After months of quiet, Kunai is back with an update in the works!

Here’s what’s new:

- Sharper DNS traffic analysis for better threat detection

- File identification powered by magic-rs to unlock deeper detection scenarios

- Smarter event filtering and exclusion rules to cut false positives and boost performance

This release will be about making Kunai more precise, faster, and easier to use—whether you’re monitoring workstations, servers, or IoT devices.

If you have specific a request, this is the perfect time to open an issue and get a chance to see it land in the next release 😉

Curious? Follow the progress here: https://github.com/kunai-project

#Linux #ThreatHunting #Rust #eBPF #OpenSource

🚨 ONE STAR TO RULE THEM ALL 🚨

We’re 999 stars deep and this close to hitting 1000—will YOU be the chosen one?

💫 Perks of being #1000:
✔️ The undying gratitude of the Kunai dev team (we’ll owe you a coffee in the metaverse)
✔️ The satisfaction of making a repo’s day

👉 Do the thing: https://github.com/kunai-project/kunai

🚀 Kunai Sandbox is now live! 🚀

Curious about Kunai? Want to analyze Linux malware logs? Or share malware analysis to build detection rules? Kunai Sandbox has you covered! 🛡️

🔍 Check out what Kunai can do:
✅ Explore Kunai's log structure without running it locally
✅ Analyze logs generated by Linux malware
✅ Share malware analysis with others to build detection rules

🔗 See an example analysis of the perfctl #linux #malware: https://sandbox.kunai.rocks/analysis/59edbf8c-41b7-4144-97e0-9b0571446c02

#detectionengineering #infosec #dfir #soc

🚀 Kunai pushes further integration with MISP!

This week, we've made significant progress in bridging Kunai with @misp to enhance threat intelligence sharing. Our focus has been on developing kunai-to-misp, a new tool available at https://github.com/kunai-project/pykunai, which processes Kunai logs and creates MISP events to streamline collaboration.

With this, it is now possible to both update MISP from Kunai and feed Kunai from MISP using the misp-to-kunai tool. Here's a practical workflow example:

1️⃣ Analyze a #linux malware sample with Kunai Sandbox (https://github.com/kunai-project/sandbox)
2️⃣ Use kunai-to-misp on the collected Kunai logs
3️⃣ (Optional) Review attributes' IDS flag to maximize detections and reduce false positives
4️⃣ Use misp-to-kunai to distribute the results across all Kunai endpoints

Additionally, we're leveraging MISP’s data model to craft meaningful MISP objects and relationships, offering a clear visual representation of events inside MISP.

🔗 Try it out and let us know what you think!

#opensource #threatintel #threatdetection #cyberdefense #dfir #detectionengineering

🚀 New Stable Release is here! 🚀

Packed with powerful updates:
- Automatic log rotation for cleaner logs.
- A revamped CLI for an improved user experience.
- New kill event and hardened mode with LSM for robust security.
- Advanced YARA-X integration for malware detection.
- Community-ID support for seamless network data correlation.

Plus, enjoy enhanced event filtering, new ptrace events, and overall stability improvements.

Check it out: https://github.com/kunai-project/kunai/releases/tag/v0.3.0

🎉 We’re happy to announce the beta release of Kunai v0.3.0-beta.1!

🔍 Notable Features:

     New Event Monitoring: Introducing file monitoring for events that are written and then closed, enhancing your detection capabilities!
🌐 Corelight Community-ID Integration: Seamlessly integrate with Corelight's community-ID for enriched threat detection.
🛠️ Enhanced CLI Options: New command-line options now available to show logs and install Kunai as a service effortlessly!

Check out the full release notes here: https://github.com/kunai-project/kunai/releases/tag/v0.3.0-beta.1

Try it out and let us know what you think! Your feedback is invaluable as we continue to improve Kunai. 💬✨

🔎 A public preview of new features landing soon in the Kunai Project:

- Define actions triggered by detections
- Scan files with YARA as an action

💣 You can even detect #malware in #linux containers (see example)

Follow progress: https://github.com/kunai-project/kunai