The Unfetter Project

Discover and analyze gaps in your security posture.

Discover Gaps. Analytics in Practice. Leverage the Community.

When the threat hits, cybersecurity professionals working at the tactical, operational, and strategic levels need to work together quickly and effectively to enable a common cybersecurity strategy that protects against the adversary. To do this in a repeatable, scalable way depends on an organization’s ability to discover and mitigate gaps in their posture, understand adversary tradecraft, and implement and communicate defensive courses of action.

We are an experiment (right now)

Unfetter is a community-driven suite of open source tools leveraging the MITRE ATT&CK™ framework, shifting the focus from indicators to a behavior-based methodology. This allows you to more effectively assess your risk, advance your security posture, and implement mitigations in a systemic, measurable, and meaningful way.

Cyber professionals can use Unfetter to:

  • Establish a better baseline security posture
  • Explore relationships to rapidly identify gaps
  • Evaluate and compare defensive courses of action

Unfetter Discover: Analyze security gaps and explore adversary tradecraft


Assess the mitigations, analytics and sensors in your environment and see which MITRE ATT&CK™ Techniques are a threat. Learn more


Evaluate your infrastructure’s mitigations, analytics, and sensors through a simple survey. Visualize your gaps through the lens of MITRE’s ATT&CK™ framework.


Intrusion Set Dashboard

Explore the MITRE ATT&CK™ techniques associated with intrusions in the Intrusion Set Dashboard, and view similarities and differences. The Dashboard will also show you Critical Controls to mitigate these techniques. Learn more

Attack Patterns

Explore the Intrusion Sets and learn the associated MITRE ATT&CK™ techniques. Explore attack patterns and understand them in depth.

Attack Patterns

Unfetter Analytic: Measure the effectiveness of your analytics.

Unfetter Analytic is a prototype that allows developers to gain familiarity with the ATT&CK™ framework to measure the effectiveness of their analytics. Write analytics and map them to the MITRE ATT&CK™ techniques you want to detect. When the analytic event is created, the Kibana display shows the context around the event.

Learn More

The Future of Unfetter

The Unfetter team is improving current capabilities and experimenting in new areas.

  • Read and associate threat reports with MITRE ATT&CK™ techniques
  • Translate and convert analytics to work in Elasticsearch, Splunk, etc.
  • Ingest and evaluate threat intelligence data using crowdsourced partner data
  • Automatically ingest complex threat data from trusted sources and update mitigations
  • Increase detail and granularity of threat reporting dashboards
  • Increase Red and Blue Team effectiveness with the Purple Team Operations Planner
Learn More

Meeting the needs of all users.

Each workflow is focused on the unique needs and requirements of security professionals.

  • Threat Reporters track, document, and analyze threat reports
  • Defenders track and assess gaps in their networks
  • Analysts build, improve, and share new and existing behavior-based analytics

Join the Experiment.
Developers and expertise required.

Unfetter is open source and looking for partners. If you have an idea for new functionality or a new workflow, let us know and submit an issue in GitHub. If you are a developer and have ideas on how to contribute, we welcome a pull request. We’re excited for everyone to join the experiment.

Download Unfetter