We welcome your feedback about MITRE Engage™ v0.9 Beta: Email us at engage@mitre.org


Activities are the concrete techniques you employ to progress towards achieving your big objectives.

Activities in Engage can be Engagement Activities or Strategic Activities. Strategic Activities help you to focus on the steps you must complete before, during, and after an operation to ensure that your activities are aligned with your overall strategy. Strategic Activities help ensure that your operations of today inform your operations of tomorrow. All Strategic Activities have an ID that starts with SAC. Engagement Activities help you to identify what actions you would like to take against your adversary and help you to drive progress towards that impact. All Engagement Activities have an ID that starts with EAC.

Check out each of the various Activities below for an in-depth discussion on each specific Activity.

Strategic Activities

Strategic Goal Define the objective of the desired end-state of your adversary engagement operations. SAC0001
Persona Creation Plan and create a fictitious human user through a combination of planted data and revealed behavior patterns in support of your strategic objectives SAC0002
Storyboarding Plan and create the deception story. SAC0003
Develop Threat Model Identify, understand, and prioritize potential engagement targets. SAC0004
Define Exit Criteria Define the set of events that would lead to the unnegotiable conclusion to the operation. SAC0005
Hotwash Review the retrospective of operational activities. SAC0006
Refine Operation Activities Update and improve the implementation of operational activities to better achieve the strategic goal. SAC0007
Distill Intelligence Turn raw data gained during an operation into actionable intelligence. SAC0008
Inform Threat Model Update existing threat models based on intelligence gained during engagement operation. SAC0009

Engagement Activities

API Monitoring Monitor local APIs that might be used by adversary tools and activity. EAC0001
Network Monitoring Monitor network traffic in order to detect adversary activity. EAC0002
System Activity Monitoring Collect system activity logs that can reveal adversary activity. EAC0003
Network Analysis Analyze network traffic to gain intelligence on communications between systems. EAC0004
Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story. EAC0005
Application Diversity Present the adversary with a variety of installed applications and services. EAC0006
Network Diversity Use a diverse set of devices on the network to help establish the legitimacy of a decoy network. EAC0007
Burn-In Exercise a target system in a manner where it will generate desirable system artifacts. EAC0008
Email Manipulation Modify the flow of email in the environment. EAC0009
Peripheral Management Manage peripheral devices used on systems within the network for engagement purposes. EAC0010
Pocket Litter Place data on a system to reinforce the legitimacy of the system or user. EAC0011
Personas Create fictitious human user(s) through a combination of planted data and revealed behavior patterns. EAC0012
Detonate Malware Execute malware under controlled conditions to analyze its functionality. EAC0013
Software Manipulation Make changes to a system's software properties and functions to achieve a desired effect. EAC0014
Information Manipulation Conceal and reveal both facts and fictions to support a deception story EAC0015
Network Manipulation Make changes to network properties and functions to achieve a desired effect. EAC0016
Hardware Manipulation Alter the hardware configuration of a system to limit what an adversary can do with the device. EAC0017
Security Controls Alter security controls to make the system more or less vulnerable to attack. EAC0018
Baseline Identify key system elements to establish a baseline and be prepared to reset a system to that baseline when necessary. EAC0019
Isolation Configure devices, systems, networks, etc. to contain activity and data, thus preventing the expansion an engagement beyond desired limits. EAC0020
Migrate Attack Vector Move a malicious link, file, or device from its intended location to a decoy system or network for execution/use. EAC0021
Artifact Diversity Present the adversary with a variety of network and system artifacts. EAC0022