MITRE Shield will be retired on October 18th in favor of MITRE Engage. To learn more, click here.


Guide an adversary down a specific path or in a specific direction.

Channel is used to guide an adversary down a specific path or in a specific direction. A defender can channel an adversary away from important systems or network segments and towards decoy systems or hardened devices. They could also attempt to channel an adversary based on the content that you provide. Channeling can be used to waste an adversary's time, make them expend additional resources, or allow defenders to study their behaviors.

ID: DTA0001


DTE0001 - Admin Access Modify a user's administrative privileges.
DTE0003 - API Monitoring Monitor local APIs that might be used by adversary tools and activity.
DTE0004 - Application Diversity Present the adversary with a variety of installed applications and services.
DTE0010 - Decoy Account Create an account that is used for active defense purposes.
DTE0011 - Decoy Content Seed content that can be used to lead an adversary in a specific direction, entice a behavior, etc.
DTE0012 - Decoy Credentials Create user credentials that are used for active defense purposes.
DTE0013 - Decoy Diversity Deploy a set of decoy systems with different OS and software configurations.
DTE0014 - Decoy Network Create a target network with a set of target systems, for the purpose of active defense.
DTE0015 - Decoy Persona Develop personal information (aka a backstory) about a user and plant data to support that backstory.
DTE0016 - Decoy Process Execute software on a target system for the purposes of the defender.
DTE0017 - Decoy System Configure a computing system to serve as an attack target or experimental environment.
DTE0018 - Detonate Malware Execute malware under controlled conditions to analyze its functionality.
DTE0023 - Migrate Attack Vector Move a malicious link, file, or device from its intended location to a decoy system or network for execution/use.
DTE0025 - Network Diversity Use a diverse set of devices on the network to help establish the legitimacy of a decoy network.
DTE0026 - Network Manipulation Make changes to network properties and functions to achieve a desired effect.
DTE0029 - Peripheral Management Manage peripheral devices used on systems within the network for active defense purposes.
DTE0030 - Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
DTE0032 - Security Controls Alter security controls to make the system more or less vulnerable to attack.
DTE0036 - Software Manipulation Make changes to a system's software properties and functions to achieve a desired effect.