The Unfetter Project
Discover and analyze gaps in your security posture.
Discover Gaps. Analytics in Practice. Leverage the Community.
When the threat hits, cybersecurity professionals working at the tactical, operational, and strategic levels need to work together quickly and effectively enable a common cybersecurity strategy that protects against the adversary. To do this in a repeatable, scalable way depends on an organization’s ability to discover and mitigate gaps in their posture, understand adversary tradecraft, and implement and communicate defensive courese of action.
We are an experiment (right now)
Unfetter is a community-driven suite of open source tools leveraging the MITRE ATT&CK™ framework, shifting the focus from indicators to a behavior-based methodology. This allows you to more effectively assess your risk, advance your security posture, and implement mitigations in a systemic, measurable, and meaningful way.
Cyber professionals can use Unfetter to:
- Establish a better baseline security posture
- Explore relationships to rapidly identify gaps
- Evaluate and compare defensive courses of action
Unfetter Discover: A unique platform that unifies the Network Defender and Threat Analysts, letting them create, share, and use threat intel
Network Defenders can assess the mitigations, analytics and sensors in your environment and see which MITRE ATT&CK™ Techniques are a threat. Learn more
Evaluate your infrastructure’s mitigations, analytics, and capabilities through a simple survey. Visualize your gaps through the lens of MITRE’s ATT&CK™ framework. As Network Defenders improve the security of the infrastructure, you can update the Assessment, maintaining an update to your situational awareness.
Threat Analytsts can create, share complex behaviors and engage with each other in a true community
Threat Analysts can create new analytics and map them to the MITRE ATT&CK™ framework. Analytics can be searched, filtered, ranked and commented on.
Intrusion Set Dashboard
Explore the MITRE ATT&CK™ techniques associated with intrusions in the Intrusion Set Dashboard, and view similarities and differences. The Dashboard will also show you Critical Controls to mitigate these techniques.
Explore the Intrusion Sets and learn the associated MITRE ATT&CK™ techniques. Explore attack patterns and understand them in depth.
Unfetter Analytic: Measure the effectiveness of your analytics.
Unfetter Analytic is a prototype that allows developers to gain familiarity with the ATT&CK™ framework to measure the effectiveness of their analytics. Write analytics and map them to the MITRE ATT&CK™ techniques you want to detect. When the analytic event is created, the Kibana display shows the context around the event.Learn More
The Future of Unfetter
The Unfetter team is improving current capabilities and experimenting in new areas.
- Read and associate threat reports with MITRE ATT&CK™ techniques
- Translate and convert analytics to work in Elasticsearch, Splunk, etc.
- Ingest and evaluate threat intelligence data using crowdsourced partner data
- Automatically ingest complex threat data from trusted sources and update mitigations
- Increase detail and granularity of threat reporting dashboards
- Increase Red and Blue Team effectiveness with the Purple Team Operations Planner
Meeting the needs of all users
Each workflow is focused on the unique needs and requirements of security professionals.
- Threat Reporters research, document, and analyze threat reports
- Net Defenders track and assess gaps in their networks
- Threat Analysts build, evaluate, and share new behavior-based analytics
Join the Experiment.
Security Professionals welcome.
Unfetter is open source and looking for partners. If you have an idea for new functionality or a new workflow, let us know and submit an issue in GitHub. If you are a developer and have ideas on how to contribute, we welcome a pull request. We’re excited for everyone to join the experiment.Download Unfetter