Description
The detect tactic is used to identify adversary access to or unauthorized activity on computer networks.
Technical Details
| Framework | MITRE D3FEND |
| Ontology URI | d3f:Detect |
| Local Identifier | Detect |
| Publication Status | Published on D3FEND website |
Relationships
Child Techniques
- D3-IPRA IP Reputation Analysis
- D3-CIA Container Image Analysis
- D3-SCA System Call Analysis
- D3-SICA System Init Config Analysis
- D3-FEMC Firmware Embedded Monitoring Code
- D3-ID Identifier Analysis
- D3-PMAD Protocol Metadata Anomaly Detection
- D3-IDA Input Device Analysis
- D3-FAPA File Access Pattern Analysis
- D3-IRA Identifier Reputation Analysis
- D3A-CA Cluster Analysis
- D3-DA Dynamic Analysis
- D3-SDM System Daemon Monitoring
- D3-SEA Script Execution Analysis
- D3-IBCA Indirect Branch Call Analysis
- D3-SFA System File Analysis
- D3A-PCA Principal Component Analysis
- D3-FBA Firmware Behavior Analysis
- D3-UA URL Analysis
- D3-IPCTA IPC Traffic Analysis
- D3-RAPA Resource Access Pattern Analysis
- D3A-RAL Regression Analysis Learning
- D3-IAA Identifier Activity Analysis
- D3-RTA RPC Traffic Analysis
- D3-UDTA User Data Transfer Analysis
- D3-PA Process Analysis
- D3-PM Platform Monitoring
- D3-ACA Active Certificate Analysis
- D3A-DBS DBSCAN
- D3A-RA Regression Analysis
- D3-RPA Relay Pattern Analysis
- D3-CA Certificate Analysis
- D3-RTSD Remote Terminal Session Detection
- D3A-TSA Time Series Analysis
- D3-PHDURA Per Host Download-Upload Ratio Analysis
- D3-WSAA Web Session Activity Analysis
- D3-SMRA Sender MTA Reputation Analysis
- D3-FCA File Creation Analysis
- D3-OMM Operating Mode Monitoring
- D3-DAM Domain Account Monitoring
- D3-NTA Network Traffic Analysis
- D3-DNRA Domain Name Reputation Analysis
- D3-SJA Scheduled Job Analysis
- D3-JFAPA Job Function Access Pattern Analysis
- D3-PSMD Process Self-Modification Detection
- D3-DNSTA DNS Traffic Analysis
- D3-CAA Connection Attempt Analysis
- D3A-DA Discriminant Analysis
- D3-MA Message Analysis
- D3-LAM Local Account Monitoring
- D3-EFA Emulated File Analysis
- D3-SRA Sender Reputation Analysis
- D3-ISVA Inbound Session Volume Analysis
- D3-PCA Passive Certificate Analysis
- D3-UGLPA User Geolocation Logon Pattern Analysis
- D3-FA File Analysis
- D3-FCOA File Content Analysis
- D3-ANAA Administrative Network Activity Analysis
- D3-FIM File Integrity Monitoring
- D3-DQSA Database Query String Analysis
- D3-OSM Operating System Monitoring
- D3-UBA User Behavior Analysis
- D3-CCSA Credential Compromise Scope Analysis
- D3-FHRA File Hash Reputation Analysis
- D3-NTSA Network Traffic Signature Analysis
- D3-USICA User Session Init Config Analysis
- D3A-MA Multivariate Analysis
- D3-SDA Session Duration Analysis
- D3-HD Homoglyph Detection
- D3-URA URL Reputation Analysis
- D3-PSA Process Spawn Analysis
- D3-PLA Process Lineage Analysis
References
For the official documentation and additional resources, visit the MITRE D3FEND website.
View on MITRE D3FEND