July 26, 2021

Practicing Backward And Forward Tracking Hunts on A Windows Host

In our previous blog post, we showed how to get started with the Kestrel Threat Hunting Language, such as connecting to data sources and performing your first hunts using the GET and FIND commands. In this post, we’ll introduce the APPLY keyword, which adds powerful analytics and enrichment capabilities to hunts. We will show a Kestrel hunt performing backward and forward tracking on a Windows host to unearth the […]
July 26, 2021

Building a Huntbook to Discover Persistent Threats from Scheduled Windows Tasks

In this blog post, the first in a series introducing the Kestrel Threat Hunting Language, we will show you how to get started with your first hunt. You’ll learn how to set up your environment, connect to data sources, and search for a common attack technique, scheduled tasks in Windows. You’ll also become familiar with the basic concepts that you […]
June 29, 2021

IBM Contributes Kestrel Threat Hunting Tool to OASIS Open Cybersecurity Alliance (OCA)

Kestrel lets threat hunters ‘devote more time to figuring out what to hunt, as opposed to how to hunt’ Open Cybersecurity Alliance (OCA), an OASIS Open Project, today announced it has accepted IBM’s contribution of Kestrel, an open-source programming language for threat hunting that is used by Security Operations Center (SOC) analysts and other cybersecurity professionals. Kestrel streamlines cyber reasoning and […]
June 15, 2021

A Collaborative Approach to Meeting the Challenges in President Biden’s Executive Order on Improving US Cybersecurity

By Jason Keirstead, OASIS Open board member On May 12, U.S. President Joe Biden signed the Executive Order on Improving the Nation’s Cyber Security, charging U.S. federal agencies to partner with the private sector to foster a more secure cyberspace. Board member Jason Keirstead believes that OASIS Open’s projects are uniquely qualified to facilitate this public-private partnership and help guide the […]
June 3, 2021

OCA Intro Video

Learn more about our activities in this short introductory video.
March 3, 2021

TruSTAR Joins the Open Cybersecurity Alliance

Read the full announcement on the TruSTAR blog.
February 26, 2021

OCA Solutions Brief (available in English and Spanish)

The Open Cybersecurity Alliance is pleased to share some of the output of our work in a downloadable Solutions Brief. The brief covers how to: Remove Cyber Security Complexity with Industry-Driven Interoperability Empower Security Working Together with Common Architecture, Language & Messaging, and more Leverage and Contribute to the OCA Open Projects Download the Solutions Brief: English Version and Spanish Version.
December 15, 2020

How OCA Empowers Your XDR Journey

eXtended Detection & Response (XDR) has become an industry buzzword promising to take detection and response to new heights and improving security operations effectiveness. Not only are customers and vendors behind this but industry groups like Open Cybersecurity Alliance (OCA) share this same goal and there are some open projects to leverage for this effort. Read the full article on the […]