Security News > 2021 > July > IBM provides Kestrel, a threat hunting tool, to Open Cybersecurity Alliance

IBM provides Kestrel, a threat hunting tool, to Open Cybersecurity Alliance
2021-07-01 01:30

Open Cybersecurity Alliance announced it has accepted IBM's contribution of Kestrel, an open-source programming language for threat hunting that is used by Security Operations Center analysts and other cybersecurity professionals.

IBM Research and IBM Security jointly developed Kestrel to enable threat hunters to express hunts in an open, composable threat hunting language.

Because IBM Security has open-sourced this project, threat hunters across the globe are now able to collaborate, share and use the knowledge curated continuously by threat hunters using Kestrel.

"Kestrel is designed to take advantage of the collective learned experience of the threat hunting community - and enable that to be combined with the power of machine learning and automation to speed response to threats," said Jason Keirstead, CTO of Threat Management for IBM Security and Co-Chair - Open Cybersecurity Alliance.

"By sharing new threat hunting patterns as they emerge via code that can be easily customized, Kestrel lets threat hunters devote more time to figuring out what to hunt, as opposed to how to hunt."

"This is a really exciting contribution from IBM, a founding member of the Open Cybersecurity Alliance. Kestrel is a fully open-source threat hunting language that leverages the federated data service capabilities of STIX Shifter which were previously contributed to the OCA by IBM. I cannot wait to see how OCA member organizations and the community of like-minded people, pursuing open interoperability of security solutions, leverage these tools to further enhance their security operations across heterogeneous solutions," said Mark Mastrangeli, Lead Architect, McAfee, and Co-Chair - Open Cybersecurity Alliance.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/IjpXLZyFjuA/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
IBM 1297 1501 3829 914 498 6742