Unfetter Insight Performs natural language processing and analysis to detect possible ATT&CK Patterns. Unfetter insight currently accepts files with the following extensions: .txt, .pdf, and .html .
In order to run babelfish you will need Docker.
Once you have finished setting up your docker environment, clone the unfetter-insight project from GitHub, and proceed to build the docker images:
$ git clone https://github.com/unfetter-discover/unfetter-insight.git
$ cd unfetter-insight/
$ docker-compose upNow your unfetter-insight instance is ready and running at http://localhost:8080
In order to use unfetter-insight, you place the files to be processed in the directory /unfetter-insight/ . A sub-directory can be created to manage test files. The sub-directory Test_files can be referenced to set up. These Test_files can also be run to test insight, as shown below.
To use unfetter-insight, underneath the "File Processing" header on the left, select the file to be processed. After making your selection, click on the green submit button directly to the right.
After the file finishes processing, you will be taken to a report page that will display the results of the analysis. The line graph details the occurences of cooresponding threats detected based on the confidence of the specified threat existing in the given range of text. It is important to note that the x-axis of the graph represents the entirety of the document, and there may be multple occurances of the same threat being detected.
Below the graph, there is a "Details" link that will display the marked report generated by babelfish. This report is the bare text of the document with highlights indicating the threats it detected.
Below the link, there is a bar graph for a simplified visual on the threats detected in the document and its cooresponding confidence. Note that as with the line graph, the bar graph may depict depict multiple threats of the same type.
To use babelfish package for report classification, simply do:
$ python
>>>import babelfish
>>>babelfish.classify_report('sample.txt')
100%|████████████████████████████████████████| 278/278 [00:00<00:00, 663.89it/s]
['Bypass User Account Control']