The Unfetter Project
Discover and analyze gaps in your security posture.
Discover Gaps. Analytics in Practice. Leverage the Community.
When the threat hits, cybersecurity professionals working at the tactical, operational, and strategic levels need to work together quickly and effectively enable a common cybersecurity strategy that protects against the adversary. To do this in a repeatable, scalable way depends on an organization’s ability to discover and mitigate gaps in their posture, understand adversary tradecraft, and implement and communicate defensive courese of action.
We are an experiment (right now)
Unfetter is a community-driven suite of open source tools leveraging the MITRE ATT&CK™ framework, shifting the focus from indicators to a behavior-based methodology. This allows you to more effectively assess your risk, advance your security posture, and implement mitigations in a systemic, measurable, and meaningful way.
Cyber professionals can use Unfetter to:
- Establish a better baseline security posture
- Explore relationships to rapidly identify gaps
- Evaluate and compare defensive courses of action
Unfetter Discover: Analyze seucrity gaps and explore adversary tradecraft.
Unfetter Discover provides a workflow that helps Threat Reporters, Analytic Developers and Network Defenders create and share complex Cyber Threat Intelligence (CTI) data among their peers and across teams.
Unfetter Disocover builds tools for cyber experts to help them create, share and use complex Cyber Threat Intelligence information. Threat Reporters are making sense of the vast amount of research and reporting, Analytic Developers are crafting new detections, and Network Defenders are tackling gaps in their networks and need to know what to focus on next.
Unfetter Analytic: Measure the effectiveness of your analytics.
Unfetter Analytic is a prototype that allows developers to gain familiarity with the ATT&CK™ framework to measure the effectiveness of their analytics. Write analytics and map them to the MITRE ATT&CK™ techniques you want to detect. When the analytic event is created, the Kibana display shows the context around the event.Learn More
The Future of Unfetter
There are lots of areas that Unfetter is looking to focus.
- Automatically read and associate threat reports with MITRE ATT&CK™ techniques
- Translate and convert analytics to work in Elasticsearch, Splunk, etc.
- Ingest and evaluate threat intelligence data using crowdsourced partner data
- Automatically ingest complex threat data from trusted sources and update mitigations
- Increase detail and granularity of threat reporting dashboards
- Increase Red and Blue Team effectiveness with the Purple Team Operations Planner
Meeting the needs of all users
Each workflow is focused on the unique needs and requirements of security professionals.
- Threat Reporters research, document, and analyze threat reports
- Net Defenders track and assess gaps in their networks
- Threat Analysts build, evaluate, and share new behavior-based analytics
Join the Experiment.
Security Professionals welcome.
Unfetter is open source and looking for partners. If you have an idea for new functionality or a new workflow, let us know and submit an issue in GitHub. If you are a developer and have ideas on how to contribute, we welcome a pull request. We’re excited for everyone to join the experiment.Download Unfetter