Elemendar’s READ. application processes human-authored, unstructured CTI reports and translates these into structured CTI data (STIX incorporating MITRE ATT&CK). This machine-readable data can then be fed directly into your organisation’s defensive systems for Security Analysts to operationalise. Data Extraction, STIX Processing and Output is completed seamlessly within READ. allowing analysts to pivot from extensive CTI documents to valuable, actionable data within seconds.

  • READ. is up to 20x faster than human analysis.
  • Faster CTI analysis equals faster understanding of newly emerging threats.
  • CTI can be analysed accurately at volume, with multiple reports processed concurrently.
  • Human Analysts save critical time, processing more reports with less information overload.
  • Save costs through faster threat analysis and threat remediation.
  • Prevents Analyst burnout, lowering headcount pressure.



Data Extraction

Elemendar’s READ. application extracts CTI data from URL’s, PDF files and free form text. Graphics and Images are also retained for reference/context.

STIX Processing

The extracted text is analysed using Elemendar’s proprietary, machine learning-powered Natural Language Processing engine. READ. extracts and categorises entities from the unstructured CTI using the STIX standard. Currently supported STIX entities include Identities, Indicators, Malware, Threat Actors, Tools and Vulnerabilities. These are further grouped into relevant subcategories, for example, ‘Trojan’ for Malware. Sentences are also processed, extracted and matched against the MITRE ATT&CK framework to provide relevant attack patterns. Finally, relationships between these objects are visibly outlined for the Analyst to identify.

Elemendar's READ. application

The READ. front-end user interface (Analyst In the Loop) allows an Analyst to approve or review the automatically-suggested STIX entity categorisation before accepting it for importing into their desired tool (TIP, SIEM, SOAR etc.). Entities can be added, removed and edited by Analysts, who also have the control to add additional entities such as attack patterns and intrusion set SDOs to the report before final output. Analyst feedback within READ. is fed back to Elemendar’s ML engine to further improve the system’s future performance for the customer’s specific datasets.


Once the report has been processed, READ. outputs the identified entities using the industry recognised STIX 2.0 standard. This creates a seamless process of importing data into existing CTI environments, saving both the time and resources of CTI analysts.

Outputs are user-configurable and can include MISP or TAXII/TAXII2 servers, an OpenCTI connector, or downloading a STIX JSON file. Other output solutions tailored to your organisation’s environment can be made available on request.

READ. also offers a RESTful API (available for evaluation) which enables users to fully integrate the application into existing environments for complete automation & orchestration of CTI processing.