Tactics
Tactics represent the 'why' of a technique or countermeasure. It is the threat actor's (Eve's) or defender's tactical goal and the reason they are performing a technique or countermeasure.
Tactics: 14
QID | Title | Description | Type |
---|---|---|---|
T-0001 | Reconnaissance |
The threat actor is trying to gather information they can use to plan future operations. |
Attack |
T-0002 | Resource Development |
The threat actor is trying to establish resources they can use to support operations. |
Attack |
T-0003 | Initial Access |
The threat actor is trying to get into your system. |
Attack |
T-0004 | Execution |
The threat actor is trying to run malicious activity. |
Attack |
T-0007 | Defense Evasion |
The threat actor is trying to avoid being detected. |
Attack |
T-0013 | Exfiltration |
The threat actor is trying to steal data. |
Attack |
T-0014 | Impact |
The threat actor is trying to manipulate, interrupt, or destroy your systems and data. |
Attack |
T-0021 | Model |
The model tactic is used to apply security engineering, vulnerability, threat, and risk analyses to the systems. |
Defence |
T-0015 | Harden |
The harden tactic is used to increase the opportunity cost of a system exploitation. Hardening differs from Detection in that it generally is conducted before a system is online and operational. |
Defence |
T-0016 | Detect |
The detect tactic is used to identify adversary access to or unauthorized activity on a system. |
Defence |
T-0017 | Isolate |
The isolate tactic creates logical or physical barriers in a system which reduces opportunities for adversaries to create further accesses. |
Defence |
T-0018 | Deceive |
The deceive tactic is used to advertise, entice, and allow potential attackers access to an observed or controlled environment. |
Defence |
T-0019 | Evict |
The eviction tactic is used to remove an adversary from a system. |
Defence |
T-0020 | Restore |
The restore tactic is used to return the system to a better state. |
Defence |