MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity

Delete Engage directory

pull/284/head
th3r3d 2024-08-22 11:42:17 +02:00 committed by GitHub
parent 5f1cb059df
commit 4039bcc705
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 0 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

234
Engage/machinetag.json
View File

@ -1,234 +0,0 @@
{
"name": "Engage",
"description": "MITRE Engage Framework Taxonomy: Structured around Engage Goals, Approaches, and Actions.",
"version": 1,
"author": "DCG420",
"category": "Mitigation",
"values": [
{
"value": "goals",
"expanded": "Engage Goals",
"description": "The high-level objectives aimed at influencing or understanding adversary behavior.",
"children": [
{
"value": "expose",
"expanded": "Expose (EGO0001)",
"description": "Reveal adversary actions, intentions, or vulnerabilities."
},
{
"value": "affect",
"expanded": "Affect (EGO0002)",
"description": "Influence or alter adversary behaviors, decisions, or operations."
},
{
"value": "elicit",
"expanded": "Elicit (EGO0003)",
"description": "Draw out responses or actions from the adversary."
}
]
},
{
"value": "strategic_goals",
"expanded": "Strategic Goals",
"description": "Long-term objectives to ensure preparedness and understanding of adversary behavior.",
"children": [
{
"value": "prepare",
"expanded": "Prepare (SGO0001)",
"description": "Establish readiness and resilience to address adversary activities."
},
{
"value": "understand",
"expanded": "Understand (SGO0002)",
"description": "Gain insights into adversary tactics and motivations."
}
]
},
{
"value": "approaches",
"expanded": "Engage Approaches",
"description": "The methods used to achieve the Engage Goals.",
"children": [
{
"value": "collect",
"expanded": "Collect (EAP0001)",
"description": "Gather relevant information or intelligence.",
"children": [
{
"value": "gather_intelligence",
"expanded": "Gather Intelligence from Open Sources",
"description": "Collecting information from publicly available sources to understand adversary activities."
},
{
"value": "network_traffic_analysis",
"expanded": "Conduct Network Traffic Analysis",
"description": "Analyzing network traffic to identify suspicious activities or patterns."
}
]
},
{
"value": "detect",
"expanded": "Detect (EAP0002)",
"description": "Identify adversary activities or indicators of compromise.",
"children": [
{
"value": "deploy_ids",
"expanded": "Deploy Intrusion Detection Systems",
"description": "Implementing IDS to monitor and detect unauthorized access or activities."
},
{
"value": "monitor_user_behavior",
"expanded": "Monitor User Behavior for Anomalies",
"description": "Tracking user activities to identify unusual or suspicious behavior patterns."
},
{
"value": "introduce_perception_of_detection",
"expanded": "Introduce Perception of Detection",
"description": "Making the adversary believe they have been or might be detected, influencing their behavior."
}
]
},
{
"value": "prevent",
"expanded": "Prevent (EAP0003)",
"description": "Implement measures to stop adversary actions before they occur.",
"children": [
{
"value": "implement_access_controls",
"expanded": "Implement Access Controls",
"description": "Enforcing strict access policies to prevent unauthorized access."
},
{
"value": "apply_patches",
"expanded": "Apply Patches and Updates Regularly",
"description": "Ensuring that all software and systems are up-to-date to close vulnerabilities."
}
]
},
{
"value": "direct",
"expanded": "Direct (EAP0004)",
"description": "Influence or guide adversary actions in a desired direction.",
"children": [
{
"value": "create_decoy_systems",
"expanded": "Create Decoy Systems",
"description": "Deploying systems designed to attract adversaries and gather intelligence on their methods."
},
{
"value": "deploy_misinformation",
"expanded": "Deploy Misinformation Campaigns",
"description": "Spreading false information to mislead adversaries."
}
]
},
{
"value": "disrupt",
"expanded": "Disrupt (EAP0005)",
"description": "Interrupt or hinder adversary operations.",
"children": [
{
"value": "disrupt_c2",
"expanded": "Disrupt Command and Control Channels",
"description": "Targeting adversary communication channels to break their operational effectiveness."
},
{
"value": "disable_infrastructure",
"expanded": "Disable Adversary Infrastructure",
"description": "Taking down or disabling servers, networks, or tools used by adversaries."
},
{
"value": "introduce_friction",
"expanded": "Introduce Friction",
"description": "Adding delays or complications to disrupt adversary activities."
}
]
},
{
"value": "reassure",
"expanded": "Reassure (EAP0006)",
"description": "Provide confidence to stakeholders or allies.",
"children": [
{
"value": "issue_public_statements",
"expanded": "Issue Public Statements",
"description": "Communicating openly to reassure the public or stakeholders of ongoing efforts."
},
{
"value": "engage_diplomatic_measures",
"expanded": "Engage in Diplomatic Measures",
"description": "Working with international partners to address cybersecurity concerns."
}
]
},
{
"value": "motivate",
"expanded": "Motivate (EAP0007)",
"description": "Encourage or drive certain behaviors.",
"children": [
{
"value": "incentivize_compliance",
"expanded": "Incentivize Compliance",
"description": "Offering rewards or benefits to encourage adherence to security policies."
},
{
"value": "support_allied_efforts",
"expanded": "Support Allied Cybersecurity Efforts",
"description": "Providing assistance or resources to partners or allies in their cybersecurity efforts."
},
{
"value": "increase_opportunity_cost",
"expanded": "Increase Opportunity Cost",
"description": "Raising the resources required by the adversary to achieve their objectives, making the attack less appealing."
}
]
},
{
"value": "confuse",
"expanded": "Confuse (EAP0008)",
"description": "Provide misleading or contradictory information to disrupt the adversarys understanding and decision-making.",
"children": [
{
"value": "mislead",
"expanded": "Mislead",
"description": "Directing the adversary toward incorrect conclusions through false information or deceptive practices."
},
{
"value": "introduce_ambiguity",
"expanded": "Introduce Ambiguity",
"description": "Creating uncertainty for the adversary by altering the information or environment they rely on."
}
]
},
{
"value": "exhaust",
"expanded": "Exhaust (EAP0009)",
"description": "Deplete the adversarys resources, such as time, effort, or tools, to reduce their effectiveness.",
"children": [
{
"value": "exhaust_resources",
"expanded": "Exhaust Resources",
"description": "Using tactics to drain adversary resources and reduce their operational effectiveness."
}
]
}
]
},
{
"value": "strategic_approaches",
"expanded": "Strategic Approaches",
"children": [
{
"value": "plan",
"expanded": "Plan (SAP0001)",
"description": "Develop strategies and actions to address adversary behavior."
},
{
"value": "analyze",
"expanded": "Analyze (SAP0002)",
"description": "Examine information and intelligence to understand adversary TTPs."
}
]
}
]
}