Threat protection in Azure Security Center

Threat protection in Azure Security Center
Test Drive ASC
ASC Simulations
278 Unique Detections
Security Analytics
Integrated threat intelligence
Outbound communication to a malicious IP
address
Digital Crimes Unit
3rd Party Lists
Cloud Service Provider sharing
Microsoft Security Response Center
Behavioral analytics
Suspicious process execution
Hidden malware and exploitation attempts
Lateral movement and internal
reconnaissance
Malicious PowerShell Scripts
Outgoing attacks
Anomaly detection
Inbound RDP/SSH Brute force attacks
Intents
PreAttack
IntialAccess
Persistence
PrivilegeEscalation
DefensiveEvasion
CredentialAccess
Discovery
LateralMovement
Execution
Collection
Exfiltration
CommandAndControl
Impact
Containers
Azure Kubernetes Service
exposed K8s dashboards
creation of high privileged roles
creation of sensitive mounts
Host level
web shell detection
Suspicious Logins
Privileged container creation
SSH Server hosted in container
suspicious access to API
Exposed Docker API \ Services
Azure Container Registry images
Vulnerability management
Azure PaaS
SQL Database PaaS\IaaS\On-Prem
SQL Injection
Suspicious Logins
SQL Brute Force
High priv SQL commands
Unusual Export location
Azure Storage
Azure Cosmos Database
Azure Network Layer
Azure KeyVault
Azure Resource Manager Management APIs
Azure App Service
Linux
AuditD
crypto mining campaign
bash scripts
password spray
Fileless Attack
Windows
Crash dump analysis
Shell code discovered
Code injection discovered
Masquerading Windows Module Detected
Fileless attack
memory process contains attack toolkit
shell code
Microsoft Defender ATP
PowerShell scripts
Fileless malware
Credential dumping
Event ID 4688 A new process has been created
SQL Brute Force
Cypto mining attack
22