Kestrel

February 27, 2023
Published by Leila Rashidi on February 27, 2023

A Kestrel Analytics to Detect Lateral Movement

Given the dramatic rise in number of cybersecurity attacks in the recent years, threat hunting is very important to secure businesses and enterprises. This post discusses a new approach to detect lateral movement and shows how this approach can be applied on the data read using STIX-Shifter in the Kestrel threat hunting platform.
Do you like it?
Read more
October 31, 2022
Published by Paul Coccoli on October 31, 2022

Fun with securitydatasets.com and the Kestrel PowerShell Deobfuscator

Ready-made datasets from the Open Threat Research Forge meet Kestrel, featuring PowerShell Empire!
Do you like it?
Read more
July 27, 2022
Published by Xiaokui Shu on July 27, 2022

Try Kestrel in a Cloud Sandbox

Introducing the Kestrel cloud sandbox. Now learning and trying Kestrel is just a click away—no installation needed, no server needed.
Do you like it?
Read more
November 2, 2021
Published by Xiaokui Shu on November 2, 2021

Setting Up The Open Hunting Stack in Hybrid Cloud With Kestrel and SysFlow

How to set up the open hunting stack as presented at Black Hat Europe 2021 Arsenal.
Do you like it?
Read more
August 6, 2021
Published by Paul Coccoli on August 6, 2021

Building Your Own Kestrel Analytics and Sharing With the Community

Turning your frequently used enrichment operation and/or machine learning procedure into a reusable and shareable hunting step in Kestrel.
Do you like it?
Read more
July 26, 2021
Published by Xiaokui Shu and Ian Molloy on July 26, 2021

Practicing Backward And Forward Tracking Hunts on A Windows Host

In our previous blog post, we showed how to get started with the Kestrel Threat Hunting Language, such as connecting to data sources and performing your first hunts using the GET and FIND commands. In this post, we’ll introduce the APPLY keyword, which adds powerful analytics and enrichment capabilities to hunts. We will show a Kestrel hunt performing backward and forward tracking on a Windows host to unearth the […]
Do you like it?
Read more
July 26, 2021
Published by Xiaokui Shu and Ian Molloy on July 26, 2021

Building a Huntbook to Discover Persistent Threats from Scheduled Windows Tasks

In this blog post, the first in a series introducing the Kestrel Threat Hunting Language, we will show you how to get started with your first hunt. You’ll learn how to set up your environment, connect to data sources, and search for a common attack technique, scheduled tasks in Windows. You’ll also become familiar with the basic concepts that you […]
Do you like it?
Read more
June 29, 2021
Published by Dee Schur on June 29, 2021

IBM Contributes Kestrel Threat Hunting Tool to OASIS Open Cybersecurity Alliance (OCA)

Kestrel lets threat hunters ‘devote more time to figuring out what to hunt, as opposed to how to hunt’ Open Cybersecurity Alliance (OCA), an OASIS Open Project, today announced it has accepted IBM’s contribution of Kestrel, an open-source programming language for threat hunting that is used by Security Operations Center (SOC) analysts and other cybersecurity professionals. Kestrel streamlines cyber reasoning and […]
Do you like it?
Read more