Kestrel does threat hunting and produces outputs about threats (or lack thereof) in the system. These outputs should be inputs into PACE either directly (as STIX observables produced by Kestrel) or indirectly (if Kestrel was part of CACAO playbook, another playbook step might be updating PACE)
Kestrel does threat hunting and produces outputs about threats (or lack thereof) in the system. These outputs should be inputs into PACE either directly (as STIX observables produced by Kestrel) or indirectly (if Kestrel was part of CACAO playbook, another playbook step might be updating PACE)