We have a blog! Check out MITRE Shield on Medium.

Detect

Establish or maintain awareness into what an adversary is doing.

Detect is used to establish or maintain awareness into what an adversary is doing. This could be accomplished by introducing a tripwire that alerts when an adversary touches a system or resource. It could also be accomplished by using end-point or network tools.

Details
ID: DTA0004

Techniques

TechniqueDescription
DTE0003 - API Monitoring Monitor local APIs that might be used by adversary tools and activity.
DTE0004 - Application Diversity Present the adversary with a variety of installed applications and services.
DTE0007 - Behavioral Analytics Deploy tools that detect unusual system or user behavior.
DTE0010 - Decoy Account Create an account that is used for active defense purposes.
DTE0011 - Decoy Content Seed content that can be used to lead an adversary in a specific direction, entice a behavior, etc.
DTE0012 - Decoy Credentials Create user credentials that are used for active defense purposes.
DTE0014 - Decoy Network Create a target network with a set of target systems, for the purpose of active defense.
DTE0017 - Decoy System Configure a computing system to serve as an attack target or experimental environment.
DTE0019 - Email Manipulation Modify the flow or contents of email.
DTE0021 - Hunting The process of searching for the presence of or information about an adversary.
DTE0022 - Isolation Configure devices, systems, networks, etc. to contain activity and data in order to promote inspection or prevent expanding an engagement beyond desired limits.
DTE0026 - Network Manipulation Make changes to network properties and functions to achieve a desired effect.
DTE0027 - Network Monitoring Monitor network traffic in order to detect adversary activity.
DTE0028 - PCAP Collection Collect full network traffic for future research and analysis.
DTE0030 - Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.
DTE0031 - Protocol Decoder Use software designed to deobfuscate or decrypt adversary command and control (C2) or data exfiltration traffic.
DTE0033 - Standard Operating Procedure Establish a structured way of interacting with systems so that non-standard interactions are more easily detectable.
DTE0034 - System Activity Monitoring Collect system activity logs which can reveal adversary activity.
DTE0035 - User Training Train users to detect malicious intent or activity, how to report it, etc.
DTE0036 - Software Manipulation Make changes to a system's software properties and functions to achieve a desired effect.