Goal: Gather information about attackers’ activities and tools by deploying deceptive identity APIs.
Approach: Creating fake identity APIs that mimic legitimate services but capture attacker interactions.
Deploy fake APIs that mimic identity management services, such as user provisioning, authentication, or authorization. These APIs can be designed to capture attacker requests, log their activities, or return misleading information.