Home/D3FEND
D3FEND

D3FEND defensive techniques

17 countermeasures from MITRE's defensive catalog
D3FEND is the defensive counterpart to ATT&CK. It describes what defenders can do to detect, isolate, deceive, evict, harden, and recover from each attack technique. Use it to map defenses to specific adversary behaviors.
Category Detect Isolate Deceive Evict Harden Restore Model all

Defensive techniques

17
D3-ApplicationProtocolCommandAnalysis
Application Protocol Command Analysis
Detect
D3-Client-serverPayloadProfiling
Client-server Payload Profiling
Detect
D3-HomoglyphDetection
Homoglyph Detection
Detect
D3-IdentifierActivityAnalysis
Identifier Activity Analysis
Detect
D3-NetworkTrafficCommunityDeviation
Network Traffic Community Deviation
Detect
D3-NetworkTrafficSignatureAnalysis
Network Traffic Signature Analysis
Detect
D3-PerHostDownload-UploadRatioAnalysis
Per Host Download- Upload Ratio Analysis
Detect
D3-ProtocolMetadataAnomalyDetection
Protocol Metadata Anomaly Detection
Detect
D3-RelayPatternAnalysis
Relay Pattern Analysis
Detect
D3-RemoteTerminalSessionDetection
Remote Terminal Session Detection
Detect
D3-URLAnalysis
U R L Analysis
Detect
D3-URLReputationAnalysis
U R L Reputation Analysis
Detect
D3-UserGeolocationLogonPatternAnalysis
User Geolocation Logon Pattern Analysis
Detect
D3-ProcessSegmentExecutionPrevention
Process Segment Execution Prevention
Harden
D3-SegmentAddressOffsetRandomization
Segment Address Offset Randomization
Harden
D3-NetworkTrafficFiltering
Network Traffic Filtering
Isolate
D3-OutboundTrafficFiltering
Outbound Traffic Filtering
Isolate
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin