| Cloud Data Protection | azure-blob-read
↳azure-blob-activity1
↳azure-blob-activity2
azure-blob-write
↳azure-blob-activity1
↳azure-blob-activity2
azure-container-acl
↳azure-blob-activity1
↳azure-blob-activity2
azure-disk-write
↳azure-disks-write
azure-snapshot-write
↳azure-snapshots-write
azure-storage-list
↳azure-blob-activity1
↳azure-blob-activity2
| T1078.004 - Valid Accounts: Cloud Accounts
T1204 - User Execution
T1580 - T1580
TA0009 - TA0009
| |
| Compromised Credentials | azure-blob-read
↳azure-blob-activity1
↳azure-blob-activity2
azure-blob-write
↳azure-blob-activity1
↳azure-blob-activity2
azure-container-acl
↳azure-blob-activity1
↳azure-blob-activity2
azure-disk-write
↳azure-disks-write
azure-image-write
↳azure-images-write
azure-instance-creds-write
↳azure-sshpublickeys-write
azure-instance-write
↳azure-virtualmachines-write
azure-keyvault-read
↳azure-keyvault-activity
azure-keyvault-write
↳azure-keyvault-activity
azure-role-assign
↳azure-roleassignments-write
azure-role-write
↳azure-roledefiniton-write
azure-snapshot-write
↳azure-snapshots-write
azure-storage-list
↳azure-blob-activity1
↳azure-blob-activity2
| T1078.004 - Valid Accounts: Cloud Accounts
T1535 - Unused/Unsupported Cloud Regions
| |
| Cryptomining | azure-instance-write
↳azure-virtualmachines-write
| T1496 - Resource Hijacking
| |
| Malware | azure-blob-write
↳azure-blob-activity1
↳azure-blob-activity2
azure-image-write
↳azure-images-write
azure-instance-write
↳azure-virtualmachines-write
| T1204 - User Execution
T1204.003 - T1204.003
| |
| Privilege Escalation | azure-role-assign
↳azure-roleassignments-write
azure-role-write
↳azure-roledefiniton-write
| TA0004 - TA0004
| |