Gather adversary tools, observe tactics, and collect other raw intelligence about the adversary's activity.
Collection is used to gather information about an adversary or their activities. This collection can include gathering system logs, network traffic, adversary artifacts, or other data that can be used to expose adversary activity. In many cases, Collection activities are also good cybersecurity practices. However, in Engage, these activities will focus exclusively on the intersection of denial, deception, and adversary engagement technologies and the defender’s ability to Expose the adversary.
|API Monitoring||Monitor local APIs that might be used by adversary tools and activity.||EAC0001|
|Network Monitoring||Monitor network traffic in order to detect adversary activity.||EAC0002|
|Software Manipulation||Make changes to a system's software properties and functions to achieve a desired effect.||EAC0014|
|System Activity Monitoring||Collect system activity logs that can reveal adversary activity.||EAC0003|