The detect tactic is used to identify adversary access to or unauthorized activity on computer networks.

Informational References


ID Name Description
D3-NTA Network Traffic Analysis
D3-ANAA Administrative Network Activity Analysis
D3-BSE Byte Sequence Emulation
D3-CA Certificate Analysis
D3-ACA Active Certificate Analysis
D3-PCA Passive Certificate Analysis
D3-CSPP Client-server Payload Profiling
D3-CAA Connection Attempt Analysis
D3-DNSTA DNS Traffic Analysis
D3-FC File Carving
D3-ISVA Inbound Session Volume Analysis
D3-IPCTA IPC Traffic Analysis
D3-NTCD Network Traffic Community Deviation
D3-PHDURA Per Host Download-Upload Ratio Analysis
D3-PMAD Protocol Metadata Anomaly Detection
D3-RPA Relay Pattern Analysis
D3-RTSD Remote Terminal Session Detection
D3-RTA RPC Traffic Analysis
D3-PM Platform Monitoring
D3-FBA Firmware Behavior Analysis
D3-FEMC Firmware Embedded Monitoring Code
D3-FV Firmware Verification
D3-PFV Peripheral Firmware Verification
D3-SFV System Firmware Verification
D3-OSM Operating System Monitoring
D3-EHB Endpoint Health Beacon
D3-IDA Input Device Analysis
D3-MBT Memory Boundary Tracking
D3-SJA Scheduled Job Analysis
D3-SDM System Daemon Monitoring
D3-SFA System File Analysis
D3-SBV Service Binary Verification
D3-SICA System Init Config Analysis
D3-USICA User Session Init Config Analysis
D3-PA Process Analysis
D3-DQSA Database Query String Analysis
D3-FAPA File Access Pattern Analysis
D3-IBCA Indirect Branch Call Analysis
D3-PCSV Process Code Segment Verification
D3-PSMD Process Self-Modification Detection
D3-PSA Process Spawn Analysis
D3-PLA Process Lineage Analysis
D3-SEA Script Execution Analysis
D3-SSC Shadow Stack Comparisons
D3-SCA System Call Analysis
D3-FCA File Creation Analysis
D3-MA Message Analysis
D3-SMRA Sender MTA Reputation Analysis
D3-SRA Sender Reputation Analysis
D3-ID Identifier Analysis
D3-HD Homoglyph Detection
D3-UA URL Analysis
D3-IRA Identifier Reputation Analysis
D3-DNRA Domain Name Reputation Analysis
D3-FHRA File Hash Reputation Analysis
D3-IPRA IP Reputation Analysis
D3-URA URL Reputation Analysis
D3-IAA Identifier Activity Analysis
D3-UBA User Behavior Analysis
D3-ANET Authentication Event Thresholding
D3-AZET Authorization Event Thresholding
D3-CCSA Credential Compromise Scope Analysis
D3-DAM Domain Account Monitoring
D3-JFAPA Job Function Access Pattern Analysis
D3-LAM Local Account Monitoring
D3-RAPA Resource Access Pattern Analysis
D3-SDA Session Duration Analysis
D3-UDTA User Data Transfer Analysis
D3-UGLPA User Geolocation Logon Pattern Analysis
D3-WSAA Web Session Activity Analysis
D3-FA File Analysis
D3-DA Dynamic Analysis
D3-EFA Emulated File Analysis
D3-FCR File Content Rules
D3-FH File Hashing