-
-
Notifications
You must be signed in to change notification settings - Fork 15
Home
The autonomous alternative to MDR for Linux: same outcome (24/7 detection + response), no SOC cost. Full-stack visibility from Ring -2 (firmware) to Ring 3 (userspace). 40 eBPF kernel hooks, 49 detectors, 22 collectors, 47 cross-layer correlation rules, 65 MITRE ATT&CK technique IDs, 208 Sigma community rules, autoencoder anomaly detection, behavioral DNA fingerprinting, baseline anomaly detection, JA3/JA4 TLS fingerprinting, YARA + Sigma rule engines, automated playbook response.
As of v0.12.2: unified SQLite store for every artifact (spec 016), intelligent notifications with incident grouping (spec 005), continuous trust scoring with graduated enforcement (spec 020), observation verification for FP clearing (spec 021), circuit breaker for autonomous block decisions (spec 025), and a regression safety net with 7 canonical scenario-qa envelopes + drift metrics (spec 024).
Rust, Apache-2.0.
| Page | Description |
|---|---|
| Sensor Capabilities | 22 collectors, 49 detectors, 208 Sigma rules, YARA engine, syslog CEF output |
| Agent Capabilities | AI pipeline, correlation engine, baseline learning, attacker intelligence, playbooks, dashboard |
| Configuration | Full TOML config reference and environment variables |
| Operations | Build, deploy, CLI reference, permissions, service management |
| Page | Description |
|---|---|
| Data Format | JSONL output schema: Event, Incident, Decision fields |
| Module Authoring | How to build a custom detector, skill, or module |
| Integration Recipes | Declarative recipe format for connecting external tools |
| ISO 27001 Control Mapping | Compliance mapping for 12 ISO 27001 controls |
| Page | Description |
|---|---|
| Integrated Setup | Full stack on Ubuntu 22.04: Inner Warden + Falco + Suricata + osquery + Telegram |
| Page | Description |
|---|---|
| Privacy and Data Protection | GDPR compliance, data categories, third-party flows, data subject rights |