2 Star 8 Fork 0

Gitee 极速下载 / Elkeid

Create your Gitee Account
Explore and code with more than 8 million developers,Free private repositories !:)
Sign up
此仓库是为了提升国内下载速度的镜像仓库,每日同步一次。 原始仓库: https://github.com/bytedance/Elkeid
This repository doesn't specify license. Please pay attention to the specific project description and its upstream code dependency when using it.
Clone or Download
Cancel
Notice: Creating folder will generate an empty file .keep, because not support in Git
Loading...
README.md

Elkeid

(Originated from AgentSmith-HIDS, but now it’s not just HIDS)

English | 简体中文

Elkeid is a support cloud-native and base linux host security(Intrusion detection and risk identification) solution.

Elkeid Architecture

Elkeid Host Ability

  • Elkeid Agent Linux userspace agent,responsible for managing various plugin,communication with Elkeid Server.
  • Elkeid Driver Driver can collect data on Linux Kernel, support container environment, communication with Elkeid Driver Plugin.
  • Elkeid RASP Support CPython、Golang、JVM、NodeJS runtime data probe, supports dynamic injection into the runtime.
  • Elkeid Agent Plugin List
    • Driver Plugin: Responsible for managing Elkeid Driver, and process the driver data.
    • Collector Plugin: Responsible for the collection of assets/log information on the Linux System, such as user list, crontab, package information, etc.
    • Journal Watcher: Responsible for monitoring systemd logs, currently supports ssh related log collection and reporting.
    • Scanner Plugin: Responsible for static detection of malicious files on the host, currently supports yara.
    • RASP Plugin: Responsible for managing RASP components and processing data collected from RASP.

The above components can provide these data: Driver Data Other Data

Elkeid Backend Ability

  • Elkeid AgentCenter Responsible for communicating with the Agent, collecting Agent data and simply processing it and then summing it into the MQ, is also responsible for the management of the Agent, including Agent upgrade, configuration modification, task distribution, etc.
  • Elkeid ServiceDiscovery Each component in the background needs to register and synchronize service information with the component regularly, so as to ensure that the instances in each service module are visible to each other and facilitate direct communication.
  • Elkeid Manager Responsible for the management of the entire backend, and provide related query and management API.
  • Elkeid Console Elkeid Front-end
  • Elkeid HUB Elkeid HIDS RuleEngine

Elkeid Advantage

  • Excellent Performance: With the help of Elkeid Driver and many custom developments, the end-to-end capability is excellent
  • Born For Intrusion Detection: Data collection is based on high-intensity confrontation, and targeted data collection is available for many advanced confrontation scenarios such as Kernel Rootkit, privilege escalation, and fileless attacks.
  • Support Cloud Native: Cloud native environment is supported from end-to-end capabilities to back-end deployment.
  • One-million-level Production Environment Verification: The whole has been internally verified at a million-level, and the stability and performance have been tested from end to server. Elkeid is not just a PoC, it is production-level; the open source version is the internal Release Version.
  • Secondary Development Friendly: Elkeid facilitates secondary development and increased demand for customization.

Front-end Display (Community Edition)

  • Host Details
  • Asset Details
  • Alarm Details
  • Allow List Management
  • Agent/Plugin Management
  • User Management

Quick Start

Contact us && Cooperation

Lark Group

If interested in Elkeid Enterprise Edition please contact elkeid@bytedance.com

License

  • Elkeid Driver: GPLv2
  • Elkeid RASP: Apache-2.0
  • Elkeid Agent: Apache-2.0
  • Elkeid Server: Apache-2.0
  • Elkeid Console: Elkeid License

404StarLink 2.0 - Galaxy

Elkeid has joined 404Team 404StarLink 2.0 - Galaxy

Repository Comments ( 0 )

Sign in to post a comment

About

Elkeid 是一个云原生的基于主机的安全(入侵检测与风险识别)解决方案 expand collapse
Cancel

Releases

No release

Contributors

All

Activities

Load More
can not load any more
1
https://gitee.com/mirrors/Elkeid.git
git@gitee.com:mirrors/Elkeid.git
mirrors
Elkeid
Elkeid
main

Search

挂件 关闭按钮