Kestrel
November 2, 2021
How to set up the open hunting stack as presented at Black Hat Europe 2021 Arsenal.
August 6, 2021
Turning your frequently used enrichment operation and/or machine learning procedure into a reusable and shareable hunting step in Kestrel.
July 26, 2021
In our previous blog post, we showed how to get started with the Kestrel Threat Hunting Language, such as connecting to data sources and performing your first hunts using the GET and FIND commands. In this post, we’ll introduce the APPLY keyword, which adds powerful analytics and enrichment capabilities to hunts. We will show a Kestrel hunt performing backward and forward tracking on a Windows host to unearth the […]
July 26, 2021
In this blog post, the first in a series introducing the Kestrel Threat Hunting Language, we will show you how to get started with your first hunt. You’ll learn how to set up your environment, connect to data sources, and search for a common attack technique, scheduled tasks in Windows. You’ll also become familiar with the basic concepts that you […]
June 29, 2021
Kestrel lets threat hunters ‘devote more time to figuring out what to hunt, as opposed to how to hunt’ Open Cybersecurity Alliance (OCA), an OASIS Open Project, today announced it has accepted IBM’s contribution of Kestrel, an open-source programming language for threat hunting that is used by Security Operations Center (SOC) analysts and other cybersecurity professionals. Kestrel streamlines cyber reasoning and […]