A comprehensive Endpoint Detection and Response (EDR) system consisting of a server and agent components. The system provides security monitoring, command execution capabilities, and network isolation features.
- System metrics collection (CPU, memory, disk, network)
- File operations (delete)
- Process management (kill process, kill process tree)
- Network control (block IP, block URL, network isolation)
- Secure communication using gRPC with bidirectional streaming
- Command result reporting and logging
- Python 3.8+
- Docker compose
- Node.js 16+ and npm & pnpm
- Elasticsearch and Kibana instance.
- ElastAlert container (for rule execution)
- Go lang
- gRPC
-
Install dependencies
cd backend python -m venv .venv source .venv/bin/activate pip install -r requirements.txt python -m grpc_tools.protoc -I../agent/proto --python_out=./app/grpc --grpc_python_out=./app/grpc ../agent/proto/agent.proto sed -i 's/import agent_pb2 as agent__pb2/from . import agent_pb2 as agent__pb2/' ./app/grpc/agent_pb2_grpc.py -
Configure environment variables in
.envfile (copy from.env.example)cp .env.example .env # Edit .env file with your configuration -
Run the development server
python server.py
Demo UI here
-
Navigate to the frontend directory
cd frontend -
Install dependencies
pnpm install -
Configure environment variables in
.envfile (copy from.env.example)cp .env.example .env # Edit .env file with your configuration -
Run the development server
npm run dev
-
Generate gRPC Code:
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative proto/agent.proto
-
Build the Agent:
go mod tidy go build -o edr-agent.exe
-
Run agent:
edr-agent.exe -server="IP:PORT"
This project is licensed under the MIT License - see the LICENSE file for details.