Threat Analysis & Response
Solution: ThreatAnalysis&Response
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 3.0.1 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2021-10-20 |
| Solution Folder | ThreatAnalysis&Response |
| Marketplace | Azure Marketplace · Popularity: 🟡 Low (41%) |
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. The MITRE ATT&CK Cloud Matrix provides tactics and techniques representing the MITRE ATT&CK® Matrix for Enterprise covering cloud-based techniques. The Matrix contains information for the following platforms: Microsoft Entra ID, Office 365, SaaS, IaaS. For more information, see the 💡 MITRE ATT&CK: Cloud Matrix
Contents
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Tables Used
This solution queries 6 table(s) from its content items:
| Table | Used By Content |
|---|---|
AzureActivity |
Workbooks |
AzureDiagnostics |
Workbooks |
SecurityBaseline |
Workbooks |
SecurityRegulatoryCompliance |
Workbooks |
SigninLogs |
Workbooks |
Usage |
Workbooks |
Internal Tables
The following 2 table(s) are used internally by this solution's content items:
| Table | Used By Content |
|---|---|
SecurityAlert |
Workbooks |
SecurityIncident |
Workbooks |
Content Items
This solution includes 2 content item(s):
| Content Type | Count |
|---|---|
| Workbooks | 2 |
Workbooks
| Name | Tables Used |
|---|---|
| DynamicThreatModeling&Response | AzureActivityAzureDiagnosticsSecurityBaselineSecurityRegulatoryComplianceSigninLogsInternal use: SecurityAlertSecurityIncident |
| ThreatAnalysis&Response | UsageInternal use: SecurityAlert |
Additional Documentation
📄 Source: ThreatAnalysis&Response/README.md
Overview
This solution enables SecOps Analysts, Threat Intelligence Professional, and Threat Hunters to gain situational awareness for threats in cloud environment. The Solution includes (2) Workbooks designed to enable threat hunting programs. Threat modeling is an advanced discipline requiring a detailed understanding of adversary actions. Threat analysis provides an understanding of where the attacker is in the cycle which often drives both a historic lens of where the threat may have progressed, but also predictive analytics on the threat’s objectives. This approach is adversarial as understanding of the threat’s attack cycle drives defense actions in a red versus blue model. The Threat Analysis & Response Solution augments the customer burden of building threat hunting programs.
Try on Portal
You can deploy the solution by clicking on the buttons below:
Getting Started Prerequisites
1️⃣ Configure Analytics & Hunting with Microsoft Sentinel: MITRE Blade
2️⃣ Onboard Microsoft Defender for Cloud
3️⃣ Add the NIST SP 800-53 R4 Assessment to Your Dashboard
4️⃣ Continuously Export Security Center Data: SecurityRegulatoryCompliance & SecurityRecommendation Data Tables
5️⃣ Review Security Coverage by the MITRE ATT&CK® Framework
Print/Export Reports
1️⃣ Set Background Theme: Settings > Appearance > Theme: Azure > Apply
2️⃣ Print/Export Report: More Content Actions (...) > Print Content
3️⃣ Settings: Layout (Landscape), Pages (All), Print (One Sided), Scale (60), Pages Per Sheet (1), Quality (1,200 DPI), Margins (None) > Print
Workbooks
1) Threat Analysis & Response Workbook
[Content truncated...]
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.1 | 01-09-2025 | Updated the Threat Analysis & Response workbook to view in graphical view. |
| 3.0.0 | 11-11-2023 | Modified text as there is rebranding from Azure Active Directory to Microsoft Entra ID. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊