Encourage or discourage the adversary from conducting their operation as intended.
Direction focuses on moving the adversary towards or away from an intended path. This forced direction can be accomplished by removing or disabling some resources, while adding or enabling others. The defender can add decoy articles or otherwise manipulate the environment to attempt to elicit specific responses from the adversary. Additionally, the defender can tighten some security controls while leaving others overly permissive or weakened. Finally, the defender can physically move the adversary by moving threats from their intended environment and into a safe engagement environment.
For example, a suspicious email attachment can be moved from the intended target to an engagement environment for analysis. No matter how the Direction is achieved, the defender hopes to force the adversary to take unintended actions, or stop intended actions.
|Decoy Artifacts and Systems||Introduce impersonations to expand the scope of a deceptive story.||EAC0005|
|Detonate Malware||Execute malware under controlled conditions to analyze its functionality.||EAC0013|
|Email Manipulation||Modify the flow of email in the environment.||EAC0009|
|Migrate Attack Vector||Move a malicious link, file, or device from its intended location to a decoy system or network for execution/use.||EAC0021|
|Network Manipulation||Make changes to network properties and functions to achieve a desired effect.||EAC0016|
|Peripheral Management||Manage peripheral devices used on systems within the network for engagement purposes.||EAC0010|
|Security Controls||Alter security controls to make the system more or less vulnerable to attack.||EAC0018|
|Software Manipulation||Make changes to a system's software properties and functions to achieve a desired effect.||EAC0014|