Tactics

Tactics represent the 'why' of a technique or countermeasure. It is the threat actor's (Eve's) or defender's tactical goal and the reason they are performing a technique or countermeasure.

Tactics: 14
QID Title Description Type
T-0001 Reconnaissance

The threat actor is trying to gather information they can use to plan future operations.

Attack
T-0002 Resource Development

The threat actor is trying to establish resources they can use to support operations.

Attack
T-0003 Initial Access

The threat actor is trying to get into your system.

Attack
T-0004 Execution

The threat actor is trying to run malicious activity.

Attack
T-0007 Defense Evasion

The threat actor is trying to avoid being detected.

Attack
T-0013 Exfiltration

The threat actor is trying to steal data.

Attack
T-0014 Impact

The threat actor is trying to manipulate, interrupt, or destroy your systems and data.

Attack
T-0021 Model

The model tactic is used to apply security engineering, vulnerability, threat, and risk analyses to the systems.

Defence
T-0015 Harden

The harden tactic is used to increase the opportunity cost of a system exploitation. Hardening differs from Detection in that it generally is conducted before a system is online and operational.

Defence
T-0016 Detect

The detect tactic is used to identify adversary access to or unauthorized activity on a system.

Defence
T-0017 Isolate

The isolate tactic creates logical or physical barriers in a system which reduces opportunities for adversaries to create further accesses.

Defence
T-0018 Deceive

The deceive tactic is used to advertise, entice, and allow potential attackers access to an observed or controlled environment.

Defence
T-0019 Evict

The eviction tactic is used to remove an adversary from a system.

Defence
T-0020 Restore

The restore tactic is used to return the system to a better state.

Defence