271 defences1,851 crosswalks
D3FENDD3FEND defensive matrix
7 tactics · 271 defensive techniques · 1,851 defends_against crosswalks to MITRE ATT&CK. Authored by Adam Lundqvist.
ATT&CK coverage
0
1
2-3
4-5
6+
MODModel0 techniques
HARHarden0 techniques
DETDetect0 techniques
ISOIsolate31 techniques
D3-AMED
D3-AMED Access Mediation
Counters 166 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-APA
D3-APA Access Policy Administration
Counters 117 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-CF
D3-CF Content Filtering
Counters 113 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-NRAM
D3-NRAM Network Resource Access Mediation
Counters 113 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-CQ
D3-CQ Content Quarantine
Counters 112 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-CV
D3-CV Content Validation
Counters 100 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-LFP
D3-LFP Local File Permissions
Counters 100 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-CM
D3-CM Content Modification
Counters 99 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-NI
D3-NI Network Isolation
Counters 74 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-NTF
D3-NTF Network Traffic Filtering
Counters 74 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-EI
D3-EI Execution Isolation
Counters 62 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-SCF
D3-SCF System Call Filtering
Counters 52 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-EAL
D3-EAL Executable Allowlisting
Counters 51 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-EDL
D3-EDL Executable Denylisting
Counters 51 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-HBPI
D3-HBPI Hardware-based Process Isolation
Counters 36 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-CTS
D3-CTS Credential Transmission Scoping
Counters 19 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-UAP
D3-UAP User Account Permissions
Counters 17 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-ABPI
D3-ABPI Application-based Process Isolation
Counters 15 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-KBPI
D3-KBPI Kernel-based Process Isolation
Counters 14 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-IOPR
D3-IOPR IO Port Restriction
Counters 7 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-DNSAL
D3-DNSAL DNS Allowlisting
Counters 2 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-DNSDL
D3-DNSDL DNS Denylisting
Counters 2 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-DTP
D3-DTP Domain Trust Policy
Counters 1 ATT&CK technique
Tactic: Isolate · Level: technique · Click to inspect
D3-BDI
D3-BDI Broadcast Domain Isolation
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-DNL
D3-DNL Directional Network Link
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-ET
D3-ET Encrypted Tunnels
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-NAM
D3-NAM Network Access Mediation
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-OPR
D3-OPR Operating Mode Restriction
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-OVAR
D3-OVAR OT Variable Access Restriction
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3-PAM
D3-PAM Physical Access Mediation
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
D3F-UGPH
D3F-UGPH User Group Permissions
Counters 0 ATT&CK techniques
Tactic: Isolate · Level: technique · Click to inspect
DECDeceive0 techniques
EVIEvict0 techniques
RESRestore10 techniques
D3-RO
D3-RO Restore Object
Counters 171 ATT&CK techniques
Tactic: Restore · Level: technique · Click to inspect
D3-RF
D3-RF Restore File
Counters 99 ATT&CK techniques
Tactic: Restore · Level: technique · Click to inspect
D3-RC
D3-RC Restore Configuration
Counters 53 ATT&CK techniques
Tactic: Restore · Level: technique · Click to inspect
D3-RA
D3-RA Restore Access
Counters 42 ATT&CK techniques
Tactic: Restore · Level: technique · Click to inspect
D3-RS
D3-RS Restore Software
Counters 25 ATT&CK techniques
Tactic: Restore · Level: technique · Click to inspect
D3-RD
D3-RD Restore Database
Counters 22 ATT&CK techniques
Tactic: Restore · Level: technique · Click to inspect
D3-RIC
D3-RIC Reissue Credential
Counters 19 ATT&CK techniques
Tactic: Restore · Level: technique · Click to inspect
D3-RUAA
D3-RUAA Restore User Account Access
Counters 17 ATT&CK techniques
Tactic: Restore · Level: technique · Click to inspect
D3-RNA
D3-RNA Restore Network Access
Counters 6 ATT&CK techniques
Tactic: Restore · Level: technique · Click to inspect
D3-RDI
D3-RDI Restore Disk Image
Counters 0 ATT&CK techniques
Tactic: Restore · Level: technique · Click to inspect