Xiaokui Shu

July 11, 2023

Kestrel Data Retrieval Explained

Kestrel provides a layer of abstraction to compose hunt-flows with standard hunt steps that run across many data sources and data types. This blogs overviews how data is retrieved, processed, and stored in Kestrel, and explains the 10x data retrieval performance improvement through Kestrel 1.5, 1.6, and 1.7.
June 15, 2023

End-to-end Testing for Cyber-Security Applications

Announcing the Federated Search End-To-End Testing GitHub Repository and its first CI/CD usage for Kestrel, a federated search application. Read on.
July 27, 2022

Try Kestrel in a Cloud Sandbox

Introducing the Kestrel cloud sandbox. Now learning and trying Kestrel is just a click away—no installation needed, no server needed.
November 2, 2021

Setting Up The Open Hunting Stack in Hybrid Cloud With Kestrel and SysFlow

How to set up the open hunting stack as presented at Black Hat Europe 2021 Arsenal.
July 26, 2021

Practicing Backward And Forward Tracking Hunts on A Windows Host

In our previous blog post, we showed how to get started with the Kestrel Threat Hunting Language, such as connecting to data sources and performing your first hunts using the GET and FIND commands. In this post, we’ll introduce the APPLY keyword, which adds powerful analytics and enrichment capabilities to hunts. We will show a Kestrel hunt performing backward and forward tracking on a Windows host to unearth the […]
July 26, 2021

Building a Huntbook to Discover Persistent Threats from Scheduled Windows Tasks

In this blog post, the first in a series introducing the Kestrel Threat Hunting Language, we will show you how to get started with your first hunt. You’ll learn how to set up your environment, connect to data sources, and search for a common attack technique, scheduled tasks in Windows. You’ll also become familiar with the basic concepts that you […]