MITRE Engage

• "MITRE Engage is a framework for planning and discussing adversary engagement operations that empowers you to engage your adversaries and achieve your cybersecurity goals."^[1]
  • Basically, it's a framework for active defensive measures; you Expose, Affect (impact operations), and Elicit information from the adversaries
• Uses a matrix similar to MITRE ATT&CK
  • Expose - Reveal adversary activites
    • Collect - Passively gathering information from various sources
    • Detect - Laying traps and analyzing information from gathered information
  • Affect - Negatively impact adversary activities
    • Prevent - Stop adversary behavior
    • Direct - Encourage/discourage adversary behavior
      • Has some overlap with Detect
    • Disrupt - "Impair an adversary’s ability to conduct their operation as intended."^[2]
      • Frankly a little vague, but basically doing things to give the adversary a headache; impact network bandwidth, provide false information, etc.
  • Elicit - Trick the adversary into revealing additional information about their TTPs
    • Reassure - Convince adversaries the decoys are real
    • Motivate - Create a safe "target-rich environment" for the adversary to act in that encourages them to reveal TTPs

Metadata

Sources

MITRE Engage™ | An Adversary Engagement Framework from MITRE
Starter Kit | MITRE Engage™

Tags

#tools_sec