Detectsubtechnique
D3-PLAProcess Lineage Analysis
Definition
Identification of suspicious processes executing on an end-point device by examining the ancestry and siblings of a process, and the associated metadata of each node on the tree, such as process execution, duration, and order relative to siblings and ancestors.
Defends against14
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | Use Alternate Authentication Materialt1550 | 100% | live |
| SubTechnique | LSASS Memoryt1003.001 | 100% | live |
| Technique | System Owner/User Discoveryt1033 | 100% | live |
| Technique | Exploitation for Credential Accesst1212 | 100% | live |
| SubTechnique | Disable or Modify Toolst1562.001 | 100% | live |
| SubTechnique | Transport Agentt1505.002 | 100% | live |
| Technique | Scheduled Task/Jobt1053 | 100% | live |
| SubTechnique | Security Account Managert1003.002 | 100% | live |
| Technique | Multi-Factor Authentication Request Generationt1621 | 100% | live |
| SubTechnique | Netsh Helper DLLt1546.007 | 100% | live |
| Technique | Modify Authentication Processt1556 | 100% | live |
| SubTechnique | Scheduled Taskt1053.005 | 100% | live |
| SubTechnique | LSA Secretst1003.004 | 100% | live |
| SubTechnique | Web Shellt1505.003 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.