Translations (obsolete):
An EDR framework written in Rust
:test_tube: Access training data · :book: Read the Documentation · :speech_balloon: Request Feature
Owlyshield is an open-source EDR (Endpoint Detection and Response) solution for Linux and Windows servers. It analyzes how processes use files to detect intrusions through vulnerability exploitation, with a particular focus on detecting Command and Control, exfiltration and impact tactics. The project is developed by SitinCloud, a French company.
The main idea behind Owlyshield is to learn the normal behavior of applications (essentially trees of processes) and use this knowledge to identify weak signals of an attack through the use of novelty detection.
Owlyshield's extensibility is a key feature that sets it apart from other EDR solutions. As a framework you can add new algorithms for malware detection, UEBA (User and Entity Behavior Analytics), and novelty detection. You can also use Owlyshield to record and replay file activities for training machine learning models, as we do with our autoencoder feature.
Owlyshield provides powerful and efficient endpoint detection and response capabilities for Linux, Windows, and IoT devices. Its unique focus on file activities makes it highly effective at detecting fileless malware and C&C beacons that may go unnoticed by other EDR solutions.
Although Owlyshield is a framework designed to be customized and extended, it also comes with pre-built, powerful features that are immediately usable :
Owlyshield provides a powerful solution for detecting and responding to threats in real-time. Here are three real-life examples of how Owlyshield protected our customers:
Installation instructions for Owlyshield can be found in the Releases section of the project's GitHub repository. For usage instructions, please refer to the project's Wiki or see the Contributing section if you prefer to build Owlyshield yourself.
The Pro Edition (commercial edition) includes the following features:
Within the scope of free version usage, we will do our best to help you find a solution for any issues you may encounter. However, we prioritize support for subscribers to our commercial version and valued added resellers.
While our products and services can be purchased directly from us (feel free to contact us for a quotation that meets your needs), we believe that it is best for our products to be distributed to end customers indirectly.
Please contact us if you:
We offer free access to the Owlyshield Pro Edition to our contributors.
If you discover an undetected ransomware, please open an issue with the tag "undetected" to help us improve the AI engine and understand the new techniques used to avoid detection.
If you have suggestions on how to improve Owlyshield, you can fork the repository and create a pull request or simply open an issue with the tag "enhancement".
Don't forget to give the project a :star:! Thank you for your contributions.
To contribute:
git checkout -b feature/AmazingFeature
.git commit -m 'Add some AmazingFeature'
.git push origin feature/AmazingFeature
.Distributed under the EUPL v1.2 license. See LICENSE.txt
for more information.
Damien LESCOS - @DamienLescos
Project Link: https://github.com/SitinCloud/Owlyshield/
Company Link: SitinCloud