Identification of suspicious processes executing on an end-point device by examining the ancestry and siblings of a process, and the associated metadata of each node on the tree, such as process execution, duration, and order relative to siblings and ancestors.
https://d3fend.mitre.org/technique/d3f:ProcessLineageAnalysis/
| ID | Name | Description | NIST Rev5 | D3FEND | ISO 27001 | |
| ID | Name | Description | |
|---|---|---|---|
| ID | Description | |
| Requirement | Rationale/Additional Guidance/Notes |
|---|