Installation And Setup

Kestrel utilizes computing resources and interacts with the world in three ways:

1. Huntflow organization and execution (core Kestrel compiler/interpreter/runtime)

2. Data retrieval (graph pattern matching, relation resolution, etc.)

3. Entity enrichment and extensible analytics (Kestrel analytics)

Accordingly, to install and setup Kestrel:

1. Install the Kestrel runtime with a front-end of your choice

   Right after this step, you will be able to play with the Hello World Hunt. However, this Kestrel environment does not have connections to any data sources or Kestrel analytics.

2. Configurate data sources to use

   Kestrel ships with two data source interfaces (STIX-shifter Data Source Interface and STIX bundle Data Source Interface). However, Kestrel does not know what data sources you have. You need to tell Kestrel where your data sources are and how to connect to them. This is done through data source configuration, especially Setup STIX-shifter Data Source.

3. Setup Kestrel analytics

   Kestrel ships with two analytics interfaces by default (Python Analytics Interface and Docker Analytics Interface). You need to get analytics and register them under any of the interfaces, e.g., adding configuration to the Python Analytics Interface.

Detailed subsections:

• Install Runtime
  • General Requirements
  • OS-specific Requirements
  • Choose Where to Install
  • Kestrel Runtime Installation
  • Kestrel Front-Ends
  • What’s to Do Next
• Connect to Data Sources
  • Kestrel Data Source Abstraction
  • Setup STIX-shifter Data Source
• Setup Kestrel Analytics
  • Kestrel Analytics Abstraction
  • Kestrel Analytics Repo
  • Setup Python Analytics
  • Setup Docker Analytics
  • What’s to Do Next