Elemendar’s READ. application reads human-authored, unstructured Cyber Threat Intelligence and translates it into machine actionable data (STIX 2.0 & MITRE ATT&CK) which can then be deployed directly into defensive systems.

  • READ. is up to 20x faster than unaided human analysis.
  • Faster CTI analysis equals faster understanding of newly emerging threats.
  • CTI can be analysed accurately at volume, with multiple reports processed concurrently.
  • Human Analysts save critical time, processing more reports with less information overload.
  • Save costs through faster threat analysis and remediation.
  • Prevents Analyst burnout, lowering headcount pressure.

READ. processes human-authored, unstructured CTI reports and translates these into structured CTI data (STIX 2.0 incorporating MITRE ATT&CK). This machine-readable data can then be fed directly into your organisation’s defensive systems for Security Analysts to operationalise. Data Extraction, STIX Processing and Output is completed seamlessly within READ. allowing analysts to pivot from extensive CTI documents to valuable, actionable data within seconds.

Data Extraction

Elemendar’s READ. application extracts CTI data from URL’s, PDF files and free form text. Graphics and Images are also retained for reference/context.

STIX Processing

The extracted text is analysed using Elemendar’s proprietary, machine learning-powered Natural Language Processing engine. READ. extracts and categorises entities from the unstructured CTI using the STIX2.0 standard.

Currently supported STIX2 entities include Identities, Indicators, Malware, Threat Actors, Tools and Vulnerabilities. These are further grouped into relevant subcategories, for example, ‘Trojan’ for Malware.

Sentences are also processed, extracted and matched against the MITRE ATT&CK framework to provide relevant attack patterns. Finally, relationships between these objects are visibly outlined for the Analyst to identify.

The READ. front-end user interface (Analyst In the Loop) allows an Analyst to approve or review the automatically-suggested STIX entity categorisation before accepting it for importing into their desired tool (TIP, SIEM, SOAR etc.).

Entities can be added, removed and edited by Analysts, who also have the control to add additional entities such as attack patterns and intrusion set SDOs to the report before final output.

Analyst feedback within READ. is fed back to Elemendar’s ML engine to further improve the system’s future performance for the customer’s specific datasets.

Output

Once the report has been processed, READ. outputs the identified entities using the industry recognised STIX 2.0 standard. This creates a seamless process of importing data into existing CTI environments, saving both the time and resources of CTI analysts.

Outputs are user-configurable and can include MISP or TAXII/TAXII2 servers, an OpenCTI connector, or downloading a STIX2 JSON file. Other output solutions tailored to your organisation’s environment can be made available on request.

READ. also offers a RESTful API (available for evaluation) which enables users to fully integrate the application into existing environments for complete automation & orchestration of CTI processing.

Get In Touch With The Team