Thread empowers organisations to bolster their cybersecurity defences and respond effectively to evolving threats with the most up-to-date intelligence.
This indispensable asset for cybersecurity professionals is built upon MITRE’s TRAM project. It accurately maps tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK® framework.
Thread's core functionality begins with the user submitting a website URL. Upon submission, the URL and its corresponding title are placed in a queue for processing. Thread retrieves the website’s content and feeds it into machine learning models.
The machine learning models analyse the text to identify specific TTPs, which are then reviewed by a human analyst. This integration of machine learning significantly reduces the time and effort required for manual mapping, transforming hours of work into minutes.
Human analysts review the initial TTP mappings, validate them, and make necessary adjustments. They also add critical metadata such as the article’s publication date, malicious activities' start and end dates, and information about threat actors, including their names, attributed countries, targeted industries, and regions.
In addition to TTP mappings, analysts highlight and save indicators of compromise (IoCs) like malicious IP addresses, domains, and file hashes. Thread provides fields to refine these IoCs, ensuring they are accurate and actionable. Combining machine learning and human expertise, this dual-layered approach ensures that Thread’s threat intelligence is precise and reliable.
Once the review process is complete, Thread allows users to export the analysed reports as PDF files. These reports contain the raw text version of the analysed content and a detailed table mapping each identified TTP to its corresponding sentence. This format provides clear, actionable insights that can be easily shared within security teams and used to enhance security operations.
Thread can be downloaded and set up locally from Arachne Digital’s GitHub repository for users who prefer to maintain control over their data. Thread does not require an internet connection and can be run on a fully air-gapped network if desired. This local installation ensures that all analyses and reports remain on the user’s machine, providing you with control of your data.
It’s important that your cybersecurity tools are comprehensive and they enable automatic updates.
You should be able to get expert guidance to integrate your tools, and you need to know that you can negotiate further reports with your provider should they be deemed necessary.
Thread is a cyber threat intelligence tool developed by Arachne Digital. It leverages machine learning to analyse text from online articles, mapping the identified tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK® framework.
Thread significantly reduces the time and effort required for threat intelligence analysis by automating the initial mapping of TTPs to the MITRE ATT&CK® framework. What used to take analysts hours of manual mapping now takes minutes or less.
Thread supports threat modelling by providing detailed insights into the tactics, techniques, and procedures used by threat actors. By analysing external information and internal incident reports, Thread helps organisations build comprehensive threat models tailored to their specific industry and geographic region.
Yes, Thread is highly effective for internal incident reporting and analysis. Organisations can use Thread to analyse internal reports, and map identified TTPs to the MITRE ATT&CK® framework.
Thread prioritises user privacy and data security. Thread can be downloaded and set up locally from Arachne Digital’s GitHub repository for users who prefer to maintain control over their data.