Learn about adversaries tactics, techniques, and procedures.
Elicit encourages adversaries to reveal additional or more advanced TTPs and goals while operating in defender-controlled engagement environments. These high-fidelity, synthetic engagement environments are uniquely tailored to engage with specific adversaries. They may contain a combination of documents, browser artifacts, etc. to reassure an adversary and reduce suspicion. Further, they may offer enticing data and exploitable vulnerabilities to motivate an adversary to operate in the defender's environment.
These environments can either be left as a dangle, i.e., honeypot. Other times, the defender may self-infect with malware. In either case, observing an adversary as they operate can provide organizations with actionable cyber threat intelligence and potential understanding of the adversary’s goals.
Engage defines two approaches to make progress towards the Elicit goal.
|Reassurance||Add authenticity to deceptive components to convince an adversary that an environment is real.||EAP0006|
|Motivation||Encourage an adversary to conduct part or all of their mission.||EAP0007|