During an incident analysis session, a security analyst is charting out an intrusion based on the intersection of different elements like the tools used, the infrastructure leveraged for attack execution, and the profile of the threat actor. Without explicitly classifying these elements, the analyst is attempting to recognize patterns and adversaries through correlating disparate but related events. Which analysis framework aligns with the analyst's approach for gaining actionable intelligence?
Indicators of Compromise (IoCs) framework
Adversary Tactics, Techniques, and Common Knowledge (ATT&CK)
Preparation phase of Incident Response lifecycle
Diamond Model of Intrusion Analysis
|Incident Response and Management
|Reporting and Communication