Kestrel Lang Versions Save

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

1.8.7

1 week ago

1.8.7 (2024-05-08)

Added

  • Documentation about pagination in stixshifter.yaml

Changed

  • stix-shifter upgraded to 7.0.7

1.8.6

2 weeks ago

1.8.6 (2024-05-02)

Added

  • Forward stix-shifter connector init error message to Kestrel

1.8.5

2 weeks ago

1.8.5 (2024-05-01)

Added

  • cli/diag: add start/stop/last options
  • subquery generation support in stix-shifter interface based on specified time window
  • configuration doc on subquery_time_window

Changed

  • cli/diag: change default timeframe to last 5 minutes

Fixed

  • Repeated queries when stix-shifter pagination is off

1.8.4

3 weeks ago

1.8.4 (2024-04-23)

Added

  • Kestrel logo in Jupyter Lab
  • Error handling of kestrel_jupyter_setup for JupyterLab

1.8.3

3 weeks ago

1.8.3 (2024-04-22)

stix-shifter v7 is finally coming to Kestrel!

And a new verify_cert option is available in the stix-shifter interface doc.

Added

  • Support of disabling certificate verification of stix-shifter v7 with config option verify_cert
  • Documentation on how to use the verify_cert option in the stix-shifter interface
  • Python 3.12 support (multiprocessing library behavior steering to avoid a CPU-blocking issue)
  • More generic HTML parsing of PyPI for stix-shfiter connector verification

Changed

  • stix-shifter upgraded to v7 (v7.0.6), the first version abandoning invalid certificate support

1.8.2

2 months ago

1.8.2 (2024-02-20)

Added

  • Support use of environment variable in config files
  • How to get Jupyter token in Docker deployment doc

Fixed

  • Remove port checking in stix-shifter interface #452
  • Add missing logging module import in stix-shifter-diag
  • Add missing delete operation in kestrel_datasource_stixshifter #458
  • Fix relations like CONTAINS #472

Changed

  • Disable (in default config) entity prefetch for file, user-account, x-oca-asset

1.8.1

6 months ago

1.8.1 (2023-10-23)

To upgrade to 1.8.1, please upgrade pip using pip install --upgrade pip setuptools wheel first before installing Kestrel.

Fixed

  • Git LFS install failure in Dockerfile
  • Kestrel logo font rendering inconsistency
  • PyPI release error if version exists (GitHub workflow)
  • kestrel-jupyter 1.8.1: jsonschema extra bug

1.8.0

7 months ago

Release summary:

  • Split Kestrel Python packages and creates version 1.8.0 for all Kestrel packages
  • Merge kestrel-jupyter into the kestrel-lang repo
  • Establish the new practice to release Kestrel (updated packages grouped by date)
  • Update installation document to use kestrel-jupyter as the umbrella package to install the latest Kestrel packages
  • Add a small feature to hide credentials in debug log

Full description in CHANGELOG.

release-2023-10-18-2

7 months ago

Release summary:

  • Split Kestrel Python packages and creates version 1.8.0 for all Kestrel packages
  • Merge kestrel-jupyter into the kestrel-lang repo
  • Establish the new practice to release Kestrel (updated packages grouped by date)
  • Update installation document to use kestrel_jupyter as the umbrella package to install the latest Kestrel packages
  • Add a small feature to hide credentials in debug log

Full description in CHANGELOG.

release-2023-10-18

7 months ago

Wrong tag, abandoned.