IBM said on Wednesday that it will provide the Kestrel open-source threat hunting programming language to the Open Cybersecurity Alliance (OCA).
Security Operations Center (SOC) analysts and other cybersecurity experts can use the Kestrel threat hunting tool to speed up threat detection.
Cybersecurity experts can use threat hunting to uncover hidden risks before they launch an assault, allowing them to respond faster to indicators of compromise. Through Kestrel, analysts will be able to discover threats more effectively.
“To enable threat hunters to express hunts in an open, composable threat hunting language,” according to Kestrel. Kestrel uses automation to complete monotonous hunting chores, allowing threat hunters to focus on more important activities, according to IBM.
The tool makes use of machine-based automation and enables for the reuse of best practises in order to shorten the time between hunts. The initiative, which is open-source, may be utilised by threat hunters all across the world to communicate and share information.
By integrating the fragmented cybersecurity ecosystem and enabling security solutions to communicate data, OCA will be able to continue to foster better interoperability across the security industry.
“Kestrel is built to take advantage of the threat hunting community’s collective learned experience – and combine it with the power of machine learning and automation to speed response to threats,” says the company “said Jason Keirstead, IBM Security’s CTO of Threat Management and Co-Chair of the Open Cybersecurity Alliance.
“Kestrel allows threat hunters spend more time figuring out what to hunt, rather than how to hunt, by revealing new threat hunting patterns as they develop via code that can be easily adjusted.