Thread is an open-source, community-driven tool that automates the mapping of cybersecurity reports to the MITRE ATT&CK® framework and other threat analysis frameworks. Developed by Arachne Digital, Thread empowers security professionals and organisations to quickly and accurately map TTPs from free text, enhancing threat detection and analysis. With continuous updates and a focus on efficiency and accuracy, Thread aims to become the leading platform for CTI mapping, contributing to a safer digital world.
-
Tasks:
- Conduct customer feedback analysis to identify areas for IoC capture improvement. DONE
- Develop and implement IoC capture enhancements based on user feedback. DONE
- Run comprehensive testing and validation of IoC capture improvements. DONE
- Add IoCs to Thread generated reports.
-
Rationale: Enhancing IoC capture aligns Thread's capabilities with user needs, improving the quality and accuracy of IoCs. This milestone ensures that the platform remains responsive to user feedback and sets the stage for more advanced functionalities.
-
Tasks:
- Optimise performance by implementing hierarchical search and prescan sampling methods.
- Improve machine learning models using flagged data and feedback loops.
- Implement TTP breakdown by operating systems for more granular insights.
- Optimise infrastructure to handle increased traffic and usage.
- Launch community engagement initiatives to attract new contributors.
-
Rationale: Enhancing core capabilities strengthens Thread’s foundational features, improving both performance and accuracy. This milestone builds on the improved IoC capture from Milestone 1 and prepares the platform for increased user engagement and data processing.
-
Tasks:
- Conduct penetration testing to identify security issues.
- Review and prioritise findings for remediation based on severity and impact.
- Implement remediation measures and update security documentation.
-
Rationale: Security is paramount to maintaining trust and protecting user data. This milestone ensures that Thread’s infrastructure is secure, addressing any security issues early. Note that security testing will become an annual event as Arachne Digital grows.
-
Tasks:
- Audit the codebase for memory-unsafe code.
- Prioritise critical components for migration to memory-safe languages.
- Enhance current security practices and integrate memory-safe development into the workflow.
- Train the development team in memory-safe programming languages.
- Align the transition with Arachne Digital’s long-term business goals.
- Implement and monitor the migration process.
-
Rationale: Transitioning to memory-safe programming reduces vulnerabilities related to unsafe memory management, ensuring long-term resilience. This milestone builds on the security improvements from Milestone 3, providing a more robust and secure platform.
-
Tasks:
- Automate maintenance tasks, such as updating MITRE ATT&CK data.
- Enhance the user experience by streamlining setup and improving the interface.
- Review and update documentation to reflect new features and capabilities.
- Create new tutorials and guides to help users maximise Thread’s potential.
-
Rationale: Improving user experience and documentation makes Thread more accessible and user-friendly. This milestone ensures that the platform’s advanced capabilities are supported by clear, comprehensive resources, building on the technical enhancements from earlier milestones.
-
Tasks:
- Implement support for additional frameworks beyond MITRE ATT&CK Enterprise, including MITRE ATT&CK ICS, MITRE ATT&CK Mobile, MITRE ATLAS, and DISARM Red Framework.
-
Rationale: Expanding Thread’s framework support increases its versatility, making it applicable to a wider range of cybersecurity and disinformation analysis use cases. This milestone builds on Thread’s core functionality, extending its reach and utility.
-
Tasks:
- Add support for exporting mapped TTPs to MISP and Sigma rules.
- Engage with DISARM Foundation and MITRE to align development with industry standards and needs.
-
Rationale: Integrating with key industry tools and engaging with stakeholders enhances Thread’s relevance and utility in the broader CTI landscape. This milestone builds on the expanded framework support from Milestone 6, further integrating Thread into existing workflows.
-
Tasks:
- Conduct a UX audit to identify areas for improvement.
- Collaborate with UI/UX designers to revamp the Thread interface.
- Implement user testing to validate the effectiveness of UX improvements.
-
Rationale: Optimising the UX design ensures that Thread is not only powerful but also intuitive and user-friendly. This milestone builds on the enhancements in earlier milestones, refining the user experience to meet the needs of a diverse user base.
-
Tasks:
- Optimise infrastructure to handle increased traffic and usage.
- Develop a sustainability plan including funding sources and partnerships.
- Begin localisation efforts to translate Thread into multiple languages.
-
Rationale: Scaling infrastructure and planning for sustainability are crucial as Thread grows. This milestone ensures that the platform can support a larger user base and maintain long-term relevance and reliability.
-
Tasks:
- Expand global outreach by promoting Thread at cybersecurity conferences and publishing case studies.
- Position Thread as the leading tool for mapping free text to various security and disinformation frameworks.
- Continue building partnerships and integrating Thread into broader CTI workflows.
-
Rationale: Achieving global impact is the culmination of Thread’s development. This milestone ensures that Thread’s contributions to cybersecurity are widely recognised and utilised, establishing it as a standard tool in the CTI community.