What is the authoritative source for D3-PSA?

Process Spawn Analysis (D3-PSA) is catalogued in MITRE D3FEND and curated for EU compliance use cases by SQUR.

Detecttechnique

D3-PSAProcess Spawn Analysis

Process Spawn Analysis

Analyzing spawn arguments or attributes of a process to detect processes that are unauthorized.

Type	Target	Confidence	Tier
SubTechnique	Asynchronous Procedure Callt1055.004	100%	live
SubTechnique	Bypass User Account Controlt1548.002	100%	live
Technique	System Information Discoveryt1082	100%	live
SubTechnique	Compiled HTML Filet1218.001	100%	live
SubTechnique	Scheduled Taskt1053.005	100%	live
Technique	System Network Configuration Discoveryt1016	100%	live
Technique	Multi-Factor Authentication Request Generationt1621	100%	live
Technique	Application Window Discoveryt1010	100%	live
Technique	System Service Discoveryt1007	100%	live
Technique	XSL Script Processingt1220	100%	live
SubTechnique	Security Account Managert1003.002	100%	live
SubTechnique	LSA Secretst1003.004	100%	live
Technique	Windows Management Instrumentationt1047	100%	live
SubTechnique	Web Shellt1505.003	100%	live
SubTechnique	Rundll32t1218.011	100%	live
SubTechnique	Process Doppelgängingt1055.013	100%	live
SubTechnique	LSASS Memoryt1003.001	100%	live
Technique	Remote System Discoveryt1018	100%	live
Technique	System Owner/User Discoveryt1033	100%	live
Technique	Exploitation for Credential Accesst1212	100%	live
SubTechnique	CMSTPt1218.003	100%	live
SubTechnique	AppInit DLLst1546.010	100%	live
SubTechnique	Transport Agentt1505.002	100%	live
Technique	Modify Authentication Processt1556	100%	live
SubTechnique	AppCert DLLst1546.009	100%	live
Technique	Scheduled Task/Jobt1053	100%	live
Technique	Process Discoveryt1057	100%	live
Technique	Deobfuscate/Decode Files or Informationt1140	100%	live
Technique	Use Alternate Authentication Materialt1550	100%	live
SubTechnique	Mshtat1218.005	100%	live