Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Lateral Movement	app-activity ↳azure-mfa-admin-activity authentication-failed ↳azure-mfa-auth-failed-2 ↳s-azura-mfa-auth-failed ↳s-azura-pri-auth-failed ↳azure-mfa-auth-failed authentication-successful ↳s-azura-pri-auth-successful ↳azure-mfa-auth-successful ↳s-azura-mfa-auth-successful	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Ransomware	app-activity ↳azure-mfa-admin-activity authentication-failed ↳azure-mfa-auth-failed-2 ↳s-azura-mfa-auth-failed ↳s-azura-pri-auth-failed ↳azure-mfa-auth-failed authentication-successful ↳s-azura-pri-auth-successful ↳azure-mfa-auth-successful ↳s-azura-mfa-auth-successful	T1078 - Valid Accounts	2 Rules

Provide feedback

Saved searches