The Analytic Developer's tool of choice.
Analytic Developers are researching and documenting new analytic techniques in spreadsheets, Wiki's or presentation slides. That makes it difficult to organize, implement, or socialize those analtyics, locking your hard work into a vault. The Analytic Exchange workflow makes it easy to annotate the meta data around an analytic such as what techniques it detects, how it can be tested, what data is needed to implement.
Discover and share crowdsourced defensive measures to defend against the latest threats
Exploring the body of knowledge
An Analytics Repo
Create and review everything you need to know about an analytic and the research around it. Identify the script itself, label how the analytic should be used, identify the MITRE ATT&CK™ techniques that it is detecting, and the data that the analytic uses. Unfetter strives to be social, so your collaborators can review analytics, make comments, rate how well and analytic works, and download the data for use in your own systems. All from the Analytic Exchange.
Tailor areas of interest for your organizations network defense posture
Filter Settings
A giant list of analytics is not helpful. The Analytic Exchange strives to help you discover new analytics that are applicable to your environment. Filter on analytics that target a MITRE ATT&CK™ technique you have a risk gap, analytics from particular people, or that require particular data sources. Speaking of data sources, if you identify particular data needed in your analytic, then Unfetter will search through its database of sensors and recommend which sensor you might be able to use. So, if you are a sysmon user, you can filter on analytics that use data collected from sysmon! Unfetter is always striving to help you discover the information you need to better detect intrusions.
Seamlessly capture your defensive expertise and analysis.
Sharing an Analytic with Ease
Using a WYSIYG editor, document as little or as much about the Analytic as you desire. Identify how to test, how to implement, common mistakes, or anything you can think. Identifying as much information, as verbose as possible, lets Unfetter automate the discover of important connections. Every analytic created is also available in the Capabilities Assessment dashboard.
Standardized Data input for immediate impact.
Automated Script Translation
Analytic Pseudocode is important to help describe the logical data and relationships that makes the analytic awesome. The Analytic Exchange makes it eaiser to put your data into practice. Therefore, you can document any number of implementations of this analytic in target systems. Using Splunk? Then write it as a splunk query in the common information model. Using your own information model in Splunk? Add that implementation also. The Analytic Exchnage can make this even easier. Document your pseudocode in the STIX Pattern Language or SIGMA, then Unfetter Analytic will automatically translate it into Splunk, QRadar and ElasticSearch queries. More automated translations can be added in the future.
Take a Tour of our other app features.
Join the Experiment. Developers and Security Professionals Welcome.
Unfetter is open source and looking for partners. If you have an idea for new functionality or a new workflow, let us know and submit an issue in GitHub. If you are a developer and have ideas on how to contribute, we welcome a pull request. We’re excited for everyone to join the experiment.
DOWNLOAD UNFETTERPartner with Parsons for a more secure future.
Parson's corporation has been helping build Unfetter Discover into the product it is today. If you are you looking for a partner, please contact them.
CONTACT PARSONS