Vendor: Microsoft
April 15, 2026 · View on GitHub
Product: Microsoft Purview
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 33 | 19 | 4 | 1 | 3 |
| Use-Case | Activity Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Data Exfiltration | dlp-alert ↳microsoft-defendercloud-cef-alert-trigger-success-datalossprevention ↳microsoft-defendercloud-cef-alert-trigger-success-datalossprevention ↳microsoft-azureadip-json-alert-trigger-success-exfiltration ↳microsoft-azureadip-json-alert-trigger-success-exfiltration ↳microsoft-m365auditlogs-json-alert-trigger-datalossprevention | T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
| Data Leak | dlp-alert ↳microsoft-defendercloud-cef-alert-trigger-success-datalossprevention ↳microsoft-defendercloud-cef-alert-trigger-success-datalossprevention ↳microsoft-azureadip-json-alert-trigger-success-exfiltration ↳microsoft-azureadip-json-alert-trigger-success-exfiltration ↳microsoft-m365auditlogs-json-alert-trigger-datalossprevention | T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
| Next Page -->> |
MITRE ATT&CK® Framework for Enterprise
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Application Layer Protocol | Automated Exfiltration |