271 defences1,457 crosswalks
D3FENDD3FEND defensive matrix
7 tactics · 271 defensive techniques · 1,457 defends_against crosswalks to MITRE ATT&CK. Authored by Adam Lundqvist.
ATT&CK coverage
0
1
2-3
4-5
6+
MODModel5 techniques
D3-CIA
D3-CIA Container Image Analysis
Counters 26 ATT&CK techniques
Tactic: Model · Level: subtechnique · Click to inspect
D3-ALLM
D3-ALLM Active Logical Link Mapping
Counters 7 ATT&CK techniques
Tactic: Model · Level: subtechnique · Click to inspect
D3-APLM
D3-APLM Active Physical Link Mapping
Counters 7 ATT&CK techniques
Tactic: Model · Level: subtechnique · Click to inspect
D3-DPLM
D3-DPLM Direct Physical Link Mapping
Counters 7 ATT&CK techniques
Tactic: Model · Level: subtechnique · Click to inspect
D3-PLLM
D3-PLLM Passive Logical Link Mapping
Counters 7 ATT&CK techniques
Tactic: Model · Level: subtechnique · Click to inspect
HARHarden0 techniques
DETDetect22 techniques
D3-FCR
D3-FCR File Content Rules
Counters 99 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-SBV
D3-SBV Service Binary Verification
Counters 16 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-SFA
D3-SFA System File Analysis
Counters 16 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-AEM
D3-AEM Application Exception Monitoring
Counters 14 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-PLA
D3-PLA Process Lineage Analysis
Counters 14 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-EHB
D3-EHB Endpoint Health Beacon
Counters 7 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-MBT
D3-MBT Memory Boundary Tracking
Counters 7 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-ACA
D3-ACA Active Certificate Analysis
Counters 6 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-PCA
D3-PCA Passive Certificate Analysis
Counters 6 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-SICA
D3-SICA System Init Config Analysis
Counters 5 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-URA
D3-URA URL Reputation Analysis
Counters 4 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-IDA
D3-IDA Input Device Analysis
Counters 3 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-SDM
D3-SDM System Daemon Monitoring
Counters 3 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-FCA
D3-FCA File Creation Analysis
Counters 2 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-SFV
D3-SFV System Firmware Verification
Counters 2 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-SJA
D3-SJA Scheduled Job Analysis
Counters 2 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-USICA
D3-USICA User Session Init Config Analysis
Counters 2 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-DNRA
D3-DNRA Domain Name Reputation Analysis
Counters 0 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-FHRA
D3-FHRA File Hash Reputation Analysis
Counters 0 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-IPRA
D3-IPRA IP Reputation Analysis
Counters 0 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-PFV
D3-PFV Peripheral Firmware Verification
Counters 0 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
D3-RFUM
D3-RFUM Remote Firmware Update Monitoring
Counters 0 ATT&CK techniques
Tactic: Detect · Level: subtechnique · Click to inspect
ISOIsolate26 techniques
D3-FFV
D3-FFV File Format Verification
Counters 100 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-CFC
D3-CFC Content Format Conversion
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-CNE
D3-CNE Content Excision
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-CNR
D3-CNR Content Rebuild
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-CNS
D3-CNS Content Substitution
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-FCDC
D3-FCDC File Content Decompression Checking
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-FISV
D3-FISV File Internal Structure Verification
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-FMBV
D3-FMBV File Magic Byte Verification
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-FMCV
D3-FMCV File Metadata Consistency Validation
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-FMVV
D3-FMVV File Metadata Value Verification
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-RFAM
D3-RFAM Remote File Access Mediation
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-OTF
D3-OTF Outbound Traffic Filtering
Counters 31 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-EBWSAM
D3-EBWSAM Endpoint-based Web Server Access Mediation
Counters 16 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-PBWSAM
D3-PBWSAM Proxy-based Web Server Access Mediation
Counters 16 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-LFAM
D3-LFAM Local File Access Mediation
Counters 14 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-ITF
D3-ITF Inbound Traffic Filtering
Counters 8 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-WSAM
D3-WSAM Web Session Access Mediation
Counters 8 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-EF
D3-EF Email Filtering
Counters 4 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-FRDDL
D3-FRDDL Forward Resolution Domain Denylisting
Counters 2 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-HDDL
D3-HDDL Hierarchical Domain Denylisting
Counters 2 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-HDL
D3-HDL Homoglyph Denylisting
Counters 2 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-RRID
D3-RRID Reverse Resolution IP Denylisting
Counters 2 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-EPL
D3-EPL Physical Locking
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-FRIDL
D3-FRIDL Forward Resolution IP Denylisting
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-LAMED
D3-LAMED LAN Access Mediation
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect
D3-RAM
D3-RAM Routing Access Mediation
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: subtechnique · Click to inspect