In order to have an overview of the countermeasures against an intrusion set/campaign/incident, it would be interesting to have a "Course of Action Matrix":
The Course of Action Matrix (7D) was not bad in 2021. But we are in 2023 and it would be interesting to integrate MITRE D3FEND Knowledge Graph Project project instead.
Problem to Solve
In order to have an overview of the countermeasures against an intrusion set/campaign/incident, it would be interesting to have a "Course of Action Matrix":
From: https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf
Current Workaround
None
Proposed Solution
For an intrusion set / report / incident / campaign :
kill_chain_phases
of each SDOdetect, deny, disrupt, degrade, deceive, destroy
relationships between SDO and COA.Additional Information