Unfetter was built for Cyber Security Professionals like you.

Unfetter Discover is designed to help Cyber Security Professionals create and share complex threat information so that it is actionable in defending their environment. Beyond domain name, IP addresses, and file hashes, the cyber threat inforamtion that describes behavioral analytics, complex attack techinques, or the knowledge needed to prioritize the next potential threats is usually found in blogs, PDFs, your favorite vendor report, or even Twitter posts. The National Security Agency built Unfetter Discover as a tool that lets Threat Reporters, Analytic Developers and Network Defenders manage the complex information they need to their jobs better. Not just manage the data, but socialize among their peers and partners. Unfetter Discover is a web application that uses the MITRE ATT&CK™ Framework to organize complex data that experts are creating, and provides connections to the vast amount of related data.

A streamlined mission framework.

MITRE ATT&CK™ is a framework that categorizes and documents adversary tactices and technqiues based on real world observations. In Unfetter, we use ATT&CK™ as a way to connect different types of threat information, building complex relationships in a streamlined workflow.

  • MITRE's mission is to solve problems for a safer world by bringing communities together to develop more effective cybersecurity.
  • Unfetter Discover lets you relate Reports, Analyltics, Mitigations and Malware to MITRE ATT&CK™ techniques.
  • ATT&CK™ is being adopted by organizations large and small all over the world. Unfetter Discover lets you talk the same language.

Structured Threat Information eXpression (STIX) Approach

STIX is a language and serialized format used to exchange Cyber Threat Intelligence (CTI). Unfetter's data is imported and export in STIX format and guides how we build our architecture. By speaking STIX, you can share data in and out of Unfetter Discover using the most sophisticated CTI lexicon.

  • STIX is built in JSON and has a REST API configuration for data exchange.
  • STIX data objects are diverse and complex. Unfetter Discover helps you make sense of it all.
  • Unfetter Discover leverages the ATT&CK™ data pulled from MITRE in STIX format.

Unfetter provides a shared framwork

Threat Reporters

Evaluate your infrastructure’s mitigations, analytics, and capabilities through a simple survey. Visualize your gaps through the lens of MITRE’s ATT&CK™ framework. As Network Defenders improve the security of the infrastructure, you can update the Assessment, maintaining an update to your situational awareness.


The Unfetter Story: Why it began and how it will continue.

Security Engineers at the National Security Agency built Unfetter with the idea that complex Cyber Threat Information (CTI) was difficult to create, share and put into action. We started Unfetter as an experiment to take complex CTI, mapped around common lexicons, and build workflows to help security experts be able to take actions to protect themselves.

Unfetter Analytic was our original project. Partnering with MITRE, we built an ElasticSearch stack running analytics that mapped to MITRE ATT&CK™. By mapping alerts back to a common framework, users would not only see when and where an analytic fired, but get a link to the rich community of informaiton that had grown up around ATT&CK™. All for free.

Unfetter Discover aimed to take that idea farther. Help users create and share the CTI that they understand the best. By creating a network of users who are contributing their CTI expertise and data, in a way that the data itself can be normalized, we believe users will get more actionable information. Not just mounds of data.

Unfetter Discover and Unfetter Analytic are open source tools that are free for the community. We hope they help you as you protect and manage your networks

Take a Tour of our other app features.

Threat Reporting

This is the text about threat reporting

GO ->
Analytic Exchange

This is the text about threat reporting

GO ->
Capability Assessments

This is the text about threat reporting

GO ->
Intrusion Set Dashboard

This is the text about threat reporting

GO ->

Join the Experiment. Developers and Security Professionals Welcome.

Unfetter is open source and looking for partners. If you have an idea for new functionality or a new workflow, let us know and submit an issue in GitHub. If you are a developer and have ideas on how to contribute, we welcome a pull request. We’re excited for everyone to join the experiment.


Partner with Parsons for a more secure future.

Parson's corporation has been helping build Unfetter Discover into the product it is today. If you are you looking for a partner, please contact them.