1. Home
  2. D3FEND Techniques
  3. D3-PM
  4. D3-OSM

Operating System Monitoring

The operating system software, for D3FEND's purposes, includes the kernel and its process management functions, hardware drivers, initialization or boot logic. It also includes and other key system daemons and their configuration. The monitoring or analysis of these components for unauthorized activity constitute **Operating System Monitoring**.

ID Name
D3-EHB Endpoint Health Beacon
D3-IDA Input Device Analysis
D3-MBT Memory Boundary Tracking
D3-SJA Scheduled Job Analysis
D3-SDM System Daemon Monitoring
D3-SFA System File Analysis
D3-SBV Service Binary Verification
D3-SICA System Init Config Analysis
D3-USICA User Session Init Config Analysis
ID: D3-OSM
Subclasses:  D3-EHB D3-IDA D3-MBT D3-SJA D3-SDM D3-SFA D3-SBV D3-SICA D3-USICA
Artifacts:  Input Device Service Application Process Code Segment Operating System File Task Schedule Operating System Process System Init Configuration User Init Configuration File
Tactic:

Informational References

https://d3fend.mitre.org/technique/d3f:OperatingSystemMonitoring/

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001

Related SPARTA Techniques and Sub-Techniques

ID Name Description

Space Threats Mapped

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes