Unfetter

Unfetter is a project designed to help network defenders, cyber security professionals, and decision makers identify and analyze defensive gaps in a more scalable and repeatable way. By featuring the groups[1] and techniques[2] of the ATT&CK™ model combined with the analytics[3], data model[4], and sensors[5] of the Cyber Analytics Repository (CAR), Unfetter offers an opportunity for the community to come together and move beyond indicators toward a behavioral-based methodology.


Get Involved

Check out the NSA Unfetter Github page for more information about Unfetter and to learn how to contribute.

Learn More

Understand the overarching concept behind Unfetter and learn about the releases and capabilities with Getting Started, and our About page.



1: Groups refer to adversaries who may conduct campaigns. They may also be commonly referred to as campaigns or intrusion sets.
2: Techniques refer to the ATT&CK techniques. A technique is a name to define post-access adversary behavior.
3: Analytics refer to pseudocode written to assist computer network defenders in identifying post-access adversary behavior in an environment.
4: Data model refers to a common nomenclature in CAR to define the objects, actions, and fields necessary to link analytics to sensors.
5: Sensors refer to host-based open source or commercially available software or hardware that can be used in combination with analytics to identify post-access adversary behavior.