Community-Contributed Kestrel Analytics

This repository hosts community-contributed Kestrel analytics.

For Kestrel hunt-flows/huntbooks, visit the sister repo kestrel-huntbook.

What is Kestrel?

Kestrel is a cyber threat hunting language for creating reusable, composable, and shareable hunt-flows.
Overview of Kestrel

Kestrel analytics is one type of hunt steps, of which a hunt-flow is composed. This type of hunt step provides foreign language interfaces to non-Kestrel hunting modules to apply any external logic like ML detection, TI enrichment, and visualization.
Try a Kestrel analytics in a cloud sandbox:
- APPLY command tutorial
- The entire Kestrel tutorial

Submit a PR with a description of the new analytics to add.
If the analytics has testing data, consider to put the data in data-bucket-kestrel
Get approval from one of the maintainers.
Share the link of your Kestrel analytics with others.

Name		Name	Last commit message	Last commit date
Latest commit History 94 Commits
analytics		analytics
template		template
testdata		testdata
AUTHORS.rst		AUTHORS.rst
CHANGELOG.rst		CHANGELOG.rst
LICENSE		LICENSE
README.md		README.md
pythonanalytics_sample.yaml		pythonanalytics_sample.yaml