The Unfetter project seems awesome. I'm 100% tracking on MITRE ATT&CK framework/matrix, CAR, CARET, STIX, and Unfetter Analytic. However, when it comes to Unfetter Discover, I can't seem to grasp its purpose or how to make use of it. I've read everything I can find and played around in the local docker instance. I'm not even sure if this is the right place to ask questions, but I couldn't find anywhere else to do so. Would someone mind pointing me in the right direction? Thanks in advance.

Thanks for the question. We tried to explain the purpose a bit more on our webpage, https://nsacyber.github.io/unfetter/

Essentially, Unfetter Discover was designed as a workflow to help Threat Analysts, Analytic Developers and those implementing mitigations/analytics, a tool to help them create and share data among themselves. While MITRE CAR, ATTACK, STIX is the data, there wasn't a good way to share that data with those who need to implement it.

For Unfetter Discover, the Threat Dashboard helps threat Analysts research threat reporting, pull them together, write notes, and helps them determine which threats an org should focus on. The Analytic Exchange helps Analytic Developers create analytics, describe implementations, automatically translate between STIX and ELK/Splunk, etc, and to share them on a board where other Analytic Developers can interact with it. The Assessment Dashboard helps developers determine how good their mitigations, capabilities or analytics are in their environment, and see what ATT&CK gaps they have.

If you have specific questions, please let us know.