Ryan Hausknecht, senior security researcher at Microsoft, explains:ĪzDetectSuite is a project created to allow Azure users to establish a basic defense within Azure by giving pre-built KQL queries for each technique within ATRM that are deployable Alerts to Azure Monitor. Written to match the Azure Threat Research Matrix (ATRM), a knowledge base built to document known TTPs within Azure and Azure AD, the detections are grouped according to the different tactics involved: reconnaissance, initial access, execution, privilege escalation, persistence, credential access, and exfiltration. The open-source project provides basic detection capabilities at a low cost, targeting small environments within the Microsoft cloud platform.ĪzDetectSuite is an open-source library designed to help developers detect and understand tactics, techniques, and procedures used in cyber-attacks on Azure networks.
The Microsoft security team recently released AzDetectSuite, a collection of KQL queries and detection alerts against security threads on Azure and AzureAD.