Deceive, Detect, Engage

Privileged User Account Decoy

This element is a decoy user account that appears to have elevated privileges within the system. The account is monitored for any login attempts or activity, which would indicate an attacker trying to gain unauthorized access.

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Privileged User Account Decoy

Description of Element:

Technical Context:

Placement: Within the organization’s Active Directory or other identity management system.

This element reinforces the principle of continuous authentication and authorization, as even privileged accounts should be subject to scrutiny.

Other:

Att&ck/Engage Mapping: Valid Accounts (T1078) / Decoy Account (E1503) / Decoy System (E1506)

Privileged User Account Decoy

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense