Welcome to the Unfetter project, a reference implementation inspired by The MITRE Corporation's Cyber Analytics Repository (CAR) and Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) projects.
This reference implementation provides a framework for collecting events (process creation, network connections, Window Event Logs, etc.) from a client machine (Windows 7) and performing CAR analytics to detect potential adversary activity.
The goal of this effort is to enable analytic developers, malware analysts, or infrastructure owners to experiment with existing adversary detection analytics or create additional analytics. Efforts have been made to simplify the installation and setup of this reference implementation. While scalable components have been used, this is meant to be a development system. A production architecture would need to be further developed to run in a large scale environment.
Please see the wiki for more information and setup instructions: https://github.com/iadgov/unfetter/wiki.
ATT&CK is a trademark of The MITRE Corporation.