Skip to content
/ Elkeid Public

Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.

elkeid.bytedance.com
2.3k stars 452 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bytedance/Elkeid

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
driver
driver
 
 
AgentSmith-HIDS.png
AgentSmith-HIDS.png
 
 
README-zh_CN.md
README-zh_CN.md
 
 
README.md
README.md
 
 

Repository files navigation

AgentSmith-HIDS

English | 简体中文

Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to lack of rule engine and detection function. However, it can be used as a high performance 'Host Information Collect Agent' as part of your own HIDS solution. The comprehensiveness of information which can be collected by this agent was one of the most important metrics during developing this project, hence it was built to function in the kernel space and achieve huge advantage comparing to those function in user space, such as:

  • Better performance, Information needed are collected in kernel space to avoid additional supplement actions such as traversal of '/proc'; and to enhance the performance of data transportation.
  • Hard to be bypassed, Information collection was powered by specifically designed kernel drive, makes it almost impossible to bypass the detection for malicious software like rootkit, which can deliberately hide themselves.
  • Easy to be integrated,The AgentSmith-HIDS was built to integrate with other applications and can be used not only as security tool but also a good monitoring tool, or even a good detector of your assets. The agent is capable of collecting the users, files, processes and internet connections for you, so let's imagine when you integrate it with CMDB, you could get a comprehensive map consists of your network, host, container and business (even dependencies). What if you also have a Database audit tool at hand? The map can be extended to contain the relationship between your DB, DB User, tables, fields, applications, network, host and containers etc. Thinking of the possibility of integration with network intrusion detection system and/or threat intelligence etc., higher traceability could also be achieved. It just never gets old.
  • Kernel Space + User Space,AgentSmith-HIDS also provide user space module, to further extend the functionality when working with kernel space module.

System Architecture

Currently we only opensource AgentSmith-HIDS Agent && Driver:

TODO

  • OpenSource AgentSmith-Server

About

Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.

elkeid.bytedance.com

Topics

security hids linux-security rasp edr cwpp

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2.3k stars

Watchers

48 watching

Forks

452 forks
Report repository

Releases 157

Release scanner-v2.2.0.2-20241226_1_test_only Latest
Dec 26, 2024
+ 156 releases

Packages

No packages published

Contributors 27

+ 13 contributors

Languages