-
-
Notifications
You must be signed in to change notification settings - Fork 12
Home
Maicon Ribeiro Esteves edited this page Apr 3, 2026
·
4 revisions
Autonomous security agent for Linux. Full-stack visibility from Ring -2 (firmware) to Ring 3 (userspace). 40 eBPF kernel hooks, 49 detectors, 22 collectors, 30 cross-layer correlation rules, 65 MITRE ATT&CK technique IDs, 208 Sigma community rules, autoencoder anomaly detection, behavioral DNA fingerprinting, baseline anomaly detection, JA3/JA4 TLS fingerprinting, YARA + Sigma rule engines, automated playbook response. Rust, Apache-2.0.
| Page | Description |
|---|---|
| Sensor Capabilities | 22 collectors, 49 detectors, 208 Sigma rules, YARA engine, syslog CEF output |
| Agent Capabilities | AI pipeline, correlation engine, baseline learning, attacker intelligence, playbooks, dashboard |
| Configuration | Full TOML config reference and environment variables |
| Operations | Build, deploy, CLI reference, permissions, service management |
| Page | Description |
|---|---|
| Data Format | JSONL output schema: Event, Incident, Decision fields |
| Module Authoring | How to build a custom detector, skill, or module |
| Integration Recipes | Declarative recipe format for connecting external tools |
| ISO 27001 Control Mapping | Compliance mapping for 12 ISO 27001 controls |
| Page | Description |
|---|---|
| Integrated Setup | Full stack on Ubuntu 22.04: Inner Warden + Falco + Suricata + osquery + Telegram |
| Page | Description |
|---|---|
| Privacy and Data Protection | GDPR compliance, data categories, third-party flows, data subject rights |