designing-adversary-engagement-with-mitre-engage

Installation
SKILL.md

Designing Adversary Engagement with MITRE Engage

When to Use

  • When an organization owns deception tooling (honeypots, honeytokens, canary tokens, decoy files) but deploys it tactically with no unifying strategy or measurable outcome.
  • When leadership asks whether the organization should engage adversaries, and what the legal, operational, and resourcing implications are.
  • When writing a formal adversary engagement operation plan that must justify every deployed deceptive artifact against a strategic goal.
  • When selecting which specific deception Activities to deploy against a known or suspected threat actor based on that actor's ATT&CK TTPs.
  • When building a denial, deception, and adversary engagement (DD&AE) program that must integrate with existing SOC, threat intel, and incident response functions.
  • When a deception deployment generates alerts that nobody knows how to act on, because Expose was never connected to Affect or Elicit goals.

This skill is the strategy and operations layer that sits above tactical deployment skills (honeypot, honeytoken, canary-token, and decoy-file deployment). Use those skills to implement the Activities this skill selects and sequences.

Prerequisites

Installs
4
GitHub Stars
24.7K
First Seen
Jun 20, 2026
designing-adversary-engagement-with-mitre-engage — mukul975/anthropic-cybersecurity-skills