-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAzureKeyVault.yaml
57 lines (57 loc) · 2.39 KB
/
AzureKeyVault.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
version: 1
ATT&CK version: 8.2
creation date: 03/11/2021
name: Azure Key Vault
contact: [email protected]
organization: Center for Threat Informed Defense (CTID)
platform: Azure
tags:
- Azure Security Center Recommendation
- Credentials
- Passwords
description: >-
Azure Key Vault provides a way to store and manage secrets, keys, and certificates used throughout
Azure and for internally connected resources. This control allows for fine grained permissions for
authentication and authorization for access while providing monitoring for all activity with the
key vault.
techniques:
- id: T1528
name: Steal Application Access Token
technique-scores:
- category: Protect
value: Partial
comments: >-
This control can provide protection against attackers stealing application access tokens
if they are stored within Azure Key Vault. Key vault significantly raises the bar for
access for stored tokens by requiring legitimate credentials with proper authorization.
Applications may have to be modified to take advantage of Key Vault and may not always be
possible to utilize.
- id: T1555
name: Credentials from Password Stores
technique-scores:
- category: Protect
value: Partial
comments: >-
This control may provide a more secure location for storing passwords. If an Azure user
account, endpoint, or application is compromised, they may have limited access to
passwords stored in the Key Vault.
- id: T1552
name: Unsecured Credentials
technique-scores:
- category: Protect
value: Partial
comments: >-
This control provides a central, secure location for storage of credentials to reduce the
possibility of attackers discovering unsecured credentials.
- id: T1040
name: Network Sniffing
technique-scores:
- category: Protect
value: Minimal
comments: >-
This control provides secure methods for accessing secrets and passwords. This can reduce
the incidences of credentials and other authentication material being transmitted in plain
text or by insecure encryption methods. Any communication between applications or
endpoints after access to Key Vault may not be secure.
references:
- 'https://docs.microsoft.com/en-us/azure/key-vault/general/overview'