Process Analysis

Process Analysis consists of observing a running application process and analyzing it to watch for certain behaviors or conditions which may indicate adversary activity. Analysis can occur inside of the process or through a third-party monitoring application. Examples include monitoring system and privileged calls, monitoring process initiation chains, and memory boundary allocations.

Informational References

https://d3fend.mitre.org/technique/d3f:ProcessAnalysis/

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001

Related SPARTA Techniques and Sub-Techniques

ID Name Description

Space Threats Mapped

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes