diff --git a/Engage/machinetag.json b/Engage/machinetag.json deleted file mode 100644 index bf776c4..0000000 --- a/Engage/machinetag.json +++ /dev/null @@ -1,234 +0,0 @@ -{ - "name": "Engage", - "description": "MITRE Engage Framework Taxonomy: Structured around Engage Goals, Approaches, and Actions.", - "version": 1, - "author": "DCG420", - "category": "Mitigation", - "values": [ - { - "value": "goals", - "expanded": "Engage Goals", - "description": "The high-level objectives aimed at influencing or understanding adversary behavior.", - "children": [ - { - "value": "expose", - "expanded": "Expose (EGO0001)", - "description": "Reveal adversary actions, intentions, or vulnerabilities." - }, - { - "value": "affect", - "expanded": "Affect (EGO0002)", - "description": "Influence or alter adversary behaviors, decisions, or operations." - }, - { - "value": "elicit", - "expanded": "Elicit (EGO0003)", - "description": "Draw out responses or actions from the adversary." - } - ] - }, - { - "value": "strategic_goals", - "expanded": "Strategic Goals", - "description": "Long-term objectives to ensure preparedness and understanding of adversary behavior.", - "children": [ - { - "value": "prepare", - "expanded": "Prepare (SGO0001)", - "description": "Establish readiness and resilience to address adversary activities." - }, - { - "value": "understand", - "expanded": "Understand (SGO0002)", - "description": "Gain insights into adversary tactics and motivations." - } - ] - }, - { - "value": "approaches", - "expanded": "Engage Approaches", - "description": "The methods used to achieve the Engage Goals.", - "children": [ - { - "value": "collect", - "expanded": "Collect (EAP0001)", - "description": "Gather relevant information or intelligence.", - "children": [ - { - "value": "gather_intelligence", - "expanded": "Gather Intelligence from Open Sources", - "description": "Collecting information from publicly available sources to understand adversary activities." - }, - { - "value": "network_traffic_analysis", - "expanded": "Conduct Network Traffic Analysis", - "description": "Analyzing network traffic to identify suspicious activities or patterns." - } - ] - }, - { - "value": "detect", - "expanded": "Detect (EAP0002)", - "description": "Identify adversary activities or indicators of compromise.", - "children": [ - { - "value": "deploy_ids", - "expanded": "Deploy Intrusion Detection Systems", - "description": "Implementing IDS to monitor and detect unauthorized access or activities." - }, - { - "value": "monitor_user_behavior", - "expanded": "Monitor User Behavior for Anomalies", - "description": "Tracking user activities to identify unusual or suspicious behavior patterns." - }, - { - "value": "introduce_perception_of_detection", - "expanded": "Introduce Perception of Detection", - "description": "Making the adversary believe they have been or might be detected, influencing their behavior." - } - ] - }, - { - "value": "prevent", - "expanded": "Prevent (EAP0003)", - "description": "Implement measures to stop adversary actions before they occur.", - "children": [ - { - "value": "implement_access_controls", - "expanded": "Implement Access Controls", - "description": "Enforcing strict access policies to prevent unauthorized access." - }, - { - "value": "apply_patches", - "expanded": "Apply Patches and Updates Regularly", - "description": "Ensuring that all software and systems are up-to-date to close vulnerabilities." - } - ] - }, - { - "value": "direct", - "expanded": "Direct (EAP0004)", - "description": "Influence or guide adversary actions in a desired direction.", - "children": [ - { - "value": "create_decoy_systems", - "expanded": "Create Decoy Systems", - "description": "Deploying systems designed to attract adversaries and gather intelligence on their methods." - }, - { - "value": "deploy_misinformation", - "expanded": "Deploy Misinformation Campaigns", - "description": "Spreading false information to mislead adversaries." - } - ] - }, - { - "value": "disrupt", - "expanded": "Disrupt (EAP0005)", - "description": "Interrupt or hinder adversary operations.", - "children": [ - { - "value": "disrupt_c2", - "expanded": "Disrupt Command and Control Channels", - "description": "Targeting adversary communication channels to break their operational effectiveness." - }, - { - "value": "disable_infrastructure", - "expanded": "Disable Adversary Infrastructure", - "description": "Taking down or disabling servers, networks, or tools used by adversaries." - }, - { - "value": "introduce_friction", - "expanded": "Introduce Friction", - "description": "Adding delays or complications to disrupt adversary activities." - } - ] - }, - { - "value": "reassure", - "expanded": "Reassure (EAP0006)", - "description": "Provide confidence to stakeholders or allies.", - "children": [ - { - "value": "issue_public_statements", - "expanded": "Issue Public Statements", - "description": "Communicating openly to reassure the public or stakeholders of ongoing efforts." - }, - { - "value": "engage_diplomatic_measures", - "expanded": "Engage in Diplomatic Measures", - "description": "Working with international partners to address cybersecurity concerns." - } - ] - }, - { - "value": "motivate", - "expanded": "Motivate (EAP0007)", - "description": "Encourage or drive certain behaviors.", - "children": [ - { - "value": "incentivize_compliance", - "expanded": "Incentivize Compliance", - "description": "Offering rewards or benefits to encourage adherence to security policies." - }, - { - "value": "support_allied_efforts", - "expanded": "Support Allied Cybersecurity Efforts", - "description": "Providing assistance or resources to partners or allies in their cybersecurity efforts." - }, - { - "value": "increase_opportunity_cost", - "expanded": "Increase Opportunity Cost", - "description": "Raising the resources required by the adversary to achieve their objectives, making the attack less appealing." - } - ] - }, - { - "value": "confuse", - "expanded": "Confuse (EAP0008)", - "description": "Provide misleading or contradictory information to disrupt the adversary’s understanding and decision-making.", - "children": [ - { - "value": "mislead", - "expanded": "Mislead", - "description": "Directing the adversary toward incorrect conclusions through false information or deceptive practices." - }, - { - "value": "introduce_ambiguity", - "expanded": "Introduce Ambiguity", - "description": "Creating uncertainty for the adversary by altering the information or environment they rely on." - } - ] - }, - { - "value": "exhaust", - "expanded": "Exhaust (EAP0009)", - "description": "Deplete the adversary’s resources, such as time, effort, or tools, to reduce their effectiveness.", - "children": [ - { - "value": "exhaust_resources", - "expanded": "Exhaust Resources", - "description": "Using tactics to drain adversary resources and reduce their operational effectiveness." - } - ] - } - ] - }, - { - "value": "strategic_approaches", - "expanded": "Strategic Approaches", - "children": [ - { - "value": "plan", - "expanded": "Plan (SAP0001)", - "description": "Develop strategies and actions to address adversary behavior." - }, - { - "value": "analyze", - "expanded": "Analyze (SAP0002)", - "description": "Examine information and intelligence to understand adversary TTPs." - } - ] - } - ] -}