Detecttechnique
D3-OSMOperating System Monitoring
Operating System Monitoring
Definition
The operating system software, for D3FEND's purposes, includes the kernel and its process management functions, hardware drivers, initialization or boot logic. It also includes and other key system daemons and their configuration. The monitoring or analysis of these components for unauthorized activity constitute **Operating System Monitoring**.
Defends against43
| Type | Target | Confidence | Tier |
|---|---|---|---|
| SubTechnique | Pluggable Authentication Modulest1556.003 | 100% | live |
| Technique | Remote System Discoveryt1018 | 100% | live |
| SubTechnique | Scheduled Taskt1053.005 | 100% | live |
| SubTechnique | Proc Filesystemt1003.007 | 100% | live |
| SubTechnique | Transport Agentt1505.002 | 100% | live |
| SubTechnique | Registry Run Keys / Startup Foldert1547.001 | 100% | live |
| SubTechnique | Sudo and Sudo Cachingt1548.003 | 100% | live |
| Technique | Audio Capturet1123 | 100% | live |
| SubTechnique | Process Hollowingt1055.012 | 100% | live |
| Technique | Scheduled Task/Jobt1053 | 100% | live |
| SubTechnique | Hidden Userst1564.002 | 100% | live |
| SubTechnique | Dynamic Linker Hijackingt1574.006 | 100% | live |
| Technique | Steal or Forge Authentication Certificatest1649 | 100% | live |
| SubTechnique | Services Registry Permissions Weaknesst1574.011 | 100% | live |
| SubTechnique | Proc Memoryt1055.009 | 100% | live |
| SubTechnique | Startup Itemst1037.005 | 100% | live |
| Technique | Video Capturet1125 | 100% | live |
| SubTechnique | Revert Cloud Instancet1578.004 | 100% | live |
| Technique | Exploitation for Client Executiont1203 | 100% | live |
| SubTechnique | Create Cloud Instancet1578.002 | 100% | live |
| SubTechnique | Systemd Servicet1543.002 | 100% | live |
| SubTechnique | Delete Cloud Instancet1578.003 | 100% | live |
| SubTechnique | Masquerade Task or Servicet1036.004 | 100% | live |
| SubTechnique | Safe Mode Boott1562.009 | 100% | live |
| SubTechnique | Run Virtual Instancet1564.006 | 100% | live |
| Technique | Exploitation for Privilege Escalationt1068 | 100% | live |
| SubTechnique | Credential API Hookingt1056.004 | 100% | live |
| SubTechnique | Keyloggingt1056.001 | 100% | live |
| SubTechnique | RC Scriptst1037.004 | 100% | live |
| SubTechnique | Unix Shell Configuration Modificationt1546.004 | 100% | live |
Showing top 30 of 43 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.