MITRE D3FEND

Defensive techniques mapped against ATT&CK — know how to defend

All 11 techniques Model 27 Harden 55 Detect 90 Isolate 56 Deceive 11 Evict 19 Restore 12
D3-CHN Deceive
Connected Honeynet
A decoy service, system, or environment, that is connected to the enterprise network, and simulates or emulates certain functionality to the network, without exposing full access to a production system.
D3-DE Deceive
Decoy Environment
A Decoy Environment comprises hosts and networks for the purposes of deceiving an attacker.
Counters 1 ATT&CK
D3-DF Deceive
Decoy File
A file created for the purposes of deceiving an adversary.
Counters 46 ATT&CK
D3-DNR Deceive
Decoy Network Resource
Deploying a network resource for the purposes of deceiving an adversary.
Counters 7 ATT&CK
D3-DO Deceive
Decoy Object
A Decoy Object is created and deployed for the purposes of deceiving attackers.
D3-DP Deceive
Decoy Persona
Establishing a fake online identity to misdirect, deceive, and or interact with adversaries.
D3-DPR Deceive
Decoy Public Release
Issuing publicly released media to deceive adversaries.
D3-DST Deceive
Decoy Session Token
An authentication token created for the purposes of deceiving an adversary.
D3-DUC Deceive
Decoy User Credential
A Credential created for the purpose of deceiving an adversary.
Counters 10 ATT&CK
D3-IHN Deceive
Integrated Honeynet
The practice of setting decoys in a production environment to entice interaction from attackers.
D3-SHN Deceive
Standalone Honeynet
An environment created for the purpose of attracting attackers and eliciting their behaviors that is not connected to any production enterprise systems.