The
Diamond Model connects four intrusion elements: Adversary ↔ Capability ↔ Infrastructure ↔ Victim. Each intrusion event links these elements, enabling analyst pivoting.
Diamond Model enables pivoting: know the adversary's infrastructure → find other victims. Know the capability (malware) → find other intrusions using same tool. Complements Kill Chain and ATT&CK. Used for intelligence-driven incident analysis.