Course of Action Matrix (7D)

[2xyo]

Problem to Solve

In order to have an overview of the countermeasures against an intrusion set/campaign/incident, it would be interesting to have a "Course of Action Matrix":

From: https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf

Current Workaround

None

Proposed Solution

For an intrusion set / report / incident / campaign :

• extract kill_chain_phases of each SDO
• allow detect, deny, disrupt, degrade, deceive, destroy relationships between SDO and COA.
• combine the relationships and phases of the kill chain in a matrix
• magically display the result in a beautiful table

Additional Information

• https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf
• https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf

[2xyo]

The Course of Action Matrix (7D) was not bad in 2021. But we are in 2023 and it would be interesting to integrate MITRE D3FEND Knowledge Graph Project project instead.