Process Lineage Analysis

Identification of suspicious processes executing on an end-point device by examining the ancestry and siblings of a process, and the associated metadata of each node on the tree, such as process execution, duration, and order relative to siblings and ancestors.

ID: D3-PLA
Subclasses: 
Artifacts:  Process
Tactic:

Informational References

https://d3fend.mitre.org/technique/d3f:ProcessLineageAnalysis/

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001

Related SPARTA Techniques and Sub-Techniques

ID Name Description

Space Threats Mapped

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes