This repository hosts community-contributed Kestrel analytics.
For Kestrel hunt-flows/huntbooks, visit the sister repo kestrel-huntbook.
- Kestrel is a cyber threat hunting language for creating reusable, composable, and shareable hunt-flows.
- Overview of Kestrel
- Kestrel analytics is one type of hunt steps, of which a hunt-flow is composed. This type of hunt step provides foreign language interfaces to non-Kestrel hunting modules to apply any external logic like ML detection, TI enrichment, and visualization.
- Try a Kestrel analytics in a cloud sandbox:
- Submit a PR with a description of the new analytics to add.
- If the analytics has testing data, consider to put the data in data-bucket-kestrel
- Get approval from one of the maintainers.
- Share the link of your Kestrel analytics with others.