This deliverable for the CS-AWARE project is the third in an iterative series of three deliverables (D2.1 System and dependency analysis (first iteration) – Cybersecurity requirements for local public administrations, D2.2 System and dependency analysis (second iteration) – Pilot scenario definition and D2.3 System and dependency analysis (third iteration) – Pilot scenario specification and selfhealing strategies) that are delivered throughout the project run time. The third iteration picks up on the results of the first two iterations, with a focus on providing the final link between the analysis results and the technological part of the CS-AWARE solution. To that end, the deliverable reports on the results of the third iteration of system and dependency analysis workshops with the pilot municipalities, informing the definition of cybersecurity monitoring patterns and self-healing policies, the results of which are reported in this deliverable as well. The third round of system and dependency workshops continues the analysis of the first (assets, dependencies, monitoring points) and second round (business processes and information flows) and adds the dimension of system behaviour to the analysis results. The behaviour of system elements during day-to-day operations according to the identified business processes, and how this reflects in the data sources CS-AWARE collects, is a crucial input for the definition accurate and relevant monitoring patterns. The definition of cybersecurity monitoring patterns constitutes the internal event detection logic of the CS-AWARE technology and is a crucial aspect for providing cybersecurity awareness. The resulting patterns were validated through the consent of CS-AWARE security and data analysis experts as well as the employees of the Municipalities (users, administrators, managers) who ultimately are the ones the cybersecurity awareness is intended for. The CS-AWARE system requirements in this context have been fulfilled. Similarly, self-healing policies have been defined that allow mitigation of events detected by cybersecurity patterns in an automated way. The CS-AWARE system requirements regarding self-healing have been partially fulfilled at this point due to outstanding pilot validation. While the policies have been defined based on the consent of CS-AWARE security experts, a final validation of those policies in the context of the second and third phase of piloting in line with the CS-AWARE project plan has yet to be conducted.