STIX-shifter Archives

July 11, 2023

Published by Xiaokui Shu on July 11, 2023

Kestrel Data Retrieval Explained

Kestrel provides a layer of abstraction to compose hunt-flows with standard hunt steps that run across many data sources and data types. This blogs overviews how data is retrieved, processed, and stored in Kestrel, and explains the 10x data retrieval performance improvement through Kestrel 1.5, 1.6, and 1.7.

June 15, 2023

Published by Constantin Adam and Xiaokui Shu on June 15, 2023

End-to-end Testing for Cyber-Security Applications

Announcing the Federated Search End-To-End Testing GitHub Repository and its first CI/CD usage for Kestrel, a federated search application. Read on.

February 27, 2023

Published by Leila Rashidi on February 27, 2023

A Kestrel Analytics to Detect Lateral Movement

Given the dramatic rise in number of cybersecurity attacks in the recent years, threat hunting is very important to secure businesses and enterprises. This post discusses a new approach to detect lateral movement and shows how this approach can be applied on the data read using STIX-Shifter in the Kestrel threat hunting platform.

October 18, 2021

Published by RoseAnn Guttierrez on October 18, 2021

Federated Search

Visibility is an ongoing problem for security operations. Throughout an investigation, many tools are utilized to gather and collect the context needed to make informed decisions. That context is critical to advise security teams on what actions to take and what potential threats require further research. Gathering information across multiple tools and disparate data sources takes time, and time is […]