Xiaokui Shu

**Is your feature request related to a problem? Please describe.** Kestrel currently can walk the process tree with multiple variables, plus the files, reg-key, and network traffic connected. It is...

**Is your feature request related to a problem? Please describe.** The current `kestrel_datasource_stixbundle` package (https://github.com/opencybersecurityalliance/kestrel-lang/blob/develop/src/kestrel_datasource_stixbundle/interface.py) misses a STIX-bundle format checker on `bundle_in` before preparing the bundles files in `bundle_out` for...

**Is your feature request related to a problem? Please describe.** Currently Kestrel only consume data from SIEM via stix-shifter, no writing. However, it may be useful to report an alert...

**Is your feature request related to a problem? Please describe.** Ideas under discussion: 1. import and run huntflow and persist all variables in a session 2. define function/subroutine 3. named...

**Is your feature request related to a problem? Please describe.** Currently we can use ML as Kestrel analytics. An example is here https://github.com/opencybersecurityalliance/kestrel-analytics/tree/release/analytics/dataexfiltration **Describe the solution you'd like** May need...

https://github.com/ThreatHuntingProject/ThreatHunting

**Is your feature request related to a problem? Please describe.** Need to upgrade the interface if we do not use file as intermediate media to rely data from a data...

**Is your feature request related to a problem? Please describe.** Log management requires functionality to summarize entities/records, which is partially supported by `GROUP` currently. **Describe the solution you'd like** -...

**Is your feature request related to a problem? Please describe.** Currently we have different entity types for variables. However, when a user `group` entities in a variable, we don't have...