Threat hunters can spend more time figuring out what to hunt rather than how to hunt using Kestrel
The Open Cybersecurity Alliance (OCA), an OASIS Open Project, disclosed that IBM’s contribution of Kestrel, an open-source threat hunting programming language used by Security Operations Center (SOC) analysts and other cybersecurity professionals, has been accepted. Kestrel simplifies cyber reasoning and threat discovery, allowing analysts to complete the process faster and more efficiently.
Kestrel was developed jointly by IBM Research and IBM Security to allow threat hunters to express hunts in an open, composable threat hunting language. Kestrel uses automation to complete time-consuming hunting tasks, allowing threat hunters to focus on higher priority tasks. Its blend of human ingenuity and machine-based automation speeds up threat hunting.
Commenting on the development, Jason Keirstead, CTO of Threat Management for IBM Security and Co-Chair – Open Cybersecurity Alliance, said “Kestrel is designed to take advantage of the collective learned experience of the threat hunting community – and enable that to be combined with the power of machine learning and automation to speed response to threats,”
He added “By sharing new threat hunting patterns as they emerge via code that can be easily customized, Kestrel lets threat hunters devote more time to figuring out what to hunt, as opposed to how to hunt.”
The reusability of best practises is enabled by the composable hunting flows, reduces the time it takes to develop new hunts. Due to IBM Security’s open-sourcing of the project, threat hunters all over the world can now collaborate, share and use the knowledge curated continuously by threat hunters utilising Kestrel.
This contribution by IBM is a significant step forward in OCA’s objective to drive greater interoperability across the security Industry.