Analytic Exchange

Comprehensive community-driven analytics to protect Your network

After snort rules are in place and malware prevention is running, it is time to start building complex analytics that can detect MITRE ATT&CK™ techniques. Securit Experts are reseraching, building and testing out complex analytics. Unfetter aims to help cyber professionals share complex Cyber Threat Information (CTI) with collaborators, partners and customers. The Analytic Exchange helps those analytic developers document, implement and socialize complex analytics.

The Analytic Developer's tool of choice.

Analytic Developers are researching and documenting new analytic techniques in spreadsheets, Wiki's or presentation slides. That makes it difficult to organize, implement, or socialize those analtyics, locking your hard work into a vault. The Analytic Exchange workflow makes it easy to annotate the meta data around an analytic such as what techniques it detects, how it can be tested, what data is needed to implement.

Discover and share crowdsourced defensive measures to defend against the latest threats

Exploring the body of knowledge

An Analytics Repo

Create and review everything you need to know about an analytic and the research around it. Identify the script itself, label how the analytic should be used, identify the MITRE ATT&CK™ techniques that it is detecting, and the data that the analytic uses. Unfetter strives to be social, so your collaborators can review analytics, make comments, rate how well and analytic works, and download the data for use in your own systems. All from the Analytic Exchange.

Analytic Exchange

Tailor areas of interest for your organizations network defense posture

Filter Settings

A giant list of analytics is not helpful. The Analytic Exchange strives to help you discover new analytics that are applicable to your environment. Filter on analytics that target a MITRE ATT&CK™ technique you have a risk gap, analytics from particular people, or that require particular data sources. Speaking of data sources, if you identify particular data needed in your analytic, then Unfetter will search through its database of sensors and recommend which sensor you might be able to use. So, if you are a sysmon user, you can filter on analytics that use data collected from sysmon! Unfetter is always striving to help you discover the information you need to better detect intrusions.

Analytic Exchange

Seamlessly capture your defensive expertise and analysis.

Sharing an Analytic with Ease

Using a WYSIYG editor, document as little or as much about the Analytic as you desire. Identify how to test, how to implement, common mistakes, or anything you can think. Identifying as much information, as verbose as possible, lets Unfetter automate the discover of important connections. Every analytic created is also available in the Capabilities Assessment dashboard.

Analytic Exchange

Standardized Data input for immediate impact.

Automated Script Translation

Analytic Pseudocode is important to help describe the logical data and relationships that makes the analytic awesome. The Analytic Exchange makes it eaiser to put your data into practice. Therefore, you can document any number of implementations of this analytic in target systems. Using Splunk? Then write it as a splunk query in the common information model. Using your own information model in Splunk? Add that implementation also. The Analytic Exchnage can make this even easier. Document your pseudocode in the STIX Pattern Language or SIGMA, then Unfetter Analytic will automatically translate it into Splunk, QRadar and ElasticSearch queries. More automated translations can be added in the future.

Analytic Exchange

Take a Tour of our other app features.

Threat Reporting

This is the text about threat reporting

GO ->
Analytic Exchange

This is the text about threat reporting

GO ->
Capability Assessments

This is the text about threat reporting

GO ->
Intrusion Set Dashboard

This is the text about threat reporting

GO ->

Join the Experiment. Developers and Security Professionals Welcome.

Unfetter is open source and looking for partners. If you have an idea for new functionality or a new workflow, let us know and submit an issue in GitHub. If you are a developer and have ideas on how to contribute, we welcome a pull request. We’re excited for everyone to join the experiment.

DOWNLOAD UNFETTER

Partner with Parsons for a more secure future.

Parson's corporation has been helping build Unfetter Discover into the product it is today. If you are you looking for a partner, please contact them.

CONTACT PARSONS