Toots for kunai_project@infosec.exchange account

Written by Kunai Project on 2025-01-21 at 14:40

🔥 Kunai v0.5.0: Sharpened and Forged for Peak Performance! 🔥

We're happy to announce that Kunai v0.5.0 is now available, freshly forged with new features and enhancements designed to boost your system observability.

🔍 Get More Visibility Than Ever:

• Start Event: Understand your agent's startup process with detailed information via our new start event.

• Error Event: Critical errors, like file system throttling decisions, now bubble up into Kunai logs with our new error event. Stay informed about issues affecting your system's operation and take immediate action.

• Event Loss Event: Never lose track of important data with our event_loss event! Get notified if the userland component can't keep up with the kernel's event rate, enabling you to address potential data loss and system load issues.

⚙️ Enhanced Control and Efficiency:

• File System Event Limiting: Take control of your resources and prevent event floods with our new file system event limiting. Configure the limit per CPU and manage both task-level and global resource usage.

• User/Group Name Resolution: Enhance your audit logging and security event analysis with user and group names directly in your events, providing context and value to your security monitoring.

Ready to supercharge your system monitoring with Kunai? Check out our documentation to get started today!

👉 https://why.kunai.rocks/docs/next/quickstart

View the full release details here: https://github.com/kunai-project/kunai/releases/tag/v0.5.0

Try it out, report any bugs or issues, and let's improve this together! Your feedback is invaluable.

[#]linux #ebpf #opensource #linux #observability #monitoring #security

=> More informations about this toot | View the thread

Shared by Kunai Project on 2025-01-20 at 08:49 (original by Alexandre Dulaunoy)

=> More informations about this toot | View the thread

Written by Kunai Project on 2025-01-06 at 09:17

🌟 Important Announcement from the Kunai Project! 🌟

We’re proud to share that the Kunai Project will be participating in Hackathon.lu 2025 on April 8th and 9th! 🎉

Hackathon.lu (https://hackathon.lu/) is a fantastic opportunity to come together with individuals who share a passion for making great things accessible to everyone. Our goal is to provide open-source cybersecurity tools that are free and available to all, and this event is a chance to collaborate on ideas that benefit the entire community.

Whether you’re a developer, security researcher, or tech enthusiast, we’d love to connect with you. Let’s work together toward a common goal and create something meaningful!

Not interested in collaborating on Kunai? No problem! There are several other amazing projects to explore: https://hackathon.lu/projects. We’re sure you’ll find one meaningful for you.

📅 When: April 8-9, 2025

📍 Details: https://hackathon.lu/

🔗 Explore Kunai: https://github.com/kunai-project/kunai

Join us in building tools that empower and protect everyone. Together, we can make a difference!

[#]OpenSource #CyberSecurity #Linux #ThreatHunting

=> More informations about this toot | View the thread

Shared by Kunai Project on 2024-11-29 at 07:36 (original by Alexandre Dulaunoy)

=> More informations about this toot | View the thread

Written by Kunai Project on 2024-11-28 at 20:13

🚀 Exciting News: Kunai’s Latest Release is Here! 🎉

We’re excited to announce the newest release of Kunai, an open-source security monitoring and hunting tool for Linux systems! This version introduces many fixes and features to improve flexibility, performance, and usability.

What’s new?

🔧 Fixes: Improved process tracking ensures that even zombie processes can’t escape detection!

🌟 Enhancements: Simplified configuration and accurate process ancestorship tracking.

🚀 New Features:

- Composite Rules: Modular, reusable rules for efficiency and simplicity.

- String Templates: YAML-based templates for concise, maintainable rules.

- File Create Event Tracking and more!

📚 Documentation is updated with all the changes at: http://why.kunai.rocks/

Dive into the release details: http://github.com/kunai-project/kunai/releases/tag/v0.4.0

[#]OpenSource #Linux #DFIR #SOC #ThreatHunting

=> More informations about this toot | View the thread

Written by Kunai Project on 2024-11-05 at 10:53

🚀 New Stable Release is here! 🚀

Packed with powerful updates:

• Automatic log rotation for cleaner logs.

• A revamped CLI for an improved user experience.

• New kill event and hardened mode with LSM for robust security.

• Advanced YARA-X integration for malware detection.

• Community-ID support for seamless network data correlation.

Plus, enjoy enhanced event filtering, new ptrace events, and overall stability improvements.

Check it out: https://github.com/kunai-project/kunai/releases/tag/v0.3.0

=> View attached media

=> More informations about this toot | View the thread

Shared by Kunai Project on 2024-11-04 at 20:55 (original by hack_lu)

=> More informations about this toot | View the thread

Written by Kunai Project on 2024-10-29 at 15:49

Working on code is enjoyable, while working on documentation is a bit less exciting, but it's necessary to ensure happy users. I’ve always been disappointed when looking at the documentation page for Microsoft Sysmon. This is why I chose not to repeat that mistake with Kunai! Take a look at the latest documentation update if you want to know what to expect in the next stable release.

🔎 https://why.kunai.rocks/docs/next/quickstart

=> More informations about this toot | View the thread

Shared by Kunai Project on 2024-10-22 at 13:23 (original by hack_lu)

=> More informations about this toot | View the thread

Written by Kunai Project on 2024-10-15 at 12:49

🎉 We’re happy to announce the beta release of Kunai v0.3.0-beta.1!

🔍 Notable Features:

:2001:  New Event Monitoring: Introducing file monitoring for events that are written and then closed, enhancing your detection capabilities!

🌐 Corelight Community-ID Integration: Seamlessly integrate with Corelight's community-ID for enriched threat detection.

🛠️ Enhanced CLI Options: New command-line options now available to show logs and install Kunai as a service effortlessly!

Check out the full release notes here: https://github.com/kunai-project/kunai/releases/tag/v0.3.0-beta.1

Try it out and let us know what you think! Your feedback is invaluable as we continue to improve Kunai. 💬✨

=> View attached media

=> More informations about this toot | View the thread

Shared by Kunai Project on 2024-10-03 at 08:31 (original by Alexandre Dulaunoy)

=> More informations about this toot | View the thread

Shared by Kunai Project on 2024-10-02 at 14:53 (original by circl)

=> More informations about this toot | View the thread

Written by Kunai Project on 2024-09-26 at 08:42

@corelight Community-ID is now integrated into Kunai and will appear in connect, dns_query, and send_data events. This enhancement enables correlating Kunai logs with external traffic analysis tools such as IDS. A direct application of this is determining which Linux process generated traffic observed by your analysis tool. I see this as a great way to narrow down host activity that triggered a network alert. Big thanks to @Regit for proposing this idea during @passthesaltcon

This feature is not yet documented but is available in the latest alpha release: https://github.com/kunai-project/kunai/releases/tag/v0.3.0-alpha.2

=> More informations about this toot | View the thread

Shared by Kunai Project on 2024-09-24 at 09:53 (original by hack_lu)

=> More informations about this toot | View the thread

Written by Kunai Project on 2024-09-13 at 08:38

🔔 For those wondering how to gain visibility on their #Linux system for #ThreatDetection and #ThreatHunting:

Check out the Kunai Project! It's completely free and supports IoC-based detection, Yara rules, custom detection rules, and more.

A new release is available: https://github.com/kunai-project/kunai/releases

=> More informations about this toot | View the thread

Written by Kunai Project on 2024-09-04 at 11:56

🔎 A public preview of new features landing soon in the Kunai Project:

• Define actions triggered by detections

• Scan files with YARA as an action

💣 You can even detect #malware in #linux containers (see example)

Follow progress: https://github.com/kunai-project/kunai

=> View attached media | View attached media

=> More informations about this toot | View the thread

Written by Kunai Project on 2024-08-08 at 10:11

Just released a small diagnostic tool for kunai: https://github.com/kunai-project/tools/blob/main/kunai-stats.py

It can be used to evaluate the number of events and volume of data generated by a given configuration.

=> View attached media

=> More informations about this toot | View the thread

Written by Kunai Project on 2024-08-08 at 07:09

🔧 Currently working on a protection feature for Kunai using eBPF LSM hooks! So far, any attempts to kill or ptrace are blocked. I haven't explored all the ways one can tamper with or stop a #Linux process yet. I'm counting on you 👇 to share what you know about it.

=> View attached media

=> More informations about this toot | View the thread

=> This profile without reblog | Go to kunai_project@infosec.exchange account