Build Guidance for Adversary Engagement Operations

This document details the best practices used by the MITRE Engage Team to setup the environment for an adversary engagement operation.

To conduct adversary safe and effective engagement operations, it is necessary to build two distinct environments: a Collection System (CS) for monitoring and an Engagement Environment (EE) for the interaction. The Collection System is the set of systems used to gather artifacts and other data from an operation to monitor the engagement. The Engagement Environment is the set of carefully tailored, highly instrumented systems designed on an engagement-by-engagement basis as the backdrop to the engagement narrative. It is the actual environment that the adversary will operate in. This document details the best practices used by the MITRE Engage™ Team to setup the environment for an adversary engagement operation.