Assess current holdings, needs, and wants

Analysts assess current information available against requirements that outline needs and wants as part of the research baselining process to begin satisfying a requirement. [1] [2] [3] [4]

ID: T1236
Sub-techniques:  No sub-techniques
Tactic: Priority Definition Planning
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Normally, defender is unable to detect. Few agencies and commercial organizations may have unique insights.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Normal aspect of adversary planning lifecycle. May not be done by all adversaries.


  1. Tom Parker, Matt Devost, Marcus Sachs, and Toby Miller. (2003). Cyber Adversary Characterization. Retrieved March 5, 2017.
  2. Central Intelligence Agency. (2009). A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis. Retrieved March 5, 2017.
  1. John Lowry, Rico Valdez, Brad Wood. (n.d.). Adversary Modeling to Develop Forensic Observables. Retrieved March 5, 2017.
  2. Elizabeth Van Ruitenbeek, Ken Keefe, William H. Sanders, and Carol Muehrcke. (2010). Characterizing the Behavior of Cyber Adversaries: The Means, Motive, and Opportunity of Cyberattacks. Retrieved March 5, 2017.