D3FEND — Deceive

When to Use

• Deploying honeynets (connected, integrated, standalone)
• Planting decoy objects (files, network resources, personas)
• Distributing decoy credentials and session tokens
• Publishing decoy information (fake releases, personas)
• Designing deception programs and adversary engagement
• Monitoring deception environment for adversary interaction

When NOT to Use

• Building detection rules or SIEM content → d3fend-detect
• System hardening or secure config → d3fend-harden
• Network segmentation → d3fend-isolate
• Active defense / threat intel → cybersecurity
• Adversarial testing (red team) → ai-redteam / offensive-security-analyst