Skip to content

Glossary

  • ATT&CK, AdversarialTactics, Techniques, and Common Knowledge, adversarial tactics, techniques, and common knowledge
  • SOC, SecurityOperations Center, Security Operations Center
  • TTPs, Tactics, Techniques and Procedures, tactics, techniques and procedures, also called attack tactics
  • IoCs, Indicator of Compromise, describes the captured threat event response information, often in the form of domain name, IP, and URL.
  • IACD, Integrated Adaptive Cyber ​​Defense, integrated adaptive network security protection framework
  • PDR, Protect-Detect-Respond, Protection-Detect-Respond
  • PPDR, Predict-Prevent-Detect-Respond, Predict-Defense-Detect-Respond
  • IPDRR, Identity-Protect-Detect-Respond-Recover, Identity-Protect-Detect-Respond-Recover
  • IPDRRDR, Identity-Protect-Detect-Respond-Recover-Diagnose-Refine, Identity-Protect-Detect-Response-Recover-Diagnose-Improve
  • SOAR, Security Orchestration, Automation and Response, security orchestration, automation and response
  • OODA loop, Obeseve, Orient, Decide, Act, observation, adjustment, decision-making and action
  • SMAF, Sense-Making Analytic Framework, sense-making analysis framework
  • DME, Decision Making Engine, decision engine
  • OM,Orchestration Manag
  • DRP, Digital Risk Protection, digital risk protection business (a derivative of threat intelligence business, closer to enterprise business)
  • TDA, Threat Discovery Appliance, threat discovery equipment, mainly focuses on threat discovery, location and processing, integrating software and hardware.
  • BackBone Network, backbone network, used to connect high-speed networks in multiple areas or regions
  • MTTD\MTTR, Mean Time To Detect, mean fault detection time; Mean Time To Respond, mean fault response time
  • STRIDE, Microsoft threat model, Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege. Namely: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.
  • NTA, Network Traffic Analysis, often refers to network traffic analysis products. It uses network communication traffic as a basic data source to output threat events. The difference from IDS is that model detection is its core, while IDS takes feature detection as its core [1]
  • SD-WAN, software-defined networking, software-defined wide area network
  • CEP, Complex Event Process, complex event processing
  • RASP, Runtime Application Self-Protection, real-time application self-protection
  • XDR, Extended Detection and Response, extended detection and response
  • MDR, Managed Detection and Response, managed detection and response

Referecnes [1] Basic analysis of network security NTA technology, MANNING23 , https://manning23.github.io/2020/03/14/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85 %A8NTA%E6%8A%80%E6%9C%AF%E5%9F%BA%E6%9C%AC%E5%88%86%E6%9E%90/