271 defences1,125 crosswalks

D3FENDD3FEND defensive matrix

7 tactics · 271 defensive techniques · 1,125 defends_against crosswalks to MITRE ATT&CK. Authored by Adam Lundqvist.

TACTICModelHardenDetectIsolateDeceiveEvictRestoreLEVELTechniqueSub-technique
ATT&CK coverage
0
1
2-3
4-5
6+

MODModel0 techniques

HARHarden0 techniques

DETDetect0 techniques

ISOIsolate0 techniques

DECDeceive11 techniques

D3-DO
Decoy Object
D3-DF
Decoy File
D3-DUC
Decoy User Credential
D3-DNR
Decoy Network Resource
D3-CHN
Connected Honeynet
D3-DE
Decoy Environment
D3-IHN
Integrated Honeynet
D3-SHN
Standalone Honeynet
D3-DP
Decoy Persona
D3-DPR
Decoy Public Release
D3-DST
Decoy Session Token

EVIEvict19 techniques

D3-OE
Object Eviction
D3-FEV
File Eviction
D3-CE
Credential Eviction
D3-PE
Process Eviction
D3-ANCI
Authentication Cache Invalidation
D3-CR
Credential Revocation
D3-AL
Account Locking
D3-HR
Host Reboot
D3-HS
Host Shutdown
D3-PS
Process Suspension
D3-PT
Process Termination
D3-ST
Session Termination
D3-ER
Email Removal
D3-DKF
Disk Formatting
D3-DKP
Disk Partitioning
D3-DKE
Disk Erasure
D3-RKD
Registry Key Deletion
D3-DNSCE
DNS Cache Eviction
D3-DRT
Domain Registration Takedown

RESRestore12 techniques

D3-RO
Restore Object
D3-RF
Restore File
D3-RC
Restore Configuration
D3-RA
Restore Access
D3-RS
Restore Software
D3-RD
Restore Database
D3-RIC
Reissue Credential
D3-RUAA
Restore User Account Access
D3-ULA
Unlock Account
D3-RNA
Restore Network Access
D3-RE
Restore Email
D3-RDI
Restore Disk Image
Sourced from MITRE D3FEND ontology. Cross-walks ingested via the D3FEND CSV feed. Curated by Adam Lundqvist, Founder at SQUR.
D3FEND defensive matrix | SQUR Knowledge Base