D3FEND™ - A knowledge graph of cybersecurity countermeasures

has super-classes: Feature Assessment^c; assesses^op some Defensive Technique Claim^c; counters^op some Offensive Technique^c; confidence^dp some integer; rating^dp only { "0" , "1" , "2" , "3" }; stage^dp only { "Deceive" , "Detect" , "Evict" , "Harden" , "Isolate" }; rating^dp exactly 1; stage^dp exactly 1
is in range of: assesses^op

Defensive Technique Claim^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTechniqueClaim

has super-classes: Capability Feature Claim^c; cites^op some Information Content Entity^c; claims^op some Defensive Technique^c
is in domain of: assesses^op

Delete Cloud Instance^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1578.003

has super-classes: Modify Cloud Compute Infrastructure^c

Deobfuscate/Decode Files or Information^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1140

has super-classes: Defense Evasion Technique^c; invokes^op some Create Process^c; may-add^op some Executable File^c; may-modify^op some Event Log^c
is also defined as: named individual

Dependency^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Dependency

has super-classes: Digital Artifact^c; dependent^op some D3FEND Thing^c; provider^op some D3FEND Thing^c
has sub-classes: Activity Dependency^c, Data Dependency^c, Service Dependency^c, System Dependency^c
is also defined as: named individual

Deploy Container^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1610

has super-classes: Defense Evasion Technique^c; Execution Technique^c

Deserialization Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DeserializationFunction

has super-classes: Subroutine^c
is also defined as: named individual

Deserialization of Untrusted Data^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-502

has super-classes: Weakness^c; may be weakness of^op some User Input Function^c; weakness of^op some Deserialization Function^c
is also defined as: named individual

Desktop Computer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DesktopComputer

is defined by: http://dbpedia.org/resource/Desktop_computer

has super-classes: Personal Computer^c

Detect^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Detect

has super-classes: Defensive Tactic^c
is also defined as: named individual

Determine Physical Locations^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1591.001

has super-classes: Gather Victim Org Information^c

Develop Capabilities^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1587

has super-classes: Resource Development Technique^c
has sub-classes: Code Signing Certificates^c, Digital Certificates^c, Exploits^c, Malware^c

Developer Application^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DeveloperApplication

has super-classes: User Application^c
has sub-classes: Build Tool^c, Code Analyzer^c, Network Traffic Analysis Software^c, Test Execution Tool^c, Version Control Tool^c

Device Registration^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.005

has super-classes: Account Manipulation^c

DHCP Spoofing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557.003

has super-classes: Man-in-the-Middle^c

Dial Up Modem^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DialUpModem

is defined by: http://dbpedia.org/resource/Modem#Dial-up

has super-classes: Modem^c

Digital Artifact^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalArtifact

has super-classes: Artifact^c; Digital Object^c
has sub-classes: Address Space^c, Binary Large Object^c, Binary Segment^c, Blob^c, Block Device^c, Boot Loader^c, Call Stack^c, Certificate^c, Clipboard^c, Command^c, Credential^c, Cryptographic Key^c, DNS Lookup^c, Database^c, Decoy Artifact^c, Dependency^c, Digital System^c, Directory^c, Display Server^c, Domain Registration^c, Enclave^c, File Section^c, File System^c, File System Link^c, Hardware Device^c, Hardware Driver^c, Identifier^c, Interprocess Communication^c, Intrusion Detection System^c, Kernel Process Table^c, Link^c, Log^c, Memory Address^c, Memory Extent^c, Metadata^c, Network^c, Network Flow^c, Network Node^c, Network Traffic^c, Operating System^c, Page Table^c, Partition^c, Partition Table^c, Physical Location^c, Platform^c, Pointer^c, Process^c, Process Image^c, Process Tree^c, Record^c, Resource^c, Sensor^c, Session^c, Shadow Stack^c, Software^c, Software Package^c, Stack Component^c, Storage^c, System Call^c, Task Schedule^c, Thread^c, Trust Store^c, User^c, User Account^c, User Action^c, User Behavior^c, User Interface^c, User to User Message^c, Volume^c
is in domain of: d3fend-artifact-data-property^dp
is in range of: hides^op
has members: Network Traffic Analysis Softwareⁿⁱ
is also defined as: named individual

Digital Certificates^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1587.003

has super-classes: Develop Capabilities^c

Digital Certificates^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.004

has super-classes: Obtain Capabilities^c

Digital Certificates^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596.003

has super-classes: Search Open Technical Databases^c

Digital Event^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalEvent

has super-classes: D3FEND Thing^c
has sub-classes: Command^c, DNS Lookup^c, Resource Access^c, System Call^c, User Action^c

Digital Object^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalObject

has super-classes: D3FEND Thing^c
has sub-classes: Digital Artifact^c

Digital System^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalSystem

has super-classes: Digital Artifact^c; System^c
has sub-classes: Legacy System^c
is also defined as: named individual

Direct Network Flood^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498.001

has super-classes: Network Denial of Service^c; creates^op some Inbound Internet Network Traffic^c
is also defined as: named individual

Direct Volume Access^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1006

has super-classes: Defense Evasion Technique^c; accesses^op some Volume^c
is also defined as: named individual

Directory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Directory

has super-classes: Digital Artifact^c; may-contain^op some File^c
has sub-classes: Startup Directory^c, System Startup Directory^c
is also defined as: named individual

Directory Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DirectoryService

has super-classes: Network Service^c
is also defined as: named individual

Disable Cloud Logs^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.008

has super-classes: Impair Defenses^c

Disable Crypto Hardware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1600.002

has super-classes: Weaken Encryption^c

Disable or Modify Cloud Firewall^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.007

has super-classes: Impair Defenses^c

Disable or Modify System Firewall^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.004

has super-classes: Impair Defenses^c; modifies^op some System Firewall Configuration^c
is also defined as: named individual

Disable or Modify Tools^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.001

has super-classes: Impair Defenses^c; disables^op some Operating System Process^c
is also defined as: named individual

Disable Windows Event Logging^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.002

has super-classes: Impair Defenses^c; may-modify^op some Application Configuration^c; may-modify^op some Operating System Configuration Component^c
is also defined as: named individual

Disabling Security Tools^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1089

has super-classes: Defense Evasion Technique^c

Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Discovery

has super-classes: Offensive Tactic^c
is also defined as: named individual

Discovery Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DiscoveryTechnique

has super-classes: Offensive Technique^c; enables^op some Discovery^c
has sub-classes: Account Discovery^c, Application Window Discovery^c, Browser Bookmark Discovery^c, Cloud Infrastructure Discovery^c, Cloud Service Dashboard^c, Cloud Service Discovery^c, Cloud Storage Object Discovery^c, Container and Resource Discovery^c, Data from Information Repositories^c, Debugger Evasion^c, Domain Trust Discovery^c, File and Directory Discovery^c, Group Policy Discovery^c, Network Service Scanning^c, Network Share Discovery^c, Network Sniffing^c, Password Policy Discovery^c, Peripheral Device Discovery^c, Permission Groups Discovery^c, Process Discovery^c, Query Registry^c, Remote System Discovery^c, Security Software Discovery^c, Software Discovery^c, System Information Discovery^c, System Location Discovery^c, System Network Configuration Discovery^c, System Network Connections Discovery^c, System Owner/User Discovery^c, System Service Discovery^c, System Time Discovery^c
is also defined as: named individual

Disk Content Wipe^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1488

has super-classes: Impact Technique^c

Disk Content Wipe^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561.001

has super-classes: Disk Wipe^c; may-modify^op some Boot Sector^c; may-modify^op some Partition^c; may-modify^op some Partition Table^c; may-modify^op some Volume^c; modifies^op some Block Device^c
is also defined as: named individual

Disk Encryption^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DiskEncryption

has super-classes: Platform Hardening^c; encrypts^op some Storage^c
is also defined as: named individual

Disk Structure Wipe^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1487

has super-classes: Impact Technique^c

Disk Structure Wipe^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561.002

has super-classes: Disk Wipe^c; may-modify^op some Boot Sector^c; may-modify^op some Partition Table^c
is also defined as: named individual

Disk Wipe^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561

has super-classes: Impact Technique^c
has sub-classes: Disk Content Wipe^c, Disk Structure Wipe^c

Display Adapter^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayAdapter

has super-classes: Output Device^c
is also defined as: named individual

Display Device Driver^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayDeviceDriver

has super-classes: Hardware Driver^c; drives^op some Display Adapter^c
is also defined as: named individual

Display Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayServer

has super-classes: Digital Artifact^c
is also defined as: named individual

Distributed Component Object Model^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.003

has super-classes: Remote Services^c

DLL Search Order Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1038

has super-classes: Defense Evasion Technique^c; Persistence Technique^c; Privilege Escalation Technique^c

DLL Search Order Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.001

has super-classes: Hijack Execution Flow^c; may-create^op some Shared Library File^c
is also defined as: named individual

DLL Side-Loading^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1073

has super-classes: Defense Evasion Technique^c

DLL Side-Loading^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.002

has super-classes: Hijack Execution Flow^c; may-create^op some Shared Library File^c; may-modify^op some Shared Library File^c
is also defined as: named individual

DNS^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.004

has super-classes: Application Layer Protocol^c; produces^op some Outbound Internet DNS Lookup Traffic^c
is also defined as: named individual

DNS^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.002

has super-classes: Gather Victim Network Information^c

DNS Allowlisting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSAllowlisting

has super-classes: Network Isolation^c; blocks^op some Outbound Internet DNS Lookup Traffic^c
is also defined as: named individual

DNS Calculation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568.003

has super-classes: Dynamic Resolution^c

DNS Denylisting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSDenylisting

has super-classes: Network Isolation^c; blocks^op some DNS Network Traffic^c
has sub-classes: Forward Resolution Domain Denylisting^c, Forward Resolution IP Denylisting^c, Reverse Resolution Domain Denylisting^c, Reverse Resolution IP Denylisting^c
has members: Forward Resolution Domain Denylistingⁿⁱ, Forward Resolution IP Denylistingⁿⁱ, Reverse Resolution Domain Denylistingⁿⁱ, Reverse Resolution IP Denylistingⁿⁱ
is also defined as: named individual

DNS Lookup^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSLookup

has super-classes: Digital Artifact^c; Digital Event^c
has sub-classes: Internet DNS Lookup^c, Intranet DNS Lookup^c
is also defined as: named individual

DNS Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSNetworkTraffic

has super-classes: Network Traffic^c
has sub-classes: Outbound Internet DNS Lookup Traffic^c
is also defined as: named individual

DNS Record^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSRecord

has super-classes: Record^c

DNS Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSServer

is defined by: http://dbpedia.org/resource/Name_server

has super-classes: Server^c

DNS Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.002

has super-classes: Acquire Infrastructure^c

DNS Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.002

has super-classes: Compromise Infrastructure^c

DNS Traffic Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSTrafficAnalysis

has super-classes: Network Traffic Analysis^c; analyzes^op some Outbound Internet DNS Lookup Traffic^c; may-contain^op some DNS Lookup^c
is also defined as: named individual

DNS/Passive DNS^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596.001

has super-classes: Search Open Technical Databases^c

Document^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Document

has super-classes: Information Content Entity^c
has sub-classes: Article^c, Patent^c, Policy^c, Specification^c, User Manual^c

Document File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DocumentFile

has super-classes: File^c; may-contain^op some Executable Script^c
has sub-classes: Email^c, Email Attachment^c, HTML File^c, Multimedia Document File^c, Office Application File^c
has members: Adobe PDF File 1.3ⁿⁱ, Microsoft Word DOC Fileⁿⁱ, Microsoft Word DOCB Fileⁿⁱ, Microsoft Word DOCM Fileⁿⁱ, Microsoft Word DOCX Fileⁿⁱ, Microsoft Word DOT Fileⁿⁱ, Microsoft Word DOTM Fileⁿⁱ, Microsoft Word DOTX Fileⁿⁱ, Microsoft Word WBK Fileⁿⁱ
is also defined as: named individual

Domain Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.002

has super-classes: Create Account^c; creates^op some Domain User Account^c
is also defined as: named individual

Domain Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1136.002

has super-classes: Create Account^c

Domain Account Monitoring^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainAccountMonitoring

has super-classes: User Behavior Analysis^c; monitors^op some Domain User Account^c
is also defined as: named individual

Domain Accounts^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.002

has super-classes: Valid Accounts^c; uses^op some Domain User Account^c
is also defined as: named individual

Domain Controller Authentication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.001

has super-classes: Modify Authentication Process^c

Domain Fronting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.004

has super-classes: Proxy^c; produces^op some Outbound Internet Encrypted Web Traffic^c
is also defined as: named individual

Domain Fronting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1172

has super-classes: Command and Control Technique^c

Domain Generation Algorithms^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1483

has super-classes: Command and Control Technique^c

Domain Generation Algorithms^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568.002

has super-classes: Dynamic Resolution^c

Domain Groups^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1069.002

has super-classes: Permission Groups Discovery^c

Domain Name^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainName

has super-classes: Identifier^c; identifies^op some IP Address^c
has members: ASCII Domain Nameⁿⁱ, FQDN Domain Nameⁿⁱ, Hostnameⁿⁱ, Internationalized Domain Nameⁿⁱ
is also defined as: named individual

Domain Name Reputation Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainNameReputationAnalysis

has super-classes: Identifier Reputation Analysis^c; analyzes^op some Domain Name^c
is also defined as: named individual

Domain Properties^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.001

has super-classes: Gather Victim Network Information^c

Domain Registration^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainRegistration

has super-classes: Digital Artifact^c; may-contain^op some Domain Name^c
has members: WHOIS Compatible Domain Registrationⁿⁱ
is also defined as: named individual

Domain Trust Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1482

has super-classes: Discovery Technique^c

Domain Trust Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1484.002

has super-classes: Group Policy Modification^c

Domain Trust Policy^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainTrustPolicy

has super-classes: Credential Hardening^c; restricts^op some Directory Service^c; restricts^op some Domain Account^c
is also defined as: named individual

Domain User Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainUserAccount

has super-classes: User Account^c
has sub-classes: Global User Account^c
is also defined as: named individual

Domains^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.001

has super-classes: Acquire Infrastructure^c

Domains^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.001

has super-classes: Compromise Infrastructure^c

Double File Extension^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.007

has super-classes: Masquerading^c; modifies^op some File System Metadata^c
is also defined as: named individual

Downgrade Attack^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.010

has super-classes: Impair Defenses^c; accesses^op some Legacy System^c
is also defined as: named individual

Downgrade System Image^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1601.002

has super-classes: Modify System Image^c

Drive-by Compromise^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1189

has super-classes: Initial Access Technique^c; modifies^op some Process Segment^c; produces^op some Outbound Internet Network Traffic^c; produces^op some URL^c
is also defined as: named individual

Drive-by Target^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608.004

has super-classes: Stage Capabilities^c

Driver Load Integrity Checking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DriverLoadIntegrityChecking

has super-classes: Platform Hardening^c; authenticates^op some Hardware Driver^c
is also defined as: named individual

Dylib Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1157

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

Dylib Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.004

has super-classes: Hijack Execution Flow^c; may-create^op some Shared Library File^c; may-modify^op some Shared Library File^c
is also defined as: named individual

Dynamic Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DynamicAnalysis

has super-classes: File Analysis^c; analyzes^op some Document File^c; analyzes^op some Executable File^c
is also defined as: named individual

Dynamic Analysis Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DynamicAnalysisTool

is defined by: http://dbpedia.org/resource/Dynamic_program_analysis

has super-classes: Code Analyzer^c

Dynamic Data Exchange^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1173

has super-classes: Execution Technique^c

Dynamic Data Exchange Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559.002

has super-classes: Inter-Process Communication Execution^c

Dynamic Resolution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568

has super-classes: Command and Control Technique^c; produces^op some Outbound Internet DNS Lookup Traffic^c
has sub-classes: DNS Calculation^c, Domain Generation Algorithms^c, Fast Flux DNS^c
is also defined as: named individual

Dynamic-link Library Injection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.001

has super-classes: Process Injection^c; adds^op some Shared Library File^c; invokes^op some System Call^c; loads^op some Shared Library File^c
is also defined as: named individual

Elevated Execution with Prompt^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1514

has super-classes: Privilege Escalation Technique^c

Elevated Execution with Prompt^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.004

has super-classes: Abuse Elevation Control Mechanism^c; creates^op some System Configuration Database^c; invokes^op some System Call^c
is also defined as: named individual

Email^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Email

has super-classes: Document File^c; may-contain^op some File^c; may-contain^op some URL^c
has members: MSG Email Fileⁿⁱ
is also defined as: named individual

Email Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.003

has super-classes: Account Discovery^c

Email Accounts^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1585.002

has super-classes: Establish Accounts^c

Email Accounts^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1586.002

has super-classes: Compromise Accounts^c

Email Addresses^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1589.002

has super-classes: Gather Victim Identity Information^c

Email Attachment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailAttachment

has super-classes: Document File^c; attached-to^op some Email^c
is also defined as: named individual

Email Collection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114

has super-classes: Collection Technique^c; accesses^op some Resource^c
has sub-classes: Email Forwarding Rule^c, Local Email Collection^c, Remote Email Collection^c
is also defined as: named individual

Email Forwarding Rule^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.003

has super-classes: Email Collection^c; modifies^op some Application Configuration^c
is also defined as: named individual

Email Hiding Rules^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.008

has super-classes: Hide Artifacts^c; may-create^op some Email Rule^c; may-modify^op some Email Rule^c; modifies^op some Application Configuration^c
is also defined as: named individual

Email Removal^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailRemoval

has super-classes: File Removal^c; deletes^op some Email^c; may-access^op some Mail Server^c
is also defined as: named individual

Email Rule^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailRule

has super-classes: Application Rule^c
is also defined as: named individual

Embedded Computer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmbeddedComputer

is defined by: http://dbpedia.org/resource/Embedded_system

has super-classes: Client Computer^c

Emond^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1519

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

Emond^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.014

has super-classes: Event Triggered Execution^c; may-create^op some Property List File^c; may-modify^op some Property List File^c; modifies^op some Configuration Resource^c
is also defined as: named individual

Employee Names^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1589.003

has super-classes: Gather Victim Identity Information^c

Emulated File Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmulatedFileAnalysis

has super-classes: File Analysis^c; analyzes^op some Document File^c; analyzes^op some Executable File^c
is also defined as: named individual

Enclave^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Enclave

has super-classes: Digital Artifact^c; may-contain^op some Local Area Network^c
is also defined as: named individual

Encrypted Channel^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573

has super-classes: Command and Control Technique^c; produces^op some Outbound Internet Encrypted Traffic^c
has sub-classes: Asymmetric Cryptography^c, Symmetric Cryptography^c
is also defined as: named individual

Encrypted Credential^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EncryptedCredential

has super-classes: Credential^c
has sub-classes: Encrypted Password^c
is also defined as: named individual

Encrypted Password^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EncryptedPassword

has super-classes: Encrypted Credential^c; Password^c

Encrypted Tunnels^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EncryptedTunnels

has super-classes: Network Isolation^c; isolates^op some Intranet Network^c
is also defined as: named individual

Endpoint Denial of Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499

has super-classes: Impact Technique^c
has sub-classes: Application Exhaustion Flood^c, Application or System Exploitation^c, OS Exhaustion Flood^c

Endpoint Health Beacon^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EndpointHealthBeacon

has super-classes: Operating System Monitoring^c
is also defined as: named individual

Endpoint Sensor^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EndpointSensor

has super-classes: Sensor^c
has sub-classes: Application Inventory Sensor^c, File System Sensor^c, Firmware Sensor^c, Host Configuration Sensor^c, Kernel API Sensor^c
is also defined as: named individual

Environmental Keying^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1480.001

has super-classes: Execution Guardrails^c

Escape to Host^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1611

has super-classes: Privilege Escalation Technique^c

Establish Accounts^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1585

has super-classes: Resource Development Technique^c
has sub-classes: Email Accounts^c, Social Media Accounts^c

Eval Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EvalFunction

has super-classes: Subroutine^c; invokes^op some Subroutine^c
is also defined as: named individual

Event Log^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EventLog

has super-classes: Log^c
has sub-classes: Command History Log^c
is also defined as: named individual

Event Triggered Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c
has sub-classes: .bash_profile and .bashrc^c, Accessibility Features^c, AppCert DLLs^c, AppInit DLLs^c, Application Shimming^c, Change Default File Association^c, Component Object Model Hijacking^c, Emond^c, Image File Execution Options Injection^c, LC_LOAD_DYLIB Addition^c, Netsh Helper DLL^c, PowerShell Profile^c, Screensaver^c, Trap^c, Windows Management Instrumentation Event Subscription^c

Evict^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Evict

has super-classes: Defensive Tactic^c
is also defined as: named individual

Eviction Latency^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EvictionLatency

has super-classes: Latency^c
has members: non-real-time-evictionⁿⁱ, real-time-evictionⁿⁱ

Exception Handler^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExceptionHandler

has super-classes: Subroutine^c

Exception Handler Pointer Validation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExceptionHandlerPointerValidation

has super-classes: Application Hardening^c; validates^op some Pointer^c
is also defined as: named individual

Exchange Email Delegate Permissions^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.002

has super-classes: Account Manipulation^c; modifies^op some Domain User Account^c
is also defined as: named individual

Executable Allowlisting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableAllowlisting

has super-classes: Execution Isolation^c; blocks^op some Executable File^c; restricts^op some Create Process^c
is also defined as: named individual

Executable Binary^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableBinary

has super-classes: Executable File^c; contains^op some Image Code Segment^c; contains^op some Image Data Segment^c; may-interpret^op some Executable Script^c
has members: Linux ELF File 32bitⁿⁱ, Linux ELF File 64bitⁿⁱ, PE32 Executable Fileⁿⁱ, PE32+ Executable Fileⁿⁱ
is also defined as: named individual

Executable Denylisting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableDenylisting

has super-classes: Execution Isolation^c; blocks^op some Executable File^c; restricts^op some Create Process^c
is also defined as: named individual

Executable File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableFile

has super-classes: File^c; contains^op some Subroutine^c
has sub-classes: Executable Binary^c, Executable Script^c
is also defined as: named individual

Executable Installer File Permissions Weakness^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.005

has super-classes: Hijack Execution Flow^c; modifies^op some Service Application^c
is also defined as: named individual

Executable Script^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableScript

has super-classes: Executable File^c
has sub-classes: Init Script^c, Python Script File^c, System Init Script^c, User Init Script^c, User Startup Script File^c, Web Script File^c
has members: Bash Script Fileⁿⁱ, Javascript Fileⁿⁱ, Lua Script Fileⁿⁱ, Powershell Script Fileⁿⁱ, Ruby Script Fileⁿⁱ, Windows Batch Fileⁿⁱ
is also defined as: named individual

Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Execution

has super-classes: Offensive Tactic^c
is also defined as: named individual

Execution Guardrails^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1480

has super-classes: Defense Evasion Technique^c
has sub-classes: Environmental Keying^c

Execution Isolation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutionIsolation

has super-classes: Defensive Technique^c; enables^op some Isolate^c
has sub-classes: Executable Allowlisting^c, Executable Denylisting^c, Hardware-based Process Isolation^c, IO Port Restriction^c, Kernel-based Process Isolation^c
has members: Executable Denylistingⁿⁱ, Hardware-based Process Isolationⁿⁱ, IO Port Restrictionⁿⁱ, Kernel-based Process Isolationⁿⁱ
is also defined as: named individual

Execution Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutionTechnique

has super-classes: Offensive Technique^c; enables^op some Execution^c
has sub-classes: AppleScript^c, CMSTP^c, Command and Scripting Interpreter Execution^c, Compiled HTML File^c, Container Administration Command^c, Control Panel Items^c, Deploy Container^c, Dynamic Data Exchange^c, Exploitation for Client Execution^c, InstallUtil^c, Inter-Process Communication Execution^c, LSASS Driver^c, Launchctl^c, Local Job Scheduling^c, Mshta^c, Native API Execution^c, PowerShell^c, Regsvcs/Regasm^c, Regsvr32^c, Rundll32^c, Scheduled Task/Job Execution^c, Service Execution^c, Shared Modules Execution^c, Signed Binary Proxy Execution^c, Signed Script Proxy Execution^c, Software Deployment Tools Execution^c, Space after Filename^c, System Services^c, Trap^c, User Execution^c, Windows Management Instrumentation Execution^c, Windows Remote Management^c
is also defined as: named individual

Exfiltration^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Exfiltration

has super-classes: Offensive Tactic^c
is also defined as: named individual

Exfiltration Over Alternative Protocol^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048

has super-classes: Exfiltration Technique^c; produces^op some Internet Network Traffic^c
has sub-classes: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol^c, Exfiltration Over Symmetric Encrypted Non-C2 Protocol^c, Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol^c
is also defined as: named individual

Exfiltration Over Asymmetric Encrypted Non-C2 Protocol^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.002

has super-classes: Exfiltration Over Alternative Protocol^c; may-transfer^op some Certificate File^c; produces^op some Outbound Internet Encrypted Traffic^c
is also defined as: named individual

Exfiltration Over Bluetooth^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1011.001

has super-classes: Exfiltration Over Other Network Medium^c

Exfiltration Over C2 Channel^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1041

has super-classes: Exfiltration Technique^c; may-transfer^op some Certificate File^c; produces^op some Internet Network Traffic^c
is also defined as: named individual

Exfiltration Over Other Network Medium^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1011

has super-classes: Exfiltration Technique^c; produces^op some Internet Network Traffic^c
has sub-classes: Exfiltration Over Bluetooth^c
is also defined as: named individual

Exfiltration Over Physical Medium^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1052

has super-classes: Exfiltration Technique^c
has sub-classes: Exfiltration over USB^c

Exfiltration Over Symmetric Encrypted Non-C2 Protocol^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.001

has super-classes: Exfiltration Over Alternative Protocol^c; produces^op some Outbound Internet Encrypted Traffic^c
is also defined as: named individual

Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.003

has super-classes: Exfiltration Over Alternative Protocol^c; produces^op some Outbound Internet Network Traffic^c
is also defined as: named individual

Exfiltration over USB^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1052.001

has super-classes: Exfiltration Over Physical Medium^c; modifies^op some Removable Media Device^c
is also defined as: named individual

Exfiltration Over Web Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567

has super-classes: Exfiltration Technique^c; produces^op some Outbound Internet Web Traffic^c
has sub-classes: Exfiltration to Cloud Storage^c, Exfiltration to Code Repository^c
is also defined as: named individual

Exfiltration Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExfiltrationTechnique

has super-classes: Offensive Technique^c; enables^op some Exfiltration^c
has sub-classes: Automated Exfiltration^c, Data Compressed^c, Data Encrypted^c, Data Transfer Size Limits^c, Exfiltration Over Alternative Protocol^c, Exfiltration Over C2 Channel^c, Exfiltration Over Other Network Medium^c, Exfiltration Over Physical Medium^c, Exfiltration Over Web Service^c, Scheduled Transfer^c, Transfer Data to Cloud Account^c
is also defined as: named individual

Exfiltration to Cloud Storage^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567.002

has super-classes: Exfiltration Over Web Service^c; produces^op some Outbound Internet Encrypted Web Traffic^c
is also defined as: named individual

Exfiltration to Code Repository^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567.001

has super-classes: Exfiltration Over Web Service^c; may-produce^op some Outbound Internet Encrypted Remote Terminal Traffic^c; may-produce^op some Outbound Internet Encrypted Web Traffic^c
is also defined as: named individual

Exploit Public-Facing Application^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1190

has super-classes: Initial Access Technique^c; injects^op some Database Query^c; modifies^op some Process Segment^c; produces^op some Inbound Internet Network Traffic^c
is also defined as: named individual

Exploitation for Client Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1203

has super-classes: Execution Technique^c; modifies^op some Process Code Segment^c; modifies^op some Stack Frame^c
is also defined as: named individual

Exploitation for Credential Access^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1212

has super-classes: Credential Access Technique^c; may-access^op some Authentication Service^c; may-access^op some Credential Management System^c; may-modify^op some Process Code Segment^c; may-modify^op some Stack Frame^c
is also defined as: named individual

Exploitation for Defense Evasion^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1211

has super-classes: Defense Evasion Technique^c; may-modify^op some Process Code Segment^c; may-modify^op some Stack Frame^c
is also defined as: named individual

Exploitation for Privilege Escalation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1068

has super-classes: Privilege Escalation Technique^c; enables^op some Privilege Escalation^c; may-modify^op some Stack Frame^c; modifies^op some Process Code Segment^c
is also defined as: named individual

Exploitation of Remote Services^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1210

has super-classes: Lateral Movement Technique^c; may-modify^op some Process Code Segment^c; may-modify^op some Process Segment^c; may-modify^op some Stack Frame^c; produces^op some Intranet Network Traffic^c
is also defined as: named individual

Exploitation of Transient Instruction Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CAPEC-663

has super-classes: Common Attack Pattern^c
is also defined as: named individual

Exploits^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1587.004

has super-classes: Develop Capabilities^c

Exploits^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.005

has super-classes: Obtain Capabilities^c

External Content Inclusion Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExternalContentInclusionFunction

has super-classes: Subroutine^c
is also defined as: named individual

External Control^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExternalControl

has super-classes: D3FEND Thing^c; member-of^op some Control Catalog^c; semantic-relation^op some Defensive Technique^c
has sub-classes: CCI Control^c, NIST Control^c

External Defacement^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491.002

has super-classes: Defacement^c; modifies^op some Network Resource^c
is also defined as: named individual

External Knowledge Base^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExternalKnowledgeBase

has super-classes: Information Content Entity^c; Technique Reference^c
has members: Reference - CAR-2013-01-002: Autorun Differences - MITREⁿⁱ, Reference - CAR-2013-01-003: SMB Events Monitoring - MITREⁿⁱ, Reference - CAR-2013-02-003: Processes Spawning cmd.exe - MITREⁿⁱ, Reference - CAR-2013-02-008: Simultaneous Logins on a Host - MITREⁿⁱ, Reference - CAR-2013-02-012: User Logged in to Multiple Hosts - MITREⁿⁱ, Reference - CAR-2013-03-001: Reg.exe called from Command Shell - MITREⁿⁱ, Reference - CAR-2013-04-002: Quick execution of a series of suspicious commands - MITREⁿⁱ, Reference - CAR-2013-05-002: Suspicious Run Locations - MITREⁿⁱ, Reference - CAR-2013-05-003: SMB Write Request - MITREⁿⁱ, Reference - CAR-2013-05-004: Execution with AT - MITREⁿⁱ, Reference - CAR-2013-05-005: SMB Copy and Execution - MITREⁿⁱ, Reference - CAR-2013-07-001: Suspicious Arguments - MITREⁿⁱ, Reference - CAR-2013-07-002: RDP Connection Detection - MITREⁿⁱ, Reference - CAR-2013-07-005: Command Line Usage of Archiving Software - MITREⁿⁱ, Reference - CAR-2013-08-001: Execution with schtasks - MITREⁿⁱ, Reference - CAR-2013-09-003: SMB Session Setups - MITREⁿⁱ, Reference - CAR-2013-09-005: Service Outlier Executables - MITREⁿⁱ, Reference - CAR-2013-10-001: User Login Activity Monitoring - MITREⁿⁱ, Reference - CAR-2013-10-002: DLL Injection via Load Library - MITREⁿⁱ, Reference - CAR-2014-02-001: Service Binary Modifications - MITREⁿⁱ, Reference - CAR-2014-03-001: SMB Write Request - NamedPipes - MITREⁿⁱ, Reference - CAR-2014-03-005: Remotely Launched Executables via Services - MITREⁿⁱ, Reference - CAR-2014-03-006: RunDLL32.exe monitoring - MITREⁿⁱ, Reference - CAR-2014-04-003: Powershell Execution - MITREⁿⁱ, Reference - CAR-2014-05-001: RPC Activity - MITREⁿⁱ, Reference - CAR-2014-05-002: Services launching Cmd - MITREⁿⁱ, Reference - CAR-2014-07-001: Service Search Path Interception - MITREⁿⁱ, Reference - CAR-2014-11-002: Outlier Parents of Cmd - MITREⁿⁱ, Reference - CAR-2014-11-003: Debuggers for Accessibility Applications - MITREⁿⁱ, Reference - CAR-2014-11-005: Remote Registry - MITREⁿⁱ, Reference - CAR-2014-11-006: Windows Remote Management (WinRM) - MITREⁿⁱ, Reference - CAR-2014-11-007: Remote Windows Management Instrumentation (WMI) over RPC - MITREⁿⁱ, Reference - CAR-2014-11-008: Command Launched from WinLogon - MITREⁿⁱ, Reference - CAR-2014-12-001: Remotely Launched Executables via WMI - MITREⁿⁱ, Reference - CAR-2015-04-001: Remotely Scheduled Tasks via AT - MITREⁿⁱ, Reference - CAR-2015-04-002: Remotely Scheduled Tasks via Schtasks - MITREⁿⁱ, Reference - CAR-2015-07-001: All Logins Since Last Boot - MITREⁿⁱ, Reference - CAR-2016-03-001: Host Discovery Commands - MITREⁿⁱ, Reference - CAR-2016-03-002: Create Remote Process via WMIC - MITREⁿⁱ, Reference - CAR-2016-04-002: User Activity from Clearing Event Logs - MITREⁿⁱ, Reference - CAR-2016-04-003: User Activity from Stopping Windows Defensive Services - MITREⁿⁱ, Reference - CAR-2016-04-004: Successful Local Account Loginⁿⁱ, Reference - CAR-2016-04-005: Remote Desktop Logon - MITREⁿⁱ, Reference - CAR-2019-04-001: UAC Bypass - MITREⁿⁱ, Reference - CAR-2019-04-002: Generic Regsvr32 - MITREⁿⁱ, Reference - CAR-2019-04-003: Squiblydoo - MITREⁿⁱ, Reference - CAR-2019-04-004: Credential Dumping via Mimikatz - MITREⁿⁱ, Reference - CAR-2019-07-001: Access Permission Modification - MITREⁿⁱ, Reference - CAR-2019-07-002: Lsass Process Dump via Procdump - MITREⁿⁱ, Reference - CAR-2019-08-001: Credential Dumping via Windows Task Manager - MITREⁿⁱ, Reference - CAR-2019-08-002: Active Directory Dumping via NTDSUtil - MITREⁿⁱ, Reference - CAR-2020-04-001: Shadow Copy Deletion - MITREⁿⁱ, Reference - CAR-2020-05-001: MiniDump of LSASS - MITREⁿⁱ, Reference - CAR-2020-05-003: Rare LolBAS Command Lines - MITREⁿⁱ, Reference - CAR-2020-08-001: NTFS Alternate Data Stream Execution - System Utilities - MITREⁿⁱ, Reference - CAR-2020-09-001: Scheduled Task - FileAccess - MITREⁿⁱ, Reference - CAR-2020-09-002: Component Object Model Hijacking - MITREⁿⁱ, Reference - CAR-2020-09-003: Indicator Blocking - Driver Unloaded - MITREⁿⁱ, Reference - CAR-2020-09-004: Credentials in Files & Registry - MITREⁿⁱ, Reference - CAR-2020-09-005: AppInit DLLs - MITREⁿⁱ, Reference - CAR-2020-11-001: Boot or Logon Initialization Scripts - MITREⁿⁱ, Reference - CAR-2020-11-002: Local Network Sniffing - MITREⁿⁱ, Reference - CAR-2020-11-003: DLL Injection with Mavinject - MITREⁿⁱ, Reference - CAR-2020-11-004: Processes Started From Irregular Parent - MITREⁿⁱ, Reference - CAR-2020-11-005: Clear Powershell Console Command History - MITREⁿⁱ, Reference - CAR-2020-11-006: Local Permission Group Discovery - MITREⁿⁱ, Reference - CAR-2020-11-007: Network Share Connection Removal - MITREⁿⁱ, Reference - CAR-2020-11-008: MSBuild and msxsl - MITREⁿⁱ, Reference - CAR-2020-11-009: Compiled HTML Access - MITREⁿⁱ, Reference - CAR-2020-11-010: CMSTP - MITREⁿⁱ, Reference - CAR-2020-11-011: Registry Edit from Screensaverⁿⁱ, Reference - CAR-2021-01-002: Unusually Long Command Line Strings - MITREⁿⁱ, Reference - CAR-2021-01-003: Clearing Windows Logs with Wevtutil - MITREⁿⁱ, Reference - CAR-2021-01-004: Unusual Child Process for Spoolsv.Exe or Connhost.Exe - MITREⁿⁱ, Reference - CAR-2021-01-006: Unusual Child Process spawned using DDE exploit - MITREⁿⁱ, Reference - CAR-2021-01-007: Detecting Tampering of Windows Defender Command Prompt - MITREⁿⁱ, Reference - CAR-2021-01-008: Disable UAC - MITREⁿⁱ, Reference - CAR-2021-01-009: Detecting Shadow Copy Deletion via Vssadmin.exe - MITREⁿⁱ, Reference - CAR-2021-02-001: Webshell-Indicative Process Tree - MITREⁿⁱ, Reference - CAR-2021-02-002: Get System Elevation - MITREⁿⁱ, Reference - CAR-2021-04-001: Common Windows Process Masquerading - MITREⁿⁱ, Reference - CAR-2021-05-001: Attempt To Add Certificate To Untrusted Store - MITREⁿⁱ, Reference - CAR-2021-05-002: Batch File Write to System32 - MITREⁿⁱ, Reference - CAR-2021-05-003: BCDEdit Failure Recovery Modification - MITREⁿⁱ, Reference - CAR-2021-05-004: BITS Job Persistence - MITREⁿⁱ, Reference - CAR-2021-05-005: BITSAdmin Download File - MITREⁿⁱ, Reference - CAR-2021-05-006: CertUtil Download With URLCache and Split Arguments - MITREⁿⁱ, Reference - CAR-2021-05-007: CertUtil Download With VerifyCtl and Split Arguments - MITREⁿⁱ, Reference - CAR-2021-05-008: Certutil exe certificate extraction - MITREⁿⁱ, Reference - CAR-2021-05-009: CertUtil With Decode Argument - MITREⁿⁱ, Reference - CAR-2021-05-010: Create local admin accounts using net exe - MITREⁿⁱ, Reference - CAR-2021-05-011: Create Remote Thread into LSASS - MITREⁿⁱ

External Proxy^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.002

has super-classes: Proxy^c; produces^op some Outbound Internet Network Traffic^c
is also defined as: named individual

External Remote Services^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1133

has super-classes: Initial Access Technique^c; Persistence Technique^c; produces^op some Authentication^c; produces^op some Authorization^c; produces^op some Network Session^c
is also defined as: named individual

Extra Window Memory Injection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.011

has super-classes: Process Injection^c

Extra Window Memory Injection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1181

has super-classes: Defense Evasion Technique^c; Privilege Escalation Technique^c

Fallback Channels^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1008

has super-classes: Command and Control Technique^c; produces^op some Outbound Internet Network Traffic^c
is also defined as: named individual

Fast Flux DNS^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568.001

has super-classes: Dynamic Resolution^c

Fast Symbolic Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FastSymbolicLink

is defined by: http://dbpedia.org/resource/Symbolic_link#Storage_of_symbolic_links

has super-classes: Symbolic Link^c; Unix Link^c
is disjoint with: Slow Symbolic Link^c

Feature Assessment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FeatureAssessment

has super-classes: Assessment^c
has sub-classes: Admin Feature Assessment^c, Defensive Technique Assessment^c

File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#File

has super-classes: Resource^c; contains^op some File Section^c; may-contain^op some File^c; may-contain^op some URL^c
has sub-classes: Archive File^c, Certificate File^c, Configuration File^c, Container Image^c, Database File^c, Document File^c, Executable File^c, Log File^c, NTFS Link^c, Object File^c, Operating System File^c, Password File^c, Shortcut File^c, Software Library File^c, Symbolic Link^c
is also defined as: named individual

File Access Pattern Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileAccessPatternAnalysis

has super-classes: Process Analysis^c; analyzes^op some Local Resource Access^c
is also defined as: named individual

File Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileAnalysis

has super-classes: Defensive Technique^c; analyzes^op some File^c; enables^op some Detect^c
has sub-classes: Dynamic Analysis^c, Emulated File Analysis^c, File Content Rules^c, File Hashing^c
has members: Dynamic Analysisⁿⁱ, Emulated File Analysisⁿⁱ, File Content Rulesⁿⁱ, File Hashingⁿⁱ
is also defined as: named individual

File and Directory Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1083

has super-classes: Discovery Technique^c; accesses^op some Directory^c; accesses^op some File^c
is also defined as: named individual

File and Directory Permissions Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1222

has super-classes: Defense Evasion Technique^c; modifies^op some Access Control Configuration^c
has sub-classes: Linux and Mac File and Directory Permissions Modification^c, Windows File and Directory Permissions Modification^c
is also defined as: named individual

File Carving^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileCarving

has super-classes: Network Traffic Analysis^c; analyzes^op some File Transfer Network Traffic^c
is also defined as: named individual

File Content Rules^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileContentRules

has super-classes: File Analysis^c
is also defined as: named individual

File Creation Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileCreationAnalysis

has super-classes: System Call Analysis^c; analyzes^op some Create File^c
is also defined as: named individual

File Deletion^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.004

has super-classes: Indicator Removal on Host^c; deletes^op some File^c; may-modify^op some File^c
is also defined as: named individual

File Deletion^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1107

has super-classes: Defense Evasion Technique^c

File Encryption^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileEncryption

has super-classes: Platform Hardening^c; encrypts^op some File^c
is also defined as: named individual

File Eviction^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileEviction

has super-classes: Defensive Technique^c; enables^op some Evict^c
has sub-classes: File Removal^c
has members: File Removalⁿⁱ
is also defined as: named individual

File Hash^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHash

has super-classes: Identifier^c; identifies^op some File^c
is also defined as: named individual

File Hash Reputation Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHashReputationAnalysis

has super-classes: Identifier Reputation Analysis^c; analyzes^op some File Hash^c
is also defined as: named individual

File Hashing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHashing

has super-classes: File Analysis^c
is also defined as: named individual

File Path Open Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FilePathOpenFunction

has super-classes: Subroutine^c; accesses^op some File^c; invokes^op some Open File^c
is also defined as: named individual

File Removal^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileRemoval

has super-classes: File Eviction^c; deletes^op some File^c; may-access^op some File Server^c
has sub-classes: Email Removal^c
has members: Email Removalⁿⁱ
is also defined as: named individual

File Section^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSection

has super-classes: Digital Artifact^c
has sub-classes: Image Segment^c, Resource Fork^c
is also defined as: named individual

File Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileServer

has super-classes: Server^c
is also defined as: named individual

File Share Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileShareService

has super-classes: Network Service^c

File System^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystem

has super-classes: Digital Artifact^c; contains^op some Directory^c; contains^op some File^c; contains^op some File System Link^c; contains^op some File System Metadata^c
is also defined as: named individual

File System Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystemLink

has super-classes: Digital Artifact^c
has sub-classes: Hard Link^c, NTFS Link^c, Symbolic Link^c, Unix Link^c
is also defined as: named individual

File System Metadata^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystemMetadata

has super-classes: Metadata^c
is also defined as: named individual

File System Permissions Weakness^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1044

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

File System Sensor^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystemSensor

has super-classes: Endpoint Sensor^c; monitors^op some File^c
is also defined as: named individual

File Transfer Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileTransferNetworkTraffic

has super-classes: Network Traffic^c
has sub-classes: Internet File Transfer Traffic^c, Intranet File Transfer Traffic^c, Outbound Internet File Transfer Traffic^c
is also defined as: named individual

File Transfer Protocols^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.002

has super-classes: Application Layer Protocol^c; produces^op some Outbound Internet File Transfer Traffic^c
is also defined as: named individual

Finger Print Scanner Input Device^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FingerPrintScannerInputDevice

is defined by: http://dbpedia.org/resource/Fingerprint#Fingerprint_sensors

has super-classes: Image Scanner Input Device^c

Firewall^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Firewall

has super-classes: Network Node^c
has sub-classes: Application Layer Firewall^c

Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Firmware

has super-classes: Software^c
has sub-classes: Microcode^c, Peripheral Firmware^c, System Firmware^c
is also defined as: named individual

Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1592.003

has super-classes: Gather Victim Host Information^c

Firmware Behavior Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareBehaviorAnalysis

has super-classes: Platform Monitoring^c; analyzes^op some Firmware^c
is also defined as: named individual

Firmware Corruption^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1495

has super-classes: Impact Technique^c

Firmware Embedded Monitoring Code^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareEmbeddedMonitoringCode

has super-classes: Platform Monitoring^c; analyzes^op some Firmware^c
is also defined as: named individual

Firmware Sensor^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareSensor

has super-classes: Endpoint Sensor^c; monitors^op some Firmware^c
is also defined as: named individual

Firmware Verification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareVerification

has super-classes: Platform Monitoring^c; verifies^op some Firmware^c
has sub-classes: Peripheral Firmware Verification^c, System Firmware Verification^c
has members: Peripheral Firmware Verificationⁿⁱ, System Firmware Verificationⁿⁱ
is also defined as: named individual

First-stage Boot Loader^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#First-stageBootLoader

has super-classes: Boot Loader^c

Flash Memory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FlashMemory

is defined by: https://d3fend.mitre.org/ontologies/d3fend.owl

has super-classes: Secondary Storage^c

Forced Authentication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1187

has super-classes: Credential Access Technique^c; may-modify^op some Windows Shortcut File^c; modifies^op some Authentication Log^c; produces^op some Authentication^c
is also defined as: named individual

Forge Web Credentials^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1606

has super-classes: Credential Access Technique^c
has sub-classes: SAML Tokens^c, Web Cookies^c

Forward Proxy Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardProxyServer

is defined by: http://dbpedia.org/resource/Open_proxy

has super-classes: Proxy Server^c

Forward Resolution Domain Denylisting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardResolutionDomainDenylisting

has super-classes: DNS Denylisting^c; blocks^op some Outbound Internet DNS Lookup Traffic^c
has sub-classes: Hierarchical Domain Denylisting^c, Homoglyph Denylisting^c
has members: Hierarchical Domain Denylistingⁿⁱ, Homoglyph Denylistingⁿⁱ
is also defined as: named individual

Forward Resolution IP Denylisting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardResolutionIPDenylisting

has super-classes: DNS Denylisting^c; blocks^op some Inbound Internet DNS Response Traffic^c
is also defined as: named individual

Free Memory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FreeMemory

has super-classes: System Call^c; deletes^op some Memory Block^c
is also defined as: named individual

Gatekeeper Bypass^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1144

has super-classes: Defense Evasion Technique^c

Gatekeeper Bypass^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.001

has super-classes: Subvert Trust Controls^c; modifies^op some File System Metadata^c
is also defined as: named individual

Gather Victim Host Information^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1592

has super-classes: Reconnaissance Technique^c
has sub-classes: Client Configurations^c, Firmware^c, Hardware^c, Software^c

Gather Victim Identity Information^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1589

has super-classes: Reconnaissance Technique^c
has sub-classes: Credentials^c, Email Addresses^c, Employee Names^c

Gather Victim Network Information^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590

has super-classes: Reconnaissance Technique^c
has sub-classes: DNS^c, Domain Properties^c, IP Addresses^c, Network Security Appliances^c, Network Topology^c, Network Trust Dependencies^c

Gather Victim Org Information^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1591

has super-classes: Reconnaissance Technique^c
has sub-classes: Business Relationships^c, Determine Physical Locations^c, Identify Business Tempo^c, Identify Roles^c

Get Open Sockets^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetOpenSockets

has super-classes: System Call^c; enumerates^op some Pipe^c
is also defined as: named individual

Get Open Windows^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetOpenWindows

has super-classes: System Call^c
has members: get foreground windowⁿⁱ
is also defined as: named individual

Get Running Processes^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetRunningProcesses

has super-classes: System Call^c
is also defined as: named individual

Get Screen Capture^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetScreenCapture

has super-classes: System Call^c
is also defined as: named individual

Get System Config Value^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetSystemConfigValue

has super-classes: System Config System Call^c; reads^op some System Configuration Database Record^c
has sub-classes: Get System Network Config Value^c
has members: reg open key aⁿⁱ, reg open key ex aⁿⁱ, reg open key ex wⁿⁱ, reg open key transacted aⁿⁱ, reg open key transacted wⁿⁱ, reg open key wⁿⁱ
is also defined as: named individual

Get System Network Config Value^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetSystemNetworkConfigValue

has super-classes: Get System Config Value^c
is also defined as: named individual

Get System Time^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetSystemTime

has super-classes: System Call^c
is also defined as: named individual

Global User Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GlobalUserAccount

has super-classes: Domain User Account^c
is also defined as: named individual

Golden Ticket^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.001

has super-classes: Steal or Forge Kerberos Tickets^c; forges^op some Kerberos Ticket Granting Ticket^c
is also defined as: named individual

Graphical User Interface^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GraphicalUserInterface

has super-classes: User Interface^c
is also defined as: named individual

Graphics Card Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GraphicsCardFirmware

has super-classes: Peripheral Firmware^c

Graphics Processing Unit^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GraphicsProcessingUnit

has super-classes: Processor^c

Group Policy^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GroupPolicy

has super-classes: Access Control Configuration^c
is also defined as: named individual

Group Policy Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1615

has super-classes: Discovery Technique^c; reads^op some Group Policy^c
is also defined as: named individual

Group Policy Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1484

has super-classes: Defense Evasion Technique^c; Privilege Escalation Technique^c; modifies^op some Group Policy^c
has sub-classes: Domain Trust Modification^c, Group Policy Modification^c
is also defined as: named individual

Group Policy Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1484.001

has super-classes: Group Policy Modification^c

Group Policy Preferences^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.006

has super-classes: Unsecured Credentials^c; accesses^op some Group Policy^c
is also defined as: named individual

GUI Input Capture^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.002

has super-classes: Input Capture^c; accesses^op some Graphical User Interface^c
is also defined as: named individual

Guidance^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Guidance

has super-classes: Policy^c

Guideline Reference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GuidelineReference

has super-classes: Policy Reference^c
has members: Reference - Audit User Account Managementⁿⁱ, Reference - Digital Identity Guidelines 800-63-3ⁿⁱ, Reference - NIST Special Publication 800-160 Volume 1 - System Security Engineeringⁿⁱ, Reference - NIST Special Publication 800-37 Revision 2 - Risk Management Framework for Information Systems and Organizationsⁿⁱ, Reference - NIST Special Publication 800-53A Revision 5 - Assessing Security and Privacy Controls in Information Systems and Organizationsⁿⁱ, Reference - NISTIR 8011 Volume 1 - Automation Support for Security Control Assessmentsⁿⁱ, Reference - Platform Firmware Resiliency Guidelines - NISTⁿⁱ, Reference - Red Hat Enterprise Linux 8 Security Technical Implementation Guideⁿⁱ, Reference - Securing Web Transactionsⁿⁱ, Reference - Securing Web Transactions TLS Server Certificate Management - Appendix A Passive Inspectionⁿⁱ, Reference - Windows 10 STIGⁿⁱ

Hard Disk Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardDiskFirmware

has super-classes: Peripheral Firmware^c

Hard Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardLink

is defined by: http://dbpedia.org/resource/Hard_link

has super-classes: File System Link^c
has sub-classes: NTFS Hard Link^c, Unix Hard Link^c

Harden^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Harden

has super-classes: Defensive Tactic^c
is also defined as: named individual

Hardware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1592.001

has super-classes: Gather Victim Host Information^c

Hardware Additions^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1200

has super-classes: Initial Access Technique^c; connects^op some Hardware Device^c
is also defined as: named individual

Hardware Component Inventory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareComponentInventory

has super-classes: Asset Inventory^c; inventories^op some Hardware Device^c
is also defined as: named individual

Hardware Device^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareDevice

has super-classes: Digital Artifact^c; Physical Artifact^c
has sub-classes: Input Device^c, Memory Management Unit Component^c, Output Device^c, Primary Storage^c, Processor^c, Processor Component^c, Removable Media Device^c, Secondary Storage^c, Security Token^c, Tertiary Storage^c
is also defined as: named individual

Hardware Driver^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareDriver

has super-classes: Digital Artifact^c; drives^op some Hardware Device^c
has sub-classes: Display Device Driver^c
is also defined as: named individual

Hardware-based Process Isolation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Hardware-basedProcessIsolation

has super-classes: Execution Isolation^c; isolates^op some Process^c; restricts^op some Create Process^c
is also defined as: named individual

Heap Segment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HeapSegment

has super-classes: Process Segment^c

Hidden File System^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.005

has super-classes: Hide Artifacts^c; may-modify^op some System Configuration Database^c; modifies^op some Storage^c
is also defined as: named individual

Hidden Files and Directories^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1158

has super-classes: Defense Evasion Technique^c; Persistence Technique^c

Hidden Files and Directories^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.001

has super-classes: Hide Artifacts^c; modifies^op some File System Metadata^c
is also defined as: named individual

Hidden Users^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1147

has super-classes: Defense Evasion Technique^c

Hidden Users^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.002

has super-classes: Hide Artifacts^c; modifies^op some User Init Configuration File^c
is also defined as: named individual

Hidden Window^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1143

has super-classes: Defense Evasion Technique^c

Hidden Window^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.003

has super-classes: Hide Artifacts^c; may-modify^op some Property List File^c; may-modify^op some System Configuration Database^c
is also defined as: named individual

Hide Artifacts^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564

has super-classes: Defense Evasion Technique^c
has sub-classes: Email Hiding Rules^c, Hidden File System^c, Hidden Files and Directories^c, Hidden Users^c, Hidden Window^c, NTFS File Attributes^c, Process Argument Spoofing^c, Resource Forking^c, Run Virtual Instance^c, VBA Stomping^c

Hierarchical Domain Denylisting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HierarchicalDomainDenylisting

has super-classes: Forward Resolution Domain Denylisting^c
is also defined as: named individual

Hijack Execution Flow^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574

has super-classes: Defense Evasion Technique^c; Persistence Technique^c; Privilege Escalation Technique^c
has sub-classes: COR_PROFILER^c, DLL Search Order Hijacking^c, DLL Side-Loading^c, Dylib Hijacking^c, Executable Installer File Permissions Weakness^c, KernelCallbackTable^c, LD_PRELOAD^c, Path Interception by PATH Environment Variable^c, Path Interception by Search Order Hijacking^c, Path Interception by Unquoted Path^c, Services File Permissions Weakness^c, Services Registry Permissions Weakness^c

HISTCONTROL^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1148

has super-classes: Defense Evasion Technique^c

Homoglyph Denylisting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HomoglyphDenylisting

has super-classes: Forward Resolution Domain Denylisting^c
is also defined as: named individual

Homoglyph Detection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HomoglyphDetection

has super-classes: Identifier Analysis^c; analyzes^op some Email^c; analyzes^op some URL^c
is also defined as: named individual

Hooking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1179

has super-classes: Credential Access Technique^c; Persistence Technique^c; Privilege Escalation Technique^c

Host^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Host

has super-classes: Network Node^c; contains^op some Application^c; contains^op some Operating System^c; runs^op some Operating System^c
has sub-classes: Client Computer^c, Server^c
is also defined as: named individual

Host Configuration Sensor^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HostConfigurationSensor

has super-classes: Endpoint Sensor^c; monitors^op some Application Configuration^c; monitors^op some Operating System Configuration^c
is also defined as: named individual

Host-based Firewall^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Host-basedFirewall

has super-classes: System Software^c
is also defined as: named individual

Hostname^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Hostname

has super-classes: Identifier^c; identifies^op some Host^c
is also defined as: named individual

HTML File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HTMLFile

has super-classes: Document File^c

HTML Smuggling^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.006

has super-classes: Obfuscated Files or Information^c; creates^op some JavaScript Blob^c; hides^op some Digital Artifact^c
is also defined as: named individual

Human Input Device Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HumanInputDeviceFirmware

has super-classes: Peripheral Firmware^c

Identifier^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Identifier

has super-classes: Digital Artifact^c
has sub-classes: Domain Name^c, File Hash^c, Hostname^c, IP Address^c, URL^c
is in domain of: addresses^op
is in range of: addressed-by^op
is also defined as: named individual

Identifier Activity Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierActivityAnalysis

has super-classes: Identifier Analysis^c
is also defined as: named individual

Identifier Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierAnalysis

has super-classes: Defensive Technique^c; analyzes^op some Identifier^c; enables^op some Detect^c
has sub-classes: Homoglyph Detection^c, Identifier Activity Analysis^c, Identifier Reputation Analysis^c, URL Analysis^c
has members: Homoglyph Detectionⁿⁱ, Identifier Activity Analysisⁿⁱ, Identifier Reputation Analysisⁿⁱ, URL Analysisⁿⁱ
is also defined as: named individual

Identifier Reputation Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierReputationAnalysis

has super-classes: Identifier Analysis^c
has sub-classes: Domain Name Reputation Analysis^c, File Hash Reputation Analysis^c, IP Reputation Analysis^c, URL Reputation Analysis^c
has members: Domain Name Reputation Analysisⁿⁱ, File Hash Reputation Analysisⁿⁱ, IP Reputation Analysisⁿⁱ, URL Reputation Analysisⁿⁱ
is also defined as: named individual

Identify Business Tempo^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1591.003

has super-classes: Gather Victim Org Information^c

Identify Roles^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1591.004

has super-classes: Gather Victim Org Information^c

IIS Components^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.004

has super-classes: Server Software Component^c; adds^op some Software^c
is also defined as: named individual

Image Code Segment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageCodeSegment

has super-classes: Image Segment^c; contains^op some Subroutine^c
has members: AMD64 Code Segmentⁿⁱ, ARM32 Code Segmentⁿⁱ, X86 Code Segmentⁿⁱ
is also defined as: named individual

Image Data Segment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageDataSegment

has super-classes: Image Segment^c
is also defined as: named individual

Image File Execution Options Injection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1183

has super-classes: Defense Evasion Technique^c; Persistence Technique^c; Privilege Escalation Technique^c

Image File Execution Options Injection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.012

has super-classes: Event Triggered Execution^c; modifies^op some System Configuration Database^c
is also defined as: named individual

Image Scanner Input Device^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageScannerInputDevice

is defined by: http://dbpedia.org/resource/Image_scanner

has super-classes: Video Input Device^c
has sub-classes: Barcode Scanner Input Device^c, Finger Print Scanner Input Device^c

Image Segment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageSegment

has super-classes: Binary Segment^c; File Section^c
has sub-classes: Image Code Segment^c, Image Data Segment^c

Impact^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Impact

has super-classes: Offensive Tactic^c
is also defined as: named individual

Impact Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImpactTechnique

has super-classes: Offensive Technique^c; enables^op some Impact^c
has sub-classes: Account Access Removal^c, Data Destruction^c, Data Encrypted for Impact^c, Data Manipulation^c, Defacement^c, Disk Content Wipe^c, Disk Structure Wipe^c, Disk Wipe^c, Endpoint Denial of Service^c, Firmware Corruption^c, Inhibit System Recovery^c, Network Denial of Service^c, Resource Hijacking^c, Runtime Data Manipulation^c, Service Stop^c, Stored Data Manipulation^c, System Shutdown/Reboot^c, Transmitted Data Manipulation^c
is also defined as: named individual

Impair Command History Logging^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.003

has super-classes: Impair Defenses^c; may-modify^op some User Init Script^c; may-modify^op some Windows Registry Key^c; modifies^op some Process Environment Variable^c
is also defined as: named individual

Impair Defenses^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562

has super-classes: Defense Evasion Technique^c
has sub-classes: Disable Cloud Logs^c, Disable Windows Event Logging^c, Disable or Modify Cloud Firewall^c, Disable or Modify System Firewall^c, Disable or Modify Tools^c, Downgrade Attack^c, Impair Command History Logging^c, Indicator Blocking^c, Safe Mode Boot^c

Impersonate User^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImpersonateUser

has super-classes: System Call^c; forges^op some User Account^c
has members: Impersonate Userⁿⁱ
is also defined as: named individual

Implant Container Image^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1525

has super-classes: Persistence Technique^c; adds^op some Container Image^c
is also defined as: named individual

Import Library Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImportLibraryFunction

has super-classes: Subroutine^c; loads^op some Shared Library File^c
is also defined as: named individual

Improper Authentication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-287

has super-classes: Weakness^c; weakness of^op some Authentication Function^c
is also defined as: named individual

Improper Control of Generation of Code ('Code Injection')^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-94

has super-classes: Weakness^c; may be weakness of^op some Eval Function^c; may be weakness of^op some User Input Function^c
is also defined as: named individual

Improper Input Validation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-20

has super-classes: Weakness^c; weakness of^op some User Input Function^c
is also defined as: named individual

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-22

has super-classes: Weakness^c; weakness of^op some User Input Function^c
is also defined as: named individual

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-79

has super-classes: Weakness^c; weakness of^op some User Input Function^c
is also defined as: named individual

Improper Neutralization of Special Elements used in a Command ('Command Injection')^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-77

has super-classes: Weakness^c; weakness of^op some User Input Function^c
is also defined as: named individual

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-78

has super-classes: Weakness^c; may be weakness of^op some Eval Function^c; may be weakness of^op some Process Start Function^c; may be weakness of^op some User Input Function^c
is also defined as: named individual

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-89

has super-classes: Weakness^c; weakness of^op some User Input Function^c
is also defined as: named individual

Improper Restriction of Operations within the Bounds of a Memory Buffer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-119

has super-classes: Weakness^c; weakness of^op some Raw Memory Access Function^c
is also defined as: named individual

Improper Restriction of XML External Entity Reference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-611

has super-classes: Weakness^c; weakness of^op some External Content Inclusion Function^c
is also defined as: named individual

In-memory Password Store^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#In-memoryPasswordStore

has super-classes: Password Store^c
is also defined as: named individual

Inbound Internet DNS Response Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetDNSResponseTraffic

has super-classes: Inbound Internet Network Traffic^c
is also defined as: named individual

Inbound Internet Mail Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetMailTraffic

has super-classes: Inbound Internet Network Traffic^c; Inbound Network Traffic^c; Mail Network Traffic^c
is also defined as: named individual

Inbound Internet Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetNetworkTraffic

has super-classes: Inbound Network Traffic^c; Internet Network Traffic^c; produces^op some Network Traffic^c
has sub-classes: Inbound Internet DNS Response Traffic^c, Inbound Internet Mail Traffic^c
is also defined as: named individual

Inbound Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundNetworkTraffic

has super-classes: Network Traffic^c
has sub-classes: Inbound Internet Mail Traffic^c, Inbound Internet Network Traffic^c
is also defined as: named individual

Inbound Session Volume Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundSessionVolumeAnalysis

has super-classes: Network Traffic Analysis^c; analyzes^op some Inbound Internet Network Traffic^c
is also defined as: named individual

Inbound Traffic Filtering^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundTrafficFiltering

has super-classes: Network Traffic Filtering^c; filters^op some Inbound Network Traffic^c
is also defined as: named individual

Incorrect Default Permissions^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-276

has super-classes: Weakness^c; weakness of^op some Application Installer^c
is also defined as: named individual

Indicator Blocking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1054

has super-classes: Defense Evasion Technique^c

Indicator Blocking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.006

has super-classes: Impair Defenses^c

Indicator Removal from Tools^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.005

has super-classes: Obfuscated Files or Information^c

Indicator Removal from Tools^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1066

has super-classes: Defense Evasion Technique^c

Indicator Removal on Host^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070

has super-classes: Defense Evasion Technique^c
has sub-classes: Clear Command History^c, Clear Linux or Mac System Logs^c, Clear Windows Event Logs^c, File Deletion^c, Network Share Connection Removal^c, Timestomp^c

Indirect Branch Call Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IndirectBranchCallAnalysis

has super-classes: Process Analysis^c
is also defined as: named individual

Indirect Command Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1202

has super-classes: Defense Evasion Technique^c

Information Content Entity^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InformationContentEntity

is defined by: https://d3fend.mitre.org/ontologies/d3fend.owl

has super-classes: D3FEND Catalog Thing^c; archived-at^dp some any u r i
has sub-classes: Catalog^c, Document^c, External Knowledge Base^c, License^c, Source Code^c
is in range of: cites^op

Ingress Tool Transfer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1105

has super-classes: Command and Control Technique^c; produces^op some Outbound Internet Network Traffic^c
is also defined as: named individual

Inhibit System Recovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1490

has super-classes: Impact Technique^c

Init Script^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitScript

has super-classes: Executable Script^c
has sub-classes: Network Init Script File Resource^c, User Init Script^c

Initial Access^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitialAccess

has super-classes: Offensive Tactic^c
is also defined as: named individual

Initial Access Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitialAccessTechnique

has super-classes: Offensive Technique^c; enables^op some Initial Access^c
has sub-classes: Drive-by Compromise^c, Exploit Public-Facing Application^c, External Remote Services^c, Hardware Additions^c, Phishing^c, Replication Through Removable Media^c, Spearphishing Attachment^c, Spearphishing Link^c, Spearphishing via Service^c, Supply Chain Compromise^c, Trusted Relationship^c, Valid Accounts^c
is also defined as: named individual

Input Capture^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056

has super-classes: Collection Technique^c; Credential Access Technique^c
has sub-classes: Credential API Hooking^c, GUI Input Capture^c, Keylogging^c, Web Portal Capture^c

Input Device^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InputDevice

has super-classes: Hardware Device^c; Local Resource^c
has sub-classes: Audio Input Device^c, Keyboard Input Device^c, Mouse Input Device^c, Video Input Device^c
is also defined as: named individual

Input Device Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InputDeviceAnalysis

has super-classes: Operating System Monitoring^c; analyzes^op some Input Device^c
is also defined as: named individual

Input Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InputFunction

has super-classes: Subroutine^c
has sub-classes: User Input Function^c

Input Prompt^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1141

has super-classes: Credential Access Technique^c

Install Digital Certificate^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608.003

has super-classes: Stage Capabilities^c

Install Root Certificate^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1130

has super-classes: Defense Evasion Technique^c

Install Root Certificate^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.004

has super-classes: Subvert Trust Controls^c; modifies^op some Certificate Trust Store^c
is also defined as: named individual

InstallUtil^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1118

has super-classes: Defense Evasion Technique^c; Execution Technique^c

InstallUtil Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.004

has super-classes: Signed Binary Proxy Execution^c

Instant Messaging Client^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InstantMessagingClient

is defined by: https://dbpedia.org/wiki/Instant_messaging

has super-classes: Collaborative Software^c

Integer Overflow or Wraparound^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-190

has super-classes: Weakness^c; weakness of^op some Mathematical Function^c
is also defined as: named individual

Integrated Honeynet^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntegratedHoneynet

has super-classes: Decoy Environment^c; spoofs^op some Intranet Network^c
is also defined as: named individual

Integration Test Execution Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntegrationTestExecutionTool

has super-classes: Test Execution Tool^c

Inter-Process Communication Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559

has super-classes: Execution Technique^c; injects^op some Interprocess Communication^c
has sub-classes: Component Object Model Execution^c, Dynamic Data Exchange Execution^c, XPC Services^c
is also defined as: named individual

Internal Defacement^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491.001

has super-classes: Defacement^c; modifies^op some Resource^c
is also defined as: named individual

Internal Proxy^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.001

has super-classes: Proxy^c; produces^op some Intranet Network Traffic^c
is also defined as: named individual

Internal Spearphishing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1534

has super-classes: Lateral Movement Technique^c; produces^op some Email^c
is also defined as: named individual

Internet Article^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetArticle

has super-classes: News Article^c
is also defined as: named individual

Internet Article Reference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetArticleReference

has super-classes: Technique Reference^c
has members: Reference - Catia UAF Pluginⁿⁱ, Reference - Configure User Access Control and Permissionsⁿⁱ, Reference - Cyber Command System (CYCS)ⁿⁱ, Reference - Dagger Fact Sheetⁿⁱ, Reference - Decoy Personas for Safeguarding Online Identity Using Deception - MITREⁿⁱ, Reference - Detection of Malicious IDNHomoglyph Domainsⁿⁱ, Reference - FWTK - Firewall Toolkitⁿⁱ, Reference - How ASLR protects Linux systems from buffer overflow attacks - Network Worldⁿⁱ, Reference - How Does Antivirus Quarantine Work? - Safety Detectivesⁿⁱ, Reference - How to change registry values or permissions from a command line or a scriptⁿⁱ, Reference - How trust relationships work for resource forests in Azure Active Directory Domain Servicesⁿⁱ, Reference - MGT516: Managing Security Vulnerabilities: Enterprise and Cloudⁿⁱ, Reference - NIST RMF Quick Start Guide - Assess Step - Frequently Asked Questions (FAQ)ⁿⁱ, Reference - Overview of the seccomp sandboxⁿⁱ, Reference - Pointer Authentication Project Zeroⁿⁱ, Reference - Security Technologies: Stack Smashing Protection (StackGuard) - Red Hatⁿⁱ, Reference - Tenable Passive Network Monitoringⁿⁱ, Reference - The Pyramid of Pain - David Biancoⁿⁱ, Reference - What is NX/XD feature?ⁿⁱ, Reference - http://www.biometric-solutions.com/keystroke-dynamics.html - biometric-solutions.comⁿⁱ

Internet Connection Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1016.001

has super-classes: System Network Configuration Discovery^c

Internet DNS Lookup^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetDNSLookup

has super-classes: DNS Lookup^c

Internet File Transfer Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetFileTransferTraffic

has super-classes: File Transfer Network Traffic^c; Internet Network Traffic^c

Internet Network^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetNetwork

is defined by: http://dbpedia.org/resource/Internetworking

has super-classes: Network^c

Internet Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetNetworkTraffic

has super-classes: Network Traffic^c
has sub-classes: Inbound Internet Network Traffic^c, Internet File Transfer Traffic^c, Outbound Internet Network Traffic^c
is also defined as: named individual

Interprocess Communication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InterprocessCommunication

has super-classes: Digital Artifact^c
has sub-classes: Pipe^c
is also defined as: named individual

Intranet Administrative Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic

has super-classes: Administrative Network Traffic^c; Intranet Network Traffic^c
is also defined as: named individual

Intranet DNS Lookup^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetDNSLookup

has super-classes: DNS Lookup^c

Intranet File Transfer Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetFileTransferTraffic

has super-classes: File Transfer Network Traffic^c; Intranet Network Traffic^c
is also defined as: named individual

Intranet IPC Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetIPCNetworkTraffic

has super-classes: IPC Network Traffic^c; Intranet Network Traffic^c; may-contain^op some File^c
is also defined as: named individual

Intranet Multicast Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetMulticastNetworkTraffic

has super-classes: Intranet Network Traffic^c
is also defined as: named individual

Intranet Network^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetNetwork

has super-classes: Network^c
is also defined as: named individual

Intranet Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetNetworkTraffic

has super-classes: Network Traffic^c
has sub-classes: Intranet Administrative Network Traffic^c, Intranet File Transfer Traffic^c, Intranet IPC Network Traffic^c, Intranet Multicast Network Traffic^c, Intranet RPC Network Traffic^c, Intranet Web Network Traffic^c, Local Area Network Traffic^c
is also defined as: named individual

Intranet RPC Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetRPCNetworkTraffic

has super-classes: Intranet Network Traffic^c; RPC Network Traffic^c

Intranet Web Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetWebNetworkTraffic

has super-classes: Intranet Network Traffic^c; Web Network Traffic^c; may-contain^op some File^c
is also defined as: named individual

Intrusion Detection System^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntrusionDetectionSystem

is defined by: http://dbpedia.org/resource/Intrusion_detection_system

has super-classes: Digital Artifact^c
has sub-classes: Intrusion Prevention System^c

Intrusion Prevention System^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntrusionPreventionSystem

is defined by: http://dbpedia.org/resource/Intrusion_detection_system#Intrusion_prevention

has super-classes: Intrusion Detection System^c

Invalid Code Signature^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.001

has super-classes: Masquerading^c; creates^op some Executable Binary^c
is also defined as: named individual

IO Port Restriction^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IOPortRestriction

has super-classes: Execution Isolation^c; filters^op some Input Device^c; filters^op some Removable Media Device^c
is also defined as: named individual

IP Address^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPAddress

has super-classes: Identifier^c; identifies^op some Network Node^c
is also defined as: named individual

IP Addresses^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.005

has super-classes: Gather Victim Network Information^c

IP Phone^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPPhone

is defined by: http://dbpedia.org/resource/VoIP_phone

has super-classes: Personal Computer^c

IP Reputation Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPReputationAnalysis

has super-classes: Identifier Reputation Analysis^c; analyzes^op some IP Address^c
is also defined as: named individual

IPC Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPCNetworkTraffic

has super-classes: Network Traffic^c
has sub-classes: Intranet IPC Network Traffic^c

IPC Traffic Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPCTrafficAnalysis

has super-classes: Network Traffic Analysis^c; analyzes^op some Intranet IPC Network Traffic^c
is also defined as: named individual

Isolate^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Isolate

has super-classes: Defensive Tactic^c
is also defined as: named individual

Java Archive^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JavaArchive

has super-classes: Archive File^c; Software Package^c

JavaScript Blob^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JavaScriptBlob

has super-classes: Binary Large Object^c
is also defined as: named individual

JavaScript/JScript^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.007

has super-classes: Command and Scripting Interpreter Execution^c

Job Function Access Pattern Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JobFunctionAccessPatternAnalysis

has super-classes: User Behavior Analysis^c; analyzes^op some Authorization^c
is also defined as: named individual

Journal Article^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JournalArticle

has super-classes: Academic Article^c

Junk Data^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001.001

has super-classes: Data Obfuscation^c

Kerberoasting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1208

has super-classes: Credential Access Technique^c

Kerberoasting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.003

has super-classes: Steal or Forge Kerberos Tickets^c; may-produce^op some RPC Network Traffic^c
is also defined as: named individual

Kerberos Ticket^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KerberosTicket

has super-classes: Access Token^c
has sub-classes: Kerberos Ticket Granting Service Ticket^c, Kerberos Ticket Granting Ticket^c
is also defined as: named individual

Kerberos Ticket Granting Service Ticket^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KerberosTicketGrantingServiceTicket

has super-classes: Kerberos Ticket^c

Kerberos Ticket Granting Ticket^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KerberosTicketGrantingTicket

has super-classes: Kerberos Ticket^c; Ticket Granting Ticket^c
is also defined as: named individual

Kernel^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Kernel

has super-classes: System Software^c; contains^op some Kernel Process Table^c; loads^op some Application^c; manages^op some Operating System Process^c; manages^op some User Process^c; may-contain^op some Hardware Driver^c; may-contain^op some Kernel Module^c
is also defined as: named individual

Kernel API Sensor^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelAPISensor

has super-classes: Endpoint Sensor^c; monitors^op some System Call^c
is also defined as: named individual

Kernel Module^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelModule

has super-classes: Object File^c
is also defined as: named individual

Kernel Modules and Extensions^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1215

has super-classes: Persistence Technique^c

Kernel Modules and Extensions^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.006

has super-classes: Boot or Logon Autostart Execution^c; modifies^op some Kernel Module^c
is also defined as: named individual

Kernel Process Table^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelProcessTable

has super-classes: Digital Artifact^c
is also defined as: named individual

Kernel-based Process Isolation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Kernel-basedProcessIsolation

has super-classes: Execution Isolation^c
has sub-classes: Mandatory Access Control^c, System Call Filtering^c
has members: Mandatory Access Controlⁿⁱ, System Call Filteringⁿⁱ
is also defined as: named individual

KernelCallbackTable^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.013

has super-classes: Hijack Execution Flow^c

Keyboard Input Device^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KeyboardInputDevice

has super-classes: Input Device^c
is also defined as: named individual

Keychain^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1142

has super-classes: Credential Access Technique^c; accesses^op some Encrypted Credential^c
is also defined as: named individual

Keychain^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.001

has super-classes: Credentials from Password Stores^c; accesses^op some MacOS Keychain^c
is also defined as: named individual

Keylogging^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.001

has super-classes: Input Capture^c; accesses^op some Keyboard Input Device^c
is also defined as: named individual

Kiosk Computer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KioskComputer

is defined by: http://dbpedia.org/resource/Interactive_kiosk

has super-classes: Shared Computer^c

Laptop Computer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LaptopComputer

is defined by: http://dbpedia.org/resource/Laptop

has super-classes: Personal Computer^c

Latency^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Latency

has super-classes: D3FEND Thing^c
has sub-classes: Analytic Latency^c, Eviction Latency^c

Lateral Movement^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LateralMovement

has super-classes: Offensive Tactic^c
is also defined as: named individual

Lateral Movement Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LateralMovementTechnique

has super-classes: Offensive Technique^c; enables^op some Lateral Movement^c
has sub-classes: Application Access Token^c, Application Deployment Software^c, Exploitation of Remote Services^c, Internal Spearphishing^c, Lateral Tool Transfer^c, Pass the Hash^c, Pass the Ticket^c, Remote Desktop Protocol^c, Remote Service Session Hijacking^c, Remote Services^c, Replication Through Removable Media^c, SSH Hijacking^c, Software Deployment Tools Execution^c, Taint Shared Content^c, Use Alternate Authentication Material^c, Web Session Cookie^c, Windows Admin Shares^c, Windows Remote Management^c
is also defined as: named individual

Lateral Tool Transfer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1570

has super-classes: Lateral Movement Technique^c; produces^op some Intranet File Transfer Traffic^c
is also defined as: named individual

Launch Agent^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1159

has super-classes: Persistence Technique^c

Launch Agent^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.001

has super-classes: Create or Modify System Process^c; creates^op some Property List File^c
is also defined as: named individual

Launch Daemon^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1160

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

Launch Daemon^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.004

has super-classes: Create or Modify System Process^c; modifies^op some Property List File^c
is also defined as: named individual

Launchctl^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1152

has super-classes: Defense Evasion Technique^c; Execution Technique^c; Persistence Technique^c

Launchctl^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1569.001

has super-classes: System Services^c

Launchd^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.004

has super-classes: Scheduled Task/Job Execution^c; creates^op some Property List File^c
is also defined as: named individual

LC_LOAD_DYLIB Addition^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1161

has super-classes: Persistence Technique^c

LC_LOAD_DYLIB Addition^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.006

has super-classes: Event Triggered Execution^c; modifies^op some Executable Binary^c
is also defined as: named individual

LD_PRELOAD^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.006

has super-classes: Hijack Execution Flow^c; modifies^op some Operating System Configuration File^c
is also defined as: named individual

Legacy System^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LegacySystem

has super-classes: Digital System^c
is also defined as: named individual

License^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#License

has super-classes: Information Content Entity^c
has sub-classes: Open Source License^c, Proprietary License^c

Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Link

has super-classes: Digital Artifact^c
has sub-classes: Logical Link^c, Physical Link^c

Link Target^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608.005

has super-classes: Stage Capabilities^c

Linux and Mac File and Directory Permissions Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1222.002

has super-classes: File and Directory Permissions Modification^c

ListPlanting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.015

has super-classes: Process Injection^c

LLMNR/NBT-NS Poisoning and Relay^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1171

has super-classes: Credential Access Technique^c

LLMNR/NBT-NS Poisoning and SMB Relay^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557.001

has super-classes: Man-in-the-Middle^c; produces^op some Intranet Multicast Network Traffic^c
is also defined as: named individual

Local Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.001

has super-classes: Create Account^c; creates^op some Local User Account^c
is also defined as: named individual

Local Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1136.001

has super-classes: Create Account^c

Local Account Monitoring^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAccountMonitoring

has super-classes: User Behavior Analysis^c; analyzes^op some Local User Account^c
is also defined as: named individual

Local Accounts^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.003

has super-classes: Valid Accounts^c; uses^op some Local User Account^c
is also defined as: named individual

Local Area Network^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAreaNetwork

has super-classes: Network^c; may-contain^op some Host^c
is also defined as: named individual

Local Area Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAreaNetworkTraffic

has super-classes: Intranet Network Traffic^c
is also defined as: named individual

Local Authentication Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAuthenticationService

has super-classes: Authentication Service^c; System Service Software^c

Local Authorization Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAuthorizationService

has super-classes: Authorization Service^c; System Service Software^c

Local Data Staging^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074.001

has super-classes: Data Staged^c; may-create^op some File^c; may-invoke^op some Create File^c
is also defined as: named individual

Local Email Collection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.001

has super-classes: Email Collection^c; reads^op some Email^c
is also defined as: named individual

Local File Permissions^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalFilePermissions

has super-classes: Platform Hardening^c; restricts^op some Directory^c; restricts^op some File^c
is also defined as: named individual

Local Groups^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1069.001

has super-classes: Permission Groups Discovery^c

Local Job Scheduling^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1168

has super-classes: Execution Technique^c; Persistence Technique^c

Local Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalResource

has super-classes: Resource^c
has sub-classes: Input Device^c, Startup Directory^c, System Configuration Init Resource^c, User Logon Init Resource^c
is also defined as: named individual

Local Resource Access^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalResourceAccess

has super-classes: Resource Access^c; accesses^op some Local Resource^c
is also defined as: named individual

Local User Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalUserAccount

has super-classes: User Account^c
is also defined as: named individual

Log^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Log

has super-classes: Digital Artifact^c
has sub-classes: Authentication Log^c, Authorization Log^c, Event Log^c, Packet Log^c
is also defined as: named individual

Log File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogFile

has super-classes: File^c; contains^op some Log^c
has sub-classes: Command History Log File^c, Operating System Log File^c
is also defined as: named individual

Log Message Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogMessageFunction

has super-classes: Subroutine^c

Logical Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogicalLink

has super-classes: Link^c
has sub-classes: Application Layer Link^c, Data Link Link^c, Network Link^c, Transport Link^c
is also defined as: named individual

Logical Link Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogicalLinkMapping

has super-classes: Network Mapping^c; maps^op some Logical Link^c; maps^op some Network^c; maps^op some Network Node^c
has sub-classes: Active Logical Link Mapping^c, Passive Logical Link Mapping^c
has members: Active Logical Link Mappingⁿⁱ, Passive Logical Link Mappingⁿⁱ
is also defined as: named individual

Login Item^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1162

has super-classes: Persistence Technique^c

Login Items^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.015

has super-classes: Boot or Logon Autostart Execution^c; modifies^op some User Logon Init Resource^c
is also defined as: named individual

Login Session^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LoginSession

has super-classes: Session^c
has sub-classes: Remote Session^c
is also defined as: named individual

Logon Script (Mac)^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.002

has super-classes: Boot or Logon Initialization Scripts^c; modifies^op some User Init Script^c
is also defined as: named individual

Logon Script (Windows)^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.001

has super-classes: Boot or Logon Initialization Scripts^c; modifies^op some User Init Script^c
is also defined as: named individual

Logon User^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogonUser

has super-classes: System Call^c; authenticates^op some User Account^c
is also defined as: named individual

LSA Secrets^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.004

has super-classes: OS Credential Dumping^c; may-access^op some Process^c; may-access^op some System Password Database^c
is also defined as: named individual

LSASS Driver^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1177

has super-classes: Execution Technique^c; Persistence Technique^c

LSASS Driver^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.008

has super-classes: Boot or Logon Autostart Execution^c; may-create^op some Shared Library File^c; modifies^op some System Service Software^c
is also defined as: named individual

LSASS Memory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.001

has super-classes: OS Credential Dumping^c; accesses^op some Authentication Service^c; accesses^op some Process^c
is also defined as: named individual

MacOS Keychain^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MacOSKeychain

has super-classes: Password Store^c
is also defined as: named individual

Mail Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailNetworkTraffic

has super-classes: Network Traffic^c; contains^op some Email^c
has sub-classes: Inbound Internet Mail Traffic^c
is also defined as: named individual

Mail Protocols^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.003

has super-classes: Application Layer Protocol^c; produces^op some Outbound Internet Mail Traffic^c
is also defined as: named individual

Mail Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailServer

has super-classes: Server^c; runs^op some Message Transfer Agent^c
is also defined as: named individual

Mail Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailService

has super-classes: Network Service^c
has sub-classes: Message Transfer Agent^c

Make and Impersonate Token^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.003

has super-classes: Access Token Manipulation^c; copies^op some Access Token^c; creates^op some Login Session^c; may-modify^op some Event Log^c
is also defined as: named individual

Malicious File Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.002

has super-classes: User Execution^c; executes^op some Executable File^c
is also defined as: named individual

Malicious Image^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.003

has super-classes: User Execution^c

Malicious Link Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.001

has super-classes: User Execution^c; accesses^op some URL^c; produces^op some Outbound Internet Web Traffic^c
is also defined as: named individual

Malicious Shell Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1156

has super-classes: Persistence Technique^c

Malware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1587.001

has super-classes: Develop Capabilities^c

Malware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.001

has super-classes: Obtain Capabilities^c

Man in the Browser^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1185

has super-classes: Collection Technique^c; produces^op some Web Network Traffic^c
is also defined as: named individual

Man-in-the-Middle^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557

has super-classes: Collection Technique^c; Credential Access Technique^c; produces^op some Network Traffic^c
has sub-classes: ARP Cache Poisoning^c, DHCP Spoofing^c, LLMNR/NBT-NS Poisoning and SMB Relay^c
is also defined as: named individual

Mandatory Access Control^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MandatoryAccessControl

has super-classes: Kernel-based Process Isolation^c; isolates^op some Process^c; restricts^op some Create Process^c
is also defined as: named individual

Mark-of-the-Web Bypass^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.005

has super-classes: Subvert Trust Controls^c

Masquerade Task or Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.004

has super-classes: Masquerading^c; modifies^op some Task Schedule^c
is also defined as: named individual

Masquerading^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036

has super-classes: Defense Evasion Technique^c
has sub-classes: Double File Extension^c, Invalid Code Signature^c, Masquerade Task or Service^c, Match Legitimate Name or Location^c, Rename System Utilities^c, Right-to-Left Override^c, Space after Filename^c

Match Legitimate Name or Location^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.005

has super-classes: Masquerading^c; invokes^op some Move File^c; may-create^op some File^c
is also defined as: named individual

Mathematical Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MathematicalFunction

has super-classes: Subroutine^c
is also defined as: named individual

Mavinject^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.013

has super-classes: Signed Binary Proxy Execution^c; invokes^op some Create Thread^c; modifies^op some Process Segment^c
is also defined as: named individual

Media Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MediaServer

is defined by: http://dbpedia.org/resource/Media_server

has super-classes: Server^c

Memory Address^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAddress

has super-classes: Digital Artifact^c; addresses^op some Memory Word^c
has sub-classes: Physical Address^c, Virtual Address^c
is also defined as: named individual

Memory Address Space^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAddressSpace

has super-classes: Address Space^c; contains^op some Memory Address^c
has sub-classes: Virtual Memory Space^c
is also defined as: named individual

Memory Allocation Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAllocationFunction

has super-classes: Subroutine^c; invokes^op some Allocate Memory^c
is also defined as: named individual

Memory Block^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryBlock

has super-classes: Memory Extent^c; contains^op some Memory Word^c; may-contain^op some Record^c
has sub-classes: Page^c, Page Frame^c, Tertiary Storage^c
is also defined as: named individual

Memory Boundary Tracking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryBoundaryTracking

has super-classes: Operating System Monitoring^c; analyzes^op some Process Code Segment^c
is also defined as: named individual

Memory Extent^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryExtent

has super-classes: Digital Artifact^c
has sub-classes: Memory Block^c, Memory Pool^c, Memory Word^c

Memory Free Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryFreeFunction

has super-classes: Subroutine^c; invokes^op some Free Memory^c
is also defined as: named individual

Memory Management Unit^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryManagementUnit

has super-classes: Processor Component^c; contains^op some Translation Lookaside Buffer^c; creates^op some Virtual Address^c; manages^op some Page Table^c; manages^op some Storage^c
is also defined as: named individual

Memory Management Unit Component^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryManagementUnitComponent

has super-classes: Hardware Device^c
has sub-classes: Translation Lookaside Buffer^c

Memory Pool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryPool

has super-classes: Memory Extent^c; contains^op some Memory Block^c
is also defined as: named individual

Memory Protection Unit^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryProtectionUnit

has super-classes: Processor Component^c
is also defined as: named individual

Memory Word^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryWord

has super-classes: Memory Extent^c
is also defined as: named individual

Message Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageAnalysis

has super-classes: Defensive Technique^c; enables^op some Detect^c
has sub-classes: Sender MTA Reputation Analysis^c, Sender Reputation Analysis^c
has members: Sender MTA Reputation Analysisⁿⁱ, Sender Reputation Analysisⁿⁱ
is also defined as: named individual

Message Authentication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageAuthentication

has super-classes: Message Hardening^c; authenticates^op some User to User Message^c
is also defined as: named individual

Message Encryption^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageEncryption

has super-classes: Message Hardening^c; encrypts^op some User to User Message^c
is also defined as: named individual

Message Hardening^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageHardening

has super-classes: Defensive Technique^c; enables^op some Harden^c
has sub-classes: Message Authentication^c, Message Encryption^c, Transfer Agent Authentication^c
has members: Message Authenticationⁿⁱ, Message Encryptionⁿⁱ, Transfer Agent Authenticationⁿⁱ
is also defined as: named individual

Message Transfer Agent^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageTransferAgent

has super-classes: Mail Service^c
is also defined as: named individual

Metadata^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Metadata

is defined by: http://dbpedia.org/resource/Metadata

has super-classes: Digital Artifact^c
has sub-classes: File System Metadata^c

Microcode^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Microcode

is defined by: http://dbpedia.org/resource/Microcode

has super-classes: Firmware^c

Missing Authentication for Critical Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-306

has super-classes: Weakness^c

Missing Authorization^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-862

Broad and could apply to all resource accesses.

has super-classes: Weakness^c

MMC^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.014

has super-classes: Signed Binary Proxy Execution^c; executes^op some Command^c; may-add^op some Software^c; may-modify^op some System Configuration Database^c
is also defined as: named individual

Mobile Phone^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MobilePhone

is defined by: http://dbpedia.org/resource/Mobile_phone

has super-classes: Personal Computer^c

Model^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Model

has super-classes: Defensive Tactic^c
is also defined as: named individual

Modem^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Modem

is defined by: http://dbpedia.org/resource/Modem

has super-classes: Network Node^c
has sub-classes: Dial Up Modem^c, Optical Modem^c, Radio Modem^c

Modify Authentication Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556

has super-classes: Credential Access Technique^c; Defense Evasion Technique^c; modifies^op some Authentication Service^c
has sub-classes: Domain Controller Authentication^c, Network Device Authentication^c, Password Filter DLL^c, Pluggable Authentication Modules^c, Reversible Encryption^c
is also defined as: named individual

Modify Cloud Compute Infrastructure^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1578

has super-classes: Defense Evasion Technique^c
has sub-classes: Create Cloud Instance^c, Create Snapshot^c, Delete Cloud Instance^c, Revert Cloud Instance^c

Modify Existing Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1031

has super-classes: Persistence Technique^c

Modify Registry^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1112

has super-classes: Defense Evasion Technique^c; modifies^op some Windows Registry^c
is also defined as: named individual

Modify System Image^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1601

has super-classes: Defense Evasion Technique^c
has sub-classes: Downgrade System Image^c, Patch System Image^c

Monitoring^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Monitoring

is defined by: http://wordnet-rdf.princeton.edu/id/00881724-n

has super-classes: D3FEND Thing^c

Mouse Input Device^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MouseInputDevice

is defined by: http://dbpedia.org/resource/Computer_mouse

has super-classes: Input Device^c

Move File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MoveFile

has super-classes: System Call^c; modifies^op some File System Metadata^c
is also defined as: named individual

MSBuild^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1127.001

has super-classes: Trusted Developer Utilities Proxy Execution^c; modifies^op some Compiler Configuration File^c; runs^op some Compiler^c
is also defined as: named individual

Mshta^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1170

has super-classes: Defense Evasion Technique^c; Execution Technique^c

Mshta Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.005

has super-classes: Signed Binary Proxy Execution^c

Msiexec Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.007

has super-classes: Signed Binary Proxy Execution^c

Multi-factor Authentication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Multi-factorAuthentication

has super-classes: Credential Hardening^c; authenticates^op some User Account^c
is also defined as: named individual

Multi-Factor Authentication Request Generation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1621

has super-classes: Credential Access Technique^c

Multi-hop Proxy^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.003

has super-classes: Proxy^c; produces^op some Outbound Internet Network Traffic^c
is also defined as: named individual

Multi-hop Proxy^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1188

has super-classes: Command and Control Technique^c

Multi-Stage Channels^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1104

has super-classes: Command and Control Technique^c; produces^op some Outbound Internet Network Traffic^c
is also defined as: named individual

Multilayer Encryption^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1079

has super-classes: Command and Control Technique^c

Multimedia Document File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MultimediaDocumentFile

has super-classes: Document File^c
is also defined as: named individual

Native API Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1106

has super-classes: Execution Technique^c; invokes^op some System Call^c
is also defined as: named individual

Netsh Helper DLL^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1128

has super-classes: Persistence Technique^c

Netsh Helper DLL^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.007

has super-classes: Event Triggered Execution^c; modifies^op some System Configuration Database Record^c; produces^op some Process^c
is also defined as: named individual

Network^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Network

has super-classes: Digital Artifact^c
has sub-classes: Internet Network^c, Intranet Network^c, Local Area Network^c, Wide Area Network^c
is also defined as: named individual

Network Address Translation Traversal^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1599.001

has super-classes: Network Boundary Bridging^c

Network Agent^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CollectorAgent

has super-classes: Software^c
is also defined as: named individual

Network Boundary Bridging^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1599

has super-classes: Defense Evasion Technique^c
has sub-classes: Network Address Translation Traversal^c

Network Card Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkCardFirmware

has super-classes: Peripheral Firmware^c

Network Denial of Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498

has super-classes: Impact Technique^c
has sub-classes: Direct Network Flood^c, Reflection Amplification^c, Service Exhaustion Flood^c

Network Device Authentication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.004

has super-classes: Modify Authentication Process^c

Network Device CLI^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.008

has super-classes: Command and Scripting Interpreter Execution^c

Network Device Configuration Dump^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1602.002

has super-classes: Data from Configuration Repository^c

Network Directory Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkDirectoryResource

has super-classes: Network File Share Resource^c; contains^op some Directory^c
is also defined as: named individual

Network File Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFileResource

has super-classes: Network File Share Resource^c; contains^op some File^c
has sub-classes: Network Init Script File Resource^c, Web File Resource^c
is also defined as: named individual

Network File Share Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFileShareResource

has super-classes: Network Resource^c
has sub-classes: Network Directory Resource^c, Network File Resource^c
is also defined as: named individual

Network Flow^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFlow

has super-classes: Digital Artifact^c; summarizes^op some Network Traffic^c
is also defined as: named individual

Network Flow Sensor^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFlowSensor

has super-classes: Network Sensor^c; monitors^op some Network Flow^c
is also defined as: named individual

Network Init Script File Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkInitScriptFileResource

has super-classes: Init Script^c; Network File Resource^c
is also defined as: named individual

Network Isolation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkIsolation

has super-classes: Defensive Technique^c; enables^op some Isolate^c
has sub-classes: Broadcast Domain Isolation^c, DNS Allowlisting^c, DNS Denylisting^c, Encrypted Tunnels^c, Network Traffic Filtering^c
has members: Broadcast Domain Isolationⁿⁱ, DNS Allowlistingⁿⁱ, DNS Denylistingⁿⁱ, Encrypted Tunnelsⁿⁱ, Network Traffic Filteringⁿⁱ
is also defined as: named individual

Network Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkLink

has super-classes: Logical Link^c

Network Logon Script^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.003

has super-classes: Boot or Logon Initialization Scripts^c; modifies^op some Network Init Script File Resource^c
is also defined as: named individual

Network Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkMapping

has super-classes: Defensive Technique^c; enables^op some Model^c
has sub-classes: Logical Link Mapping^c, Network Traffic Policy Mapping^c, Network Vulnerability Assessment^c, Physical Link Mapping^c
has members: Logical Link Mappingⁿⁱ, Network Traffic Policy Mappingⁿⁱ, Network Vulnerability Assessmentⁿⁱ, Physical Link Mappingⁿⁱ
is also defined as: named individual

Network Node^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkNode

has super-classes: Digital Artifact^c; runs^op some Operating System^c
has sub-classes: Firewall^c, Host^c, Modem^c, Proxy Server^c, RF Node^c, Router^c, Switch^c, Wireless Access Point^c
is also defined as: named individual

Network Node Inventory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkNodeInventory

has super-classes: Asset Inventory^c; inventories^op some Network Node^c
is also defined as: named individual

Network Packet^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkPackets

has super-classes: Network Traffic^c
is also defined as: named individual

Network Printer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkPrinter

is defined by: http://dbpedia.org/resource/Printer_(computing)

has super-classes: Shared Computer^c

Network Protocol Analyzer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkProtocolAnalyzer

has super-classes: Network Sensor^c; monitors^op some Network Traffic^c
is also defined as: named individual

Network Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkResource

has super-classes: Remote Resource^c
has sub-classes: Network File Share Resource^c, Server^c
is in range of: accesses^op
is also defined as: named individual

Network Resource Access^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkResourceAccess

has super-classes: Resource Access^c; accesses^op some Network Resource^c; accesses^op some Resource^c
has sub-classes: Web Resource Access^c
is also defined as: named individual

Network Security Appliances^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.006

has super-classes: Gather Victim Network Information^c

Network Sensor^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkSensor

has super-classes: Sensor^c
has sub-classes: Network Flow Sensor^c, Network Protocol Analyzer^c

Network Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkService

is defined by: http://dbpedia.org/resource/Network_service

has super-classes: Service Application Process^c
has sub-classes: Authorization Service^c, Directory Service^c, File Share Service^c, Mail Service^c, Remote Authentication Service^c

Network Service Scanning^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1046

has super-classes: Discovery Technique^c

Network Session^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkSession

has super-classes: Network Traffic^c; contains^op some Network Packet^c
has sub-classes: Remote Command^c, Remote Terminal Session^c
is also defined as: named individual

Network Share Connection Removal^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.005

has super-classes: Indicator Removal on Host^c; unmounts^op some Network File Share Resource^c
is also defined as: named individual

Network Share Connection Removal^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1126

has super-classes: Defense Evasion Technique^c

Network Share Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1135

has super-classes: Discovery Technique^c

Network Sniffing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1040

has super-classes: Credential Access Technique^c; Discovery Technique^c; may-produce^op some DNS Lookup^c
is also defined as: named individual

Network Topology^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.004

has super-classes: Gather Victim Network Information^c

Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic

has super-classes: Digital Artifact^c; may-contain^op some Domain Name^c; originates-from^op some Physical Location^c
has sub-classes: Administrative Network Traffic^c, DNS Network Traffic^c, File Transfer Network Traffic^c, IPC Network Traffic^c, Inbound Network Traffic^c, Internet Network Traffic^c, Intranet Network Traffic^c, Mail Network Traffic^c, Network Packet^c, Network Session^c, Outbound Network Traffic^c, RPC Network Traffic^c, Web Network Traffic^c
is also defined as: named individual

Network Traffic Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficAnalysis

has super-classes: Defensive Technique^c; enables^op some Detect^c
has sub-classes: Administrative Network Activity Analysis^c, Byte Sequence Emulation^c, Certificate Analysis^c, Client-server Payload Profiling^c, Connection Attempt Analysis^c, DNS Traffic Analysis^c, File Carving^c, IPC Traffic Analysis^c, Inbound Session Volume Analysis^c, Network Traffic Community Deviation^c, Per Host Download-Upload Ratio Analysis^c, Protocol Metadata Anomaly Detection^c, RPC Traffic Analysis^c, Relay Pattern Analysis^c, Remote Terminal Session Detection^c
has members: Administrative Network Activity Analysisⁿⁱ, Byte Sequence Emulationⁿⁱ, Certificate Analysisⁿⁱ, Client-server Payload Profilingⁿⁱ, Connection Attempt Analysisⁿⁱ, DNS Traffic Analysisⁿⁱ, File Carvingⁿⁱ, IPC Traffic Analysisⁿⁱ, Inbound Session Volume Analysisⁿⁱ, Network Traffic Community Deviationⁿⁱ, Per Host Download-Upload Ratio Analysisⁿⁱ, Protocol Metadata Anomaly Detectionⁿⁱ, RPC Traffic Analysisⁿⁱ, Relay Pattern Analysisⁿⁱ, Remote Terminal Session Detectionⁿⁱ
is also defined as: named individual

Network Traffic Analysis Software^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficAnalysisSoftware

has super-classes: Developer Application^c
is also defined as: named individual

Network Traffic Community Deviation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficCommunityDeviation

has super-classes: Network Traffic Analysis^c; analyzes^op some Network Traffic^c
is also defined as: named individual

Network Traffic Filtering^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficFiltering

has super-classes: Network Isolation^c; filters^op some Network Traffic^c
has sub-classes: Inbound Traffic Filtering^c, Outbound Traffic Filtering^c
has members: Inbound Traffic Filteringⁿⁱ, Outbound Traffic Filteringⁿⁱ
is also defined as: named individual

Network Traffic Policy Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficPolicyMapping

has super-classes: Network Mapping^c; maps^op some Access Control Configuration^c; queries^op some Network Agent^c
is also defined as: named individual

Network Trust Dependencies^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1590.003

has super-classes: Gather Victim Network Information^c

Network Vulnerability Assessment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkVulnerabilityAssessment

has super-classes: Network Mapping^c; evaluates^op some Network^c; identifies^op some vulnerability^c
is also defined as: named individual

New Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1050

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

News Article^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NewsArticle

has super-classes: Article^c
has sub-classes: Internet Article^c

NIST Control^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NISTControl

has super-classes: External Control^c; member-of^op some NIST SP 800-53 Control Catalog^c
has members: AC-17(8)ⁿⁱ, AC-2(1)ⁿⁱ, AC-2(13)ⁿⁱ, AC-2(2)ⁿⁱ, AC-2(3)ⁿⁱ, AC-2(4)ⁿⁱ, AC-2(5)ⁿⁱ, AC-2(6)ⁿⁱ, AC-2(7)ⁿⁱ, AC-2(9)ⁿⁱ, AC-23ⁿⁱ, AC-24ⁿⁱ, AC-24(1)ⁿⁱ, AC-24(2)ⁿⁱ, AC-3ⁿⁱ, AC-3(11)ⁿⁱ, AC-3(13)ⁿⁱ, AC-3(3)ⁿⁱ, AC-3(7)ⁿⁱ, AC-3(8)ⁿⁱ, AC-4ⁿⁱ, AC-4(1)ⁿⁱ, AC-4(10)ⁿⁱ, AC-4(11)ⁿⁱ, AC-4(12)ⁿⁱ, AC-4(13)ⁿⁱ, AC-4(14)ⁿⁱ, AC-4(15)ⁿⁱ, AC-4(17)ⁿⁱ, AC-4(19)ⁿⁱ, AC-4(20)ⁿⁱ, AC-4(21)ⁿⁱ, AC-4(26)ⁿⁱ, AC-4(27)ⁿⁱ, AC-4(28)ⁿⁱ, AC-4(29)ⁿⁱ, AC-4(3)ⁿⁱ, AC-4(30)ⁿⁱ, AC-4(32)ⁿⁱ, AC-4(4)ⁿⁱ, AC-4(5)ⁿⁱ, AC-4(6)ⁿⁱ, AC-4(8)ⁿⁱ, AC-5ⁿⁱ, AC-6ⁿⁱ, AC-6(1)ⁿⁱ, AC-6(10)ⁿⁱ, AC-6(3)ⁿⁱ, AC-6(4)ⁿⁱ, AC-6(5)ⁿⁱ, AC-6(6)ⁿⁱ, AC-6(9)ⁿⁱ, AC-7ⁿⁱ, AC-7(3)ⁿⁱ, AC-7(4)ⁿⁱ, AU-10(5)ⁿⁱ, AU-14(2)ⁿⁱ, AU-15ⁿⁱ, AU-2ⁿⁱ, AU-2(1)ⁿⁱ, AU-2(2)ⁿⁱ, AU-3ⁿⁱ, AU-4ⁿⁱ, CM-14ⁿⁱ, CM-5ⁿⁱ, CM-5(1)ⁿⁱ, CM-5(3)ⁿⁱ, CM-5(5)ⁿⁱ, CM-5(6)ⁿⁱ, CM-6(3)ⁿⁱ, IA-2(1)ⁿⁱ, IA-2(2)ⁿⁱ, IA-2(4)ⁿⁱ, IA-2(6)ⁿⁱ, IR-4(12)ⁿⁱ, IR-4(13)ⁿⁱ, MA-3(3)ⁿⁱ, MA-3(4)ⁿⁱ, MA-3(5)ⁿⁱ, MA-3(6)ⁿⁱ, MA-4(1)ⁿⁱ, MA-6ⁿⁱ, MA-6(1)ⁿⁱ, MA-6(2)ⁿⁱ, MA-6(3)ⁿⁱ, RA-3(3)ⁿⁱ, RA-3(4)ⁿⁱ, RA-5ⁿⁱ, RA-5(2)ⁿⁱ, RA-5(3)ⁿⁱ, RA-5(4)ⁿⁱ, RA-5(5)ⁿⁱ, RA-5(6)ⁿⁱ, RA-5(7)ⁿⁱ, SA-10(1)ⁿⁱ, SA-10(3)ⁿⁱ, SA-10(4)ⁿⁱ, SA-10(5)ⁿⁱ, SA-10(6)ⁿⁱ, SA-11(1)ⁿⁱ, SA-11(8)ⁿⁱ, SA-8(18)ⁿⁱ, SA-8(22)ⁿⁱ, SC-2ⁿⁱ, SC-2(1)ⁿⁱ, SC-3ⁿⁱ, SC-3(1)ⁿⁱ, SI-2(4)ⁿⁱ, SI-2(5)ⁿⁱ, SI-2(6)ⁿⁱ, SI-3ⁿⁱ, SI-3(10)ⁿⁱ, SI-3(4)ⁿⁱ, SI-3(8)ⁿⁱ, SI-4ⁿⁱ, SI-4(2)ⁿⁱ, SI-4(4)ⁿⁱ

NIST SP 800-53 Control Catalog^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NISTSP800-53ControlCatalog

has super-classes: Control Catalog^c; has-member^op some NIST Control^c
has members: NIST SP 800-53 R3ⁿⁱ, NIST SP 800-53 R4ⁿⁱ, NIST SP 800-53 R5ⁿⁱ

Non-Application Layer Protocol^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1095

has super-classes: Command and Control Technique^c; produces^op some Outbound Internet Network Traffic^c
is also defined as: named individual

Non-Standard Encoding^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1132.002

has super-classes: Data Encoding^c

Non-Standard Port^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1571

has super-classes: Command and Control Technique^c; produces^op some Outbound Internet Network Traffic^c
is also defined as: named individual

NTDS^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.003

has super-classes: OS Credential Dumping^c; accesses^op some Encrypted Credential^c
is also defined as: named individual

NTFS File Attributes^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1096

has super-classes: Defense Evasion Technique^c

NTFS File Attributes^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.004

has super-classes: Hide Artifacts^c; modifies^op some File System Metadata^c
is also defined as: named individual

NTFS Hard Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NTFSHardLink

is defined by: http://dbpedia.org/resource/NTFS_links

has super-classes: Hard Link^c; NTFS Link^c

NTFS Junction Point^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NTFSJunctionPoint

is defined by: http://dbpedia.org/resource/NTFS_links

has super-classes: NTFS Link^c; Symbolic Link^c

NTFS Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NTFSLink

has super-classes: File^c; File System Link^c
has sub-classes: NTFS Hard Link^c, NTFS Junction Point^c, NTFS Symbolic Link^c

NTFS Symbolic Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NTFSSymbolicLink

is defined by: http://dbpedia.org/resource/NTFS_links

has super-classes: NTFS Link^c; Symbolic Link^c

NULL Pointer Dereference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-476

has super-classes: Weakness^c; weakness of^op some Pointer Dereferencing Function^c
is also defined as: named individual

Obfuscated Files or Information^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027

has super-classes: Defense Evasion Technique^c
has sub-classes: Binary Padding^c, Compile After Delivery^c, HTML Smuggling^c, Indicator Removal from Tools^c, Software Packing^c, Steganography^c

Object File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ObjectFile

has super-classes: File^c
has sub-classes: Kernel Module^c, Shared Library File^c
is also defined as: named individual

Obtain Capabilities^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588

has super-classes: Resource Development Technique^c
has sub-classes: Code Signing Certificates^c, Digital Certificates^c, Exploits^c, Malware^c, Tool^c, Vulnerabilities^c

Odbcconf Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.008

has super-classes: Signed Binary Proxy Execution^c

Offensive Tactic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OffensiveTactic

is defined by: https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf

has super-classes: ATTACK Thing^c; enabled-by^op some Offensive Technique^c
has sub-classes: Collection^c, Command And Control^c, Credential Access^c, Defense Evasion^c, Discovery^c, Execution^c, Exfiltration^c, Impact^c, Initial Access^c, Lateral Movement^c, Persistence^c, Privilege Escalation^c, Resource Development^c, reconnaissance^c
has members: Collectionⁿⁱ, Command And Controlⁿⁱ, Credential Accessⁿⁱ, Defense Evasionⁿⁱ, Discoveryⁿⁱ, Executionⁿⁱ, Exfiltrationⁿⁱ, Impactⁿⁱ, Initial Accessⁿⁱ, Lateral Movementⁿⁱ, Persistenceⁿⁱ, Privilege Escalationⁿⁱ

Offensive Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OffensiveTechnique

is defined by: https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf

has super-classes: ATTACK Thing^c; Technique^c; enables^op some Offensive Tactic^c
has sub-classes: Collection Technique^c, Command and Control Technique^c, Credential Access Technique^c, Defense Evasion Technique^c, Discovery Technique^c, Execution Technique^c, Exfiltration Technique^c, Impact Technique^c, Initial Access Technique^c, Lateral Movement Technique^c, Persistence Technique^c, Privilege Escalation Technique^c, Reconnaissance Technique^c, Resource Development Technique^c
is in domain of: attack-id, attack-kb-annotation
is in range of: may-be-tactically-associated-with^op

Office Application^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OfficeApplication

has super-classes: User Application^c
is also defined as: named individual

Office Application File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OfficeApplicationFile

has super-classes: Document File^c
is also defined as: named individual

Office Application Startup^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137

has super-classes: Persistence Technique^c
has sub-classes: Add-ins^c, Office Template Macros^c, Office Test^c, Outlook Forms^c, Outlook Home Page^c, Outlook Rules^c

Office Template Macros^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.001

has super-classes: Office Application Startup^c; may-add^op some Executable Script^c; may-modify^op some Executable Script^c; may-modify^op some System Configuration Database Record^c
is also defined as: named individual

Office Test^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.002

has super-classes: Office Application Startup^c; modifies^op some System Configuration Database Record^c
is also defined as: named individual

One-time Password^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#One-timePassword

has super-classes: Credential Hardening^c; authenticates^op some User Account^c; use-limits^op some Password^c
is also defined as: named individual

One-Way Communication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102.003

has super-classes: Web Service^c

Open File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpenFile

has super-classes: System Call^c; accesses^op some File^c
is also defined as: named individual

Open Source License^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpenSourceLicense

has super-classes: License^c

Open-source Developer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Open-sourceDeveloper

has super-classes: Product Developer^c

Operating System^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystem

has super-classes: Digital Artifact^c; contains^op some Kernel^c; contains^op some System Service Software^c; may-contain^op some Operating System Configuration Component^c
is also defined as: named individual

Operating System Configuration^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemConfiguration

has super-classes: Configuration Resource^c
has sub-classes: Operating System Configuration Component^c
is also defined as: named individual

Operating System Configuration Component^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemConfigurationComponent

has super-classes: Operating System Configuration^c
has sub-classes: System Configuration Database Record^c, System Firewall Configuration^c, System Init Configuration^c
is also defined as: named individual

Operating System Configuration File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemConfigurationFile

has super-classes: Configuration File^c; Operating System File^c
is also defined as: named individual

Operating System Executable File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemExecutableFile

has super-classes: Operating System File^c
is also defined as: named individual

Operating System File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemFile

has super-classes: File^c
has sub-classes: Operating System Configuration File^c, Operating System Executable File^c, Operating System Log File^c, Operating System Shared Library File^c
is also defined as: named individual

Operating System Log File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemLogFile

has super-classes: Log File^c; Operating System File^c
is also defined as: named individual

Operating System Monitoring^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemMonitoring

has super-classes: Platform Monitoring^c
has sub-classes: Endpoint Health Beacon^c, Input Device Analysis^c, Memory Boundary Tracking^c, Scheduled Job Analysis^c, System Daemon Monitoring^c, System File Analysis^c, System Init Config Analysis^c, User Session Init Config Analysis^c
has members: Endpoint Health Beaconⁿⁱ, Input Device Analysisⁿⁱ, Memory Boundary Trackingⁿⁱ, Scheduled Job Analysisⁿⁱ, System Daemon Monitoringⁿⁱ, System File Analysisⁿⁱ, System Init Config Analysisⁿⁱ, User Session Init Config Analysisⁿⁱ
is also defined as: named individual

Operating System Packaging Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemPackagingTool

has super-classes: Software Packaging Tool^c

Operating System Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemProcess

has super-classes: Process^c
has sub-classes: System Init Process^c, Task Scheduler Process^c
is also defined as: named individual

Operating System Shared Library File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemSharedLibraryFile

has super-classes: Operating System File^c; Shared Library File^c
is also defined as: named individual

Operational Activity Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalActivityMapping

has super-classes: Defensive Technique^c; enables^op some Model^c
has sub-classes: Access Modeling^c, Operational Dependency Mapping^c, Operational Risk Assessment^c, Organization Mapping^c
has members: Access Modelingⁿⁱ, Operational Dependency Mappingⁿⁱ, Operational Risk Assessmentⁿⁱ, Organization Mappingⁿⁱ
is also defined as: named individual

Operational Dependency Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalDependencyMapping

has super-classes: Operational Activity Mapping^c; maps^op some Dependency^c; maps^op some Organizational Activity^c
is also defined as: named individual

Operational Risk Assessment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalRiskAssessment

has super-classes: Operational Activity Mapping^c; evaluates^op some Organization^c; identifies^op some vulnerability^c
is also defined as: named individual

Operations Center Computer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationsCenterComputer

is defined by: http://dbpedia.org/resource/Mainframe_computer

has super-classes: Shared Computer^c

Optical Modem^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpticalModem

is defined by: http://dbpedia.org/resource/Modem#Optical_modem

has super-classes: Modem^c

Orchestration Controller^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationController

has super-classes: Orchestration Server^c; contains^op some Container Orchestration Software^c
is also defined as: named individual

Orchestration Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationServer

has super-classes: Server^c
has sub-classes: Orchestration Controller^c, Orchestration Worker^c

Orchestration Worker^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationWorker

has super-classes: Orchestration Server^c

Organization^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Organization

has super-classes: Agent^c; has-member^op some Person^c
has sub-classes: Provider^c
has members: DISA FSOⁿⁱ
is also defined as: named individual

Organization Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrganizationMapping

has super-classes: Operational Activity Mapping^c; maps^op some Dependency^c; maps^op some Organization^c; maps^op some Person^c; may-map^op some Organizational Activity^c
is also defined as: named individual

Organizational Activity^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrganizationalActivity

has super-classes: Activity^c
is also defined as: named individual

OS Credential Dumping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003

has super-classes: Credential Access Technique^c; accesses^op some Credential^c
has sub-classes: /etc/passwd and /etc/shadow^c, Cached Domain Credentials^c, DCSync^c, LSA Secrets^c, LSASS Memory^c, NTDS^c, Proc Filesystem^c, Security Account Manager^c
is also defined as: named individual

OS Exhaustion Flood^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499.001

has super-classes: Endpoint Denial of Service^c

Out-of-bounds Read^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-125

has super-classes: Weakness^c; weakness of^op some Raw Memory Access Function^c
is also defined as: named individual

Out-of-bounds Write^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-787

has super-classes: Weakness^c; weakness of^op some Raw Memory Access Function^c
is also defined as: named individual

Outbound Internet DNS Lookup Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetDNSLookupTraffic

has super-classes: DNS Network Traffic^c; Outbound Internet Network Traffic^c; Outbound Network Traffic^c; may-contain^op some DNS Lookup^c
is also defined as: named individual

Outbound Internet Encrypted Remote Terminal Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetEncryptedRemoteTerminalTraffic

has super-classes: Outbound Internet Encrypted Traffic^c
is also defined as: named individual

Outbound Internet Encrypted Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetEncryptedTraffic

has super-classes: Outbound Internet Network Traffic^c
has sub-classes: Outbound Internet Encrypted Remote Terminal Traffic^c, Outbound Internet Encrypted Web Traffic^c
is also defined as: named individual

Outbound Internet Encrypted Web Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetEncryptedWebTraffic

has super-classes: Outbound Internet Encrypted Traffic^c; Outbound Internet Web Traffic^c
is also defined as: named individual

Outbound Internet File Transfer Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetFileTransferTraffic

has super-classes: File Transfer Network Traffic^c; Outbound Internet Network Traffic^c; Outbound Network Traffic^c; contains^op some File^c
is also defined as: named individual

Outbound Internet Mail Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetMailTraffic

has super-classes: Outbound Internet Network Traffic^c
is also defined as: named individual

Outbound Internet Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetNetworkTraffic

has super-classes: Internet Network Traffic^c; Outbound Network Traffic^c
has sub-classes: Outbound Internet DNS Lookup Traffic^c, Outbound Internet Encrypted Traffic^c, Outbound Internet File Transfer Traffic^c, Outbound Internet Mail Traffic^c, Outbound Internet RPC Traffic^c, Outbound Internet Web Traffic^c
is also defined as: named individual

Outbound Internet RPC Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetRPCTraffic

has super-classes: Outbound Internet Network Traffic^c; Outbound Network Traffic^c; RPC Network Traffic^c

Outbound Internet Web Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetWebTraffic

has super-classes: Outbound Internet Network Traffic^c; Web Network Traffic^c; may-contain^op some URL^c
has sub-classes: Outbound Internet Encrypted Web Traffic^c
is also defined as: named individual

Outbound Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundNetworkTraffic

has super-classes: Network Traffic^c
has sub-classes: Outbound Internet DNS Lookup Traffic^c, Outbound Internet File Transfer Traffic^c, Outbound Internet Network Traffic^c, Outbound Internet RPC Traffic^c
is also defined as: named individual

Outbound Traffic Filtering^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundTrafficFiltering

has super-classes: Network Traffic Filtering^c; filters^op some Outbound Network Traffic^c
is also defined as: named individual

Outlook Forms^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.003

has super-classes: Office Application Startup^c; adds^op some Office Application File^c
is also defined as: named individual

Outlook Home Page^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.004

has super-classes: Office Application Startup^c; modifies^op some Application Configuration Database^c
is also defined as: named individual

Outlook Rules^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.005

has super-classes: Office Application Startup^c; modifies^op some Application Configuration Database^c
is also defined as: named individual

Output Device^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutputDevice

is defined by: http://dbpedia.org/resource/Output_device

has super-classes: Hardware Device^c
has sub-classes: Display Adapter^c

Packet Log^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PacketLog

has super-classes: Log^c; records^op some Network Session^c
is also defined as: named individual

Page^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Page

is defined by: https://d3fend.mitre.org/ontologies/d3fend.owl

has super-classes: Memory Block^c

Page Frame^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PageFrame

has super-classes: Memory Block^c; contained-by^op some Primary Storage^c
is also defined as: named individual

Page Table^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PageTable

has super-classes: Digital Artifact^c; contains^op some Physical Address^c; contains^op some Virtual Address^c
is also defined as: named individual

Parent PID Spoofing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.004

has super-classes: Access Token Manipulation^c; invokes^op some Create Process^c
is also defined as: named individual

Parent PID Spoofing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1502

has super-classes: Defense Evasion Technique^c; Privilege Escalation Technique^c

Parent Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ParentProcess

is defined by: http://dbpedia.org/resource/Parent_process

has super-classes: Process^c

Partition^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Partition

has super-classes: Digital Artifact^c
is also defined as: named individual

Partition Table^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PartitionTable

has super-classes: Digital Artifact^c; addresses^op some Partition^c
is also defined as: named individual

Pass the Hash^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1075

has super-classes: Lateral Movement Technique^c

Pass The Hash^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.002

has super-classes: Use Alternate Authentication Material^c; creates^op some Authentication^c
is also defined as: named individual

Pass the Ticket^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1097

has super-classes: Lateral Movement Technique^c

Pass The Ticket^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.003

has super-classes: Use Alternate Authentication Material^c; creates^op some Authentication^c
is also defined as: named individual

Passive Certificate Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassiveCertificateAnalysis

has super-classes: Certificate Analysis^c
has members: Passive Certificate Analysisⁿⁱ
is also defined as: named individual

Passive Logical Link Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassiveLogicalLinkMapping

has super-classes: Logical Link Mapping^c
is also defined as: named individual

Passive Physical Link Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassivePhysicalLinkMapping

has super-classes: Physical Link Mapping^c
is disjoint with: Active Physical Link Mapping^c
is also defined as: named individual

Password^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Password

has super-classes: Credential^c
has sub-classes: Encrypted Password^c
is also defined as: named individual

Password Cracking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.002

has super-classes: Brute Force^c; accesses^op some Password^c
is also defined as: named individual

Password Database^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordDatabase

has super-classes: Database^c
has sub-classes: Password File^c, Password Store^c, System Password Database^c

Password File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordFile

has super-classes: File^c; Password Database^c
is also defined as: named individual

Password Filter DLL^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1174

has super-classes: Credential Access Technique^c

Password Filter DLL^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.002

has super-classes: Modify Authentication Process^c; creates^op some Shared Library File^c; modifies^op some System Configuration Database Record^c
is also defined as: named individual

Password Guessing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.001

has super-classes: Brute Force^c; accesses^op some Password^c; modifies^op some Authentication Log^c; produces^op some Authentication^c
is also defined as: named individual

Password Manager^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordManager

is defined by: http://dbpedia.org/resource/Password_manager

has super-classes: Application^c

Password Managers^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.005

has super-classes: Credentials from Password Stores^c

Password Policy Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1201

has super-classes: Discovery Technique^c

Password Spraying^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.003

has super-classes: Brute Force^c; accesses^op some Password^c; may-create^op some Intranet Administrative Network Traffic^c; modifies^op some Authentication Log^c; produces^op some Authentication^c
is also defined as: named individual

Password Store^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PasswordStore

has super-classes: Password Database^c
has sub-classes: In-memory Password Store^c, MacOS Keychain^c
is also defined as: named individual

Patch System Image^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1601.001

has super-classes: Modify System Image^c

Patent^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Patent

has super-classes: Document^c
is also defined as: named individual

Patent Reference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PatentReference

has super-classes: Technique Reference^c
has members: Reference - Account monitoring - Forescout Technologiesⁿⁱ, Reference - Active firewall system and methodology - McAfee LLCⁿⁱ, Reference - Advanced device matching systemⁿⁱ, Reference - Anomaly Detection Using Adaptive Behavioral Profiles - Securonix Incⁿⁱ, Reference - Anti-tamper system with self-adjusting guards - ARXAN TECHNOLOGIES Incⁿⁱ, Reference - Apparatus for to provide content to and query a reverse domain name system server - Barrracuda Networksⁿⁱ, Reference - Approaches for securing an internet endpoint using fine-grained operating system virtualization - Bromium, Inc.ⁿⁱ, Reference - Architecture of transparent network security for application containers - Neuvector Incⁿⁱ, Reference - Automated computer vulnerability resolution systemⁿⁱ, Reference - Automatically generating network resource groups and assigning customized decoy policies thereto - Illusive Networks Ltdⁿⁱ, Reference - Automatically generating rules for connection security - Microsoftⁿⁱ, Reference - Biometric Challenge-Response Authentication - Accentureⁿⁱ, Reference - Broadcast isolation and level 3 network switch - Hewlett Packard Enterprise Development LPⁿⁱ, Reference - Computational modeling and classification of data streams - Crowdstrike Incⁿⁱ, Reference - Computer Worm Defense System and Method - FireEye Incⁿⁱ, Reference - Computer motherboard having peripheral security functionsⁿⁱ, Reference - Computer-implemented methods and systems for identifying visually similar text character strings - Greathorn Incⁿⁱ, Reference - Computing apparatus with automatic integrity reference generation and maintenance - Tripwire, Inc.ⁿⁱ, Reference - Content extractor and analysis system - Bit 9 Inc, Carbon Black Incⁿⁱ, Reference - Data processing and scanning systems for generating and populating a data inventoryⁿⁱ, Reference - Database for receiving, storing and compiling information about email messagesⁿⁱ, Reference - Deception-Based Responses to Security Attacks - Crowdstrike Incⁿⁱ, Reference - Decoy Network-Based Service for Deceiving Attackers - Amazon Technologiesⁿⁱ, Reference - Decoy and deceptive data object technology - Cymmetria Incⁿⁱ, Reference - Decoy and deceptive data object technology - Cymmetria, Inc.ⁿⁱ, Reference - Detecting network reconnaissance by tracking intranet dark-net communications - VECTRA NETWORKS Incⁿⁱ, Reference - Detecting script-based malware - Crowdstrike Incⁿⁱ, Reference - Deterministic method for detecting and blocking of exploits on interpreted code - K2 Cyber Security Incⁿⁱ, Reference - Distributed meta-information query in a network - Bit 9 Incⁿⁱ, Reference - Domain age registration alert - Inc Rapid7 Inc RAPID7 Incⁿⁱ, Reference - Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network - Palo Alto Networks Incⁿⁱ, Reference - Embedding contexts for on-line threats into response policy zones - Verisign Incⁿⁱ, Reference - End-to-end certificate pinningⁿⁱ, Reference - File-modifying malware detection - Crowdstrike Incⁿⁱ, Reference - Finding phishing sitesⁿⁱ, Reference - Firewall for interent access - Secure Computing LLCⁿⁱ, Reference - Firewall for processing a connectionless network packet - National Security Agencyⁿⁱ, Reference - Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network - National Security Agencyⁿⁱ, Reference - Firewalls that filter based upon protocol commands - Intel Corpⁿⁱ, Reference - Firmware Embedded Monitoring Code Red Balloonⁿⁱ, Reference - Firmware Verification Eclypsiumⁿⁱ, Reference - Firmware Verification Trapezoidⁿⁱ, Reference - Framework for notifying a directory service of authentication events processed outside the directory service - Oracle International Corpⁿⁱ, Reference - Guards for application in software tamperproofing - Purdue Research Foundationⁿⁱ, Reference - Hardware-assisted system and method for detecting and analyzing system calls made to an operting system kernel - Endgame Incⁿⁱ, Reference - Heuristic botnet detection - Palo Alto Networks Incⁿⁱ, Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltdⁿⁱ, Reference - Identification and extraction of key forensics indicators of compromise using subject-specific filesystem viewsⁿⁱ, Reference - Identification of traceroute nodes and associated devicesⁿⁱ, Reference - Identification of visual international domain name collisions - Verisign Incⁿⁱ, Reference - Identifying a denial-of-service attack in a cloud-based proxy service - Cloudfare Inc.ⁿⁱ, Reference - Inferential exploit attempt detection - Crowdstrike Incⁿⁱ, Reference - Instant process termination tool to recover control of an information handling system - Dell Products LPⁿⁱ, Reference - Integrity assurance through early loading in the boot phase - Crowdstrike Incⁿⁱ, Reference - Intrusion detection using a heartbeat - Sophos Ltdⁿⁱ, Reference - Isolation of applications within a virtual machine - Bromium, Inc.ⁿⁱ, Reference - Malicious relay detection on networks - VECTRA NETWORKS Incⁿⁱ, Reference - Malware analysis system - Palo Alto Networks Incⁿⁱ, Reference - Malware detection in event loops - Crowdstrike Incⁿⁱ, Reference - Malware detection using local computational models - Crowdstrike Incⁿⁱ, Reference - Method and Apparatus for Detecting Malicious Websites - Endgame Incⁿⁱ, Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLCⁿⁱ, Reference - Method and apparatus for increasing the speed at which computer viruses are detected - McAfee LLCⁿⁱ, Reference - Method and apparatus for utilizing a token for resource access - Rsa Security Inc.ⁿⁱ, Reference - Method and system for UDP flood attack detection - Riorey LLCⁿⁱ, Reference - Method and system for controlling communication portsⁿⁱ, Reference - Method and system for detecting algorithm-generated domains - VECTRA NETWORKS Incⁿⁱ, Reference - Method and system for detecting external control of compromised hosts - VECTRA NETWORKS Incⁿⁱ, Reference - Method and system for detecting malicious payloads - Vectra Networks Incⁿⁱ, Reference - Method and system for detecting restricted content associated with retrieved content - Sophos Ltdⁿⁱ, Reference - Method and system for detecting suspicious administrative activity - Vectra Networks Incⁿⁱ, Reference - Method and system for detecting threats using metadata vectors - VECTRA NETWORKS Incⁿⁱ, Reference - Method and system for detecting threats using passive cluster mapping - Vectra Networks Incⁿⁱ, Reference - Method and system for providing software updates to local machinesⁿⁱ, Reference - Method for controlling computer network security - Checkpoint Software Technologies Ltdⁿⁱ, Reference - Method for file encryptionⁿⁱ, Reference - Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system - Symantec Corporationⁿⁱ, Reference - Mock attack cybersecurity training system and methods - WOMBAT SECURITY TECHNOLOGIES Incⁿⁱ, Reference - Modeling user access to computer resources - Daedalus Group LLC (formerly IBM)ⁿⁱ, Reference - Modification of a Server to Mimic a Deception Mechanism - Acalvio Technologies Incⁿⁱ, Reference - Network firewall with proxy - Secure Computing LLCⁿⁱ, Reference - Open source intelligence deceptions - Illusive Networks Ltdⁿⁱ, Reference - Post sandbox methods and systems for detecting and blocking zero-day exploits via api call validation - K2 Cyber Security Incⁿⁱ, Reference - Preventing execution of task scheduled malware - McAfee LLCⁿⁱ, Reference - Privacy and security systems and methods of useⁿⁱ, Reference - Private virtual local area network isolation - Cisco Technology Incⁿⁱ, Reference - Protected computing environment - Microsoft Technology Licensing LLCⁿⁱ, Reference - Protecting against distributed denial of service attacks - Cisco Technology Inc.ⁿⁱ, Reference - Protecting against distributed network flood attacks - Juniper Networks Inc.ⁿⁱ, Reference - RPC call interception - Crowdstrike Incⁿⁱ, Reference - Reputation of an entity associated with a content itemⁿⁱ, Reference - Secure caching of server credentials - Dell Products LPⁿⁱ, Reference - Security System with Methodology for Interprocess Communication Control - Check Point Software Tech Incⁿⁱ, Reference - Security vulnerability information aggregationⁿⁱ, Reference - Sinkholing bad network domains by registering the bad network domains on the internet - Palo Alto Networks Incⁿⁱ, Reference - Software vulnerability graph databaseⁿⁱ, Reference - Supply chain cyber-deception - Cymmetria, Inc.ⁿⁱ, Reference - Synchronizing a honey network configuration to reflect a target network environment - Palo Alto Networks Incⁿⁱ, Reference - System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Velocity Analysis - Silver Tail Systemsⁿⁱ, Reference - System and Method for Network Security Including Detection of Attacks Through Partner Websites - EMC IP Holding Co LLCⁿⁱ, Reference - System and Method for Process Hollowing Detection - Carbon Black Incⁿⁱ, Reference - System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Incⁿⁱ, Reference - System and method for detecting homoglyph attacks with a siamese convolutional neural network - Endgame Incⁿⁱ, Reference - System and method for detecting malware injected into memory of a computing device - Endgame Incⁿⁱ, Reference - System and method for identifying the presence of malware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Incⁿⁱ, Reference - System and method for internet security - Cylance Incⁿⁱ, Reference - System and method for managed security assessment and mitigationⁿⁱ, Reference - System and method for providing an actively invalidated client-side network resource cache - IMVUⁿⁱ, Reference - System and method for scanning remote services to locate stored objects with malwareⁿⁱ, Reference - System and method for validating in-memory integrity of executable files to identify malicious activity - Endgame Incⁿⁱ, Reference - System and method for vulnerability risk analysisⁿⁱ, Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Incⁿⁱ, Reference - System and methods thereof for causality identification and attributions determination of processes in a network - Palo Alto Networks IncCyber Secdo Ltdⁿⁱ, Reference - System and methods thereof for detection of persistent threats in a computerized environment background - Palo Alto Networks IncCyber Secdo Ltdⁿⁱ, Reference - System and methods thereof for identification of suspicious system processes - Palo Alto Networks Incⁿⁱ, Reference - System and methods thereof for logical identification of malicious threats across a plurality of end-point devices (epd) communicatively connected by a network - Palo Alto Networks IncCyber Secdo Ltdⁿⁱ, Reference - System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system - Palo Alto Networks Incⁿⁱ, Reference - System for detecting threats using scenario-based tracking of internal and external network traffic - VECTRA NETWORKS Incⁿⁱ, Reference - System for implementing threat detection using daily network traffic community outliers - VECTRA NETWORKS Incⁿⁱ, Reference - System for implementing threat detection using threat and risk assessment of asset-actor interactions - VECTRA NETWORKS Incⁿⁱ, Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Incⁿⁱ, Reference - Systems and methods for detecting and/or handling targeted attacks in the email channel - Graphus Incⁿⁱ, Reference - Systems and methods for detecting credential theft - Symantec Corpⁿⁱ, Reference - Tamper proof mutating software - ARXAN TECHNOLOGIES Incⁿⁱ, Reference - Techniques for impeding and detecting network threats - Verisign Incⁿⁱ, Reference - Threat detection for return oriented programming - Crowdstrike Incⁿⁱ, Reference - Threat detection through the accumulated detection of threat characteristics - Sophos Ltdⁿⁱ, Reference - Tokenless biometric transaction authorization method and systemⁿⁱ, Reference - Trusted Communications With Child Processes - Microsoft Technology Licensing LLCⁿⁱ, Reference - USB filter for hub malicious code prevention systemⁿⁱ, Reference - Use of an application controller to monitor and control software file and application environments - Sophos Ltdⁿⁱ, Reference - Using spanning tree protocol (STP) to enhance layer-2 topology mapsⁿⁱ, Reference - Virtualized process isolation - Advanced Micro Devices Incⁿⁱ

Path Interception by PATH Environment Variable^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.007

has super-classes: Hijack Execution Flow^c; creates^op some Executable File^c
is also defined as: named individual

Path Interception by Search Order Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.008

has super-classes: Hijack Execution Flow^c; creates^op some Executable File^c
is also defined as: named individual

Path Interception by Unquoted Path^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.009

has super-classes: Hijack Execution Flow^c; creates^op some Executable File^c
is also defined as: named individual

Per Host Download-Upload Ratio Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PerHostDownload-UploadRatioAnalysis

has super-classes: Network Traffic Analysis^c; analyzes^op some Network Traffic^c
is also defined as: named individual

Peripheral Device Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1120

has super-classes: Discovery Technique^c

Peripheral Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PeripheralFirmware

has super-classes: Firmware^c
has sub-classes: Graphics Card Firmware^c, Hard Disk Firmware^c, Human Input Device Firmware^c, Network Card Firmware^c, Peripheral Hub Firmware^c
is also defined as: named individual

Peripheral Firmware Verification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PeripheralFirmwareVerification

has super-classes: Firmware Verification^c; verifies^op some Peripheral Firmware^c
is also defined as: named individual

Peripheral Hub Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PeripheralHubFirmware

has super-classes: Peripheral Firmware^c

Permission Groups Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1069

has super-classes: Discovery Technique^c
has sub-classes: Cloud Groups^c, Domain Groups^c, Local Groups^c

Persistence^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Persistence

has super-classes: Offensive Tactic^c
is also defined as: named individual

Persistence Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PersistenceTechnique

has super-classes: Offensive Technique^c; enables^op some Persistence^c
has sub-classes: Accessibility Features^c, Account Manipulation^c, AppCert DLLs^c, AppInit DLLs^c, Application Shimming^c, Authentication Package^c, BITS Jobs^c, Boot or Logon Autostart Execution^c, Boot or Logon Initialization Scripts^c, Bootkit^c, Browser Extensions^c, Change Default File Association^c, Component Firmware^c, Component Object Model Hijacking^c, Compromise Client Software Binary^c, Create Account^c, Create or Modify System Process^c, DLL Search Order Hijacking^c, Dylib Hijacking^c, Emond^c, Event Triggered Execution^c, External Remote Services^c, File System Permissions Weakness^c, Hidden Files and Directories^c, Hijack Execution Flow^c, Hooking^c, Image File Execution Options Injection^c, Implant Container Image^c, Kernel Modules and Extensions^c, LC_LOAD_DYLIB Addition^c, LSASS Driver^c, Launch Agent^c, Launch Daemon^c, Launchctl^c, Local Job Scheduling^c, Login Item^c, Malicious Shell Modification^c, Modify Existing Service^c, Netsh Helper DLL^c, New Service^c, Office Application Startup^c, Plist Modification^c, Port Monitors^c, PowerShell Profile^c, Pre-OS Boot^c, Rc.common^c, Re-opened Applications^c, Registry Run Keys / Startup Folder^c, SIP and Trust Provider Hijacking^c, Scheduled Task/Job Execution^c, Screensaver^c, Security Support Provider^c, Server Software Component^c, Service Registry Permissions Weakness^c, Setuid and Setgid^c, Shortcut Modification^c, Startup Items^c, System Firmware^c, Systemd Service^c, Time Providers^c, Traffic Signaling^c, Trap^c, Valid Accounts^c, Web Shell^c, Windows Management Instrumentation Event Subscription^c, Winlogon Helper DLL^c
is also defined as: named individual

Person^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Person

has super-classes: Agent^c; name^dp some string
is also defined as: named individual

Personal Computer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PersonalComputer

is defined by: http://dbpedia.org/resource/Personal_computer

has super-classes: Client Computer^c
has sub-classes: Desktop Computer^c, IP Phone^c, Laptop Computer^c, Mobile Phone^c, Tablet Computer^c

Phishing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566

has super-classes: Initial Access Technique^c
has sub-classes: Spearphishing Attachment^c, Spearphishing Link^c, Spearphishing Via Service^c

Phishing for Information^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1598

has super-classes: Reconnaissance Technique^c
has sub-classes: Spearphishing Attachment^c, Spearphishing Link^c, Spearphishing Service^c

Physical Address^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalAddress

has super-classes: Memory Address^c
is also defined as: named individual

Physical Artifact^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalArtifact

has super-classes: Artifact^c; Physical Object^c
has sub-classes: Hardware Device^c

Physical Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalLink

has super-classes: Link^c
is also defined as: named individual

Physical Link Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalLinkMapping

has super-classes: Network Mapping^c; maps^op some Network Node^c; maps^op some Physical Link^c
has sub-classes: Active Physical Link Mapping^c, Passive Physical Link Mapping^c
has members: Active Physical Link Mappingⁿⁱ, Passive Physical Link Mappingⁿⁱ
is also defined as: named individual

Physical Location^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalLocation

has super-classes: Digital Artifact^c
is also defined as: named individual

Physical Object^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalObject

has super-classes: D3FEND Thing^c; has-location^op some Physical Location^c
has sub-classes: Physical Artifact^c

Pipe^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Pipe

has super-classes: Interprocess Communication^c
is also defined as: named individual

Platform^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Platform

has super-classes: Digital Artifact^c; contains^op some Firmware^c; contains^op some Hardware Device^c; contains^op some Operating System^c
is also defined as: named individual

Platform Hardening^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PlatformHardening

has super-classes: Defensive Technique^c; enables^op some Harden^c
has sub-classes: Bootloader Authentication^c, Disk Encryption^c, Driver Load Integrity Checking^c, File Encryption^c, Local File Permissions^c, RF Shielding^c, Software Update^c, System Configuration Permissions^c, TPM Boot Integrity^c
has members: Bootloader Authenticationⁿⁱ, Disk Encryptionⁿⁱ, Driver Load Integrity Checkingⁿⁱ, Executable Allowlistingⁿⁱ, File Encryptionⁿⁱ, Local File Permissionsⁿⁱ, RF Shieldingⁿⁱ, Software Updateⁿⁱ, System Configuration Permissionsⁿⁱ, TPM Boot Integrityⁿⁱ
is also defined as: named individual

Platform Monitoring^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PlatformMonitoring

has super-classes: Defensive Technique^c; enables^op some Detect^c
has sub-classes: Firmware Behavior Analysis^c, Firmware Embedded Monitoring Code^c, Firmware Verification^c, Operating System Monitoring^c
has members: Firmware Behavior Analysisⁿⁱ, Firmware Embedded Monitoring Codeⁿⁱ, Firmware Verificationⁿⁱ, Operating System Monitoringⁿⁱ
is also defined as: named individual

Plist File Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1647

has super-classes: Defense Evasion Technique^c

Plist Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1150

has super-classes: Defense Evasion Technique^c; Persistence Technique^c; Privilege Escalation Technique^c

Plist Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.011

has super-classes: Boot or Logon Autostart Execution^c; modifies^op some Application Configuration File^c
is also defined as: named individual

Pluggable Authentication Modules^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.003

has super-classes: Modify Authentication Process^c; may-modify^op some Operating System Configuration File^c; may-modify^op some Operating System Shared Library File^c
is also defined as: named individual

Pointer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Pointer

has super-classes: Digital Artifact^c
has sub-classes: Saved Instruction Pointer^c
is also defined as: named individual

Pointer Authentication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PointerAuthentication

has super-classes: Application Hardening^c; authenticates^op some Pointer^c
is also defined as: named individual

Pointer Dereferencing Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PointerDereferencingFunction

has super-classes: Subroutine^c; addresses^op some Memory Block^c; addresses^op some Pointer^c
is also defined as: named individual

Policy^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Policy

has super-classes: Document^c
has sub-classes: Guidance^c

Policy Reference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PolicyReference

has super-classes: Technique Reference^c
has sub-classes: Guideline Reference^c

Port Knocking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1205.001

has super-classes: Traffic Signaling^c; produces^op some Network Traffic^c
is also defined as: named individual

Port Monitors^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1013

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

Port Monitors^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.010

has super-classes: Boot or Logon Autostart Execution^c; modifies^op some System Configuration Database Record^c
is also defined as: named individual

Portable Executable Injection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.002

has super-classes: Process Injection^c; may-add^op some Object File^c
is also defined as: named individual

Portfolio Assessment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PortfolioAssessment

has super-classes: Assessment^c; has-evidence^op some Capability Assessment^c

POSIX Symbolic Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#POSIXSymbolicLink

is defined by: http://dbpedia.org/resource/Symbolic_link

has super-classes: Symbolic Link^c; Unix Link^c

PowerShell^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1086

has super-classes: Execution Technique^c

PowerShell Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.001

has super-classes: Command and Scripting Interpreter Execution^c

PowerShell Profile^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1504

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

PowerShell Profile^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.013

has super-classes: Event Triggered Execution^c; modifies^op some PowerShell Profile Script^c
is also defined as: named individual

PowerShell Profile Script^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PowerShellProfileScript

has super-classes: User Init Script^c
is also defined as: named individual

Pre-OS Boot^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542

has super-classes: Defense Evasion Technique^c; Persistence Technique^c
has sub-classes: Bootkit^c, Component Firmware^c, ROMMONkit^c, System Firmware^c, TFTP Boot^c

Primary Storage^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrimaryStorage

has super-classes: Hardware Device^c; Storage^c; contains^op some Page Frame^c; contains^op some Process Segment^c
has sub-classes: Processor Cache Memory^c, Processor Register^c, RAM^c, ROM^c
is also defined as: named individual

Print Processors^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.012

has super-classes: Boot or Logon Autostart Execution^c

Print Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrintServer

is defined by: http://dbpedia.org/resource/Print_server

has super-classes: Server^c

Private Key^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivateKey

has super-classes: Asymmetric Key^c
is also defined as: named individual

Private Keys^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1145

has super-classes: Credential Access Technique^c

Private Keys^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.004

has super-classes: Unsecured Credentials^c; accesses^op some Private Key^c
is also defined as: named individual

Privilege Escalation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivilegeEscalation

has super-classes: Offensive Tactic^c
is also defined as: named individual

Privilege Escalation Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivilegeEscalationTechnique

has super-classes: Offensive Technique^c; enables^op some Privilege Escalation^c
has sub-classes: Abuse Elevation Control Mechanism^c, Access Token Manipulation^c, Accessibility Features^c, AppCert DLLs^c, AppInit DLLs^c, Application Shimming^c, Boot or Logon Autostart Execution^c, Boot or Logon Initialization Scripts^c, Bypass User Account Control^c, Create Account^c, Create or Modify System Process^c, DLL Search Order Hijacking^c, Dylib Hijacking^c, Elevated Execution with Prompt^c, Emond^c, Escape to Host^c, Event Triggered Execution^c, Exploitation for Privilege Escalation^c, Extra Window Memory Injection^c, File System Permissions Weakness^c, Group Policy Modification^c, Hijack Execution Flow^c, Hooking^c, Image File Execution Options Injection^c, Launch Daemon^c, New Service^c, Parent PID Spoofing^c, Plist Modification^c, Port Monitors^c, PowerShell Profile^c, Process Injection^c, SID-History Injection^c, Scheduled Task/Job Execution^c, Service Registry Permissions Weakness^c, Setuid and Setgid^c, Startup Items^c, Sudo^c, Sudo Caching^c, Valid Accounts^c, Web Shell^c
is also defined as: named individual

Privileged User Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivilegedUserAccount

is defined by: https://www.ssh.com/iam/user/privileged-account

has super-classes: User Account^c

Proc Filesystem^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.007

has super-classes: OS Credential Dumping^c; accesses^op some Operating System File^c; accesses^op some Process Image^c
is also defined as: named individual

Proc Memory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.009

has super-classes: Process Injection^c; accesses^op some Operating System File^c; may-modify^op some Operating System File^c
is also defined as: named individual

procedure^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Procedure

has super-classes: D3FEND Thing^c; implements^op some Technique^c; start^op some step^c
has sub-classes: Use Case Procedure^c
has members: Procedure 1 - T1134.001 Access Token Manipulationⁿⁱ

Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Process

has super-classes: Digital Artifact^c; contains^op some Process Image^c; instructed-by^op some Software^c; may-execute^op some Thread^c; process-image-path^op some Executable Binary^c; process-user^op some User Account^c; uses^op some Resource^c; process-command-line-arguments^dp some string; process-environmental-variables^dp some string; process-identifier^dp some integer; process-security-context^dp some string
has sub-classes: Child Process^c, Operating System Process^c, Parent Process^c, User Process^c
is in domain of: process-security-context^dp
has members: BSD Processⁿⁱ, Linux Processⁿⁱ, Windows Processⁿⁱ, iOS Processⁿⁱ, macOS Processⁿⁱ
is also defined as: named individual

Process Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessAnalysis

has super-classes: Defensive Technique^c; enables^op some Detect^c
has sub-classes: Database Query String Analysis^c, File Access Pattern Analysis^c, Indirect Branch Call Analysis^c, Process Code Segment Verification^c, Process Self-Modification Detection^c, Process Spawn Analysis^c, Script Execution Analysis^c, Shadow Stack Comparisons^c, System Call Analysis^c
has members: Database Query String Analysisⁿⁱ, File Access Pattern Analysisⁿⁱ, Indirect Branch Call Analysisⁿⁱ, Process Code Segment Verificationⁿⁱ, Process Self-Modification Detectionⁿⁱ, Process Spawn Analysisⁿⁱ, Script Execution Analysisⁿⁱ, Shadow Stack Comparisonsⁿⁱ, System Call Analysisⁿⁱ
is also defined as: named individual

Process Argument Spoofing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.010

has super-classes: Hide Artifacts^c

Process Code Segment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessCodeSegment

has super-classes: Process Segment^c; contains^op some Subroutine^c; may-contain^op some Process Segment^c
has members: AMD64 Code Segmentⁿⁱ, ARM32 Code Segmentⁿⁱ, X86 Code Segmentⁿⁱ
is also defined as: named individual

Process Code Segment Verification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessCodeSegmentVerification

has super-classes: Process Analysis^c; verifies^op some Process Code Segment^c
is also defined as: named individual

Process Data Segment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessDataSegment

has super-classes: Process Segment^c

Process Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1057

has super-classes: Discovery Technique^c; may-invoke^op some Create Process^c; may-invoke^op some Get Running Processes^c
is also defined as: named individual

Process Doppelgänging^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.013

has super-classes: Process Injection^c; invokes^op some Create Process^c
is also defined as: named individual

Process Doppelgänging^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1186

has super-classes: Defense Evasion Technique^c

Process Environment Variable^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessEnvironmentVariable

has super-classes: Application Configuration^c
is also defined as: named individual

Process Eviction^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessEviction

has super-classes: Defensive Technique^c; enables^op some Evict^c
has sub-classes: Process Suspension^c, Process Termination^c
has members: Process Suspensionⁿⁱ, Process Terminationⁿⁱ
is also defined as: named individual

Process Hollowing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.012

has super-classes: Process Injection^c; modifies^op some Process Code Segment^c
is also defined as: named individual

Process Hollowing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1093

has super-classes: Defense Evasion Technique^c

Process Image^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessImage

has super-classes: Digital Artifact^c; contains^op some Process Segment^c
is also defined as: named individual

Process Injection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055

has super-classes: Defense Evasion Technique^c; Privilege Escalation Technique^c
has sub-classes: Asynchronous Procedure Call^c, Dynamic-link Library Injection^c, Extra Window Memory Injection^c, ListPlanting^c, Portable Executable Injection^c, Proc Memory^c, Process Doppelgänging^c, Process Hollowing^c, Ptrace System Calls^c, Thread Execution Hijacking^c, Thread Local Storage^c, VDSO Hijacking^c

Process Lineage Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessLineageAnalysis

has super-classes: Process Spawn Analysis^c; analyzes^op some Process^c; analyzes^op some Process Tree^c
is also defined as: named individual

Process Segment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSegment

has super-classes: Binary Segment^c
has sub-classes: Heap Segment^c, Process Code Segment^c, Process Data Segment^c, Stack Segment^c
is also defined as: named individual

Process Segment Execution Prevention^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSegmentExecutionPrevention

has super-classes: Application Hardening^c; neutralizes^op some Process Segment^c
is also defined as: named individual

Process Self-Modification Detection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSelf-ModificationDetection

has super-classes: Process Analysis^c; analyzes^op some Process^c
is also defined as: named individual

Process Spawn Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSpawnAnalysis

has super-classes: Process Analysis^c; analyzes^op some Create Process^c; analyzes^op some Process^c
has sub-classes: Process Lineage Analysis^c
has members: Process Lineage Analysisⁿⁱ
is also defined as: named individual

Process Start Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessStartFunction

has super-classes: Subroutine^c; invokes^op some Create Process^c
is also defined as: named individual

Process Suspension^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSuspension

has super-classes: Process Eviction^c; suspends^op some Process^c
is also defined as: named individual

Process Termination^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessTermination

has super-classes: Process Eviction^c; terminates^op some Process^c
is also defined as: named individual

Process Tree^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessTree

has super-classes: Digital Artifact^c; contains^op some Process^c
is also defined as: named individual

Processor^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Processor

has super-classes: Hardware Device^c
has sub-classes: Central Processing Unit^c, Graphics Processing Unit^c

Processor Cache Memory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CacheMemory

has super-classes: Primary Storage^c; accessed-by^op some Central Processing Unit^c; may-contain^op some Process Segment^c; modifies^op some Processor Cache Memory^c
is also defined as: named individual

Processor Component^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessorComponent

has super-classes: Hardware Device^c
has sub-classes: Memory Management Unit^c, Memory Protection Unit^c

Processor Register^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessorRegister

has super-classes: Primary Storage^c; contained-by^op some Central Processing Unit^c
is also defined as: named individual

Product^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Product

has super-classes: Capability Implementation^c
has sub-classes: Appliance^c, Software Product^c

Product Developer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProductDeveloper

has super-classes: Provider^c; produces^op some Product^c
has sub-classes: Open-source Developer^c

Property List File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PropertyListFile

has super-classes: Configuration File^c
is also defined as: named individual

Proposition^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Proposition

is defined by: http://semanticscience.org/resource/SIO_000256

has super-classes: D3FEND Catalog Thing^c
has sub-classes: Statement^c

Proprietary License^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProprietaryLicense

has super-classes: License^c

Protocol Impersonation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001.003

has super-classes: Data Obfuscation^c

Protocol Metadata Anomaly Detection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProtocolMetadataAnomalyDetection

has super-classes: Network Traffic Analysis^c; analyzes^op some Network Traffic^c
is also defined as: named individual

Protocol Tunneling^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1572

has super-classes: Command and Control Technique^c; produces^op some Outbound Internet Network Traffic^c
is also defined as: named individual

Provider^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Provider

has super-classes: Organization^c; produces^op some Capability Implementation^c
has sub-classes: Product Developer^c, Service Provider^c, Vendor^c

Proxy^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090

has super-classes: Command and Control Technique^c
has sub-classes: Domain Fronting^c, External Proxy^c, Internal Proxy^c, Multi-hop Proxy^c

Proxy Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProxyServer

is defined by: http://dbpedia.org/resource/Proxy_server

has super-classes: Network Node^c; Server^c
has sub-classes: Forward Proxy Server^c, Reverse Proxy Server^c

Ptrace System Calls^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.008

has super-classes: Process Injection^c; invokes^op some System Call^c
is also defined as: named individual

Public Key^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PublicKey

has super-classes: Asymmetric Key^c
is also defined as: named individual

PubPrn Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1216.001

has super-classes: Signed Script Proxy Execution^c

Purchase Technical Data^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1597.002

has super-classes: Search Closed Sources^c

Python Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.006

has super-classes: Command and Scripting Interpreter Execution^c

Python Package^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PythonPackage

has super-classes: Software Package^c

Python Script File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PythonScriptFile

has super-classes: Executable Script^c

Query Registry^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1012

has super-classes: Discovery Technique^c; accesses^op some System Configuration Database^c; may-invoke^op some Get System Config Value^c
is also defined as: named individual

Radio Modem^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RadioModem

is defined by: http://dbpedia.org/resource/Modem#Radio

has super-classes: Modem^c

RAM^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RAM

is defined by: https://d3fend.mitre.org/ontologies/d3fend.owl

has super-classes: Primary Storage^c

Raw Memory Access Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RawMemoryAccessFunction

has super-classes: Subroutine^c; accesses^op some Memory Block^c
is also defined as: named individual

Rc.common^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.004

has super-classes: Boot or Logon Initialization Scripts^c; modifies^op some System Init Script^c
is also defined as: named individual

Rc.common^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1163

has super-classes: Persistence Technique^c

RDP Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563.002

has super-classes: Remote Service Session Hijacking^c; accesses^op some RDP Session^c
is also defined as: named individual

RDP Session^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RDPSession

has super-classes: Remote Session^c
is also defined as: named individual

Re-opened Applications^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1164

has super-classes: Persistence Technique^c

Re-opened Applications^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.007

has super-classes: Boot or Logon Autostart Execution^c; modifies^op some Application Configuration File^c
is also defined as: named individual

Read File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReadFile

has super-classes: System Call^c; reads^op some File^c
is also defined as: named individual

reconnaissance^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reconnaissance

has super-classes: Offensive Tactic^c
is also defined as: named individual

Reconnaissance Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReconnaissanceTechnique

has super-classes: Offensive Technique^c; enables^op some reconnaissance^c
has sub-classes: Active Scanning^c, Gather Victim Host Information^c, Gather Victim Identity Information^c, Gather Victim Network Information^c, Gather Victim Org Information^c, Phishing for Information^c, Search Closed Sources^c, Search Open Technical Databases^c, Search Open Websites/Domains^c, Search Victim-Owned Websites^c
is also defined as: named individual

Record^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Record

has super-classes: Digital Artifact^c
has sub-classes: Boot Record^c, Configuration Database Record^c, DNS Record^c, System Utilization Record^c
is also defined as: named individual

Reduce Key Space^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1600.001

has super-classes: Weaken Encryption^c

Reference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference

has super-classes: D3FEND Thing^c
is in domain of: d3fend-kb-reference-annotation, kb-abstract, kb-author, kb-mitre-analysis, kb-reference-of^op, kb-reference-title^dp

Reference Type^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReferenceType

has super-classes: D3FEND Thing^c
has members: Bookⁿⁱ, Internet Articleⁿⁱ, Marketing Materialⁿⁱ, Patentⁿⁱ, Source Codeⁿⁱ, User Manualⁿⁱ

Reflection Amplification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498.002

has super-classes: Network Denial of Service^c; produces^op some Inbound Internet Network Traffic^c
is also defined as: named individual

Reflective Code Loading^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1620

has super-classes: Defense Evasion Technique^c; modifies^op some Process Segment^c
is also defined as: named individual

Registry Run Keys / Startup Folder^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1060

has super-classes: Persistence Technique^c

Registry Run Keys / Startup Folder^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.001

has super-classes: Boot or Logon Autostart Execution^c; may-modify^op some System Configuration Init Database Record^c; may-modify^op some User Startup Script File^c
is also defined as: named individual

Regsvcs/Regasm^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1121

has super-classes: Defense Evasion Technique^c; Execution Technique^c

Regsvcs/Regasm Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.009

has super-classes: Signed Binary Proxy Execution^c

Regsvr32^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1117

has super-classes: Defense Evasion Technique^c; Execution Technique^c

Regsvr32 Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.010

has super-classes: Signed Binary Proxy Execution^c

Relay Pattern Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RelayPatternAnalysis

has super-classes: Network Traffic Analysis^c; analyzes^op some Outbound Internet Network Traffic^c
is also defined as: named individual

Remote Access Software^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1219

has super-classes: Command and Control Technique^c; produces^op some Outbound Internet Network Traffic^c
is also defined as: named individual

Remote Authentication Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteAuthenticationService

has super-classes: Authentication Service^c; Network Service^c

Remote Authorization Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteAuthorizationService

has super-classes: Authorization Service^c

Remote Command^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteCommand

has super-classes: Command^c; Network Session^c
has sub-classes: Remote Database Query^c, Remote Procedure Call^c

Remote Data Staging^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074.002

has super-classes: Data Staged^c; modifies^op some Network Resource^c
is also defined as: named individual

Remote Database Query^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteDatabaseQuery

has super-classes: Database Query^c; Remote Command^c

Remote Desktop Protocol^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.001

has super-classes: Remote Services^c; creates^op some RDP Session^c; produces^op some Administrative Network Traffic^c
is also defined as: named individual

Remote Desktop Protocol^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1076

has super-classes: Lateral Movement Technique^c

Remote Email Collection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.002

has super-classes: Email Collection^c; accesses^op some Mail Server^c
is also defined as: named individual

Remote Procedure Call^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteProcedureCall

is defined by: http://dbpedia.org/resource/Remote_procedure_call

has super-classes: Remote Command^c

Remote Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteResource

has super-classes: Resource^c
has sub-classes: Network Resource^c

Remote Service Session Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563

has super-classes: Lateral Movement Technique^c; accesses^op some Remote Session^c; produces^op some Administrative Network Traffic^c
has sub-classes: RDP Hijacking^c, SSH Hijacking^c
is also defined as: named individual

Remote Services^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021

has super-classes: Lateral Movement Technique^c; produces^op some Intranet Network Traffic^c
has sub-classes: Distributed Component Object Model^c, Remote Desktop Protocol^c, SMB/Windows Admin Shares^c, SSH^c, VNC^c, Windows Remote Management^c
is also defined as: named individual

Remote Session^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteSession

has super-classes: Login Session^c
has sub-classes: RDP Session^c, SSH Session^c
is also defined as: named individual

Remote System Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1018

has super-classes: Discovery Technique^c; may-access^op some Operating System Configuration File^c; may-invoke^op some Create Process^c; may-invoke^op some Create Socket^c; produces^op some Network Traffic^c
is also defined as: named individual

Remote Terminal Session^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteTerminalSession

has super-classes: Network Session^c

Remote Terminal Session Detection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteTerminalSessionDetection

has super-classes: Network Traffic Analysis^c; analyzes^op some Network Traffic^c
is also defined as: named individual

Removable Media Device^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemovableMediaDevice

has super-classes: Hardware Device^c
is also defined as: named individual

Rename System Utilities^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.003

has super-classes: Masquerading^c; may-create^op some Executable File^c; may-modify^op some Operating System Executable File^c
is also defined as: named individual

Replication Through Removable Media^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1091

has super-classes: Initial Access Technique^c; Lateral Movement Technique^c; executes^op some Removable Media Device^c
is also defined as: named individual

Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Resource

has super-classes: Digital Artifact^c
has sub-classes: Configuration Resource^c, File^c, Local Resource^c, Remote Resource^c
is in domain of: addressed-by^op
is in range of: addresses^op
is also defined as: named individual

Resource Access^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceAccess

has super-classes: Digital Event^c; User Action^c
has sub-classes: Local Resource Access^c, Network Resource Access^c
is also defined as: named individual

Resource Access Pattern Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceAccessPatternAnalysis

has super-classes: User Behavior Analysis^c; analyzes^op some Authentication^c; analyzes^op some Authorization^c
is also defined as: named individual

Resource Development^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceDevelopment

has super-classes: Offensive Tactic^c

Resource Development Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceDevelopmentTechnique

has super-classes: Offensive Technique^c; enables^op some reconnaissance^c
has sub-classes: Acquire Infrastructure^c, Compromise Accounts^c, Compromise Infrastructure^c, Develop Capabilities^c, Establish Accounts^c, Obtain Capabilities^c, Stage Capabilities^c
is also defined as: named individual

Resource Fork^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceFork

has super-classes: File Section^c
is also defined as: named individual

Resource Forking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.009

has super-classes: Hide Artifacts^c; may-create^op some Resource Fork^c; may-modify^op some Resource Fork^c
is also defined as: named individual

Resource Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1496

has super-classes: Impact Technique^c

Reverse Proxy Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReverseProxyServer

is defined by: http://dbpedia.org/resource/Reverse_proxy

has super-classes: Proxy Server^c

Reverse Resolution Domain Denylisting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReverseResolutionDomainDenylisting

has super-classes: DNS Denylisting^c; blocks^op some Inbound Internet DNS Response Traffic^c
is also defined as: named individual

Reverse Resolution IP Denylisting^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReverseResolutionIPDenylisting

has super-classes: DNS Denylisting^c; blocks^op some Outbound Internet DNS Lookup Traffic^c
is also defined as: named individual

Reversible Encryption^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.005

has super-classes: Modify Authentication Process^c

Revert Cloud Instance^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1536

has super-classes: Defense Evasion Technique^c

Revert Cloud Instance^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1578.004

has super-classes: Modify Cloud Compute Infrastructure^c

RF Node^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFNode

has super-classes: Network Node^c
has sub-classes: RF Receiver^c, RF Transceiver^c, RF Transmitter^c

RF Receiver^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFReceiver

has super-classes: RF Node^c

RF Shielding^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFShielding

has super-classes: Platform Hardening^c
is also defined as: named individual

RF Transceiver^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFTransceiver

has super-classes: RF Node^c
has sub-classes: Wireless Access Point^c

RF Transmitter^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFTransmitter

has super-classes: RF Node^c

Right-to-Left Override^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.002

has super-classes: Masquerading^c; modifies^op some File System Metadata^c
is also defined as: named individual

Rogue Domain Controller^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1207

has super-classes: Defense Evasion Technique^c; modifies^op some System Configuration Database^c; produces^op some Intranet Administrative Network Traffic^c
is also defined as: named individual

ROM^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ROM

is defined by: https://d3fend.mitre.org/ontologies/d3fend.owl

has super-classes: Primary Storage^c

ROMMONkit^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.004

has super-classes: Pre-OS Boot^c

Rootkit^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1014

has super-classes: Defense Evasion Technique^c; may-modify^op some Boot Sector^c; may-modify^op some Firmware^c; may-modify^op some Kernel^c; may-modify^op some Kernel Module^c; may-modify^op some Shared Library File^c
is also defined as: named individual

Router^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Router

is defined by: http://dbpedia.org/resource/Router_(computing)

has super-classes: Network Node^c
has sub-classes: Wireless Router^c

RPC Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RPCNetworkTraffic

has super-classes: Network Traffic^c
has sub-classes: Intranet RPC Network Traffic^c, Outbound Internet RPC Traffic^c
is also defined as: named individual

RPC Traffic Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RPCTrafficAnalysis

has super-classes: Network Traffic Analysis^c; analyzes^op some RPC Network Traffic^c
is also defined as: named individual

Run Virtual Instance^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.006

has super-classes: Hide Artifacts^c; creates^op some File^c; executes^op some Virtualization Software^c; may-add^op some Virtualization Software^c; may-create^op some Directory^c
is also defined as: named individual

Rundll32^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1085

has super-classes: Defense Evasion Technique^c; Execution Technique^c

Rundll32 Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.011

has super-classes: Signed Binary Proxy Execution^c; invokes^op some Create Process^c; loads^op some Shared Library File^c
is also defined as: named individual

Runtime Data Manipulation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1494

has super-classes: Impact Technique^c

Runtime Data Manipulation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.003

has super-classes: Data Manipulation^c; may-modify^op some Executable File^c
is also defined as: named individual

Safe Mode Boot^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.009

has super-classes: Impair Defenses^c; disables^op some Endpoint Sensor^c; disables^op some System Configuration Init Database Record^c; may-modify^op some Endpoint Health Beacon^c
is also defined as: named individual

SAML Tokens^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1606.002

has super-classes: Forge Web Credentials^c

Saved Instruction Pointer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SavedInstructionPointer

has super-classes: Pointer^c; Stack Component^c

Scan Databases^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596.005

has super-classes: Search Open Technical Databases^c

Scanning IP Blocks^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1595.001

has super-classes: Active Scanning^c

Scheduled Job Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScheduledJobAnalysis

has super-classes: Operating System Monitoring^c; analyzes^op some Task Schedule^c
is also defined as: named individual

Scheduled Task/Job Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053

has super-classes: Execution Technique^c; Persistence Technique^c; Privilege Escalation Technique^c; invokes^op some Create Process^c; modifies^op some Task Schedule^c
has sub-classes: At (Linux) Execution^c, At (Windows) Execution^c, Container Orchestration Job^c, Cron Execution^c, Launchd^c, Schtasks Execution^c, Systemd Timers^c
is also defined as: named individual

Scheduled Transfer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1029

has super-classes: Exfiltration Technique^c; produces^op some Internet Network Traffic^c
is also defined as: named individual

Schtasks Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.005

has super-classes: Scheduled Task/Job Execution^c

Screen Capture^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1113

has super-classes: Collection Technique^c; may-access^op some Display Server^c; may-invoke^op some Get Screen Capture^c
is also defined as: named individual

Screensaver^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1180

has super-classes: Persistence Technique^c

Screensaver^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.002

has super-classes: Event Triggered Execution^c; creates^op some Executable File^c; modifies^op some System Configuration Database Record^c
is also defined as: named individual

Script Application Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScriptApplicationProcess

has super-classes: Application Process^c; interprets^op some Executable Script^c
is also defined as: named individual

Script Execution Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScriptExecutionAnalysis

has super-classes: Process Analysis^c; analyzes^op some Script Application Process^c
is also defined as: named individual

Search Closed Sources^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1597

has super-classes: Reconnaissance Technique^c
has sub-classes: Purchase Technical Data^c, Threat Intel Vendors^c

Search Engines^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1593.002

has super-classes: Search Open Websites/Domains^c

Search Open Technical Databases^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596

has super-classes: Reconnaissance Technique^c
has sub-classes: CDNs^c, DNS/Passive DNS^c, Digital Certificates^c, Scan Databases^c, WHOIS^c

Search Open Websites/Domains^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1593

has super-classes: Reconnaissance Technique^c
has sub-classes: Search Engines^c, Social Media^c

Search Victim-Owned Websites^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1594

has super-classes: Reconnaissance Technique^c

Second-stage Boot Loader^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Second-stageBootLoader

has super-classes: Boot Loader^c

Secondary Storage^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SecondaryStorage

is defined by: https://d3fend.mitre.org/ontologies/d3fend.owl

has super-classes: Hardware Device^c; Storage^c
has sub-classes: Cloud Storage^c, Flash Memory^c, Tertiary Storage^c

Security Account Manager^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.002

has super-classes: OS Credential Dumping^c; may-access^op some Authentication Service^c; may-access^op some Process^c; may-access^op some System Password Database^c
is also defined as: named individual

Security Software Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1063

has super-classes: Discovery Technique^c

Security Software Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1518.001

has super-classes: Software Discovery^c; may-access^op some File System Metadata^c; may-access^op some Kernel Process Table^c; may-access^op some System Configuration Database Record^c; may-access^op some System Firewall Configuration^c; may-invoke^op some Get Running Processes^c
is also defined as: named individual

Security Support Provider^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1101

has super-classes: Persistence Technique^c

Security Support Provider^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.005

has super-classes: Boot or Logon Autostart Execution^c; modifies^op some System Configuration Database Record^c
is also defined as: named individual

Security Token^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SecurityToken

has super-classes: Hardware Device^c; contains^op some Access Token^c
is also defined as: named individual

Securityd Memory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1167

has super-classes: Credential Access Technique^c

Securityd Memory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.002

has super-classes: Credentials from Password Stores^c; accesses^op some In-memory Password Store^c
is also defined as: named individual

Segment Address Offset Randomization^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SegmentAddressOffsetRandomization

has super-classes: Application Hardening^c; obfuscates^op some Process Segment^c
is also defined as: named individual

Sender MTA Reputation Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SenderMTAReputationAnalysis

has super-classes: Message Analysis^c; analyzes^op some Email^c
is also defined as: named individual

Sender Reputation Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SenderReputationAnalysis

has super-classes: Message Analysis^c; analyzes^op some Email^c
is also defined as: named individual

Sensor^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Sensor

has super-classes: D3FEND Thing^c; Digital Artifact^c
has sub-classes: Cloud Service Sensor^c, Endpoint Sensor^c, Network Sensor^c

Serialization Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SerializationFunction

has super-classes: Subroutine^c

Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Server

has super-classes: Host^c; Network Resource^c; manages^op some Service Application Process^c; runs^op some Service Application^c
has sub-classes: Authentication Server^c, Computing Server^c, DNS Server^c, Database Server^c, File Server^c, Mail Server^c, Media Server^c, Orchestration Server^c, Print Server^c, Proxy Server^c, VPN Server^c, Web Server^c
is also defined as: named individual

Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.004

has super-classes: Acquire Infrastructure^c

Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.004

has super-classes: Compromise Infrastructure^c

Server Software Component^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505

has super-classes: Persistence Technique^c
has sub-classes: IIS Components^c, SQL Stored Procedures^c, Terminal Services DLL^c, Transport Agent^c, Web Shell^c

Server-Side Request Forgery (SSRF)^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-918

has super-classes: Weakness^c; weakness of^op some User Input Function^c
is also defined as: named individual

Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Service

has super-classes: Capability Implementation^c
has sub-classes: Software Service^c

Service Application^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceApplication

has super-classes: Application^c
has sub-classes: Container Orchestration Software^c, Container Runtime^c, Credential Management System^c, Software Deployment Tool^c, Virtualization Software^c, Web Server Application^c
is also defined as: named individual

Service Application Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceApplicationProcess

has super-classes: Application Process^c
has sub-classes: Authentication Service^c, Authorization Service^c, Network Service^c
is also defined as: named individual

Service Binary Verification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceBinaryVerification

has super-classes: System File Analysis^c; verifies^op some Service Application^c
is also defined as: named individual

Service Dependency^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceDependency

has super-classes: Dependency^c
is also defined as: named individual

Service Dependency Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceDependencyMapping

has super-classes: System Mapping^c; maps^op some Service Dependency^c
is also defined as: named individual

Service Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1035

has super-classes: Execution Technique^c

Service Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1569.002

has super-classes: System Services^c

Service Exhaustion Flood^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499.002

has super-classes: Network Denial of Service^c; produces^op some Inbound Internet Network Traffic^c
is also defined as: named individual

Service Provider^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceProvider

has super-classes: Provider^c; provides^op some Service^c

Service Registry Permissions Weakness^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1058

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

Service Stop^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1489

has super-classes: Impact Technique^c

Services File Permissions Weakness^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.010

has super-classes: Hijack Execution Flow^c; modifies^op some Service Application^c
is also defined as: named individual

Services Registry Permissions Weakness^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.011

has super-classes: Hijack Execution Flow^c; modifies^op some System Configuration Init Database Record^c
is also defined as: named individual

Session^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Session

is defined by: http://dbpedia.org/resource/Session_(computer_science)

has super-classes: Digital Artifact^c
has sub-classes: Login Session^c

Session Cookie^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SessionCookie

has super-classes: Credential^c
is also defined as: named individual

Session Duration Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SessionDurationAnalysis

has super-classes: User Behavior Analysis^c; analyzes^op some Authentication^c; analyzes^op some Authorization^c
is also defined as: named individual

Set System Config Value^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SetSystemConfigValue

has super-classes: System Config System Call^c; modifies^op some System Configuration Database Record^c
has members: reg set key value aⁿⁱ, reg set key value wⁿⁱ, reg set value aⁿⁱ, reg set value ex aⁿⁱ, reg set value ex wⁿⁱ, reg set value wⁿⁱ
is also defined as: named individual

Setuid and Setgid^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1166

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

Setuid and Setgid^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.001

has super-classes: Abuse Elevation Control Mechanism^c; modifies^op some Access Control Configuration^c
is also defined as: named individual

Shadow Stack^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShadowStack

has super-classes: Digital Artifact^c; copy-of^op some Call Stack^c
is also defined as: named individual

Shadow Stack Comparisons^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShadowStackComparisons

has super-classes: Process Analysis^c; analyzes^op some Stack Frame^c
is also defined as: named individual

Shared Computer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SharedComputer

has super-classes: Client Computer^c
has sub-classes: Kiosk Computer^c, Network Printer^c, Operations Center Computer^c, Thin Client Computer^c

Shared Library File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SharedLibraryFile

has super-classes: Object File^c
has sub-classes: Operating System Shared Library File^c
is also defined as: named individual

Shared Modules Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1129

has super-classes: Execution Technique^c

Shared Resource Access Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SharedResourceAccessFunction

has super-classes: Subroutine^c; accesses^op some Resource^c
is also defined as: named individual

Sharepoint^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.002

has super-classes: Data from Information Repositories^c; accesses^op some Web File Resource^c
is also defined as: named individual

Shim^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Shim

has super-classes: Software^c
has sub-classes: Application Shim^c
is also defined as: named individual

Shim Database^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShimDatabase

has super-classes: Application Configuration Database^c
is also defined as: named individual

Shortcut File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShortcutFile

has super-classes: File^c
has sub-classes: Windows Shortcut File^c

Shortcut Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1023

has super-classes: Persistence Technique^c

Shortcut Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.009

has super-classes: Boot or Logon Autostart Execution^c; may-modify^op some Symbolic Link^c; may-modify^op some User Startup Script File^c
is also defined as: named individual

SID-History Injection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.005

has super-classes: Access Token Manipulation^c; modifies^op some Access Control Configuration^c
is also defined as: named individual

SID-History Injection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1178

has super-classes: Privilege Escalation Technique^c

Signed Binary Proxy Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218

has super-classes: Defense Evasion Technique^c; Execution Technique^c
has sub-classes: CMSTP^c, Compiled HTML File^c, Control Panel Execution^c, InstallUtil Execution^c, MMC^c, Mavinject^c, Mshta Execution^c, Msiexec Execution^c, Odbcconf Execution^c, Regsvcs/Regasm Execution^c, Regsvr32 Execution^c, Rundll32 Execution^c, Verclsid^c

Signed Script Proxy Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1216

has super-classes: Defense Evasion Technique^c; Execution Technique^c
has sub-classes: PubPrn Execution^c

Silver Ticket^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.002

has super-classes: Steal or Forge Kerberos Tickets^c

SIP and Trust Provider Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1198

has super-classes: Defense Evasion Technique^c; Persistence Technique^c

SIP and Trust Provider Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.003

has super-classes: Subvert Trust Controls^c; modifies^op some System Configuration Database Record^c
is also defined as: named individual

Slow Symbolic Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SlowSymbolicLink

has super-classes: Symbolic Link^c; Unix Link^c
has sub-classes: Alias^c
is disjoint with: Fast Symbolic Link^c

SMB/Windows Admin Shares^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.002

has super-classes: Remote Services^c

SNMP (MIB Dump)^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1602.001

has super-classes: Data from Configuration Repository^c

Social Media^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1593.001

has super-classes: Search Open Websites/Domains^c

Social Media Accounts^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1585.001

has super-classes: Establish Accounts^c

Social Media Accounts^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1586.001

has super-classes: Compromise Accounts^c

Software^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Software

has super-classes: Digital Artifact^c; contains^op some Executable File^c; implements^op some Subroutine^c; instructs^op some Process^c
has sub-classes: Application^c, Firmware^c, Network Agent^c, Shim^c, Software Library^c, Software Patch^c, Subroutine^c, System Service Software^c, System Software^c, Utility Software^c
is also defined as: named individual

Software^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1592.002

has super-classes: Gather Victim Host Information^c

Software Artifact Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareArtifactServer

has super-classes: Artifact Server^c

Software Deployment Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareDeploymentTool

has super-classes: Service Application^c
is also defined as: named individual

Software Deployment Tools Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1072

has super-classes: Execution Technique^c; Lateral Movement Technique^c; adds^op some File^c; executes^op some Software Deployment Tool^c; installs^op some Software^c
is also defined as: named individual

Software Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1518

has super-classes: Discovery Technique^c
has sub-classes: Security Software Discovery^c

Software Inventory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareInventory

has super-classes: Asset Inventory^c; inventories^op some Software^c
is also defined as: named individual

Software Library^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareLibrary

has super-classes: Software^c; contains^op some Software Library File^c
is also defined as: named individual

Software Library File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareLibraryFile

has super-classes: File^c; contains^op some Subroutine^c; may-contain^op some Executable Binary^c; may-contain^op some Executable Script^c
is also defined as: named individual

Software Package^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwarePackage

has super-classes: Digital Artifact^c
has sub-classes: Java Archive^c, Python Package^c

Software Packaging Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwarePackagingTool

has super-classes: Build Tool^c
has sub-classes: Container Build Tool^c, Operating System Packaging Tool^c

Software Packing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.002

has super-classes: Obfuscated Files or Information^c; obfuscates^op some Executable File^c
is also defined as: named individual

Software Packing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1045

has super-classes: Defense Evasion Technique^c

Software Patch^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwarePatch

is defined by: http://dbpedia.org/resource/Patch_(computing)

has super-classes: Software^c

Software Product^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareProduct

has super-classes: Product^c

Software Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareService

has super-classes: Service^c

Software Update^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareUpdate

has super-classes: Platform Hardening^c; updates^op some Software^c
is also defined as: named individual

Source Code^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SourceCode

has super-classes: Information Content Entity^c
is also defined as: named individual

Source Code Analyzer Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SourceCodeAnalyzerTool

has super-classes: Static Analysis Tool^c

Source Code Reference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SourceCodeReference

has super-classes: Technique Reference^c
has members: Reference - Muninⁿⁱ, Reference - OS Query Windows User Collection Codeⁿⁱ

Space after Filename^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.006

has super-classes: Masquerading^c; creates^op some File^c
is also defined as: named individual

Space after Filename^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1151

has super-classes: Defense Evasion Technique^c; Execution Technique^c

Spearphishing Attachment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1193

has super-classes: Initial Access Technique^c

Spearphishing Attachment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.001

has super-classes: Phishing^c; produces^op some Email^c; produces^op some Inbound Internet Mail Traffic^c
is also defined as: named individual

Spearphishing Attachment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1598.002

has super-classes: Phishing for Information^c

Spearphishing Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1192

has super-classes: Initial Access Technique^c

Spearphishing Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.002

has super-classes: Phishing^c; produces^op some Email^c; produces^op some Inbound Internet Mail Traffic^c; produces^op some URL^c
is also defined as: named individual

Spearphishing Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1598.003

has super-classes: Phishing for Information^c

Spearphishing Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1598.001

has super-classes: Phishing for Information^c

Spearphishing via Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1194

has super-classes: Initial Access Technique^c

Spearphishing Via Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.003

has super-classes: Phishing^c; produces^op some File^c; produces^op some URL^c
is also defined as: named individual

Specification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Specification

has super-classes: Document^c

Specification Reference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SpecificationReference

has super-classes: Technique Reference^c
has members: Reference - An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworksⁿⁱ, Reference - DNS Whitelist (DNSWL) Email Authentication Method Extensionⁿⁱ, Reference - IEEE Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discoveryⁿⁱ, Reference - LUKS1 On-Disk Format SpecificationVersion 1.2.3ⁿⁱ, Reference - Pointer Authentication on ARMv8.3ⁿⁱ, Reference - PsSuspend - Microsoftⁿⁱ, Reference - RFC 2289 - A One-Time Password Systemⁿⁱ, Reference - RFC 6376: DomainKeys Identified Mail (DKIM) Signatures - IETFⁿⁱ, Reference - RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email - IETFⁿⁱ, Reference - RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC) - IETFⁿⁱ, Reference - RFC 7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirementsⁿⁱ, Reference - Revoke a previously issued verifiable credential - Microsoftⁿⁱ, Reference - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1ⁿⁱ, Reference - Security Architecture for the Internet Protocolⁿⁱ, Reference - TCG Trusted Attestation Protocol Use Cases for TPM Families 1.2 and 2.0 and DICEⁿⁱ, Reference - TPM 2.0 Library Specification - Trusted Computing Group, Incorporatedⁿⁱ, Reference - Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilitiesⁿⁱ, Reference - Trusted Attestation Protocol Use Casesⁿⁱ, Reference - UEFI Platform Initialization (PI) Specificationⁿⁱ, Reference - Unified Architecture Framework (UAF)ⁿⁱ, Reference - Web Authentication: An API for accessing Public Key Credentials Level 2ⁿⁱ, Reference - Web-Based Enterprise Managementⁿⁱ, Reference - Windows Management Infrastructure (MI)ⁿⁱ, Reference - Windows Management Instrumentation (WMI)ⁿⁱ

SQL Stored Procedures^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.001

has super-classes: Server Software Component^c; creates^op some Stored Procedure^c; invokes^op some Create Process^c
is also defined as: named individual

SSH^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.004

has super-classes: Remote Services^c; creates^op some SSH Session^c; produces^op some Administrative Network Traffic^c
is also defined as: named individual

SSH Authorized Keys^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.004

has super-classes: Account Manipulation^c

SSH Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1184

has super-classes: Lateral Movement Technique^c

SSH Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563.001

has super-classes: Remote Service Session Hijacking^c; accesses^op some SSH Session^c
is also defined as: named individual

SSH Session^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SSHSession

has super-classes: Remote Session^c
is also defined as: named individual

Stack Component^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackComponent

has super-classes: Digital Artifact^c
has sub-classes: Saved Instruction Pointer^c, Stack Frame^c, Stack Frame Canary^c

Stack Frame^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackFrame

has super-classes: Stack Component^c; may-contain^op some Pointer^c; may-contain^op some Stack Frame Canary^c
is also defined as: named individual

Stack Frame Canary^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackFrameCanary

has super-classes: Stack Component^c
is also defined as: named individual

Stack Frame Canary Validation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackFrameCanaryValidation

has super-classes: Application Hardening^c; validates^op some Stack Frame^c
has members: GNU GCC StackGuardⁿⁱ, Microsoft VCCLCompilerTool BufferSecurityCheckⁿⁱ
is also defined as: named individual

Stack Segment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackSegment

has super-classes: Process Segment^c; contains^op some Stack Frame^c
is also defined as: named individual

Stage Capabilities^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608

has super-classes: Resource Development Technique^c
has sub-classes: Drive-by Target^c, Install Digital Certificate^c, Link Target^c, Upload Malware^c, Upload Tool^c

Standalone Honeynet^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StandaloneHoneynet

has super-classes: Decoy Environment^c; spoofs^op some Intranet Network^c
is also defined as: named individual

Standard Cryptographic Protocol^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1032

has super-classes: Command and Control Technique^c

Standard Encoding^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1132.001

has super-classes: Data Encoding^c

Startup Directory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StartupDirectory

has super-classes: Directory^c; Local Resource^c

Startup Items^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.005

has super-classes: Boot or Logon Initialization Scripts^c; modifies^op some System Startup Directory^c
is also defined as: named individual

Startup Items^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1165

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

Statement^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Statement

is defined by: http://semanticscience.org/resource/SIO_001183

has super-classes: Proposition^c
has sub-classes: Capability Feature Claim^c

Static Analysis Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StaticAnalysisTool

is defined by: http://dbpedia.org/resource/Static_program_analysis

has super-classes: Code Analyzer^c
has sub-classes: Source Code Analyzer Tool^c

Steal Application Access Token^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1528

has super-classes: Credential Access Technique^c; accesses^op some Access Token^c
is also defined as: named individual

Steal or Forge Kerberos Tickets^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558

has super-classes: Credential Access Technique^c; may-access^op some Kerberos Ticket^c; may-create^op some Kerberos Ticket^c
has sub-classes: AS-REP Roasting^c, Golden Ticket^c, Kerberoasting^c, Silver Ticket^c
is also defined as: named individual

Steal Web Session Cookie^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1539

has super-classes: Credential Access Technique^c; accesses^op some Session Cookie^c
is also defined as: named individual

Steganography^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001.002

has super-classes: Data Obfuscation^c

Steganography^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.003

has super-classes: Obfuscated Files or Information^c

step^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Step

has super-classes: D3FEND Thing^c; end^op some step^c; fork^op some step^c; may-be-associated-with^op some Artifact^c; next^op some step^c
has sub-classes: Use Case Step^c
has members: Step 1 - Copy Tokenⁿⁱ, Step 2 - Impersonate Userⁿⁱ

Storage^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Storage

has super-classes: Digital Artifact^c; may-contain^op some File System^c
has sub-classes: Primary Storage^c, Secondary Storage^c
is also defined as: named individual

Stored Data Manipulation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1492

has super-classes: Impact Technique^c

Stored Data Manipulation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.001

has super-classes: Data Manipulation^c; modifies^op some File^c
is also defined as: named individual

Stored Procedure^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StoredProcedure

has super-classes: Subroutine^c
is also defined as: named individual

String Format Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StringFormatFunction

has super-classes: Subroutine^c

Strong Password Policy^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StrongPasswordPolicy

has super-classes: Credential Hardening^c; strengthens^op some Password^c; strengthens^op some User Account^c
is also defined as: named individual

Subroutine^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Subroutine

has super-classes: Software^c
has sub-classes: Authentication Function^c, Console Output Function^c, Copy Memory Function^c, Deserialization Function^c, Eval Function^c, Exception Handler^c, External Content Inclusion Function^c, File Path Open Function^c, Import Library Function^c, Input Function^c, Log Message Function^c, Mathematical Function^c, Memory Allocation Function^c, Memory Free Function^c, Pointer Dereferencing Function^c, Process Start Function^c, Raw Memory Access Function^c, Serialization Function^c, Shared Resource Access Function^c, Stored Procedure^c, String Format Function^c, Thread Start Function^c
is also defined as: named individual

Subvert Trust Controls^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553

has super-classes: Defense Evasion Technique^c
has sub-classes: Code Signing^c, Code Signing Policy Modification^c, Gatekeeper Bypass^c, Install Root Certificate^c, Mark-of-the-Web Bypass^c, SIP and Trust Provider Hijacking^c

Sudo^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1169

has super-classes: Privilege Escalation Technique^c

Sudo and Sudo Caching^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.003

has super-classes: Abuse Elevation Control Mechanism^c; may-modify^op some Event Log^c; modifies^op some Operating System Configuration File^c
is also defined as: named individual

Sudo Caching^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1206

has super-classes: Privilege Escalation Technique^c

Supply Chain Compromise^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195

has super-classes: Initial Access Technique^c; modifies^op some Digital Artifact^c
has sub-classes: Compromise Hardware Supply Chain^c, Compromise Software Dependencies and Development Tools^c, Compromise Software Supply Chain^c
is also defined as: named individual

Suspend Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SuspendProcess

has super-classes: System Call^c; evicts^op some Process^c
is also defined as: named individual

Switch^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Switch

is defined by: http://dbpedia.org/resource/Network_switch

has super-classes: Network Node^c

Symbolic Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SymbolicLink

has super-classes: File^c; File System Link^c; addresses^op some File^c
has sub-classes: Fast Symbolic Link^c, NTFS Junction Point^c, NTFS Symbolic Link^c, POSIX Symbolic Link^c, Slow Symbolic Link^c
is also defined as: named individual

Symmetric Cryptography^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573.001

has super-classes: Encrypted Channel^c; creates^op some Outbound Internet Encrypted Traffic^c
is also defined as: named individual

Symmetric Key^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SymmetricKey

has super-classes: Cryptographic Key^c

System^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#System

is defined by: https://d3fend.mitre.org/ontologies/d3fend.owl

has super-classes: Artifact^c
has sub-classes: Digital System^c

System Call^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCall

has super-classes: Digital Artifact^c; Digital Event^c; executes^op some Subroutine^c
has sub-classes: Allocate Memory^c, Authenticate User^c, Connect Socket^c, Copy Token^c, Create File^c, Create Process^c, Create Socket^c, Create Thread^c, Free Memory^c, Get Open Sockets^c, Get Open Windows^c, Get Running Processes^c, Get Screen Capture^c, Get System Time^c, Impersonate User^c, Logon User^c, Move File^c, Open File^c, Read File^c, Suspend Process^c, System Config System Call^c, Terminate Process^c, Trace Process^c, Write File^c
is also defined as: named individual

System Call Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCallAnalysis

has super-classes: Process Analysis^c; analyzes^op some System Call^c
has sub-classes: File Creation Analysis^c
has members: File Creation Analysisⁿⁱ
is also defined as: named individual

System Call Filtering^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCallFiltering

has super-classes: Kernel-based Process Isolation^c; filters^op some System Call^c
is also defined as: named individual

System Checks^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1497.001

has super-classes: Virtualization/Sandbox Evasion^c

System Config System Call^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigSystemCall

has super-classes: System Call^c
has sub-classes: Get System Config Value^c, Set System Config Value^c

System Configuration Database^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationDatabase

has super-classes: Database^c; contains^op some System Configuration Database Record^c
has sub-classes: Windows Registry^c
is also defined as: named individual

System Configuration Database Record^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationDatabaseRecord

has super-classes: Configuration Database Record^c; Operating System Configuration Component^c
has sub-classes: System Configuration Init Database Record^c, Windows Registry Key^c
is also defined as: named individual

System Configuration Init Database Record^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationInitDatabaseRecord

has super-classes: System Configuration Database Record^c; System Configuration Init Resource^c; System Init Configuration^c
is also defined as: named individual

System Configuration Init Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationInitResource

has super-classes: Local Resource^c
has sub-classes: System Configuration Init Database Record^c, System Init Script^c, System Startup Directory^c

System Configuration Permissions^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationPermissions

has super-classes: Platform Hardening^c; restricts^op some System Configuration Database^c; restricts^op value Operating System Configuration
is also defined as: named individual

System Daemon Monitoring^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemDaemonMonitoring

has super-classes: Operating System Monitoring^c; monitors^op some Operating System Process^c
is also defined as: named individual

System Dependency^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemDependency

has super-classes: Dependency^c
is also defined as: named individual

System Dependency Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemDependencyMapping

has super-classes: System Mapping^c; maps^op some System Dependency^c
is also defined as: named individual

System File Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFileAnalysis

has super-classes: Operating System Monitoring^c; analyzes^op some Operating System File^c
has sub-classes: Service Binary Verification^c
has members: Service Binary Verificationⁿⁱ
is also defined as: named individual

System Firewall Configuration^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFirewallConfiguration

has super-classes: Operating System Configuration Component^c; configures^op some Host-based Firewall^c
is also defined as: named individual

System Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFirmware

has super-classes: Firmware^c
is also defined as: named individual

System Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1019

has super-classes: Persistence Technique^c

System Firmware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.001

has super-classes: Pre-OS Boot^c; modifies^op some System Firmware^c
is also defined as: named individual

System Firmware Verification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFirmwareVerification

has super-classes: Firmware Verification^c; verifies^op some System Firmware^c
is also defined as: named individual

System Information Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1082

has super-classes: Discovery Technique^c; may-access^op some Decoy Artifact^c; may-invoke^op some Create Process^c
is also defined as: named individual

System Init Config Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemInitConfigAnalysis

has super-classes: Operating System Monitoring^c; analyzes^op some System Init Configuration^c
is also defined as: named individual

System Init Configuration^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemInitConfiguration

has super-classes: Operating System Configuration Component^c
has sub-classes: System Configuration Init Database Record^c, System Init Script^c, System Startup Directory^c
is also defined as: named individual

System Init Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemInitProcess

has super-classes: Operating System Process^c

System Init Script^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemInitScript

has super-classes: Executable Script^c; System Configuration Init Resource^c; System Init Configuration^c
is also defined as: named individual

System Language Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1614.001

has super-classes: System Location Discovery^c; queries^op some System Configuration Database^c
is also defined as: named individual

System Location Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1614

has super-classes: Discovery Technique^c; accesses^op some Configuration Resource^c
has sub-classes: System Language Discovery^c
is also defined as: named individual

System Mapping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemMapping

has super-classes: Defensive Technique^c; enables^op some Model^c
has sub-classes: Data Exchange Mapping^c, Service Dependency Mapping^c, System Dependency Mapping^c, System Vulnerability Assessment^c
has members: Data Exchange Mappingⁿⁱ, Service Dependency Mappingⁿⁱ, System Dependency Mappingⁿⁱ, System Vulnerability Assessmentⁿⁱ
is also defined as: named individual

System Network Configuration Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1016

has super-classes: Discovery Technique^c; may-execute^op some Executable Script^c; may-invoke^op some Create Process^c; may-invoke^op some Get System Network Config Value^c
has sub-classes: Internet Connection Discovery^c
is also defined as: named individual

System Network Connections Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1049

has super-classes: Discovery Technique^c; may-invoke^op some Get Open Sockets^c
is also defined as: named individual

System Owner/User Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1033

has super-classes: Discovery Technique^c; may-access^op some Directory Service^c; may-access^op some Get System Config Value^c; may-access^op some Password File^c; may-access^op some Process Segment^c; may-invoke^op some Copy Token^c; may-invoke^op some Create Process^c
is also defined as: named individual

System Password Database^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemPasswordDatabase

has super-classes: Password Database^c
is also defined as: named individual

System Service Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1007

has super-classes: Discovery Technique^c; may-invoke^op some Create Process^c; may-invoke^op some Get Running Processes^c
is also defined as: named individual

System Service Software^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemServiceSoftware

has super-classes: Software^c; contains^op some Operating System File^c
has sub-classes: Local Authentication Service^c, Local Authorization Service^c, Task Scheduler Software^c
is also defined as: named individual

System Services^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1569

has super-classes: Execution Technique^c
has sub-classes: Launchctl^c, Service Execution^c

System Shutdown/Reboot^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1529

has super-classes: Impact Technique^c

System Software^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemSoftware

has super-classes: Software^c
has sub-classes: Host-based Firewall^c, Kernel^c

System Startup Directory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemStartupDirectory

has super-classes: Directory^c; System Configuration Init Resource^c; System Init Configuration^c
is also defined as: named individual

System Time Application^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemTimeApplication

has super-classes: Utility Software^c
is also defined as: named individual

System Time Discovery^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1124

has super-classes: Discovery Technique^c; may-invoke^op some Create Process^c; may-invoke^op some Get System Time^c
is also defined as: named individual

System Utilization Record^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemUtilizationRecord

has super-classes: Record^c

System Vulnerability Assessment^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemVulnerabilityAssessment

has super-classes: System Mapping^c; evaluates^op some Digital System^c; identifies^op some vulnerability^c
is also defined as: named individual

Systemd Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1501

has super-classes: Persistence Technique^c

Systemd Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.002

has super-classes: Create or Modify System Process^c; may-create^op some Operating System Configuration File^c; may-modify^op some Operating System Configuration File^c
is also defined as: named individual

Systemd Timers^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.006

has super-classes: Scheduled Task/Job Execution^c

Tablet Computer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TabletComputer

is defined by: http://dbpedia.org/resource/Tablet_computer

has super-classes: Personal Computer^c

Taint Shared Content^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1080

has super-classes: Lateral Movement Technique^c; modifies^op some Network Resource^c
is also defined as: named individual

Target Audience^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TargetAudience

has super-classes: D3FEND Use Case Thing^c
is disjoint with: D3FEND Use Case^c, Use Case Goal^c, Use Case Prerequisite^c, Use Case Procedure^c, Use Case Step^c

Task Schedule^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TaskSchedule

has super-classes: Digital Artifact^c
is also defined as: named individual

Task Scheduler Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TaskSchedulerProcess

has super-classes: Operating System Process^c

Task Scheduler Software^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TaskSchedulerSoftware

has super-classes: System Service Software^c

Technique^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Technique

has super-classes: D3FEND Thing^c; associated-with^op some Digital Artifact^c; implemented-by^op some procedure^c
has sub-classes: Defensive Technique^c, Offensive Technique^c
is in domain of: kb-article
is in range of: kb-reference-of^op
has members: Defensive Techniqueⁿⁱ

Technique Reference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TechniqueReference

has super-classes: D3FEND Thing^c; kb-reference-of^op some Defensive Technique^c; has-link^dp some any u r i; kb-reference-title^dp some string
has sub-classes: Academic Paper Reference^c, Book Reference^c, External Knowledge Base^c, Internet Article Reference^c, Patent Reference^c, Policy Reference^c, Source Code Reference^c, Specification Reference^c, User Manual Reference^c
has members: Reference - Certificate Transparencyⁿⁱ, Reference - Certificate and Public Key Pinningⁿⁱ, Reference - FWTK Documentation - fwtk.orgⁿⁱ, Reference - StreamingPhishⁿⁱ, Reference - Use Rkill to Stop Malware Processes - ghacks.netⁿⁱ

Template Injection^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1221

has super-classes: Defense Evasion Technique^c

Terminal Services DLL^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.005

has super-classes: Server Software Component^c

Terminate Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TerminateProcess

has super-classes: System Call^c; terminates^op some Process^c
is also defined as: named individual

Tertiary Storage^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TertiaryStorage

is defined by: https://d3fend.mitre.org/ontologies/d3fend.owl

has super-classes: Hardware Device^c; Memory Block^c; Secondary Storage^c

Test Execution Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TestExecutionTool

is defined by: http://dbpedia.org/resource/Test_execution_engine

has super-classes: Developer Application^c
has sub-classes: Integration Test Execution Tool^c, Unit Test Execution Tool^c

TFTP Boot^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.005

has super-classes: Pre-OS Boot^c

Thin Client Computer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ThinClientComputer

is defined by: http://dbpedia.org/resource/Thin_client

has super-classes: Shared Computer^c
has sub-classes: Zero Client Computer^c

Thread^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Thread

has super-classes: Digital Artifact^c
is also defined as: named individual

Thread Execution Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.003

has super-classes: Process Injection^c; invokes^op some System Call^c; may-add^op some Executable Binary^c
is also defined as: named individual

Thread Local Storage^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.005

has super-classes: Process Injection^c; invokes^op some System Call^c
is also defined as: named individual

Thread Start Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ThreadStartFunction

has super-classes: Subroutine^c; executes^op some Thread^c
is also defined as: named individual

Threat Intel Vendors^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1597.001

has super-classes: Search Closed Sources^c

Ticket Granting Ticket^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TicketGrantingTicket

is defined by: http://dbpedia.org/resource/Ticket_Granting_Ticket

has super-classes: Access Token^c
has sub-classes: Kerberos Ticket Granting Ticket^c

Time Based Evasion^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1497.003

has super-classes: Virtualization/Sandbox Evasion^c; may-invoke^op some Get System Time^c; may-run^op some System Time Application^c
is also defined as: named individual

Time Providers^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1209

has super-classes: Persistence Technique^c

Time Providers^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.003

has super-classes: Boot or Logon Autostart Execution^c; modifies^op some System Configuration Database Record^c
is also defined as: named individual

Timestomp^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.006

has super-classes: Indicator Removal on Host^c; forges^op some File System Metadata^c
is also defined as: named individual

Timestomp^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1099

has super-classes: Defense Evasion Technique^c

Token Impersonation/Theft^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.001

has super-classes: Access Token Manipulation^c; copies^op some Access Token^c
is also defined as: named individual

Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.002

has super-classes: Obtain Capabilities^c

TPM Boot Integrity^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TPMBootIntegrity

has super-classes: Platform Hardening^c
is also defined as: named individual

Trace Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TraceProcess

has super-classes: System Call^c; monitors^op some Process^c
is also defined as: named individual

Traffic Duplication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1020.001

has super-classes: Automated Exfiltration^c

Traffic Signaling^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1205

has super-classes: Command and Control Technique^c; Defense Evasion Technique^c; Persistence Technique^c; produces^op some Network Traffic^c
has sub-classes: Port Knocking^c
is also defined as: named individual

Transfer Agent Authentication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TransferAgentAuthentication

has super-classes: Message Hardening^c
is also defined as: named individual

Transfer Data to Cloud Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1537

has super-classes: Exfiltration Technique^c

Translation Lookaside Buffer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TranslationLookasideBuffer

has super-classes: Memory Management Unit Component^c
is also defined as: named individual

Transmitted Data Manipulation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1493

has super-classes: Impact Technique^c

Transmitted Data Manipulation^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.002

has super-classes: Data Manipulation^c; may-modify^op some Network Traffic^c
is also defined as: named individual

Transport Agent^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.002

has super-classes: Server Software Component^c; adds^op some Message Transfer Agent^c; modifies^op some Mail Server^c
is also defined as: named individual

Transport Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TransportLink

has super-classes: Logical Link^c

Trap^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1154

has super-classes: Execution Technique^c; Persistence Technique^c

Trap^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.005

has super-classes: Event Triggered Execution^c; executes^op some Command^c; may-create^op some Executable Script^c; may-modify^op some Executable Script^c; modifies^op some Event Log^c
is also defined as: named individual

Trust Store^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TrustStore

has super-classes: Digital Artifact^c
has sub-classes: Certificate Trust Store^c

Trusted Developer Utilities Proxy Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1127

has super-classes: Defense Evasion Technique^c
has sub-classes: MSBuild^c

Trusted Relationship^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1199

has super-classes: Initial Access Technique^c; creates^op some Login Session^c; produces^op some Intranet Network Traffic^c
is also defined as: named individual

Two-Factor Authentication Interception^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1111

has super-classes: Credential Access Technique^c; may-access^op some Security Token^c
is also defined as: named individual

Uncommonly Used Port^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1065

has super-classes: Command and Control Technique^c

Uncontrolled Resource Consumption^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-400

has super-classes: Weakness^c

Unit Test Execution Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UnitTestExecutionTool

has super-classes: Test Execution Tool^c

Unix Hard Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UnixHardLink

is defined by: http://dbpedia.org/resource/Hard_link

has super-classes: Hard Link^c; Unix Link^c

Unix Link^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UnixLink

has super-classes: File System Link^c
has sub-classes: Fast Symbolic Link^c, POSIX Symbolic Link^c, Slow Symbolic Link^c, Unix Hard Link^c

Unix Shell Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.004

has super-classes: Command and Scripting Interpreter Execution^c

Unrestricted Upload of File with Dangerous Type^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-434

has super-classes: Weakness^c; weakness of^op some User Input Function^c
is also defined as: named individual

Unsecured Credentials^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552

has super-classes: Credential Access Technique^c; accesses^op some Credential^c
has sub-classes: Bash History^c, Cloud Instance Metadata API^c, Container API^c, Credentials in Files^c, Credentials in Registry^c, Group Policy Preferences^c, Private Keys^c
is also defined as: named individual

Unused/Unsupported Cloud Regions^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1535

has super-classes: Defense Evasion Technique^c

Upload Malware^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608.001

has super-classes: Stage Capabilities^c

Upload Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1608.002

has super-classes: Stage Capabilities^c

URL^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URL

has super-classes: Identifier^c; addresses^op some Resource^c
has members: HTTP URLⁿⁱ, HTTPS URLⁿⁱ, Web Socket URLⁿⁱ
is also defined as: named individual

URL Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URLAnalysis

has super-classes: Identifier Analysis^c; analyzes^op some URL^c
is also defined as: named individual

URL Reputation Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URLReputationAnalysis

has super-classes: Identifier Reputation Analysis^c; analyzes^op some URL^c
is also defined as: named individual

Use After Free^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-416

has super-classes: Weakness^c

Use Alternate Authentication Material^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550

has super-classes: Defense Evasion Technique^c; Lateral Movement Technique^c; accesses^op some Authentication Service^c
has sub-classes: Application Access Token^c, Pass The Hash^c, Pass The Ticket^c, Web Session Cookie^c
is also defined as: named individual

Use Case Goal^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UseCaseGoal

has super-classes: D3FEND Use Case Thing^c
is disjoint with: D3FEND Use Case^c, Target Audience^c, Use Case Prerequisite^c, Use Case Procedure^c, Use Case Step^c

Use Case Prerequisite^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UseCasePrerequisite

has super-classes: D3FEND Use Case Thing^c
is disjoint with: D3FEND Use Case^c, Target Audience^c, Use Case Goal^c, Use Case Procedure^c, Use Case Step^c

Use Case Procedure^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UseCaseProcedure

has super-classes: D3FEND Use Case Thing^c; procedure^c
is disjoint with: D3FEND Use Case^c, Target Audience^c, Use Case Goal^c, Use Case Prerequisite^c, Use Case Step^c

Use Case Step^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UseCaseStep

has super-classes: D3FEND Use Case Thing^c; step^c
is disjoint with: D3FEND Use Case^c, Target Audience^c, Use Case Goal^c, Use Case Prerequisite^c, Use Case Procedure^c

Use of Hard-coded Credentials^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-798

has super-classes: Weakness^c; weakness of^op some Authentication Function^c
is also defined as: named individual

User^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#User

has super-classes: Digital Artifact^c; has-account^op some User Account^c
is also defined as: named individual

User Account^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserAccount

has super-classes: Digital Artifact^c
has sub-classes: Cloud User Account^c, Default User Account^c, Domain User Account^c, Local User Account^c, Privileged User Account^c
has members: LDIF Recordⁿⁱ
is also defined as: named individual

User Account Permissions^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserAccountPermissions

has super-classes: Credential Hardening^c; restricts^op some User Account^c
is also defined as: named individual

User Action^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserAction

has super-classes: Digital Artifact^c; Digital Event^c
has sub-classes: Authentication^c, Authorization^c, Resource Access^c
is also defined as: named individual

User Activity Based Checks^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1497.002

has super-classes: Virtualization/Sandbox Evasion^c

User Application^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserApplication

has super-classes: Application^c
has sub-classes: Application Installer^c, Browser^c, Browser Extension^c, Collaborative Software^c, Developer Application^c, Office Application^c

User Behavior^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserBehavior

has super-classes: Digital Artifact^c; contains^op some User Action^c
is also defined as: named individual

User Behavior Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserBehaviorAnalysis

has super-classes: Defensive Technique^c; enables^op some Detect^c
has sub-classes: Authentication Event Thresholding^c, Authorization Event Thresholding^c, Credential Compromise Scope Analysis^c, Domain Account Monitoring^c, Job Function Access Pattern Analysis^c, Local Account Monitoring^c, Resource Access Pattern Analysis^c, Session Duration Analysis^c, User Data Transfer Analysis^c, User Geolocation Logon Pattern Analysis^c, Web Session Activity Analysis^c
has members: Authentication Event Thresholdingⁿⁱ, Authorization Event Thresholdingⁿⁱ, Credential Compromise Scope Analysisⁿⁱ, Domain Account Monitoringⁿⁱ, Job Function Access Pattern Analysisⁿⁱ, Local Account Monitoringⁿⁱ, Resource Access Pattern Analysisⁿⁱ, Session Duration Analysisⁿⁱ, User Data Transfer Analysisⁿⁱ, User Geolocation Logon Pattern Analysisⁿⁱ, Web Session Activity Analysisⁿⁱ
is also defined as: named individual

User Data Transfer Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserDataTransferAnalysis

has super-classes: User Behavior Analysis^c; analyzes^op some Resource Access^c
is also defined as: named individual

User Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204

has super-classes: Execution Technique^c
has sub-classes: Malicious File Execution^c, Malicious Image^c, Malicious Link Execution^c

User Geolocation Logon Pattern Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserGeolocationLogonPatternAnalysis

has super-classes: User Behavior Analysis^c; analyzes^op some Network Traffic^c
is also defined as: named individual

User Init Configuration File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserInitConfigurationFile

has super-classes: Configuration File^c; User Logon Init Resource^c
is also defined as: named individual

User Init Script^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserInitScript

has super-classes: Executable Script^c; Init Script^c; User Logon Init Resource^c
has sub-classes: PowerShell Profile Script^c
is also defined as: named individual

User Input Function^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserInputFunction

has super-classes: Input Function^c
is also defined as: named individual

User Interface^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserInterface

is defined by: http://dbpedia.org/resource/User_interface

has super-classes: Digital Artifact^c
has sub-classes: Command Line Interface^c, Graphical User Interface^c

User Logon Init Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserLogonInitResource

has super-classes: Local Resource^c
has sub-classes: User Init Configuration File^c, User Init Script^c, User Startup Directory^c, User Startup Script File^c
is also defined as: named individual

User Manual^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserManual

has super-classes: Document^c
is also defined as: named individual

User Manual Reference^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserManualReference

has super-classes: Technique Reference^c
has members: Reference - /DYNAMICBASE (Use address space layout randomization) - Microsoft Docsⁿⁱ, Reference - /GS (Buffer Security Check) - Microsoft Docsⁿⁱ, Reference - /SAFESEH (Image has Safe Exception Handlers) - Microsoft Docsⁿⁱ, Reference - Cisco ASR 9000 Series Aggregation Services Routers - Access List Commandsⁿⁱ, Reference - File and Folder Permissionsⁿⁱ, Reference - Libre NMS - Network Map Extensionⁿⁱ, Reference - Libre NMS - Oxidized Extensionⁿⁱ, Reference - Mitigate threats by using Windows 10 security features: Data Execution Prevention - Microsoftⁿⁱ, Reference - Qualys Network Passive Sensor Getting Started Guideⁿⁱ, Reference - Registry Key Security and Access Rightsⁿⁱ, Reference - Reverse DNS Blocking - Barracuda Networksⁿⁱ, Reference - SNMP - Network Auto-Discoveryⁿⁱ, Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resourcesⁿⁱ, Reference - Use DNS Policy for Applying Filters on DNS Queriesⁿⁱ

User Process^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserProcess

has super-classes: Process^c
has sub-classes: Application Process^c
is also defined as: named individual

User Session Init Config Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserSessionInitConfigAnalysis

has super-classes: Operating System Monitoring^c; analyzes^op some User Init Configuration File^c
is also defined as: named individual

User Startup Directory^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserStartupDirectory

has super-classes: User Logon Init Resource^c; contains^op some User Startup Script File^c
is also defined as: named individual

User Startup Script File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserStartupScriptFile

has super-classes: Executable Script^c; User Logon Init Resource^c
is also defined as: named individual

User to User Message^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserToUserMessage

has super-classes: Digital Artifact^c; has-recipient^op some User Account^c; has-sender^op some User Account^c
is also defined as: named individual

Utility Software^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UtilitySoftware

is defined by: http://dbpedia.org/resource/Utility_software

has super-classes: Software^c
has sub-classes: System Time Application^c

Valid Accounts^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078

has super-classes: Defense Evasion Technique^c; Initial Access Technique^c; Persistence Technique^c; Privilege Escalation Technique^c; produces^op some Authentication^c; produces^op some Authorization^c; uses^op some User Account^c
has sub-classes: Cloud Accounts^c, Default Accounts^c, Domain Accounts^c, Local Accounts^c
is also defined as: named individual

VBA Stomping^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.007

has super-classes: Hide Artifacts^c; modifies^op some Office Application File^c
is also defined as: named individual

VBScript Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.005

has super-classes: Command and Scripting Interpreter Execution^c

VDSO Hijacking^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.014

has super-classes: Process Injection^c; accesses^op some Shared Library File^c; invokes^op some System Call^c
is also defined as: named individual

Vendor^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Vendor

has super-classes: Provider^c; sells^op some Capability Implementation^c

Verclsid^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.012

has super-classes: Signed Binary Proxy Execution^c

Version Control Tool^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VersionControlTool

is defined by: http://dbpedia.org/resource/Version_control

has super-classes: Developer Application^c

Video Capture^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1125

has super-classes: Collection Technique^c; accesses^op some Video Input Device^c
is also defined as: named individual

Video Input Device^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VideoInputDevice

has super-classes: Input Device^c
has sub-classes: Image Scanner Input Device^c
is also defined as: named individual

Virtual Address^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VirtualAddress

has super-classes: Memory Address^c
is also defined as: named individual

Virtual Memory Space^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VirtualMemorySpace

is defined by: https://d3fend.mitre.org/ontologies/d3fend.owl

has super-classes: Memory Address Space^c

Virtual Private Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.003

has super-classes: Acquire Infrastructure^c

Virtual Private Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.003

has super-classes: Compromise Infrastructure^c

Virtualization Software^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VirtualizationSoftware

has super-classes: Service Application^c
is also defined as: named individual

Virtualization/Sandbox Evasion^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1497

has super-classes: Defense Evasion Technique^c
has sub-classes: System Checks^c, Time Based Evasion^c, User Activity Based Checks^c

VNC^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.005

has super-classes: Remote Services^c

Volume^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Volume

has super-classes: Digital Artifact^c
is also defined as: named individual

Volume Boot Record^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VolumeBootRecord

has super-classes: Boot Record^c
is also defined as: named individual

VPN Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#VPNServer

is defined by: https://www.techopedia.com/definition/30750/vpn-server

has super-classes: Server^c

Vulnerabilities^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1588.006

has super-classes: Obtain Capabilities^c

vulnerability^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Vulnerability

has super-classes: D3FEND Thing^c
is also defined as: named individual

Vulnerability Scanning^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1595.002

has super-classes: Active Scanning^c

Weaken Encryption^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1600

has super-classes: Defense Evasion Technique^c
has sub-classes: Disable Crypto Hardware^c, Reduce Key Space^c

Weakness^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Weakness

has super-classes: D3FEND Thing^c
has sub-classes: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')^c, Cross-Site Request Forgery (CSRF)^c, Deserialization of Untrusted Data^c, Improper Authentication^c, Improper Control of Generation of Code ('Code Injection')^c, Improper Input Validation^c, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')^c, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')^c, Improper Neutralization of Special Elements used in a Command ('Command Injection')^c, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')^c, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')^c, Improper Restriction of Operations within the Bounds of a Memory Buffer^c, Improper Restriction of XML External Entity Reference^c, Incorrect Default Permissions^c, Integer Overflow or Wraparound^c, Missing Authentication for Critical Function^c, Missing Authorization^c, NULL Pointer Dereference^c, Out-of-bounds Read^c, Out-of-bounds Write^c, Server-Side Request Forgery (SSRF)^c, Uncontrolled Resource Consumption^c, Unrestricted Upload of File with Dangerous Type^c, Use After Free^c, Use of Hard-coded Credentials^c
is in domain of: may be weakness of^op
is in range of: may have weakness^op

Web Application Firewall^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebApplicationFirewall

is defined by: http://dbpedia.org/resource/Web_application_firewall

has super-classes: Application Layer Firewall^c

Web Application Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebApplicationServer

is defined by: http://dbpedia.org/resource/Application_server

has super-classes: Web Server^c

Web Authentication^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebAuthentication

has super-classes: Authentication^c; may-create^op some Session Cookie^c
has sub-classes: Cloud Service Authentication^c
is also defined as: named individual

Web Cookies^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1606.001

has super-classes: Forge Web Credentials^c

Web File Resource^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebFileResource

has super-classes: Network File Resource^c; addressed-by^op some URL^c
is also defined as: named individual

Web Network Traffic^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebNetworkTraffic

has super-classes: Network Traffic^c
has sub-classes: Intranet Web Network Traffic^c, Outbound Internet Web Traffic^c
is also defined as: named individual

Web Portal Capture^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.003

has super-classes: Input Capture^c; modifies^op some Web Server Application^c
is also defined as: named individual

Web Protocols^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.001

has super-classes: Application Layer Protocol^c; may-transfer^op some Certificate File^c; produces^op some Outbound Internet Web Traffic^c
is also defined as: named individual

Web Resource Access^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebResourceAccess

has super-classes: Network Resource Access^c
is also defined as: named individual

Web Script File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebScriptFile

has super-classes: Executable Script^c
is also defined as: named individual

Web Server^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebServer

has super-classes: Server^c
has sub-classes: Artifact Server^c, Web Application Server^c
is also defined as: named individual

Web Server Application^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebServerApplication

has super-classes: Service Application^c
is also defined as: named individual

Web Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102

has super-classes: Command and Control Technique^c; produces^op some Outbound Internet Web Traffic^c
has sub-classes: Bidirectional Communication^c, Dead Drop Resolver^c, One-Way Communication^c
is also defined as: named individual

Web Services^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1583.006

has super-classes: Acquire Infrastructure^c

Web Services^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1584.006

has super-classes: Compromise Infrastructure^c

Web Session Activity Analysis^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebSessionActivityAnalysis

has super-classes: User Behavior Analysis^c; analyzes^op some Web Resource Access^c
is also defined as: named individual

Web Session Cookie^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1506

has super-classes: Defense Evasion Technique^c; Lateral Movement Technique^c

Web Session Cookie^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.004

has super-classes: Use Alternate Authentication Material^c; adds^op some Session Cookie^c; produces^op some Web Network Traffic^c
is also defined as: named individual

Web Shell^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1100

has super-classes: Persistence Technique^c; Privilege Escalation Technique^c

Web Shell^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.003

has super-classes: Server Software Component^c; adds^op some Web Script File^c; modifies^op some Web Server^c; produces^op some Process^c
is also defined as: named individual

WHOIS^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1596.002

has super-classes: Search Open Technical Databases^c

Wide Area Network^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WideAreaNetwork

is defined by: http://dbpedia.org/resource/Local_area_network

has super-classes: Network^c

Windows Admin Shares^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1077

has super-classes: Lateral Movement Technique^c

Windows Command Shell Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059.003

has super-classes: Command and Scripting Interpreter Execution^c

Windows Credential Manager^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.004

has super-classes: Credentials from Password Stores^c

Windows File and Directory Permissions Modification^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1222.001

has super-classes: File and Directory Permissions Modification^c

Windows Management Instrumentation Event Subscription^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1084

has super-classes: Persistence Technique^c

Windows Management Instrumentation Event Subscription^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.003

has super-classes: Event Triggered Execution^c; modifies^op some Event Log^c; produces^op some Intranet Administrative Network Traffic^c
is also defined as: named individual

Windows Management Instrumentation Execution^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1047

has super-classes: Execution Technique^c; may-create^op some Intranet Administrative Network Traffic^c; may-invoke^op some Create Process^c
is also defined as: named individual

Windows Registry^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WindowsRegistry

has super-classes: System Configuration Database^c
is also defined as: named individual

Windows Registry Key^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WindowsRegistryKey

has super-classes: System Configuration Database Record^c; windows-registry-key^dp some string; windows-registry-value^dp some string
is also defined as: named individual

Windows Remote Management^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.006

has super-classes: Remote Services^c

Windows Remote Management^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1028

has super-classes: Execution Technique^c; Lateral Movement Technique^c

Windows Service^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.003

has super-classes: Create or Modify System Process^c; modifies^op some System Configuration Database^c
is also defined as: named individual

Windows Shortcut File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WindowsShortcutFile

has super-classes: Shortcut File^c
is also defined as: named individual

Winlogon Helper DLL^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1004

has super-classes: Persistence Technique^c

Winlogon Helper DLL^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.004

has super-classes: Boot or Logon Autostart Execution^c; modifies^op some System Configuration Database Record^c
is also defined as: named individual

Wireless Access Point^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WirelessAccessPoint

is defined by: http://dbpedia.org/resource/Wireless_access_point

has super-classes: Network Node^c; RF Transceiver^c
has sub-classes: Wireless Router^c

Wireless Router^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WirelessRouter

is defined by: http://dbpedia.org/resource/Wireless_router

has super-classes: Router^c; Wireless Access Point^c

Wordlist Scanning^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1595.003

has super-classes: Active Scanning^c

Write File^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WriteFile

has super-classes: System Call^c; modifies^op some File^c
is also defined as: named individual

XDG Autostart Entries^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.013

has super-classes: Boot or Logon Autostart Execution^c

XPC Services^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559.003

has super-classes: Inter-Process Communication Execution^c

XSL Script Processing^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1220

has super-classes: Defense Evasion Technique^c; adds^op some File^c; interprets^op some Executable Script^c; invokes^op some Create Process^c
is also defined as: named individual

Zero Client Computer^c back to ToC or Class ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ZeroClientComputer

is defined by: http://dbpedia.org/resource/Thin_client#Zero_client

has super-classes: Thin Client Computer^c

Named Individuals

.bash_profile and .bashrc
/etc/passwd and /etc/shadow
AC-17(8)
AC-2(1)
AC-2(13)
AC-2(2)
AC-2(3)
AC-2(4)
AC-2(5)
AC-2(6)
AC-2(7)
AC-2(9)
AC-23
AC-24
AC-24(1)
AC-24(2)
AC-3
AC-3(11)
AC-3(13)
AC-3(3)
AC-3(7)
AC-3(8)
AC-4
AC-4(1)
AC-4(10)
AC-4(11)
AC-4(12)
AC-4(13)
AC-4(14)
AC-4(15)
AC-4(17)
AC-4(19)
AC-4(20)
AC-4(21)
AC-4(26)
AC-4(27)
AC-4(28)
AC-4(29)
AC-4(3)
AC-4(30)
AC-4(32)
AC-4(4)
AC-4(5)
AC-4(6)
AC-4(8)
AC-5
AC-6
AC-6(1)
AC-6(10)
AC-6(3)
AC-6(4)
AC-6(5)
AC-6(6)
AC-6(9)
AC-7
AC-7(3)
AC-7(4)
Access Modeling
Accessibility Features
Account Access Removal
Account Locking
Account Manipulation
Account Use Policies
Active Certificate Analysis
Active Directory Configuration
Active Logical Link Mapping
Active Physical Link Mapping
Add Office 365 Global Administrator Role
Add-ins
Additional Azure Service Principal Credentials
Administrative Network Activity Analysis
Adobe PDF File 1.3
Allocate Memory
AMD64 Code Segment
Antivirus/Antimalware
AppCert DLLs
AppInit DLLs
Application
Application Access Token
Application Configuration Database
Application Configuration File
Application Configuration Hardening
Application Developer Guidance
Application Hardening
Application Inventory Sensor
Application Isolation and Sandboxing
Application Layer Protocol
Application Process
Application Shimming
Application Window Discovery
Archive Collected Data
Archive via Custom Method
Archive via Library
Archive via Utility
ARM32 Code Segment
ASCII Domain Name
Asset Inventory
Asset Vulnerability Enumeration
Asymmetric Cryptography
Asynchronous Procedure Call
AU-10(5)
AU-14(2)
AU-15
AU-2
AU-2(1)
AU-2(2)
AU-3
AU-4
Audio Capture
Audit
Authenticate User
Authentication
Authentication Cache Invalidation
Authentication Event Thresholding
Authentication Function
Authentication Log
Authentication Package
Authorization
Authorization Event Thresholding
Authorization Log
Automated Collection
Automated Exfiltration
Bash History
Bash Script File
Behavior Prevention on Endpoint
Binary Padding
Biometric Authentication
BITS Jobs
Block Device
Book
Boot Integrity
Bootkit
Bootloader Authentication
Broadcast Domain Isolation
Browser
Browser Extension
Browser Extensions
BSD Process
Bypass User Access Control
Byte Sequence Emulation
Cached Domain Credentials
Call Stack
CCI Catalog v2022-04-05
CCI-000015
CCI-000016
CCI-000017
CCI-000018
CCI-000020
CCI-000022
CCI-000025
CCI-000027
CCI-000029
CCI-000030
CCI-000032
CCI-000034
CCI-000035
CCI-000037
CCI-000040
CCI-000044
CCI-000047
CCI-000056
CCI-000057
CCI-000058
CCI-000060
CCI-000066
CCI-000067
CCI-000068
CCI-000071
CCI-000139
CCI-000143
CCI-000144
CCI-000162
CCI-000163
CCI-000164
CCI-000185
CCI-000186
CCI-000187
CCI-000192
CCI-000193
CCI-000194
CCI-000195
CCI-000196
CCI-000197
CCI-000198
CCI-000199
CCI-000200
CCI-000205
CCI-000213
CCI-000218
CCI-000219
CCI-000226
CCI-000346
CCI-000352
CCI-000374
CCI-000381
CCI-000382
CCI-000386
CCI-000417
CCI-000663
CCI-000764
CCI-000765
CCI-000766
CCI-000767
CCI-000768
CCI-000771
CCI-000772
CCI-000774
CCI-000776
CCI-000804
CCI-000831
CCI-000877
CCI-000880
CCI-000884
CCI-000888
CCI-001009
CCI-001019
CCI-001067
CCI-001069
CCI-001082
CCI-001083
CCI-001084
CCI-001085
CCI-001086
CCI-001087
CCI-001089
CCI-001090
CCI-001092
CCI-001094
CCI-001096
CCI-001100
CCI-001109
CCI-001111
CCI-001115
CCI-001117
CCI-001118
CCI-001124
CCI-001125
CCI-001127
CCI-001128
CCI-001133
CCI-001144
CCI-001145
CCI-001146
CCI-001147
CCI-001150
CCI-001166
CCI-001169
CCI-001170
CCI-001178
CCI-001185
CCI-001199
CCI-001200
CCI-001210
CCI-001211
CCI-001233
CCI-001237
CCI-001239
CCI-001242
CCI-001262
CCI-001297
CCI-001305
CCI-001310
CCI-001350
CCI-001352
CCI-001356
CCI-001368
CCI-001372
CCI-001373
CCI-001374
CCI-001376
CCI-001377
CCI-001399
CCI-001400
CCI-001401
CCI-001403
CCI-001404
CCI-001405
CCI-001414
CCI-001424
CCI-001425
CCI-001426
CCI-001427
CCI-001428
CCI-001436
CCI-001452
CCI-001453
CCI-001454
CCI-001493
CCI-001494
CCI-001495
CCI-001496
CCI-001499
CCI-001555
CCI-001556
CCI-001557
CCI-001574
CCI-001589
CCI-001619
CCI-001632
CCI-001662
CCI-001668
CCI-001677
CCI-001682
CCI-001683
CCI-001684
CCI-001685
CCI-001686
CCI-001695
CCI-001744
CCI-001749
CCI-001762
CCI-001764
CCI-001767
CCI-001774
CCI-001811
CCI-001812
CCI-001813
CCI-001855
CCI-001858
CCI-001936
CCI-001937
CCI-001941
CCI-001953
CCI-001954
CCI-001957
CCI-001991
CCI-002005
CCI-002009
CCI-002010
CCI-002015
CCI-002016
CCI-002041
CCI-002145
CCI-002165
CCI-002169
CCI-002178
CCI-002179
CCI-002201
CCI-002205
CCI-002207
CCI-002211
CCI-002218
CCI-002233
CCI-002235
CCI-002238
CCI-002262
CCI-002263
CCI-002264
CCI-002272
CCI-002277
CCI-002281
CCI-002282
CCI-002283
CCI-002284
CCI-002289
CCI-002290
CCI-002302
CCI-002306
CCI-002307
CCI-002308
CCI-002309
CCI-002322
CCI-002346
CCI-002347
CCI-002353
CCI-002355
CCI-002357
CCI-002358
CCI-002359
CCI-002361
CCI-002363
CCI-002364
CCI-002381
CCI-002382
CCI-002384
CCI-002385
CCI-002394
CCI-002397
CCI-002400
CCI-002403
CCI-002409
CCI-002411
CCI-002420
CCI-002421
CCI-002422
CCI-002423
CCI-002425
CCI-002426
CCI-002460
CCI-002462
CCI-002463
CCI-002464
CCI-002465
CCI-002466
CCI-002467
CCI-002468
CCI-002470
CCI-002475
CCI-002476
CCI-002530
CCI-002531
CCI-002533
CCI-002536
CCI-002546
CCI-002605
CCI-002607
CCI-002613
CCI-002614
CCI-002617
CCI-002618
CCI-002630
CCI-002631
CCI-002661
CCI-002662
CCI-002684
CCI-002688
CCI-002689
CCI-002690
CCI-002691
CCI-002710
CCI-002711
CCI-002712
CCI-002715
CCI-002716
CCI-002717
CCI-002718
CCI-002723
CCI-002724
CCI-002726
CCI-002729
CCI-002740
CCI-002743
CCI-002746
CCI-002748
CCI-002749
CCI-002771
CCI-002824
CCI-002883
CCI-002890
CCI-002891
CCI-003014
CCI-003123
Central Processing Unit
Certificate
Certificate Analysis
Certificate File
Certificate Pinning
Certificate Trust Store
Certificate-based Authentication
Change Default File Association
Clear Command History
Clear Linux or Mac System Logs
Clear Windows Event Logs
Client-server Payload Profiling
Clipboard Data
Cloud Account
Cloud Accounts
Cloud Instance Metadata API
Cloud Service Dashboard
Cloud Service Discovery
Cloud Service Sensor
Cloud Storage Object Discovery
CM-14
CM-5
CM-5(1)
CM-5(3)
CM-5(5)
CM-5(6)
CM-6(3)
CMSTP
Code Repositories
Code Repository
Code Signing
Code Signing
Collection
Collection Technique
Command And Control
Command and Control Technique
Command and Scripting Interpreter Execution
Command History Log File
Communication Through Removable Media
Compile After Delivery
Compiled HTML File
Compiler
Component Firmware
Component Object Model Hijacking
Compromise Client Software Binary
Compromise Hardware Supply Chain
Compromise Software Dependencies and Development Tools
Compromise Software Supply Chain
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Configuration Database
Configuration Inventory
Confluence
Connect Socket
Connected Honeynet
Connection Attempt Analysis
Container Runtime
Control Panel Execution
Copy Memory Function
Copy Token
COR_PROFILER
Create Account
Create File
Create Process
Create Process with Token
Create Socket
Create Thread
Credential
Credential Access
Credential Access Protection
Credential Access Technique
Credential API Hooking
Credential Compromise Scope Analysis
Credential Eviction
Credential Hardening
Credential Revoking
Credential Stuffing
Credential Transmission Scoping
Credentials from Password Stores
Credentials from Web Browsers
Credentials in Files
Credentials in Registry
Cross-Site Request Forgery (CSRF)
Data Backup
Data Encoding
Data Exchange Mapping
Data from Information Repositories
Data from Local System
Data from Network Shared Drive
Data from Removable Media
Data Inventory
Data Obfuscation
Data Staged
Data Transfer Size Limits
Database Query String Analysis
Database Server
DCSync
Dead Code Elimination
Deceive
Decoy Artifact
Decoy Environment
Decoy File
Decoy Network Resource
Decoy Object
Decoy Persona
Decoy Public Release
Decoy Session Token
Decoy User Credential
Default Accounts
Defense Evasion
Defense Evasion Technique
Defensive Technique
Deobfuscate/Decode Files or Information
Dependency
Deserialization of Untrusted Data
Detect
Direct Network Flood
Direct Volume Access
Directory
DISA FSO
Disable or Modify System Firewall
Disable or Modify Tools
Disable or Remove Feature or Program
Disable Windows Event Logging
Discovery
Discovery Technique
Disk Content Wipe
Disk Encryption
Disk Structure Wipe
Display Device Driver
DLL Search Order Hijacking
DLL Side-Loading
DNS
DNS Allowlisting
DNS Denylisting
DNS Traffic Analysis
Do Not Mitigate
Document File
Domain Account
Domain Account Monitoring
Domain Accounts
Domain Fronting
Domain Name
Domain Name Reputation Analysis
Domain Registration
Domain Trust Policy
Double File Extension
Downgrade Attack
Drive-by Compromise
Driver Load Integrity Checking
Dylib Hijacking
Dynamic Analysis
Dynamic Resolution
Dynamic-link Library Injection
Elevated Execution with Prompt
Email
Email Attachment
Email Collection
Email Forwarding Rule
Email Hiding Rules
Email Removal
Emond
Emulated File Analysis
Enclave
Encrypt Sensitive Information
Encrypted Channel
Encrypted Tunnels
Endpoint Health Beacon
Environment Variable Permissions
Eval Function
Evict
Exception Handler Pointer Validation
Exchange Email Delegate Permissions
Executable Allowlisting
Executable Binary
Executable Denylisting
Executable File
Executable Installer File Permissions Weakness
Execution
Execution Isolation
Execution Prevention
Execution Technique
Exfiltration
Exfiltration Over Alternative Protocol
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
Exfiltration Over C2 Channel
Exfiltration Over Other Network Medium
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
Exfiltration over USB
Exfiltration Over Web Service
Exfiltration Technique
Exfiltration to Cloud Storage
Exfiltration to Code Repository
Exploit Protection
Exploit Public-Facing Application
Exploitation for Client Execution
Exploitation for Credential Access
Exploitation for Defense Evasion
Exploitation for Privilege Escalation
Exploitation of Remote Services
Exploitation of Transient Instruction Execution
External Defacement
External Proxy
External Remote Services
Fallback Channels
File
File Access Pattern Analysis
File Analysis
File and Directory Discovery
File and Directory Permissions Modification
File Carving
File Content Rules
File Creation Analysis
File Deletion
File Encryption
File Eviction
File Hash
File Hash Reputation Analysis
File Hashing
File Path Open Function
File Removal
File System
File System Sensor
File Transfer Protocols
Filter Network Traffic
Firmware Behavior Analysis
Firmware Embedded Monitoring Code
Firmware Sensor
Firmware Verification
Forced Authentication
Forward Resolution Domain Denylisting
Forward Resolution IP Denylisting
FQDN Domain Name
Free Memory
Gatekeeper Bypass
get foreground window
Get Open Sockets
Get System Config Value
GNU GCC StackGuard
Golden Ticket
Group Policy Discovery
Group Policy Modification
Group Policy Preferences
GUI Input Capture
Harden
Hardware Additions
Hardware Component Inventory
Hardware Driver
Hardware-based Process Isolation
Hidden File System
Hidden Files and Directories
Hidden Users
Hidden Window
Hierarchical Domain Denylisting
Homoglyph Denylisting
Homoglyph Detection
Host
Host Configuration Sensor
Hostname
HTML Smuggling
HTTP URL
HTTPS URL
IA-2(1)
IA-2(2)
IA-2(4)
IA-2(6)
Identifier Activity Analysis
Identifier Analysis
Identifier Reputation Analysis
IIS Components
Image Code Segment
Image File Execution Options Injection
Impact
Impact Technique
Impair Command History Logging
Impersonate User
Implant Container Image
Import Library Function
Improper Authentication
Improper Control of Generation of Code ('Code Injection')
Improper Input Validation
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Restriction of Operations within the Bounds of a Memory Buffer
Improper Restriction of XML External Entity Reference
Inbound Internet Network Traffic
Inbound Session Volume Analysis
Inbound Traffic Filtering
Incorrect Default Permissions
Indirect Branch Call Analysis
Ingress Tool Transfer
Initial Access
Initial Access Technique
Input Device Analysis
Install Root Certificate
Integer Overflow or Wraparound
Integrated Honeynet
Inter-Process Communication Execution
Internal Defacement
Internal Proxy
Internal Spearphishing
Internationalized Domain Name
Internet Article
Intranet IPC Network Traffic
Intranet Web Network Traffic
Invalid Code Signature
IO Port Restriction
iOS Process
IP Address
IP Reputation Analysis
IPC Traffic Analysis
IR-4(12)
IR-4(13)
Isolate
Javascript File
Job Function Access Pattern Analysis
Kerberoasting
Kernel
Kernel API Sensor
Kernel Modules and Extensions
Kernel-based Process Isolation
Keychain
Keychain
Keylogging
Lateral Movement
Lateral Movement Technique
Lateral Tool Transfer
Launch Agent
Launch Daemon
Launchd
LC_LOAD_DYLIB Addition
LD_PRELOAD
LDIF Record
Limit Access to Resource Over Network
Limit Hardware Installation
Limit Software Installation
Linux ELF File 32bit
Linux ELF File 64bit
Linux Exec
Linux Process
LLMNR/NBT-NS Poisoning and SMB Relay
Local Account
Local Account Monitoring
Local Accounts
Local Area Network
Local Data Staging
Local Email Collection
Local File Permissions
Local Resource Access
Log File
Logical Link Mapping
Login Items
Logon Script (Mac)
Logon Script (Windows)
Logon User
LSA Secrets
LSASS Driver
LSASS Memory
Lua Script File
MA-3(3)
MA-3(4)
MA-3(5)
MA-3(6)
MA-4(1)
MA-6
MA-6(1)
MA-6(2)
MA-6(3)
macOS Process
Mail Network Traffic
Mail Protocols
Mail Server
Make and Impersonate Token
Malicious File Execution
Malicious Link Execution
Man in the Browser
Man-in-the-Middle
Mandatory Access Control
Marketing Material
Masquerade Task or Service
Match Legitimate Name or Location
Mavinject
Memory Address
Memory Address Space
Memory Allocation Function
Memory Block
Memory Boundary Tracking
Memory Free Function
Memory Management Unit
Memory Pool
Message Analysis
Message Authentication
Message Encryption
Message Hardening
Microsoft VCCLCompilerTool BufferSecurityCheck
Microsoft Word DOC File
Microsoft Word DOCB File
Microsoft Word DOCM File
Microsoft Word DOCX File
Microsoft Word DOT File
Microsoft Word DOTM File
Microsoft Word DOTX File
Microsoft Word WBK File
MMC
Model
Modify Authentication Process
Modify Registry
Move File
MSBuild
MSG Email File
Multi-factor Authentication
Multi-factor Authentication
Multi-hop Proxy
Multi-Stage Channels
Native API Execution
Netsh Helper DLL
Network Directory Resource
Network File Resource
Network Flow
Network Flow Sensor
Network Intrusion Prevention
Network Isolation
Network Logon Script
Network Mapping
Network Node
Network Node Inventory
Network Protocol Analyzer
Network Resource Access
Network Segmentation
Network Session
Network Share Connection Removal
Network Sniffing
Network Traffic
Network Traffic Analysis
Network Traffic Analysis Software
Network Traffic Community Deviation
Network Traffic Filtering
Network Traffic Policy Mapping
Network Vulnerability Assessment
NIST SP 800-53 R3
NIST SP 800-53 R4
NIST SP 800-53 R5
Non-Application Layer Protocol
non-real-time-analytic
non-real-time-eviction
Non-Standard Port
NTDS
NTFS File Attributes
NULL Pointer Dereference
Office Template Macros
Office Test
One-time Password
Open File
Operating System
Operating System Configuration
Operating System Monitoring
Operational Activity Mapping
Operational Dependency Mapping
Operational Risk Assessment
Orchestration Controller
Organization Mapping
OS Credential Dumping
Out-of-bounds Read
Out-of-bounds Write
Outbound Internet DNS Lookup Traffic
Outbound Internet File Transfer Traffic
Outbound Internet Web Traffic
Outbound Traffic Filtering
Outlook Forms
Outlook Home Page
Outlook Rules
Packet Log
Page Frame
Page Table
Parent PID Spoofing
Partition Table
Pass The Hash
Pass The Ticket
Passive Certificate Analysis
Passive Logical Link Mapping
Passive Physical Link Mapping
Password Cracking
Password Filter DLL
Password Guessing
Password Policies
Password Spraying
Patent
Path Interception by PATH Environment Variable
Path Interception by Search Order Hijacking
Path Interception by Unquoted Path
PE32 Executable File
PE32+ Executable File
Per Host Download-Upload Ratio Analysis
Peripheral Firmware Verification
Persistence
Persistence Technique
Physical Link Mapping
Platform
Platform Hardening
Platform Monitoring
Plist Modification
Pluggable Authentication Modules
Pointer Authentication
Pointer Dereferencing Function
Port Knocking
Port Monitors
Portable Executable Injection
PowerShell Profile
Powershell Script File
Pre-compromise
Primary Storage
Private Keys
Privilege Escalation
Privilege Escalation Technique
Privileged Account Management
Privileged Process Integrity
Proc Filesystem
Proc Memory
Procedure 1 - T1134.001 Access Token Manipulation
Process
Process Analysis
Process Code Segment
Process Code Segment Verification
Process Discovery
Process Doppelgänging
Process Eviction
Process Hollowing
Process Image
Process Lineage Analysis
Process Segment Execution Prevention
Process Self-Modification Detection
Process Spawn Analysis
Process Start Function
Process Suspension
Process Termination
Process Tree
Processor Cache Memory
Processor Register
Protocol Metadata Anomaly Detection
Protocol Tunneling
Ptrace System Calls
Query Registry
RA-3(3)
RA-3(4)
RA-5
RA-5(2)
RA-5(3)
RA-5(4)
RA-5(5)
RA-5(6)
RA-5(7)
Raw Memory Access Function
Rc.common
RDP Hijacking
Re-opened Applications
Read File
real-time-analytic
real-time-eviction
Reconnaissance Technique
Reference - /DYNAMICBASE (Use address space layout randomization) - Microsoft Docs
Reference - /GS (Buffer Security Check) - Microsoft Docs
Reference - /SAFESEH (Image has Safe Exception Handlers) - Microsoft Docs
Reference - Account monitoring - Forescout Technologies
Reference - Active firewall system and methodology - McAfee LLC
Reference - Advanced device matching system
Reference - An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks
Reference - Analysis of the Windows Vista Security Model - Symantec Corporation
Reference - Anomaly Detection Using Adaptive Behavioral Profiles - Securonix Inc
Reference - Anti-tamper system with self-adjusting guards - ARXAN TECHNOLOGIES Inc
Reference - Apparatus for to provide content to and query a reverse domain name system server - Barrracuda Networks
Reference - Approaches for securing an internet endpoint using fine-grained operating system virtualization - Bromium, Inc.
Reference - Architecture of transparent network security for application containers - Neuvector Inc
Reference - Audit User Account Management
Reference - Automated computer vulnerability resolution system
Reference - Automatically generating network resource groups and assigning customized decoy policies thereto - Illusive Networks Ltd
Reference - Automatically generating rules for connection security - Microsoft
Reference - Biometric Challenge-Response Authentication - Accenture
Reference - Broadcast isolation and level 3 network switch - Hewlett Packard Enterprise Development LP
Reference - CAR-2013-01-002: Autorun Differences - MITRE
Reference - CAR-2013-01-003: SMB Events Monitoring - MITRE
Reference - CAR-2013-02-003: Processes Spawning cmd.exe - MITRE
Reference - CAR-2013-02-008: Simultaneous Logins on a Host - MITRE
Reference - CAR-2013-02-012: User Logged in to Multiple Hosts - MITRE
Reference - CAR-2013-03-001: Reg.exe called from Command Shell - MITRE
Reference - CAR-2013-04-002: Quick execution of a series of suspicious commands - MITRE
Reference - CAR-2013-05-002: Suspicious Run Locations - MITRE
Reference - CAR-2013-05-003: SMB Write Request - MITRE
Reference - CAR-2013-05-004: Execution with AT - MITRE
Reference - CAR-2013-05-005: SMB Copy and Execution - MITRE
Reference - CAR-2013-07-001: Suspicious Arguments - MITRE
Reference - CAR-2013-07-002: RDP Connection Detection - MITRE
Reference - CAR-2013-07-005: Command Line Usage of Archiving Software - MITRE
Reference - CAR-2013-08-001: Execution with schtasks - MITRE
Reference - CAR-2013-09-003: SMB Session Setups - MITRE
Reference - CAR-2013-09-005: Service Outlier Executables - MITRE
Reference - CAR-2013-10-001: User Login Activity Monitoring - MITRE
Reference - CAR-2013-10-002: DLL Injection via Load Library - MITRE
Reference - CAR-2014-02-001: Service Binary Modifications - MITRE
Reference - CAR-2014-03-001: SMB Write Request - NamedPipes - MITRE
Reference - CAR-2014-03-005: Remotely Launched Executables via Services - MITRE
Reference - CAR-2014-03-006: RunDLL32.exe monitoring - MITRE
Reference - CAR-2014-04-003: Powershell Execution - MITRE
Reference - CAR-2014-05-001: RPC Activity - MITRE
Reference - CAR-2014-05-002: Services launching Cmd - MITRE
Reference - CAR-2014-07-001: Service Search Path Interception - MITRE
Reference - CAR-2014-11-002: Outlier Parents of Cmd - MITRE
Reference - CAR-2014-11-003: Debuggers for Accessibility Applications - MITRE
Reference - CAR-2014-11-005: Remote Registry - MITRE
Reference - CAR-2014-11-006: Windows Remote Management (WinRM) - MITRE
Reference - CAR-2014-11-007: Remote Windows Management Instrumentation (WMI) over RPC - MITRE
Reference - CAR-2014-11-008: Command Launched from WinLogon - MITRE
Reference - CAR-2014-12-001: Remotely Launched Executables via WMI - MITRE
Reference - CAR-2015-04-001: Remotely Scheduled Tasks via AT - MITRE
Reference - CAR-2015-04-002: Remotely Scheduled Tasks via Schtasks - MITRE
Reference - CAR-2015-07-001: All Logins Since Last Boot - MITRE
Reference - CAR-2016-03-001: Host Discovery Commands - MITRE
Reference - CAR-2016-03-002: Create Remote Process via WMIC - MITRE
Reference - CAR-2016-04-002: User Activity from Clearing Event Logs - MITRE
Reference - CAR-2016-04-003: User Activity from Stopping Windows Defensive Services - MITRE
Reference - CAR-2016-04-004: Successful Local Account Login
Reference - CAR-2016-04-005: Remote Desktop Logon - MITRE
Reference - CAR-2019-04-001: UAC Bypass - MITRE
Reference - CAR-2019-04-002: Generic Regsvr32 - MITRE
Reference - CAR-2019-04-003: Squiblydoo - MITRE
Reference - CAR-2019-04-004: Credential Dumping via Mimikatz - MITRE
Reference - CAR-2019-07-001: Access Permission Modification - MITRE
Reference - CAR-2019-07-002: Lsass Process Dump via Procdump - MITRE
Reference - CAR-2019-08-001: Credential Dumping via Windows Task Manager - MITRE
Reference - CAR-2019-08-002: Active Directory Dumping via NTDSUtil - MITRE
Reference - CAR-2020-04-001: Shadow Copy Deletion - MITRE
Reference - CAR-2020-05-001: MiniDump of LSASS - MITRE
Reference - CAR-2020-05-003: Rare LolBAS Command Lines - MITRE
Reference - CAR-2020-08-001: NTFS Alternate Data Stream Execution - System Utilities - MITRE
Reference - CAR-2020-09-001: Scheduled Task - FileAccess - MITRE
Reference - CAR-2020-09-002: Component Object Model Hijacking - MITRE
Reference - CAR-2020-09-003: Indicator Blocking - Driver Unloaded - MITRE
Reference - CAR-2020-09-004: Credentials in Files & Registry - MITRE
Reference - CAR-2020-09-005: AppInit DLLs - MITRE
Reference - CAR-2020-11-001: Boot or Logon Initialization Scripts - MITRE
Reference - CAR-2020-11-002: Local Network Sniffing - MITRE
Reference - CAR-2020-11-003: DLL Injection with Mavinject - MITRE
Reference - CAR-2020-11-004: Processes Started From Irregular Parent - MITRE
Reference - CAR-2020-11-005: Clear Powershell Console Command History - MITRE
Reference - CAR-2020-11-006: Local Permission Group Discovery - MITRE
Reference - CAR-2020-11-007: Network Share Connection Removal - MITRE
Reference - CAR-2020-11-008: MSBuild and msxsl - MITRE
Reference - CAR-2020-11-009: Compiled HTML Access - MITRE
Reference - CAR-2020-11-010: CMSTP - MITRE
Reference - CAR-2020-11-011: Registry Edit from Screensaver
Reference - CAR-2021-01-002: Unusually Long Command Line Strings - MITRE
Reference - CAR-2021-01-003: Clearing Windows Logs with Wevtutil - MITRE
Reference - CAR-2021-01-004: Unusual Child Process for Spoolsv.Exe or Connhost.Exe - MITRE
Reference - CAR-2021-01-006: Unusual Child Process spawned using DDE exploit - MITRE
Reference - CAR-2021-01-007: Detecting Tampering of Windows Defender Command Prompt - MITRE
Reference - CAR-2021-01-008: Disable UAC - MITRE
Reference - CAR-2021-01-009: Detecting Shadow Copy Deletion via Vssadmin.exe - MITRE
Reference - CAR-2021-02-001: Webshell-Indicative Process Tree - MITRE
Reference - CAR-2021-02-002: Get System Elevation - MITRE
Reference - CAR-2021-04-001: Common Windows Process Masquerading - MITRE
Reference - CAR-2021-05-001: Attempt To Add Certificate To Untrusted Store - MITRE
Reference - CAR-2021-05-002: Batch File Write to System32 - MITRE
Reference - CAR-2021-05-003: BCDEdit Failure Recovery Modification - MITRE
Reference - CAR-2021-05-004: BITS Job Persistence - MITRE
Reference - CAR-2021-05-005: BITSAdmin Download File - MITRE
Reference - CAR-2021-05-006: CertUtil Download With URLCache and Split Arguments - MITRE
Reference - CAR-2021-05-007: CertUtil Download With VerifyCtl and Split Arguments - MITRE
Reference - CAR-2021-05-008: Certutil exe certificate extraction - MITRE
Reference - CAR-2021-05-009: CertUtil With Decode Argument - MITRE
Reference - CAR-2021-05-010: Create local admin accounts using net exe - MITRE
Reference - CAR-2021-05-011: Create Remote Thread into LSASS - MITRE
Reference - Catia UAF Plugin
Reference - Certificate and Public Key Pinning
Reference - Certificate Transparency
Reference - Cisco ASR 9000 Series Aggregation Services Routers - Access List Commands
Reference - Computational modeling and classification of data streams - Crowdstrike Inc
Reference - Computer motherboard having peripheral security functions
Reference - Computer Worm Defense System and Method - FireEye Inc
Reference - Computer-implemented methods and systems for identifying visually similar text character strings - Greathorn Inc
Reference - Computing apparatus with automatic integrity reference generation and maintenance - Tripwire, Inc.
Reference - Configure User Access Control and Permissions
Reference - Content extractor and analysis system - Bit 9 Inc, Carbon Black Inc
Reference - Continuous authentication by analysis of keyboard typing characteristics - Bradford Univ., UK
Reference - Cyber Command System (CYCS)
Reference - Dagger Fact Sheet
Reference - Dagger: Modeling and visualization for mission impact situational awareness
Reference - Data processing and scanning systems for generating and populating a data inventory
Reference - Database for receiving, storing and compiling information about email messages
Reference - Dead code elimination
Reference - Deception-Based Responses to Security Attacks - Crowdstrike Inc
Reference - Decoy and deceptive data object technology - Cymmetria Inc
Reference - Decoy and deceptive data object technology - Cymmetria, Inc.
Reference - Decoy Network-Based Service for Deceiving Attackers - Amazon Technologies
Reference - Decoy Personas for Safeguarding Online Identity Using Deception - MITRE
Reference - Detecting DDoS Attack Using Snort
Reference - Detecting network reconnaissance by tracking intranet dark-net communications - VECTRA NETWORKS Inc
Reference - Detecting script-based malware - Crowdstrike Inc
Reference - Detection of Malicious IDNHomoglyph Domains
Reference - Deterministic method for detecting and blocking of exploits on interpreted code - K2 Cyber Security Inc
Reference - Digital Identity Guidelines 800-63-3
Reference - Distributed meta-information query in a network - Bit 9 Inc
Reference - DNS Whitelist (DNSWL) Email Authentication Method Extension
Reference - Domain age registration alert - Inc Rapid7 Inc RAPID7 Inc
Reference - Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network - Palo Alto Networks Inc
Reference - Embedding contexts for on-line threats into response policy zones - Verisign Inc
Reference - End-to-end certificate pinning
Reference - Enhancing Network Security By Preventing User-Initiated Malware Execution - MITRE
Reference - File and Folder Permissions
Reference - File-modifying malware detection - Crowdstrike Inc
Reference - Finding phishing sites
Reference - Firewall for interent access - Secure Computing LLC
Reference - Firewall for processing a connectionless network packet - National Security Agency
Reference - Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network - National Security Agency
Reference - Firewalls that filter based upon protocol commands - Intel Corp
Reference - Firmware Behavior Analysis ConFirm
Reference - Firmware Behavior Analysis VIPER
Reference - Firmware Embedded Monitoring Code Red Balloon
Reference - Firmware Embedded Monitoring Code Symbiotes
Reference - Firmware Verification Eclypsium
Reference - Firmware Verification Trapezoid
Reference - Framework for notifying a directory service of authentication events processed outside the directory service - Oracle International Corp
Reference - FWTK - Firewall Toolkit
Reference - FWTK Documentation - fwtk.org
Reference - Guards for application in software tamperproofing - Purdue Research Foundation
Reference - Hardware-assisted system and method for detecting and analyzing system calls made to an operting system kernel - Endgame Inc
Reference - Heuristic botnet detection - Palo Alto Networks Inc
Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltd
Reference - How ASLR protects Linux systems from buffer overflow attacks - Network World
Reference - How Does Antivirus Quarantine Work? - Safety Detectives
Reference - How to change registry values or permissions from a command line or a script
Reference - How trust relationships work for resource forests in Azure Active Directory Domain Services
Reference - http://www.biometric-solutions.com/keystroke-dynamics.html - biometric-solutions.com
Reference - Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views
Reference - Identification of traceroute nodes and associated devices
Reference - Identification of visual international domain name collisions - Verisign Inc
Reference - Identifying a denial-of-service attack in a cloud-based proxy service - Cloudfare Inc.
Reference - IEEE Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discovery
Reference - Indirect Branching Calls
Reference - Inferential exploit attempt detection - Crowdstrike Inc
Reference - Instant process termination tool to recover control of an information handling system - Dell Products LP
Reference - Integrity assurance through early loading in the boot phase - Crowdstrike Inc
Reference - Intrusion detection using a heartbeat - Sophos Ltd
Reference - Isolation of applications within a virtual machine - Bromium, Inc.
Reference - Libre NMS - Network Map Extension
Reference - Libre NMS - Oxidized Extension
Reference - LUKS1 On-Disk Format SpecificationVersion 1.2.3
Reference - Malicious relay detection on networks - VECTRA NETWORKS Inc
Reference - Malware analysis system - Palo Alto Networks Inc
Reference - Malware detection in event loops - Crowdstrike Inc
Reference - Malware detection using local computational models - Crowdstrike Inc
Reference - Method and Apparatus for Detecting Malicious Websites - Endgame Inc
Reference - Method and apparatus for increasing the speed at which computer viruses are detected - McAfee LLC
Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC
Reference - Method and apparatus for utilizing a token for resource access - Rsa Security Inc.
Reference - Method and system for controlling communication ports
Reference - Method and system for detecting algorithm-generated domains - VECTRA NETWORKS Inc
Reference - Method and system for detecting external control of compromised hosts - VECTRA NETWORKS Inc
Reference - Method and system for detecting malicious payloads - Vectra Networks Inc
Reference - Method and system for detecting restricted content associated with retrieved content - Sophos Ltd
Reference - Method and system for detecting suspicious administrative activity - Vectra Networks Inc
Reference - Method and system for detecting threats using metadata vectors - VECTRA NETWORKS Inc
Reference - Method and system for detecting threats using passive cluster mapping - Vectra Networks Inc
Reference - Method and system for providing software updates to local machines
Reference - Method and system for UDP flood attack detection - Riorey LLC
Reference - Method for controlling computer network security - Checkpoint Software Technologies Ltd
Reference - Method for file encryption
Reference - Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system - Symantec Corporation
Reference - MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
Reference - Mission Dependency Modeling for Cyber Situational Awareness
Reference - Mitigate threats by using Windows 10 security features: Data Execution Prevention - Microsoft
Reference - Mock attack cybersecurity training system and methods - WOMBAT SECURITY TECHNOLOGIES Inc
Reference - Modeling user access to computer resources - Daedalus Group LLC (formerly IBM)
Reference - Modification of a Server to Mimic a Deception Mechanism - Acalvio Technologies Inc
Reference - Munin
Reference - Network firewall with proxy - Secure Computing LLC
Reference - Network-Based Buffer Overflow Detection by Exploit Code Analysis - Information Security Research Centre
Reference - Network-level polymorphic shellcode detection using emulation
Reference - NIST RMF Quick Start Guide - Assess Step - Frequently Asked Questions (FAQ)
Reference - NIST Special Publication 800-160 Volume 1 - System Security Engineering
Reference - NIST Special Publication 800-37 Revision 2 - Risk Management Framework for Information Systems and Organizations
Reference - NIST Special Publication 800-53A Revision 5 - Assessing Security and Privacy Controls in Information Systems and Organizations
Reference - NISTIR 8011 Volume 1 - Automation Support for Security Control Assessments
Reference - Open source intelligence deceptions - Illusive Networks Ltd
Reference - Organizational Management in SAP ERP HCM
Reference - OS Query Windows User Collection Code
Reference - Overview of the seccomp sandbox
Reference - Platform Firmware Resiliency Guidelines - NIST
Reference - Pointer Authentication on ARMv8.3
Reference - Pointer Authentication Project Zero
Reference - Post sandbox methods and systems for detecting and blocking zero-day exploits via api call validation - K2 Cyber Security Inc
Reference - Predicting Domain Generation Algorithms with Long Short-Term Memory Networks
Reference - Preventing execution of task scheduled malware - McAfee LLC
Reference - Privacy and security systems and methods of use
Reference - Private virtual local area network isolation - Cisco Technology Inc
Reference - Protected computing environment - Microsoft Technology Licensing LLC
Reference - Protecting against distributed denial of service attacks - Cisco Technology Inc.
Reference - Protecting against distributed network flood attacks - Juniper Networks Inc.
Reference - PsSuspend - Microsoft
Reference - Qualys Network Passive Sensor Getting Started Guide
Reference - Red Hat Enterprise Linux 8 Security Technical Implementation Guide
Reference - Registry Key Security and Access Rights
Reference - Reputation of an entity associated with a content item
Reference - Reverse DNS Blocking - Barracuda Networks
Reference - Revoke a previously issued verifiable credential - Microsoft
Reference - RFC 2289 - A One-Time Password System
Reference - RFC 6376: DomainKeys Identified Mail (DKIM) Signatures - IETF
Reference - RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email - IETF
Reference - RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC) - IETF
Reference - RFC 7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements
Reference - RPC call interception - Crowdstrike Inc
Reference - Secure caching of server credentials - Dell Products LP
Reference - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1
Reference - Securing Web Transactions
Reference - Securing Web Transactions TLS Server Certificate Management - Appendix A Passive Inspection
Reference - Security Architecture for the Internet Protocol
Reference - Security System with Methodology for Interprocess Communication Control - Check Point Software Tech Inc
Reference - Security Technologies: Stack Smashing Protection (StackGuard) - Red Hat
Reference - Security vulnerability information aggregation
Reference - Sinkholing bad network domains by registering the bad network domains on the internet - Palo Alto Networks Inc
Reference - SNMP - Network Auto-Discovery
Reference - Software vulnerability graph database
Reference - StreamingPhish
Reference - Supply chain cyber-deception - Cymmetria, Inc.
Reference - Synchronizing a honey network configuration to reflect a target network environment - Palo Alto Networks Inc
Reference - System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Inc
Reference - System and method for detecting homoglyph attacks with a siamese convolutional neural network - Endgame Inc
Reference - System and method for detecting malware injected into memory of a computing device - Endgame Inc
Reference - System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Velocity Analysis - Silver Tail Systems
Reference - System and method for identifying the presence of malware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Inc
Reference - System and method for internet security - Cylance Inc
Reference - System and method for managed security assessment and mitigation
Reference - System and Method for Network Security Including Detection of Attacks Through Partner Websites - EMC IP Holding Co LLC
Reference - System and Method for Process Hollowing Detection - Carbon Black Inc
Reference - System and method for providing an actively invalidated client-side network resource cache - IMVU
Reference - System and method for scanning remote services to locate stored objects with malware
Reference - System and method for validating in-memory integrity of executable files to identify malicious activity - Endgame Inc
Reference - System and method for vulnerability risk analysis
Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Inc
Reference - System and methods thereof for causality identification and attributions determination of processes in a network - Palo Alto Networks IncCyber Secdo Ltd
Reference - System and methods thereof for detection of persistent threats in a computerized environment background - Palo Alto Networks IncCyber Secdo Ltd
Reference - System and methods thereof for identification of suspicious system processes - Palo Alto Networks Inc
Reference - System and methods thereof for logical identification of malicious threats across a plurality of end-point devices (epd) communicatively connected by a network - Palo Alto Networks IncCyber Secdo Ltd
Reference - System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system - Palo Alto Networks Inc
Reference - System for detecting threats using scenario-based tracking of internal and external network traffic - VECTRA NETWORKS Inc
Reference - System for implementing threat detection using daily network traffic community outliers - VECTRA NETWORKS Inc
Reference - System for implementing threat detection using threat and risk assessment of asset-actor interactions - VECTRA NETWORKS Inc
Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
Reference - Systems and methods for detecting and/or handling targeted attacks in the email channel - Graphus Inc
Reference - Systems and methods for detecting credential theft - Symantec Corp
Reference - Tamper proof mutating software - ARXAN TECHNOLOGIES Inc
Reference - TCG Trusted Attestation Protocol Use Cases for TPM Families 1.2 and 2.0 and DICE
Reference - Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities
Reference - Techniques for impeding and detecting network threats - Verisign Inc
Reference - Tenable Passive Network Monitoring
Reference - Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords
Reference - The Pyramid of Pain - David Bianco
Reference - Threat detection for return oriented programming - Crowdstrike Inc
Reference - Threat detection through the accumulated detection of threat characteristics - Sophos Ltd
Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resources
Reference - Tokenless biometric transaction authorization method and system
Reference - TPM 2.0 Library Specification - Trusted Computing Group, Incorporated
Reference - Trusted Attestation Protocol Use Cases
Reference - Trusted Communications With Child Processes - Microsoft Technology Licensing LLC
Reference - UEFI Platform Initialization (PI) Specification
Reference - Unified Architecture Framework (UAF)
Reference - USB filter for hub malicious code prevention system
Reference - Use DNS Policy for Applying Filters on DNS Queries
Reference - Use of an application controller to monitor and control software file and application environments - Sophos Ltd
Reference - Use Rkill to Stop Malware Processes - ghacks.net
Reference - Using spanning tree protocol (STP) to enhance layer-2 topology maps
Reference - Virtualized process isolation - Advanced Micro Devices Inc
Reference - Web Authentication: An API for accessing Public Key Credentials Level 2
Reference - Web-Based Enterprise Management
Reference - What is NX/XD feature?
Reference - Windows 10 STIG
Reference - Windows Management Infrastructure (MI)
Reference - Windows Management Instrumentation (WMI)
Reflection Amplification
Reflective Code Loading
reg open key a
reg open key ex a
reg open key ex w
reg open key transacted a
reg open key transacted w
reg open key w
reg set key value a
reg set key value w
reg set value a
reg set value ex a
reg set value ex w
reg set value w
Registry Run Keys / Startup Folder
Relay Pattern Analysis
Remote Access Software
Remote Data Staging
Remote Data Storage
Remote Desktop Protocol
Remote Email Collection
Remote Service Session Hijacking
Remote Services
Remote System Discovery
Remote Terminal Session Detection
Rename System Utilities
Replication Through Removable Media
Resource Access Pattern Analysis
Resource Development Technique
Resource Forking
Restrict File and Directory Permissions
Restrict Library Loading
Restrict Registry Permission
Restrict Web-Based Content
Reverse Resolution Domain Denylisting
Reverse Resolution IP Denylisting
RF Shielding
Right-to-Left Override
Rogue Domain Controller
Rootkit
RPC Traffic Analysis
Ruby Script File
Run Virtual Instance
Rundll32 Execution
Runtime Data Manipulation
SA-10(1)
SA-10(3)
SA-10(4)
SA-10(5)
SA-10(6)
SA-11(1)
SA-11(8)
SA-8(18)
SA-8(22)
Safe Mode Boot
SC-2
SC-2(1)
SC-3
SC-3(1)
Scheduled Job Analysis
Scheduled Task/Job Execution
Scheduled Transfer
Screen Capture
Screensaver
Script Application Process
Script Execution Analysis
Security Account Manager
Security Software Discovery
Security Support Provider
Security Token
Securityd Memory
Segment Address Offset Randomization
Sender MTA Reputation Analysis
Sender Reputation Analysis
Server
Server-Side Request Forgery (SSRF)
Service Binary Verification
Service Dependency Mapping
Service Exhaustion Flood
Services File Permissions Weakness
Services Registry Permissions Weakness
Session Duration Analysis
Set System Config Value
Setuid and Setgid
Shadow Stack
Shadow Stack Comparisons
Shared Resource Access Function
Sharepoint
Shortcut Modification
SI-2(4)
SI-2(5)
SI-2(6)
SI-3
SI-3(10)
SI-3(4)
SI-3(8)
SI-4
SI-4(2)
SI-4(4)
SID-History Injection
SIP and Trust Provider Hijacking
Software
Software Configuration
Software Deployment Tools Execution
Software Inventory
Software Library
Software Library File
Software Packing
Software Update
Source Code
Space after Filename
Spearphishing Attachment
Spearphishing Link
Spearphishing Via Service
SQL Stored Procedures
SSH
SSH Hijacking
SSL/TLS Inspection
Stack Frame
Stack Frame Canary Validation
Stack Segment
Standalone Honeynet
Startup Items
Steal Application Access Token
Steal or Forge Kerberos Tickets
Steal Web Session Cookie
Step 1 - Copy Token
Step 2 - Impersonate User
Storage
Stored Data Manipulation
Strong Password Policy
Sudo and Sudo Caching
Supply Chain Compromise
Suspend Process
Symbolic Link
Symmetric Cryptography
System Call
System Call Analysis
System Call Filtering
System Configuration Database
System Configuration Permissions
System Daemon Monitoring
System Dependency Mapping
System File Analysis
System Firewall Configuration
System Firmware
System Firmware Verification
System Information Discovery
System Init Config Analysis
System Language Discovery
System Location Discovery
System Mapping
System Network Configuration Discovery
System Network Connections Discovery
System Owner/User Discovery
System Service Discovery
System Service Software
System Time Discovery
System Vulnerability Assessment
Systemd Service
Taint Shared Content
Terminate Process
Thread Execution Hijacking
Thread Local Storage
Thread Start Function
Threat Intelligence Program
Time Based Evasion
Time Providers
Timestomp
Token Impersonation/Theft
TPM Boot Integrity
Trace Process
Traffic Signaling
Transfer Agent Authentication
Transmitted Data Manipulation
Transport Agent
Trap
Trusted Relationship
Two-Factor Authentication Interception
Unrestricted Upload of File with Dangerous Type
Unsecured Credentials
Update Software
URL
URL Analysis
URL Reputation Analysis
Use Alternate Authentication Material
Use of Hard-coded Credentials
User
User Account Control
User Account Management
User Account Permissions
User Behavior
User Behavior Analysis
User Data Transfer Analysis
User Geolocation Logon Pattern Analysis
User Manual
User Session Init Config Analysis
User Startup Directory
User to User Message
User Training
Valid Accounts
VBA Stomping
VDSO Hijacking
Video Capture
Vulnerability Scanning
Web Authentication
Web File Resource
Web Portal Capture
Web Protocols
Web Service
Web Session Activity Analysis
Web Session Cookie
Web Shell
Web Socket URL
WHOIS Compatible Domain Registration
Windows Batch File
Windows Management Instrumentation Event Subscription
Windows Management Instrumentation Execution
Windows Process
Windows Service
Winlogon Helper DLL
Write File
X86 Code Segment
XSL Script Processing

.bash_profile and .bashrcⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.004

has facts: modifies^op User Init Configuration File
is also defined as: class

/etc/passwd and /etc/shadowⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.008

has facts: accesses^op Encrypted Credential; accesses^op Password File
is also defined as: class

AC-17(8)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-17_8

belongs to: NIST Control^c
has facts: broader^op Executable Denylisting; control-name^dp "Remote Access | Disable Nonsecure Network Protocols"; member-of^op NIST SP 800-53 R5

AC-2(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_1

belongs to: NIST Control^c
has facts: broader^op Account Locking; broader^op Multi-factor Authentication; control-name^dp "Account Management | Automated System Account Management"; member-of^op NIST SP 800-53 R5

AC-2(13)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_13

belongs to: NIST Control^c
has facts: control-name^dp "Account Management | Disable Accounts for High-risk Individuals"; member-of^op NIST SP 800-53 R5; narrower^op Account Locking

AC-2(2)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_2

belongs to: NIST Control^c
has facts: broader^op Account Locking; control-name^dp "Account Management | Automated Temporary and Emergency Account Management"; member-of^op NIST SP 800-53 R5

AC-2(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_3

belongs to: NIST Control^c
has facts: broader^op Account Locking; control-name^dp "Account Management | Disable Accounts"; member-of^op NIST SP 800-53 R5

AC-2(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_4

belongs to: NIST Control^c
has facts: control-name^dp "Account Management | Automated Audit Actions"; member-of^op NIST SP 800-53 R5; related^op Domain Account Monitoring

AC-2(5)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_5

belongs to: NIST Control^c
has facts: control-name^dp "Account Management | Inactivity Logout"; member-of^op NIST SP 800-53 R5; related^op Account Locking

AC-2(6)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_6

belongs to: NIST Control^c
has facts: broader^op Mandatory Access Control; control-name^dp "Account Management | Dynamic Privilege Management"; member-of^op NIST SP 800-53 R5

AC-2(7)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_7

belongs to: NIST Control^c
has facts: control-name^dp "Account Management | Privileged User Accounts"; member-of^op NIST SP 800-53 R5; narrower^op User Account Permissions

AC-2(9)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-2_9

belongs to: NIST Control^c
has facts: control-name^dp "Account Management | Restrictions on Use of Shared and Group Accounts"; member-of^op NIST SP 800-53 R5; narrower^op Mandatory Access Control; narrower^op User Account Permissions

AC-23ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-23

belongs to: NIST Control^c
has facts: control-name^dp "Data Mining Protection"; member-of^op NIST SP 800-53 R5; narrower^op Job Function Access Pattern Analysis; narrower^op Local Account Monitoring; narrower^op Resource Access Pattern Analysis; narrower^op User Data Transfer Analysis

AC-24ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-24

belongs to: NIST Control^c
has facts: control-name^dp "Access Control Decisions"; member-of^op NIST SP 800-53 R5; narrower^op Mandatory Access Control

AC-24(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-24_1

belongs to: NIST Control^c
has facts: control-name^dp "Access Control Decisions | Transmit Access Authorization Information"; member-of^op NIST SP 800-53 R5; narrower^op Mandatory Access Control; narrower^op User Account Permissions

AC-24(2)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-24_2

belongs to: NIST Control^c
has facts: control-name^dp "Access Control Decisions | No User or Process Identity"; member-of^op NIST SP 800-53 R5; narrower^op Mandatory Access Control; narrower^op User Account Permissions

AC-3ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3

belongs to: NIST Control^c
has facts: control-name^dp "Access Enforcement"; member-of^op NIST SP 800-53 R5; narrower^op Executable Allowlisting; narrower^op Executable Denylisting; narrower^op Mandatory Access Control

AC-3(11)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3_11

belongs to: NIST Control^c
has facts: control-name^dp "Access Enforcement | Restrict Access to Specific Information Types"; member-of^op NIST SP 800-53 R5; narrower^op Mandatory Access Control

AC-3(13)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3_13

belongs to: NIST Control^c
has facts: control-name^dp "Access Enforcement | Attribute-based Access Control"; member-of^op NIST SP 800-53 R5; narrower^op Mandatory Access Control

AC-3(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3_3

belongs to: NIST Control^c
has facts: control-name^dp "Access Enforcement | Mandatory Access Control"; exactly^op Mandatory Access Control; member-of^op NIST SP 800-53 R5

AC-3(7)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3_7

belongs to: NIST Control^c
has facts: control-name^dp "Access Enforcement | Role-based Access Control"; member-of^op NIST SP 800-53 R5; narrower^op Mandatory Access Control

AC-3(8)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-3_8

belongs to: NIST Control^c
has facts: control-name^dp "Access Enforcement | Revocation of Access Authorizations"; member-of^op NIST SP 800-53 R5; narrower^op Mandatory Access Control; narrower^op System Call Filtering

AC-4ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_1

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Object Security and Privacy Attributes"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(10)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_10

belongs to: NIST Control^c
has facts: broader^op Inbound Traffic Filtering; broader^op Outbound Traffic Filtering; control-name^dp "Information Flow Enforcement | Enable and Disable Security or Privacy Policy Filters"; member-of^op NIST SP 800-53 R5

AC-4(11)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_11

belongs to: NIST Control^c
has facts: broader^op Inbound Traffic Filtering; broader^op Outbound Traffic Filtering; control-name^dp "Information Flow Enforcement | Configuration of Security or Privacy Policy Filters"; member-of^op NIST SP 800-53 R5

AC-4(12)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_12

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Data Type Identifiers"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(13)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_13

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Decomposition into Policy-relevant Subcomponents"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(14)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_14

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Security or Privacy Policy Filter Constraints"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(15)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_15

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Detection of Unsanctioned Information"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(17)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_17

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Domain Authentication"; member-of^op NIST SP 800-53 R5; narrower^op Domain Trust Policy

AC-4(19)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_19

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Validation of Metadata"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(20)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_20

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Approved Solutions"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(21)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_21

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Physical or Logical Separation of Information Flows"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(26)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_26

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Audit Filtering Actions"; member-of^op NIST SP 800-53 R5; narrower^op File Content Rules

AC-4(27)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_27

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Redundant/independent Filtering Mechanisms"; exactly^op Inbound Traffic Filtering; exactly^op Outbound Traffic Filtering; member-of^op NIST SP 800-53 R5

AC-4(28)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_28

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Linear Filter Pipelines"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(29)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_29

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Filter Orchestration Engines"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_3

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Dynamic Information Flow Control"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(30)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_30

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Filter Mechanisms Using Multiple Processes"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(32)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_32

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Process Requirements for Information Transfer"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_4

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Flow Control of Encrypted Information"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(5)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_5

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Embedded Data Types"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(6)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_6

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Metadata"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-4(8)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-4_8

belongs to: NIST Control^c
has facts: control-name^dp "Information Flow Enforcement | Security and Privacy Policy Filters"; member-of^op NIST SP 800-53 R5; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering

AC-5ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-5

belongs to: NIST Control^c
has facts: broader^op Local File Permissions; broader^op Mandatory Access Control; broader^op User Account Permissions; control-name^dp "Separation of Duties"; member-of^op NIST SP 800-53 R5

AC-6ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6

belongs to: NIST Control^c
has facts: broader^op Local File Permissions; broader^op Mandatory Access Control; broader^op User Account Permissions; control-name^dp "Least Privilege"; member-of^op NIST SP 800-53 R5

AC-6(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_1

belongs to: NIST Control^c
has facts: control-name^dp "Least Privilege | Authorize Access to Security Functions"; exactly^op System Configuration Permissions; member-of^op NIST SP 800-53 R5

AC-6(10)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_10

belongs to: NIST Control^c
has facts: control-name^dp "Least Privilege | Prohibit Non-privileged Users from Executing Privileged Functions"; member-of^op NIST SP 800-53 R5; narrower^op Local File Permissions; narrower^op Mandatory Access Control; narrower^op System Configuration Permissions

AC-6(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_3

belongs to: NIST Control^c
has facts: control-name^dp "Least Privilege | Network Access to Privileged Commands"; exactly^op System Configuration Permissions; member-of^op NIST SP 800-53 R5

AC-6(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_4

belongs to: NIST Control^c
has facts: control-name^dp "Least Privilege | Separate Processing Domains"; member-of^op NIST SP 800-53 R5; narrower^op Hardware-based Process Isolation

AC-6(5)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_5

belongs to: NIST Control^c
has facts: control-name^dp "Least Privilege | Privileged Accounts"; member-of^op NIST SP 800-53 R5; narrower^op Local File Permissions; narrower^op Mandatory Access Control; narrower^op System Configuration Permissions

AC-6(6)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_6

belongs to: NIST Control^c
has facts: control-name^dp "Least Privilege | Privileged Access by Non-organizational Users"; member-of^op NIST SP 800-53 R5; narrower^op Local File Permissions; narrower^op Mandatory Access Control; narrower^op System Configuration Permissions

AC-6(9)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-6_9

belongs to: NIST Control^c
has facts: broader^op Local Account Monitoring; broader^op User Behavior Analysis; control-name^dp "Least Privilege | Log Use of Privileged Functions"; member-of^op NIST SP 800-53 R5

AC-7ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-7

belongs to: NIST Control^c
has facts: control-name^dp "Unsuccessful Logon Attempts"; exactly^op Account Locking; member-of^op NIST SP 800-53 R5

AC-7(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-7_3

belongs to: NIST Control^c
has facts: control-name^dp "Unsuccessful Logon Attempts | Biometric Attempt Limiting"; member-of^op NIST SP 800-53 R5; narrower^op Account Locking

AC-7(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AC-7_4

belongs to: NIST Control^c
has facts: broader^op Account Locking; control-name^dp "Unsuccessful Logon Attempts | Use of Alternate Authentication Factor"; member-of^op NIST SP 800-53 R5

Access Modelingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccessModeling

belongs to: Operational Activity Mapping^c
has facts: d3fend-id^dp "D3-AM"; kb-reference^op Reference - RFC 7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements; maps^op Access Control Configuration; maps^op User Account
is also defined as: class

Accessibility Featuresⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.008

has facts: may-create^op Intranet Administrative Network Traffic; may-modify^op Executable Binary; may-modify^op System Configuration Database Record
is also defined as: class

Account Access Removalⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1531

has facts: modifies^op User Account
is also defined as: class

Account Lockingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AccountLocking

belongs to: Credential Eviction^c
has facts: date created^dp "2020-08-05T00:00:00"^^date time; d3fend-id^dp "D3-AL"; disables^op User Account; kb-reference^op Reference - Account monitoring - Forescout Technologies; kb-reference^op Reference - Framework for notifying a directory service of authentication events processed outside the directory service - Oracle International Corp
is also defined as: class

Account Manipulationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098

has facts: modifies^op User Account
is also defined as: class

Account Use Policiesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1036

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "D3-AZET may be related (is potentially related though not called out in ATT&CK definition.)"; related^op Account Locking; related^op Authentication Cache Invalidation; related^op Authentication Event Thresholding

Active Certificate Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActiveCertificateAnalysis

belongs to: Active Certificate Analysis^c; Certificate Analysis^c
has facts: date created^dp "2020-08-05T00:00:00"^^date time; d3fend-id^dp "D3-ACA"; kb-reference^op Reference - Securing Web Transactions
is also defined as: class

Active Directory Configurationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1015

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "M1015 scope is broad, touches on an wide variety of techniques in D3FEND."; related^op Authentication Cache Invalidation; related^op Domain Trust Policy; related^op User Account Permissions

Active Logical Link Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActiveLogicalLinkMapping

belongs to: Logical Link Mapping^c
has facts: d3fend-id^dp "D3-ALLM"; kb-reference^op Reference - Identification of traceroute nodes and associated devices; kb-reference^op Reference - SNMP - Network Auto-Discovery; may-query^op Network Agent
is also defined as: class

Active Physical Link Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ActivePhysicalLinkMapping

belongs to: Physical Link Mapping^c
is disjoint with: Passive Physical Link Mapping
has facts: d3fend-id^dp "D3-APLM"; kb-reference^op Reference - Identification of traceroute nodes and associated devices; kb-reference^op Reference - Using spanning tree protocol (STP) to enhance layer-2 topology maps; may-query^op Network Agent
is also defined as: class

Add Office 365 Global Administrator Roleⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.003

has facts: modifies^op Global User Account
is also defined as: class

Add-insⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.006

has facts: adds^op Software; may-modify^op System Configuration Database; modifies^op Office Application
is also defined as: class

Additional Azure Service Principal Credentialsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.001

has facts: creates^op Credential; produces^op Intranet Administrative Network Traffic
is also defined as: class

Administrative Network Activity Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkActivityAnalysis

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Intranet Administrative Network Traffic; date created^dp "2020-08-05T00:00:00"^^date time; d3fend-id^dp "D3-ANAA"; kb-reference^op Reference - Method and system for detecting suspicious administrative activity - Vectra Networks Inc; kb-reference^op Reference - CAR-2014-11-005: Remote Registry - MITRE; kb-reference^op Reference - CAR-2014-11-006: Windows Remote Management (WinRM) - MITRE
is also defined as: class

Adobe PDF File 1.3ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AdobePDFFile1.3

belongs to: Document File^c
has facts: may-contain^op Javascript File

Allocate Memoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AllocateMemory

has facts: creates^op Memory Block
is also defined as: class

AMD64 Code Segmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AMD64CodeSegment

belongs to: Image Code Segment^c; Process Code Segment^c

Antivirus/Antimalwareⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1049

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "Process Analysis and subclasses."; related^op File Content Rules; related^op File Hashing; related^op Process Analysis

AppCert DLLsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.009

has facts: invokes^op Create Process; loads^op Shared Library File; modifies^op System Configuration Database Record
is also defined as: class

AppInit DLLsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.010

has facts: invokes^op Create Process; loads^op Shared Library File; modifies^op System Configuration Database Record
is also defined as: class

Applicationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Application

has facts: may-contain^op Application Configuration
is also defined as: class

Application Access Tokenⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.001

has facts: may-produce^op Network Traffic; uses^op Access Token
is also defined as: class

Application Configuration Databaseⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationDatabase

has facts: contains^op Application Configuration Database Record
is also defined as: class

Application Configuration Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationFile

has facts: contains^op Application Configuration
is also defined as: class

Application Configuration Hardeningⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationConfigurationHardening

belongs to: Application Hardening^c
has facts: d3fend-id^dp "D3-ACH"; hardens^op Application Configuration; kb-reference^op Reference - Red Hat Enterprise Linux 8 Security Technical Implementation Guide; kb-reference^op Reference - Windows 10 STIG
is also defined as: class

Application Developer Guidanceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1013

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "A future release of D3FEND will define a taxonomy of Source Code Hardening Techniques."

Application Hardeningⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationHardening

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-AH"; enables^op Harden
is also defined as: class

Application Inventory Sensorⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationInventorySensor

has facts: monitors^op Application
is also defined as: class

Application Isolation and Sandboxingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1048

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp ""Sandboxing" is often used to describe a detection environment which includes some forms of analysis (see D3-DA.)" Many forms of isolation (e.g., quarantining) are more static in nature and simply limit software's access to system resources."; related^op Dynamic Analysis; related^op Hardware-based Process Isolation; related^op Mandatory Access Control; related^op System Call Filtering

Application Layer Protocolⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071

has facts: may-transfer^op Certificate File; produces^op Outbound Internet Network Traffic
is also defined as: class

Application Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationProcess

has facts: runs^op Application
is also defined as: class

Application Shimmingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.011

has facts: creates^op Shim; modifies^op Shim Database
is also defined as: class

Application Window Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1010

has facts: may-invoke^op Create Process; may-invoke^op Get Open Windows
is also defined as: class

Archive Collected Dataⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560

has facts: creates^op Archive File
is also defined as: class

Archive via Custom Methodⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.003

has facts: creates^op Custom Archive File
is also defined as: class

Archive via Libraryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.002

has facts: creates^op Archive File
is also defined as: class

Archive via Utilityⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1560.001

has facts: creates^op Archive File
is also defined as: class

ARM32 Code Segmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ARM32CodeSegment

belongs to: Image Code Segment^c; Process Code Segment^c

ASCII Domain Nameⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ASCIIDomainName

belongs to: Domain Name^c

Asset Inventoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AssetInventory

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-AI"; enables^op Model
is also defined as: class

Asset Vulnerability Enumerationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AssetVulnerabilityEnumeration

belongs to: Asset Inventory^c
has facts: d3fend-id^dp "D3-AVE"; evaluates^op Digital Artifact; identifies^op vulnerability; kb-reference^op Reference - Automated computer vulnerability resolution system; kb-reference^op Reference - Security vulnerability information aggregation; kb-reference^op Reference - System and method for vulnerability risk analysis
is also defined as: class

Asymmetric Cryptographyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573.002

has facts: creates^op Outbound Internet Encrypted Traffic; may-transfer^op Certificate File
is also defined as: class

Asynchronous Procedure Callⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.004

has facts: may-invoke^op Create Process
is also defined as: class

AU-10(5)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-10_5

belongs to: NIST Control^c
has facts: broader^op Driver Load Integrity Checking; control-name^dp "Non-repudiation | Digital Signatures"; member-of^op NIST SP 800-53 R5

AU-14(2)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-14_2

belongs to: NIST Control^c
has facts: control-name^dp "Session Audit | Capture and Record Content"; member-of^op NIST SP 800-53 R5; narrower^op Local Account Monitoring

AU-15ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-15

belongs to: NIST Control^c
has facts: control-name^dp "Alternate Audit Logging Capability"; member-of^op NIST SP 800-53 R5; narrower^op Local Account Monitoring

AU-2ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-2

belongs to: NIST Control^c
has facts: control-name^dp "Event Logging"; exactly^op Local Account Monitoring; member-of^op NIST SP 800-53 R5

AU-2(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-2_1

belongs to: NIST Control^c
has facts: control-name^dp "Event Logging | Compilation of Audit Records from Multiple Sources"; exactly^op Local Account Monitoring; member-of^op NIST SP 800-53 R5

AU-2(2)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-2_2

belongs to: NIST Control^c
has facts: control-name^dp "Event Logging | Selection of Audit Events by Component"; exactly^op Local Account Monitoring; member-of^op NIST SP 800-53 R5

AU-3ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-3

belongs to: NIST Control^c
has facts: control-name^dp "Content of Audit Records"; exactly^op Local Account Monitoring; member-of^op NIST SP 800-53 R5

AU-4ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_AU-4

belongs to: NIST Control^c
has facts: control-name^dp "Audit Log Storage Capacity"; member-of^op NIST SP 800-53 R5; narrower^op Local Account Monitoring

Audio Captureⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1123

has facts: accesses^op Audio Input Device
is also defined as: class

Auditⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1047

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "M1047 scope is broad, touches on an wide variety of techniques in d3fend."; related^op Domain Account Monitoring; related^op Local Account Monitoring; related^op System File Analysis

Authenticate Userⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticateUser

has facts: authenticates^op User Account
is also defined as: class

Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Authentication

belongs to: Authentication^c
has facts: authenticates^op User; may-create^op Intranet Network Traffic; originates-from^op Physical Location
is also defined as: class

Authentication Cache Invalidationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationCacheInvalidation

belongs to: Credential Eviction^c
has facts: d3fend-id^dp "D3-ANCI"; deletes^op Credential; kb-reference^op Reference - Secure caching of server credentials - Dell Products LP; kb-reference^op Reference - System and method for providing an actively invalidated client-side network resource cache - IMVU
is also defined as: class

Authentication Event Thresholdingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationEventThresholding

belongs to: User Behavior Analysis^c
has facts: analyzes^op Authentication; date created^dp "2020-08-05T00:00:00"^^date time; d3fend-id^dp "D3-ANET"; kb-reference^op Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC; kb-reference^op Reference - CAR-2013-02-008: Simultaneous Logins on a Host - MITRE; kb-reference^op Reference - CAR-2013-02-012: User Logged in to Multiple Hosts - MITRE; kb-reference^op Reference - CAR-2013-10-001: User Login Activity Monitoring - MITRE; kb-reference^op Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
is also defined as: class

Authentication Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationFunction

has facts: authenticates^op User Account
is also defined as: class

Authentication Logⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthenticationLog

has facts: records^op Authentication
is also defined as: class

Authentication Packageⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.002

has facts: modifies^op System Configuration Database Record
is also defined as: class

Authorizationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Authorization

has facts: authorizes^op Network Resource Access
is also defined as: class

Authorization Event Thresholdingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthorizationEventThresholding

belongs to: User Behavior Analysis^c
has facts: analyzes^op Authorization; date created^dp "2020-08-05T00:00:00"^^date time; d3fend-id^dp "D3-AZET"; kb-reference^op Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC; kb-reference^op Reference - CAR-2013-09-003: SMB Session Setups - MITRE; kb-reference^op Reference - CAR-2013-02-012: User Logged in to Multiple Hosts - MITRE; kb-reference^op Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
is also defined as: class

Authorization Logⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#AuthorizationLog

has facts: records^op Network Resource Access
is also defined as: class

Automated Collectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1119

has facts: accesses^op File
is also defined as: class

Automated Exfiltrationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1020

has facts: produces^op Internet Network Traffic
is also defined as: class

Bash Historyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.003

has facts: accesses^op Command History Log File
is also defined as: class

Bash Script Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BashScriptFile

belongs to: Executable Script^c

Behavior Prevention on Endpointⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1040

belongs to: ATTACK Mitigation^c
has facts: related^op Authentication Event Thresholding; related^op Authorization Event Thresholding; related^op Job Function Access Pattern Analysis; related^op Resource Access Pattern Analysis; related^op Session Duration Analysis; related^op User Data Transfer Analysis; related^op User Geolocation Logon Pattern Analysis; related^op Web Session Activity Analysis

Binary Paddingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.001

has facts: modifies^op Executable Binary
is also defined as: class

Biometric Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BiometricAuthentication

belongs to: Credential Hardening^c
has facts: authenticates^op User Account; d3fend-id^dp "D3-BAN"; kb-reference^op Biometric Authentication; kb-reference^op Reference - Tokenless biometric transaction authorization method and system; kb-reference^op Reference - http://www.biometric-solutions.com/keystroke-dynamics.html - biometric-solutions.com
is also defined as: class

BITS Jobsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1197

has facts: may-produce^op Intranet IPC Network Traffic; may-produce^op Intranet Web Network Traffic; may-produce^op Outbound Internet Web Traffic
is also defined as: class

Block Deviceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BlockDevice

has facts: contains^op Boot Sector; contains^op Partition; contains^op Partition Table; may-contain^op Volume
is also defined as: class

Bookⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Book

belongs to: Reference Type^c

Boot Integrityⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1046

belongs to: ATTACK Mitigation^c
has facts: related^op Bootloader Authentication; related^op TPM Boot Integrity

Bootkitⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.003

has facts: may-modify^op Boot Loader; may-modify^op Boot Sector; may-modify^op Volume Boot Record
is also defined as: class

Bootloader Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BootloaderAuthentication

belongs to: Platform Hardening^c
has facts: authenticates^op Boot Loader; d3fend-id^dp "D3-BA"; kb-reference^op Reference - UEFI Platform Initialization (PI) Specification
is also defined as: class

Broadcast Domain Isolationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BroadcastDomainIsolation

belongs to: Network Isolation^c
has facts: d3fend-id^dp "D3-BDI"; filters^op Local Area Network Traffic; kb-reference^op Reference - Broadcast isolation and level 3 network switch - Hewlett Packard Enterprise Development LP; kb-reference^op Reference - Private virtual local area network isolation - Cisco Technology Inc
is also defined as: class

Browserⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Browser

has facts: may-contain^op Browser Extension
is also defined as: class

Browser Extensionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BrowserExtension

has facts: extends^op Browser
is also defined as: class

Browser Extensionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1176

has facts: modifies^op Browser Extension
is also defined as: class

BSD Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#BSDProcess

belongs to: Process^c

Bypass User Access Controlⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.002

has facts: executes^op Executable File; invokes^op Create Process; may-modify^op System Configuration Database Record
is also defined as: class

Byte Sequence Emulationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ByteSequenceEmulation

belongs to: Network Traffic Analysis^c
has facts: d3fend-id^dp "D3-BSE"; kb-reference^op Reference - Network-Based Buffer Overflow Detection by Exploit Code Analysis - Information Security Research Centre; kb-reference^op Reference - Network-level polymorphic shellcode detection using emulation
is also defined as: class

Cached Domain Credentialsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.005

has facts: accesses^op Encrypted Credential; may-modify^op Log
is also defined as: class

Call Stackⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CallStack

has facts: contains^op Stack Frame
is also defined as: class

CCI Catalog v2022-04-05ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCICatalog_v2022-04-05

belongs to: Control Correlation Identifier Catalog^c
has facts: archived-at^dp "https://public.cyber.mil/stigs/cci/"^^any u r i; has-member^op CCI-000015; has-member^op CCI-000016; has-member^op CCI-000017; has-member^op CCI-000018; has-member^op CCI-000020; has-member^op CCI-000022; has-member^op CCI-000025; has-member^op CCI-000027; has-member^op CCI-000029; has-member^op CCI-000030; has-member^op CCI-000032; has-member^op CCI-000034; has-member^op CCI-000035; has-member^op CCI-000037; has-member^op CCI-000040; has-member^op CCI-000044; has-member^op CCI-000047; has-member^op CCI-000056; has-member^op CCI-000057; has-member^op CCI-000058; has-member^op CCI-000060; has-member^op CCI-000066; has-member^op CCI-000067; has-member^op CCI-000068; has-member^op CCI-000071; has-member^op CCI-000139; has-member^op CCI-000143; has-member^op CCI-000144; has-member^op CCI-000162; has-member^op CCI-000163; has-member^op CCI-000164; has-member^op CCI-000185; has-member^op CCI-000186; has-member^op CCI-000187; has-member^op CCI-000192; has-member^op CCI-000193; has-member^op CCI-000194; has-member^op CCI-000195; has-member^op CCI-000196; has-member^op CCI-000197; has-member^op CCI-000198; has-member^op CCI-000199; has-member^op CCI-000200; has-member^op CCI-000205; has-member^op CCI-000213; has-member^op CCI-000218; has-member^op CCI-000219; has-member^op CCI-000226; has-member^op CCI-000346; has-member^op CCI-000352; has-member^op CCI-000374; has-member^op CCI-000381; has-member^op CCI-000382; has-member^op CCI-000386; has-member^op CCI-000417; has-member^op CCI-000663; has-member^op CCI-000764; has-member^op CCI-000765; has-member^op CCI-000766; has-member^op CCI-000767; has-member^op CCI-000768; has-member^op CCI-000771; has-member^op CCI-000772; has-member^op CCI-000774; has-member^op CCI-000776; has-member^op CCI-000804; has-member^op CCI-000831; has-member^op CCI-000877; has-member^op CCI-000880; has-member^op CCI-000884; has-member^op CCI-000888; has-member^op CCI-001009; has-member^op CCI-001019; has-member^op CCI-001067; has-member^op CCI-001069; has-member^op CCI-001082; has-member^op CCI-001083; has-member^op CCI-001084; has-member^op CCI-001085; has-member^op CCI-001086; has-member^op CCI-001087; has-member^op CCI-001089; has-member^op CCI-001090; has-member^op CCI-001092; has-member^op CCI-001094; has-member^op CCI-001096; has-member^op CCI-001100; has-member^op CCI-001109; has-member^op CCI-001111; has-member^op CCI-001115; has-member^op CCI-001117; has-member^op CCI-001118; has-member^op CCI-001124; has-member^op CCI-001125; has-member^op CCI-001127; has-member^op CCI-001128; has-member^op CCI-001133; has-member^op CCI-001144; has-member^op CCI-001145; has-member^op CCI-001146; has-member^op CCI-001147; has-member^op CCI-001150; has-member^op CCI-001166; has-member^op CCI-001169; has-member^op CCI-001170; has-member^op CCI-001178; has-member^op CCI-001185; has-member^op CCI-001199; has-member^op CCI-001200; has-member^op CCI-001210; has-member^op CCI-001211; has-member^op CCI-001233; has-member^op CCI-001237; has-member^op CCI-001239; has-member^op CCI-001242; has-member^op CCI-001262; has-member^op CCI-001297; has-member^op CCI-001305; has-member^op CCI-001310; has-member^op CCI-001350; has-member^op CCI-001352; has-member^op CCI-001356; has-member^op CCI-001368; has-member^op CCI-001372; has-member^op CCI-001373; has-member^op CCI-001374; has-member^op CCI-001376; has-member^op CCI-001377; has-member^op CCI-001399; has-member^op CCI-001400; has-member^op CCI-001401; has-member^op CCI-001403; has-member^op CCI-001404; has-member^op CCI-001405; has-member^op CCI-001414; has-member^op CCI-001424; has-member^op CCI-001425; has-member^op CCI-001426; has-member^op CCI-001427; has-member^op CCI-001428; has-member^op CCI-001436; has-member^op CCI-001452; has-member^op CCI-001453; has-member^op CCI-001454; has-member^op CCI-001493; has-member^op CCI-001494; has-member^op CCI-001495; has-member^op CCI-001496; has-member^op CCI-001499; has-member^op CCI-001555; has-member^op CCI-001556; has-member^op CCI-001557; has-member^op CCI-001574; has-member^op CCI-001589; has-member^op CCI-001619; has-member^op CCI-001632; has-member^op CCI-001662; has-member^op CCI-001668; has-member^op CCI-001677; has-member^op CCI-001682; has-member^op CCI-001683; has-member^op CCI-001684; has-member^op CCI-001685; has-member^op CCI-001686; has-member^op CCI-001695; has-member^op CCI-001744; has-member^op CCI-001749; has-member^op CCI-001762; has-member^op CCI-001764; has-member^op CCI-001767; has-member^op CCI-001774; has-member^op CCI-001811; has-member^op CCI-001812; has-member^op CCI-001813; has-member^op CCI-001855; has-member^op CCI-001858; has-member^op CCI-001936; has-member^op CCI-001937; has-member^op CCI-001941; has-member^op CCI-001953; has-member^op CCI-001954; has-member^op CCI-001957; has-member^op CCI-001991; has-member^op CCI-002005; has-member^op CCI-002009; has-member^op CCI-002010; has-member^op CCI-002015; has-member^op CCI-002016; has-member^op CCI-002041; has-member^op CCI-002145; has-member^op CCI-002165; has-member^op CCI-002169; has-member^op CCI-002178; has-member^op CCI-002179; has-member^op CCI-002201; has-member^op CCI-002205; has-member^op CCI-002207; has-member^op CCI-002211; has-member^op CCI-002218; has-member^op CCI-002233; has-member^op CCI-002235; has-member^op CCI-002238; has-member^op CCI-002262; has-member^op CCI-002263; has-member^op CCI-002264; has-member^op CCI-002272; has-member^op CCI-002277; has-member^op CCI-002281; has-member^op CCI-002282; has-member^op CCI-002283; has-member^op CCI-002284; has-member^op CCI-002289; has-member^op CCI-002290; has-member^op CCI-002302; has-member^op CCI-002306; has-member^op CCI-002307; has-member^op CCI-002308; has-member^op CCI-002309; has-member^op CCI-002322; has-member^op CCI-002346; has-member^op CCI-002347; has-member^op CCI-002353; has-member^op CCI-002355; has-member^op CCI-002357; has-member^op CCI-002358; has-member^op CCI-002359; has-member^op CCI-002361; has-member^op CCI-002363; has-member^op CCI-002364; has-member^op CCI-002381; has-member^op CCI-002382; has-member^op CCI-002384; has-member^op CCI-002385; has-member^op CCI-002394; has-member^op CCI-002397; has-member^op CCI-002400; has-member^op CCI-002403; has-member^op CCI-002409; has-member^op CCI-002411; has-member^op CCI-002420; has-member^op CCI-002421; has-member^op CCI-002422; has-member^op CCI-002423; has-member^op CCI-002425; has-member^op CCI-002426; has-member^op CCI-002460; has-member^op CCI-002462; has-member^op CCI-002463; has-member^op CCI-002464; has-member^op CCI-002465; has-member^op CCI-002466; has-member^op CCI-002467; has-member^op CCI-002468; has-member^op CCI-002470; has-member^op CCI-002475; has-member^op CCI-002476; has-member^op CCI-002530; has-member^op CCI-002531; has-member^op CCI-002533; has-member^op CCI-002536; has-member^op CCI-002546; has-member^op CCI-002605; has-member^op CCI-002607; has-member^op CCI-002613; has-member^op CCI-002614; has-member^op CCI-002617; has-member^op CCI-002618; has-member^op CCI-002630; has-member^op CCI-002631; has-member^op CCI-002661; has-member^op CCI-002662; has-member^op CCI-002684; has-member^op CCI-002688; has-member^op CCI-002689; has-member^op CCI-002690; has-member^op CCI-002691; has-member^op CCI-002710; has-member^op CCI-002711; has-member^op CCI-002712; has-member^op CCI-002715; has-member^op CCI-002716; has-member^op CCI-002717; has-member^op CCI-002718; has-member^op CCI-002723; has-member^op CCI-002724; has-member^op CCI-002726; has-member^op CCI-002729; has-member^op CCI-002740; has-member^op CCI-002743; has-member^op CCI-002746; has-member^op CCI-002748; has-member^op CCI-002749; has-member^op CCI-002771; has-member^op CCI-002824; has-member^op CCI-002883; has-member^op CCI-002890; has-member^op CCI-002891; has-member^op CCI-003014; has-member^op CCI-003123; version^dp "2022-04-05"

CCI-000015ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000015_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Account Locking; broader^op Domain Account Monitoring; broader^op Local Account Monitoring; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-05-13T00:00:00"^^date time

CCI-000016ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000016_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2009-05-13T00:00:00"^^date time

CCI-000017ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000017_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2009-05-13T00:00:00"^^date time

CCI-000018ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000018_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; exactly^op Domain Account Monitoring; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-05-13T00:00:00"^^date time

CCI-000020ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000020_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000022ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000022_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-05-13T00:00:00"^^date time

CCI-000025ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000025_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000027ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000027_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-05-13T00:00:00"^^date time

CCI-000029ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000029_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-05-13T00:00:00"^^date time

CCI-000030ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000030_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-05-13T00:00:00"^^date time

CCI-000032ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000032_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000034ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000034_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Inbound Traffic Filtering; broader^op Outbound Traffic Filtering; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-05-13T00:00:00"^^date time

CCI-000035ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000035_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Inbound Traffic Filtering; broader^op Outbound Traffic Filtering; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000037ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000037_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Local File Permissions; broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000040ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000040_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Authorization Event Thresholding; broader^op Local Account Monitoring; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000044ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000044_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000047ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000047_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000056ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000056_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000057ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000057_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2009-05-19T00:00:00"^^date time

CCI-000058ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000058_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2009-05-19T00:00:00"^^date time

CCI-000060ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000060_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2009-05-19T00:00:00"^^date time

CCI-000066ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000066_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Remote Terminal Session Detection; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000067ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000067_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Remote Terminal Session Detection; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000068ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000068_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Encrypted Tunnels; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000071ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000071_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Remote Terminal Session Detection; date published^dp "2009-05-19T00:00:00"^^date time

CCI-000139ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000139_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Daemon Monitoring; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000143ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000143_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Daemon Monitoring; date published^dp "2009-05-20T00:00:00"^^date time

CCI-000144ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000144_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Daemon Monitoring; date published^dp "2009-05-20T00:00:00"^^date time

CCI-000162ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000162_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Credential Hardening; date published^dp "2009-05-22T00:00:00"^^date time

CCI-000163ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000163_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Platform Hardening; narrower^op System Configuration Permissions; date published^dp "2009-05-22T00:00:00"^^date time

CCI-000164ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000164_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Platform Hardening; date published^dp "2009-05-22T00:00:00"^^date time

CCI-000185ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000185_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Credential Hardening; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000186ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000186_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Credential Hardening; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000187ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000187_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Credential Hardening; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000192ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000192_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000193ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000193_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000194ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000194_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000195ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000195_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000196ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000196_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000197ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000197_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000198ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000198_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000199ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000199_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2009-09-15T00:00:00"^^date time

CCI-000200ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000200_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2009-05-22T00:00:00"^^date time

CCI-000205ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000205_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2009-05-22T00:00:00"^^date time

CCI-000213ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000213_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Biometric Authentication; broader^op Certificate-based Authentication; broader^op Multi-factor Authentication; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000218ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000218_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000219ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000219_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000226ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000226_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Execution Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-14T00:00:00"^^date time

CCI-000346ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000346_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Local File Permissions; narrower^op Mandatory Access Control; narrower^op User Account Permissions; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000352ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000352_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Allowlisting; narrower^op Executable Denylisting; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000374ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000374_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Operating System Monitoring; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000381ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000381_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Platform Hardening; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000382ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000382_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Platform Hardening; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000386ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000386_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; exactly^op Executable Denylisting; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000417ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000417_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Execution Isolation; broader^op Network Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000663ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000663_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Execution Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-21T00:00:00"^^date time

CCI-000764ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000764_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Biometric Authentication; broader^op Certificate-based Authentication; broader^op Multi-factor Authentication; broader^op One-time Password; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-17T00:00:00"^^date time

CCI-000765ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000765_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Multi-factor Authentication; date published^dp "2009-09-17T00:00:00"^^date time

CCI-000766ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000766_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Multi-factor Authentication; date published^dp "2009-09-17T00:00:00"^^date time

CCI-000767ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000767_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Multi-factor Authentication; date published^dp "2009-09-17T00:00:00"^^date time

CCI-000768ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000768_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Multi-factor Authentication; date published^dp "2009-09-17T00:00:00"^^date time

CCI-000771ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000771_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Multi-factor Authentication; date published^dp "2009-09-17T00:00:00"^^date time

CCI-000772ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000772_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Multi-factor Authentication; date published^dp "2009-09-17T00:00:00"^^date time

CCI-000774ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000774_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op One-time Password; date published^dp "2009-09-17T00:00:00"^^date time

CCI-000776ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000776_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op One-time Password; date published^dp "2009-09-17T00:00:00"^^date time

CCI-000804ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000804_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Biometric Authentication; broader^op Certificate-based Authentication; broader^op Multi-factor Authentication; broader^op One-time Password; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-17T00:00:00"^^date time

CCI-000831ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000831_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Credential Eviction; broader^op Process Eviction; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000877ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000877_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Biometric Authentication; broader^op Certificate-based Authentication; broader^op Multi-factor Authentication; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000880ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000880_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Operating System Monitoring; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000884ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000884_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Credential Hardening; date published^dp "2009-09-18T00:00:00"^^date time

CCI-000888ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-000888_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Encrypted Tunnels; date published^dp "2009-09-18T00:00:00"^^date time

CCI-001009ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001009_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op File Encryption; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001019ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001019_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Disk Encryption; narrower^op File Encryption; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001067ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001067_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Platform Hardening; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001069ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001069_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Allowlisting; narrower^op Executable Denylisting; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001082ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001082_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Local File Permissions; broader^op Mandatory Access Control; broader^op System Configuration Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001083ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001083_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Local File Permissions; narrower^op Mandatory Access Control; narrower^op System Configuration Permissions; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001084ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001084_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Configuration Permissions; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001085ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001085_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Hardware-based Process Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001086ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001086_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Configuration Permissions; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001087ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001087_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Configuration Permissions; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001089ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001089_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Configuration Permissions; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001090ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001090_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Network Traffic Filtering; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001092ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001092_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001094ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001094_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001096ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001096_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Local File Permissions; narrower^op System Configuration Permissions; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001100ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001100_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001109ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001109_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; exactly^op Inbound Traffic Filtering; exactly^op Outbound Traffic Filtering; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001111ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001111_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001115ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001115_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001117ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001117_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001118ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001118_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Network Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001124ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001124_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Broadcast Domain Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001125ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001125_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001127ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001127_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Encrypted Tunnels; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001128ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001128_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Encrypted Tunnels; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001133ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001133_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Session Duration Analysis; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001144ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001144_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Disk Encryption; narrower^op File Encryption; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001145ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001145_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Disk Encryption; narrower^op File Encryption; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001146ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001146_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Disk Encryption; narrower^op File Encryption; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001147ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001147_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Disk Encryption; narrower^op File Encryption; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001150ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001150_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Remote Terminal Session Detection; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001166ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001166_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Dynamic Analysis; broader^op Emulated File Analysis; broader^op File Content Rules; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001169ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001169_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Denylisting; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001170ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001170_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Denylisting; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001178ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001178_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001185ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001185_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Authentication Cache Invalidation; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001199ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001199_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Disk Encryption; broader^op File Content Rules; broader^op File Encryption; broader^op File Hashing; broader^op Local File Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001200ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001200_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Disk Encryption; narrower^op File Encryption; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001210ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001210_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Driver Load Integrity Checking; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001211ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001211_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Application Configuration Hardening; date published^dp "2009-09-21T00:00:00"^^date time

CCI-001233ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001233_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Software Update; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001237ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001237_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Software Update; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001239ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001239_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op File Analysis; broader^op Network Traffic Analysis; broader^op Platform Monitoring; broader^op Process Analysis; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001242ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001242_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Dynamic Analysis; broader^op Emulated File Analysis; broader^op File Content Rules; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001262ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001262_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001297ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001297_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Driver Load Integrity Checking; broader^op File Hashing; broader^op Pointer Authentication; broader^op TPM Boot Integrity; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001305ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001305_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Message Authentication; broader^op Sender MTA Reputation Analysis; broader^op Sender Reputation Analysis; broader^op Transfer Agent Authentication; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001310ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001310_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Database Query String Analysis; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001350ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001350_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op File Encryption; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001352ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001352_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001356ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001356_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; exactly^op Authentication Event Thresholding; exactly^op Authorization Event Thresholding; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001368ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001368_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001372ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001372_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001373ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001373_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001374ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001374_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001376ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001376_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001377ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001377_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001399ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001399_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001400ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001400_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001401ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001401_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-22T00:00:00"^^date time

CCI-001403ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001403_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; exactly^op Domain Account Monitoring; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-24T00:00:00"^^date time

CCI-001404ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001404_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; exactly^op Domain Account Monitoring; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-24T00:00:00"^^date time

CCI-001405ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001405_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; exactly^op Domain Account Monitoring; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-24T00:00:00"^^date time

CCI-001414ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001414_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-24T00:00:00"^^date time

CCI-001424ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001424_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-25T00:00:00"^^date time

CCI-001425ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001425_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-25T00:00:00"^^date time

CCI-001426ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001426_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-25T00:00:00"^^date time

CCI-001427ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001427_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-25T00:00:00"^^date time

CCI-001428ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001428_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-25T00:00:00"^^date time

CCI-001436ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001436_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2009-09-25T00:00:00"^^date time

CCI-001452ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001452_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2009-05-25T00:00:00"^^date time

CCI-001453ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001453_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; exactly^op Encrypted Tunnels; member-of^op CCI Catalog v2022-04-05; date published^dp "2009-09-29T00:00:00"^^date time

CCI-001454ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001454_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Remote Terminal Session Detection; date published^dp "2009-09-29T00:00:00"^^date time

CCI-001493ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001493_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; date published^dp "2009-09-29T00:00:00"^^date time

CCI-001494ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001494_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Platform Hardening; narrower^op System Configuration Permissions; date published^dp "2009-09-29T00:00:00"^^date time

CCI-001495ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001495_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Platform Hardening; date published^dp "2009-09-29T00:00:00"^^date time

CCI-001496ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001496_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op File Encryption; date published^dp "2009-09-29T00:00:00"^^date time

CCI-001499ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001499_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Configuration Permissions; narrower^op User Account Permissions; date published^dp "2009-09-29T00:00:00"^^date time

CCI-001555ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001555_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2010-05-11T00:00:00"^^date time

CCI-001556ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001556_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2010-05-11T00:00:00"^^date time

CCI-001557ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001557_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Network Traffic Analysis; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2010-05-11T00:00:00"^^date time

CCI-001574ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001574_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2010-05-11T00:00:00"^^date time

CCI-001589ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001589_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Operating System Monitoring; date published^dp "2010-05-12T00:00:00"^^date time

CCI-001619ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001619_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2010-05-12T00:00:00"^^date time

CCI-001632ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001632_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; exactly^op Encrypted Tunnels; member-of^op CCI Catalog v2022-04-05; date published^dp "2010-05-12T00:00:00"^^date time

CCI-001662ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001662_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Dynamic Analysis; narrower^op Emulated File Analysis; narrower^op File Content Rules; date published^dp "2010-05-12T00:00:00"^^date time

CCI-001668ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001668_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op File Analysis; broader^op Network Traffic Analysis; broader^op Platform Monitoring; broader^op Process Analysis; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2010-05-12T00:00:00"^^date time

CCI-001677ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001677_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Message Authentication; broader^op Sender MTA Reputation Analysis; broader^op Sender Reputation Analysis; broader^op Transfer Agent Authentication; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2010-05-12T00:00:00"^^date time

CCI-001682ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001682_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2011-05-03T00:00:00"^^date time

CCI-001683ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001683_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Account Monitoring; date published^dp "2011-05-03T00:00:00"^^date time

CCI-001684ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001684_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Account Monitoring; date published^dp "2011-05-03T00:00:00"^^date time

CCI-001685ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001685_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Account Monitoring; date published^dp "2011-05-03T00:00:00"^^date time

CCI-001686ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001686_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Account Monitoring; date published^dp "2011-05-03T00:00:00"^^date time

CCI-001695ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001695_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Denylisting; date published^dp "2011-10-07T00:00:00"^^date time

CCI-001744ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001744_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Operating System Monitoring; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-02-28T00:00:00"^^date time

CCI-001749ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001749_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Allowlisting; narrower^op Executable Denylisting; date published^dp "2013-02-28T00:00:00"^^date time

CCI-001762ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001762_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Configuration Permissions; date published^dp "2013-02-28T00:00:00"^^date time

CCI-001764ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001764_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Executable Allowlisting; broader^op Executable Denylisting; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-02-28T00:00:00"^^date time

CCI-001767ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001767_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Denylisting; date published^dp "2013-02-28T00:00:00"^^date time

CCI-001774ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001774_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Allowlisting; date published^dp "2013-02-28T00:00:00"^^date time

CCI-001811ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001811_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op File Analysis; date published^dp "2013-03-01T00:00:00"^^date time

CCI-001812ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001812_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Allowlisting; narrower^op Executable Denylisting; date published^dp "2013-03-01T00:00:00"^^date time

CCI-001813ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001813_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-03-01T00:00:00"^^date time

CCI-001855ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001855_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Daemon Monitoring; date published^dp "2013-03-14T00:00:00"^^date time

CCI-001858ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001858_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Daemon Monitoring; date published^dp "2013-03-14T00:00:00"^^date time

CCI-001936ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001936_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Multi-factor Authentication; date published^dp "2013-05-03T00:00:00"^^date time

CCI-001937ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001937_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Multi-factor Authentication; date published^dp "2013-05-03T00:00:00"^^date time

CCI-001941ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001941_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op One-time Password; date published^dp "2013-05-03T00:00:00"^^date time

CCI-001953ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001953_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Biometric Authentication; broader^op Certificate-based Authentication; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-05-03T00:00:00"^^date time

CCI-001954ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001954_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Biometric Authentication; narrower^op Certificate-based Authentication; date published^dp "2013-05-03T00:00:00"^^date time

CCI-001957ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001957_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op One-time Password; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-05-03T00:00:00"^^date time

CCI-001991ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-001991_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Certificate-based Authentication; date published^dp "2013-05-03T00:00:00"^^date time

CCI-002005ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002005_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Biometric Authentication; date published^dp "2013-05-03T00:00:00"^^date time

CCI-002009ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002009_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Biometric Authentication; narrower^op Certificate-based Authentication; date published^dp "2013-05-03T00:00:00"^^date time

CCI-002010ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002010_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Biometric Authentication; narrower^op Certificate-based Authentication; date published^dp "2013-05-03T00:00:00"^^date time

CCI-002015ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002015_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Biometric Authentication; narrower^op Certificate-based Authentication; date published^dp "2013-05-03T00:00:00"^^date time

CCI-002016ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002016_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Biometric Authentication; narrower^op Certificate-based Authentication; date published^dp "2013-05-03T00:00:00"^^date time

CCI-002041ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002041_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Strong Password Policy; date published^dp "2013-05-03T00:00:00"^^date time

CCI-002145ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002145_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op User Account Permissions; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002165ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002165_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002169ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002169_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002178ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002178_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; narrower^op System Call Filtering; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002179ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002179_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; narrower^op System Call Filtering; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002201ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002201_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002205ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002205_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002207ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002207_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002211ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002211_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002218ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002218_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002233ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002233_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Denylisting; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002235ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002235_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; narrower^op System Configuration Permissions; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002238ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002238_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Account Locking; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002262ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002262_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002263ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002263_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002264ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002264_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002272ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002272_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002277ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002277_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002281ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002281_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002282ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002282_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002283ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002283_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002284ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002284_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002289ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002289_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002290ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002290_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002302ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002302_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002306ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002306_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op System Configuration Permissions; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002307ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002307_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op System Configuration Permissions; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002308ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002308_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op System Configuration Permissions; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002309ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002309_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op System Configuration Permissions; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002322ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002322_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Remote Terminal Session Detection; date published^dp "2013-06-24T00:00:00"^^date time

CCI-002346ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002346_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Database Query String Analysis; broader^op Disk Encryption; broader^op File Encryption; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-25T00:00:00"^^date time

CCI-002347ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002347_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op File Access Pattern Analysis; broader^op Input Device Analysis; broader^op Resource Access Pattern Analysis; broader^op User Data Transfer Analysis; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-25T00:00:00"^^date time

CCI-002353ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002353_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-25T00:00:00"^^date time

CCI-002355ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002355_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Mandatory Access Control; broader^op User Account Permissions; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-06-25T00:00:00"^^date time

CCI-002357ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002357_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; narrower^op User Account Permissions; date published^dp "2013-06-25T00:00:00"^^date time

CCI-002358ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002358_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; narrower^op User Account Permissions; date published^dp "2013-06-25T00:00:00"^^date time

CCI-002359ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002359_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Mandatory Access Control; narrower^op User Account Permissions; date published^dp "2013-06-25T00:00:00"^^date time

CCI-002361ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002361_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Process Termination; date published^dp "2013-06-26T00:00:00"^^date time

CCI-002363ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002363_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Process Termination; date published^dp "2013-06-26T00:00:00"^^date time

CCI-002364ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002364_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Process Termination; date published^dp "2013-06-26T00:00:00"^^date time

CCI-002381ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002381_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Hardware-based Process Isolation; broader^op Kernel-based Process Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002382ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002382_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Hardware-based Process Isolation; broader^op Kernel-based Process Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002384ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002384_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Network Traffic Filtering; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002385ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002385_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002394ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002394_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op System Configuration Permissions; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002397ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002397_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002400ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002400_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Outbound Traffic Filtering; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002403ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002403_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002409ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002409_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; narrower^op Outbound Traffic Filtering; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002411ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002411_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Hardware-based Process Isolation; broader^op IO Port Restriction; broader^op Kernel-based Process Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002420ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002420_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Encrypted Tunnels; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002421ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002421_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Encrypted Tunnels; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002422ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002422_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Encrypted Tunnels; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002423ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002423_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Encrypted Tunnels; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002425ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002425_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Encrypted Tunnels; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002426ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002426_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Encrypted Tunnels; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002460ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002460_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Denylisting; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002462ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002462_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002463ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002463_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002464ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002464_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002465ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002465_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002466ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002466_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Domain Trust Policy; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002467ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002467_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op DNS Traffic Analysis; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002468ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002468_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op DNS Traffic Analysis; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002470ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002470_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Certificate-based Authentication; narrower^op Certificate Pinning; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002475ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002475_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Disk Encryption; narrower^op File Encryption; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002476ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002476_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Disk Encryption; narrower^op File Encryption; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002530ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002530_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Hardware-based Process Isolation; broader^op Kernel-based Process Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002531ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002531_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Hardware-based Process Isolation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002533ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002533_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Kernel-based Process Isolation; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002536ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002536_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op RF Shielding; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002546ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002546_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op IO Port Restriction; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-02T00:00:00"^^date time

CCI-002605ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002605_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Software Update; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002607ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002607_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Software Update; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002613ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002613_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Software Update; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002614ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002614_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Software Update; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002617ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002617_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Software Update; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002618ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002618_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Software Update; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002630ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002630_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Script Execution Analysis; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002631ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002631_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Script Execution Analysis; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002661ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002661_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Inbound Traffic Filtering; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002662ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002662_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Outbound Traffic Filtering; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002684ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002684_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Network Traffic Analysis; broader^op Platform Monitoring; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002688ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002688_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op File Content Rules; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002689ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002689_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op File Content Rules; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002690ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002690_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op File Content Rules; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002691ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002691_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op File Content Rules; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002710ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002710_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Driver Load Integrity Checking; broader^op File Hashing; broader^op Pointer Authentication; broader^op TPM Boot Integrity; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002711ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002711_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op TPM Boot Integrity; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002712ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002712_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Driver Load Integrity Checking; broader^op File Hashing; broader^op Pointer Authentication; broader^op TPM Boot Integrity; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002715ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002715_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Driver Load Integrity Checking; narrower^op File Hashing; narrower^op Pointer Authentication; narrower^op TPM Boot Integrity; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002716ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002716_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op File Hashing; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002717ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002717_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op File Hashing; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002718ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002718_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op File Hashing; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002723ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002723_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Driver Load Integrity Checking; narrower^op File Hashing; narrower^op Pointer Authentication; narrower^op TPM Boot Integrity; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002724ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002724_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Driver Load Integrity Checking; narrower^op File Hashing; narrower^op Pointer Authentication; narrower^op TPM Boot Integrity; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002726ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002726_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Driver Load Integrity Checking; broader^op TPM Boot Integrity; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002729ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002729_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Driver Load Integrity Checking; broader^op TPM Boot Integrity; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002740ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002740_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Executable Allowlisting; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002743ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002743_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Sender MTA Reputation Analysis; broader^op Sender Reputation Analysis; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002746ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002746_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Database Query String Analysis; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002748ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002748_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Database Query String Analysis; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002749ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002749_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Database Query String Analysis; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002771ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002771_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Outbound Traffic Filtering; date published^dp "2013-07-11T00:00:00"^^date time

CCI-002824ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002824_v2022-04-05

belongs to: CCI Control^c
has facts: broader^op Dead Code Elimination; broader^op Process Segment Execution Prevention; broader^op Segment Address Offset Randomization; broader^op Stack Frame Canary Validation; contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-07-12T00:00:00"^^date time

CCI-002883ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002883_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op User Account Permissions; date published^dp "2013-07-22T00:00:00"^^date time

CCI-002890ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002890_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Encrypted Tunnels; date published^dp "2013-07-22T00:00:00"^^date time

CCI-002891ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-002891_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Remote Terminal Session Detection; date published^dp "2013-07-22T00:00:00"^^date time

CCI-003014ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-003014_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; exactly^op Mandatory Access Control; member-of^op CCI Catalog v2022-04-05; date published^dp "2013-08-30T00:00:00"^^date time

CCI-003123ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CCI-003123_v2022-04-05

belongs to: CCI Control^c
has facts: contributor^op DISA FSO; member-of^op CCI Catalog v2022-04-05; narrower^op Encrypted Tunnels; date published^dp "2013-09-24T00:00:00"^^date time

Central Processing Unitⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CentralProcessingUnit

has facts: contains^op Processor Register; may-contain^op Processor Cache Memory; may-contain^op Memory Management Unit; may-contain^op Memory Protection Unit
is also defined as: class

Certificateⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Certificate

has facts: contains^op Identifier; contains^op Public Key
is also defined as: class

Certificate Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateAnalysis

belongs to: Certificate Analysis^c; Network Traffic Analysis^c
has facts: analyzes^op Certificate File; d3fend-id^dp "D3-CA"; kb-reference^op Reference - Securing Web Transactions
is also defined as: class

Certificate Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateFile

has facts: contains^op Certificate
is also defined as: class

Certificate Pinningⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificatePinning

belongs to: Credential Hardening^c
has facts: authenticates^op Public Key; d3fend-id^dp "D3-CP"; kb-reference^op Reference - Certificate and Public Key Pinning; kb-reference^op Reference - End-to-end certificate pinning
is also defined as: class

Certificate Trust Storeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CertificateTrustStore

has facts: contains^op Certificate
is also defined as: class

Certificate-based Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Certificate-basedAuthentication

belongs to: Credential Hardening^c
has facts: d3fend-id^dp "D3-CBAN"; kb-reference^op Reference - Tokenless biometric transaction authorization method and system
is also defined as: class

Change Default File Associationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.001

has facts: modifies^op System Configuration Database Record
is also defined as: class

Clear Command Historyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.003

has facts: modifies^op Command History Log
is also defined as: class

Clear Linux or Mac System Logsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.002

has facts: modifies^op Operating System Log File
is also defined as: class

Clear Windows Event Logsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.001

has facts: modifies^op Event Log
is also defined as: class

Client-server Payload Profilingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Client-serverPayloadProfiling

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Network Traffic; d3fend-id^dp "D3-CSPP"; kb-reference^op Reference - Method and system for detecting malicious payloads - Vectra Networks Inc
is also defined as: class

Clipboard Dataⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1115

has facts: reads^op Clipboard
is also defined as: class

Cloud Accountⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.004

has facts: creates^op Cloud User Account
is also defined as: class

Cloud Accountsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.004

has facts: uses^op Cloud User Account
is also defined as: class

Cloud Instance Metadata APIⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.005

has facts: accesses^op Cloud Instance Metadata
is also defined as: class

Cloud Service Dashboardⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1538

has facts: accesses^op Cloud Configuration
is also defined as: class

Cloud Service Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1526

has facts: reads^op Cloud Configuration
is also defined as: class

Cloud Service Sensorⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CloudServiceSensor

has facts: monitors^op Cloud Service Authentication; monitors^op Cloud Service Authorization
is also defined as: class

Cloud Storage Object Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1619

has facts: accesses^op Cloud Storage
is also defined as: class

CM-14ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-14

belongs to: NIST Control^c
has facts: control-name^dp "Signed Components"; member-of^op NIST SP 800-53 R5; related^op Driver Load Integrity Checking; related^op Message Authentication

CM-5ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-5

belongs to: NIST Control^c
has facts: control-name^dp "Access Restrictions for Change"; member-of^op NIST SP 800-53 R5; narrower^op Executable Allowlisting; narrower^op Executable Denylisting; narrower^op Local Account Monitoring; narrower^op Mandatory Access Control

CM-5(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-5_1

belongs to: NIST Control^c
has facts: control-name^dp "Access Restrictions for Change | Automated Access Enforcement and Audit Records"; member-of^op NIST SP 800-53 R5; narrower^op Local Account Monitoring

CM-5(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-5_3

belongs to: NIST Control^c
has facts: control-name^dp "Access Restrictions for Change | Signed Components"; member-of^op NIST SP 800-53 R5; narrower^op Local Account Monitoring; narrower^op System Configuration Permissions

CM-5(5)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-5_5

belongs to: NIST Control^c
has facts: control-name^dp "Access Restrictions for Change | Privilege Limitation for Production and Operation"; member-of^op NIST SP 800-53 R5; narrower^op Local Account Monitoring; narrower^op System Configuration Permissions

CM-5(6)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-5_6

belongs to: NIST Control^c
has facts: control-name^dp "Access Restrictions for Change | Limit Library Privileges"; member-of^op NIST SP 800-53 R5; narrower^op Local Account Monitoring; narrower^op System Configuration Permissions

CM-6(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_CM-6_3

belongs to: NIST Control^c
has facts: broader^op Application Configuration Hardening; control-name^dp "Configuration Settings | Unauthorized Change Detection"; member-of^op NIST SP 800-53 R5

CMSTPⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.003

has facts: invokes^op Create Process; may-produce^op Network Traffic
is also defined as: class

Code Repositoriesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.003

has facts: reads^op Code Repository
is also defined as: class

Code Repositoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CodeRepository

has facts: contains^op Source Code
is also defined as: class

Code Signingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1045

belongs to: ATTACK Mitigation^c
has facts: related^op Driver Load Integrity Checking; related^op Executable Allowlisting; related^op Service Binary Verification

Code Signingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.002

has facts: enables^op Defense Evasion
is also defined as: class

Collectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Collection

belongs to: Offensive Tactic^c
is also defined as: class

Collection Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CollectionTechnique

has facts: enables^op Collection
is also defined as: class

Command And Controlⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandAndControl

belongs to: Offensive Tactic^c
is also defined as: class

Command and Control Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandAndControlTechnique

has facts: enables^op Command And Control
is also defined as: class

Command and Scripting Interpreter Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1059

has facts: executes^op Executable Script
is also defined as: class

Command History Log Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CommandHistoryLogFile

has facts: contains^op Command History Log
is also defined as: class

Communication Through Removable Mediaⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1092

has facts: modifies^op Removable Media Device
is also defined as: class

Compile After Deliveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.004

has facts: creates^op Executable File
is also defined as: class

Compiled HTML Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.001

has facts: invokes^op Create File; invokes^op Create Process
is also defined as: class

Compilerⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Compiler

has facts: reads^op Compiler Configuration File
is also defined as: class

Component Firmwareⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.002

has facts: modifies^op Firmware
is also defined as: class

Component Object Model Hijackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.015

has facts: loads^op Executable Binary; modifies^op System Configuration Database
is also defined as: class

Compromise Client Software Binaryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1554

has facts: modifies^op Client Application
is also defined as: class

Compromise Hardware Supply Chainⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.003

has facts: modifies^op Hardware Device
is also defined as: class

Compromise Software Dependencies and Development Toolsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.001

has facts: modifies^op Software
is also defined as: class

Compromise Software Supply Chainⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195.002

has facts: modifies^op Software
is also defined as: class

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-362

has facts: weakness of^op Shared Resource Access Function
is also defined as: class

Configuration Databaseⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationDatabase

has facts: contains^op Configuration Database Record
is also defined as: class

Configuration Inventoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConfigurationInventory

belongs to: Asset Inventory^c
has facts: d3fend-id^dp "D3-CI"; inventories^op Configuration Resource; kb-reference^op Reference - Web-Based Enterprise Management; kb-reference^op Reference - Windows Management Infrastructure (MI); kb-reference^op Reference - Windows Management Instrumentation (WMI)
is also defined as: class

Confluenceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.001

has facts: accesses^op Web File Resource
is also defined as: class

Connect Socketⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectSocket

has facts: connects^op Pipe
is also defined as: class

Connected Honeynetⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectedHoneynet

belongs to: Decoy Environment^c
has facts: d3fend-id^dp "D3-CHN"; kb-reference^op Reference - Modification of a Server to Mimic a Deception Mechanism - Acalvio Technologies Inc; spoofs^op Local Area Network
is also defined as: class

Connection Attempt Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ConnectionAttemptAnalysis

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Intranet Network Traffic; d3fend-id^dp "D3-CAA"; kb-reference^op Reference - Detecting network reconnaissance by tracking intranet dark-net communications - VECTRA NETWORKS Inc
is also defined as: class

Container Runtimeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ContainerRuntime

has facts: runs^op Container Image
is also defined as: class

Control Panel Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.002

has facts: invokes^op Create Process; may-modify^op System Configuration Database Record
is also defined as: class

Copy Memory Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CopyMemoryFunction

has facts: copies^op Memory Block
is also defined as: class

Copy Tokenⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CopyToken

belongs to: Copy Token^c
has facts: copies^op Access Token
is also defined as: class

COR_PROFILERⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.012

has facts: adds^op Shared Library File; modifies^op System Configuration Database Record
is also defined as: class

Create Accountⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1136

has facts: creates^op User Account
is also defined as: class

Create Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateFile

has facts: creates^op File
is also defined as: class

Create Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateProcess

has facts: creates^op Process
is also defined as: class

Create Process with Tokenⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.002

has facts: copies^op Access Token; may-modify^op Event Log
is also defined as: class

Create Socketⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateSocket

has facts: creates^op Pipe
is also defined as: class

Create Threadⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CreateThread

has facts: creates^op Thread
is also defined as: class

Credentialⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Credential

has facts: authenticates^op User Account
is also defined as: class

Credential Accessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialAccess

belongs to: Offensive Tactic^c
is also defined as: class

Credential Access Protectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1043

belongs to: ATTACK Mitigation^c
has facts: related^op Hardware-based Process Isolation

Credential Access Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialAccessTechnique

has facts: accesses^op Credential; enables^op Credential Access; may-access^op Password File; may-invoke^op Create Process
is also defined as: class

Credential API Hookingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.004

has facts: may-modify^op Process Code Segment
is also defined as: class

Credential Compromise Scope Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialCompromiseScopeAnalysis

belongs to: User Behavior Analysis^c
has facts: analyzes^op Credential; d3fend-id^dp "D3-CCSA"; kb-reference^op Reference - CAR-2015-07-001: All Logins Since Last Boot - MITRE; kb-reference^op Reference - Systems and methods for detecting credential theft - Symantec Corp
is also defined as: class

Credential Evictionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialEviction

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-CE"; enables^op Evict
is also defined as: class

Credential Hardeningⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialHardening

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-CH"; enables^op Harden
is also defined as: class

Credential Revokingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialRevoking

belongs to: Credential Eviction^c
has facts: d3fend-id^dp "D3-CR"; deletes^op Credential; kb-reference^op Reference - Revoke a previously issued verifiable credential - Microsoft
is also defined as: class

Credential Stuffingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.004

has facts: may-create^op Intranet Administrative Network Traffic; modifies^op Authentication Log; produces^op Authentication
is also defined as: class

Credential Transmission Scopingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CredentialTransmissionScoping

belongs to: Credential Hardening^c
has facts: d3fend-id^dp "D3-CTS"; kb-reference^op Reference - Web Authentication: An API for accessing Public Key Credentials Level 2; restricts^op Credential
is also defined as: class

Credentials from Password Storesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555

has facts: accesses^op Password Store; may-access^op Database File
is also defined as: class

Credentials from Web Browsersⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.003

has facts: accesses^op Database File; may-access^op In-memory Password Store; may-invoke^op Read File
is also defined as: class

Credentials in Filesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.001

has facts: accesses^op File
is also defined as: class

Credentials in Registryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.002

has facts: accesses^op System Configuration Database
is also defined as: class

Cross-Site Request Forgery (CSRF)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-352

has facts: weakness of^op User Input Function
is also defined as: class

Data Backupⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1053

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "Comprehensive IT disaster recovery plans are outside the current scope of D3FEND."

Data Encodingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1132

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

Data Exchange Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DataExchangeMapping

belongs to: System Mapping^c
has facts: d3fend-id^dp "D3-DEM"; kb-reference^op Reference - Catia UAF Plugin; kb-reference^op Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resources; kb-reference^op Reference - Unified Architecture Framework (UAF); maps^op Data Dependency
is also defined as: class

Data from Information Repositoriesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213

has facts: accesses^op Resource
is also defined as: class

Data from Local Systemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1005

has facts: accesses^op File; accesses^op Local Resource
is also defined as: class

Data from Network Shared Driveⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1039

has facts: accesses^op Network File Share Resource
is also defined as: class

Data from Removable Mediaⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1025

has facts: accesses^op Removable Media Device
is also defined as: class

Data Inventoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DataInventory

belongs to: Asset Inventory^c
has facts: d3fend-id^dp "D3-DI"; inventories^op Database; inventories^op Document File; inventories^op Email; inventories^op Multimedia Document File; kb-reference^op Reference - Data processing and scanning systems for generating and populating a data inventory
is also defined as: class

Data Obfuscationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1001

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

Data Stagedⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074

has facts: reads^op Resource
is also defined as: class

Data Transfer Size Limitsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1030

has facts: produces^op Internet Network Traffic
is also defined as: class

Database Query String Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseQueryStringAnalysis

belongs to: Process Analysis^c
has facts: analyzes^op Database Query; d3fend-id^dp "D3-DQSA"; kb-reference^op Reference - System and method for internet security - Cylance Inc
is also defined as: class

Database Serverⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DatabaseServer

has facts: contains^op Database
is also defined as: class

DCSyncⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.006

has facts: may-modify^op Event Log; produces^op Intranet Administrative Network Traffic
is also defined as: class

Dead Code Eliminationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DeadCodeElimination

belongs to: Application Hardening^c
has facts: d3fend-id^dp "D3-DCE"; kb-reference^op Reference - Dead code elimination
is also defined as: class

Deceiveⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Deceive

belongs to: Defensive Tactic^c
is also defined as: class

Decoy Artifactⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyArtifact

has facts: may-contain^op Digital Artifact
is also defined as: class

Decoy Environmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyEnvironment

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-DE"; enables^op Deceive; manages^op Decoy Artifact
is also defined as: class

Decoy Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyFile

belongs to: Decoy Object^c
has facts: d3fend-id^dp "D3-DF"; kb-reference^op Reference - Open source intelligence deceptions - Illusive Networks Ltd; kb-reference^op Reference - System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Inc; kb-reference^op Reference - System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system - Palo Alto Networks Inc; kb-reference^op Reference - Supply chain cyber-deception - Cymmetria, Inc.; spoofs^op File
is also defined as: class

Decoy Network Resourceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyNetworkResource

belongs to: Decoy Object^c
has facts: d3fend-id^dp "D3-DNR"; kb-reference^op Reference - Automatically generating network resource groups and assigning customized decoy policies thereto - Illusive Networks Ltd; kb-reference^op Reference - Deception-Based Responses to Security Attacks - Crowdstrike Inc; kb-reference^op Reference - Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network - Palo Alto Networks Inc; kb-reference^op Reference - System and method for identifying the presence of malware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Inc; spoofs^op Network Resource
is also defined as: class

Decoy Objectⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyObject

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-DO"; enables^op Deceive
is also defined as: class

Decoy Personaⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyPersona

belongs to: Decoy Object^c
has facts: d3fend-id^dp "D3-DP"; kb-reference^op Reference - Decoy Personas for Safeguarding Online Identity Using Deception - MITRE; kb-reference^op Reference - Decoy and deceptive data object technology - Cymmetria, Inc.; spoofs^op User
is also defined as: class

Decoy Public Releaseⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyPublicRelease

belongs to: Decoy Object^c
has facts: d3fend-id^dp "D3-DPR"; kb-reference^op Reference - Mock attack cybersecurity training system and methods - WOMBAT SECURITY TECHNOLOGIES Inc
is also defined as: class

Decoy Session Tokenⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoySessionToken

belongs to: Decoy Object^c
has facts: d3fend-id^dp "D3-DST"; kb-reference^op Reference - Decoy and deceptive data object technology - Cymmetria Inc; spoofs^op Access Token
is also defined as: class

Decoy User Credentialⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DecoyUserCredential

belongs to: Decoy Object^c
has facts: d3fend-id^dp "D3-DUC"; kb-reference^op Reference - Decoy and deceptive data object technology - Cymmetria Inc; kb-reference^op Reference - Decoy Network-Based Service for Deceiving Attackers - Amazon Technologies; kb-reference^op Reference - System and method for identifying the presence of malware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Inc; spoofs^op Credential
is also defined as: class

Default Accountsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.001

has facts: uses^op Default User Account
is also defined as: class

Defense Evasionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefenseEvasion

belongs to: Offensive Tactic^c
is also defined as: class

Defense Evasion Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefenseEvasionTechnique

has facts: enables^op Defense Evasion
is also defined as: class

Defensive Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DefensiveTechnique

belongs to: Technique^c
is also defined as: class

Deobfuscate/Decode Files or Informationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1140

has facts: invokes^op Create Process; may-add^op Executable File; may-modify^op Event Log
is also defined as: class

Dependencyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Dependency

has facts: dependent^op D3FEND Thing; provider^op D3FEND Thing
is also defined as: class

Deserialization of Untrusted Dataⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-502

has facts: may be weakness of^op User Input Function; weakness of^op Deserialization Function
is also defined as: class

Detectⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Detect

belongs to: Defensive Tactic^c
is also defined as: class

Direct Network Floodⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498.001

has facts: creates^op Inbound Internet Network Traffic
is also defined as: class

Direct Volume Accessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1006

has facts: accesses^op Volume
is also defined as: class

Directoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Directory

has facts: may-contain^op File
is also defined as: class

DISA FSOⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DISA_FSO

belongs to: Organization^c

Disable or Modify System Firewallⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.004

has facts: modifies^op System Firewall Configuration
is also defined as: class

Disable or Modify Toolsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.001

has facts: disables^op Operating System Process
is also defined as: class

Disable or Remove Feature or Programⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1042

belongs to: ATTACK Mitigation^c
has facts: related^op Application Configuration Hardening; related^op Executable Denylisting; related^op Mandatory Access Control

Disable Windows Event Loggingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.002

has facts: may-modify^op Application Configuration; may-modify^op Operating System Configuration Component
is also defined as: class

Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Discovery

belongs to: Offensive Tactic^c
is also defined as: class

Discovery Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DiscoveryTechnique

has facts: enables^op Discovery
is also defined as: class

Disk Content Wipeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561.001

has facts: may-modify^op Boot Sector; may-modify^op Partition; may-modify^op Partition Table; may-modify^op Volume; modifies^op Block Device
is also defined as: class

Disk Encryptionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DiskEncryption

belongs to: Platform Hardening^c
has facts: d3fend-id^dp "D3-DENCR"; encrypts^op Storage; kb-reference^op Reference - LUKS1 On-Disk Format SpecificationVersion 1.2.3
is also defined as: class

Disk Structure Wipeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1561.002

has facts: may-modify^op Boot Sector; may-modify^op Partition Table
is also defined as: class

Display Device Driverⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DisplayDeviceDriver

has facts: drives^op Display Adapter
is also defined as: class

DLL Search Order Hijackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.001

has facts: may-create^op Shared Library File
is also defined as: class

DLL Side-Loadingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.002

has facts: may-create^op Shared Library File; may-modify^op Shared Library File
is also defined as: class

DNSⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.004

has facts: produces^op Outbound Internet DNS Lookup Traffic
is also defined as: class

DNS Allowlistingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSAllowlisting

belongs to: Network Isolation^c
has facts: blocks^op Outbound Internet DNS Lookup Traffic; d3fend-id^dp "D3-DNSAL"; kb-reference^op Reference - DNS Whitelist (DNSWL) Email Authentication Method Extension
is also defined as: class

DNS Denylistingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSDenylisting

belongs to: Network Isolation^c
has facts: blocks^op DNS Network Traffic; d3fend-id^dp "D3-DNSDL"; kb-reference^op Reference - Use DNS Policy for Applying Filters on DNS Queries
is also defined as: class

DNS Traffic Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DNSTrafficAnalysis

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Outbound Internet DNS Lookup Traffic; d3fend-id^dp "D3-DNSTA"; kb-reference^op Reference - Domain age registration alert - Inc Rapid7 Inc RAPID7 Inc; kb-reference^op Reference - Heuristic botnet detection - Palo Alto Networks Inc; kb-reference^op Reference - Method and system for detecting algorithm-generated domains - VECTRA NETWORKS Inc; kb-reference^op Reference - Predicting Domain Generation Algorithms with Long Short-Term Memory Networks; kb-reference^op Reference - Sinkholing bad network domains by registering the bad network domains on the internet - Palo Alto Networks Inc; may-contain^op DNS Lookup
is also defined as: class

Do Not Mitigateⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1055

belongs to: ATTACK Mitigation^c

Document Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DocumentFile

has facts: may-contain^op Executable Script
is also defined as: class

Domain Accountⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.002

has facts: creates^op Domain User Account
is also defined as: class

Domain Account Monitoringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainAccountMonitoring

belongs to: User Behavior Analysis^c
has facts: d3fend-id^dp "D3-DAM"; kb-reference^op Reference - Audit User Account Management; monitors^op Domain User Account
is also defined as: class

Domain Accountsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.002

has facts: uses^op Domain User Account
is also defined as: class

Domain Frontingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.004

has facts: produces^op Outbound Internet Encrypted Web Traffic
is also defined as: class

Domain Nameⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainName

has facts: identifies^op IP Address
is also defined as: class

Domain Name Reputation Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainNameReputationAnalysis

belongs to: Identifier Reputation Analysis^c
has facts: analyzes^op Domain Name; d3fend-id^dp "D3-DNRA"; kb-reference^op Reference - Database for receiving, storing and compiling information about email messages; kb-reference^op Reference - Finding phishing sites
is also defined as: class

Domain Registrationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainRegistration

has facts: may-contain^op Domain Name
is also defined as: class

Domain Trust Policyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DomainTrustPolicy

belongs to: Credential Hardening^c
has facts: d3fend-id^dp "D3-DTP"; kb-reference^op Reference - How trust relationships work for resource forests in Azure Active Directory Domain Services; restricts^op Directory Service; restricts^op Domain Account
is also defined as: class

Double File Extensionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.007

has facts: modifies^op File System Metadata
is also defined as: class

Downgrade Attackⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.010

has facts: accesses^op Legacy System
is also defined as: class

Drive-by Compromiseⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1189

has facts: modifies^op Process Segment; produces^op Outbound Internet Network Traffic; produces^op URL
is also defined as: class

Driver Load Integrity Checkingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DriverLoadIntegrityChecking

belongs to: Platform Hardening^c
has facts: authenticates^op Hardware Driver; d3fend-id^dp "D3-DLIC"; kb-reference^op Reference - Integrity assurance through early loading in the boot phase - Crowdstrike Inc; kb-reference^op Reference - Protected computing environment - Microsoft Technology Licensing LLC
is also defined as: class

Dylib Hijackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.004

has facts: may-create^op Shared Library File; may-modify^op Shared Library File
is also defined as: class

Dynamic Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#DynamicAnalysis

belongs to: File Analysis^c
has facts: analyzes^op Document File; analyzes^op Executable File; d3fend-id^dp "D3-DA"; kb-reference^op Reference - Malware analysis system - Palo Alto Networks Inc; kb-reference^op Reference - Use of an application controller to monitor and control software file and application environments - Sophos Ltd
is also defined as: class

Dynamic Resolutionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1568

has facts: produces^op Outbound Internet DNS Lookup Traffic
is also defined as: class

Dynamic-link Library Injectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.001

has facts: adds^op Shared Library File; invokes^op System Call; loads^op Shared Library File
is also defined as: class

Elevated Execution with Promptⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.004

has facts: creates^op System Configuration Database; invokes^op System Call
is also defined as: class

Emailⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Email

has facts: may-contain^op File; may-contain^op URL
is also defined as: class

Email Attachmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailAttachment

has facts: attached-to^op Email
is also defined as: class

Email Collectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114

has facts: accesses^op Resource
is also defined as: class

Email Forwarding Ruleⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.003

has facts: modifies^op Application Configuration
is also defined as: class

Email Hiding Rulesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.008

has facts: may-create^op Email Rule; may-modify^op Email Rule; modifies^op Application Configuration
is also defined as: class

Email Removalⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmailRemoval

belongs to: File Removal^c
has facts: d3fend-id^dp "D3-ER"; deletes^op Email; kb-reference^op Reference - System and method for scanning remote services to locate stored objects with malware; may-access^op Mail Server
is also defined as: class

Emondⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.014

has facts: may-create^op Property List File; may-modify^op Property List File; modifies^op Configuration Resource
is also defined as: class

Emulated File Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EmulatedFileAnalysis

belongs to: File Analysis^c
has facts: analyzes^op Document File; analyzes^op Executable File; d3fend-id^dp "D3-EFA"; kb-reference^op Reference - Network-level polymorphic shellcode detection using emulation
is also defined as: class

Enclaveⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Enclave

has facts: may-contain^op Local Area Network
is also defined as: class

Encrypt Sensitive Informationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1041

belongs to: ATTACK Mitigation^c
has facts: related^op Disk Encryption; related^op Encrypted Tunnels; related^op File Encryption; related^op Message Encryption

Encrypted Channelⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573

has facts: produces^op Outbound Internet Encrypted Traffic
is also defined as: class

Encrypted Tunnelsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EncryptedTunnels

belongs to: Network Isolation^c
has facts: d3fend-id^dp "D3-ET"; isolates^op Intranet Network; kb-reference^op Reference - Security Architecture for the Internet Protocol
is also defined as: class

Endpoint Health Beaconⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EndpointHealthBeacon

belongs to: Operating System Monitoring^c
has facts: d3fend-id^dp "D3-EHB"; kb-reference^op Reference - Intrusion detection using a heartbeat - Sophos Ltd
is also defined as: class

Environment Variable Permissionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1039

belongs to: ATTACK Mitigation^c
has facts: related^op Application Configuration Hardening; related^op System File Analysis

Eval Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#EvalFunction

has facts: invokes^op Subroutine
is also defined as: class

Evictⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Evict

belongs to: Defensive Tactic^c
is also defined as: class

Exception Handler Pointer Validationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExceptionHandlerPointerValidation

belongs to: Application Hardening^c
has facts: d3fend-id^dp "D3-EHPV"; kb-reference^op Reference - /SAFESEH (Image has Safe Exception Handlers) - Microsoft Docs; validates^op Pointer
is also defined as: class

Exchange Email Delegate Permissionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.002

has facts: modifies^op Domain User Account
is also defined as: class

Executable Allowlistingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableAllowlisting

belongs to: Platform Hardening^c
has facts: blocks^op Executable File; d3fend-id^dp "D3-EAL"; kb-reference^op Reference - Enhancing Network Security By Preventing User-Initiated Malware Execution - MITRE; kb-reference^op Reference - Computing apparatus with automatic integrity reference generation and maintenance - Tripwire, Inc.; restricts^op Create Process
is also defined as: class

Executable Binaryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableBinary

has facts: contains^op Image Code Segment; contains^op Image Data Segment; may-interpret^op Executable Script
is also defined as: class

Executable Denylistingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableDenylisting

belongs to: Execution Isolation^c
has facts: blocks^op Executable File; d3fend-id^dp "D3-EDL"; kb-reference^op Reference - Method and apparatus for increasing the speed at which computer viruses are detected - McAfee LLC; kb-reference^op Reference - Content extractor and analysis system - Bit 9 Inc, Carbon Black Inc; restricts^op Create Process
is also defined as: class

Executable Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutableFile

has facts: contains^op Subroutine
is also defined as: class

Executable Installer File Permissions Weaknessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.005

has facts: modifies^op Service Application
is also defined as: class

Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Execution

belongs to: Offensive Tactic^c
is also defined as: class

Execution Isolationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutionIsolation

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-EI"; enables^op Isolate
is also defined as: class

Execution Preventionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1038

belongs to: ATTACK Mitigation^c
has facts: related^op Driver Load Integrity Checking; related^op Executable Allowlisting; related^op Executable Denylisting; related^op Process Segment Execution Prevention

Execution Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExecutionTechnique

has facts: enables^op Execution
is also defined as: class

Exfiltrationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Exfiltration

belongs to: Offensive Tactic^c
is also defined as: class

Exfiltration Over Alternative Protocolⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048

has facts: produces^op Internet Network Traffic
is also defined as: class

Exfiltration Over Asymmetric Encrypted Non-C2 Protocolⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.002

has facts: may-transfer^op Certificate File; produces^op Outbound Internet Encrypted Traffic
is also defined as: class

Exfiltration Over C2 Channelⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1041

has facts: may-transfer^op Certificate File; produces^op Internet Network Traffic
is also defined as: class

Exfiltration Over Other Network Mediumⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1011

has facts: produces^op Internet Network Traffic
is also defined as: class

Exfiltration Over Symmetric Encrypted Non-C2 Protocolⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.001

has facts: produces^op Outbound Internet Encrypted Traffic
is also defined as: class

Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocolⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1048.003

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

Exfiltration over USBⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1052.001

has facts: modifies^op Removable Media Device
is also defined as: class

Exfiltration Over Web Serviceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567

has facts: produces^op Outbound Internet Web Traffic
is also defined as: class

Exfiltration Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ExfiltrationTechnique

has facts: enables^op Exfiltration
is also defined as: class

Exfiltration to Cloud Storageⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567.002

has facts: produces^op Outbound Internet Encrypted Web Traffic
is also defined as: class

Exfiltration to Code Repositoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1567.001

has facts: may-produce^op Outbound Internet Encrypted Remote Terminal Traffic; may-produce^op Outbound Internet Encrypted Web Traffic
is also defined as: class

Exploit Protectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1050

belongs to: ATTACK Mitigation^c
has facts: related^op Application Hardening; related^op Exception Handler Pointer Validation; related^op Inbound Traffic Filtering; related^op Shadow Stack Comparisons

Exploit Public-Facing Applicationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1190

has facts: injects^op Database Query; modifies^op Process Segment; produces^op Inbound Internet Network Traffic
is also defined as: class

Exploitation for Client Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1203

has facts: modifies^op Process Code Segment; modifies^op Stack Frame
is also defined as: class

Exploitation for Credential Accessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1212

has facts: may-access^op Authentication Service; may-access^op Credential Management System; may-modify^op Process Code Segment; may-modify^op Stack Frame
is also defined as: class

Exploitation for Defense Evasionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1211

has facts: may-modify^op Process Code Segment; may-modify^op Stack Frame
is also defined as: class

Exploitation for Privilege Escalationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1068

has facts: enables^op Privilege Escalation; may-modify^op Stack Frame; modifies^op Process Code Segment
is also defined as: class

Exploitation of Remote Servicesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1210

has facts: may-modify^op Process Code Segment; may-modify^op Process Segment; may-modify^op Stack Frame; produces^op Intranet Network Traffic
is also defined as: class

Exploitation of Transient Instruction Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CAPEC-663

belongs to: Common Attack Pattern^c
has facts: capec-id^dp "CAPEC-553"
is also defined as: class

External Defacementⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491.002

has facts: modifies^op Network Resource
is also defined as: class

External Proxyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.002

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

External Remote Servicesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1133

has facts: produces^op Authentication; produces^op Authorization; produces^op Network Session
is also defined as: class

Fallback Channelsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1008

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#File

has facts: contains^op File Section; may-contain^op File; may-contain^op URL
is also defined as: class

File Access Pattern Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileAccessPatternAnalysis

belongs to: Process Analysis^c
has facts: analyzes^op Local Resource Access; d3fend-id^dp "D3-FAPA"; kb-reference^op Reference - File-modifying malware detection - Crowdstrike Inc
is also defined as: class

File Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileAnalysis

belongs to: Defensive Technique^c
has facts: analyzes^op File; d3fend-id^dp "D3-FA"; enables^op Detect
is also defined as: class

File and Directory Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1083

has facts: accesses^op Directory; accesses^op File
is also defined as: class

File and Directory Permissions Modificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1222

has facts: modifies^op Access Control Configuration
is also defined as: class

File Carvingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileCarving

belongs to: Network Traffic Analysis^c
has facts: analyzes^op File Transfer Network Traffic; d3fend-id^dp "D3-FC"; kb-reference^op Reference - Computer Worm Defense System and Method - FireEye Inc
is also defined as: class

File Content Rulesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileContentRules

belongs to: File Analysis^c
has facts: d3fend-id^dp "D3-FCR"; kb-reference^op Reference - Computational modeling and classification of data streams - Crowdstrike Inc; kb-reference^op Reference - Detecting script-based malware - Crowdstrike Inc; kb-reference^op Reference - Distributed meta-information query in a network - Bit 9 Inc; kb-reference^op Reference - System and methods thereof for logical identification of malicious threats across a plurality of end-point devices (epd) communicatively connected by a network - Palo Alto Networks IncCyber Secdo Ltd
is also defined as: class

File Creation Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileCreationAnalysis

belongs to: System Call Analysis^c
has facts: analyzes^op Create File; d3fend-id^dp "D3-FCA"; kb-reference^op Reference - CAR-2019-07-002: Lsass Process Dump via Procdump - MITRE; kb-reference^op Reference - CAR-2020-09-001: Scheduled Task - FileAccess - MITRE
is also defined as: class

File Deletionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.004

has facts: deletes^op File; may-modify^op File
is also defined as: class

File Encryptionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileEncryption

belongs to: Platform Hardening^c
has facts: d3fend-id^dp "D3-FE"; encrypts^op File; kb-reference^op Reference - Method for file encryption
is also defined as: class

File Evictionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileEviction

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-FEV"; enables^op Evict
is also defined as: class

File Hashⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHash

has facts: identifies^op File
is also defined as: class

File Hash Reputation Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHashReputationAnalysis

belongs to: Identifier Reputation Analysis^c
has facts: analyzes^op File Hash; d3fend-id^dp "D3-FHRA"; kb-reference^op Reference - Reputation of an entity associated with a content item
is also defined as: class

File Hashingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileHashing

belongs to: File Analysis^c
has facts: d3fend-id^dp "D3-FH"; kb-reference^op Reference - Munin
is also defined as: class

File Path Open Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FilePathOpenFunction

has facts: accesses^op File; invokes^op Open File
is also defined as: class

File Removalⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileRemoval

belongs to: File Eviction^c
has facts: d3fend-id^dp "D3-FR"; deletes^op File; kb-reference^op Reference - How Does Antivirus Quarantine Work? - Safety Detectives; may-access^op File Server
is also defined as: class

File Systemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystem

has facts: contains^op Directory; contains^op File; contains^op File System Link; contains^op File System Metadata
is also defined as: class

File System Sensorⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FileSystemSensor

has facts: monitors^op File
is also defined as: class

File Transfer Protocolsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.002

has facts: produces^op Outbound Internet File Transfer Traffic
is also defined as: class

Filter Network Trafficⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1037

belongs to: ATTACK Mitigation^c
has facts: related^op Network Isolation

Firmware Behavior Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareBehaviorAnalysis

belongs to: Platform Monitoring^c
has facts: analyzes^op Firmware; d3fend-id^dp "D3-FBA"; kb-reference^op Reference - Firmware Behavior Analysis ConFirm; kb-reference^op Reference - Firmware Behavior Analysis VIPER
is also defined as: class

Firmware Embedded Monitoring Codeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareEmbeddedMonitoringCode

belongs to: Platform Monitoring^c
has facts: analyzes^op Firmware; d3fend-id^dp "D3-FEMC"; kb-reference^op Reference - Firmware Embedded Monitoring Code Red Balloon; kb-reference^op Reference - Firmware Embedded Monitoring Code Symbiotes
is also defined as: class

Firmware Sensorⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareSensor

has facts: monitors^op Firmware
is also defined as: class

Firmware Verificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FirmwareVerification

belongs to: Platform Monitoring^c
has facts: d3fend-id^dp "D3-FV"; kb-reference^op Reference - Firmware Verification Eclypsium; kb-reference^op Reference - Firmware Verification Trapezoid; kb-reference^op Reference - Platform Firmware Resiliency Guidelines - NIST; verifies^op Firmware
is also defined as: class

Forced Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1187

has facts: may-modify^op Windows Shortcut File; modifies^op Authentication Log; produces^op Authentication
is also defined as: class

Forward Resolution Domain Denylistingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardResolutionDomainDenylisting

belongs to: DNS Denylisting^c
has facts: blocks^op Outbound Internet DNS Lookup Traffic; d3fend-id^dp "D3-FRDDL"; kb-reference^op Reference - Use DNS Policy for Applying Filters on DNS Queries
is also defined as: class

Forward Resolution IP Denylistingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ForwardResolutionIPDenylisting

belongs to: DNS Denylisting^c
has facts: blocks^op Inbound Internet DNS Response Traffic; d3fend-id^dp "D3-FRIDL"; kb-reference^op Reference - Use DNS Policy for Applying Filters on DNS Queries
is also defined as: class

FQDN Domain Nameⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FQDNDomainName

belongs to: Domain Name^c

Free Memoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#FreeMemory

has facts: deletes^op Memory Block
is also defined as: class

Gatekeeper Bypassⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.001

has facts: modifies^op File System Metadata
is also defined as: class

get foreground windowⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetForegroundWindow

is defined by: https://d3fend.mitre.org/ontologies/d3fend.owl

belongs to: Get Open Windows^c

Get Open Socketsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetOpenSockets

has facts: enumerates^op Pipe
is also defined as: class

Get System Config Valueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GetSystemConfigValue

has facts: reads^op System Configuration Database Record
is also defined as: class

GNU GCC StackGuardⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#GNUGCCStackGuard

belongs to: Stack Frame Canary Validation^c

Golden Ticketⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.001

has facts: forges^op Kerberos Ticket Granting Ticket
is also defined as: class

Group Policy Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1615

has facts: reads^op Group Policy
is also defined as: class

Group Policy Modificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1484

has facts: modifies^op Group Policy
is also defined as: class

Group Policy Preferencesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.006

has facts: accesses^op Group Policy
is also defined as: class

GUI Input Captureⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.002

has facts: accesses^op Graphical User Interface
is also defined as: class

Hardenⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Harden

belongs to: Defensive Tactic^c
is also defined as: class

Hardware Additionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1200

has facts: connects^op Hardware Device
is also defined as: class

Hardware Component Inventoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareComponentInventory

belongs to: Asset Inventory^c
has facts: d3fend-id^dp "D3-HCI"; inventories^op Hardware Device; kb-reference^op Reference - Advanced device matching system
is also defined as: class

Hardware Driverⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HardwareDriver

has facts: drives^op Hardware Device
is also defined as: class

Hardware-based Process Isolationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Hardware-basedProcessIsolation

belongs to: Execution Isolation^c
has facts: d3fend-id^dp "D3-HBPI"; isolates^op Process; kb-reference^op Reference - Virtualized process isolation - Advanced Micro Devices Inc; kb-reference^op Reference - Approaches for securing an internet endpoint using fine-grained operating system virtualization - Bromium, Inc.; kb-reference^op Reference - Isolation of applications within a virtual machine - Bromium, Inc.; restricts^op Create Process
is also defined as: class

Hidden File Systemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.005

has facts: may-modify^op System Configuration Database; modifies^op Storage
is also defined as: class

Hidden Files and Directoriesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.001

has facts: modifies^op File System Metadata
is also defined as: class

Hidden Usersⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.002

has facts: modifies^op User Init Configuration File
is also defined as: class

Hidden Windowⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.003

has facts: may-modify^op Property List File; may-modify^op System Configuration Database
is also defined as: class

Hierarchical Domain Denylistingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HierarchicalDomainDenylisting

belongs to: Forward Resolution Domain Denylisting^c
has facts: d3fend-id^dp "D3-HDDL"; kb-reference^op Reference - Use DNS Policy for Applying Filters on DNS Queries
is also defined as: class

Homoglyph Denylistingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HomoglyphDenylisting

belongs to: Forward Resolution Domain Denylisting^c
has facts: d3fend-id^dp "D3-HDL"; kb-reference^op Reference - Detection of Malicious IDNHomoglyph Domains
is also defined as: class

Homoglyph Detectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HomoglyphDetection

belongs to: Identifier Analysis^c
has facts: analyzes^op Email; analyzes^op URL; d3fend-id^dp "D3-HD"; kb-reference^op Reference - Computer-implemented methods and systems for identifying visually similar text character strings - Greathorn Inc; kb-reference^op Reference - System and method for detecting homoglyph attacks with a siamese convolutional neural network - Endgame Inc
is also defined as: class

Hostⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Host

has facts: contains^op Application; contains^op Operating System; runs^op Operating System
is also defined as: class

Host Configuration Sensorⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HostConfigurationSensor

has facts: monitors^op Application Configuration; monitors^op Operating System Configuration
is also defined as: class

Hostnameⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Hostname

belongs to: Domain Name^c
has facts: identifies^op Host
is also defined as: class

HTML Smugglingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.006

has facts: creates^op JavaScript Blob; hides^op Digital Artifact
is also defined as: class

HTTP URLⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HTTPURL

belongs to: URL^c

HTTPS URLⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#HTTPSURL

belongs to: URL^c

IA-2(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IA-2_1

belongs to: NIST Control^c
has facts: control-name^dp "Identification and Authentication (organizational Users) | Multi-factor Authentication to Privileged Accounts"; member-of^op NIST SP 800-53 R5; narrower^op Multi-factor Authentication

IA-2(2)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IA-2_2

belongs to: NIST Control^c
has facts: control-name^dp "Identification and Authentication (organizational Users) | Multi-factor Authentication to Non-privileged Accounts"; member-of^op NIST SP 800-53 R5; narrower^op Multi-factor Authentication

IA-2(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IA-2_4

belongs to: NIST Control^c
has facts: control-name^dp "Identification and Authentication (organizational Users) | Local Access to Non-privileged Accounts"; member-of^op NIST SP 800-53 R5; narrower^op Local Account Monitoring

IA-2(6)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IA-2_6

belongs to: NIST Control^c
has facts: control-name^dp "Identification and Authentication (organizational Users) | Access to Accounts —separate Device"; member-of^op NIST SP 800-53 R5; narrower^op Multi-factor Authentication

Identifier Activity Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierActivityAnalysis

belongs to: Identifier Analysis^c
has facts: kb-reference^op Reference - The Pyramid of Pain - David Bianco
is also defined as: class

Identifier Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierAnalysis

belongs to: Defensive Technique^c
has facts: analyzes^op Identifier; d3fend-id^dp "D3-ID"; enables^op Detect
is also defined as: class

Identifier Reputation Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IdentifierReputationAnalysis

belongs to: Identifier Analysis^c
has facts: d3fend-id^dp "D3-IRA"; kb-reference^op Reference - Finding phishing sites
is also defined as: class

IIS Componentsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.004

has facts: adds^op Software
is also defined as: class

Image Code Segmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImageCodeSegment

has facts: contains^op Subroutine
is also defined as: class

Image File Execution Options Injectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.012

has facts: modifies^op System Configuration Database
is also defined as: class

Impactⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Impact

belongs to: Offensive Tactic^c
is also defined as: class

Impact Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImpactTechnique

has facts: enables^op Impact
is also defined as: class

Impair Command History Loggingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.003

has facts: may-modify^op User Init Script; may-modify^op Windows Registry Key; modifies^op Process Environment Variable
is also defined as: class

Impersonate Userⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImpersonateUser

belongs to: Impersonate User^c
has facts: forges^op User Account
is also defined as: class

Implant Container Imageⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1525

has facts: adds^op Container Image
is also defined as: class

Import Library Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ImportLibraryFunction

has facts: loads^op Shared Library File
is also defined as: class

Improper Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-287

has facts: weakness of^op Authentication Function
is also defined as: class

Improper Control of Generation of Code ('Code Injection')ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-94

has facts: may be weakness of^op Eval Function; may be weakness of^op User Input Function
is also defined as: class

Improper Input Validationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-20

has facts: weakness of^op User Input Function
is also defined as: class

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-22

has facts: weakness of^op User Input Function
is also defined as: class

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-79

has facts: weakness of^op User Input Function
is also defined as: class

Improper Neutralization of Special Elements used in a Command ('Command Injection')ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-77

has facts: weakness of^op User Input Function
is also defined as: class

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-78

has facts: may be weakness of^op Eval Function; may be weakness of^op Process Start Function; may be weakness of^op User Input Function
is also defined as: class

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-89

has facts: weakness of^op User Input Function
is also defined as: class

Improper Restriction of Operations within the Bounds of a Memory Bufferⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-119

has facts: weakness of^op Raw Memory Access Function
is also defined as: class

Improper Restriction of XML External Entity Referenceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-611

has facts: weakness of^op External Content Inclusion Function
is also defined as: class

Inbound Internet Network Trafficⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundInternetNetworkTraffic

has facts: produces^op Network Traffic
is also defined as: class

Inbound Session Volume Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundSessionVolumeAnalysis

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Inbound Internet Network Traffic; d3fend-id^dp "D3-ISVA"; kb-reference^op Reference - Detecting DDoS Attack Using Snort; kb-reference^op Reference - Identifying a denial-of-service attack in a cloud-based proxy service - Cloudfare Inc.; kb-reference^op Reference - Method and system for UDP flood attack detection - Riorey LLC; kb-reference^op Reference - Protecting against distributed denial of service attacks - Cisco Technology Inc.; kb-reference^op Reference - Protecting against distributed network flood attacks - Juniper Networks Inc.
is also defined as: class

Inbound Traffic Filteringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InboundTrafficFiltering

belongs to: Network Traffic Filtering^c
has facts: d3fend-id^dp "D3-ITF"; filters^op Inbound Network Traffic; kb-reference^op Reference - Active firewall system and methodology - McAfee LLC; kb-reference^op Reference - Automatically generating rules for connection security - Microsoft; kb-reference^op Reference - FWTK - Firewall Toolkit; kb-reference^op Reference - Firewall for interent access - Secure Computing LLC; kb-reference^op Reference - Firewall for processing a connectionless network packet - National Security Agency; kb-reference^op Reference - Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network - National Security Agency; kb-reference^op Reference - Firewalls that filter based upon protocol commands - Intel Corp; kb-reference^op Reference - Method for controlling computer network security - Checkpoint Software Technologies Ltd; kb-reference^op Reference - Network firewall with proxy - Secure Computing LLC
is also defined as: class

Incorrect Default Permissionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-276

has facts: weakness of^op Application Installer
is also defined as: class

Indirect Branch Call Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IndirectBranchCallAnalysis

belongs to: Process Analysis^c
has facts: d3fend-id^dp "D3-IBCA"; kb-reference^op Reference - Indirect Branching Calls
is also defined as: class

Ingress Tool Transferⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1105

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

Initial Accessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitialAccess

belongs to: Offensive Tactic^c
is also defined as: class

Initial Access Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InitialAccessTechnique

has facts: enables^op Initial Access
is also defined as: class

Input Device Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InputDeviceAnalysis

belongs to: Operating System Monitoring^c
has facts: analyzes^op Input Device; d3fend-id^dp "D3-IDA"; kb-reference^op Reference - http://www.biometric-solutions.com/keystroke-dynamics.html - biometric-solutions.com; kb-reference^op Reference - Continuous authentication by analysis of keyboard typing characteristics - Bradford Univ., UK
is also defined as: class

Install Root Certificateⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.004

has facts: modifies^op Certificate Trust Store
is also defined as: class

Integer Overflow or Wraparoundⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-190

has facts: weakness of^op Mathematical Function
is also defined as: class

Integrated Honeynetⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntegratedHoneynet

belongs to: Decoy Environment^c
has facts: d3fend-id^dp "D3-IHN"; kb-reference^op Reference - Synchronizing a honey network configuration to reflect a target network environment - Palo Alto Networks Inc; spoofs^op Intranet Network
is also defined as: class

Inter-Process Communication Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1559

has facts: injects^op Interprocess Communication
is also defined as: class

Internal Defacementⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1491.001

has facts: modifies^op Resource
is also defined as: class

Internal Proxyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.001

has facts: produces^op Intranet Network Traffic
is also defined as: class

Internal Spearphishingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1534

has facts: produces^op Email
is also defined as: class

Internationalized Domain Nameⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternationalizedDomainName

belongs to: Domain Name^c

Internet Articleⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#InternetArticle

belongs to: Reference Type^c
is also defined as: class

Intranet IPC Network Trafficⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetIPCNetworkTraffic

has facts: may-contain^op File
is also defined as: class

Intranet Web Network Trafficⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetWebNetworkTraffic

has facts: may-contain^op File
is also defined as: class

Invalid Code Signatureⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.001

has facts: creates^op Executable Binary
is also defined as: class

IO Port Restrictionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IOPortRestriction

belongs to: Execution Isolation^c
has facts: d3fend-id^dp "D3-IOPR"; filters^op Input Device; filters^op Removable Media Device; kb-reference^op Reference - Computer motherboard having peripheral security functions; kb-reference^op Reference - Method and system for controlling communication ports; kb-reference^op Reference - USB filter for hub malicious code prevention system
is also defined as: class

iOS Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#iOSProcess

belongs to: Process^c

IP Addressⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPAddress

has facts: identifies^op Network Node
is also defined as: class

IP Reputation Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPReputationAnalysis

belongs to: Identifier Reputation Analysis^c
has facts: analyzes^op IP Address; d3fend-id^dp "D3-IPRA"; kb-reference^op Reference - Database for receiving, storing and compiling information about email messages; kb-reference^op Reference - Finding phishing sites
is also defined as: class

IPC Traffic Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#IPCTrafficAnalysis

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Intranet IPC Network Traffic; d3fend-id^dp "D3-IPCTA"; kb-reference^op Reference - CAR-2013-05-005: SMB Copy and Execution - MITRE; kb-reference^op Reference - CAR-2013-01-003: SMB Events Monitoring - MITRE; kb-reference^op Reference - CAR-2013-09-003: SMB Session Setups - MITRE; kb-reference^op Reference - CAR-2014-03-001: SMB Write Request - NamedPipes - MITRE; kb-reference^op Reference - CAR-2013-05-003: SMB Write Request - MITRE; kb-reference^op Reference - Security System with Methodology for Interprocess Communication Control - Check Point Software Tech Inc; kb-reference^op Reference - CAR-2015-04-001: Remotely Scheduled Tasks via AT - MITRE
is also defined as: class

IR-4(12)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IR-4_12

belongs to: NIST Control^c
has facts: control-name^dp "Incident Handling | Malicious Code and Forensic Analysis"; member-of^op NIST SP 800-53 R5; related^op Dynamic Analysis

IR-4(13)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_IR-4_13

belongs to: NIST Control^c
has facts: control-name^dp "Incident Handling | Behavior Analysis"; member-of^op NIST SP 800-53 R5; related^op Decoy Environment; related^op Decoy Object

Isolateⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Isolate

belongs to: Defensive Tactic^c
is also defined as: class

Javascript Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JavascriptFile

belongs to: Executable Script^c

Job Function Access Pattern Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#JobFunctionAccessPatternAnalysis

belongs to: User Behavior Analysis^c
has facts: analyzes^op Authorization; d3fend-id^dp "D3-JFAPA"; kb-reference^op Reference - Anomaly Detection Using Adaptive Behavioral Profiles - Securonix Inc
is also defined as: class

Kerberoastingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558.003

has facts: may-produce^op RPC Network Traffic
is also defined as: class

Kernelⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Kernel

has facts: contains^op Kernel Process Table; loads^op Application; manages^op Operating System Process; manages^op User Process; may-contain^op Hardware Driver; may-contain^op Kernel Module
is also defined as: class

Kernel API Sensorⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#KernelAPISensor

has facts: monitors^op System Call
is also defined as: class

Kernel Modules and Extensionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.006

has facts: modifies^op Kernel Module
is also defined as: class

Kernel-based Process Isolationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Kernel-basedProcessIsolation

belongs to: Execution Isolation^c
has facts: d3fend-id^dp "D3-KBPI"; kb-reference^op Reference - Overview of the seccomp sandbox
is also defined as: class

Keychainⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1142

has facts: accesses^op Encrypted Credential
is also defined as: class

Keychainⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.001

has facts: accesses^op MacOS Keychain
is also defined as: class

Keyloggingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.001

has facts: accesses^op Keyboard Input Device
is also defined as: class

Lateral Movementⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LateralMovement

belongs to: Offensive Tactic^c
is also defined as: class

Lateral Movement Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LateralMovementTechnique

has facts: enables^op Lateral Movement
is also defined as: class

Lateral Tool Transferⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1570

has facts: produces^op Intranet File Transfer Traffic
is also defined as: class

Launch Agentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.001

has facts: creates^op Property List File
is also defined as: class

Launch Daemonⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.004

has facts: modifies^op Property List File
is also defined as: class

Launchdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053.004

has facts: creates^op Property List File
is also defined as: class

LC_LOAD_DYLIB Additionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.006

has facts: modifies^op Executable Binary
is also defined as: class

LD_PRELOADⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.006

has facts: modifies^op Operating System Configuration File
is also defined as: class

LDIF Recordⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LDIFRecord

belongs to: User Account^c

Limit Access to Resource Over Networkⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1035

belongs to: ATTACK Mitigation^c
has facts: related^op Network Isolation

Limit Hardware Installationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1034

belongs to: ATTACK Mitigation^c
has facts: related^op IO Port Restriction

Limit Software Installationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1033

belongs to: ATTACK Mitigation^c
has facts: related^op Executable Allowlisting; related^op Executable Denylisting

Linux ELF File 32bitⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LinuxELFFile32bit

belongs to: Executable Binary^c

Linux ELF File 64bitⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LinuxELFFile64bit

belongs to: Executable Binary^c

Linux Execⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LinuxExec

belongs to: Create Process^c

Linux Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LinuxProcess

belongs to: Process^c

LLMNR/NBT-NS Poisoning and SMB Relayⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557.001

has facts: produces^op Intranet Multicast Network Traffic
is also defined as: class

Local Accountⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1087.001

has facts: creates^op Local User Account
is also defined as: class

Local Account Monitoringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAccountMonitoring

belongs to: User Behavior Analysis^c
has facts: analyzes^op Local User Account; d3fend-id^dp "D3-LAM"; kb-reference^op Reference - Audit User Account Management; kb-reference^op Reference - CAR-2016-04-004: Successful Local Account Login; kb-reference^op Reference - OS Query Windows User Collection Code
is also defined as: class

Local Accountsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078.003

has facts: uses^op Local User Account
is also defined as: class

Local Area Networkⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalAreaNetwork

has facts: may-contain^op Host
is also defined as: class

Local Data Stagingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074.001

has facts: may-create^op File; may-invoke^op Create File
is also defined as: class

Local Email Collectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.001

has facts: reads^op Email
is also defined as: class

Local File Permissionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalFilePermissions

belongs to: Platform Hardening^c
has facts: d3fend-id^dp "D3-LFP"; kb-reference^op Reference - File and Folder Permissions; restricts^op Directory; restricts^op File
is also defined as: class

Local Resource Accessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LocalResourceAccess

has facts: accesses^op Local Resource
is also defined as: class

Log Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogFile

has facts: contains^op Log
is also defined as: class

Logical Link Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogicalLinkMapping

belongs to: Network Mapping^c
has facts: d3fend-id^dp "D3-LLM"; kb-reference^op Reference - Libre NMS - Network Map Extension; maps^op Logical Link; maps^op Network; maps^op Network Node
is also defined as: class

Login Itemsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.015

has facts: modifies^op User Logon Init Resource
is also defined as: class

Logon Script (Mac)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.002

has facts: modifies^op User Init Script
is also defined as: class

Logon Script (Windows)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.001

has facts: modifies^op User Init Script
is also defined as: class

Logon Userⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LogonUser

has facts: authenticates^op User Account
is also defined as: class

LSA Secretsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.004

has facts: may-access^op Process; may-access^op System Password Database
is also defined as: class

LSASS Driverⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.008

has facts: may-create^op Shared Library File; modifies^op System Service Software
is also defined as: class

LSASS Memoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.001

has facts: accesses^op Authentication Service; accesses^op Process
is also defined as: class

Lua Script Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#LuaScriptFile

belongs to: Executable Script^c

MA-3(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-3_3

belongs to: NIST Control^c
has facts: control-name^dp "Maintenance Tools | Prevent Unauthorized Removal"; member-of^op NIST SP 800-53 R5; narrower^op User Account Permissions

MA-3(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-3_4

belongs to: NIST Control^c
has facts: control-name^dp "Maintenance Tools | Restricted Tool Use"; member-of^op NIST SP 800-53 R5; narrower^op User Account Permissions

MA-3(5)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-3_5

belongs to: NIST Control^c
has facts: control-name^dp "Maintenance Tools | Execution with Privilege"; member-of^op NIST SP 800-53 R5; narrower^op User Account Permissions

MA-3(6)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-3_6

belongs to: NIST Control^c
has facts: control-name^dp "Maintenance Tools | Software Updates and Patches"; member-of^op NIST SP 800-53 R5; narrower^op Software Update

MA-4(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-4_1

belongs to: NIST Control^c
has facts: control-name^dp "Nonlocal Maintenance | Logging and Review"; member-of^op NIST SP 800-53 R5; narrower^op Local Account Monitoring

MA-6ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-6

belongs to: NIST Control^c
has facts: control-name^dp "Timely Maintenance"; member-of^op NIST SP 800-53 R5; narrower^op Software Update

MA-6(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-6_1

belongs to: NIST Control^c
has facts: control-name^dp "Timely Maintenance | Preventive Maintenance"; member-of^op NIST SP 800-53 R5; narrower^op Software Update

MA-6(2)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-6_2

belongs to: NIST Control^c
has facts: control-name^dp "Timely Maintenance | Predictive Maintenance"; member-of^op NIST SP 800-53 R5; narrower^op Software Update

MA-6(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_MA-6_3

belongs to: NIST Control^c
has facts: control-name^dp "Timely Maintenance | Automated Support for Predictive Maintenance"; member-of^op NIST SP 800-53 R5; narrower^op Software Update

macOS Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#macOSProcess

belongs to: Process^c

Mail Network Trafficⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailNetworkTraffic

has facts: contains^op Email
is also defined as: class

Mail Protocolsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.003

has facts: produces^op Outbound Internet Mail Traffic
is also defined as: class

Mail Serverⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MailServer

has facts: runs^op Message Transfer Agent
is also defined as: class

Make and Impersonate Tokenⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.003

has facts: copies^op Access Token; creates^op Login Session; may-modify^op Event Log
is also defined as: class

Malicious File Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.002

has facts: executes^op Executable File
is also defined as: class

Malicious Link Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1204.001

has facts: accesses^op URL; produces^op Outbound Internet Web Traffic
is also defined as: class

Man in the Browserⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1185

has facts: produces^op Web Network Traffic
is also defined as: class

Man-in-the-Middleⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1557

has facts: produces^op Network Traffic
is also defined as: class

Mandatory Access Controlⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MandatoryAccessControl

belongs to: Kernel-based Process Isolation^c
has facts: d3fend-id^dp "D3-MAC"; isolates^op Process; kb-reference^op Reference - Analysis of the Windows Vista Security Model - Symantec Corporation; kb-reference^op Reference - Architecture of transparent network security for application containers - Neuvector Inc; restricts^op Create Process
is also defined as: class

Marketing Materialⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MarketingMaterial

belongs to: Reference Type^c

Masquerade Task or Serviceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.004

has facts: modifies^op Task Schedule
is also defined as: class

Match Legitimate Name or Locationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.005

has facts: invokes^op Move File; may-create^op File
is also defined as: class

Mavinjectⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.013

has facts: invokes^op Create Thread; modifies^op Process Segment
is also defined as: class

Memory Addressⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAddress

has facts: addresses^op Memory Word
is also defined as: class

Memory Address Spaceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAddressSpace

has facts: contains^op Memory Address
is also defined as: class

Memory Allocation Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryAllocationFunction

has facts: invokes^op Allocate Memory
is also defined as: class

Memory Blockⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryBlock

has facts: contains^op Memory Word; may-contain^op Record
is also defined as: class

Memory Boundary Trackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryBoundaryTracking

belongs to: Operating System Monitoring^c
has facts: analyzes^op Process Code Segment; d3fend-id^dp "D3-MBT"; kb-reference^op Reference - Inferential exploit attempt detection - Crowdstrike Inc
is also defined as: class

Memory Free Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryFreeFunction

has facts: invokes^op Free Memory
is also defined as: class

Memory Management Unitⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryManagementUnit

has facts: contains^op Translation Lookaside Buffer; creates^op Virtual Address; manages^op Page Table; manages^op Storage
is also defined as: class

Memory Poolⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MemoryPool

has facts: contains^op Memory Block
is also defined as: class

Message Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageAnalysis

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-MA"; enables^op Detect
is also defined as: class

Message Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageAuthentication

belongs to: Message Hardening^c
has facts: authenticates^op User to User Message; d3fend-id^dp "D3-MAN"; kb-reference^op Reference - RFC 6376: DomainKeys Identified Mail (DKIM) Signatures - IETF; kb-reference^op Reference - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1
is also defined as: class

Message Encryptionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageEncryption

belongs to: Message Hardening^c
has facts: d3fend-id^dp "D3-MENCR"; encrypts^op User to User Message; kb-reference^op Reference - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1
is also defined as: class

Message Hardeningⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MessageHardening

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-MH"; enables^op Harden
is also defined as: class

Microsoft VCCLCompilerTool BufferSecurityCheckⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftVCCLCompilerToolBufferSecurityCheck

belongs to: Stack Frame Canary Validation^c

Microsoft Word DOC Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOCFile

belongs to: Document File^c

Microsoft Word DOCB Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOCBFile

belongs to: Document File^c

Microsoft Word DOCM Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOCMFile

belongs to: Document File^c

Microsoft Word DOCX Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOCXFile

belongs to: Document File^c

Microsoft Word DOT Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOTFile

belongs to: Document File^c

Microsoft Word DOTM Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOTMFile

belongs to: Document File^c

Microsoft Word DOTX Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordDOTXFile

belongs to: Document File^c

Microsoft Word WBK Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MicrosoftWordWBKFile

belongs to: Document File^c

MMCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.014

has facts: executes^op Command; may-add^op Software; may-modify^op System Configuration Database
is also defined as: class

Modelⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Model

belongs to: Defensive Tactic^c
is also defined as: class

Modify Authentication Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556

has facts: modifies^op Authentication Service
is also defined as: class

Modify Registryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1112

has facts: modifies^op Windows Registry
is also defined as: class

Move Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MoveFile

has facts: modifies^op File System Metadata
is also defined as: class

MSBuildⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1127.001

has facts: modifies^op Compiler Configuration File; runs^op Compiler
is also defined as: class

MSG Email Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#MSGEmailFile

belongs to: Email^c

Multi-factor Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1032

belongs to: ATTACK Mitigation^c
has facts: related^op Multi-factor Authentication

Multi-factor Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Multi-factorAuthentication

belongs to: Credential Hardening^c
has facts: authenticates^op User Account; d3fend-id^dp "D3-MFA"; kb-reference^op Reference - Method and apparatus for utilizing a token for resource access - Rsa Security Inc.
is also defined as: class

Multi-hop Proxyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1090.003

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

Multi-Stage Channelsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1104

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

Native API Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1106

has facts: invokes^op System Call
is also defined as: class

Netsh Helper DLLⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.007

has facts: modifies^op System Configuration Database Record; produces^op Process
is also defined as: class

Network Directory Resourceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkDirectoryResource

has facts: contains^op Directory
is also defined as: class

Network File Resourceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFileResource

has facts: contains^op File
is also defined as: class

Network Flowⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFlow

has facts: summarizes^op Network Traffic
is also defined as: class

Network Flow Sensorⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkFlowSensor

has facts: monitors^op Network Flow
is also defined as: class

Network Intrusion Preventionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1031

belongs to: ATTACK Mitigation^c
has facts: related^op Inbound Traffic Filtering; related^op Network Traffic Analysis; related^op Outbound Traffic Filtering

Network Isolationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkIsolation

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-NI"; enables^op Isolate
is also defined as: class

Network Logon Scriptⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.003

has facts: modifies^op Network Init Script File Resource
is also defined as: class

Network Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkMapping

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-NM"; enables^op Model
is also defined as: class

Network Nodeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkNode

has facts: runs^op Operating System
is also defined as: class

Network Node Inventoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkNodeInventory

belongs to: Asset Inventory^c
has facts: d3fend-id^dp "D3-NNI"; inventories^op Network Node; kb-reference^op Reference - IEEE Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discovery; kb-reference^op Reference - Qualys Network Passive Sensor Getting Started Guide; kb-reference^op Reference - An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks; kb-reference^op Reference - Web-Based Enterprise Management; kb-reference^op Reference - Windows Management Infrastructure (MI); kb-reference^op Reference - Windows Management Instrumentation (WMI)
is also defined as: class

Network Protocol Analyzerⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkProtocolAnalyzer

has facts: monitors^op Network Traffic
is also defined as: class

Network Resource Accessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkResourceAccess

has facts: accesses^op Network Resource; accesses^op Resource
is also defined as: class

Network Segmentationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1030

belongs to: ATTACK Mitigation^c
has facts: related^op Broadcast Domain Isolation; related^op Encrypted Tunnels; related^op Inbound Session Volume Analysis; related^op Inbound Traffic Filtering

Network Sessionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkSession

has facts: contains^op Network Packet
is also defined as: class

Network Share Connection Removalⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.005

has facts: unmounts^op Network File Share Resource
is also defined as: class

Network Sniffingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1040

has facts: may-produce^op DNS Lookup
is also defined as: class

Network Trafficⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic

has facts: may-contain^op Domain Name; originates-from^op Physical Location
is also defined as: class

Network Traffic Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficAnalysis

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-NTA"; enables^op Detect
is also defined as: class

Network Traffic Analysis Softwareⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficAnalysisSoftware

belongs to: Digital Artifact^c
is also defined as: class

Network Traffic Community Deviationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficCommunityDeviation

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Network Traffic; d3fend-id^dp "D3-NTCD"; kb-reference^op Reference - System for implementing threat detection using daily network traffic community outliers - VECTRA NETWORKS Inc
is also defined as: class

Network Traffic Filteringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficFiltering

belongs to: Network Isolation^c
has facts: d3fend-id^dp "D3-NTF"; filters^op Network Traffic; kb-reference^op Reference - Active firewall system and methodology - McAfee LLC; kb-reference^op Reference - Automatically generating rules for connection security - Microsoft; kb-reference^op Reference - FWTK - Firewall Toolkit; kb-reference^op Reference - Firewall for interent access - Secure Computing LLC; kb-reference^op Reference - Firewall for processing a connectionless network packet - National Security Agency; kb-reference^op Reference - Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network - National Security Agency; kb-reference^op Reference - Firewalls that filter based upon protocol commands - Intel Corp; kb-reference^op Reference - Method for controlling computer network security - Checkpoint Software Technologies Ltd; kb-reference^op Reference - Network firewall with proxy - Secure Computing LLC
is also defined as: class

Network Traffic Policy Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficPolicyMapping

belongs to: Network Mapping^c
has facts: d3fend-id^dp "D3-NTPM"; kb-reference^op Reference - Cisco ASR 9000 Series Aggregation Services Routers - Access List Commands; maps^op Access Control Configuration; queries^op Network Agent
is also defined as: class

Network Vulnerability Assessmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkVulnerabilityAssessment

belongs to: Network Mapping^c
has facts: d3fend-id^dp "D3-NVA"; evaluates^op Network; identifies^op vulnerability
is also defined as: class

NIST SP 800-53 R3ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R3

belongs to: NIST SP 800-53 Control Catalog^c
has facts: archived-at^dp "https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/archive/2013-04-30"^^any u r i; version^dp "3"^^integer

NIST SP 800-53 R4ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R4

belongs to: NIST SP 800-53 Control Catalog^c
has facts: archived-at^dp "https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/archive/2013-04-30"^^any u r i; version^dp "4"^^integer

NIST SP 800-53 R5ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5

belongs to: NIST SP 800-53 Control Catalog^c
has facts: archived-at^dp "https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final"^^any u r i; has-member^op AC-17(8); has-member^op AC-23; has-member^op AC-24; has-member^op AC-24(1); has-member^op AC-24(2); has-member^op AC-2(1); has-member^op AC-2(13); has-member^op AC-2(2); has-member^op AC-2(3); has-member^op AC-2(4); has-member^op AC-2(5); has-member^op AC-2(6); has-member^op AC-2(7); has-member^op AC-2(9); has-member^op AC-3; has-member^op AC-3(11); has-member^op AC-3(13); has-member^op AC-3(3); has-member^op AC-3(7); has-member^op AC-3(8); has-member^op AC-4; has-member^op AC-4(1); has-member^op AC-4(10); has-member^op AC-4(11); has-member^op AC-4(12); has-member^op AC-4(13); has-member^op AC-4(14); has-member^op AC-4(15); has-member^op AC-4(17); has-member^op AC-4(19); has-member^op AC-4(20); has-member^op AC-4(21); has-member^op AC-4(26); has-member^op AC-4(27); has-member^op AC-4(28); has-member^op AC-4(29); has-member^op AC-4(3); has-member^op AC-4(30); has-member^op AC-4(32); has-member^op AC-4(4); has-member^op AC-4(5); has-member^op AC-4(6); has-member^op AC-4(8); has-member^op AC-5; has-member^op AC-6; has-member^op AC-6(1); has-member^op AC-6(10); has-member^op AC-6(3); has-member^op AC-6(4); has-member^op AC-6(5); has-member^op AC-6(6); has-member^op AC-6(9); has-member^op AC-7; has-member^op AC-7(3); has-member^op AC-7(4); has-member^op AU-10(5); has-member^op AU-14(2); has-member^op AU-15; has-member^op AU-2; has-member^op AU-2(1); has-member^op AU-2(2); has-member^op AU-3; has-member^op AU-4; has-member^op CM-14; has-member^op CM-5; has-member^op CM-5(1); has-member^op CM-5(3); has-member^op CM-5(5); has-member^op CM-5(6); has-member^op CM-6(3); has-member^op IA-2(1); has-member^op IA-2(2); has-member^op IA-2(4); has-member^op IA-2(6); has-member^op IR-4(12); has-member^op IR-4(13); has-member^op MA-3(3); has-member^op MA-3(4); has-member^op MA-3(5); has-member^op MA-3(6); has-member^op MA-4(1); has-member^op MA-6; has-member^op MA-6(1); has-member^op MA-6(2); has-member^op MA-6(3); has-member^op RA-3(3); has-member^op RA-3(4); has-member^op RA-5; has-member^op RA-5(2); has-member^op RA-5(3); has-member^op RA-5(4); has-member^op RA-5(5); has-member^op RA-5(6); has-member^op RA-5(7); has-member^op SA-10(1); has-member^op SA-10(3); has-member^op SA-10(4); has-member^op SA-10(5); has-member^op SA-10(6); has-member^op SA-11(1); has-member^op SA-11(8); has-member^op SA-8(18); has-member^op SA-8(22); has-member^op SC-2; has-member^op SC-2(1); has-member^op SC-3; has-member^op SC-3(1); has-member^op SI-2(4); has-member^op SI-2(5); has-member^op SI-2(6); has-member^op SI-3; has-member^op SI-3(10); has-member^op SI-3(4); has-member^op SI-3(8); has-member^op SI-4; has-member^op SI-4(2); has-member^op SI-4(4); version^dp "5"^^integer

Non-Application Layer Protocolⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1095

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

non-real-time-analyticⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#non-real-time-analytic

belongs to: Analytic Latency^c

non-real-time-evictionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#non-real-time-eviction

belongs to: Eviction Latency^c

Non-Standard Portⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1571

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

NTDSⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.003

has facts: accesses^op Encrypted Credential
is also defined as: class

NTFS File Attributesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.004

has facts: modifies^op File System Metadata
is also defined as: class

NULL Pointer Dereferenceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-476

has facts: weakness of^op Pointer Dereferencing Function
is also defined as: class

Office Template Macrosⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.001

has facts: may-add^op Executable Script; may-modify^op Executable Script; may-modify^op System Configuration Database Record
is also defined as: class

Office Testⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.002

has facts: modifies^op System Configuration Database Record
is also defined as: class

One-time Passwordⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#One-timePassword

belongs to: Credential Hardening^c
has facts: authenticates^op User Account; d3fend-id^dp "D3-OTP"; kb-reference^op Reference - RFC 2289 - A One-Time Password System; use-limits^op Password
is also defined as: class

Open Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OpenFile

has facts: accesses^op File
is also defined as: class

Operating Systemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystem

has facts: contains^op Kernel; contains^op System Service Software; may-contain^op Operating System Configuration Component
is also defined as: class

Operating System Configurationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1028

belongs to: ATTACK Mitigation^c
has facts: related^op Platform Hardening

Operating System Monitoringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperatingSystemMonitoring

belongs to: Platform Monitoring^c
has facts: d3fend-id^dp "D3-OSM"; enables^op Detect; kb-reference^op Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltd; kb-reference^op Reference - CAR-2016-04-002: User Activity from Clearing Event Logs - MITRE
is also defined as: class

Operational Activity Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalActivityMapping

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-OAM"; enables^op Model; kb-reference^op Reference - Catia UAF Plugin
is also defined as: class

Operational Dependency Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalDependencyMapping

belongs to: Operational Activity Mapping^c
has facts: d3fend-id^dp "D3-ODM"; kb-reference^op Reference - Catia UAF Plugin; kb-reference^op Reference - Cyber Command System (CYCS); kb-reference^op Reference - Dagger Fact Sheet; kb-reference^op Reference - Dagger: Modeling and visualization for mission impact situational awareness; kb-reference^op Reference - Mission Dependency Modeling for Cyber Situational Awareness; kb-reference^op Reference - Unified Architecture Framework (UAF); maps^op Dependency; maps^op Organizational Activity
is also defined as: class

Operational Risk Assessmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OperationalRiskAssessment

belongs to: Operational Activity Mapping^c
has facts: d3fend-id^dp "D3-ORA"; evaluates^op Organization; identifies^op vulnerability; kb-reference^op Reference - MGT516: Managing Security Vulnerabilities: Enterprise and Cloud; kb-reference^op Reference - NIST RMF Quick Start Guide - Assess Step - Frequently Asked Questions (FAQ); kb-reference^op Reference - NIST Special Publication 800-160 Volume 1 - System Security Engineering; kb-reference^op Reference - NIST Special Publication 800-37 Revision 2 - Risk Management Framework for Information Systems and Organizations; kb-reference^op Reference - NIST Special Publication 800-53A Revision 5 - Assessing Security and Privacy Controls in Information Systems and Organizations; kb-reference^op Reference - NISTIR 8011 Volume 1 - Automation Support for Security Control Assessments
is also defined as: class

Orchestration Controllerⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrchestrationController

has facts: contains^op Container Orchestration Software
is also defined as: class

Organization Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OrganizationMapping

belongs to: Operational Activity Mapping^c
has facts: d3fend-id^dp "D3-OM"; kb-reference^op Reference - Catia UAF Plugin; kb-reference^op Reference - Organizational Management in SAP ERP HCM; kb-reference^op Reference - Unified Architecture Framework (UAF); maps^op Dependency; maps^op Organization; maps^op Person; may-map^op Organizational Activity
is also defined as: class

OS Credential Dumpingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003

has facts: accesses^op Credential
is also defined as: class

Out-of-bounds Readⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-125

has facts: weakness of^op Raw Memory Access Function
is also defined as: class

Out-of-bounds Writeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-787

has facts: weakness of^op Raw Memory Access Function
is also defined as: class

Outbound Internet DNS Lookup Trafficⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetDNSLookupTraffic

has facts: may-contain^op DNS Lookup
is also defined as: class

Outbound Internet File Transfer Trafficⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetFileTransferTraffic

has facts: contains^op File
is also defined as: class

Outbound Internet Web Trafficⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundInternetWebTraffic

has facts: may-contain^op URL
is also defined as: class

Outbound Traffic Filteringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#OutboundTrafficFiltering

belongs to: Network Traffic Filtering^c
has facts: d3fend-id^dp "D3-OTF"; filters^op Outbound Network Traffic; kb-reference^op Reference - Automatically generating rules for connection security - Microsoft
is also defined as: class

Outlook Formsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.003

has facts: adds^op Office Application File
is also defined as: class

Outlook Home Pageⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.004

has facts: modifies^op Application Configuration Database
is also defined as: class

Outlook Rulesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1137.005

has facts: modifies^op Application Configuration Database
is also defined as: class

Packet Logⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PacketLog

has facts: records^op Network Session
is also defined as: class

Page Frameⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PageFrame

has facts: contained-by^op Primary Storage
is also defined as: class

Page Tableⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PageTable

has facts: contains^op Physical Address; contains^op Virtual Address
is also defined as: class

Parent PID Spoofingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.004

has facts: invokes^op Create Process
is also defined as: class

Partition Tableⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PartitionTable

has facts: addresses^op Partition
is also defined as: class

Pass The Hashⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.002

has facts: creates^op Authentication
is also defined as: class

Pass The Ticketⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.003

has facts: creates^op Authentication
is also defined as: class

Passive Certificate Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassiveCertificateAnalysis

belongs to: Certificate Analysis^c; Passive Certificate Analysis^c
has facts: d3fend-id^dp "D3-PCA"; kb-reference^op Reference - Certificate Transparency; kb-reference^op Reference - StreamingPhish
is also defined as: class

Passive Logical Link Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassiveLogicalLinkMapping

belongs to: Logical Link Mapping^c
has facts: d3fend-id^dp "D3-PLLM"; kb-reference^op Reference - Tenable Passive Network Monitoring
is also defined as: class

Passive Physical Link Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PassivePhysicalLinkMapping

belongs to: Physical Link Mapping^c
is disjoint with: Active Physical Link Mapping
has facts: d3fend-id^dp "D3-PPLM"
is also defined as: class

Password Crackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.002

has facts: accesses^op Password
is also defined as: class

Password Filter DLLⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.002

has facts: creates^op Shared Library File; modifies^op System Configuration Database Record
is also defined as: class

Password Guessingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.001

has facts: accesses^op Password; modifies^op Authentication Log; produces^op Authentication
is also defined as: class

Password Policiesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1027

belongs to: ATTACK Mitigation^c
has facts: related^op One-time Password; related^op Strong Password Policy

Password Sprayingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.003

has facts: accesses^op Password; may-create^op Intranet Administrative Network Traffic; modifies^op Authentication Log; produces^op Authentication
is also defined as: class

Patentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Patent

belongs to: Reference Type^c
is also defined as: class

Path Interception by PATH Environment Variableⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.007

has facts: creates^op Executable File
is also defined as: class

Path Interception by Search Order Hijackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.008

has facts: creates^op Executable File
is also defined as: class

Path Interception by Unquoted Pathⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.009

has facts: creates^op Executable File
is also defined as: class

PE32 Executable Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PE32ExecutableFile

belongs to: Executable Binary^c

PE32+ Executable Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PE32PLUSExecutableFile

belongs to: Executable Binary^c

Per Host Download-Upload Ratio Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PerHostDownload-UploadRatioAnalysis

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Network Traffic; d3fend-id^dp "D3-PHDURA"; kb-reference^op Reference - System for detecting threats using scenario-based tracking of internal and external network traffic - VECTRA NETWORKS Inc
is also defined as: class

Peripheral Firmware Verificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PeripheralFirmwareVerification

belongs to: Firmware Verification^c
has facts: d3fend-id^dp "D3-PFV"; kb-reference^op Reference - Firmware Verification Eclypsium; kb-reference^op Reference - Firmware Verification Trapezoid; verifies^op Peripheral Firmware
is also defined as: class

Persistenceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Persistence

belongs to: Offensive Tactic^c
is also defined as: class

Persistence Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PersistenceTechnique

has facts: enables^op Persistence
is also defined as: class

Physical Link Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PhysicalLinkMapping

belongs to: Network Mapping^c
has facts: d3fend-id^dp "D3-PLM"; kb-reference^op Reference - Libre NMS - Network Map Extension; maps^op Network Node; maps^op Physical Link
is also defined as: class

Platformⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Platform

has facts: contains^op Firmware; contains^op Hardware Device; contains^op Operating System
is also defined as: class

Platform Hardeningⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PlatformHardening

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-PH"; enables^op Harden
is also defined as: class

Platform Monitoringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PlatformMonitoring

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-PM"; enables^op Detect
is also defined as: class

Plist Modificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.011

has facts: modifies^op Application Configuration File
is also defined as: class

Pluggable Authentication Modulesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1556.003

has facts: may-modify^op Operating System Configuration File; may-modify^op Operating System Shared Library File
is also defined as: class

Pointer Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PointerAuthentication

belongs to: Application Hardening^c
has facts: authenticates^op Pointer; d3fend-id^dp "D3-PAN"; kb-reference^op Reference - Pointer Authentication on ARMv8.3; kb-reference^op Reference - Pointer Authentication Project Zero
is also defined as: class

Pointer Dereferencing Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PointerDereferencingFunction

has facts: addresses^op Memory Block; addresses^op Pointer
is also defined as: class

Port Knockingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1205.001

has facts: produces^op Network Traffic
is also defined as: class

Port Monitorsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.010

has facts: modifies^op System Configuration Database Record
is also defined as: class

Portable Executable Injectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.002

has facts: may-add^op Object File
is also defined as: class

PowerShell Profileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.013

has facts: modifies^op PowerShell Profile Script
is also defined as: class

Powershell Script Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PowershellScriptFile

belongs to: Executable Script^c

Pre-compromiseⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1056

belongs to: ATTACK Mitigation^c
has facts: related^op Decoy Environment; related^op Decoy Object

Primary Storageⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrimaryStorage

has facts: contains^op Page Frame; contains^op Process Segment
is also defined as: class

Private Keysⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552.004

has facts: accesses^op Private Key
is also defined as: class

Privilege Escalationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivilegeEscalation

belongs to: Offensive Tactic^c
is also defined as: class

Privilege Escalation Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#PrivilegeEscalationTechnique

has facts: enables^op Privilege Escalation
is also defined as: class

Privileged Account Managementⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1026

belongs to: ATTACK Mitigation^c
has facts: related^op Domain Account Monitoring; related^op Local Account Monitoring; related^op Strong Password Policy

Privileged Process Integrityⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1025

belongs to: ATTACK Mitigation^c
has facts: related^op Bootloader Authentication; related^op Driver Load Integrity Checking; related^op Mandatory Access Control; related^op Process Segment Execution Prevention

Proc Filesystemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.007

has facts: accesses^op Operating System File; accesses^op Process Image
is also defined as: class

Proc Memoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.009

has facts: accesses^op Operating System File; may-modify^op Operating System File
is also defined as: class

Procedure 1 - T1134.001 Access Token Manipulationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#procedure-1

belongs to: procedure^c
has facts: implements^op Token Impersonation/Theft; start^op Step 1 - Copy Token

Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Process

has facts: contains^op Process Image; instructed-by^op Software; may-execute^op Thread; process-image-path^op Executable Binary; process-user^op User Account; uses^op Resource
is also defined as: class

Process Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessAnalysis

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-PA"; enables^op Detect
is also defined as: class

Process Code Segmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessCodeSegment

has facts: contains^op Subroutine; may-contain^op Process Segment
is also defined as: class

Process Code Segment Verificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessCodeSegmentVerification

belongs to: Process Analysis^c
has facts: d3fend-id^dp "D3-PCSV"; kb-reference^op Reference - Anti-tamper system with self-adjusting guards - ARXAN TECHNOLOGIES Inc; kb-reference^op Reference - Guards for application in software tamperproofing - Purdue Research Foundation; kb-reference^op Reference - System and method for detecting malware injected into memory of a computing device - Endgame Inc; kb-reference^op Reference - System and method for validating in-memory integrity of executable files to identify malicious activity - Endgame Inc; kb-reference^op Reference - Tamper proof mutating software - ARXAN TECHNOLOGIES Inc; kb-reference^op Reference - Threat detection through the accumulated detection of threat characteristics - Sophos Ltd; verifies^op Process Code Segment
is also defined as: class

Process Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1057

has facts: may-invoke^op Create Process; may-invoke^op Get Running Processes
is also defined as: class

Process Doppelgängingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.013

has facts: invokes^op Create Process
is also defined as: class

Process Evictionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessEviction

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-PE"; enables^op Evict
is also defined as: class

Process Hollowingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.012

has facts: modifies^op Process Code Segment
is also defined as: class

Process Imageⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessImage

has facts: contains^op Process Segment
is also defined as: class

Process Lineage Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessLineageAnalysis

belongs to: Process Spawn Analysis^c
has facts: analyzes^op Process; analyzes^op Process Tree; d3fend-id^dp "D3-PLA"; kb-reference^op Reference - CAR-2014-11-008: Command Launched from WinLogon - MITRE; kb-reference^op Reference - CAR-2014-11-003: Debuggers for Accessibility Applications - MITRE; kb-reference^op Reference - CAR-2019-04-002: Generic Regsvr32 - MITRE; kb-reference^op Reference - CAR-2014-11-002: Outlier Parents of Cmd - MITRE; kb-reference^op Reference - CAR-2013-02-003: Processes Spawning cmd.exe - MITRE; kb-reference^op Reference - CAR-2013-04-002: Quick execution of a series of suspicious commands - MITRE; kb-reference^op Reference - CAR-2013-03-001: Reg.exe called from Command Shell - MITRE; kb-reference^op Reference - CAR-2014-12-001: Remotely Launched Executables via WMI - MITRE; kb-reference^op Reference - CAR-2013-09-005: Service Outlier Executables - MITRE; kb-reference^op Reference - CAR-2014-07-001: Service Search Path Interception - MITRE; kb-reference^op Reference - CAR-2014-05-002: Services launching Cmd - MITRE; kb-reference^op Reference - System and methods thereof for causality identification and attributions determination of processes in a network - Palo Alto Networks IncCyber Secdo Ltd; kb-reference^op Reference - System and methods thereof for identification of suspicious system processes - Palo Alto Networks Inc; kb-reference^op Reference - CAR-2019-04-001: UAC Bypass - MITRE; kb-reference^op Reference - CAR-2020-11-002: Local Network Sniffing - MITRE; kb-reference^op Reference - CAR-2020-11-004: Processes Started From Irregular Parent - MITRE; kb-reference^op Reference - CAR-2021-02-002: Get System Elevation - MITRE; kb-reference^op Reference - CAR-2021-05-003: BCDEdit Failure Recovery Modification - MITRE
is also defined as: class

Process Segment Execution Preventionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSegmentExecutionPrevention

belongs to: Application Hardening^c
has facts: d3fend-id^dp "D3-PSEP"; kb-reference^op Reference - Mitigate threats by using Windows 10 security features: Data Execution Prevention - Microsoft; kb-reference^op Reference - What is NX/XD feature?; neutralizes^op Process Segment
is also defined as: class

Process Self-Modification Detectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSelf-ModificationDetection

belongs to: Process Analysis^c
has facts: analyzes^op Process; d3fend-id^dp "D3-PSMD"; kb-reference^op Reference - System and Method for Process Hollowing Detection - Carbon Black Inc
is also defined as: class

Process Spawn Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSpawnAnalysis

belongs to: Process Analysis^c
has facts: analyzes^op Create Process; analyzes^op Process; d3fend-id^dp "D3-PSA"; kb-reference^op Reference - CAR-2019-08-002: Active Directory Dumping via NTDSUtil - MITRE; kb-reference^op Reference - CAR-2013-07-005: Command Line Usage of Archiving Software - MITRE; kb-reference^op Reference - CAR-2016-03-002: Create Remote Process via WMIC - MITRE; kb-reference^op Reference - CAR-2019-04-004: Credential Dumping via Mimikatz - MITRE; kb-reference^op Reference - CAR-2016-03-001: Host Discovery Commands - MITRE; kb-reference^op Reference - CAR-2019-07-002: Lsass Process Dump via Procdump - MITRE; kb-reference^op Reference - CAR-2014-04-003: Powershell Execution - MITRE; kb-reference^op Reference - CAR-2014-03-006: RunDLL32.exe monitoring - MITRE; kb-reference^op Reference - CAR-2019-04-003: Squiblydoo - MITRE; kb-reference^op Reference - CAR-2013-07-001: Suspicious Arguments - MITRE; kb-reference^op Reference - CAR-2013-05-002: Suspicious Run Locations - MITRE; kb-reference^op Reference - CAR-2020-04-001: Shadow Copy Deletion - MITRE; kb-reference^op Reference - CAR-2020-05-003: Rare LolBAS Command Lines - MITRE; kb-reference^op Reference - CAR-2020-08-001: NTFS Alternate Data Stream Execution - System Utilities - MITRE; kb-reference^op Reference - CAR-2020-09-003: Indicator Blocking - Driver Unloaded - MITRE; kb-reference^op Reference - CAR-2020-09-004: Credentials in Files & Registry - MITRE; kb-reference^op Reference - CAR-2020-11-001: Boot or Logon Initialization Scripts - MITRE; kb-reference^op Reference - CAR-2020-11-003: DLL Injection with Mavinject - MITRE; kb-reference^op Reference - CAR-2020-11-005: Clear Powershell Console Command History - MITRE; kb-reference^op Reference - CAR-2020-11-006: Local Permission Group Discovery - MITRE; kb-reference^op Reference - CAR-2020-11-007: Network Share Connection Removal - MITRE; kb-reference^op Reference - CAR-2020-11-008: MSBuild and msxsl - MITRE; kb-reference^op Reference - CAR-2020-11-009: Compiled HTML Access - MITRE; kb-reference^op Reference - CAR-2021-01-002: Unusually Long Command Line Strings - MITRE; kb-reference^op Reference - CAR-2021-01-003: Clearing Windows Logs with Wevtutil - MITRE; kb-reference^op Reference - CAR-2021-01-004: Unusual Child Process for Spoolsv.Exe or Connhost.Exe - MITRE; kb-reference^op Reference - CAR-2021-01-006: Unusual Child Process spawned using DDE exploit - MITRE; kb-reference^op Reference - CAR-2021-01-007: Detecting Tampering of Windows Defender Command Prompt - MITRE; kb-reference^op Reference - CAR-2021-01-008: Disable UAC - MITRE; kb-reference^op Reference - CAR-2021-01-009: Detecting Shadow Copy Deletion via Vssadmin.exe - MITRE; kb-reference^op Reference - CAR-2021-02-001: Webshell-Indicative Process Tree - MITRE; kb-reference^op Reference - CAR-2021-04-001: Common Windows Process Masquerading - MITRE; kb-reference^op Reference - CAR-2021-05-001: Attempt To Add Certificate To Untrusted Store - MITRE; kb-reference^op Reference - CAR-2021-05-002: Batch File Write to System32 - MITRE; kb-reference^op Reference - CAR-2021-05-003: BCDEdit Failure Recovery Modification - MITRE; kb-reference^op Reference - CAR-2021-05-004: BITS Job Persistence - MITRE; kb-reference^op Reference - CAR-2021-05-005: BITSAdmin Download File - MITRE; kb-reference^op Reference - CAR-2021-05-006: CertUtil Download With URLCache and Split Arguments - MITRE; kb-reference^op Reference - CAR-2021-05-007: CertUtil Download With VerifyCtl and Split Arguments - MITRE; kb-reference^op Reference - CAR-2021-05-008: Certutil exe certificate extraction - MITRE; kb-reference^op Reference - CAR-2021-05-009: CertUtil With Decode Argument - MITRE; kb-reference^op Reference - CAR-2021-05-010: Create local admin accounts using net exe - MITRE
is also defined as: class

Process Start Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessStartFunction

has facts: invokes^op Create Process
is also defined as: class

Process Suspensionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessSuspension

belongs to: Process Eviction^c
has facts: d3fend-id^dp "D3-PS"; kb-reference^op Reference - PsSuspend - Microsoft; suspends^op Process
is also defined as: class

Process Terminationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessTermination

belongs to: Process Eviction^c
has facts: d3fend-id^dp "D3-PT"; kb-reference^op Reference - Instant process termination tool to recover control of an information handling system - Dell Products LP; kb-reference^op Reference - Malware detection using local computational models - Crowdstrike Inc; terminates^op Process
is also defined as: class

Process Treeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessTree

has facts: contains^op Process
is also defined as: class

Processor Cache Memoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CacheMemory

has facts: accessed-by^op Central Processing Unit; may-contain^op Process Segment; modifies^op Processor Cache Memory
is also defined as: class

Processor Registerⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProcessorRegister

has facts: contained-by^op Central Processing Unit
is also defined as: class

Protocol Metadata Anomaly Detectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ProtocolMetadataAnomalyDetection

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Network Traffic; d3fend-id^dp "D3-PMAD"; kb-reference^op Reference - Method and system for detecting threats using metadata vectors - VECTRA NETWORKS Inc; kb-reference^op Reference - Method and system for detecting threats using passive cluster mapping - Vectra Networks Inc; kb-reference^op Reference - System for implementing threat detection using daily network traffic community outliers - VECTRA NETWORKS Inc
is also defined as: class

Protocol Tunnelingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1572

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

Ptrace System Callsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.008

has facts: invokes^op System Call
is also defined as: class

Query Registryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1012

has facts: accesses^op System Configuration Database; may-invoke^op Get System Config Value
is also defined as: class

RA-3(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-3_3

belongs to: NIST Control^c
has facts: broader^op File Analysis; broader^op Identifier Analysis; broader^op Message Analysis; broader^op Network Traffic Analysis; broader^op Platform Monitoring; broader^op Process Analysis; broader^op User Behavior Analysis; control-name^dp "Risk Assessment | Dynamic Threat Awareness"; member-of^op NIST SP 800-53 R5

RA-3(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-3_4

belongs to: NIST Control^c
has facts: control-name^dp "Risk Assessment | Predictive Cyber Analytics"; member-of^op NIST SP 800-53 R5; narrower^op File Analysis; narrower^op Identifier Analysis; narrower^op Message Analysis; narrower^op Network Traffic Analysis; narrower^op Platform Monitoring; narrower^op Process Analysis; narrower^op User Behavior Analysis

RA-5ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5

belongs to: NIST Control^c
has facts: broader^op Network Traffic Analysis; control-name^dp "Vulnerability Monitoring and Scanning"; member-of^op NIST SP 800-53 R5

RA-5(2)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_2

belongs to: NIST Control^c
has facts: control-name^dp "Vulnerability Monitoring and Scanning | Update Vulnerabilities to Be Scanned"; member-of^op NIST SP 800-53 R5; narrower^op Network Traffic Analysis

RA-5(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_3

belongs to: NIST Control^c
has facts: control-name^dp "Vulnerability Monitoring and Scanning | Breadth and Depth of Coverage"; member-of^op NIST SP 800-53 R5; narrower^op Network Traffic Analysis

RA-5(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_4

belongs to: NIST Control^c
has facts: control-name^dp "Vulnerability Monitoring and Scanning | Discoverable Information"; member-of^op NIST SP 800-53 R5; related^op Decoy Environment; related^op Decoy Object

RA-5(5)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_5

belongs to: NIST Control^c
has facts: control-name^dp "Vulnerability Monitoring and Scanning | Privileged Access"; member-of^op NIST SP 800-53 R5; narrower^op Platform Hardening

RA-5(6)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_6

belongs to: NIST Control^c
has facts: control-name^dp "Vulnerability Monitoring and Scanning | Automated Trend Analyses"; member-of^op NIST SP 800-53 R5; narrower^op Platform Hardening

RA-5(7)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_RA-5_7

belongs to: NIST Control^c
has facts: control-name^dp "Vulnerability Monitoring and Scanning | Automated Detection and Notification of Unauthorized Components"; member-of^op NIST SP 800-53 R5; narrower^op Executable Allowlisting; narrower^op Executable Denylisting

Raw Memory Access Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RawMemoryAccessFunction

has facts: accesses^op Memory Block
is also defined as: class

Rc.commonⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.004

has facts: modifies^op System Init Script
is also defined as: class

RDP Hijackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563.002

has facts: accesses^op RDP Session
is also defined as: class

Re-opened Applicationsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.007

has facts: modifies^op Application Configuration File
is also defined as: class

Read Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReadFile

has facts: reads^op File
is also defined as: class

real-time-analyticⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#real-time-analytic

belongs to: Analytic Latency^c

real-time-evictionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#real-time-eviction

belongs to: Eviction Latency^c

Reconnaissance Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReconnaissanceTechnique

has facts: enables^op reconnaissance
is also defined as: class

Reference - /DYNAMICBASE (Use address space layout randomization) - Microsoft Docsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DYNAMICBASE_UseAddressSpaceLayoutRandomization_MicrosoftDocs

belongs to: User Manual Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019"^^any u r i; kb-reference-of^op Segment Address Offset Randomization; kb-reference-title^dp "/DYNAMICBASE (Use address space layout randomization)"

Reference - /GS (Buffer Security Check) - Microsoft Docsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-GS_BufferSecurityCheck_MicrosoftDocs

belongs to: User Manual Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/cpp/build/reference/gs-buffer-security-check?view=vs-2019"^^any u r i; kb-reference-of^op Stack Frame Canary Validation; kb-reference-title^dp "/GS (Buffer Security Check)"

Reference - /SAFESEH (Image has Safe Exception Handlers) - Microsoft Docsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SAFESEH_ImageHasSafeExceptionHandlers_MicrosoftDocs

belongs to: User Manual Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/cpp/build/reference/safeseh-image-has-safe-exception-handlers?view=msvc-160"^^any u r i; kb-reference-of^op Exception Handler Pointer Validation; kb-reference-title^dp "/SAFESEH (Image has Safe Exception Handlers)"

Reference - Account monitoring - Forescout Technologiesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AccountMonitoring_ForescoutTechnologies

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190205511A1"^^any u r i; kb-reference-of^op Account Locking; kb-reference-title^dp "Account monitoring"

Reference - Active firewall system and methodology - McAfee LLCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ActiveFirewallSystemAndMethodology_McAfeeLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US6550012B1"^^any u r i; kb-reference-of^op Inbound Traffic Filtering; kb-reference-title^dp "Active firewall system and methodology"

Reference - Advanced device matching systemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AdvancedDeviceMatchingSystem

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10892951B2/"^^any u r i; kb-reference-of^op Hardware Component Inventory; kb-reference-title^dp "Advanced device matching system"

Reference - An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworksⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RFC3411-AnArchitectureForDescribingSimpleNetworkManagementProtocolSNMPManagementFrameworks

belongs to: Specification Reference^c
has facts: has-link^dp "https://https://datatracker.ietf.org/doc/html/rfc3411"^^any u r i; kb-reference-of^op Hardware Component Inventory; kb-reference-title^dp "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks"

Reference - Analysis of the Windows Vista Security Model - Symantec Corporationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AnalysisOfTheWindowsVistaSecurityModel_SymantecCorporation

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://web.archive.org/web/20140407025337/http://www.symantec.com/avcenter/reference/Windows_Vista_Security_Model_Analysis.pdf"^^any u r i; kb-reference-of^op Mandatory Access Control; kb-reference-title^dp "Analysis of the Windows Vista Security Model"

Reference - Anomaly Detection Using Adaptive Behavioral Profiles - Securonix Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AnomalyDetectionUsingAdaptiveBehavioralProfiles_SecuronixInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160226901A1"^^any u r i; kb-reference-of^op Job Function Access Pattern Analysis; kb-reference-title^dp "Anomaly Detection Using Adaptive Behavioral Profiles"

Reference - Anti-tamper system with self-adjusting guards - ARXAN TECHNOLOGIES Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Anti-tamperSystemWithSelf-adjustingGuards_ARXANTECHNOLOGIESInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20150052603A1"^^any u r i; kb-reference-of^op Process Code Segment Verification; kb-reference-title^dp "Anti-tamper system with self-adjusting guards"

Reference - Apparatus for to provide content to and query a reverse domain name system server - Barrracuda Networksⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ApparatusForToProvideContentToAndQueryAReverseDomainNameSystemServer

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20100174829A1/en?oq=20100174829"^^any u r i; kb-reference-of^op Reverse Resolution Domain Denylisting; kb-reference-title^dp "Apparatus for to provide content to and query a reverse domain name system server"

Reference - Approaches for securing an internet endpoint using fine-grained operating system virtualization - Bromium, Inc.ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ApproachesForSecuringAnInternetEndpointUsingFine-grainedOperatingSystemVirtualization_Bromium,Inc.

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20110296412A1"^^any u r i; kb-reference-of^op Hardware-based Process Isolation; kb-reference-title^dp "Approaches for securing an internet endpoint using fine-grained operating system virtualization"

Reference - Architecture of transparent network security for application containers - Neuvector Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ArchitectureOfTransparentNetworkSecurityForApplicationContainers_NeuvectorInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170093922A1"^^any u r i; kb-reference-of^op Mandatory Access Control; kb-reference-title^dp "Architecture of transparent network security for application containers"

Reference - Audit User Account Managementⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AuditUserAccountManagement

belongs to: Guideline Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-user-account-management"^^any u r i; kb-reference-of^op Domain Account Monitoring; kb-reference-of^op Local Account Monitoring; kb-reference-title^dp "Audit User Account Management"

Reference - Automated computer vulnerability resolution systemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AutomatedComputerVulnerabilityResolutionSystem

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US7308712B2"^^any u r i; kb-reference-of^op Asset Vulnerability Enumeration; kb-reference-title^dp "Automated computer vulnerability resolution system"

Reference - Automatically generating network resource groups and assigning customized decoy policies thereto - Illusive Networks Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AutomaticallyGeneratingNetworkResourceGroupsAndAssigningCustomizedDecoyPoliciesThereto_IllusiveNetworksLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170310689A1"^^any u r i; kb-reference-of^op Decoy Network Resource; kb-reference-title^dp "Automatically generating network resource groups and assigning customized decoy policies thereto"

Reference - Automatically generating rules for connection security - Microsoftⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AutomaticallyGeneratingRulesForConnectionSecurity_Microsoft

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20120054825"^^any u r i; kb-reference-of^op Inbound Traffic Filtering; kb-reference-of^op Outbound Traffic Filtering; kb-reference-title^dp "Automatically generating rules for connection security"

Reference - Biometric Challenge-Response Authentication - Accentureⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-BiometricChallenge-ResponseAuthentication-Accenture

belongs to: Patent Reference^c
has facts: has-link^dp "https://www.patentguru.com/US2021110015A1"^^any u r i; kb-reference-of^op Multi-factor Authentication; kb-reference-title^dp "Biometric Challenge-Response Authentication"

Reference - Broadcast isolation and level 3 network switch - Hewlett Packard Enterprise Development LPⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-BroadcastIsolationAndLevel3NetworkSwitch_HewlettPackardEnterpriseDevelopmentLP

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US5920699A"^^any u r i; kb-reference-of^op Broadcast Domain Isolation; kb-reference-title^dp "Broadcast isolation and level 3 network switch"

Reference - CAR-2013-01-002: Autorun Differences - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AutorunDifferences_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-01-002/"^^any u r i; kb-reference-of^op System File Analysis; kb-reference-title^dp "CAR-2013-01-002: Autorun Differences"

Reference - CAR-2013-01-003: SMB Events Monitoring - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SMBEventsMonitoring_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-01-003/"^^any u r i; kb-reference-of^op IPC Traffic Analysis; kb-reference-title^dp "CAR-2013-01-003: SMB Events Monitoring"

Reference - CAR-2013-02-003: Processes Spawning cmd.exe - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ProcessesSpawningCmd.exe_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-02-003/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2013-02-003: Processes Spawning cmd.exe"

Reference - CAR-2013-02-008: Simultaneous Logins on a Host - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SimultaneousLoginsOnAHost_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-02-008/"^^any u r i; kb-reference-of^op Authentication Event Thresholding; kb-reference-title^dp "CAR-2013-02-008: Simultaneous Logins on a Host"

Reference - CAR-2013-02-012: User Logged in to Multiple Hosts - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UserLoggedInToMultipleHosts_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-02-012/"^^any u r i; kb-reference-of^op Authentication Event Thresholding; kb-reference-of^op Authorization Event Thresholding; kb-reference-title^dp "CAR-2013-02-012: User Logged in to Multiple Hosts"

Reference - CAR-2013-03-001: Reg.exe called from Command Shell - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Reg.exeCalledFromCommandShell_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-03-001/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2013-03-001: Reg.exe called from Command Shell"

Reference - CAR-2013-04-002: Quick execution of a series of suspicious commands - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-QuickExecutionOfASeriesOfSuspiciousCommands_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-04-002/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2013-04-002: Quick execution of a series of suspicious commands"

Reference - CAR-2013-05-002: Suspicious Run Locations - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SuspiciousRunLocations_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-05-002/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2013-05-002: Suspicious Run Locations"

Reference - CAR-2013-05-003: SMB Write Request - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SMBWriteRequest_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-05-003/"^^any u r i; kb-reference-of^op IPC Traffic Analysis; kb-reference-title^dp "CAR-2013-05-003: SMB Write Request"

Reference - CAR-2013-05-004: Execution with AT - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ExecutionWithAT_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-05-004/"^^any u r i; kb-reference-of^op Scheduled Job Analysis; kb-reference-title^dp "CAR-2013-05-004: Execution with AT"

Reference - CAR-2013-05-005: SMB Copy and Execution - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SMBCopyAndExecution_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-05-005/"^^any u r i; kb-reference-of^op IPC Traffic Analysis; kb-reference-title^dp "CAR-2013-05-005: SMB Copy and Execution"

Reference - CAR-2013-07-001: Suspicious Arguments - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SuspiciousArguments_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-07-001/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2013-07-001: Suspicious Arguments"

Reference - CAR-2013-07-002: RDP Connection Detection - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RDPConnectionDetection_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-07-002"^^any u r i; kb-reference-of^op Remote Terminal Session Detection; kb-reference-title^dp "CAR-2013-07-002: RDP Connection Detection"

Reference - CAR-2013-07-005: Command Line Usage of Archiving Software - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CommandLineUsageOfArchivingSoftware_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-07-005/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2013-07-005: Command Line Usage of Archiving Software"

Reference - CAR-2013-08-001: Execution with schtasks - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ExecutionWithSchtasks_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-08-001/"^^any u r i; kb-reference-of^op Scheduled Job Analysis; kb-reference-title^dp "CAR-2013-08-001: Execution with schtasks"

Reference - CAR-2013-09-003: SMB Session Setups - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SMBSessionSetups_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-09-003/"^^any u r i; kb-reference-of^op Authorization Event Thresholding; kb-reference-of^op IPC Traffic Analysis; kb-reference-title^dp "CAR-2013-09-003: SMB Session Setups"

Reference - CAR-2013-09-005: Service Outlier Executables - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ServiceOutlierExecutables_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-09-005/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2013-09-005: Service Outlier Executables"

Reference - CAR-2013-10-001: User Login Activity Monitoring - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UserLoginActivityMonitoring_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-10-001/"^^any u r i; kb-reference-of^op Authentication Event Thresholding; kb-reference-title^dp "CAR-2013-10-001: User Login Activity Monitoring"

Reference - CAR-2013-10-002: DLL Injection via Load Library - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DLLInjectionViaLoadLibrary_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2013-10-002/"^^any u r i; kb-reference-of^op System Call Analysis; kb-reference-title^dp "CAR-2013-10-002: DLL Injection via Load Library"

Reference - CAR-2014-02-001: Service Binary Modifications - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ServiceBinaryModifications_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-02-001/"^^any u r i; kb-reference-of^op Service Binary Verification; kb-reference-title^dp "CAR-2014-02-001: Service Binary Modifications"

Reference - CAR-2014-03-001: SMB Write Request - NamedPipes - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SMBWriteRequest-NamedPipes_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-03-001/"^^any u r i; kb-reference-of^op IPC Traffic Analysis; kb-reference-of^op RPC Traffic Analysis; kb-reference-title^dp "CAR-2014-03-001: SMB Write Request - NamedPipes"

Reference - CAR-2014-03-005: Remotely Launched Executables via Services - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RemotelyLaunchedExecutablesViaServices_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-03-005/"^^any u r i; kb-reference-of^op RPC Traffic Analysis; kb-reference-title^dp "CAR-2014-03-005: Remotely Launched Executables via Services"

Reference - CAR-2014-03-006: RunDLL32.exe monitoring - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RunDLL32.exeMonitoring_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-03-006/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2014-03-006: RunDLL32.exe monitoring"

Reference - CAR-2014-04-003: Powershell Execution - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PowershellExecution_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-04-003/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2014-04-003: Powershell Execution"

Reference - CAR-2014-05-001: RPC Activity - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2014-05-001%3ARPCActivity_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-05-001/"^^any u r i; kb-reference-of^op RPC Traffic Analysis; kb-reference-title^dp "CAR-2014-05-001: RPC Activity"

Reference - CAR-2014-05-002: Services launching Cmd - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ServicesLaunchingCmd_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp ""^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2014-05-002: Services launching Cmd"

Reference - CAR-2014-07-001: Service Search Path Interception - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ServiceSearchPathInterception_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-07-001/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2014-07-001: Service Search Path Interception"

Reference - CAR-2014-11-002: Outlier Parents of Cmd - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-OutlierParentsOfCmd_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-11-002/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2014-11-002: Outlier Parents of Cmd"

Reference - CAR-2014-11-003: Debuggers for Accessibility Applications - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DebuggersForAccessibilityApplications_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-11-006/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2014-11-003: Debuggers for Accessibility Applications"

Reference - CAR-2014-11-005: Remote Registry - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RemoteRegistry_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-11-005/"^^any u r i; kb-reference-of^op Administrative Network Activity Analysis; kb-reference-title^dp "CAR-2014-11-005: Remote Registry"

Reference - CAR-2014-11-006: Windows Remote Management (WinRM) - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-WindowsRemoteManagement_WinRM_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp ""^^any u r i; kb-reference-of^op Administrative Network Activity Analysis; kb-reference-title^dp "CAR-2014-11-006: Windows Remote Management (WinRM)"

Reference - CAR-2014-11-007: Remote Windows Management Instrumentation (WMI) over RPC - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2014-11-007-RemoteWindowsManagementInstrumentation_WMI_OverRPC_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp ""^^any u r i; kb-reference-of^op RPC Traffic Analysis; kb-reference-title^dp "CAR-2014-11-007: Remote Windows Management Instrumentation (WMI) over RPC"

Reference - CAR-2014-11-008: Command Launched from WinLogon - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CommandLaunchedFromWinLogon_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-11-008/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2014-11-008: Command Launched from WinLogon"

Reference - CAR-2014-12-001: Remotely Launched Executables via WMI - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RemotelyLaunchedExecutablesViaWMI_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2014-12-001/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-of^op RPC Traffic Analysis; kb-reference-title^dp "CAR-2014-12-001: Remotely Launched Executables via WMI"

Reference - CAR-2015-04-001: Remotely Scheduled Tasks via AT - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2015-04-001%3ARemotelyScheduledTasksViaAT_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2015-04-001/"^^any u r i; kb-reference-of^op IPC Traffic Analysis; kb-reference-title^dp "CAR-2015-04-001: Remotely Scheduled Tasks via AT"

Reference - CAR-2015-04-002: Remotely Scheduled Tasks via Schtasks - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RemotelyScheduledTasksViaSchtasks_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2015-04-002/"^^any u r i; kb-reference-of^op RPC Traffic Analysis; kb-reference-title^dp "CAR-2015-04-002: Remotely Scheduled Tasks via Schtasks"

Reference - CAR-2015-07-001: All Logins Since Last Boot - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AllLoginsSinceLastBoot_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2015-07-001/"^^any u r i; kb-reference-of^op Credential Compromise Scope Analysis; kb-reference-title^dp "CAR-2015-07-001: All Logins Since Last Boot"

Reference - CAR-2016-03-001: Host Discovery Commands - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HostDiscoveryCommands_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2016-03-001/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2016-03-001: Host Discovery Commands"

Reference - CAR-2016-03-002: Create Remote Process via WMIC - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CreateRemoteProcessViaWMIC_MITRE_Other

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2016-03-002/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-of^op RPC Traffic Analysis; kb-reference-title^dp "CAR-2016-03-002: Create Remote Process via WMIC"

Reference - CAR-2016-04-002: User Activity from Clearing Event Logs - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UserActivityFromClearingEventLogs_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2016-04-002/"^^any u r i; kb-reference-of^op System File Analysis; kb-reference-title^dp "CAR-2016-04-002: User Activity from Clearing Event Logs"

Reference - CAR-2016-04-003: User Activity from Stopping Windows Defensive Services - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UserActivityFromStoppingWindowsDefensiveServices_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2016-04-003/"^^any u r i; kb-reference-of^op System Daemon Monitoring; kb-reference-title^dp "CAR-2016-04-003: User Activity from Stopping Windows Defensive Services"

Reference - CAR-2016-04-004: Successful Local Account Loginⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2016-04-004_SuccessfulLocalAccountLogin

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2016-04-004/"^^any u r i; kb-reference-of^op Local Account Monitoring; kb-reference-title^dp "Reference - CAR-2016-04-004: Successful Local Account Login"

Reference - CAR-2016-04-005: Remote Desktop Logon - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RemoteDesktopLogon_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2016-04-005/"^^any u r i; kb-reference-of^op Remote Terminal Session Detection; kb-reference-title^dp "CAR-2016-04-005: Remote Desktop Logon"

Reference - CAR-2019-04-001: UAC Bypass - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UACBypass_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2019-04-001/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2019-04-001: UAC Bypass"

Reference - CAR-2019-04-002: Generic Regsvr32 - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-GenericRegsvr32_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2019-04-002/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2019-04-002: Generic Regsvr32"

Reference - CAR-2019-04-003: Squiblydoo - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Squiblydoo_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2019-04-003/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2019-04-003: Squiblydoo"

Reference - CAR-2019-04-004: Credential Dumping via Mimikatz - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CredentialDumpingViaMimikatz_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2019-04-004/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2019-04-004: Credential Dumping via Mimikatz"

Reference - CAR-2019-07-001: Access Permission Modification - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-AccessPermissionModification_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2019-07-001/"^^any u r i; kb-reference-of^op System File Analysis; kb-reference-title^dp "CAR-2019-07-001: Access Permission Modification"

Reference - CAR-2019-07-002: Lsass Process Dump via Procdump - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-LsassProcessDumpViaProcdump_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2019-07-002/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2019-07-002: Lsass Process Dump via Procdump"

Reference - CAR-2019-08-001: Credential Dumping via Windows Task Manager - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CredentialDumpingViaWindowsTaskManager_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2019-08-001/"^^any u r i; kb-reference-of^op System Call Analysis; kb-reference-title^dp "CAR-2019-08-001: Credential Dumping via Windows Task Manager"

Reference - CAR-2019-08-002: Active Directory Dumping via NTDSUtil - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ActiveDirectoryDumpingViaNTDSUtil_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2019-08-002/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2019-08-002: Active Directory Dumping via NTDSUtil"

Reference - CAR-2020-04-001: Shadow Copy Deletion - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-04-001%3AShadowCopyDeletion_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-04-001/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-04-001: Shadow Copy Deletion"

Reference - CAR-2020-05-001: MiniDump of LSASS - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-05-001%3AMiniDumpOfLSASS_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-05-001/"^^any u r i; kb-reference-of^op System Call Analysis; kb-reference-title^dp "CAR-2020-05-001: MiniDump of LSASS"

Reference - CAR-2020-05-003: Rare LolBAS Command Lines - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-05-003%3ARareLolBASCommandLines_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-05-003/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-05-003: Rare LolBAS Command Lines"

Reference - CAR-2020-08-001: NTFS Alternate Data Stream Execution - System Utilities - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-08-001%3ANTFSAlternateDataStreamExecution-SystemUtilities_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-08-001/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-08-001: NTFS Alternate Data Stream Execution - System Utilities"

Reference - CAR-2020-09-001: Scheduled Task - FileAccess - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-09-001%3AScheduledTask-FileAccess_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-09-001/"^^any u r i; kb-reference-of^op File Creation Analysis; kb-reference-title^dp "CAR-2020-09-001: Scheduled Task - FileAccess"

Reference - CAR-2020-09-002: Component Object Model Hijacking - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-09-002%3AComponentObjectModelHijacking_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-09-002/"^^any u r i; kb-reference-of^op User Session Init Config Analysis; kb-reference-title^dp "CAR-2020-09-002: Component Object Model Hijacking"

Reference - CAR-2020-09-003: Indicator Blocking - Driver Unloaded - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-09-003%3AIndicatorBlocking-DriverUnloaded_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-09-003/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-09-003: Indicator Blocking - Driver Unloaded"

Reference - CAR-2020-09-004: Credentials in Files & Registry - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-09-004%3ACredentialsInFiles%26Registry_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-09-004/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-09-004: Credentials in Files & Registry"

Reference - CAR-2020-09-005: AppInit DLLs - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-09-005%3AAppInitDLLs_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-09-005/"^^any u r i; kb-reference-of^op System Init Config Analysis; kb-reference-title^dp "CAR-2020-09-005: AppInit DLLs"

Reference - CAR-2020-11-001: Boot or Logon Initialization Scripts - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-001%3ABootOrLogonInitializationScripts_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-001/"^^any u r i; kb-reference-of^op System Init Config Analysis; kb-reference-title^dp "CAR-2020-11-001: Boot or Logon Initialization Scripts"

Reference - CAR-2020-11-002: Local Network Sniffing - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-002%3ALocalNetworkSniffing_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-002/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2020-11-002: Local Network Sniffing"

Reference - CAR-2020-11-003: DLL Injection with Mavinject - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-003%3ADLLInjectionWithMavinject_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-003/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-11-003: DLL Injection with Mavinject"

Reference - CAR-2020-11-004: Processes Started From Irregular Parent - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-004%3AProcessesStartedFromIrregularParent_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-004/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2020-11-004: Processes Started From Irregular Parent"

Reference - CAR-2020-11-005: Clear Powershell Console Command History - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-005%3AClearPowershellConsoleCommandHistory_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-005/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-11-005: Clear Powershell Console Command History"

Reference - CAR-2020-11-006: Local Permission Group Discovery - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-006%3ALocalPermissionGroupDiscovery_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-006/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-11-006: Local Permission Group Discovery"

Reference - CAR-2020-11-007: Network Share Connection Removal - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-007%3ANetworkShareConnectionRemoval_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-007/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-11-007: Network Share Connection Removal"

Reference - CAR-2020-11-008: MSBuild and msxsl - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-008%3AMSBuildAndMsxsl_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-008/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-11-008: MSBuild and msxsl"

Reference - CAR-2020-11-009: Compiled HTML Access - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-009%3ACompiledHTMLAccess_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-009/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-11-009: Compiled HTML Access"

Reference - CAR-2020-11-010: CMSTP - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-010%3ACMSTP_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-010/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2020-11-010: CMSTP"

Reference - CAR-2020-11-011: Registry Edit from Screensaverⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2020-11-011%3ARegistryEditFromScreensaver

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2020-11-011/"^^any u r i; kb-reference-of^op User Session Init Config Analysis; kb-reference-title^dp "CAR-2020-11-011: Registry Edit from Screensaver"

Reference - CAR-2021-01-002: Unusually Long Command Line Strings - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-002%3AUnusuallyLongCommandLineStrings_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-01-002/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-01-002: Unusually Long Command Line Strings"

Reference - CAR-2021-01-003: Clearing Windows Logs with Wevtutil - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-003%3AClearingWindowsLogsWithWevtutil_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-01-003/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-01-003: Clearing Windows Logs with Wevtutil"

Reference - CAR-2021-01-004: Unusual Child Process for Spoolsv.Exe or Connhost.Exe - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-004%3AUnusualChildProcessForSpoolsv.ExeOrConnhost.Exe_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-01-004/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-01-004: Unusual Child Process for Spoolsv.Exe or Connhost.Exe"

Reference - CAR-2021-01-006: Unusual Child Process spawned using DDE exploit - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-006%3AUnusualChildProcessSpawnedUsingDDEExploit_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-01-006/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-01-006: Unusual Child Process spawned using DDE exploit"

Reference - CAR-2021-01-007: Detecting Tampering of Windows Defender Command Prompt - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-007%3ADetectingTamperingOfWindowsDefenderCommandPrompt_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-01-007/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-01-007: Detecting Tampering of Windows Defender Command Prompt"

Reference - CAR-2021-01-008: Disable UAC - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-008%3ADisableUAC_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-01-008/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-01-008: Disable UAC"

Reference - CAR-2021-01-009: Detecting Shadow Copy Deletion via Vssadmin.exe - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-01-009%3ADetectingShadowCopyDeletionViaVssadmin.exe_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-01-009/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-01-009: Detecting Shadow Copy Deletion via Vssadmin.exe"

Reference - CAR-2021-02-001: Webshell-Indicative Process Tree - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-02-001%3AWebshell-IndicativeProcessTree_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-02-001/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-02-001: Webshell-Indicative Process Tree"

Reference - CAR-2021-02-002: Get System Elevation - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-02-002%3AGetSystemElevation_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-02-002/"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "CAR-2021-02-002: Get System Elevation"

Reference - CAR-2021-04-001: Common Windows Process Masquerading - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-04-001%3ACommonWindowsProcessMasquerading_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-04-001/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-04-001: Common Windows Process Masquerading"

Reference - CAR-2021-05-001: Attempt To Add Certificate To Untrusted Store - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-001%3AAttemptToAddCertificateToUntrustedStore_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-001/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-05-001: Attempt To Add Certificate To Untrusted Store"

Reference - CAR-2021-05-002: Batch File Write to System32 - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-002%3ABatchFileWriteToSystem32_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-002/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-05-002: Batch File Write to System32"

Reference - CAR-2021-05-003: BCDEdit Failure Recovery Modification - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-003%3ABCDEditFailureRecoveryModification_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-003/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-05-003: BCDEdit Failure Recovery Modification"

Reference - CAR-2021-05-004: BITS Job Persistence - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-004%3ABITSJobPersistence_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-004/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-05-004: BITS Job Persistence"

Reference - CAR-2021-05-005: BITSAdmin Download File - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-005%3ABITSAdminDownloadFile_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-005/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-05-005: BITSAdmin Download File"

Reference - CAR-2021-05-006: CertUtil Download With URLCache and Split Arguments - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-006%3ACertUtilDownloadWithURLCacheAndSplitArguments_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-006/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-05-006: CertUtil Download With URLCache and Split Arguments"

Reference - CAR-2021-05-007: CertUtil Download With VerifyCtl and Split Arguments - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-007%3ACertUtilDownloadWithVerifyCtlAndSplitArguments_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-007/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-05-007: CertUtil Download With VerifyCtl and Split Arguments"

Reference - CAR-2021-05-008: Certutil exe certificate extraction - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-008%3ACertutilExeCertificateExtraction_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-008/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-05-008: Certutil exe certificate extraction"

Reference - CAR-2021-05-009: CertUtil With Decode Argument - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-009%3ACertUtilWithDecodeArgument_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-009/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-05-009: CertUtil With Decode Argument"

Reference - CAR-2021-05-010: Create local admin accounts using net exe - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-010%3ACreateLocalAdminAccountsUsingNetExe_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-010/"^^any u r i; kb-reference-of^op Process Spawn Analysis; kb-reference-title^dp "CAR-2021-05-010: Create local admin accounts using net exe"

Reference - CAR-2021-05-011: Create Remote Thread into LSASS - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CAR-2021-05-011%3ACreateRemoteThreadIntoLSASS_MITRE

belongs to: External Knowledge Base^c
has facts: has-link^dp "https://car.mitre.org/analytics/CAR-2021-05-011/"^^any u r i; kb-reference-of^op System Call Analysis; kb-reference-title^dp "CAR-2021-05-011: Create Remote Thread into LSASS"

Reference - Catia UAF Pluginⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CatiaUAFPlugin

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://www.3ds.com/products-services/catia/products/no-magic/addons/uaf-plugin/"^^any u r i; kb-reference-of^op Data Exchange Mapping; kb-reference-of^op Operational Activity Mapping; kb-reference-of^op Operational Dependency Mapping; kb-reference-of^op Organization Mapping; kb-reference-of^op Service Dependency Mapping; kb-reference-of^op System Dependency Mapping; kb-reference-title^dp "Catia UAF Plugin"

Reference - Certificate and Public Key Pinningⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CertificateAndPublicKeyPinning

belongs to: Technique Reference^c
has facts: has-link^dp "https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning"^^any u r i; kb-reference-of^op Certificate Pinning; kb-reference-title^dp "Certificate and Public Key Pinning"

Reference - Certificate Transparencyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CertificateTransparency

belongs to: Technique Reference^c
has facts: has-link^dp "https://www.certificate-transparency.org/"^^any u r i; kb-reference-of^op Passive Certificate Analysis; kb-reference-title^dp "Certificate Transparency"

Reference - Cisco ASR 9000 Series Aggregation Services Routers - Access List Commandsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CiscoASR9000AccessListCommands

belongs to: User Manual Reference^c
has facts: has-link^dp "https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-0/addr_serv/command/reference/ir40asrbook_chapter1.html"^^any u r i; kb-reference-of^op Network Traffic Policy Mapping; kb-reference-title^dp "Cisco ASR 9000 Series Aggregation Services Routers - Access List Commands"

Reference - Computational modeling and classification of data streams - Crowdstrike Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ComputationalModelingAndClassificationOfDataStreams_CrowdstrikeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20180197089A1/en?oq=US-2018197089-A1"^^any u r i; kb-reference-of^op File Content Rules; kb-reference-title^dp "Computational modeling and classification of data streams"

Reference - Computer motherboard having peripheral security functionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ComputerMotherboardHavingPeripheralSecurityFunctions

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US8869308B2/en"^^any u r i; kb-reference-of^op IO Port Restriction; kb-reference-title^dp "Computer motherboard having peripheral security functions"

Reference - Computer Worm Defense System and Method - FireEye Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ComputerWormDefenseSystemAndMethod_FireEyeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20130036472A1"^^any u r i; kb-reference-of^op File Carving; kb-reference-title^dp "Computer Worm Defense System and Method"

Reference - Computer-implemented methods and systems for identifying visually similar text character strings - Greathorn Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Computer-implementedMethodsAndSystemsForIdentifyingVisuallySimilarTextCharacterStrings_GreathornInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10320815B2/en?oq=US-10320815-B2"^^any u r i; kb-reference-of^op Homoglyph Detection; kb-reference-title^dp "Computer-implemented methods and systems for identifying visually similar text character strings"

Reference - Computing apparatus with automatic integrity reference generation and maintenance - Tripwire, Inc.ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ComputingApparatusWithAutomaticIntegrityReferenceGenerationAndMaintenance_Tripwire,Inc.

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20040060046A1"^^any u r i; kb-reference-of^op Executable Allowlisting; kb-reference-title^dp "Computing apparatus with automatic integrity reference generation and maintenance"

Reference - Configure User Access Control and Permissionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ConfigureUserAccessControlAndPermissions

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/configure/user-access-control"^^any u r i; kb-reference-of^op User Account Permissions; kb-reference-title^dp "Configure User Access Control and Permissions"

Reference - Content extractor and analysis system - Bit 9 Inc, Carbon Black Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ContentExtractorAndAnalysisSystem_Bit9Inc,CarbonBlackInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20070028110A1"^^any u r i; kb-reference-of^op Executable Denylisting; kb-reference-title^dp "Content extractor and analysis system"

Reference - Continuous authentication by analysis of keyboard typing characteristics - Bradford Univ., UKⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ContinuousAuthenticationByAnalysisOfKeyboardTypingCharacteristics_BradfordUniv.,UK

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://ieeexplore.ieee.org/document/491588?reload=true&arnumber=491588"^^any u r i; kb-reference-of^op Input Device Analysis; kb-reference-title^dp "Continuous authentication by analysis of keyboard typing characteristics"

Reference - Cyber Command System (CYCS)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-CyberCommandSystemCYCS

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://www.mitre.org/research/technology-transfer/technology-licensing/cyber-command-system-cycs"^^any u r i; kb-reference-of^op Operational Dependency Mapping; kb-reference-title^dp "Cyber Command System (CYCS)"

Reference - Dagger Fact Sheetⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DaggerFactSheet

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://www.jhuapl.edu/dagger/documents/DaggerFactSheet.pdf"^^any u r i; kb-reference-of^op Operational Dependency Mapping; kb-reference-title^dp "Dagger Fact Sheet"

Reference - Dagger: Modeling and visualization for mission impact situational awarenessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DaggerModelingAndVisualizationForMissionImpactSituationalAwareness

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://ieeexplore.ieee.org/document/7795296"^^any u r i; kb-reference-of^op Operational Dependency Mapping; kb-reference-title^dp "Dagger: Modeling and visualization for mission impact situational awareness"

Reference - Data processing and scanning systems for generating and populating a data inventoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DataProcessingAndScanningSystemsForGeneratingAndPopulatingADataInventory

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US11240273B2/"^^any u r i; kb-reference-of^op Data Inventory; kb-reference-title^dp "Data processing and scanning systems for generating and populating a data inventory"

Reference - Database for receiving, storing and compiling information about email messagesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Database_for_receiving_storing_and_compiling_information_about_email_messages

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20050091319A1/"^^any u r i; kb-reference-of^op Domain Name Reputation Analysis; kb-reference-of^op IP Reputation Analysis; kb-reference-title^dp "Database for receiving, storing and compiling information about email messages"

Reference - Dead code eliminationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DeadCodeElimination

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://nebelwelt.net/files/15LangSec.pdf"^^any u r i; kb-reference-of^op Dead Code Elimination; kb-reference-title^dp "The Correctness-Security Gap in Compiler Optimization"

Reference - Deception-Based Responses to Security Attacks - Crowdstrike Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Deception-BasedResponsesToSecurityAttacks_CrowdstrikeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20140250524A1/en?oq=US-2014250524-A1"^^any u r i; kb-reference-of^op Decoy Network Resource; kb-reference-title^dp "Deception-Based Responses to Security Attacks"

Reference - Decoy and deceptive data object technology - Cymmetria Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DecoyAndDeceptiveDataObjectTechnology_CymmetriaInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170134423A1"^^any u r i; kb-reference-of^op Decoy Session Token; kb-reference-of^op Decoy User Credential; kb-reference-title^dp "Decoy and deceptive data object technology"

Reference - Decoy and deceptive data object technology - Cymmetria, Inc.ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DecoyAndDeceptiveDataObjectTechnology_Cymmetria,Inc.

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170134423A1"^^any u r i; kb-reference-of^op Decoy Persona; kb-reference-title^dp "Decoy and deceptive data object technology"

Reference - Decoy Network-Based Service for Deceiving Attackers - Amazon Technologiesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DecoyNetwork-BasedServiceForDeceivingAttackers-AmazonTechnologies

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10873601B1"^^any u r i; kb-reference-of^op Decoy User Credential; kb-reference-title^dp "Decoy network-based service for deceiving attackers"

Reference - Decoy Personas for Safeguarding Online Identity Using Deception - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DecoyPersonasForSafeguardingOnlineIdentityUsingDeception_

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://web.archive.org/web/20180407204216/https://isc.sans.edu/diary/Decoy+Personas+for+Safeguarding+Online+Identity+Using+Deception/16159"^^any u r i; kb-reference-of^op Decoy Persona; kb-reference-title^dp "Decoy Personas for Safeguarding Online Identity Using Deception"

Reference - Detecting DDoS Attack Using Snortⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DetectingDDoSAttackUsingSnort

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://www.researchgate.net/publication/338660054_DETECTING_DDoS_ATTACK_USING_Snort"^^any u r i; kb-reference-of^op Inbound Session Volume Analysis; kb-reference-title^dp "DETECTING DDoS ATTACK USING Snort"

Reference - Detecting network reconnaissance by tracking intranet dark-net communications - VECTRA NETWORKS Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DetectingNetworkReconnaissanceByTrackingIntranetDark-netCommunications_VECTRANETWORKSInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20150264078A1"^^any u r i; kb-reference-of^op Connection Attempt Analysis; kb-reference-title^dp "Detecting network reconnaissance by tracking intranet dark-net communications"

Reference - Detecting script-based malware - Crowdstrike Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DetectingScript-basedMalware_CrowdstrikeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190188384A1"^^any u r i; kb-reference-of^op File Content Rules; kb-reference-of^op Script Execution Analysis; kb-reference-title^dp "Detecting script-based malware"

Reference - Detection of Malicious IDNHomoglyph Domainsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DetectionOfMaliciousIDNHomoglyphDomains

belongs to: Internet Article Reference^c
has facts: has-link^dp "http://essay.utwente.nl/79263/1/Yazdani_MA_EEMCS.pdf"^^any u r i; kb-reference-of^op Homoglyph Denylisting; kb-reference-title^dp "Detection of Malicious IDN Homoglyph Domains Using Active DNS Measurements"

Reference - Deterministic method for detecting and blocking of exploits on interpreted code - K2 Cyber Security Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DeterministicMethodForDetectingAndBlockingOfExploitsOnInterpretedCode_K2CyberSecurityInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190180036A1/en?oq=US-2019180036-A1"^^any u r i; kb-reference-of^op System Call Analysis; kb-reference-title^dp "Deterministic method for detecting and blocking of exploits on interpreted code"

Reference - Digital Identity Guidelines 800-63-3ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DigitalIdentityGuidelines800-63-3

belongs to: Guideline Reference^c
has facts: has-link^dp "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf"^^any u r i; kb-reference-of^op Strong Password Policy; kb-reference-title^dp "Digital Identity Guidelines"

Reference - Distributed meta-information query in a network - Bit 9 Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DistributedMeta-informationQueryInANetwork_Bit9Inc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20070028302A1/en?oq=US-2007028302-A1"^^any u r i; kb-reference-of^op File Content Rules; kb-reference-title^dp "Distributed meta-information query in a network"

Reference - DNS Whitelist (DNSWL) Email Authentication Method Extensionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DNSWhitelist-DNSWL-EmailAuthenticationMethodExtension

belongs to: Specification Reference^c
has facts: has-link^dp "https://datatracker.ietf.org/doc/html/rfc8904"^^any u r i; kb-reference-of^op DNS Allowlisting; kb-reference-title^dp "DNS Whitelist (DNSWL) Email Authentication Method Extension"

Reference - Domain age registration alert - Inc Rapid7 Inc RAPID7 Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DomainAgeRegistrationAlert_IncRapid7IncRAPID7Inc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170026400A1/"^^any u r i; kb-reference-of^op DNS Traffic Analysis; kb-reference-title^dp "Domain age registration alert"

Reference - Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network - Palo Alto Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DynamicSelectionAndGenerationOfAVirtualCloneForDetonationOfSuspiciousContentWithinAHoneyNetwork_PaloAltoNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9882929B1/en?oq=US-9882929-B1"^^any u r i; kb-reference-of^op Decoy Network Resource; kb-reference-of^op Standalone Honeynet; kb-reference-title^dp "Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network"

Reference - Embedding contexts for on-line threats into response policy zones - Verisign Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-EmbeddingContextsForOn-lineThreatsIntoResponsePolicyZones-VerisignInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10440059B1"^^any u r i; kb-reference-of^op Hierarchical Domain Denylisting; kb-reference-title^dp "Embedding contexts for on-line threats into response policy zones"

Reference - End-to-end certificate pinningⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-End-to-endCertificatePinning

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9847992B2/en?q=certificate+pinning&oq=certificate+pinning"^^any u r i; kb-reference-of^op Certificate Pinning; kb-reference-title^dp "End-to-end Certificate Pinning"

Reference - Enhancing Network Security By Preventing User-Initiated Malware Execution - MITREⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-EnhancingNetworkSecurityByPreventingUser-InitiatedMalwareExecution_

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://ieeexplore.ieee.org/document/1425209"^^any u r i; kb-reference-of^op Executable Allowlisting; kb-reference-title^dp "Enhancing Network Security By Preventing User-Initiated Malware Execution"

Reference - File and Folder Permissionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FileAndFolderPermissions

belongs to: User Manual Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727008(v=technet.10)?redirectedfrom=MSDN"^^any u r i; kb-reference-of^op Local File Permissions; kb-reference-title^dp "File and Folder Permissions"

Reference - File-modifying malware detection - Crowdstrike Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-File-modifyingMalwareDetection_CrowdstrikeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20180121650A1/en?oq=US-2018121650-A1"^^any u r i; kb-reference-of^op File Access Pattern Analysis; kb-reference-title^dp "File-modifying malware detection"

Reference - Finding phishing sitesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Finding_phishing_sites

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US8839418B2/"^^any u r i; kb-reference-of^op Domain Name Reputation Analysis; kb-reference-of^op IP Reputation Analysis; kb-reference-of^op URL Reputation Analysis; kb-reference-title^dp "Finding phishing sites"

Reference - Firewall for interent access - Secure Computing LLCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirewallForInterentAccess_SecureComputingLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/GB2317539A"^^any u r i; kb-reference-of^op Inbound Traffic Filtering; kb-reference-title^dp "Firewall for interent access"

Reference - Firewall for processing a connectionless network packet - National Security Agencyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirewallForProcessingAConnectionlessNetworkPacket_NationalSecurityAgency

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US7073196B1"^^any u r i; kb-reference-of^op Inbound Traffic Filtering; kb-reference-title^dp "Firewall for processing a connectionless network packet"

Reference - Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network - National Security Agencyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirewallForProcessingConnection-orientedAndConnectionlessDatagramsOverAConnection-orientedNetwork_NationalSecurityAgency

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US6615358B1"^^any u r i; kb-reference-of^op Inbound Traffic Filtering; kb-reference-title^dp "Firewall for processing connection-oriented and connectionless datagrams over a connection-oriented network"

Reference - Firewalls that filter based upon protocol commands - Intel Corpⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirewallsThatFilterBasedUponProtocolCommands_IntelCorp

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US6832256B1"^^any u r i; kb-reference-of^op Inbound Traffic Filtering; kb-reference-title^dp "Firewalls that filter based upon protocol commands"

Reference - Firmware Behavior Analysis ConFirmⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareBehaviorAnalysisConFirm

belongs to: Academic Paper Reference^c
has facts: has-link^dp "http://sites.nyuad.nyu.edu/moma/pdfs/pubs/C22.pdf"^^any u r i; kb-reference-of^op Firmware Behavior Analysis; kb-reference-title^dp "ConFirm: Detecting Firmware Modifications in Embedded Systems using Hardware Performance Counters"

Reference - Firmware Behavior Analysis VIPERⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareBehaviorAnalysisVIPER

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://dl.acm.org/doi/pdf/10.1145/2046707.2046711"^^any u r i; kb-reference-of^op Firmware Behavior Analysis; kb-reference-title^dp "VIPER: Verifying the Integrity of PERipherals' Firmware"

Reference - Firmware Embedded Monitoring Code Red Balloonⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareEmbeddedMonitoringCodeRedBalloon

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10657262B1/en"^^any u r i; kb-reference-of^op Firmware Embedded Monitoring Code; kb-reference-title^dp "Method and apparatus for securing embedded device firmware"

Reference - Firmware Embedded Monitoring Code Symbiotesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareEmbeddedMonitoringCodeSymbiotes

belongs to: Academic Paper Reference^c
has facts: has-link^dp "http://nsl.cs.columbia.edu/projects/minestrone/papers/Symbiotes.pdf"^^any u r i; kb-reference-of^op Firmware Embedded Monitoring Code; kb-reference-title^dp "Defending Embedded Systems with Software Symbiotes"

Reference - Firmware Verification Eclypsiumⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareVerificationEclypsium

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20200074086A1/en"^^any u r i; kb-reference-of^op Firmware Verification; kb-reference-title^dp "Methods and systems for hardware and firmware security monitoring"

Reference - Firmware Verification Trapezoidⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FirmwareVerificationTrapezoid

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9674183B2/en"^^any u r i; kb-reference-of^op Firmware Verification; kb-reference-title^dp "System and method for hardware-based trust control management"

Reference - Framework for notifying a directory service of authentication events processed outside the directory service - Oracle International Corpⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FrameworkForNotifyingADirectoryServiceOfAuthenticationEventsProcessedOutsideTheDirectoryService_OracleInternationalCorp

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20090077645A1"^^any u r i; kb-reference-of^op Account Locking; kb-reference-title^dp "Framework for notifying a directory service of authentication events processed outside the directory service"

Reference - FWTK - Firewall Toolkitⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FWTK-FirewallToolkit_

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://blogs.gartner.com/john_pescatore/2008/10/02/this-week-in-network-security-history-the-firewall-toolkit/"^^any u r i; kb-reference-title^dp "FWTK - Firewall Toolkit"

Reference - FWTK Documentation - fwtk.orgⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-FWTKDocumentation-Fwtk.org

belongs to: Technique Reference^c
has facts: has-link^dp "https://web.archive.org/web/20070510153306/http://www.fwtk.org/fwtk/docs/documentation.html#1.1"^^any u r i; kb-reference-of^op Inbound Traffic Filtering; kb-reference-title^dp "FWTK Documentation"

Reference - Guards for application in software tamperproofing - Purdue Research Foundationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-GuardsForApplicationInSoftwareTamperproofing_PurdueResearchFoundation

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US7287166B1/en?oq=US-7287166-B1"^^any u r i; kb-reference-of^op Process Code Segment Verification; kb-reference-title^dp "Guards for application in software tamperproofing"

Reference - Hardware-assisted system and method for detecting and analyzing system calls made to an operting system kernel - Endgame Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Hardware-assistedSystemAndMethodForDetectingAndAnalyzingSystemCallsMadeToAnOpertingSystemKernel_EndgameInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20180032728A1/en?oq=US20180032728-A1"^^any u r i; kb-reference-of^op System Call Analysis; kb-reference-title^dp "Hardware-assisted system and method for detecting and analyzing system calls made to an operting system kernel"

Reference - Heuristic botnet detection - Palo Alto Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HeuristicBotnetDetection_PaloAltoNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160156644A1"^^any u r i; kb-reference-of^op DNS Traffic Analysis; kb-reference-title^dp "Heuristic botnet detection"

Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HostIntrusionPreventionSystemUsingSoftwareAndUserBehaviorAnalysis_SophosLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20110023115A1"^^any u r i; kb-reference-of^op Resource Access Pattern Analysis; kb-reference-of^op System Daemon Monitoring; kb-reference-of^op Web Session Activity Analysis; kb-reference-title^dp "Host intrusion prevention system using software and user behavior analysis"

Reference - How ASLR protects Linux systems from buffer overflow attacks - Network Worldⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HowASLRProtectsLinuxSystemsFromBufferOverflowAttacks_NetworkWorld

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://www.networkworld.com/article/3331199/what-does-aslr-do-for-linux.html"^^any u r i; kb-reference-of^op Segment Address Offset Randomization; kb-reference-title^dp "How ASLR protects Linux systems from buffer overflow attacks"

Reference - How Does Antivirus Quarantine Work? - Safety Detectivesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HowDoesAntivirusQuarantineWork-SafetyDetectives

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://www.safetydetectives.com/blog/how-does-antivirus-quarantine-work/"^^any u r i; kb-reference-of^op File Removal; kb-reference-title^dp "How Does Antivirus Quarantine Work?"

Reference - How to change registry values or permissions from a command line or a scriptⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HowToChangeRegistryValuesOrPermissionsFromACommandLineOrAScript

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/troubleshoot/windows-client/application-management/change-registry-values-permissions"^^any u r i; kb-reference-title^dp "How to change registry values or permissions from a command line or a script"

Reference - How trust relationships work for resource forests in Azure Active Directory Domain Servicesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-HowTrustRelationshipsWorkForResourceForestsInAzureActiveDirectoryDomainServices

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/azure/active-directory-domain-services/concepts-forest-trust"^^any u r i; kb-reference-of^op Domain Trust Policy; kb-reference-title^dp "How trust relationships work for resource forests in Azure Active Directory Domain Services"

Reference - http://www.biometric-solutions.com/keystroke-dynamics.html - biometric-solutions.comⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-www.biometric-solutions.com_keystroke-dynamics

belongs to: Internet Article Reference^c
has facts: has-link^dp "http://www.biometric-solutions.com/keystroke-dynamics.html"^^any u r i; kb-reference-of^op Input Device Analysis; kb-reference-title^dp "Keystroke Dynamics"

Reference - Identification and extraction of key forensics indicators of compromise using subject-specific filesystem viewsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IdentificationAndExtractionOfKeyForensicsIndicatorsOfCompromiseUsingSubject-specificFilesystemViews

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20200004962A1/en"^^any u r i; kb-reference-title^dp "Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views"

Reference - Identification of traceroute nodes and associated devicesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IdentificationOfTracerouteNodesAndAssociatedDevices

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10079749B2/en"^^any u r i; kb-reference-title^dp "Identification of traceroute nodes and associated devices"

Reference - Identification of visual international domain name collisions - Verisign Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IdentificationOfVisualInternationalDomainNameCollisions-VerisignInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10599836B2/en"^^any u r i; kb-reference-of^op Homoglyph Detection; kb-reference-title^dp "Identification of visual international domain name collisions"

Reference - Identifying a denial-of-service attack in a cloud-based proxy service - Cloudfare Inc.ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IdentifyingADenial-of-serviceAttackInACloud-basedProxyService-CloudfareInc.

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US8613089B1"^^any u r i; kb-reference-of^op Inbound Session Volume Analysis; kb-reference-title^dp "Identifying a denial-of-service attack in a cloud-based proxy service"

Reference - IEEE Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IEEE-802_1AB-2016

belongs to: Specification Reference^c
has facts: has-link^dp "https://standards.ieee.org/ieee/802.1AB/6047/"^^any u r i; kb-reference-of^op Hardware Component Inventory; kb-reference-title^dp "IEEE Standard for Local and Metropolitan Area Networks - Station and Media Access Control Connectivity Discovery"

Reference - Indirect Branching Callsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IndirectBranchingCalls

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.1048.1241&rep=rep1&type=pdf"^^any u r i; kb-reference-of^op Indirect Branch Call Analysis; kb-reference-title^dp "Transparent ROP Exploit Mitigation using Indirect Branch Tracing"

Reference - Inferential exploit attempt detection - Crowdstrike Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-InferentialExploitAttemptDetection_CrowdstrikeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10216934B2/en?oq=US-10216934-B2"^^any u r i; kb-reference-of^op Memory Boundary Tracking; kb-reference-title^dp "Inferential exploit attempt detection"

Reference - Instant process termination tool to recover control of an information handling system - Dell Products LPⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-InstantProcessTerminationToolToRecoverControlOfAnInformationHandlingSystem_DellProductsLP

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20060236108A1/en"^^any u r i; kb-reference-of^op Process Termination; kb-reference-title^dp "Instant process termination tool to recover control of an information handling system"

Reference - Integrity assurance through early loading in the boot phase - Crowdstrike Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IntegrityAssuranceThroughEarlyLoadingInTheBootPhase_CrowdstrikeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170061127A1"^^any u r i; kb-reference-of^op Driver Load Integrity Checking; kb-reference-title^dp "Integrity assurance through early loading in the boot phase"

Reference - Intrusion detection using a heartbeat - Sophos Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IntrusionDetectionUsingAHeartbeat_SophosLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20180191752A1"^^any u r i; kb-reference-of^op Endpoint Health Beacon; kb-reference-title^dp "Intrusion detection using a heartbeat"

Reference - Isolation of applications within a virtual machine - Bromium, Inc.ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-IsolationOfApplicationsWithinAVirtualMachine_Bromium,Inc.

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9921860B1"^^any u r i; kb-reference-of^op Hardware-based Process Isolation; kb-reference-title^dp "Isolation of applications within a virtual machine"

Reference - Libre NMS - Network Map Extensionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-LibreNMSDocsNetworkMapExtension

belongs to: User Manual Reference^c
has facts: has-link^dp "https://docs.librenms.org/Extensions/Network-Map/"^^any u r i; kb-reference-of^op Network Mapping; kb-reference-title^dp "Libre NMS - Network Map Extension"

Reference - Libre NMS - Oxidized Extensionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-LibreNMSDocsOxidizedExtension

belongs to: User Manual Reference^c
has facts: has-link^dp "https://docs.librenms.org/Extensions/Oxidized/"^^any u r i; kb-reference-of^op Disk Encryption; kb-reference-title^dp "LibreNMSDocs - Oxidized Extension"

Reference - LUKS1 On-Disk Format SpecificationVersion 1.2.3ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-LUKS1On-DiskFormatSpecificationVersion1.2.3

belongs to: Specification Reference^c
has facts: has-link^dp "https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf"^^any u r i; kb-reference-of^op Disk Encryption; kb-reference-title^dp "LUKS1 On-Disk Format SpecificationVersion 1.2.3"

Reference - Malicious relay detection on networks - VECTRA NETWORKS Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MaliciousRelayDetectionOnNetworks_VECTRANETWORKSInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20150264083A1"^^any u r i; kb-reference-of^op Relay Pattern Analysis; kb-reference-title^dp "Malicious relay detection on networks"

Reference - Malware analysis system - Palo Alto Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MalwareAnalysisSystem_PaloAltoNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20150319136A1"^^any u r i; kb-reference-of^op Dynamic Analysis; kb-reference-title^dp "Malware analysis system"

Reference - Malware detection in event loops - Crowdstrike Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MalwareDetectionInEventLoops_CrowdstrikeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190205530A1"^^any u r i; kb-reference-of^op System Call Analysis; kb-reference-title^dp "Malware detection in event loops"

Reference - Malware detection using local computational models - Crowdstrike Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MalwareDetectionUsingLocalComputationalModels_CrowdstrikeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190026466A1"^^any u r i; kb-reference-of^op Process Termination; kb-reference-title^dp "Malware detection using local computational models"

Reference - Method and Apparatus for Detecting Malicious Websites - Endgame Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndApparatusForDetectingMaliciousWebsites_EndgameInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20140331319A1"^^any u r i; kb-reference-of^op URL Analysis; kb-reference-title^dp "Method and Apparatus for Detecting Malicious Websites"

Reference - Method and apparatus for increasing the speed at which computer viruses are detected - McAfee LLCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndApparatusForIncreasingTheSpeedAtWhichComputerVirusesAreDetected_McAfeeLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US5502815A"^^any u r i; kb-reference-of^op Executable Denylisting; kb-reference-title^dp "Method and apparatus for increasing the speed at which computer viruses are detected"

Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndApparatusForNetworkFraudDetectionAndRemediationThroughAnalytics_IdaptiveLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190081968A1/en"^^any u r i; kb-reference-of^op Authentication Event Thresholding; kb-reference-of^op Authorization Event Thresholding; kb-reference-of^op Resource Access Pattern Analysis; kb-reference-of^op Session Duration Analysis; kb-reference-of^op User Geolocation Logon Pattern Analysis; kb-reference-title^dp "Method and Apparatus for Network Fraud Detection and Remediation Through Analytics"

Reference - Method and apparatus for utilizing a token for resource access - Rsa Security Inc.ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndApparatusForUtilizingATokenForResourceAccess_RsaSecurityInc.

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US5657388A/en"^^any u r i; kb-reference-of^op Multi-factor Authentication; kb-reference-title^dp "Method and apparatus for utilizing a token for resource access"

Reference - Method and system for controlling communication portsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForControllingCommunicationPorts

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US8566924"^^any u r i; kb-reference-of^op IO Port Restriction; kb-reference-title^dp "Method and system for controlling communication ports"

Reference - Method and system for detecting algorithm-generated domains - VECTRA NETWORKS Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingAlgorithm-generatedDomains_VECTRANETWORKSInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20150264070A1"^^any u r i; kb-reference-of^op DNS Traffic Analysis; kb-reference-title^dp "Method and system for detecting algorithm-generated domains"

Reference - Method and system for detecting external control of compromised hosts - VECTRA NETWORKS Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingExternalControlOfCompromisedHosts_VECTRANETWORKSInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9407647B2/en?oq=US-9407647-B2"^^any u r i; kb-reference-of^op Remote Terminal Session Detection; kb-reference-title^dp "Method and system for detecting external control of compromised hosts"

Reference - Method and system for detecting malicious payloads - Vectra Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingMaliciousPayloads_VectraNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/EP3293937A1/en?oq=EP-3293937-A1"^^any u r i; kb-reference-of^op Client-server Payload Profiling; kb-reference-title^dp "Method and system for detecting malicious payloads"

Reference - Method and system for detecting restricted content associated with retrieved content - Sophos Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingRestrictedContentAssociatedWithRetrievedContent_SophosLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160359883A1"^^any u r i; kb-reference-of^op URL Analysis; kb-reference-title^dp "Method and system for detecting restricted content associated with retrieved content"

Reference - Method and system for detecting suspicious administrative activity - Vectra Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingSuspiciousAdministrativeActivity_VectraNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20180077186A1"^^any u r i; kb-reference-of^op Administrative Network Activity Analysis; kb-reference-title^dp "Method and system for detecting suspicious administrative activity"

Reference - Method and system for detecting threats using metadata vectors - VECTRA NETWORKS Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingThreatsUsingMetadataVectors_VECTRANETWORKSInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160191551A1"^^any u r i; kb-reference-of^op Protocol Metadata Anomaly Detection; kb-reference-title^dp "Method and system for detecting threats using metadata vectors"

Reference - Method and system for detecting threats using passive cluster mapping - Vectra Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForDetectingThreatsUsingPassiveClusterMapping_VectraNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160149936A1"^^any u r i; kb-reference-of^op Protocol Metadata Anomaly Detection; kb-reference-title^dp "Method and system for detecting threats using passive cluster mapping"

Reference - Method and system for providing software updates to local machinesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForProvidingSoftwareUpdatesToLocalMachines

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10474448B2/en"^^any u r i; kb-reference-title^dp "Method and system for providing software updates to local machines"

Reference - Method and system for UDP flood attack detection - Riorey LLCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodAndSystemForUDPFloodAttackDetection-RioreyLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US8307430B1"^^any u r i; kb-reference-of^op Inbound Session Volume Analysis; kb-reference-title^dp "Method and system for UDP flood attack detection"

Reference - Method for controlling computer network security - Checkpoint Software Technologies Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodForControllingComputerNetworkSecurity_CheckpointSoftwareTechnologiesLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/EP0658837B1/"^^any u r i; kb-reference-of^op Inbound Traffic Filtering; kb-reference-title^dp "Method for controlling computer network security"

Reference - Method for file encryptionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodForFileEncryption

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9521123B2/en"^^any u r i; kb-reference-of^op File Encryption; kb-reference-title^dp "Method for file encryption"

Reference - Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system - Symantec Corporationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MethodUsingKernelModeAssistanceForTheDetectionAndRemovalOfThreatsWhichAreActivelyPreventingDetectionAndRemovalFromARunningSystem_SymantecCorporation

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US8239947B1"^^any u r i; kb-reference-of^op System Daemon Monitoring; kb-reference-title^dp "Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system"

Reference - MGT516: Managing Security Vulnerabilities: Enterprise and Cloudⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MGT516ManagingSecurityVulnerabilitiesEnterpriseAndCloud

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://www.sans.org/cyber-security-courses/managing-enterprise-cloud-security-vulnerabilities/"^^any u r i; kb-reference-of^op Operational Risk Assessment; kb-reference-title^dp "MGT516: Managing Security Vulnerabilities: Enterprise and Cloud"

Reference - Mission Dependency Modeling for Cyber Situational Awarenessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MissionDependencyModelingForCyberSituationalAwareness

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://csis.gmu.edu/noel/pubs/2016_NATO_IST_148.pdf"^^any u r i; kb-reference-of^op Operational Dependency Mapping; kb-reference-title^dp "Mission Dependency Modeling for Cyber Situational Awareness"

Reference - Mitigate threats by using Windows 10 security features: Data Execution Prevention - Microsoftⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DataExecutionPrevention_Microsoft

belongs to: User Manual Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10#data-execution-prevention"^^any u r i; kb-reference-of^op Process Segment Execution Prevention; kb-reference-title^dp "Mitigate threats by using Windows 10 security features: Data Execution Prevention"

Reference - Mock attack cybersecurity training system and methods - WOMBAT SECURITY TECHNOLOGIES Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-MockAttackCybersecurityTrainingSystemAndMethods_WOMBATSECURITYTECHNOLOGIESInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9558677B2/"^^any u r i; kb-reference-of^op Decoy Public Release; kb-reference-title^dp "Mock attack cybersecurity training system and methods"

Reference - Modeling user access to computer resources - Daedalus Group LLC (formerly IBM)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ModelingUserAccessToComputerResources_DaedalusGroupLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US8214364B2"^^any u r i; kb-reference-of^op Resource Access Pattern Analysis; kb-reference-title^dp "Modeling user access to computer resources"

Reference - Modification of a Server to Mimic a Deception Mechanism - Acalvio Technologies Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ModificationOfAServerToMimicADeceptionMechanism_AcalvioTechnologiesInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170149825A1"^^any u r i; kb-reference-of^op Connected Honeynet; kb-reference-title^dp "Modification of a Server to Mimic a Deception Mechanism"

Reference - Muninⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Munin

belongs to: Source Code Reference^c
has facts: has-link^dp "https://github.com/Neo23x0/munin"^^any u r i; kb-reference-title^dp "Online Hash Checker for Virustotal and Other Services"

Reference - Network firewall with proxy - Secure Computing LLCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NetworkFirewallWithProxy_SecureComputingLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/GB2318031A"^^any u r i; kb-reference-of^op Inbound Traffic Filtering; kb-reference-title^dp "Network firewall with proxy"

Reference - Network-Based Buffer Overflow Detection by Exploit Code Analysis - Information Security Research Centreⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Network-BasedBufferOverflowDetectionByExploitCodeAnalysis_InformationSecurityResearchCentre

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://eprints.qut.edu.au/21172/1/21172.pdf"^^any u r i; kb-reference-of^op Byte Sequence Emulation; kb-reference-title^dp "Network-Based Buffer Overflow Detection by Exploit Code Analysis"

Reference - Network-level polymorphic shellcode detection using emulationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Network-levelPolymorphicShellcodeDetectionUsingEmulation

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://www.cs.unc.edu/~fabian/course_papers/polymorphic-detect.pdf"^^any u r i; kb-reference-of^op Byte Sequence Emulation; kb-reference-title^dp "Network-level polymorphic shellcode detection using emulation"

Reference - NIST RMF Quick Start Guide - Assess Step - Frequently Asked Questions (FAQ)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NIST-RMF-Quick-Start-Guide-Assess-Step-FAQ

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://csrc.nist.gov/CSRC/media/Projects/risk-management/documents/05-Assess%20Step/NIST%20RMF%20Assess%20Step-FAQs.pdf"^^any u r i; kb-reference-of^op Operational Risk Assessment; kb-reference-title^dp "NIST RMF Quick Start Guide - Assess Step - Frequently Asked Questions (FAQ)"

Reference - NIST Special Publication 800-160 Volume 1 - System Security Engineeringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NIST-Special-Publication-800-160-Volume-1

belongs to: Guideline Reference^c
has facts: has-link^dp "https://doi.org/10.6028/NIST.SP.800-160v1"^^any u r i; kb-reference-of^op Operational Risk Assessment; kb-reference-title^dp "NIST Special Publication 800-160 Volume 1 - Systems Security Engineering"

Reference - NIST Special Publication 800-37 Revision 2 - Risk Management Framework for Information Systems and Organizationsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NIST-Special-Publication-800-37-Revision-2

belongs to: Guideline Reference^c
has facts: has-link^dp "https://doi.org/10.6028/NIST.SP.800-37r2"^^any u r i; kb-reference-of^op Operational Risk Assessment; kb-reference-title^dp "NIST Special Publication 800-37 Revision 2 - Risk Management Framework for Information Systems and Organizations"

Reference - NIST Special Publication 800-53A Revision 5 - Assessing Security and Privacy Controls in Information Systems and Organizationsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NIST-Special-Publication-800-53A-Revision-5

belongs to: Guideline Reference^c
has facts: has-link^dp "https://doi.org/10.6028/NIST.SP.800-53Ar5"^^any u r i; kb-reference-of^op Operational Risk Assessment; kb-reference-title^dp "NIST Special Publication 800-53A Revision 5 - Assessing Security and Privacy Controls in Information Systems and Organizations"

Reference - NISTIR 8011 Volume 1 - Automation Support for Security Control Assessmentsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-NISTIR-8011-Volume-1

belongs to: Guideline Reference^c
has facts: has-link^dp "https://doi.org/10.6028/NIST.IR.8011-1"^^any u r i; kb-reference-of^op Operational Risk Assessment; kb-reference-title^dp "NIST Interagency Report 8011 Volume 1 - Automation Support for Security Control Assessments"

Reference - Open source intelligence deceptions - Illusive Networks Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-OpenSourceIntelligenceDeceptions_IllusiveNetworksLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10333976B1/en?assignee=Illusive+Networks+Ltd&oq=Illusive+Networks+Ltd+"^^any u r i; kb-reference-of^op Decoy File; kb-reference-title^dp "Open source intelligence deceptions"

Reference - Organizational Management in SAP ERP HCMⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-OrganizationalManagementInSAPERPHCM

belongs to: Book Reference^c
has facts: has-link^dp "https://www.sap-press.com/organizational-management-in-sap-erp-hcm_3996/"^^any u r i; kb-reference-of^op Organization Mapping; kb-reference-title^dp "Organization Mapping in SAP ERP HCM"

Reference - OS Query Windows User Collection Codeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-OSQueryWindowsUserCollectionCode

belongs to: Source Code Reference^c
has facts: has-link^dp "https://github.com/osquery/osquery/blob/d2be385d71f401c85872f00d479df8f499164c5a/osquery/tables/system/windows/users.cpp"^^any u r i; kb-reference-title^dp "OS Query Windows User Collection Code"

Reference - Overview of the seccomp sandboxⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-OverviewOfTheSeccompSandbox

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://code.google.com/archive/p/seccompsandbox/wikis/overview.wiki"^^any u r i; kb-reference-of^op System Call Filtering; kb-reference-title^dp "Overview of the seccomp sandbox"

Reference - Platform Firmware Resiliency Guidelines - NISTⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PlatformFirmwareResiliencyGuidelines_NIST

belongs to: Guideline Reference^c
has facts: has-link^dp "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf"^^any u r i; kb-reference-of^op Firmware Verification; kb-reference-title^dp "Platform Firmware Resiliency Guidelines"

Reference - Pointer Authentication on ARMv8.3ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PointerAuthenticationOnARMv8.3

belongs to: Specification Reference^c
has facts: has-link^dp "https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8-3.pdf"^^any u r i; kb-reference-of^op Pointer Authentication; kb-reference-title^dp "Pointer Authentication on ARMv8.3"

Reference - Pointer Authentication Project Zeroⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PointerAuthenticationProjectZero

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html"^^any u r i; kb-reference-of^op Pointer Authentication; kb-reference-title^dp "Examining Pointer Authentication on the iPhone XS"

Reference - Post sandbox methods and systems for detecting and blocking zero-day exploits via api call validation - K2 Cyber Security Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PostSandboxMethodsAndSystemsForDetectingAndBlockingZero-dayExploitsViaApiCallValidation_K2CyberSecurityInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190138715A1/"^^any u r i; kb-reference-of^op System Call Analysis; kb-reference-title^dp "Post sandbox methods and systems for detecting and blocking zero-day exploits via api call validation"

Reference - Predicting Domain Generation Algorithms with Long Short-Term Memory Networksⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PredictingDomainGenerationAlgorithmsWithLongShort-TermMemoryNetworks_

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://arxiv.org/abs/1611.007911"^^any u r i; kb-reference-of^op DNS Traffic Analysis; kb-reference-title^dp "Predicting Domain Generation Algorithms with Long Short-Term Memory Networks"

Reference - Preventing execution of task scheduled malware - McAfee LLCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PreventingExecutionOfTaskScheduledMalware_McAfeeLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160105450A1"^^any u r i; kb-reference-of^op Scheduled Job Analysis; kb-reference-title^dp "Preventing execution of task scheduled malware"

Reference - Privacy and security systems and methods of useⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PrivacyAndSecuritySystemsAndMethodsOfUse

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10128890B2/en"^^any u r i; kb-reference-title^dp "Privacy and security systems and methods of use"

Reference - Private virtual local area network isolation - Cisco Technology Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PrivateVirtualLocalAreaNetworkIsolation_CiscoTechnologyInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20120331142A1"^^any u r i; kb-reference-of^op Broadcast Domain Isolation; kb-reference-title^dp "Private virtual local area network isolation"

Reference - Protected computing environment - Microsoft Technology Licensing LLCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ProtectedComputingEnvironment_MicrosoftTechnologyLicensingLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20060242406A1"^^any u r i; kb-reference-of^op Driver Load Integrity Checking; kb-reference-title^dp "Protected computing environment"

Reference - Protecting against distributed denial of service attacks - Cisco Technology Inc.ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ProtectingAgainstDistributedDenialOfServiceAttacks-CiscoTechnologyInc.

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US7171683B2"^^any u r i; kb-reference-of^op Inbound Session Volume Analysis; kb-reference-title^dp "Protecting against distributed denial of service attacks"

Reference - Protecting against distributed network flood attacks - Juniper Networks Inc.ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ProtectingAgainstDistributedNetworkFloodAttacks-JuniperNetworksInc.

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US8789173B2"^^any u r i; kb-reference-of^op Inbound Session Volume Analysis; kb-reference-title^dp "Protecting against distributed network flood attacks"

Reference - PsSuspend - Microsoftⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-PsSuspend

belongs to: Specification Reference^c
has facts: has-link^dp "https://learn.microsoft.com/en-us/sysinternals/downloads/pssuspend"^^any u r i; kb-reference-of^op Process Suspension; kb-reference-title^dp "PsSuspend"

Reference - Qualys Network Passive Sensor Getting Started Guideⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-QualysNetworkPassiveSensorGettingStartedGuide

belongs to: User Manual Reference^c
has facts: has-link^dp "https://www.qualys.com/passive-scanning-sensor/"^^any u r i; kb-reference-of^op Hardware Component Inventory; kb-reference-of^op Network Node Inventory; kb-reference-title^dp "Qualys Network Passive Sensor Getting Started Guide"

Reference - Red Hat Enterprise Linux 8 Security Technical Implementation Guideⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RedHatEnterpriseLinux8SecurityTechnicalImplementationGuide

belongs to: Guideline Reference^c
has facts: has-link^dp "https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/"^^any u r i; kb-reference-of^op Application Configuration Hardening; kb-reference-title^dp "Red Hat Enterprise Linux 8 Security Technical Implementation Guide"

Reference - Registry Key Security and Access Rightsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RegistryKeySecurityAndAccessRights

belongs to: User Manual Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights"^^any u r i; kb-reference-of^op User Session Init Config Analysis; kb-reference-title^dp "Registry Key Security and Access Rights"

Reference - Reputation of an entity associated with a content itemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Reputation_of_an_entity_associated_with_a_content_item

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20060253584A1"^^any u r i; kb-reference-of^op File Hash Reputation Analysis; kb-reference-title^dp "Reputation of an entity associated with a content item"

Reference - Reverse DNS Blocking - Barracuda Networksⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ReverseDNSBlocking_BarracudaNetworks

belongs to: User Manual Reference^c
has facts: has-link^dp "https://campus.barracuda.com/product/emailsecuritygateway/doc/39819732/reverse-dns-blocking/"^^any u r i; kb-reference-of^op Reverse Resolution Domain Denylisting; kb-reference-title^dp "Reverse DNS Blocking"

Reference - Revoke a previously issued verifiable credential - Microsoftⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RevokingaPreviouslyIssuedVerifiableCredential-Microsoft

belongs to: Specification Reference^c
has facts: has-link^dp "https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/how-to-issuer-revoke"^^any u r i; kb-reference-of^op Credential Revoking; kb-reference-title^dp "Revoke a previously issued verifiable credential"

Reference - RFC 2289 - A One-Time Password Systemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RFC2289-AOne-TimePasswordSystem

belongs to: Specification Reference^c
has facts: has-link^dp "https://tools.ietf.org/html/rfc2289"^^any u r i; kb-reference-of^op One-time Password; kb-reference-title^dp "A One-Time Password System"

Reference - RFC 6376: DomainKeys Identified Mail (DKIM) Signatures - IETFⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-DomainKeysIdentifiedMail-Signatures-IETF

belongs to: Specification Reference^c
has facts: has-link^dp "https://tools.ietf.org/html/rfc6376"^^any u r i; kb-reference-of^op Transfer Agent Authentication; kb-reference-title^dp "RFC 6376: DomainKeys Identified Mail (DKIM) Signatures"

Reference - RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email - IETFⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RFC7208-SenderPolicyFramework-SPF-ForAuthorizingUseOfDomainsInEmail-IETF

belongs to: Specification Reference^c
has facts: has-link^dp "https://tools.ietf.org/html/rfc7208"^^any u r i; kb-reference-of^op Transfer Agent Authentication; kb-reference-title^dp "RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email"

Reference - RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC) - IETFⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RFC7489-Domain-basedMessageAuthentication-Reporting-AndConformance-DMARC

belongs to: Specification Reference^c
has facts: has-link^dp "https://tools.ietf.org/html/rfc7489"^^any u r i; kb-reference-of^op Transfer Agent Authentication; kb-reference-title^dp "RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC)"

Reference - RFC 7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirementsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RFC7642SystemForCrossDomainIdentityManagementDefinitionsOverviewConceptsAndRequirements

belongs to: Specification Reference^c
has facts: has-link^dp "https://datatracker.ietf.org/doc/html/rfc7642"^^any u r i; kb-reference-of^op Access Modeling; kb-reference-title^dp "RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements"

Reference - RPC call interception - Crowdstrike Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-RPCCallInterception_CrowdstrikeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20150163109"^^any u r i; kb-reference-of^op RPC Traffic Analysis; kb-reference-title^dp "RPC call interception"

Reference - Secure caching of server credentials - Dell Products LPⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecureCachingOfServerCredentials_DellProductsLP

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20100107241A1"^^any u r i; kb-reference-of^op Authentication Cache Invalidation; kb-reference-title^dp "Secure caching of server credentials"

Reference - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecureMultipurposeInternetMailExtensionsMIME-Version3.1

belongs to: Specification Reference^c
has facts: has-link^dp "https://tools.ietf.org/html/rfc3851"^^any u r i; kb-reference-title^dp "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification"

Reference - Securing Web Transactionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecuringWebTransactions

belongs to: Guideline Reference^c
has facts: has-link^dp "https://www.nccoe.nist.gov/sites/default/files/library/sp1800/tls-serv-cert-mgt-nist-sp1800-16b-final.pdf"^^any u r i; kb-reference-of^op Active Certificate Analysis; kb-reference-title^dp "Securing Web Transactions"

Reference - Securing Web Transactions TLS Server Certificate Management - Appendix A Passive Inspectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Securing_Web_Transactions__TLS_Server_Certificate_Management_Appendix_A_Passive_Inspection

belongs to: Guideline Reference^c
has facts: has-link^dp "https://www.nccoe.nist.gov/publication/1800-16/VolD/vol-d-appendix.html"^^any u r i; kb-reference-of^op Passive Certificate Analysis; kb-reference-title^dp "Securing Web Transactions TLS Server Certificate Management - Appendix A Passive Inspection"

Reference - Security Architecture for the Internet Protocolⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecurityArchitectureForTheInternetProtocol

belongs to: Specification Reference^c
has facts: has-link^dp "https://datatracker.ietf.org/doc/html/rfc1825"^^any u r i; kb-reference-of^op Encrypted Tunnels; kb-reference-title^dp "Security Architecture for the Internet Protocol"

Reference - Security System with Methodology for Interprocess Communication Control - Check Point Software Tech Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecuritySystemWithMethodologyForInterprocessCommunicationControl_CheckPointSoftwareTechInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20040199763"^^any u r i; kb-reference-of^op IPC Traffic Analysis; kb-reference-title^dp "Security System with Methodology for Interprocess Communication Control"

Reference - Security Technologies: Stack Smashing Protection (StackGuard) - Red Hatⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-StackSmashingProtection_StackGuard_RedHat

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://access.redhat.com/blogs/766093/posts/3548631"^^any u r i; kb-reference-of^op Stack Frame Canary Validation; kb-reference-title^dp "Security Technologies: Stack Smashing Protection (StackGuard)"

Reference - Security vulnerability information aggregationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SecurityVulnerabilityInformationAggregation

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US8544098B2"^^any u r i; kb-reference-of^op Asset Vulnerability Enumeration; kb-reference-title^dp "Security vulnerability information aggregation"

Reference - Sinkholing bad network domains by registering the bad network domains on the internet - Palo Alto Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SinkholingBadNetworkDomainsByRegisteringTheBadNetworkDomainsOnTheInternet_PaloAltoNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160381065A1"^^any u r i; kb-reference-of^op DNS Traffic Analysis; kb-reference-title^dp "Sinkholing bad network domains by registering the bad network domains on the internet"

Reference - SNMP - Network Auto-Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SNMPNetworkAutoDiscovery

belongs to: User Manual Reference^c
has facts: has-link^dp "https://docs.device42.com/auto-discovery/network-auto-discovery/"^^any u r i; kb-reference-of^op Active Logical Link Mapping; kb-reference-title^dp "SNMP - Network Auto Discovery"

Reference - Software vulnerability graph databaseⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SoftwareVulnerabilityGraphDatabase

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/WO2020028535A1"^^any u r i; kb-reference-of^op Asset Vulnerability Enumeration; kb-reference-of^op System Dependency Mapping; kb-reference-of^op System Vulnerability Assessment; kb-reference-title^dp "Software vulnerability graph database"

Reference - StreamingPhishⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-StreamingPhish

belongs to: Technique Reference^c
has facts: has-link^dp "https://github.com/wesleyraptor/streamingphish"^^any u r i; kb-reference-of^op Passive Certificate Analysis; kb-reference-title^dp "StreamingPhish"

Reference - Supply chain cyber-deception - Cymmetria, Inc.ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SupplyChainCyber-deception_Cymmetria,Inc.

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/WO2017187379A1"^^any u r i; kb-reference-of^op Decoy File; kb-reference-title^dp "Supply chain cyber-deception"

Reference - Synchronizing a honey network configuration to reflect a target network environment - Palo Alto Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SynchronizingAHoneyNetworkConfigurationToReflectATargetNetworkEnvironment_PaloAltoNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170019425A1"^^any u r i; kb-reference-of^op Integrated Honeynet; kb-reference-title^dp "Synchronizing a honey network configuration to reflect a target network environment"

Reference - System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndAMethodForIdentifyingThePresenceOfMalwareAndRansomwareUsingMini-trapsSetAtNetworkEndpoints_FidelisCybersecuritySolutionsInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9807115B2/en?oq=US-9807115-B2"^^any u r i; kb-reference-of^op Decoy File; kb-reference-title^dp "System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints"

Reference - System and method for detecting homoglyph attacks with a siamese convolutional neural network - Endgame Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForDetectingHomoglyphAttacksWithASiameseConvolutionalNeuralNetwork_EndgameInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190019058A1/"^^any u r i; kb-reference-of^op Homoglyph Detection; kb-reference-title^dp "System and method for detecting homoglyph attacks with a siamese convolutional neural network"

Reference - System and method for detecting malware injected into memory of a computing device - Endgame Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForDetectingMalwareInjectedIntoMemoryOfAComputingDevice_EndgameInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190018958A1/en?oq=US20190018958-A1"^^any u r i; kb-reference-of^op Process Code Segment Verification; kb-reference-title^dp "System and method for detecting malware injected into memory of a computing device"

Reference - System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Velocity Analysis - Silver Tail Systemsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForDetectionOfAChangeInBehaviorInTheUseOfAWebsiteThroughVectorVelocityAnalysis_SilverTailSystems

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20100235909A1/en?oq=US+20100235909+A1"^^any u r i; kb-reference-of^op Web Session Activity Analysis; kb-reference-title^dp "System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Velocity Analysis"

Reference - System and method for identifying the presence of malware using mini-traps set at network endpoints - Fidelis Cybersecurity Solutions Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForIdentifyingThePresenceOfMalwareUsingMini-trapsSetAtNetworkEndpoints_FidelisCybersecuritySolutionsInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9807114B2/en?oq=US-9807114-B2"^^any u r i; kb-reference-of^op Decoy Network Resource; kb-reference-of^op Decoy User Credential; kb-reference-title^dp "System and method for identifying the presence of malware using mini-traps set at network endpoints"

Reference - System and method for internet security - Cylance Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForInternetSecurity_CylanceInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20120117644A1"^^any u r i; kb-reference-of^op Database Query String Analysis; kb-reference-title^dp "System and method for internet security"

Reference - System and method for managed security assessment and mitigationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForManagedSecurityAssessmentAndMitigation

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9544324B2"^^any u r i; kb-reference-of^op Network Vulnerability Assessment; kb-reference-title^dp "System and method for managed security assessment and mitigation"

Reference - System and Method for Network Security Including Detection of Attacks Through Partner Websites - EMC IP Holding Co LLCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForNetworkSecurityIncludingDetectionOfAttacksThroughPartnerWebsites_EMCIPHoldingCoLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20110302653A1/en?oq=US+20110302653+A1"^^any u r i; kb-reference-of^op Web Session Activity Analysis; kb-reference-title^dp "System and Method for Network Security Including Detection of Attacks Through Partner Websites"

Reference - System and Method for Process Hollowing Detection - Carbon Black Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForProcessHollowingDetection_CarbonBlackInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170272462A1"^^any u r i; kb-reference-of^op Process Self-Modification Detection; kb-reference-title^dp "System and Method for Process Hollowing Detection"

Reference - System and method for providing an actively invalidated client-side network resource cache - IMVUⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForProvidingAnActivelyInvalidatedClient-sideNetworkResourceCache_IMVU

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9578081B2/en"^^any u r i; kb-reference-of^op Authentication Cache Invalidation; kb-reference-title^dp "System and method for providing an actively invalidated client-side network resource cache"

Reference - System and method for scanning remote services to locate stored objects with malwareⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForScanningRemoteServicesToLocateStoredObjectsWithMalware

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US11368475B1/"^^any u r i; kb-reference-of^op Email Removal; kb-reference-title^dp "System and method for scanning remote services to locate stored objects with malware"

Reference - System and method for validating in-memory integrity of executable files to identify malicious activity - Endgame Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForValidatingIn-memoryIntegrityOfExecutableFilesToIdentifyMaliciousActivity_EndgameInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190018962A1/en?oq=15648887"^^any u r i; kb-reference-of^op Process Code Segment Verification; kb-reference-title^dp "System and method for validating in-memory integrity of executable files to identify malicious activity"

Reference - System and method for vulnerability risk analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodForVulnerabilityRiskAssessment

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9317692B2"^^any u r i; kb-reference-of^op Asset Vulnerability Enumeration; kb-reference-title^dp "System and method for vulnerability risk analysis"

Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodThereofForIdentifyingAndRespondingToSecurityIncidentsBasedOnPreemptiveForensics_PaloAltoNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160142424A1"^^any u r i; kb-reference-of^op Resource Access Pattern Analysis; kb-reference-of^op User Data Transfer Analysis; kb-reference-of^op Web Session Activity Analysis; kb-reference-title^dp "System and method thereof for identifying and responding to security incidents based on preemptive forensics"

Reference - System and methods thereof for causality identification and attributions determination of processes in a network - Palo Alto Networks IncCyber Secdo Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodsThereofForCausalityIdentificationAndAttributionsDeterminationOfProcessesInANetwork_PaloAltoNetworksIncCyberSecdoLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170195350A1/en?oq=US-2017195350-A1"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "System and methods thereof for causality identification and attributions determination of processes in a network"

Reference - System and methods thereof for detection of persistent threats in a computerized environment background - Palo Alto Networks IncCyber Secdo Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodsThereofForDetectionOfPersistentThreatsInAComputerizedEnvironmentBackground_PaloAltoNetworksIncCyberSecdoLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170206358A1/en?oq=US-2017206358-A1"^^any u r i; kb-reference-title^dp "System and methods thereof for detection of persistent threats in a computerized environment background"

Reference - System and methods thereof for identification of suspicious system processes - Palo Alto Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodsThereofForIdentificationOfSuspiciousSystemProcesses_PaloAltoNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170286683A1/en?oq=US-2017286683-A1"^^any u r i; kb-reference-of^op Process Lineage Analysis; kb-reference-title^dp "System and methods thereof for identification of suspicious system processes"

Reference - System and methods thereof for logical identification of malicious threats across a plurality of end-point devices (epd) communicatively connected by a network - Palo Alto Networks IncCyber Secdo Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodsThereofForLogicalIdentificationOfMaliciousThreatsAcrossAPluralityOfEnd-pointDevicesCommunicativelyConnectedByANetwork_PaloAltoNetworksIncCyberSecdoLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20180373870A1/en?oq=US-2018373870-A1"^^any u r i; kb-reference-of^op File Content Rules; kb-reference-title^dp "System and methods thereof for logical identification of malicious threats across a plurality of end-point devices (epd) communicatively connected by a network"

Reference - System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system - Palo Alto Networks Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemAndMethodsThereofForPreventingRansomwareFromEncryptingDataElementsStoredInAMemoryOfAComputer-basedSystem_PaloAltoNetworksInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170308711A1/en?oq=US-2017308711-A1"^^any u r i; kb-reference-of^op Decoy File; kb-reference-title^dp "System and methods thereof for preventing ransomware from encrypting data elements stored in a memory of a computer-based system"

Reference - System for detecting threats using scenario-based tracking of internal and external network traffic - VECTRA NETWORKS Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemForDetectingThreatsUsingScenario-basedTrackingOfInternalAndExternalNetworkTraffic_VECTRANETWORKSInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160191563A1"^^any u r i; kb-reference-of^op Per Host Download-Upload Ratio Analysis; kb-reference-title^dp "System for detecting threats using scenario-based tracking of internal and external network traffic"

Reference - System for implementing threat detection using daily network traffic community outliers - VECTRA NETWORKS Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemForImplementingThreatDetectionUsingDailyNetworkTrafficCommunityOutliers_VECTRANETWORKSInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160191560A1"^^any u r i; kb-reference-of^op Network Traffic Community Deviation; kb-reference-of^op Protocol Metadata Anomaly Detection; kb-reference-title^dp "System for implementing threat detection using daily network traffic community outliers"

Reference - System for implementing threat detection using threat and risk assessment of asset-actor interactions - VECTRA NETWORKS Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemForImplementingThreatDetectionUsingThreatAndRiskAssessmentOfAsset-actorInteractions_VECTRANETWORKSInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20160191559A1"^^any u r i; kb-reference-of^op User Data Transfer Analysis; kb-reference-title^dp "System for implementing threat detection using threat and risk assessment of asset-actor interactions"

Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-System,Method,AndComputerProgramProductForDetectingAndAssessingSecurityRisksInANetwork_ExabeamInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20190034641A1"^^any u r i; kb-reference-of^op Authentication Event Thresholding; kb-reference-of^op Authorization Event Thresholding; kb-reference-of^op Resource Access Pattern Analysis; kb-reference-of^op Session Duration Analysis; kb-reference-of^op User Geolocation Logon Pattern Analysis; kb-reference-title^dp "System, method, and computer program product for detecting and assessing security risks in a network"

Reference - Systems and methods for detecting and/or handling targeted attacks in the email channel - Graphus Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemsAndMethodsForDetectingAnd_orHandlingTargetedAttacksInTheEmailChannel_GraphusInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20170324767A1"^^any u r i; kb-reference-of^op Sender MTA Reputation Analysis; kb-reference-of^op Sender Reputation Analysis; kb-reference-title^dp "Systems and methods for detecting and/or handling targeted attacks in the email channel"

Reference - Systems and methods for detecting credential theft - Symantec Corpⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-SystemsAndMethodsForDetectingCredentialTheft_SymantecCorp

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10162962B1"^^any u r i; kb-reference-of^op Credential Compromise Scope Analysis; kb-reference-title^dp "Systems and methods for detecting credential theft"

Reference - Tamper proof mutating software - ARXAN TECHNOLOGIES Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TamperProofMutatingSoftware_ARXANTECHNOLOGIESInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9262600B2/en?oq=US9262600B2"^^any u r i; kb-reference-of^op Process Code Segment Verification; kb-reference-title^dp "Tamper proof mutating software"

Reference - TCG Trusted Attestation Protocol Use Cases for TPM Families 1.2 and 2.0 and DICEⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TCGTrustedAttestationProtocolUseCasesForTPMFamilies1.2And2.0AndDICE

belongs to: Specification Reference^c
has facts: has-link^dp "https://trustedcomputinggroup.org/wp-content/uploads/TCG_TNC_TAP_Use_Cases_v1r0p35_published.pdf"^^any u r i; kb-reference-title^dp "TCG Trusted Attestation Protocol Use Cases for TPM Families 1.2 and 2.0 and DICE"

Reference - Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilitiesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Technical_Specifications_for_Construction_and_Management_of_Sensitive_Compartmented_Information_Facilities

belongs to: Specification Reference^c
has facts: has-link^dp "https://www.dni.gov/files/Governance/IC-Tech-Specs-for-Const-and-Mgmt-of-SCIFs-v15.pdf"^^any u r i; kb-reference-of^op RF Shielding; kb-reference-title^dp "Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities"

Reference - Techniques for impeding and detecting network threats - Verisign Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TechniquesForImpedingAndDetectingNetworkThreats_VerisignInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US10904273B1/"^^any u r i; kb-reference-of^op Decoy Network Resource; kb-reference-title^dp "Techniques for impeding and detecting network threats"

Reference - Tenable Passive Network Monitoringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TenablePassiveNetworkMonitoring

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://www.tenable.com/sites/default/files/solution-briefs/SB-Passive-Network-Monitoring.pdf"^^any u r i; kb-reference-of^op Passive Logical Link Mapping; kb-reference-of^op Passive Physical Link Mapping; kb-reference-title^dp "Tenable Passive Network Monitoring"

Reference - Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwordsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Testing_Metrics_for_Password_Creation_Policies_by_Attacking_Large_Sets_of_Revealed_Passwords

belongs to: Academic Paper Reference^c
has facts: has-link^dp "https://www.cs.umd.edu/~jkatz/security/downloads/passwords_revealed-weir.pdf"^^any u r i; kb-reference-of^op Strong Password Policy; kb-reference-title^dp "Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords"

Reference - The Pyramid of Pain - David Biancoⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ThePyramidOfPain-DavidBianco

belongs to: Internet Article Reference^c
has facts: has-link^dp "http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html"^^any u r i; kb-reference-of^op Identifier Activity Analysis; kb-reference-title^dp "The Pyramid of Pain"

Reference - Threat detection for return oriented programming - Crowdstrike Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ThreatDetectionForReturnOrientedProgramming_CrowdstrikeInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20140075556A1"^^any u r i; kb-reference-of^op Shadow Stack Comparisons; kb-reference-title^dp "Threat detection for return oriented programming"

Reference - Threat detection through the accumulated detection of threat characteristics - Sophos Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-ThreatDetectionThroughTheAccumulatedDetectionOfThreatCharacteristics_SophosLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9104864B2/en?oq=US-9104864-B2"^^any u r i; kb-reference-of^op Process Code Segment Verification; kb-reference-title^dp "Threat detection through the accumulated detection of threat characteristics"

Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resourcesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TivoliApplicationDependencyDiscoverManager7_3_0DependenciesBetweenResources

belongs to: User Manual Reference^c
has facts: has-link^dp "https://www.ibm.com/docs/en/taddm/7.3.0?topic=model-dependencies-between-resources"^^any u r i; kb-reference-of^op Data Exchange Mapping; kb-reference-of^op Service Dependency Mapping; kb-reference-of^op System Dependency Mapping; kb-reference-title^dp "Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resources"

Reference - Tokenless biometric transaction authorization method and systemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TokenlessBiometricTransactionAuthorizationMethodAndSystem

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US5870723A/"^^any u r i; kb-reference-of^op Biometric Authentication; kb-reference-title^dp "Tokenless biometric transaction authorization method and system"

Reference - TPM 2.0 Library Specification - Trusted Computing Group, Incorporatedⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TPM2.0LibrarySpecification_TrustedComputingGroup,Incorporated

belongs to: Specification Reference^c
has facts: has-link^dp "https://trustedcomputinggroup.org/resource/tpm-library-specification/"^^any u r i; kb-reference-of^op TPM Boot Integrity; kb-reference-title^dp "TPM 2.0 Library Specification"

Reference - Trusted Attestation Protocol Use Casesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TrustedAttestationProtocolUseCases

belongs to: Specification Reference^c
has facts: has-link^dp "https://trustedcomputinggroup.org/wp-content/uploads/TCG_TNC_TAP_Use_Cases_v1r0p35_published.pdf"^^any u r i; kb-reference-title^dp "Trusted Attestation Protocol Use Cases"

Reference - Trusted Communications With Child Processes - Microsoft Technology Licensing LLCⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-TrustedCommunicationsWithChildProcesses_MicrosoftTechnologyLicensingLLC

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20120174210A1"^^any u r i; kb-reference-title^dp "Trusted Communications With Child Processes"

Reference - UEFI Platform Initialization (PI) Specificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UEFIPlatformInitialization-Specification

belongs to: Specification Reference^c
has facts: has-link^dp "https://uefi.org/sites/default/files/resources/PI_Spec_1_7_A_final_May1.pdf"^^any u r i; kb-reference-of^op Bootloader Authentication; kb-reference-title^dp "UEFI Platform Initialization (PI) Specification"

Reference - Unified Architecture Framework (UAF)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UnifiedArchitectureFrameworkUAF

belongs to: Specification Reference^c
has facts: has-link^dp "https://www.omg.org/spec/UAF/"^^any u r i; kb-reference-of^op Data Exchange Mapping; kb-reference-of^op Operational Activity Mapping; kb-reference-of^op Operational Dependency Mapping; kb-reference-of^op Organization Mapping; kb-reference-of^op Service Dependency Mapping; kb-reference-of^op System Dependency Mapping; kb-reference-title^dp "Unified Architecture Framework (UAF)"

Reference - USB filter for hub malicious code prevention systemⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-USBFilterForHubMaliciousCodePreventionSystem

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US9990325B2/en"^^any u r i; kb-reference-of^op IO Port Restriction; kb-reference-title^dp "Universal serial bus (USB) filter hub malicious code prevention system"

Reference - Use DNS Policy for Applying Filters on DNS Queriesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UseDNSPolicyForApplyingFiltersOnDNSQueries

belongs to: User Manual Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries"^^any u r i; kb-reference-title^dp "Use DNS Policy for Applying Filters on DNS Queries"

Reference - Use of an application controller to monitor and control software file and application environments - Sophos Ltdⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UseOfAnApplicationControllerToMonitorAndControlSoftwareFileAndApplicationEnvironments_SophosLtd

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20180032727A1"^^any u r i; kb-reference-of^op Dynamic Analysis; kb-reference-title^dp "Use of an application controller to monitor and control software file and application environments"

Reference - Use Rkill to Stop Malware Processes - ghacks.netⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UseRkillToStopMalwareProcesses-Ghacks.net

belongs to: Technique Reference^c
has facts: has-link^dp "https://www.ghacks.net/2011/07/29/use-rkill-to-stop-malware-processes/"^^any u r i; kb-reference-of^op Process Termination; kb-reference-title^dp "Use Rkill to Stop Malware Processes"

Reference - Using spanning tree protocol (STP) to enhance layer-2 topology mapsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-UsingSpanningTreeProtocolSTPToEnhanceLayer2NetworkTopologyMaps

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US8045488B2"^^any u r i; kb-reference-of^op Active Physical Link Mapping; kb-reference-title^dp "Using spanning tree protocol (STP) to enhance layer-2 topology maps"

Reference - Virtualized process isolation - Advanced Micro Devices Incⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-VirtualizedProcessIsolation_AdvancedMicroDevicesInc

belongs to: Patent Reference^c
has facts: has-link^dp "https://patents.google.com/patent/US20180081829A1"^^any u r i; kb-reference-of^op Hardware-based Process Isolation; kb-reference-title^dp "Virtualized process isolation"

Reference - Web Authentication: An API for accessing Public Key Credentials Level 2ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-WebAuthentication_AnAPIForAccessingPublicKeyCredentials%0ALevel2

belongs to: Specification Reference^c
has facts: has-link^dp "https://www.w3.org/TR/webauthn-2/"^^any u r i; kb-reference-of^op Credential Transmission Scoping; kb-reference-title^dp "Web Authentication: An API for accessing Public Key Credentials Level 2"

Reference - Web-Based Enterprise Managementⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Web-BasedEnterpriseManagement

belongs to: Specification Reference^c
has facts: has-link^dp "https://www.dmtf.org/standards/wbem"^^any u r i; kb-reference-of^op Configuration Inventory; kb-reference-of^op Hardware Component Inventory; kb-reference-of^op Network Node Inventory; kb-reference-of^op Software Inventory; kb-reference-title^dp "Web-Based Enterprise Management"

Reference - What is NX/XD feature?ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-WhatIsNX_XDFeature_RedHat

belongs to: Internet Article Reference^c
has facts: has-link^dp "https://access.redhat.com/solutions/2936741"^^any u r i; kb-reference-of^op Process Segment Execution Prevention; kb-reference-title^dp "What is NX/XD feature?"

Reference - Windows 10 STIGⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Windows10STIG

belongs to: Guideline Reference^c
has facts: has-link^dp "https://www.stigviewer.com/stig/windows_10/"^^any u r i; kb-reference-of^op Application Configuration Hardening; kb-reference-title^dp "Windows 10 Security Technical Implementation Guide"

Reference - Windows Management Infrastructure (MI)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Windows-Management-Infrastructure

belongs to: Specification Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wmi_v2/windows-management-infrastructure"^^any u r i; kb-reference-of^op Configuration Inventory; kb-reference-of^op Hardware Component Inventory; kb-reference-of^op Network Node Inventory; kb-reference-of^op Software Inventory; kb-reference-title^dp "Windows Management Infrastructure"

Reference - Windows Management Instrumentation (WMI)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-Windows-Management-Instrumentation

belongs to: Specification Reference^c
has facts: has-link^dp "https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page"^^any u r i; kb-reference-of^op Configuration Inventory; kb-reference-of^op Hardware Component Inventory; kb-reference-of^op Network Node Inventory; kb-reference-of^op Software Inventory; kb-reference-title^dp "Windows Management Instrumentation"

Reflection Amplificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1498.002

has facts: produces^op Inbound Internet Network Traffic
is also defined as: class

Reflective Code Loadingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1620

has facts: modifies^op Process Segment
is also defined as: class

reg open key aⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyA

belongs to: Get System Config Value^c

reg open key ex aⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyExA

belongs to: Get System Config Value^c

reg open key ex wⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyExW

belongs to: Get System Config Value^c

reg open key transacted aⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyTransactedA

belongs to: Get System Config Value^c

reg open key transacted wⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyTransactedW

belongs to: Get System Config Value^c

reg open key wⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegOpenKeyW

belongs to: Get System Config Value^c

reg set key value aⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetKeyValueA

belongs to: Set System Config Value^c

reg set key value wⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetKeyValueW

belongs to: Set System Config Value^c

reg set value aⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetValueA

belongs to: Set System Config Value^c

reg set value ex aⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetValueExA

belongs to: Set System Config Value^c

reg set value ex wⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetValueExW

belongs to: Set System Config Value^c

reg set value wⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RegSetValueW

belongs to: Set System Config Value^c

Registry Run Keys / Startup Folderⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.001

has facts: may-modify^op System Configuration Init Database Record; may-modify^op User Startup Script File
is also defined as: class

Relay Pattern Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RelayPatternAnalysis

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Outbound Internet Network Traffic; d3fend-id^dp "D3-RPA"; kb-reference^op Reference - Malicious relay detection on networks - VECTRA NETWORKS Inc
is also defined as: class

Remote Access Softwareⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1219

has facts: produces^op Outbound Internet Network Traffic
is also defined as: class

Remote Data Stagingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1074.002

has facts: modifies^op Network Resource
is also defined as: class

Remote Data Storageⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1029

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "IT disaster recovery plans are outside the current scope of D3FEND."

Remote Desktop Protocolⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.001

has facts: creates^op RDP Session; produces^op Administrative Network Traffic
is also defined as: class

Remote Email Collectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1114.002

has facts: accesses^op Mail Server
is also defined as: class

Remote Service Session Hijackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563

has facts: accesses^op Remote Session; produces^op Administrative Network Traffic
is also defined as: class

Remote Servicesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021

has facts: produces^op Intranet Network Traffic
is also defined as: class

Remote System Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1018

has facts: may-access^op Operating System Configuration File; may-invoke^op Create Process; may-invoke^op Create Socket; produces^op Network Traffic
is also defined as: class

Remote Terminal Session Detectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteTerminalSessionDetection

belongs to: Network Traffic Analysis^c
has facts: analyzes^op Network Traffic; d3fend-id^dp "D3-RTSD"; kb-reference^op Reference - Method and system for detecting external control of compromised hosts - VECTRA NETWORKS Inc; kb-reference^op Reference - CAR-2013-07-002: RDP Connection Detection - MITRE; kb-reference^op Reference - CAR-2016-04-005: Remote Desktop Logon - MITRE
is also defined as: class

Rename System Utilitiesⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.003

has facts: may-create^op Executable File; may-modify^op Operating System Executable File
is also defined as: class

Replication Through Removable Mediaⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1091

has facts: executes^op Removable Media Device
is also defined as: class

Resource Access Pattern Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceAccessPatternAnalysis

belongs to: User Behavior Analysis^c
has facts: analyzes^op Authentication; analyzes^op Authorization; d3fend-id^dp "D3-RAPA"; kb-reference^op Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltd; kb-reference^op Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC; kb-reference^op Reference - Modeling user access to computer resources - Daedalus Group LLC (formerly IBM); kb-reference^op Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Inc; kb-reference^op Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
is also defined as: class

Resource Development Techniqueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ResourceDevelopmentTechnique

has facts: enables^op reconnaissance
is also defined as: class

Resource Forkingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.009

has facts: may-create^op Resource Fork; may-modify^op Resource Fork
is also defined as: class

Restrict File and Directory Permissionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1022

belongs to: ATTACK Mitigation^c
has facts: related^op Local File Permissions

Restrict Library Loadingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1044

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "D3-SCF is one possible way to filter library loading."; related^op System Call Filtering

Restrict Registry Permissionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1024

belongs to: ATTACK Mitigation^c
has facts: related^op System Configuration Permissions

Restrict Web-Based Contentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1021

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "M1021 scope is broad, touches on an wide variety of techniques in d3fend."; related^op DNS Allowlisting; related^op DNS Denylisting; related^op File Analysis; related^op Inbound Traffic Filtering; related^op Network Traffic Analysis; related^op Outbound Traffic Filtering; related^op URL Analysis

Reverse Resolution Domain Denylistingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReverseResolutionDomainDenylisting

belongs to: DNS Denylisting^c
has facts: blocks^op Inbound Internet DNS Response Traffic; d3fend-id^dp "D3-RRDD"
is also defined as: class

Reverse Resolution IP Denylistingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ReverseResolutionIPDenylisting

belongs to: DNS Denylisting^c
has facts: blocks^op Outbound Internet DNS Lookup Traffic; d3fend-id^dp "D3-RRID"; kb-reference^op Reference - Use DNS Policy for Applying Filters on DNS Queries
is also defined as: class

RF Shieldingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RFShielding

belongs to: Platform Hardening^c
has facts: d3fend-id^dp "D3-RFS"; kb-reference^op Reference - Privacy and security systems and methods of use; kb-reference^op Reference - Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities
is also defined as: class

Right-to-Left Overrideⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.002

has facts: modifies^op File System Metadata
is also defined as: class

Rogue Domain Controllerⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1207

has facts: modifies^op System Configuration Database; produces^op Intranet Administrative Network Traffic
is also defined as: class

Rootkitⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1014

has facts: may-modify^op Boot Sector; may-modify^op Firmware; may-modify^op Kernel; may-modify^op Kernel Module; may-modify^op Shared Library File
is also defined as: class

RPC Traffic Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RPCTrafficAnalysis

belongs to: Network Traffic Analysis^c
has facts: analyzes^op RPC Network Traffic; d3fend-id^dp "D3-RTA"; kb-reference^op Reference - CAR-2014-11-007: Remote Windows Management Instrumentation (WMI) over RPC - MITRE; kb-reference^op Reference - CAR-2016-03-002: Create Remote Process via WMIC - MITRE; kb-reference^op Reference - RPC call interception - Crowdstrike Inc; kb-reference^op Reference - CAR-2014-03-005: Remotely Launched Executables via Services - MITRE; kb-reference^op Reference - CAR-2014-12-001: Remotely Launched Executables via WMI - MITRE; kb-reference^op Reference - CAR-2015-04-002: Remotely Scheduled Tasks via Schtasks - MITRE; kb-reference^op Reference - CAR-2014-03-001: SMB Write Request - NamedPipes - MITRE; kb-reference^op Reference - CAR-2014-05-001: RPC Activity - MITRE
is also defined as: class

Ruby Script Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#RubyScriptFile

belongs to: Executable Script^c

Run Virtual Instanceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.006

has facts: creates^op File; executes^op Virtualization Software; may-add^op Virtualization Software; may-create^op Directory
is also defined as: class

Rundll32 Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1218.011

has facts: invokes^op Create Process; loads^op Shared Library File
is also defined as: class

Runtime Data Manipulationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.003

has facts: may-modify^op Executable File
is also defined as: class

SA-10(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-10_1

belongs to: NIST Control^c
has facts: control-name^dp "Developer Configuration Management | Software and Firmware Integrity Verification"; member-of^op NIST SP 800-53 R5; related^op Firmware Verification; related^op Platform Hardening

SA-10(3)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-10_3

belongs to: NIST Control^c
has facts: control-name^dp "Developer Configuration Management | Hardware Integrity Verification"; member-of^op NIST SP 800-53 R5; related^op Firmware Verification

SA-10(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-10_4

belongs to: NIST Control^c
has facts: control-name^dp "Developer Configuration Management | Trusted Generation"; member-of^op NIST SP 800-53 R5; related^op Firmware Verification

SA-10(5)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-10_5

belongs to: NIST Control^c
has facts: control-name^dp "Developer Configuration Management | Mapping Integrity for Version Control"; member-of^op NIST SP 800-53 R5; related^op Firmware Verification; related^op Platform Hardening

SA-10(6)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-10_6

belongs to: NIST Control^c
has facts: control-name^dp "Developer Configuration Management | Trusted Distribution"; member-of^op NIST SP 800-53 R5; related^op Firmware Verification; related^op Platform Hardening

SA-11(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-11_1

belongs to: NIST Control^c
has facts: control-name^dp "Developer Testing and Evaluation | Static Code Analysis"; member-of^op NIST SP 800-53 R5; related^op Application Hardening

SA-11(8)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-11_8

belongs to: NIST Control^c
has facts: control-name^dp "Developer Testing and Evaluation | Dynamic Code Analysis"; member-of^op NIST SP 800-53 R5; related^op Application Hardening

SA-8(18)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-8_18

belongs to: NIST Control^c
has facts: control-name^dp "Security and Privacy Engineering Principles | Trusted Communications Channels"; member-of^op NIST SP 800-53 R5; related^op Encrypted Tunnels

SA-8(22)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SA-8_22

belongs to: NIST Control^c
has facts: control-name^dp "Security and Privacy Engineering Principles | Accountability and Traceability"; member-of^op NIST SP 800-53 R5; related^op Domain Account Monitoring

Safe Mode Bootⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1562.009

has facts: disables^op Endpoint Sensor; disables^op System Configuration Init Database Record; may-modify^op Endpoint Health Beacon
is also defined as: class

SC-2ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SC-2

belongs to: NIST Control^c
has facts: broader^op Local File Permissions; broader^op Mandatory Access Control; broader^op System Configuration Permissions; control-name^dp "Separation of System and User Functionality"; member-of^op NIST SP 800-53 R5

SC-2(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SC-2_1

belongs to: NIST Control^c
has facts: control-name^dp "Separation of System and User Functionality | Interfaces for Non-privileged Users"; member-of^op NIST SP 800-53 R5; narrower^op Local File Permissions; narrower^op Mandatory Access Control; narrower^op System Configuration Permissions

SC-3ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SC-3

belongs to: NIST Control^c
has facts: broader^op Execution Isolation; broader^op Network Isolation; control-name^dp "Security Function Isolation"; member-of^op NIST SP 800-53 R5

SC-3(1)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SC-3_1

belongs to: NIST Control^c
has facts: control-name^dp "Security Function Isolation | Hardware Separation"; member-of^op NIST SP 800-53 R5; narrower^op Execution Isolation

Scheduled Job Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScheduledJobAnalysis

belongs to: Operating System Monitoring^c
has facts: analyzes^op Task Schedule; d3fend-id^dp "D3-SJA"; kb-reference^op Reference - CAR-2013-05-004: Execution with AT - MITRE; kb-reference^op Reference - CAR-2013-08-001: Execution with schtasks - MITRE; kb-reference^op Reference - Preventing execution of task scheduled malware - McAfee LLC
is also defined as: class

Scheduled Task/Job Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1053

has facts: invokes^op Create Process; modifies^op Task Schedule
is also defined as: class

Scheduled Transferⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1029

has facts: produces^op Internet Network Traffic
is also defined as: class

Screen Captureⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1113

has facts: may-access^op Display Server; may-invoke^op Get Screen Capture
is also defined as: class

Screensaverⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.002

has facts: creates^op Executable File; modifies^op System Configuration Database Record
is also defined as: class

Script Application Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScriptApplicationProcess

has facts: interprets^op Executable Script
is also defined as: class

Script Execution Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ScriptExecutionAnalysis

belongs to: Process Analysis^c
has facts: analyzes^op Script Application Process; d3fend-id^dp "D3-SEA"; kb-reference^op Reference - Detecting script-based malware - Crowdstrike Inc
is also defined as: class

Security Account Managerⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.002

has facts: may-access^op Authentication Service; may-access^op Process; may-access^op System Password Database
is also defined as: class

Security Software Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1518.001

has facts: may-access^op File System Metadata; may-access^op Kernel Process Table; may-access^op System Configuration Database Record; may-access^op System Firewall Configuration; may-invoke^op Get Running Processes
is also defined as: class

Security Support Providerⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.005

has facts: modifies^op System Configuration Database Record
is also defined as: class

Security Tokenⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SecurityToken

has facts: contains^op Access Token
is also defined as: class

Securityd Memoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1555.002

has facts: accesses^op In-memory Password Store
is also defined as: class

Segment Address Offset Randomizationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SegmentAddressOffsetRandomization

belongs to: Application Hardening^c
has facts: d3fend-id^dp "D3-SAOR"; kb-reference^op Reference - /DYNAMICBASE (Use address space layout randomization) - Microsoft Docs; kb-reference^op Reference - How ASLR protects Linux systems from buffer overflow attacks - Network World; obfuscates^op Process Segment
is also defined as: class

Sender MTA Reputation Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SenderMTAReputationAnalysis

belongs to: Message Analysis^c
has facts: analyzes^op Email; d3fend-id^dp "D3-SMRA"; kb-reference^op Reference - Systems and methods for detecting and/or handling targeted attacks in the email channel - Graphus Inc
is also defined as: class

Sender Reputation Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SenderReputationAnalysis

belongs to: Message Analysis^c
has facts: analyzes^op Email; d3fend-id^dp "D3-SRA"; kb-reference^op Reference - Systems and methods for detecting and/or handling targeted attacks in the email channel - Graphus Inc
is also defined as: class

Serverⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Server

has facts: manages^op Service Application Process; runs^op Service Application
is also defined as: class

Server-Side Request Forgery (SSRF)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-918

has facts: weakness of^op User Input Function
is also defined as: class

Service Binary Verificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceBinaryVerification

belongs to: System File Analysis^c
has facts: d3fend-id^dp "D3-SBV"; kb-reference^op Reference - CAR-2014-02-001: Service Binary Modifications - MITRE; verifies^op Service Application
is also defined as: class

Service Dependency Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ServiceDependencyMapping

belongs to: System Mapping^c
has facts: d3fend-id^dp "D3-SVCDM"; kb-reference^op Reference - Catia UAF Plugin; kb-reference^op Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resources; kb-reference^op Reference - Unified Architecture Framework (UAF); maps^op Service Dependency
is also defined as: class

Service Exhaustion Floodⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1499.002

has facts: produces^op Inbound Internet Network Traffic
is also defined as: class

Services File Permissions Weaknessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.010

has facts: modifies^op Service Application
is also defined as: class

Services Registry Permissions Weaknessⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1574.011

has facts: modifies^op System Configuration Init Database Record
is also defined as: class

Session Duration Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SessionDurationAnalysis

belongs to: User Behavior Analysis^c
has facts: analyzes^op Authentication; analyzes^op Authorization; d3fend-id^dp "D3-SDA"; kb-reference^op Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC; kb-reference^op Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
is also defined as: class

Set System Config Valueⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SetSystemConfigValue

has facts: modifies^op System Configuration Database Record
is also defined as: class

Setuid and Setgidⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.001

has facts: modifies^op Access Control Configuration
is also defined as: class

Shadow Stackⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShadowStack

has facts: copy-of^op Call Stack
is also defined as: class

Shadow Stack Comparisonsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ShadowStackComparisons

belongs to: Process Analysis^c
has facts: analyzes^op Stack Frame; d3fend-id^dp "D3-SSC"; kb-reference^op Reference - Threat detection for return oriented programming - Crowdstrike Inc
is also defined as: class

Shared Resource Access Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SharedResourceAccessFunction

has facts: accesses^op Resource
is also defined as: class

Sharepointⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1213.002

has facts: accesses^op Web File Resource
is also defined as: class

Shortcut Modificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.009

has facts: may-modify^op Symbolic Link; may-modify^op User Startup Script File
is also defined as: class

SI-2(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-2_4

belongs to: NIST Control^c
has facts: control-name^dp "Flaw Remediation | Automated Patch Management Tools"; member-of^op NIST SP 800-53 R5; narrower^op Software Update

SI-2(5)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-2_5

belongs to: NIST Control^c
has facts: control-name^dp "Flaw Remediation | Automatic Software and Firmware Updates"; exactly^op Firmware Verification; exactly^op Peripheral Firmware Verification; exactly^op Software Update; exactly^op System Firmware Verification; member-of^op NIST SP 800-53 R5

SI-2(6)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-2_6

belongs to: NIST Control^c
has facts: control-name^dp "Flaw Remediation | Removal of Previous Versions of Software and Firmware"; member-of^op NIST SP 800-53 R5; narrower^op Firmware Verification; narrower^op Peripheral Firmware Verification; narrower^op Software Update; narrower^op System Firmware Verification

SI-3ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-3

belongs to: NIST Control^c
has facts: broader^op File Analysis; broader^op Network Traffic Analysis; broader^op Platform Monitoring; broader^op Process Analysis; control-name^dp "Malicious Code Protection"; member-of^op NIST SP 800-53 R5

SI-3(10)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-3_10

belongs to: NIST Control^c
has facts: control-name^dp "Malicious Code Protection | Malicious Code Analysis"; exactly^op Dynamic Analysis; member-of^op NIST SP 800-53 R5

SI-3(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-3_4

belongs to: NIST Control^c
has facts: control-name^dp "Malicious Code Protection | Updates Only by Privileged Users"; member-of^op NIST SP 800-53 R5; narrower^op Local File Permissions; narrower^op Mandatory Access Control; narrower^op System Configuration Permissions

SI-3(8)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-3_8

belongs to: NIST Control^c
has facts: control-name^dp "Malicious Code Protection | Detect Unauthorized Commands"; member-of^op NIST SP 800-53 R5; narrower^op User Behavior Analysis

SI-4ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-4

belongs to: NIST Control^c
has facts: broader^op Operating System Monitoring; control-name^dp "System Monitoring"; member-of^op NIST SP 800-53 R5

SI-4(2)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-4_2

belongs to: NIST Control^c
has facts: control-name^dp "System Monitoring | Automated Tools and Mechanisms for Real-time Analysis"; member-of^op NIST SP 800-53 R5; narrower^op Network Traffic Analysis

SI-4(4)ⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#NIST_SP_800-53_R5_SI-4_4

belongs to: NIST Control^c
has facts: control-name^dp "System Monitoring | Inbound and Outbound Communications Traffic"; member-of^op NIST SP 800-53 R5; narrower^op Network Traffic Analysis

SID-History Injectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.005

has facts: modifies^op Access Control Configuration
is also defined as: class

SIP and Trust Provider Hijackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1553.003

has facts: modifies^op System Configuration Database Record
is also defined as: class

Softwareⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Software

has facts: contains^op Executable File; instructs^op Process
is also defined as: class

Software Configurationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1054

belongs to: ATTACK Mitigation^c
has facts: related^op Application Configuration Hardening; related^op Certificate Pinning

Software Deployment Tools Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1072

has facts: adds^op File; executes^op Software Deployment Tool; installs^op Software
is also defined as: class

Software Inventoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareInventory

belongs to: Asset Inventory^c
has facts: d3fend-id^dp "D3-SWI"; inventories^op Software; kb-reference^op Reference - Web-Based Enterprise Management; kb-reference^op Reference - Windows Management Infrastructure (MI); kb-reference^op Reference - Windows Management Instrumentation (WMI)
is also defined as: class

Software Libraryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareLibrary

has facts: contains^op Software Library File
is also defined as: class

Software Library Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareLibraryFile

has facts: contains^op Subroutine; may-contain^op Executable Binary; may-contain^op Executable Script
is also defined as: class

Software Packingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1027.002

has facts: obfuscates^op Executable File
is also defined as: class

Software Updateⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SoftwareUpdate

belongs to: Platform Hardening^c
has facts: d3fend-id^dp "D3-SU"; kb-reference^op Reference - Method and system for providing software updates to local machines; updates^op Software
is also defined as: class

Source Codeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SourceCode

belongs to: Reference Type^c
is also defined as: class

Space after Filenameⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1036.006

has facts: creates^op File
is also defined as: class

Spearphishing Attachmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.001

has facts: produces^op Email; produces^op Inbound Internet Mail Traffic
is also defined as: class

Spearphishing Linkⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.002

has facts: produces^op Email; produces^op Inbound Internet Mail Traffic; produces^op URL
is also defined as: class

Spearphishing Via Serviceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1566.003

has facts: produces^op File; produces^op URL
is also defined as: class

SQL Stored Proceduresⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.001

has facts: creates^op Stored Procedure; invokes^op Create Process
is also defined as: class

SSHⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.004

has facts: creates^op SSH Session; produces^op Administrative Network Traffic
is also defined as: class

SSH Hijackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1563.001

has facts: accesses^op SSH Session
is also defined as: class

SSL/TLS Inspectionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1020

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "D3FEND models this as an infrastructure dependency to support D3-NTA."; related^op Network Traffic Analysis

Stack Frameⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackFrame

has facts: may-contain^op Pointer; may-contain^op Stack Frame Canary
is also defined as: class

Stack Frame Canary Validationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackFrameCanaryValidation

belongs to: Application Hardening^c
has facts: d3fend-id^dp "D3-SFCV"; kb-reference^op Reference - /GS (Buffer Security Check) - Microsoft Docs; kb-reference^op Reference - Security Technologies: Stack Smashing Protection (StackGuard) - Red Hat; validates^op Stack Frame
is also defined as: class

Stack Segmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StackSegment

has facts: contains^op Stack Frame
is also defined as: class

Standalone Honeynetⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StandaloneHoneynet

belongs to: Decoy Environment^c
has facts: d3fend-id^dp "D3-SHN"; kb-reference^op Reference - Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network - Palo Alto Networks Inc; spoofs^op Intranet Network
is also defined as: class

Startup Itemsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1037.005

has facts: modifies^op System Startup Directory
is also defined as: class

Steal Application Access Tokenⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1528

has facts: accesses^op Access Token
is also defined as: class

Steal or Forge Kerberos Ticketsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1558

has facts: may-access^op Kerberos Ticket; may-create^op Kerberos Ticket
is also defined as: class

Steal Web Session Cookieⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1539

has facts: accesses^op Session Cookie
is also defined as: class

Step 1 - Copy Tokenⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#step-1

belongs to: step^c
has facts: invokes^op Copy Token; next^op Step 2 - Impersonate User

Step 2 - Impersonate Userⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#step-2

belongs to: step^c
has facts: creates^op Authentication; invokes^op Impersonate User

Storageⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#Storage

has facts: may-contain^op File System
is also defined as: class

Stored Data Manipulationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.001

has facts: modifies^op File
is also defined as: class

Strong Password Policyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#StrongPasswordPolicy

belongs to: Credential Hardening^c
has facts: d3fend-id^dp "D3-SPP"; kb-reference^op Reference - Digital Identity Guidelines 800-63-3; kb-reference^op Reference - Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords; strengthens^op Password; strengthens^op User Account
is also defined as: class

Sudo and Sudo Cachingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1548.003

has facts: may-modify^op Event Log; modifies^op Operating System Configuration File
is also defined as: class

Supply Chain Compromiseⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1195

has facts: modifies^op Digital Artifact
is also defined as: class

Suspend Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SuspendProcess

has facts: evicts^op Process
is also defined as: class

Symbolic Linkⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SymbolicLink

has facts: addresses^op File
is also defined as: class

Symmetric Cryptographyⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1573.001

has facts: creates^op Outbound Internet Encrypted Traffic
is also defined as: class

System Callⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCall

has facts: executes^op Subroutine
is also defined as: class

System Call Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCallAnalysis

belongs to: Process Analysis^c
has facts: analyzes^op System Call; d3fend-id^dp "D3-SCA"; kb-reference^op Reference - CAR-2019-08-001: Credential Dumping via Windows Task Manager - MITRE; kb-reference^op Reference - CAR-2013-10-002: DLL Injection via Load Library - MITRE; kb-reference^op Reference - Deterministic method for detecting and blocking of exploits on interpreted code - K2 Cyber Security Inc; kb-reference^op Reference - Hardware-assisted system and method for detecting and analyzing system calls made to an operting system kernel - Endgame Inc; kb-reference^op Reference - Malware detection in event loops - Crowdstrike Inc; kb-reference^op Reference - Post sandbox methods and systems for detecting and blocking zero-day exploits via api call validation - K2 Cyber Security Inc; kb-reference^op Reference - CAR-2020-05-001: MiniDump of LSASS - MITRE; kb-reference^op Reference - CAR-2021-05-011: Create Remote Thread into LSASS - MITRE
is also defined as: class

System Call Filteringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemCallFiltering

belongs to: Kernel-based Process Isolation^c
has facts: d3fend-id^dp "D3-SCF"; filters^op System Call; kb-reference^op Reference - Overview of the seccomp sandbox
is also defined as: class

System Configuration Databaseⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationDatabase

has facts: contains^op System Configuration Database Record
is also defined as: class

System Configuration Permissionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemConfigurationPermissions

belongs to: Platform Hardening^c
has facts: d3fend-id^dp "D3-SCP"; kb-reference^op Reference - How to change registry values or permissions from a command line or a script; restricts^op System Configuration Database
is also defined as: class

System Daemon Monitoringⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemDaemonMonitoring

belongs to: Operating System Monitoring^c
has facts: d3fend-id^dp "D3-SDM"; kb-reference^op Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltd; kb-reference^op Reference - Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system - Symantec Corporation; kb-reference^op Reference - CAR-2016-04-003: User Activity from Stopping Windows Defensive Services - MITRE; monitors^op Operating System Process
is also defined as: class

System Dependency Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemDependencyMapping

belongs to: System Mapping^c
has facts: d3fend-id^dp "D3-SYSDM"; kb-reference^op Reference - Catia UAF Plugin; kb-reference^op Reference - Software vulnerability graph database; kb-reference^op Reference - Tivoli Application Dependency Discovery Manager 7.3.0 - Dependencies between resources; kb-reference^op Reference - Unified Architecture Framework (UAF); maps^op System Dependency
is also defined as: class

System File Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFileAnalysis

belongs to: Operating System Monitoring^c
has facts: analyzes^op Operating System File; d3fend-id^dp "D3-SFA"; kb-reference^op Reference - CAR-2019-07-001: Access Permission Modification - MITRE; kb-reference^op Reference - CAR-2013-01-002: Autorun Differences - MITRE; kb-reference^op Reference - CAR-2016-04-002: User Activity from Clearing Event Logs - MITRE
is also defined as: class

System Firewall Configurationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFirewallConfiguration

has facts: configures^op Host-based Firewall
is also defined as: class

System Firmwareⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1542.001

has facts: modifies^op System Firmware
is also defined as: class

System Firmware Verificationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemFirmwareVerification

belongs to: Firmware Verification^c
has facts: d3fend-id^dp "D3-SFV"; kb-reference^op Reference - Firmware Verification Eclypsium; kb-reference^op Reference - Platform Firmware Resiliency Guidelines - NIST; verifies^op System Firmware
is also defined as: class

System Information Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1082

has facts: may-access^op Decoy Artifact; may-invoke^op Create Process
is also defined as: class

System Init Config Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemInitConfigAnalysis

belongs to: Operating System Monitoring^c
has facts: analyzes^op System Init Configuration; d3fend-id^dp "D3-SICA"; kb-reference^op Reference - CAR-2013-01-002: Autorun Differences - MITRE; kb-reference^op Reference - CAR-2020-09-005: AppInit DLLs - MITRE; kb-reference^op Reference - CAR-2020-11-001: Boot or Logon Initialization Scripts - MITRE
is also defined as: class

System Language Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1614.001

has facts: queries^op System Configuration Database
is also defined as: class

System Location Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1614

has facts: accesses^op Configuration Resource
is also defined as: class

System Mappingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemMapping

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-SYSM"; enables^op Model
is also defined as: class

System Network Configuration Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1016

has facts: may-execute^op Executable Script; may-invoke^op Create Process; may-invoke^op Get System Network Config Value
is also defined as: class

System Network Connections Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1049

has facts: may-invoke^op Get Open Sockets
is also defined as: class

System Owner/User Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1033

has facts: may-access^op Directory Service; may-access^op Get System Config Value; may-access^op Password File; may-access^op Process Segment; may-invoke^op Copy Token; may-invoke^op Create Process
is also defined as: class

System Service Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1007

has facts: may-invoke^op Create Process; may-invoke^op Get Running Processes
is also defined as: class

System Service Softwareⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemServiceSoftware

has facts: contains^op Operating System File
is also defined as: class

System Time Discoveryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1124

has facts: may-invoke^op Create Process; may-invoke^op Get System Time
is also defined as: class

System Vulnerability Assessmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#SystemVulnerabilityAssessment

belongs to: System Mapping^c
has facts: d3fend-id^dp "D3-SYSVA"; evaluates^op Digital System; identifies^op vulnerability; kb-reference^op Reference - Software vulnerability graph database
is also defined as: class

Systemd Serviceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.002

has facts: may-create^op Operating System Configuration File; may-modify^op Operating System Configuration File
is also defined as: class

Taint Shared Contentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1080

has facts: modifies^op Network Resource
is also defined as: class

Terminate Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TerminateProcess

has facts: terminates^op Process
is also defined as: class

Thread Execution Hijackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.003

has facts: invokes^op System Call; may-add^op Executable Binary
is also defined as: class

Thread Local Storageⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.005

has facts: invokes^op System Call
is also defined as: class

Thread Start Functionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#ThreadStartFunction

has facts: executes^op Thread
is also defined as: class

Threat Intelligence Programⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1019

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "Establishing and running a Threat Intelligence Program is outside the scope of D3FEND."

Time Based Evasionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1497.003

has facts: may-invoke^op Get System Time; may-run^op System Time Application
is also defined as: class

Time Providersⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.003

has facts: modifies^op System Configuration Database Record
is also defined as: class

Timestompⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1070.006

has facts: forges^op File System Metadata
is also defined as: class

Token Impersonation/Theftⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1134.001

belongs to: Access Token^c
has facts: copies^op Access Token
is also defined as: class

TPM Boot Integrityⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TPMBootIntegrity

belongs to: Platform Hardening^c
has facts: d3fend-id^dp "D3-TBI"; kb-reference^op Reference - TCG Trusted Attestation Protocol Use Cases for TPM Families 1.2 and 2.0 and DICE; kb-reference^op Reference - Trusted Attestation Protocol Use Cases; kb-reference^op Reference - TPM 2.0 Library Specification - Trusted Computing Group, Incorporated
is also defined as: class

Trace Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TraceProcess

has facts: monitors^op Process
is also defined as: class

Traffic Signalingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1205

has facts: produces^op Network Traffic
is also defined as: class

Transfer Agent Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#TransferAgentAuthentication

belongs to: Message Hardening^c
has facts: d3fend-id^dp "D3-TAAN"; kb-reference^op Reference - RFC 6376: DomainKeys Identified Mail (DKIM) Signatures - IETF; kb-reference^op Reference - RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email - IETF; kb-reference^op Reference - RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC) - IETF
is also defined as: class

Transmitted Data Manipulationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1565.002

has facts: may-modify^op Network Traffic
is also defined as: class

Transport Agentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.002

has facts: adds^op Message Transfer Agent; modifies^op Mail Server
is also defined as: class

Trapⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.005

has facts: executes^op Command; may-create^op Executable Script; may-modify^op Executable Script; modifies^op Event Log
is also defined as: class

Trusted Relationshipⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1199

has facts: creates^op Login Session; produces^op Intranet Network Traffic
is also defined as: class

Two-Factor Authentication Interceptionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1111

has facts: may-access^op Security Token
is also defined as: class

Unrestricted Upload of File with Dangerous Typeⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-434

has facts: weakness of^op User Input Function
is also defined as: class

Unsecured Credentialsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1552

has facts: accesses^op Credential
is also defined as: class

Update Softwareⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1051

belongs to: ATTACK Mitigation^c
has facts: related^op Software Update

URLⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URL

has facts: addresses^op Resource
is also defined as: class

URL Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URLAnalysis

belongs to: Identifier Analysis^c
has facts: analyzes^op URL; d3fend-id^dp "D3-UA"; kb-reference^op Reference - Method and Apparatus for Detecting Malicious Websites - Endgame Inc; kb-reference^op Reference - Method and system for detecting restricted content associated with retrieved content - Sophos Ltd
is also defined as: class

URL Reputation Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#URLReputationAnalysis

belongs to: Identifier Reputation Analysis^c
has facts: analyzes^op URL; d3fend-id^dp "D3-URA"; kb-reference^op Reference - Finding phishing sites
is also defined as: class

Use Alternate Authentication Materialⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550

has facts: accesses^op Authentication Service
is also defined as: class

Use of Hard-coded Credentialsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#CWE-798

has facts: weakness of^op Authentication Function
is also defined as: class

Userⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#User

has facts: has-account^op User Account
is also defined as: class

User Account Controlⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1052

belongs to: ATTACK Mitigation^c
has facts: related^op Mandatory Access Control

User Account Managementⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1018

belongs to: ATTACK Mitigation^c
has facts: related^op Local File Permissions; related^op Mandatory Access Control; related^op System Configuration Permissions

User Account Permissionsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserAccountPermissions

belongs to: Credential Hardening^c
has facts: d3fend-id^dp "D3-UAP"; kb-reference^op Reference - Configure User Access Control and Permissions; restricts^op User Account
is also defined as: class

User Behaviorⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserBehavior

has facts: contains^op User Action
is also defined as: class

User Behavior Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserBehaviorAnalysis

belongs to: Defensive Technique^c
has facts: d3fend-id^dp "D3-UBA"; enables^op Detect
is also defined as: class

User Data Transfer Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserDataTransferAnalysis

belongs to: User Behavior Analysis^c
has facts: analyzes^op Resource Access; d3fend-id^dp "D3-UDTA"; kb-reference^op Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Inc; kb-reference^op Reference - System for implementing threat detection using threat and risk assessment of asset-actor interactions - VECTRA NETWORKS Inc
is also defined as: class

User Geolocation Logon Pattern Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserGeolocationLogonPatternAnalysis

belongs to: User Behavior Analysis^c
has facts: analyzes^op Network Traffic; d3fend-id^dp "D3-UGLPA"; kb-reference^op Reference - Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - Idaptive LLC; kb-reference^op Reference - System, method, and computer program product for detecting and assessing security risks in a network - Exabeam Inc
is also defined as: class

User Manualⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserManual

belongs to: Reference Type^c
is also defined as: class

User Session Init Config Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserSessionInitConfigAnalysis

belongs to: Operating System Monitoring^c
has facts: analyzes^op User Init Configuration File; d3fend-id^dp "D3-USICA"; kb-reference^op Reference - Identification and extraction of key forensics indicators of compromise using subject-specific filesystem views; kb-reference^op Reference - Registry Key Security and Access Rights; kb-reference^op Reference - CAR-2020-09-002: Component Object Model Hijacking - MITRE; kb-reference^op Reference - CAR-2020-11-011: Registry Edit from Screensaver
is also defined as: class

User Startup Directoryⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserStartupDirectory

has facts: contains^op User Startup Script File
is also defined as: class

User to User Messageⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#UserToUserMessage

has facts: has-recipient^op User Account; has-sender^op User Account
is also defined as: class

User Trainingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1017

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "Modeling user training is outside the scope of D3FEND."

Valid Accountsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1078

has facts: produces^op Authentication; produces^op Authorization; uses^op User Account
is also defined as: class

VBA Stompingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1564.007

has facts: modifies^op Office Application File
is also defined as: class

VDSO Hijackingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1055.014

has facts: accesses^op Shared Library File; invokes^op System Call
is also defined as: class

Video Captureⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1125

has facts: accesses^op Video Input Device
is also defined as: class

Vulnerability Scanningⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#M1016

belongs to: ATTACK Mitigation^c
has facts: d3fend-comment^dp "Future D3FEND releases will model the scanning and inventory domains."

Web Authenticationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebAuthentication

has facts: may-create^op Session Cookie
is also defined as: class

Web File Resourceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebFileResource

has facts: addressed-by^op URL
is also defined as: class

Web Portal Captureⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1056.003

has facts: modifies^op Web Server Application
is also defined as: class

Web Protocolsⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1071.001

has facts: may-transfer^op Certificate File; produces^op Outbound Internet Web Traffic
is also defined as: class

Web Serviceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1102

has facts: produces^op Outbound Internet Web Traffic
is also defined as: class

Web Session Activity Analysisⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebSessionActivityAnalysis

belongs to: User Behavior Analysis^c
has facts: analyzes^op Web Resource Access; d3fend-id^dp "D3-WSAA"; kb-reference^op Reference - Host intrusion prevention system using software and user behavior analysis - Sophos Ltd; kb-reference^op Reference - System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Velocity Analysis - Silver Tail Systems; kb-reference^op Reference - System and Method for Network Security Including Detection of Attacks Through Partner Websites - EMC IP Holding Co LLC; kb-reference^op Reference - System and method thereof for identifying and responding to security incidents based on preemptive forensics - Palo Alto Networks Inc
is also defined as: class

Web Session Cookieⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1550.004

has facts: adds^op Session Cookie; produces^op Web Network Traffic
is also defined as: class

Web Shellⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1505.003

has facts: adds^op Web Script File; modifies^op Web Server; produces^op Process
is also defined as: class

Web Socket URLⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WebSocketURL

belongs to: URL^c

WHOIS Compatible Domain Registrationⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WHOISCompatibleDomainRegistration

belongs to: Domain Registration^c

Windows Batch Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WindowsBatchFile

belongs to: Executable Script^c

Windows Management Instrumentation Event Subscriptionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.003

has facts: modifies^op Event Log; produces^op Intranet Administrative Network Traffic
is also defined as: class

Windows Management Instrumentation Executionⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1047

has facts: may-create^op Intranet Administrative Network Traffic; may-invoke^op Create Process
is also defined as: class

Windows Processⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WindowsProcess

belongs to: Process^c

Windows Serviceⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1543.003

has facts: modifies^op System Configuration Database
is also defined as: class

Winlogon Helper DLLⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1547.004

has facts: modifies^op System Configuration Database Record
is also defined as: class

Write Fileⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#WriteFile

has facts: modifies^op File
is also defined as: class

X86 Code Segmentⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#X86CodeSegment

belongs to: Image Code Segment^c; Process Code Segment^c

XSL Script Processingⁿⁱ back to ToC or Named Individual ToC

IRI: http://d3fend.mitre.org/ontologies/d3fend.owl#T1220

has facts: adds^op File; interprets^op Executable Script; invokes^op Create Process
is also defined as: class

This HTML document was obtained by processing the OWL ontology source code through LODE, Live OWL Documentation Environment, developed by Silvio Peroni .

D3FEND™ - A knowledge graph of cybersecurity countermeasures

Abstract

Table of Content

Classes

.bash_profile and .bashrcc back to ToC or Class ToC

/etc/passwd and /etc/shadowc back to ToC or Class ToC

Abuse Elevation Control Mechanismc back to ToC or Class ToC

Academic Articlec back to ToC or Class ToC

Academic Paper Referencec back to ToC or Class ToC

Access Control Configurationc back to ToC or Class ToC

Access Control Listc back to ToC or Class ToC

Access Modelingc back to ToC or Class ToC

Access Tokenc back to ToC or Class ToC

Access Token Manipulationc back to ToC or Class ToC

Accessibility Featuresc back to ToC or Class ToC

Accessibility Featuresc back to ToC or Class ToC

Account Access Removalc back to ToC or Class ToC

Account Discoveryc back to ToC or Class ToC

Account Lockingc back to ToC or Class ToC

Account Manipulationc back to ToC or Class ToC

Acquire Infrastructurec back to ToC or Class ToC

Active Certificate Analysisc back to ToC or Class ToC

Active Logical Link Mappingc back to ToC or Class ToC

Active Physical Link Mappingc back to ToC or Class ToC

Active Scanningc back to ToC or Class ToC

Active Setupc back to ToC or Class ToC

Activityc back to ToC or Class ToC

Activity Dependencyc back to ToC or Class ToC

Add Office 365 Global Administrator Rolec back to ToC or Class ToC

Add-insc back to ToC or Class ToC

Additional Azure Service Principal Credentialsc back to ToC or Class ToC

Address Spacec back to ToC or Class ToC

Admin Feature Assessmentc back to ToC or Class ToC

Admin Feature Claimc back to ToC or Class ToC

Administrative Featurec back to ToC or Class ToC

Administrative Network Activity Analysisc back to ToC or Class ToC

Administrative Network Trafficc back to ToC or Class ToC

Agentc back to ToC or Class ToC

Aliasc back to ToC or Class ToC

Allocate Memoryc back to ToC or Class ToC

Analysis of Alternativesc back to ToC or Class ToC

Analytic Latencyc back to ToC or Class ToC

AppCert DLLsc back to ToC or Class ToC

AppCert DLLsc back to ToC or Class ToC

AppInit DLLsc back to ToC or Class ToC

AppInit DLLsc back to ToC or Class ToC

AppleScriptc back to ToC or Class ToC

AppleScript Executionc back to ToC or Class ToC

Appliancec back to ToC or Class ToC

Applicationc back to ToC or Class ToC

Application Access Tokenc back to ToC or Class ToC

Application Access Tokenc back to ToC or Class ToC

Application Configurationc back to ToC or Class ToC

Application Configuration Databasec back to ToC or Class ToC

Application Configuration Database Recordc back to ToC or Class ToC

Application Configuration Filec back to ToC or Class ToC

Application Configuration Hardeningc back to ToC or Class ToC

Application Deployment Softwarec back to ToC or Class ToC

Application Exhaustion Floodc back to ToC or Class ToC

Application Hardeningc back to ToC or Class ToC

Application Installerc back to ToC or Class ToC

Application Inventory Sensorc back to ToC or Class ToC

Application Layer Firewallc back to ToC or Class ToC

Application Layer Linkc back to ToC or Class ToC

Application Layer Protocolc back to ToC or Class ToC

Application or System Exploitationc back to ToC or Class ToC

Application Processc back to ToC or Class ToC

Application Process Configurationc back to ToC or Class ToC

Application Rulec back to ToC or Class ToC

Application Shimc back to ToC or Class ToC

Application Shimmingc back to ToC or Class ToC

Application Shimmingc back to ToC or Class ToC

Application Window Discoveryc back to ToC or Class ToC

Archive Collected Datac back to ToC or Class ToC

Archive Filec back to ToC or Class ToC

Archive via Custom Methodc back to ToC or Class ToC

Archive via Libraryc back to ToC or Class ToC

Archive via Utilityc back to ToC or Class ToC

ARP Cache Poisoningc back to ToC or Class ToC

Articlec back to ToC or Class ToC

.bash_profile and .bashrc^c back to ToC or Class ToC

/etc/passwd and /etc/shadow^c back to ToC or Class ToC

Abuse Elevation Control Mechanism^c back to ToC or Class ToC

Academic Article^c back to ToC or Class ToC

Academic Paper Reference^c back to ToC or Class ToC

Access Control Configuration^c back to ToC or Class ToC

Access Control List^c back to ToC or Class ToC

Access Modeling^c back to ToC or Class ToC

Access Token^c back to ToC or Class ToC

Access Token Manipulation^c back to ToC or Class ToC

Accessibility Features^c back to ToC or Class ToC

Accessibility Features^c back to ToC or Class ToC

Account Access Removal^c back to ToC or Class ToC

Account Discovery^c back to ToC or Class ToC

Account Locking^c back to ToC or Class ToC

Account Manipulation^c back to ToC or Class ToC

Acquire Infrastructure^c back to ToC or Class ToC

Active Certificate Analysis^c back to ToC or Class ToC

Active Logical Link Mapping^c back to ToC or Class ToC

Active Physical Link Mapping^c back to ToC or Class ToC

Active Scanning^c back to ToC or Class ToC

Active Setup^c back to ToC or Class ToC

Activity^c back to ToC or Class ToC

Activity Dependency^c back to ToC or Class ToC

Add Office 365 Global Administrator Role^c back to ToC or Class ToC

Add-ins^c back to ToC or Class ToC

Additional Azure Service Principal Credentials^c back to ToC or Class ToC

Address Space^c back to ToC or Class ToC

Admin Feature Assessment^c back to ToC or Class ToC

Admin Feature Claim^c back to ToC or Class ToC

Administrative Feature^c back to ToC or Class ToC

Administrative Network Activity Analysis^c back to ToC or Class ToC

Administrative Network Traffic^c back to ToC or Class ToC

Agent^c back to ToC or Class ToC

Alias^c back to ToC or Class ToC

Allocate Memory^c back to ToC or Class ToC

Analysis of Alternatives^c back to ToC or Class ToC

Analytic Latency^c back to ToC or Class ToC

AppCert DLLs^c back to ToC or Class ToC

AppCert DLLs^c back to ToC or Class ToC

AppInit DLLs^c back to ToC or Class ToC

AppInit DLLs^c back to ToC or Class ToC

AppleScript^c back to ToC or Class ToC

AppleScript Execution^c back to ToC or Class ToC

Appliance^c back to ToC or Class ToC

Application^c back to ToC or Class ToC

Application Access Token^c back to ToC or Class ToC

Application Access Token^c back to ToC or Class ToC

Application Configuration^c back to ToC or Class ToC

Application Configuration Database^c back to ToC or Class ToC

Application Configuration Database Record^c back to ToC or Class ToC

Application Configuration File^c back to ToC or Class ToC

Application Configuration Hardening^c back to ToC or Class ToC

Application Deployment Software^c back to ToC or Class ToC

Application Exhaustion Flood^c back to ToC or Class ToC

Application Hardening^c back to ToC or Class ToC

Application Installer^c back to ToC or Class ToC

Application Inventory Sensor^c back to ToC or Class ToC

Application Layer Firewall^c back to ToC or Class ToC

Application Layer Link^c back to ToC or Class ToC

Application Layer Protocol^c back to ToC or Class ToC

Application or System Exploitation^c back to ToC or Class ToC

Application Process^c back to ToC or Class ToC

Application Process Configuration^c back to ToC or Class ToC

Application Rule^c back to ToC or Class ToC

Application Shim^c back to ToC or Class ToC

Application Shimming^c back to ToC or Class ToC

Application Shimming^c back to ToC or Class ToC

Application Window Discovery^c back to ToC or Class ToC

Archive Collected Data^c back to ToC or Class ToC

Archive File^c back to ToC or Class ToC

Archive via Custom Method^c back to ToC or Class ToC

Archive via Library^c back to ToC or Class ToC

Archive via Utility^c back to ToC or Class ToC

ARP Cache Poisoning^c back to ToC or Class ToC

Article^c back to ToC or Class ToC

Artifact^c back to ToC or Class ToC

Artifact Server^c back to ToC or Class ToC

AS-REP Roasting^c back to ToC or Class ToC

Assessment^c back to ToC or Class ToC