Export location

3.2. Azure Storage

3.2.1. Malware Hash Reputation Analysis

3.2.2. Phishing campaigns, unusual access

3.3. Azure Cosmos Database

3.4. Azure Network Layer

3.5. Azure KeyVault

3.6. Azure Resource Manager - Management APIs

3.7. Azure App Service

3.8. Azure Database for MySQL

3.9. Azure Database for PostgreSQL

3.10. Azure Virtual Network

3.11. Azure Subscription

3.12. DNS

3.12.1. Data exfiltration from your Azure resources using DNS tunneling

3.12.2. Malware communicating with C&C server

3.12.3. Communication with malicious domains as phishing and crypto mining

3.12.4. DNS attacks - communication with malicious DNS resolvers

4. Containers

4.1. Azure Kubernetes Service

4.1.1. exposed K8s dashboards

4.1.2. creation of high privileged roles

4.1.3. creation of sensitive mounts

4.2. Host level

4.2.1. web shell detection

4.2.2. Suspicious Logins

4.2.3. Privileged container creation

4.2.4. SSH Server hosted in container

4.2.5. suspicious access to API

4.2.6. Exposed Docker API \ Services

4.3. Azure Container Registry - images

4.3.1. Vulnerability management

5. Intents

5.1. PreAttack

5.2. IntialAccess

5.3. Persistence

5.4. PrivilegeEscalation

5.5. DefensiveEvasion

5.6. CredentialAccess

5.7. Discovery

5.8. LateralMovement

5.9. Execution

5.10. Collection

5.11. Exfiltration

5.12. CommandAndControl

5.13. Impact

6. Security Analytics

6.1. Integrated threat intelligence

6.1.1. Outbound communication to a malicious IP address

6.1.1.1. Digital Crimes Unit

6.1.1.2. 3rd Party Lists

6.1.1.3. Cloud Service Provider sharing

6.1.1.4. Microsoft Security Response Center

6.2. Behavioral analytics

6.2.1. Suspicious process execution

6.2.2. Hidden malware and exploitation attempts

6.2.3. Lateral movement and internal reconnaissance

6.2.4. Malicious PowerShell Scripts

6.2.5. Outgoing attacks

6.3. Anomaly detection

6.3.1. Inbound RDP/SSH Brute force attacks

7. 340 Unique Detections

8. Test Drive ASC

8.1. ASC Simulations

9. Last Updated: 4/14/2021

10. IoT