Skip to content

Hide Navigation Hide TOC

Edit

MITRE D3FEND

A knowledge graph of cybersecurity countermeasures.

Authors
Authors and/or Contributors
MITRE

Restore Software

Restoring software to a host.

Internal MISP references

UUID 29d77727-12e5-5922-9d2d-70681803d686 which can be used as unique global reference for Restore Software in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RS
kill_chain ['Restore:Restore-Object']
Related clusters

To see the related clusters, click here.

Encrypted Tunnels

Encrypted encapsulation of routable network traffic.

Internal MISP references

UUID 4f6861bc-6c0b-51b1-bd5c-5b806951e2cd which can be used as unique global reference for Encrypted Tunnels in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ET
kill_chain ['Isolate:Network-Isolation']

Restore Disk Image

Restoring a previously captured disk image a hard drive.

Internal MISP references

UUID 5333dada-2a46-5f0a-b371-ca4d565e339c which can be used as unique global reference for Restore Disk Image in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RDI
kill_chain ['Restore:Restore-Object']

Service Dependency Mapping

Service dependency mapping determines the services on which each given service relies.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Service Dependency Mapping.

Known Synonyms
Distributed Tracing
Internal MISP references

UUID 95dd39c0-2df7-5cc0-88f1-c692cdbceea8 which can be used as unique global reference for Service Dependency Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SVCDM
kill_chain ['Model:System-Mapping']

File Removal

The file removal technique deletes malicious artifacts or programs from a computer system.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular File Removal.

Known Synonyms
File Deletion
Internal MISP references

UUID 2fdd5180-fa37-56eb-9c0c-d0a3d3de5887 which can be used as unique global reference for File Removal in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FR
kill_chain ['Evict:File-Eviction']
Related clusters

To see the related clusters, click here.

Network Vulnerability Assessment

Network vulnerability assessment relates all the vulnerabilities of a network's components in the context of their configuration and interdependencies and can also include assessing risk emerging from the network's design as a whole, not just the sum of individual network node or network segment vulnerabilities.

Internal MISP references

UUID 189e4b3b-1405-5caa-8643-c10d768d473e which can be used as unique global reference for Network Vulnerability Assessment in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-NVA
kill_chain ['Model:Network-Mapping']

Relay Pattern Analysis

The detection of an internal host relaying traffic between the internal network and the external network.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Relay Pattern Analysis.

Known Synonyms
Relay Network Detection
Internal MISP references

UUID 5ab35c35-f181-523e-8cb8-947d23652d9f which can be used as unique global reference for Relay Pattern Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RPA
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

DNS Denylisting

Blocking DNS Network Traffic based on criteria such as IP address, domain name, or DNS query type.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular DNS Denylisting.

Known Synonyms
DNS Blacklisting
Internal MISP references

UUID 4301db4f-dde9-5376-ab2c-7654dc428e37 which can be used as unique global reference for DNS Denylisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DNSDL
kill_chain ['Isolate:Network-Isolation']
Related clusters

To see the related clusters, click here.

Asset Vulnerability Enumeration

Asset vulnerability enumeration enriches inventory items with knowledge identifying their vulnerabilities.

Internal MISP references

UUID f33f256f-34d7-541f-96c4-8c800483b73b which can be used as unique global reference for Asset Vulnerability Enumeration in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-AVE
kill_chain ['Model:Asset-Inventory']
Related clusters

To see the related clusters, click here.

Firmware Embedded Monitoring Code

Monitoring code is injected into firmware for integrity monitoring of firmware and firmware data.

Internal MISP references

UUID 81f25868-5be1-5df4-93bf-b215f4a67144 which can be used as unique global reference for Firmware Embedded Monitoring Code in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FEMC
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Decoy Session Token

An authentication token created for the purposes of deceiving an adversary.

Internal MISP references

UUID b99c9f58-af74-5661-864b-776707bd69af which can be used as unique global reference for Decoy Session Token in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DST
kill_chain ['Deceive:Decoy-Object']
Related clusters

To see the related clusters, click here.

Certificate-based Authentication

Requiring a digital certificate in order to authenticate a user.

Internal MISP references

UUID 4f6fd329-73a1-5331-8595-c2fa5c8d6cc5 which can be used as unique global reference for Certificate-based Authentication in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CBAN
kill_chain ['Harden:Credential-Hardening']

File Encryption

Encrypting a file using a cryptographic key.

Internal MISP references

UUID 0c9fdd66-2aef-53dd-9f13-195378c896c4 which can be used as unique global reference for File Encryption in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FE
kill_chain ['Harden:Platform-Hardening']
Related clusters

To see the related clusters, click here.

Firmware Behavior Analysis

Analyzing the behavior of embedded code in firmware and looking for anomalous behavior and suspicious activity.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Firmware Behavior Analysis.

Known Synonyms
Firmware Timing Analysis
Internal MISP references

UUID d20178ca-30de-529c-9a40-e71020922ac1 which can be used as unique global reference for Firmware Behavior Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FBA
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Authorization Event Thresholding

Collecting authorization events, creating a baseline user profile, and determining whether authorization events are consistent with the baseline profile.

Internal MISP references

UUID 583a20a1-97f7-518f-9799-36df6fb57102 which can be used as unique global reference for Authorization Event Thresholding in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-AZET
kill_chain ['Detect:User-Behavior-Analysis']
Related clusters

To see the related clusters, click here.

System Dependency Mapping

System dependency mapping identifies and models the dependencies of system components on each other to carry out their function.

Internal MISP references

UUID da7d9e4b-1d61-591f-890e-2346dee033be which can be used as unique global reference for System Dependency Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SYSDM
kill_chain ['Model:System-Mapping']

Strong Password Policy

Modifying system configuration to increase password strength.

Internal MISP references

UUID 6b924516-5351-5b37-ab43-ea65ae2e17e8 which can be used as unique global reference for Strong Password Policy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SPP
kill_chain ['Harden:Credential-Hardening']
Related clusters

To see the related clusters, click here.

User Geolocation Logon Pattern Analysis

Monitoring geolocation data of user logon attempts and comparing it to a baseline user behavior profile to identify anomalies in logon location.

Internal MISP references

UUID 9657e08e-f233-5d19-9586-5d58698cc232 which can be used as unique global reference for User Geolocation Logon Pattern Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-UGLPA
kill_chain ['Detect:User-Behavior-Analysis']
Related clusters

To see the related clusters, click here.

Resource Access Pattern Analysis

Analyzing the resources accessed by a user to identify unauthorized activity.

Internal MISP references

UUID 330b1db8-3ed7-52e1-a395-f1bc697a7e1a which can be used as unique global reference for Resource Access Pattern Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RAPA
kill_chain ['Detect:User-Behavior-Analysis']
Related clusters

To see the related clusters, click here.

Identifier Activity Analysis

Taking known malicious identifiers and determining if they are present in a system.

Internal MISP references

UUID 1b5d2cee-4dca-51dc-8a18-163762082510 which can be used as unique global reference for Identifier Activity Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-IAA
kill_chain ['Detect:Identifier-Analysis']
Related clusters

To see the related clusters, click here.

Certificate Analysis

Analyzing Public Key Infrastructure certificates to detect if they have been misconfigured or spoofed using both network traffic, certificate fields and third-party logs.

Internal MISP references

UUID c562e16c-4f84-5d7d-a54a-21fbb013ea23 which can be used as unique global reference for Certificate Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CA
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

System Vulnerability Assessment

System vulnerability assessment relates all the vulnerabilities of a system's components in the context of their configuration and internal dependencies and can also include assessing risk emerging from the system's design as a whole, not just the sum of individual component vulnerabilities.

Internal MISP references

UUID 48a55ead-bd27-5530-b060-63032ac9f849 which can be used as unique global reference for System Vulnerability Assessment in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SYSVA
kill_chain ['Model:System-Mapping']
Related clusters

To see the related clusters, click here.

Job Function Access Pattern Analysis

Detecting anomalies in user access patterns by comparing user access activity to behavioral profiles that categorize users by role such as job title, function, department.

Internal MISP references

UUID 0cce711a-81ec-53ec-8a82-ccd5a2b3f8dc which can be used as unique global reference for Job Function Access Pattern Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-JFAPA
kill_chain ['Detect:User-Behavior-Analysis']
Related clusters

To see the related clusters, click here.

File Access Pattern Analysis

Analyzing the files accessed by a process to identify unauthorized activity.

Internal MISP references

UUID 0d08cf25-a816-5c0f-b3aa-5b9b51c3a5ae which can be used as unique global reference for File Access Pattern Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FAPA
kill_chain ['Detect:Process-Analysis']

Disk Encryption

Encrypting a hard disk partition to prevent cleartext access to a file system.

Internal MISP references

UUID cf1d31be-4a4c-504f-b5d8-c4cff1d80157 which can be used as unique global reference for Disk Encryption in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DENCR
kill_chain ['Harden:Platform-Hardening']
Related clusters

To see the related clusters, click here.

Local File Permissions

Restricting access to a local file by configuring operating system functionality.

Internal MISP references

UUID 96558b76-c4a8-5e9c-b4d2-fe6103717f14 which can be used as unique global reference for Local File Permissions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-LFP
kill_chain ['Harden:Platform-Hardening']
Related clusters

To see the related clusters, click here.

Network Node Inventory

Network node inventorying identifies and records all the network nodes (hosts, routers, switches, firewalls, etc.) in the organization's architecture.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Network Node Inventory.

Known Synonyms
System Discovery
System Inventorying
Internal MISP references

UUID ed4c88b9-98c8-5d87-a454-fc5bfadbe87f which can be used as unique global reference for Network Node Inventory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-NNI
kill_chain ['Model:Asset-Inventory']
Related clusters

To see the related clusters, click here.

Credential Compromise Scope Analysis

Determining which credentials may have been compromised by analyzing the user logon history of a particular system.

Internal MISP references

UUID cfc9c8f1-ed4b-5631-9ac2-34da65615f78 which can be used as unique global reference for Credential Compromise Scope Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CCSA
kill_chain ['Detect:User-Behavior-Analysis']
Related clusters

To see the related clusters, click here.

Indirect Branch Call Analysis

Analyzing vendor specific branch call recording in order to detect ROP style attacks.

Internal MISP references

UUID 8b313d6f-7c80-5363-8df2-9eeaf7b6b2dc which can be used as unique global reference for Indirect Branch Call Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-IBCA
kill_chain ['Detect:Process-Analysis']

Software Inventory

Software inventorying identifies and records the software items in the organization's architecture.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Software Inventory.

Known Synonyms
Software Discovery
Software Inventorying
Internal MISP references

UUID e632f4db-2c4f-526a-ad4d-4b7de2704905 which can be used as unique global reference for Software Inventory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SWI
kill_chain ['Model:Asset-Inventory']
Related clusters

To see the related clusters, click here.

Process Termination

Terminating a running application process on a computer system.

Internal MISP references

UUID e3db4b3a-45a1-5a0e-9c84-a987f0d77552 which can be used as unique global reference for Process Termination in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PT
kill_chain ['Evict:Process-Eviction']
Related clusters

To see the related clusters, click here.

Connection Attempt Analysis

Analyzing failed connections in a network to detect unauthorized activity.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Connection Attempt Analysis.

Known Synonyms
Network Scan Detection
Internal MISP references

UUID 10d2827d-2b3c-5afe-9aed-be770f276bcd which can be used as unique global reference for Connection Attempt Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CAA
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

Message Encryption

Encrypting a message body using a cryptographic key.

Internal MISP references

UUID 87e2441e-ea28-5150-8308-df05c5efe469 which can be used as unique global reference for Message Encryption in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-MENCR
kill_chain ['Harden:Message-Hardening']

Segment Address Offset Randomization

Randomizing the base (start) address of one or more segments of memory during the initialization of a process.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Segment Address Offset Randomization.

Known Synonyms
ASLR
Address Space Layout Randomization
Internal MISP references

UUID 16bb3607-f4a0-543e-9d1f-d5e0792b35d7 which can be used as unique global reference for Segment Address Offset Randomization in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SAOR
kill_chain ['Harden:Application-Hardening']
Related clusters

To see the related clusters, click here.

Restore Configuration

Restoring an software configuration.

Internal MISP references

UUID 63433457-ee95-551c-ad4f-b1b22c1816eb which can be used as unique global reference for Restore Configuration in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RC
kill_chain ['Restore:Restore-Object']
Related clusters

To see the related clusters, click here.

Decoy Network Resource

Deploying a network resource for the purposes of deceiving an adversary.

Internal MISP references

UUID d7c54f92-9914-5025-a5bd-0c69426f2004 which can be used as unique global reference for Decoy Network Resource in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DNR
kill_chain ['Deceive:Decoy-Object']
Related clusters

To see the related clusters, click here.

Software Update

Replacing old software on a computer system component.

Internal MISP references

UUID 8499c7a5-99f4-5867-82ad-d021026d7abb which can be used as unique global reference for Software Update in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SU
kill_chain ['Harden:Platform-Hardening']
Related clusters

To see the related clusters, click here.

Decoy File

A file created for the purposes of deceiving an adversary.

Internal MISP references

UUID b859f04e-f52d-5208-8643-d3faff214e13 which can be used as unique global reference for Decoy File in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DF
kill_chain ['Deceive:Decoy-Object']
Related clusters

To see the related clusters, click here.

DNS Traffic Analysis

Analysis of domain name metadata, including name and DNS records, to determine whether the domain is likely to resolve to an undesirable host.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular DNS Traffic Analysis.

Known Synonyms
Domain Name Analysis
Internal MISP references

UUID cbe6cd4b-e6fb-595a-84b4-72956ac048f5 which can be used as unique global reference for DNS Traffic Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DNSTA
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

Operational Dependency Mapping

Operational dependency mapping identifies and models the dependencies of the organization's activities on each other and on the organization's performers (people, systems, and services.) This may include modeling the higher- and lower-level activities of an organization forming a hierarchy, or layering, of the dependencies in an organization's activities.

Internal MISP references

UUID 8410a1a0-659b-5c22-b15b-1773e7271c70 which can be used as unique global reference for Operational Dependency Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ODM
kill_chain ['Model:Operational-Activity-Mapping']

Logical link mapping creates a model of existing or previous node-to-node connections using network-layer data or metadata.

Internal MISP references

UUID 9c757a9f-b2b1-5cb1-8131-0db345bac7da which can be used as unique global reference for Logical Link Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-LLM
kill_chain ['Model:Network-Mapping']
Related clusters

To see the related clusters, click here.

Web Session Activity Analysis

Monitoring changes in user web session behavior by comparing current web session activity to a baseline behavior profile or a catalog of predetermined malicious behavior.

Internal MISP references

UUID 3b7c5a04-c523-5600-9ac5-8dfb2765f428 which can be used as unique global reference for Web Session Activity Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-WSAA
kill_chain ['Detect:User-Behavior-Analysis']

Physical link mapping identifies and models the link connectivity of the network devices within a physical network.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Physical Link Mapping.

Known Synonyms
Layer 1 Mapping
Internal MISP references

UUID 60e93778-5f3b-5b2d-9ab3-a9e8e2f332ef which can be used as unique global reference for Physical Link Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PLM
kill_chain ['Model:Network-Mapping']
Related clusters

To see the related clusters, click here.

Authentication Event Thresholding

Collecting authentication events, creating a baseline user profile, and determining whether authentication events are consistent with the baseline profile.

Internal MISP references

UUID 621e2d87-e082-5a7b-87b7-bfe28d1a3374 which can be used as unique global reference for Authentication Event Thresholding in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ANET
kill_chain ['Detect:User-Behavior-Analysis']
Related clusters

To see the related clusters, click here.

Operating System Monitoring

The operating system software, for D3FEND's purposes, includes the kernel and its process management functions, hardware drivers, initialization or boot logic. It also includes and other key system daemons and their configuration. The monitoring or analysis of these components for unauthorized activity constitute Operating System Monitoring.

Internal MISP references

UUID 78797100-f740-524c-ab93-1e988a209cef which can be used as unique global reference for Operating System Monitoring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-OSM
kill_chain ['Detect:Platform-Monitoring']

Forward Resolution Domain Denylisting

Blocking a lookup based on the query's domain name value.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Forward Resolution Domain Denylisting.

Known Synonyms
Forward Resolution Domain Blacklisting
Internal MISP references

UUID 687690f0-e34e-51be-96aa-5be557feef43 which can be used as unique global reference for Forward Resolution Domain Denylisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FRDDL
kill_chain ['Isolate:Network-Isolation']
Related clusters

To see the related clusters, click here.

Per Host Download-Upload Ratio Analysis

Detecting anomalies that indicate malicious activity by comparing the amount of data downloaded versus data uploaded by a host.

Internal MISP references

UUID 7f468f98-b47e-5232-9f63-5d5c1f1e5d58 which can be used as unique global reference for Per Host Download-Upload Ratio Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PHDURA
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

IPC Traffic Analysis

Analyzing standard inter process communication (IPC) protocols to detect deviations from normal protocol activity.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular IPC Traffic Analysis.

Known Synonyms
IPC Analysis
Internal MISP references

UUID e1a49302-a7ef-5c03-b73f-4be00608e957 which can be used as unique global reference for IPC Traffic Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-IPCTA
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

Application Configuration Hardening

Modifying an application's configuration to reduce its attack surface.

Internal MISP references

UUID 8d4904ef-667f-50e4-bb55-7d20738e3155 which can be used as unique global reference for Application Configuration Hardening in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ACH
kill_chain ['Harden:Application-Hardening']
Related clusters

To see the related clusters, click here.

Network Traffic Community Deviation

Establishing baseline communities of network hosts and identifying statistically divergent inter-community communication.

Internal MISP references

UUID d6d1ec4f-3928-5656-a04a-6e80c97b74c0 which can be used as unique global reference for Network Traffic Community Deviation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-NTCD
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

Inbound Session Volume Analysis

Analyzing inbound network session or connection attempt volume.

Internal MISP references

UUID b1f4eab1-8302-547b-9e22-54d9eea625d2 which can be used as unique global reference for Inbound Session Volume Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ISVA
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

Kernel-based Process Isolation

Using kernel-level capabilities to isolate processes.

Internal MISP references

UUID bbf4fdc8-1b03-5654-b092-d8bd180d49fd which can be used as unique global reference for Kernel-based Process Isolation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-KBPI
kill_chain ['Isolate:Execution-Isolation']

RPC Traffic Analysis

Monitoring the activity of remote procedure calls in communication traffic to establish standard protocol operations and potential attacker activities.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular RPC Traffic Analysis.

Known Synonyms
RPC Protocol Analysis
Internal MISP references

UUID 57d0c22d-7fc8-545d-a6da-fb32a3ff2106 which can be used as unique global reference for RPC Traffic Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RTA
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

Restore Database

Restoring the data in a database.

Internal MISP references

UUID 435fcc7a-b288-59f2-bd73-0165120d6d13 which can be used as unique global reference for Restore Database in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RD
kill_chain ['Restore:Restore-Object']
Related clusters

To see the related clusters, click here.

Decoy Persona

Establishing a fake online identity to misdirect, deceive, and or interact with adversaries.

Internal MISP references

UUID a6478818-65c0-5991-859c-4bced927b96b which can be used as unique global reference for Decoy Persona in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DP
kill_chain ['Deceive:Decoy-Object']

Stack Frame Canary Validation

Comparing a value stored in a stack frame with a known good value in order to prevent or detect a memory segment overwrite.

Internal MISP references

UUID 3c89698e-452a-55bd-b231-2b8a9121560c which can be used as unique global reference for Stack Frame Canary Validation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SFCV
kill_chain ['Harden:Application-Hardening']
Related clusters

To see the related clusters, click here.

Hardware Component Inventory

Hardware component inventorying identifies and records the hardware items in the organization's architecture.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Hardware Component Inventory.

Known Synonyms
Hardware Component Discovery
Hardware Component Inventorying
Internal MISP references

UUID 980ecd8a-c1ac-5641-9fa9-d569dc659f88 which can be used as unique global reference for Hardware Component Inventory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-HCI
kill_chain ['Model:Asset-Inventory']
Related clusters

To see the related clusters, click here.

Data Inventory

Data inventorying identifies and records the schemas, formats, volumes, and locations of data stored and used on the organization's architecture.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Data Inventory.

Known Synonyms
Data Discovery
Data Inventorying
Internal MISP references

UUID 9a661e49-0ad0-59ce-a2fe-0248b0bc04cd which can be used as unique global reference for Data Inventory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DI
kill_chain ['Model:Asset-Inventory']
Related clusters

To see the related clusters, click here.

Script Execution Analysis

Analyzing the execution of a script to detect unauthorized user activity.

Internal MISP references

UUID fd255e90-f94a-5739-96e0-53f15ce9a235 which can be used as unique global reference for Script Execution Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SEA
kill_chain ['Detect:Process-Analysis']

TPM Boot Integrity

Assuring the integrity of a platform by demonstrating that the boot process starts from a trusted combination of hardware and software and continues until the operating system has fully booted and applications are running. Sometimes called Static Root of Trust Measurement (STRM).

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular TPM Boot Integrity.

Known Synonyms
STRM
Static Root of Trust Measurement
Internal MISP references

UUID 8a6c78e5-9271-5d2a-9310-2bbf0e32ca33 which can be used as unique global reference for TPM Boot Integrity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-TBI
kill_chain ['Harden:Platform-Hardening']

Local Account Monitoring

Analyzing local user accounts to detect unauthorized activity.

Internal MISP references

UUID 973b66cc-2e20-5d00-b721-989b5907f6d1 which can be used as unique global reference for Local Account Monitoring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-LAM
kill_chain ['Detect:User-Behavior-Analysis']
Related clusters

To see the related clusters, click here.

IO Port Restriction

Limiting access to computer input/output (IO) ports to restrict unauthorized devices.

Internal MISP references

UUID 8b28f8d0-4bb0-5c7f-a30e-6fee1748b4d8 which can be used as unique global reference for IO Port Restriction in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-IOPR
kill_chain ['Isolate:Execution-Isolation']
Related clusters

To see the related clusters, click here.

Email Removal

The email removal technique deletes email files from system storage.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Email Removal.

Known Synonyms
Email Deletion
Internal MISP references

UUID 90dd8e5b-d458-5c1f-ae56-0401e5cfc6b8 which can be used as unique global reference for Email Removal in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ER
kill_chain ['Evict:File-Eviction']
Related clusters

To see the related clusters, click here.

Dynamic Analysis

Executing or opening a file in a synthetic "sandbox" environment to determine if the file is a malicious program or if the file exploits another program such as a document reader.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Dynamic Analysis.

Known Synonyms
Malware Detonation
Malware Sandbox
Internal MISP references

UUID d7f78817-ede1-5f97-94db-2d484ccc5f00 which can be used as unique global reference for Dynamic Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DA
kill_chain ['Detect:File-Analysis']
Related clusters

To see the related clusters, click here.

Memory Boundary Tracking

Analyzing a call stack for return addresses which point to unexpected memory locations.

Internal MISP references

UUID aa139b8e-02a6-530a-8b44-902ad7d8cca0 which can be used as unique global reference for Memory Boundary Tracking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-MBT
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Database Query String Analysis

Analyzing database queries to detect SQL Injection.

Internal MISP references

UUID ed06408b-9f66-5944-b55c-460fcfd390ea which can be used as unique global reference for Database Query String Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DQSA
kill_chain ['Detect:Process-Analysis']
Related clusters

To see the related clusters, click here.

File Content Analysis

Employing a pattern matching algorithm to statically analyze the content of files.

Internal MISP references

UUID ee4e12e9-895b-56e6-b396-2c8076653d5c which can be used as unique global reference for File Content Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FCOA
kill_chain ['Detect:File-Analysis']

Configuration Inventory

Configuration inventory identifies and records the configuration of software and hardware and their components throughout the organization.

Internal MISP references

UUID ad7ad696-4506-533e-815b-bf592e6bda72 which can be used as unique global reference for Configuration Inventory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CI
kill_chain ['Model:Asset-Inventory']
Related clusters

To see the related clusters, click here.

Endpoint Health Beacon

Monitoring the security status of an endpoint by sending periodic messages with health status, where absence of a response may indicate that the endpoint has been compromised.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Endpoint Health Beacon.

Known Synonyms
Endpoint Health Telemetry
Internal MISP references

UUID 294dc5cb-1390-5a0d-bd6a-b151a390afcd which can be used as unique global reference for Endpoint Health Beacon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-EHB
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Sender Reputation Analysis

Ascertaining sender reputation based on information associated with a message (e.g. email/instant messaging).

Internal MISP references

UUID 0f7337cb-443c-5a18-8254-9a90406c7df0 which can be used as unique global reference for Sender Reputation Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SRA
kill_chain ['Detect:Message-Analysis']
Related clusters

To see the related clusters, click here.

Restore Network Access

Restoring a entity's access to a computer network.

Internal MISP references

UUID 5fb3b47e-583b-5631-8934-50a116492d77 which can be used as unique global reference for Restore Network Access in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RNA
kill_chain ['Restore:Restore-Access']
Related clusters

To see the related clusters, click here.

Standalone Honeynet

An environment created for the purpose of attracting attackers and eliciting their behaviors that is not connected to any production enterprise systems.

Internal MISP references

UUID e32ffe48-419f-563e-be1b-95ca18aa3a75 which can be used as unique global reference for Standalone Honeynet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SHN
kill_chain ['Deceive:Decoy-Environment']

Hierarchical Domain Denylisting

Blocking the resolution of any subdomain of a specified domain name.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Hierarchical Domain Denylisting.

Known Synonyms
Hierarchical Domain Blacklisting
Internal MISP references

UUID 273a6f4c-6b85-5926-a967-093b16dcf7f9 which can be used as unique global reference for Hierarchical Domain Denylisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-HDDL
kill_chain ['Isolate:Network-Isolation']

Session Duration Analysis

Analyzing the duration of user sessions in order to detect unauthorized activity.

Internal MISP references

UUID 64eaa3c5-ded3-5fc3-9ed5-606c93500f31 which can be used as unique global reference for Session Duration Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SDA
kill_chain ['Detect:User-Behavior-Analysis']
Related clusters

To see the related clusters, click here.

Scheduled Job Analysis

Analysis of source files, processes, destination files, or destination servers associated with a scheduled job to detect unauthorized use of job scheduling.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Scheduled Job Analysis.

Known Synonyms
Scheduled Job Execution
Internal MISP references

UUID effd6eb2-42cd-53ca-8fda-b75df23a32e5 which can be used as unique global reference for Scheduled Job Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SJA
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Operational Risk Assessment

Operational risk assessment identifies and models the vulnerabilities of, and risks to, an organization's activities individually and as a whole.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Operational Risk Assessment.

Known Synonyms
Mission Risk Assessment
Internal MISP references

UUID d39f626b-6f4f-51fa-a5fc-f2026bd3f330 which can be used as unique global reference for Operational Risk Assessment in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ORA
kill_chain ['Model:Operational-Activity-Mapping']

Credential Rotation

Expiring an existing set of credentials and reissuing a new valid set

Internal MISP references

UUID 9aeb6253-9380-5adb-92cb-9ace6d888cea which can be used as unique global reference for Credential Rotation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CRO
kill_chain ['Harden:Credential-Hardening']
Related clusters

To see the related clusters, click here.

System File Analysis

Monitoring system files such as authentication databases, configuration files, system logs, and system executables for modification or tampering.

Internal MISP references

UUID 9ad8e124-512b-5c6f-b66b-69c71cc604b5 which can be used as unique global reference for System File Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SFA
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Authentication Cache Invalidation

Removing tokens or credentials from an authentication cache to prevent further user associated account accesses.

Internal MISP references

UUID 164fdf79-38bb-56fc-844f-c7c8abbfd7a2 which can be used as unique global reference for Authentication Cache Invalidation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ANCI
kill_chain ['Evict:Credential-Eviction']
Related clusters

To see the related clusters, click here.

Client-server Payload Profiling

Comparing client-server request and response payloads to a baseline profile to identify outliers.

Internal MISP references

UUID 7887aa4f-b724-5df5-a07b-9eb89706d7c7 which can be used as unique global reference for Client-server Payload Profiling in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CSPP
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

Byte Sequence Emulation

Analyzing sequences of bytes and determining if they likely represent malicious shellcode.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Byte Sequence Emulation.

Known Synonyms
Shellcode Transmission Detection
Internal MISP references

UUID cd8e283c-bc7d-55de-a6c5-88b480316485 which can be used as unique global reference for Byte Sequence Emulation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-BSE
kill_chain ['Detect:Network-Traffic-Analysis']

Shadow Stack Comparisons

Comparing a call stack in system memory with a shadow call stack maintained by the processor to determine unauthorized shellcode activity.

Internal MISP references

UUID 856204a9-0a3e-59e8-8858-f75f1ed09aea which can be used as unique global reference for Shadow Stack Comparisons in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SSC
kill_chain ['Detect:Process-Analysis']
Related clusters

To see the related clusters, click here.

Identifier Reputation Analysis

Analyzing the reputation of an identifier.

Internal MISP references

UUID ca03c9c0-09ac-51c5-85f5-4992bc29e5ef which can be used as unique global reference for Identifier Reputation Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-IRA
kill_chain ['Detect:Identifier-Analysis']

Restore File

Restoring a file for an entity to access.

Internal MISP references

UUID dbda8fde-6305-5d3e-abe9-44ec7923332d which can be used as unique global reference for Restore File in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RF
kill_chain ['Restore:Restore-Object']
Related clusters

To see the related clusters, click here.

Organization Mapping

Organization mapping identifies and models the people, roles, and groups with an organization and the relations between them.

Internal MISP references

UUID 3098eddc-8716-535c-a459-21372b3d3ec1 which can be used as unique global reference for Organization Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-OM
kill_chain ['Model:Operational-Activity-Mapping']

Account Locking

The process of temporarily disabling user accounts on a system or domain.

Internal MISP references

UUID 4052a304-6e0c-5e59-b5f2-844d5a4e556d which can be used as unique global reference for Account Locking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-AL
kill_chain ['Evict:Credential-Eviction']
Related clusters

To see the related clusters, click here.

System Call Filtering

Configuring a kernel to use an allow or deny list to filter kernel api calls.

Internal MISP references

UUID 54c5144f-e0da-5e35-bae8-0f25190fe9fb which can be used as unique global reference for System Call Filtering in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SCF
kill_chain ['Isolate:Execution-Isolation']
Related clusters

To see the related clusters, click here.

File Hashing

Employing file hash comparisons to detect known malware.

Internal MISP references

UUID 44eeb025-a766-5466-99c5-3d7b35da7cef which can be used as unique global reference for File Hashing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FH
kill_chain ['Detect:File-Analysis']

Sender MTA Reputation Analysis

Characterizing the reputation of mail transfer agents (MTA) to determine the security risk in emails.

Internal MISP references

UUID 2ba221f7-36e5-56b6-a8bf-474393f2d17d which can be used as unique global reference for Sender MTA Reputation Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SMRA
kill_chain ['Detect:Message-Analysis']
Related clusters

To see the related clusters, click here.

Firmware Verification

Cryptographically verifying firmware integrity.

Internal MISP references

UUID 50cb8ffe-e413-5009-89a3-85ed3c23f98b which can be used as unique global reference for Firmware Verification in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FV
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Exception Handler Pointer Validation

Validates that a referenced exception handler pointer is a valid exception handler.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Exception Handler Pointer Validation.

Known Synonyms
Exception Handler Validation
Internal MISP references

UUID cca03b22-4c86-5f27-af13-d98a62989fce which can be used as unique global reference for Exception Handler Pointer Validation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-EHPV
kill_chain ['Harden:Application-Hardening']

Remote Terminal Session Detection

Detection of an unauthorized remote live terminal console session by examining network traffic to a network host.

Internal MISP references

UUID 3e3e2630-f8e8-5ed2-b93e-97dacb8dec2f which can be used as unique global reference for Remote Terminal Session Detection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RTSD
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

User Data Transfer Analysis

Analyzing the amount of data transferred by a user.

Internal MISP references

UUID d0b7e3f9-64a6-566d-8a60-343c37365c14 which can be used as unique global reference for User Data Transfer Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-UDTA
kill_chain ['Detect:User-Behavior-Analysis']

Passive Certificate Analysis

Collecting host certificates from network traffic or other passive sources like a certificate transparency log and analyzing them for unauthorized activity.

Internal MISP references

UUID eb910451-3782-57e7-a944-c9c3f0ea20e7 which can be used as unique global reference for Passive Certificate Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PCA
kill_chain ['Detect:Network-Traffic-Analysis']

Process Segment Execution Prevention

Preventing execution of any address in a memory region other than the code segment.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Process Segment Execution Prevention.

Known Synonyms
Execute Disable
No Execute
Internal MISP references

UUID c4ed798d-87da-5ad6-9473-bfca807cf7af which can be used as unique global reference for Process Segment Execution Prevention in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PSEP
kill_chain ['Harden:Application-Hardening']
Related clusters

To see the related clusters, click here.

Credential Revoking

Deleting a set of credentials permanently to prevent them from being used to authenticate.

Internal MISP references

UUID 1cb26037-3ff3-5121-bf6b-2905ecb69baa which can be used as unique global reference for Credential Revoking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CR
kill_chain ['Evict:Credential-Eviction']
Related clusters

To see the related clusters, click here.

Access Modeling

Access modeling identifies and records the access permissions granted to administrators, users, groups, and systems.

Internal MISP references

UUID b595da0c-45da-5901-bb78-00fc6d977045 which can be used as unique global reference for Access Modeling in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-AM
kill_chain ['Model:Operational-Activity-Mapping']
Related clusters

To see the related clusters, click here.

Driver Load Integrity Checking

Ensuring the integrity of drivers loaded during initialization of the operating system.

Internal MISP references

UUID 07b40f59-fbd5-52ba-b0e2-f9411659dabe which can be used as unique global reference for Driver Load Integrity Checking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DLIC
kill_chain ['Harden:Platform-Hardening']

Domain Name Reputation Analysis

Analyzing the reputation of a domain name.

Internal MISP references

UUID 03dfb88e-364e-5c21-9d7d-59029e54c9c5 which can be used as unique global reference for Domain Name Reputation Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DNRA
kill_chain ['Detect:Identifier-Analysis']

System Configuration Permissions

Restricting system configuration modifications to a specific user or group of users.

Internal MISP references

UUID ac54cd72-5a21-5025-95fb-39b096f0ee0f which can be used as unique global reference for System Configuration Permissions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SCP
kill_chain ['Harden:Platform-Hardening']
Related clusters

To see the related clusters, click here.

File Integrity Monitoring

Detecting any suspicious changes to files in a computer system.

Internal MISP references

UUID a6c54822-7f49-5770-a99f-29af0d08bf31 which can be used as unique global reference for File Integrity Monitoring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FIM
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

File Carving

Identifying and extracting files from network application protocols through the use of network stream reassembly software.

Internal MISP references

UUID 622fc290-78ea-5b80-9676-afd844e30b56 which can be used as unique global reference for File Carving in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FC
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

Executable Denylisting

Blocking the execution of files on a host in accordance with defined application policy rules.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Executable Denylisting.

Known Synonyms
Executable Blacklisting
Internal MISP references

UUID 4cfdeb35-2f05-591c-b28c-c41a7ce4e520 which can be used as unique global reference for Executable Denylisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-EDL
kill_chain ['Isolate:Execution-Isolation']
Related clusters

To see the related clusters, click here.

Connected Honeynet

A decoy service, system, or environment, that is connected to the enterprise network, and simulates or emulates certain functionality to the network, without exposing full access to a production system.

Internal MISP references

UUID 8dfb525b-bbe8-5092-86b2-4e00969bb712 which can be used as unique global reference for Connected Honeynet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CHN
kill_chain ['Deceive:Decoy-Environment']

User Account Permissions

Restricting a user account's access to resources.

Internal MISP references

UUID 5da33a29-c3a3-5235-80b7-58cbf01da3a5 which can be used as unique global reference for User Account Permissions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-UAP
kill_chain ['Harden:Credential-Hardening']
Related clusters

To see the related clusters, click here.

Process Code Segment Verification

Comparing the "text" or "code" memory segments to a source of truth.

Internal MISP references

UUID fbab09d5-0032-5dff-8122-6afeddab8cff which can be used as unique global reference for Process Code Segment Verification in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PCSV
kill_chain ['Detect:Process-Analysis']
Related clusters

To see the related clusters, click here.

Certificate Pinning

Persisting either a server's X.509 certificate or their public key and comparing that to server's presented identity to allow for greater client confidence in the remote server's identity for SSL connections.

Internal MISP references

UUID 2a4d2791-e193-57af-a4c1-b6f1409a8ebd which can be used as unique global reference for Certificate Pinning in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CP
kill_chain ['Harden:Credential-Hardening']

DNS Allowlisting

Permitting only approved domains and their subdomains to be resolved.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular DNS Allowlisting.

Known Synonyms
DNS Whitelisting
Internal MISP references

UUID 99a2e93d-e41a-552c-b32a-7ed9820a9126 which can be used as unique global reference for DNS Allowlisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DNSAL
kill_chain ['Isolate:Network-Isolation']
Related clusters

To see the related clusters, click here.

Integrated Honeynet

The practice of setting decoys in a production environment to entice interaction from attackers.

Internal MISP references

UUID 2cf6eef1-6a36-59bc-8157-2d825e35b90d which can be used as unique global reference for Integrated Honeynet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-IHN
kill_chain ['Deceive:Decoy-Environment']

RF Shielding

Adding physical barriers to a platform to prevent undesired radio interference.

Internal MISP references

UUID e9ae72b7-3c4d-5680-8112-532cca3ed550 which can be used as unique global reference for RF Shielding in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RFS
kill_chain ['Harden:Platform-Hardening']

System Call Analysis

Analyzing system calls to determine whether a process is exhibiting unauthorized behavior.

Internal MISP references

UUID 8efc9cbd-0353-5a6f-8b9b-dcc72a91e8cd which can be used as unique global reference for System Call Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SCA
kill_chain ['Detect:Process-Analysis']
Related clusters

To see the related clusters, click here.

Peripheral Firmware Verification

Cryptographically verifying peripheral firmware integrity.

Internal MISP references

UUID 1712071c-f306-54a3-8d20-092ec6649003 which can be used as unique global reference for Peripheral Firmware Verification in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PFV
kill_chain ['Detect:Platform-Monitoring']

Network Traffic Policy Mapping

Network traffic policy mapping identifies and models the allowed pathways of data at the network, tranport, and/or application levels.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Network Traffic Policy Mapping.

Known Synonyms
DLP Policy Mapping
Firewall Mapping
IPS Policy Mapping
Web Security Gateway Policy Mapping
Internal MISP references

UUID 19aec027-51a7-55de-a2c9-33a8cd40802e which can be used as unique global reference for Network Traffic Policy Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-NTPM
kill_chain ['Model:Network-Mapping']
Related clusters

To see the related clusters, click here.

IP Reputation Analysis

Analyzing the reputation of an IP address.

Internal MISP references

UUID 674fc229-ea1b-5a79-8a8c-445ed579d634 which can be used as unique global reference for IP Reputation Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-IPRA
kill_chain ['Detect:Identifier-Analysis']

Reverse Resolution Domain Denylisting

Blocking a reverse DNS lookup's answer's domain name value.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Reverse Resolution Domain Denylisting.

Known Synonyms
Reverse Resolution Domain Blacklisting
Internal MISP references

UUID 0f4c7202-d19e-5fef-ae15-e82e14d4337a which can be used as unique global reference for Reverse Resolution Domain Denylisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RRDD
kill_chain ['Isolate:Network-Isolation']

Executable Allowlisting

Using a digital signature to authenticate a file before opening.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Executable Allowlisting.

Known Synonyms
File Signature Authentication
Internal MISP references

UUID bf384e38-6fa5-5159-b729-c8bb3af47fe6 which can be used as unique global reference for Executable Allowlisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-EAL
kill_chain ['Isolate:Execution-Isolation']
Related clusters

To see the related clusters, click here.

Decoy User Credential

A Credential created for the purpose of deceiving an adversary.

Internal MISP references

UUID 9a7bed7b-0baa-5232-b24f-de436702894d which can be used as unique global reference for Decoy User Credential in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DUC
kill_chain ['Deceive:Decoy-Object']
Related clusters

To see the related clusters, click here.

Active physical link mapping sends and receives network traffic as a means to map the physical layer.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Active Physical Link Mapping.

Known Synonyms
Active Physical Layer Mapping
Internal MISP references

UUID f8cda405-1809-5fad-943f-ce794c67c2d6 which can be used as unique global reference for Active Physical Link Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-APLM
kill_chain ['Model:Network-Mapping']

System Daemon Monitoring

Tracking changes to the state or configuration of critical system level processes.

Internal MISP references

UUID be40547e-6646-5d8c-8064-f083a8791ec7 which can be used as unique global reference for System Daemon Monitoring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SDM
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

URL Analysis

Determining if a URL is benign or malicious by analyzing the URL or its components.

Internal MISP references

UUID 5c24a72a-e61a-51e9-b6e5-911755b32ee0 which can be used as unique global reference for URL Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-UA
kill_chain ['Detect:Identifier-Analysis']
Related clusters

To see the related clusters, click here.

Active Certificate Analysis

Actively collecting PKI certificates by connecting to the server and downloading its server certificates for analysis.

Internal MISP references

UUID a0c35dda-500c-5845-a6a1-5de02df3bed6 which can be used as unique global reference for Active Certificate Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ACA
kill_chain ['Detect:Network-Traffic-Analysis']

User Session Init Config Analysis

Analyzing modifications to user session config files such as .bashrc or .bash_profile.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular User Session Init Config Analysis.

Known Synonyms
User Startup Config Analysis
Internal MISP references

UUID a15581c3-dacb-513e-a7bc-54f76a4b2554 which can be used as unique global reference for User Session Init Config Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-USICA
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Emulated File Analysis

Emulating instructions in a file looking for specific patterns.

Internal MISP references

UUID 66fe2000-adca-5925-ba07-730a792bf17d which can be used as unique global reference for Emulated File Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-EFA
kill_chain ['Detect:File-Analysis']
Related clusters

To see the related clusters, click here.

Homoglyph Detection

Comparing strings using a variety of techniques to determine if a deceptive or malicious string is being presented to a user.

Internal MISP references

UUID 1d230cb4-3f98-5241-95df-90a76583cfac which can be used as unique global reference for Homoglyph Detection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-HD
kill_chain ['Detect:Identifier-Analysis']
Related clusters

To see the related clusters, click here.

Pointer Authentication

Comparing the cryptographic hash or derivative of a pointer's value to an expected value.

Internal MISP references

UUID 122f35a5-4f26-5e24-aa9e-51ba21f2d11c which can be used as unique global reference for Pointer Authentication in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PAN
kill_chain ['Harden:Application-Hardening']

Bootloader Authentication

Cryptographically authenticating the bootloader software before system boot.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Bootloader Authentication.

Known Synonyms
Secure Boot
Internal MISP references

UUID a534994d-125d-549d-bbd5-20f31a2eee6c which can be used as unique global reference for Bootloader Authentication in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-BA
kill_chain ['Harden:Platform-Hardening']
Related clusters

To see the related clusters, click here.

Restore Email

Restoring an email for an entity to access.

Internal MISP references

UUID 680e813d-2f92-56a8-8b40-2982242b2ae7 which can be used as unique global reference for Restore Email in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RE
kill_chain ['Restore:Restore-Object']
Related clusters

To see the related clusters, click here.

Broadcast Domain Isolation

Broadcast isolation restricts the number of computers a host can contact on their LAN.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Broadcast Domain Isolation.

Known Synonyms
Network Segmentation
Internal MISP references

UUID a7b7017a-6daa-564d-8b25-ed571952d0c0 which can be used as unique global reference for Broadcast Domain Isolation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-BDI
kill_chain ['Isolate:Network-Isolation']

Credential Transmission Scoping

Limiting the transmission of a credential to a scoped set of relying parties.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Credential Transmission Scoping.

Known Synonyms
Phishing Resistant Authentication
Internal MISP references

UUID 1bb2497c-12e1-5547-8cd8-1ef510275ba1 which can be used as unique global reference for Credential Transmission Scoping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CTS
kill_chain ['Harden:Credential-Hardening']
Related clusters

To see the related clusters, click here.

Process Suspension

Suspending a running process on a computer system.

Internal MISP references

UUID c7271e9f-f0e6-5e03-bb4d-c02e65a5e3b2 which can be used as unique global reference for Process Suspension in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PS
kill_chain ['Evict:Process-Eviction']
Related clusters

To see the related clusters, click here.

Domain Account Monitoring

Monitoring the existence of or changes to Domain User Accounts.

Internal MISP references

UUID c899ef50-74bd-5ba7-a5ad-27d357e78f1b which can be used as unique global reference for Domain Account Monitoring in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DAM
kill_chain ['Detect:User-Behavior-Analysis']
Related clusters

To see the related clusters, click here.

URL Reputation Analysis

Analyzing the reputation of a URL.

Internal MISP references

UUID 9d0e3d9e-4219-511d-9a0c-3df08dded6c0 which can be used as unique global reference for URL Reputation Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-URA
kill_chain ['Detect:Identifier-Analysis']
Related clusters

To see the related clusters, click here.

Message Authentication

Authenticating the sender of a message and ensuring message integrity.

Internal MISP references

UUID 6724076f-3bc2-5da7-870f-bc4688051091 which can be used as unique global reference for Message Authentication in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-MAN
kill_chain ['Harden:Message-Hardening']

Transfer Agent Authentication

Validating that server components of a messaging infrastructure are authorized to send a particular message.

Internal MISP references

UUID 0ff8bb88-a078-55fd-a42d-7da9fdcd52b7 which can be used as unique global reference for Transfer Agent Authentication in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-TAAN
kill_chain ['Harden:Message-Hardening']

Network Traffic Filtering

Restricting network traffic originating from any location.

Internal MISP references

UUID b1c0b6bb-deac-54d4-8a62-4bc57702fd28 which can be used as unique global reference for Network Traffic Filtering in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-NTF
kill_chain ['Isolate:Network-Isolation']
Related clusters

To see the related clusters, click here.

Biometric Authentication

Using biological measures in order to authenticate a user.

Internal MISP references

UUID 0cf84afc-e9a9-52a8-9a64-1146ed86e0c4 which can be used as unique global reference for Biometric Authentication in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-BAN
kill_chain ['Harden:Credential-Hardening']
Related clusters

To see the related clusters, click here.

File Hash Reputation Analysis

Analyzing the reputation of a file hash.

Internal MISP references

UUID f0b15269-e543-5202-b9d7-cfd6621ba2a2 which can be used as unique global reference for File Hash Reputation Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FHRA
kill_chain ['Detect:Identifier-Analysis']

Protocol Metadata Anomaly Detection

Collecting network communication protocol metadata and identifying statistical outliers.

Internal MISP references

UUID c0fa4b60-cc10-5b50-8eb3-4a26752852f2 which can be used as unique global reference for Protocol Metadata Anomaly Detection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PMAD
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

Process Spawn Analysis

Analyzing spawn arguments or attributes of a process to detect processes that are unauthorized.

Internal MISP references

UUID b1cfe58d-38df-5fcd-bb68-b832d15a395f which can be used as unique global reference for Process Spawn Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PSA
kill_chain ['Detect:Process-Analysis']
Related clusters

To see the related clusters, click here.

Multi-factor Authentication

Requiring proof of two or more pieces of evidence in order to authenticate a user.

Internal MISP references

UUID f0b9dd4e-6891-54be-bfd8-2d9cff119944 which can be used as unique global reference for Multi-factor Authentication in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-MFA
kill_chain ['Harden:Credential-Hardening']
Related clusters

To see the related clusters, click here.

Decoy Public Release

Issuing publicly released media to deceive adversaries.

Internal MISP references

UUID cf471e91-4537-54b6-b0f7-0ad331543361 which can be used as unique global reference for Decoy Public Release in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DPR
kill_chain ['Deceive:Decoy-Object']

Administrative Network Activity Analysis

Detection of unauthorized use of administrative network protocols by analyzing network activity against a baseline.

Internal MISP references

UUID bbb6dd55-5a7c-576e-8230-8b1b30a0abd7 which can be used as unique global reference for Administrative Network Activity Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ANAA
kill_chain ['Detect:Network-Traffic-Analysis']
Related clusters

To see the related clusters, click here.

Restore User Account Access

Restoring a user account's access to resources.

Internal MISP references

UUID 75f4788e-dfce-5ef5-b3f5-cb034a7571db which can be used as unique global reference for Restore User Account Access in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RUAA
kill_chain ['Restore:Restore-Access']
Related clusters

To see the related clusters, click here.

Reverse Resolution IP Denylisting

Blocking a reverse lookup based on the query's IP address value.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Reverse Resolution IP Denylisting.

Known Synonyms
Reverse Resolution IP Blacklisting
Internal MISP references

UUID 73e18f53-e95a-5309-b6c5-7d51879d394f which can be used as unique global reference for Reverse Resolution IP Denylisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RRID
kill_chain ['Isolate:Network-Isolation']
Related clusters

To see the related clusters, click here.

Input Device Analysis

Operating system level mechanisms to prevent abusive input device exploitation.

Internal MISP references

UUID fdc3fedb-3a22-5b75-b342-b2e7a4346349 which can be used as unique global reference for Input Device Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-IDA
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Reissue Credential

Issue a new credential to a user which supercedes their old credential.

Internal MISP references

UUID 937e8243-e4a8-54b7-a09b-16c88e1f94bb which can be used as unique global reference for Reissue Credential in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-RIC
kill_chain ['Restore:Restore-Object']
Related clusters

To see the related clusters, click here.

Host Shutdown

Initiating a host's shutdown sequence to terminate all running processes.

Internal MISP references

UUID 6ecb5446-d874-584a-86d8-704bb8fa8ca2 which can be used as unique global reference for Host Shutdown in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-HS
kill_chain ['Evict:Process-Eviction']
Related clusters

To see the related clusters, click here.

Data Exchange Mapping

Data exchange mapping identifies and models the organization's intended design for the flows of the data types, formats, and volumes between systems at the application layer.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Data Exchange Mapping.

Known Synonyms
Data Flow Mapping
Information Exchange Mapping
Internal MISP references

UUID bc9684d4-bd04-531b-a37e-0c709d694e20 which can be used as unique global reference for Data Exchange Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DEM
kill_chain ['Model:System-Mapping']

Process Self-Modification Detection

Detects processes that modify, change, or replace their own code at runtime.

Internal MISP references

UUID b9b2e3b0-4cee-58d7-b97e-33231a812799 which can be used as unique global reference for Process Self-Modification Detection in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PSMD
kill_chain ['Detect:Process-Analysis']
Related clusters

To see the related clusters, click here.

Passive logical link mapping only listens to network traffic as a means to map the the whole data link layer, where the links represent logical data flows rather than physical connections.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Passive Logical Link Mapping.

Known Synonyms
Passive Logical Layer Mapping
Internal MISP references

UUID 52edb6e4-fa0f-5594-812b-54e4bed33360 which can be used as unique global reference for Passive Logical Link Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PLLM
kill_chain ['Model:Network-Mapping']

One-time Password

A one-time password is valid for only one user authentication.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular One-time Password.

Known Synonyms
OTP
Internal MISP references

UUID b7b2e1e7-8e4c-5ba4-bc19-0a67e8f439c5 which can be used as unique global reference for One-time Password in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-OTP
kill_chain ['Harden:Credential-Hardening']
Related clusters

To see the related clusters, click here.

Service Binary Verification

Analyzing changes in service binary files by comparing to a source of truth.

Internal MISP references

UUID 2a9aa494-f476-59c5-8bc1-520f19a731f3 which can be used as unique global reference for Service Binary Verification in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SBV
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Dead Code Elimination

Removing unreachable or "dead code" from compiled source code.

Internal MISP references

UUID a6ab4a27-bea4-52a9-aee6-b3ada84e12f0 which can be used as unique global reference for Dead Code Elimination in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DCE
kill_chain ['Harden:Application-Hardening']

Hardware-based Process Isolation

Preventing one process from writing to the memory space of another process through hardware based address manager implementations.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Hardware-based Process Isolation.

Known Synonyms
Virtualization
Internal MISP references

UUID 2c5d7563-06b0-5250-b72c-d6ff3b4dcdb6 which can be used as unique global reference for Hardware-based Process Isolation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-HBPI
kill_chain ['Isolate:Execution-Isolation']
Related clusters

To see the related clusters, click here.

Domain Trust Policy

Restricting inter-domain trust by modifying domain configuration.

Internal MISP references

UUID 177288bd-0d7a-575e-901c-3af228358234 which can be used as unique global reference for Domain Trust Policy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-DTP
kill_chain ['Harden:Credential-Hardening']
Related clusters

To see the related clusters, click here.

Forward Resolution IP Denylisting

Blocking a DNS lookup's answer's IP address value.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Forward Resolution IP Denylisting.

Known Synonyms
Forward Resolution IP Blacklisting
Internal MISP references

UUID 644db38c-94cd-5e09-956b-c274eea9be16 which can be used as unique global reference for Forward Resolution IP Denylisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FRIDL
kill_chain ['Isolate:Network-Isolation']

Container Image Analysis

Analyzing a Container Image with respect to a set of policies.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Container Image Analysis.

Known Synonyms
Container Image Scanning
Internal MISP references

UUID 8c2294c7-d7c4-556b-b908-144ae891f1a2 which can be used as unique global reference for Container Image Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-CIA
kill_chain ['Model:Asset-Inventory']
Related clusters

To see the related clusters, click here.

Active logical link mapping sends and receives network traffic as a means to map the whole data link layer, where the links represent logical data flows rather than physical connection

Internal MISP references

UUID e776f523-cc55-5076-b26d-db08bbdffc01 which can be used as unique global reference for Active Logical Link Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ALLM
kill_chain ['Model:Network-Mapping']

Mandatory Access Control

Controlling access to local computer system resources with kernel-level capabilities.

Internal MISP references

UUID 5c13ef28-ac3a-52fa-99de-563fc6a0bd45 which can be used as unique global reference for Mandatory Access Control in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-MAC
kill_chain ['Isolate:Execution-Isolation']
Related clusters

To see the related clusters, click here.

System Firmware Verification

Cryptographically verifying installed system firmware integrity.

Internal MISP references

UUID 4905080d-7cd7-5a17-9223-2454462d5481 which can be used as unique global reference for System Firmware Verification in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SFV
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

File Creation Analysis

Analyzing the properties of file create system call invocations.

Internal MISP references

UUID 4d53ce87-4d9e-58e6-887f-61a7998fe875 which can be used as unique global reference for File Creation Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FCA
kill_chain ['Detect:Process-Analysis']
Related clusters

To see the related clusters, click here.

System Init Config Analysis

Analysis of any system process startup configuration.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular System Init Config Analysis.

Known Synonyms
Autorun Analysis
Startup Analysis
Internal MISP references

UUID 3ff31fe3-4b89-5376-ac54-497528092610 which can be used as unique global reference for System Init Config Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-SICA
kill_chain ['Detect:Platform-Monitoring']
Related clusters

To see the related clusters, click here.

Passive physical link mapping only listens to network traffic as a means to map the physical layer.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Passive Physical Link Mapping.

Known Synonyms
Passive Physical Layer Mapping
Internal MISP references

UUID 520a48b5-b5b2-5eb9-8c8d-10c3e806e8d1 which can be used as unique global reference for Passive Physical Link Mapping in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PPLM
kill_chain ['Model:Network-Mapping']

Process Lineage Analysis

Identification of suspicious processes executing on an end-point device by examining the ancestry and siblings of a process, and the associated metadata of each node on the tree, such as process execution, duration, and order relative to siblings and ancestors.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Process Lineage Analysis.

Known Synonyms
Process Tree Analysis
Internal MISP references

UUID 32c75bca-fd70-593c-a40a-4a6d582599a2 which can be used as unique global reference for Process Lineage Analysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-PLA
kill_chain ['Detect:Process-Analysis']
Related clusters

To see the related clusters, click here.

Homoglyph Denylisting

Blocking DNS queries that are deceptively similar to legitimate domain names.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Homoglyph Denylisting.

Known Synonyms
Homoglyph Blacklisting
Internal MISP references

UUID 0352af96-b290-5e0e-9229-828c3298b663 which can be used as unique global reference for Homoglyph Denylisting in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-HDL
kill_chain ['Isolate:Network-Isolation']

File Content Rules

Employing a pattern matching rule language to analyze the content of files.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular File Content Rules.

Known Synonyms
File Content Signatures
File Signatures
Internal MISP references

UUID dabd0a87-3fc1-57fb-8cf0-d5915a0d660f which can be used as unique global reference for File Content Rules in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-FCR
kill_chain ['Detect:File-Analysis']

Inbound Traffic Filtering

Restricting network traffic originating from untrusted networks destined towards a private host or enclave.

Internal MISP references

UUID f2df5454-8782-517a-ab19-1e51e2df4fb9 which can be used as unique global reference for Inbound Traffic Filtering in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ITF
kill_chain ['Isolate:Network-Isolation']
Related clusters

To see the related clusters, click here.

Outbound Traffic Filtering

Restricting network traffic originating from a private host or enclave destined towards untrusted networks.

Internal MISP references

UUID d6c9eb1e-5fb2-5a10-a73b-9b1075ac4a59 which can be used as unique global reference for Outbound Traffic Filtering in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-OTF
kill_chain ['Isolate:Network-Isolation']
Related clusters

To see the related clusters, click here.

Unlock Account

Restoring a user account's access to resources by unlocking a locked User Account.

Internal MISP references

UUID dd547285-c3de-518b-bb09-8788627f3feb which can be used as unique global reference for Unlock Account in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-ULA
kill_chain ['Restore:Restore-Access']
Related clusters

To see the related clusters, click here.

Host Reboot

Initiating a host's reboot sequence to terminate all running processes.

Internal MISP references

UUID 342ba701-6921-5383-9e02-b3bf9e1d6f08 which can be used as unique global reference for Host Reboot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-HR
kill_chain ['Evict:Process-Eviction']
Related clusters

To see the related clusters, click here.

Email Filtering

Filtering incoming email traffic based on specific criteria.

Internal MISP references

UUID 1dfa7e9f-1160-5b18-9fac-19d228c3c691 which can be used as unique global reference for Email Filtering in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
external_id D3-EF
kill_chain ['Isolate:Network-Isolation']
Related clusters

To see the related clusters, click here.