D3FEND — Detect

When to Use

• Building file analysis pipelines (static, dynamic, emulated)
• Implementing identifier reputation checks (IP, domain, file hash, URL)
• Designing network traffic analysis and anomaly detection
• Monitoring platform health (OS, firmware, applications)
• Setting up physical access controls and surveillance
• Creating file integrity and behavioral monitoring

When NOT to Use

• System hardening or secure configuration → d3fend-harden
• Network segmentation or access mediation → d3fend-isolate
• Honeypots or decoy operations → d3fend-deceive
• Threat hunting playbooks → defensive-security-analyst
• SIEM/SOAR engineering → cybersecurity