Present the adversary with a variety of network and system artifacts.
Artifact Diversity means presenting multiple network and system artifacts to the adversary including accounts, files/directories, credentials, logs, web browsing history, browser cookies, etc. These artifacts can be legitimate artifacts created as the result of natural usage over time or manually added to the environment by the defender. Artifact Diversity can be used to encourage the adversary to engage by offering a broad attack surface or can increase the adversary's overall comfort level by adding to the believability of the environment.
Additionally, these artifacts can be decoy artifacts intended to elicit a specific response from the adversary. In any case, by monitoring adversary activity in a diverse environment, the defender can gain information on the adversary's capabilities and targeting preferences. For example, a defender can include a diverse set of accounts and credentials and then monitor to determine which accounts the adversary targets in the future.
|ATT&CK® Tactics||Adversary Vulnerability Presented|
|Discovery, Persistence, Execution, Impact, Collection, Defense Evasion, Credential Access, Reconnaissance, Initial Access||When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to reveal their targetting preferences and capabilities|