Tactics
Techniques
Countermeasures
Countermeasures
NIST References
ISO IEC 27001
D3FEND
Tactics
Technqiues
Artifacts
Resources
General Information
Getting Started
FAQ
Working with SPARTA
Updates
SPARTA Versions
Contribute
Related Work
Defense-in-Depth Space Systems
Threat Levels
Threats
Risk Assessment
Cybersecurity Protections for
Spacecraft: A Threat Based
Approach (pdf)
Search
Currently viewing SPARTA v1.0.
Learn more about the versioning system
or
see the live site
.
TECHNIQUES
D3FEND
Model
D3-AI - Asset Inventory
D3-CI - Configuration Inventory
D3-DI - Data Inventory
D3-SWI - Software Inventory
D3-AVE - Asset Vulnerability Enumeration
D3-NNI - Network Node Inventory
D3-HCI - Hardware Component Inventory
D3-NM - Network Mapping
D3-LLM - Logical Link Mapping
D3-ALLM - Active Logical Link Mapping
D3-PLLM - Passive Logical Link Mapping
D3-NVA - Network Vulnerability Assessment
D3-PLM - Physical Link Mapping
D3-APLM - Active Physical Link Mapping
D3-PPLM - Passive Physical Link Mapping
D3-NTPM - Network Traffic Policy Mapping
D3-OAM - Operational Activity Mapping
D3-AM - Access Modeling
D3-ODM - Operational Dependency Mapping
D3-ORA - Operational Risk Assessment
D3-OM - Organization Mapping
D3-SYSM - System Mapping
D3-DEM - Data Exchange Mapping
D3-SVCDM - Service Dependency Mapping
D3-SYSDM - System Dependency Mapping
D3-SYSVA - System Vulnerability Assessment
Harden
D3-MH - Message Hardening
D3-MAN - Message Authentication
D3-MENCR - Message Encryption
D3-TAAN - Transfer Agent Authentication
D3-CH - Credential Hardening
D3-BAN - Biometric Authentication
D3-CBAN - Certificate-based Authentication
D3-CP - Certificate Pinning
D3-CTS - Credential Transmission Scoping
D3-DTP - Domain Trust Policy
D3-MFA - Multi-factor Authentication
D3-OTP - One-time Password
D3-SPP - Strong Password Policy
D3-UAP - User Account Permissions
D3-CRO - Credential Rotation
D3-PH - Platform Hardening
D3-BA - Bootloader Authentication
D3-DENCR - Disk Encryption
D3-DLIC - Driver Load Integrity Checking
D3-FE - File Encryption
D3-LFP - Local File Permissions
D3-RFS - RF Shielding
D3-SU - Software Update
D3-SCP - System Configuration Permissions
D3-TBI - TPM Boot Integrity
D3-AH - Application Hardening
D3-ACH - Application Configuration Hardening
D3-DCE - Dead Code Elimination
D3-EHPV - Exception Handler Pointer Validation
D3-PAN - Pointer Authentication
D3-PSEP - Process Segment Execution Prevention
D3-SAOR - Segment Address Offset Randomization
D3-SFCV - Stack Frame Canary Validation
Detect
D3-NTA - Network Traffic Analysis
D3-ANAA - Administrative Network Activity Analysis
D3-BSE - Byte Sequence Emulation
D3-CA - Certificate Analysis
D3-ACA - Active Certificate Analysis
D3-PCA - Passive Certificate Analysis
D3-CSPP - Client-server Payload Profiling
D3-CAA - Connection Attempt Analysis
D3-DNSTA - DNS Traffic Analysis
D3-FC - File Carving
D3-ISVA - Inbound Session Volume Analysis
D3-IPCTA - IPC Traffic Analysis
D3-NTCD - Network Traffic Community Deviation
D3-PHDURA - Per Host Download-Upload Ratio Analysis
D3-PMAD - Protocol Metadata Anomaly Detection
D3-RPA - Relay Pattern Analysis
D3-RTSD - Remote Terminal Session Detection
D3-RTA - RPC Traffic Analysis
D3-PM - Platform Monitoring
D3-FBA - Firmware Behavior Analysis
D3-FEMC - Firmware Embedded Monitoring Code
D3-FV - Firmware Verification
D3-PFV - Peripheral Firmware Verification
D3-SFV - System Firmware Verification
D3-OSM - Operating System Monitoring
D3-EHB - Endpoint Health Beacon
D3-IDA - Input Device Analysis
D3-MBT - Memory Boundary Tracking
D3-SJA - Scheduled Job Analysis
D3-SDM - System Daemon Monitoring
D3-SFA - System File Analysis
D3-SBV - Service Binary Verification
D3-SICA - System Init Config Analysis
D3-USICA - User Session Init Config Analysis
D3-PA - Process Analysis
D3-DQSA - Database Query String Analysis
D3-FAPA - File Access Pattern Analysis
D3-IBCA - Indirect Branch Call Analysis
D3-PCSV - Process Code Segment Verification
D3-PSMD - Process Self-Modification Detection
D3-PSA - Process Spawn Analysis
D3-PLA - Process Lineage Analysis
D3-SEA - Script Execution Analysis
D3-SSC - Shadow Stack Comparisons
D3-SCA - System Call Analysis
D3-FCA - File Creation Analysis
D3-MA - Message Analysis
D3-SMRA - Sender MTA Reputation Analysis
D3-SRA - Sender Reputation Analysis
D3-ID - Identifier Analysis
D3-HD - Homoglyph Detection
D3-UA - URL Analysis
D3-IRA - Identifier Reputation Analysis
D3-DNRA - Domain Name Reputation Analysis
D3-FHRA - File Hash Reputation Analysis
D3-IPRA - IP Reputation Analysis
D3-URA - URL Reputation Analysis
D3-IAA - Identifier Activity Analysis
D3-UBA - User Behavior Analysis
D3-ANET - Authentication Event Thresholding
D3-AZET - Authorization Event Thresholding
D3-CCSA - Credential Compromise Scope Analysis
D3-DAM - Domain Account Monitoring
D3-JFAPA - Job Function Access Pattern Analysis
D3-LAM - Local Account Monitoring
D3-RAPA - Resource Access Pattern Analysis
D3-SDA - Session Duration Analysis
D3-UDTA - User Data Transfer Analysis
D3-UGLPA - User Geolocation Logon Pattern Analysis
D3-WSAA - Web Session Activity Analysis
D3-FA - File Analysis
D3-DA - Dynamic Analysis
D3-EFA - Emulated File Analysis
D3-FCR - File Content Rules
D3-FH - File Hashing
Isolate
D3-NI - Network Isolation
D3-BDI - Broadcast Domain Isolation
D3-DNSAL - DNS Allowlisting
D3-DNSDL - DNS Denylisting
D3-FRDDL - Forward Resolution Domain Denylisting
D3-HDDL - Hierarchical Domain Denylisting
D3-HDL - Homoglyph Denylisting
D3-FRIDL - Forward Resolution IP Denylisting
D3-RRDD - Reverse Resolution Domain Denylisting
D3-RRID - Reverse Resolution IP Denylisting
D3-ET - Encrypted Tunnels
D3-NTF - Network Traffic Filtering
D3-ITF - Inbound Traffic Filtering
D3-OTF - Outbound Traffic Filtering
D3-EI - Execution Isolation
D3-EAL - Executable Allowlisting
D3-EDL - Executable Denylisting
D3-HBPI - Hardware-based Process Isolation
D3-IOPR - IO Port Restriction
D3-KBPI - Kernel-based Process Isolation
D3-MAC - Mandatory Access Control
D3-SCF - System Call Filtering
Deceive
D3-DE - Decoy Environment
D3-CHN - Connected Honeynet
D3-IHN - Integrated Honeynet
D3-SHN - Standalone Honeynet
D3-DO - Decoy Object
D3-DF - Decoy File
D3-DNR - Decoy Network Resource
D3-DP - Decoy Persona
D3-DPR - Decoy Public Release
D3-DST - Decoy Session Token
D3-DUC - Decoy User Credential
Evict
D3-FEV - File Eviction
D3-FR - File Removal
D3-ER - Email Removal
D3-CE - Credential Eviction
D3-AL - Account Locking
D3-ANCI - Authentication Cache Invalidation
D3-CR - Credential Revoking
D3-PE - Process Eviction
D3-PT - Process Termination
D3-PS - Process Suspension
Home
D3FEND Techniques
D3-ID
D3-IRA
D3-URA
URL Reputation Analysis
Analyzing the reputation of a URL.
ID:
D3-URA
Subclasses:
No subclasses
Artifacts:
URL
ⓘ
Tactic:
Detect
Informational References
https://d3fend.mitre.org/technique/d3f:URLReputationAnalysis/
Countermeasures
ID
Name
Description
NIST Rev5
D3FEND
ISO 27001
Related SPARTA Techniques and Sub-Techniques
ID
Name
Description
Space Threats Mapped
ID
Description
Sample Requirements
Requirement
Rationale/Additional Guidance/Notes
×