Add authenticity to deceptive components to convince an adversary that something is real.
Legitimize is used to add authenticity to deceptive components to convince an adversary that something is real. This includes adding realistic user accounts, files, system activity, and any other content that an adversary might expect to see.
| Technique | Description |
|---|---|
| DTE0004 - Application Diversity | Present the adversary with a variety of installed applications and services. |
| DTE0008 - Burn-In | Exercise a target system in a manner where it will generate desirable system artifacts. |
| DTE0010 - Decoy Account | Create an account that is used for active defense purposes. |
| DTE0011 - Decoy Content | Seed content that can be used to lead an adversary in a specific direction, entice a behavior, etc. |
| DTE0012 - Decoy Credentials | Create user credentials that are used for active defense purposes. |
| DTE0013 - Decoy Diversity | Deploy a set of decoy systems with different OS and software configurations. |
| DTE0014 - Decoy Network | Create a target network with a set of target systems, for the purpose of active defense. |
| DTE0015 - Decoy Persona | Develop personal information (aka a backstory) about a user and plant data to support that backstory. |
| DTE0016 - Decoy Process | Execute software on a target system for the purposes of the defender. |
| DTE0017 - Decoy System | Configure a computing system to serve as an attack target or experimental environment. |
| DTE0025 - Network Diversity | Use a diverse set of devices on the network to help establish the legitimacy of a decoy network. |
| DTE0030 - Pocket Litter | Place data on a system to reinforce the legitimacy of the system or user. |