We welcome your feedback about MITRE Engage v0.9 Beta: Email us at engage@mitre.org

Direction

Encourage or discourage the adversary from conducting their operation as intended.

Direction focuses on moving the adversary towards or away from an intended path. This forced direction can be accomplished by removing or disabling some resources, while adding or enabling others. The defender can add decoy articles or otherwise manipulate the environment to attempt to elicit specific responses from the adversary. Additionally, the defender can tighten some security controls while leaving others overly permissive or weakened. Finally, the defender can physically move the adversary by moving threats from their intended environment and into a safe engagement environment.

For example, a suspicious email attachment can be moved from the intended target to an engagement environment for analysis. No matter how the Direction is achieved, the defender hopes to force the adversary to take unintended actions, or stop intended actions.

Details
ID: EAP0004
Type:  Engagement
Goals:  Affect

Activities

Activity NameDescriptionID
Decoy Artifacts and Systems Introduce impersonations to expand the scope of a deceptive story. EAC0005
Detonate Malware Execute malware under controlled conditions to analyze its functionality. EAC0013
Email Manipulation Modify the flow of email in the environment. EAC0009
Migrate Attack Vector Move a malicious link, file, or device from its intended location to a decoy system or network for execution/use. EAC0021
Network Manipulation Make changes to network properties and functions to achieve a desired effect. EAC0016
Peripheral Management Manage peripheral devices used on systems within the network for engagement purposes. EAC0010
Security Controls Alter security controls to make the system more or less vulnerable to attack. EAC0018
Software Manipulation Make changes to a system's software properties and functions to achieve a desired effect. EAC0014