We welcome your feedback about MITRE Engage™ v0.9 Beta: Email us at engage@mitre.org


Gather adversary tools, observe tactics, and collect other raw intelligence about the adversary's activity.

Collection is used to gather information about an adversary or their activities. This collection can include gathering system logs, network traffic, adversary artifacts, or other data that can be used to expose adversary activity. In many cases, Collection activities are also good cybersecurity practices. However, in Engage, these activities will focus exclusively on the intersection of denial, deception, and adversary engagement technologies and the defender’s ability to Expose the adversary.

ID: EAP0001
Type:  Engagement
Goals:  Expose


Activity NameDescriptionID
API Monitoring Monitor local APIs that might be used by adversary tools and activity. EAC0001
Network Monitoring Monitor network traffic in order to detect adversary activity. EAC0002
Software Manipulation Make changes to a system's software properties and functions to achieve a desired effect. EAC0014
System Activity Monitoring Collect system activity logs that can reveal adversary activity. EAC0003