Home/D3FEND
D3FEND

D3FEND defensive techniques

11 countermeasures from MITRE's defensive catalog
D3FEND is the defensive counterpart to ATT&CK. It describes what defenders can do to detect, isolate, deceive, evict, harden, and recover from each attack technique. Use it to map defenses to specific adversary behaviors.
Category Detect Isolate Deceive Evict Harden Restore Model all

Defensive techniques

11
D3-DecoyFile
Decoy File
Deceive
D3-FileAnalysis
File Analysis
Detect
D3-FileIntegrityMonitoring
File Integrity Monitoring
Detect
D3-FileEviction
File Eviction
Evict
D3-FileEncryption
File Encryption
Harden
D3-ContentFiltering
Content Filtering
Isolate
D3-ContentModification
Content Modification
Isolate
D3-ContentQuarantine
Content Quarantine
Isolate
D3-LocalFilePermissions
Local File Permissions
Isolate
D3-RemoteFileAccessMediation
Remote File Access Mediation
Isolate
D3-RestoreFile
Restore File
Restore
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh