This repository hosts community-contributed Kestrel analytics.

For Kestrel hunt-flows/huntbooks, visit the sister repo kestrel-huntbook.

• Kestrel is a cyber threat hunting language for creating reusable, composable, and shareable hunt-flows.
• Overview of Kestrel

• Kestrel analytics is one type of hunt steps, of which a hunt-flow is composed. This type of hunt step provides foreign language interfaces to non-Kestrel hunting modules to apply any external logic like ML detection, TI enrichment, and visualization.
• Try a Kestrel analytics in a cloud sandbox:
  • APPLY command tutorial
  • The entire Kestrel tutorial

1. Submit a PR with a description of the new analytics to add.
2. If the analytics has testing data, consider to put the data in data-bucket-kestrel
3. Get approval from one of the maintainers.
4. Share the link of your Kestrel analytics with others.