From Cyber Analytics Repository
Jump to: navigation, search

You can help contribute to CAR.

CAR is in a constant state of development. We are always on the lookout for new information to help refine and extend CAR. If you have additional analytics you would like to contribute, then we would like to hear from you.

Please email us to submit.

Submission Guidelines


We endeavor to vet submissions in a timely manner but we are busy people. You can expect a response that your submission has been received within 24 hours and an additional substantive response indicating acceptance or denial within one month. Please understand that an influx of submissions may cause our response times to slow down.


We understand that there are many analytics and many approaches to cybersecurity. To that end, the Cyber Analytics Repository is focused on analytics for host-based sensing in Windows-based environments. Please see our Glossary to understand the kinds of categories into which we sort analytics. Analytics submitted should fall into one of these categories.

Our analytics are focused on processing host-level data collected in a real-time format. We see the value of mitigations, vulnerabilities, forensic data, and repositories of indicators of compromise (IOCs) but that is not the focus of CAR. Should you have submissions of those types of information, please consider resources such as CVE, IOC Bucket, or other open-source venues dedicated to that category of information.

The following criteria are a consideration for us when vetting analytic submissions:

  1. An analytic must address ATT&CK™ tactics, techniques, and procedures (TTPs).
  2. Although we are unable to verify the truth of the submission, an analytic should only be shared if it has been used in an operational setting.
  3. An analytic must detect behaviors, not a specific artifact or nuance of a RAT or piece of malware.
  4. We reserve the right to add new criteria over time as the vetting process evolves.


CAR is a public website whose purpose is meant to share analytics to further the community as a whole. To that end, please do not submit analytics which are intended for patent.

Analytics submitted by corporations or individuals will be recognized by the use of the following phrase on the analytic page. “This analytic submitted by John C. Doe/XYZ Corporation.”