Vendor: Microsoft

Product: Azure Key Vault

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
64	29	10	6	3

Use-Case	Activity Types (Legacy Event Type)/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	scheduled_task-trigger:success (app-activity) ↳microsoft-azuremon-sk4-app-activity-auditevent ↳microsoft-azure-json-key-success-keyvault ↳microsoft-azuremon-sk4-app-activity-auditevent ↳microsoft-azuremon-sk4-app-activity-auditevent ↳microsoft-azuremon-sk4-app-activity-auditevent app-login:success (app-login) ↳microsoft-azure-cef-app-login-success-authentication endpoint-login:success (authentication-successful) ↳microsoft-azuremon-sk4-app-activity-auditevent	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Account Manipulation	scheduled_task-trigger:success (app-activity) ↳microsoft-azuremon-sk4-app-activity-auditevent ↳microsoft-azure-json-key-success-keyvault ↳microsoft-azuremon-sk4-app-activity-auditevent ↳microsoft-azuremon-sk4-app-activity-auditevent ↳microsoft-azuremon-sk4-app-activity-auditevent	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Lateral Movement	app-login:success (app-login) ↳microsoft-azure-cef-app-login-success-authentication endpoint-login:success (authentication-successful) ↳microsoft-azuremon-sk4-app-activity-auditevent	T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Malware	app-login:success (app-login) ↳microsoft-azure-cef-app-login-success-authentication endpoint-login:success (authentication-successful) ↳microsoft-azuremon-sk4-app-activity-auditevent	T1078 - Valid Accounts	1 Rules
Ransomware	app-login:success (app-login) ↳microsoft-azure-cef-app-login-success-authentication endpoint-login:success (authentication-successful) ↳microsoft-azuremon-sk4-app-activity-auditevent	T1078 - Valid Accounts	1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts Valid Accounts: Cloud Accounts Exploit Public Fasing Application		External Remote Services Valid Accounts Account Manipulation Account Manipulation: Exchange Email Delegate Permissions	Valid Accounts	Valid Accounts				Email Collection Email Collection: Email Forwarding Rule	Proxy: Multi-hop Proxy Proxy

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_microsoft_azure_key_vault.md

ds_microsoft_azure_key_vault.md

Vendor: Microsoft

Product: Azure Key Vault

MITRE ATT&CK® Framework for Enterprise

Files

ds_microsoft_azure_key_vault.md

Latest commit

History

ds_microsoft_azure_key_vault.md

File metadata and controls

Vendor: Microsoft

Product: Azure Key Vault

MITRE ATT&CK® Framework for Enterprise