Description
Identification of suspicious processes executing on an end-point device by examining the ancestry and siblings of a process, and the associated metadata of each node on the tree, such as process execution, duration, and order relative to siblings and ancestors.
Technical Details
| Framework | MITRE D3FEND |
| Ontology URI | d3f:ProcessLineageAnalysis |
| Local Identifier | ProcessLineageAnalysis |
| Publication Status | Published on D3FEND website |
References
For the official documentation and additional resources, visit the MITRE D3FEND website.
View on MITRE D3FEND