MITRE Shield will be retired on October 18th in favor of MITRE Engage. To learn more, click here.


Add authenticity to deceptive components to convince an adversary that something is real.

Legitimize is used to add authenticity to deceptive components to convince an adversary that something is real. This includes adding realistic user accounts, files, system activity, and any other content that an adversary might expect to see.

ID: DTA0007


DTE0004 - Application Diversity Present the adversary with a variety of installed applications and services.
DTE0008 - Burn-In Exercise a target system in a manner where it will generate desirable system artifacts.
DTE0010 - Decoy Account Create an account that is used for active defense purposes.
DTE0011 - Decoy Content Seed content that can be used to lead an adversary in a specific direction, entice a behavior, etc.
DTE0012 - Decoy Credentials Create user credentials that are used for active defense purposes.
DTE0013 - Decoy Diversity Deploy a set of decoy systems with different OS and software configurations.
DTE0014 - Decoy Network Create a target network with a set of target systems, for the purpose of active defense.
DTE0015 - Decoy Persona Develop personal information (aka a backstory) about a user and plant data to support that backstory.
DTE0016 - Decoy Process Execute software on a target system for the purposes of the defender.
DTE0017 - Decoy System Configure a computing system to serve as an attack target or experimental environment.
DTE0025 - Network Diversity Use a diverse set of devices on the network to help establish the legitimacy of a decoy network.
DTE0030 - Pocket Litter Place data on a system to reinforce the legitimacy of the system or user.