There are many approaches to net defense that have been used in operations, and some are more successful than others. The challenge of defending the network still relies more on craft than science. There are acceptable approaches to hardening the perimeter focusing on access controls and signatures, but that information needs to be shared to evaluate the nature of the threat and how to classify it. There are many issues that must be overcome and even more approaches to those challenges. In this presentation, Timur Snoke proposes combining the threat assessment native to the Cyber Kill Chain and the attribution capability of the Diamond model to provide reporting that is both portable and actionable outside an organization without risk of exposure for the net defender’s customers.