Security leaders are increasingly looking to the MITRE ATT&CK matrix to help understand and combat the threats against their environment. Security teams who follow ATT&CK can track the tactics being used by adversaries, the scope of attacks, and the efficacy of their controls—generating critical, continuous insights for security operations. D3 leverages ATT&CK TTP information to provide critical functions by sitting on top of the suite of detection tools to enrich events, validate TTP correlations, eliminate false positives, and hunt for more traces of the attack.