235 lines
8.9 KiB
JSON
235 lines
8.9 KiB
JSON
{
|
||
"name": "Engage",
|
||
"description": "MITRE Engage Framework Taxonomy: Structured around Engage Goals, Approaches, and Actions.",
|
||
"version": 1,
|
||
"author": "DCG420",
|
||
"category": "Mitigation",
|
||
"values": [
|
||
{
|
||
"value": "goals",
|
||
"expanded": "Engage Goals",
|
||
"description": "The high-level objectives aimed at influencing or understanding adversary behavior.",
|
||
"children": [
|
||
{
|
||
"value": "expose",
|
||
"expanded": "Expose (EGO0001)",
|
||
"description": "Reveal adversary actions, intentions, or vulnerabilities."
|
||
},
|
||
{
|
||
"value": "affect",
|
||
"expanded": "Affect (EGO0002)",
|
||
"description": "Influence or alter adversary behaviors, decisions, or operations."
|
||
},
|
||
{
|
||
"value": "elicit",
|
||
"expanded": "Elicit (EGO0003)",
|
||
"description": "Draw out responses or actions from the adversary."
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "strategic_goals",
|
||
"expanded": "Strategic Goals",
|
||
"description": "Long-term objectives to ensure preparedness and understanding of adversary behavior.",
|
||
"children": [
|
||
{
|
||
"value": "prepare",
|
||
"expanded": "Prepare (SGO0001)",
|
||
"description": "Establish readiness and resilience to address adversary activities."
|
||
},
|
||
{
|
||
"value": "understand",
|
||
"expanded": "Understand (SGO0002)",
|
||
"description": "Gain insights into adversary tactics and motivations."
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "approaches",
|
||
"expanded": "Engage Approaches",
|
||
"description": "The methods used to achieve the Engage Goals.",
|
||
"children": [
|
||
{
|
||
"value": "collect",
|
||
"expanded": "Collect (EAP0001)",
|
||
"description": "Gather relevant information or intelligence.",
|
||
"children": [
|
||
{
|
||
"value": "gather_intelligence",
|
||
"expanded": "Gather Intelligence from Open Sources",
|
||
"description": "Collecting information from publicly available sources to understand adversary activities."
|
||
},
|
||
{
|
||
"value": "network_traffic_analysis",
|
||
"expanded": "Conduct Network Traffic Analysis",
|
||
"description": "Analyzing network traffic to identify suspicious activities or patterns."
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "detect",
|
||
"expanded": "Detect (EAP0002)",
|
||
"description": "Identify adversary activities or indicators of compromise.",
|
||
"children": [
|
||
{
|
||
"value": "deploy_ids",
|
||
"expanded": "Deploy Intrusion Detection Systems",
|
||
"description": "Implementing IDS to monitor and detect unauthorized access or activities."
|
||
},
|
||
{
|
||
"value": "monitor_user_behavior",
|
||
"expanded": "Monitor User Behavior for Anomalies",
|
||
"description": "Tracking user activities to identify unusual or suspicious behavior patterns."
|
||
},
|
||
{
|
||
"value": "introduce_perception_of_detection",
|
||
"expanded": "Introduce Perception of Detection",
|
||
"description": "Making the adversary believe they have been or might be detected, influencing their behavior."
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "prevent",
|
||
"expanded": "Prevent (EAP0003)",
|
||
"description": "Implement measures to stop adversary actions before they occur.",
|
||
"children": [
|
||
{
|
||
"value": "implement_access_controls",
|
||
"expanded": "Implement Access Controls",
|
||
"description": "Enforcing strict access policies to prevent unauthorized access."
|
||
},
|
||
{
|
||
"value": "apply_patches",
|
||
"expanded": "Apply Patches and Updates Regularly",
|
||
"description": "Ensuring that all software and systems are up-to-date to close vulnerabilities."
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "direct",
|
||
"expanded": "Direct (EAP0004)",
|
||
"description": "Influence or guide adversary actions in a desired direction.",
|
||
"children": [
|
||
{
|
||
"value": "create_decoy_systems",
|
||
"expanded": "Create Decoy Systems",
|
||
"description": "Deploying systems designed to attract adversaries and gather intelligence on their methods."
|
||
},
|
||
{
|
||
"value": "deploy_misinformation",
|
||
"expanded": "Deploy Misinformation Campaigns",
|
||
"description": "Spreading false information to mislead adversaries."
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "disrupt",
|
||
"expanded": "Disrupt (EAP0005)",
|
||
"description": "Interrupt or hinder adversary operations.",
|
||
"children": [
|
||
{
|
||
"value": "disrupt_c2",
|
||
"expanded": "Disrupt Command and Control Channels",
|
||
"description": "Targeting adversary communication channels to break their operational effectiveness."
|
||
},
|
||
{
|
||
"value": "disable_infrastructure",
|
||
"expanded": "Disable Adversary Infrastructure",
|
||
"description": "Taking down or disabling servers, networks, or tools used by adversaries."
|
||
},
|
||
{
|
||
"value": "introduce_friction",
|
||
"expanded": "Introduce Friction",
|
||
"description": "Adding delays or complications to disrupt adversary activities."
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "reassure",
|
||
"expanded": "Reassure (EAP0006)",
|
||
"description": "Provide confidence to stakeholders or allies.",
|
||
"children": [
|
||
{
|
||
"value": "issue_public_statements",
|
||
"expanded": "Issue Public Statements",
|
||
"description": "Communicating openly to reassure the public or stakeholders of ongoing efforts."
|
||
},
|
||
{
|
||
"value": "engage_diplomatic_measures",
|
||
"expanded": "Engage in Diplomatic Measures",
|
||
"description": "Working with international partners to address cybersecurity concerns."
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "motivate",
|
||
"expanded": "Motivate (EAP0007)",
|
||
"description": "Encourage or drive certain behaviors.",
|
||
"children": [
|
||
{
|
||
"value": "incentivize_compliance",
|
||
"expanded": "Incentivize Compliance",
|
||
"description": "Offering rewards or benefits to encourage adherence to security policies."
|
||
},
|
||
{
|
||
"value": "support_allied_efforts",
|
||
"expanded": "Support Allied Cybersecurity Efforts",
|
||
"description": "Providing assistance or resources to partners or allies in their cybersecurity efforts."
|
||
},
|
||
{
|
||
"value": "increase_opportunity_cost",
|
||
"expanded": "Increase Opportunity Cost",
|
||
"description": "Raising the resources required by the adversary to achieve their objectives, making the attack less appealing."
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "confuse",
|
||
"expanded": "Confuse (EAP0008)",
|
||
"description": "Provide misleading or contradictory information to disrupt the adversary’s understanding and decision-making.",
|
||
"children": [
|
||
{
|
||
"value": "mislead",
|
||
"expanded": "Mislead",
|
||
"description": "Directing the adversary toward incorrect conclusions through false information or deceptive practices."
|
||
},
|
||
{
|
||
"value": "introduce_ambiguity",
|
||
"expanded": "Introduce Ambiguity",
|
||
"description": "Creating uncertainty for the adversary by altering the information or environment they rely on."
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "exhaust",
|
||
"expanded": "Exhaust (EAP0009)",
|
||
"description": "Deplete the adversary’s resources, such as time, effort, or tools, to reduce their effectiveness.",
|
||
"children": [
|
||
{
|
||
"value": "exhaust_resources",
|
||
"expanded": "Exhaust Resources",
|
||
"description": "Using tactics to drain adversary resources and reduce their operational effectiveness."
|
||
}
|
||
]
|
||
}
|
||
]
|
||
},
|
||
{
|
||
"value": "strategic_approaches",
|
||
"expanded": "Strategic Approaches",
|
||
"children": [
|
||
{
|
||
"value": "plan",
|
||
"expanded": "Plan (SAP0001)",
|
||
"description": "Develop strategies and actions to address adversary behavior."
|
||
},
|
||
{
|
||
"value": "analyze",
|
||
"expanded": "Analyze (SAP0002)",
|
||
"description": "Examine information and intelligence to understand adversary TTPs."
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|