Kestrel as a Service (KaaS) - Nov 2023

Roseann Guttierrez [00:00:00]:
Our guest, Kenneth Peoples. He is a principal cybersecurity architect for Red Hat, and we're gonna ask him some questions about Kestrel as a service. Kenneth, I'm gonna let you actually start and kinda give a, a quick, you know, bio.

Kenneth Peeples [00:00:14]:
Sure. Absolutely. Thank you. Glad to be here with everybody. I was really looking forward to, sharing the Kestrel as a service project. So I'm a Red Hat cybersecurity architect. I've been working, mainly department of defense for a number of years And help the government with, security issues to help them solve problems.

Kenneth Peeples [00:00:43]:
So I, go on-site help in these DOD projects. I started my doctorate 2 years ago At Colorado State University, and I'm in the doctorate of engineering program, which means I have a practicum or a project, and then I have my dissertation. And so the Kestrel as a service is part of my practicum. I also do some, work on some other projects and internal initiatives For Red Hat as well.

Roseann Guttierrez [00:01:22]:
Awesome. Well, thank you so much. I I really, really appreciate you taking the time to talk with us today. My first Question for you is give me your elevator pitch on Kestrel as a service.

Kenneth Peeples [00:01:33]:
Yeah. So I am really excited about the project. I think it is filling in some gaps that we've identified, and I've been working with Open Cybersecurity Alliance to get the subproject going, working with folks like Shu and Claudia, and I just really enjoyed putting this platform together. So the elevator pitch is how can I build a platform For crowd hunting, for threat collaboration with a threat hunting team, and, that's where Kestrel as a service comes in. There are many components. I'm just gonna list a couple, and we can dive into into those as As we move forward in this session, but we've created a Dockerfile that has the Kestrel language and runtime, OpenC2, STIX shifter, all those for a, threat hunting container. That is riding on Kubernetes, which is the container platform and managed by JupyterHub for the notebook sharing, also, we're using Ansible Core for automation to do the deployment, along with VirtualBox Vagrant. And so those are are different components To build infrastructure platform as a service and software as a service. And so we have Examples to build the virtual machines, which is the, infrastructure as a service And using either Ubuntu or Red Hat.

Kenneth Peeples [00:03:29]:
And then on top of the virtual machines, whether it's A single node mini cube or a multinode cluster. Then we put JupyterHub on top of it and Integrate Keycloak with authentication so that users sign in. And if it's a, shared project, Then others can sign in to that project and share, snippets of code, share the, notebook that has the threat hunting flows and steps in it. And so the whole target of Kestrel as a service is to be able to speed up, crowd hunting.

Roseann Guttierrez [00:04:17]:
Okay.

Kenneth Peeples [00:04:17]:
And sometimes

Roseann Guttierrez [00:04:20]:
Go ahead. Sorry.

Kenneth Peeples [00:04:21]:
Yeah. And I was just gonna say, we've talked more as we get into what's important, in some of these pieces. But With doing the crowd hunting, a team threat hunting platform, the outcome Should be improved mean time to detect.

Roseann Guttierrez [00:04:40]:
Gotcha. Okay. So basically, it's taking Kestrel that someone would load, like, locally and work on by themselves, right, and then providing a vehicle to have multiple people kind of touch it and then and work on it together, essentially. Yeah. Okay. Alright. So why is this project important to you? I mean, I know, yeah, it's It's part of your dissertation, but I did, take a sneak peek at your GitHub. And I looked at the very, very bottom, and there's kind of a dedication there.

Kenneth Peeples [00:05:14]:
Yeah. I'm glad you saw that. So, a couple answers to that question, why it's important to me. The, the first part of that is my parents, and that's the dedication that you mentioned. My parents have always been in IT. And if you look at all the old pictures of the magnetic tapes, The size of the original disk drives and and so forth. When I was, you know, elementary Elementary school age, I would go to the computer rooms, and they would have the raised floors. They would have all the lights On the console, the magnetic tapes going in background.

Kenneth Peeples [00:05:59]:
They would have the punch cards. If everybody remembers the punch cards, but you don't wanna drop the Punch cards.

Roseann Guttierrez [00:06:07]:
No.

Kenneth Peeples [00:06:07]:
And and so, you know, my parents were always And still are an inspiration to me of, you know, work and and family. And so, I have a passion for security, and I, came across Kestrel, I started talking with Shu, and I thought this was, great for me to work on Personally, for that passion, of security plus, my hope is The cyber incidents that continue to occur, there's an additional solution that people can use to minimize the impact of those incidents.

Roseann Guttierrez [00:06:57]:
Nice. Nice. Yes. Passionate. That's that's good. That that's why we have you here, right, as a contributor Yeah. Yeah. To kinda give an example of, you know, what some people are working on.

Roseann Guttierrez [00:07:07]:
So that's awesome. Alright. Last question. Everybody needs help. Right? All the projects, they always need help. Where could you use some help, and what are some ideas for how people might help you?

Kenneth Peeples [00:07:18]:
Yeah. And I appreciate that question. And I think it goes to all of open cybersecurity alliance to me in that, You know, generally, at the high level, the open source communities, they can't succeed without having Those that wanna collaborate and commit and give back, not just using a project, but getting involved in the project and helping it move forward. It's very important. So for me, with Kestrel as a service, as I mentioned before, there's a lot of different components that are involved. It's a a platform. And so there are several places where I could use help. One is building out the best ways to deploy the platform. Right now,

Kenneth Peeples [00:08:11]:
I have mini cube in a full cluster, but there's that's Kubernetes. But there are other container platforms that it would be nice to get it onto and and tested. So that goes to the code, Creation and testing of the infrastructures code, the example, hunt books That would be a help to have more of those. I've started attending conferences and talking about Kestrel as a service. That also means I'm talking about Kestrel, talking about, STIX shifter, talking about OpenC2, These other components that are in there too. So I'm trying to get more of the word out to get help to make this a great Crowd Hunt tool. And so one of the other pieces that's coming up, hopefully, this end of this month, I wrote a article for the Red Hat Research Quarterly, and I hope that we'll get more of the word out and and share, Open Cybersecurity Alliance and share Kestrel as a service. And so that should be published soon.

Kenneth Peeples [00:09:27]:
And If you look at the repository, there is a set of steps To go through, to stand up the environment on the single node Kubernetes, the the mini cube. And so it would be great To have help there. But I would say to get people started, because we do want people to participate in OCA and Kestrel as a service and the other components I mentioned. There's the repositories in GitHub. I know organizations can become the OCA sponsors. Mine falls under, IBM. So I know OCA is always looking for more organizations there to help, And there's the the OCA project governance board. But there is for Kestrel as a service specifically.

Kenneth Peeples [00:10:26]:
There's the Slack channel. So if you wanna get involved, getting on the Slack channel and pinging me or any of the others is Always a help. There's the website, open cybersecurity alliance.org, and then there's the GitHub.

Roseann Guttierrez [00:10:42]:
Nice