Hello HN!
Deploying the next-generation of security telemetry technologies to production is hard, so I’m building Impulse, a fully automated XDR platform that leverages tools like Osquery and eBPF to provide real-time threat detection & integrity monitoring for servers and workstations.
It detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools. Impulse agents can be deployed on any device or VM running Linux such as cloud VMs in VPC networks, VPS servers or personal workstations and IoTs.
In terms architecture, it is organised around a self-hosted, manager-sensor model that provides traditional SIEM capabilities like centralized log storage, indexing and normalization, but also automated log-correlation and real-time threat detection via 2 open-source EDR sensors (one called “light” for host intrusion detection, and “heavy” sensor with network IDS capabilities).
It’s designed to be fast and easy to use, so it installs in 5 mins on as little as 1.5 gb RAM, 1-core VM.
Repository: https://github.com/bgenev/impulse-xdr
Web: https://impulse-xdr.com/
You can use Impulse to immediately start monitoring a server, personal Desktop, or local VM (to test it out).
Main features include:
- Security Analytics: Ingests telemetry data from its fleet of monitoring sensors and provides security analytics & insights.
- Integrity monitoring for every aspect of your environment - files, processes, connections, ports, users, authentications, installed packages, kernel modules, etc. every variable that could be an indicator of compromise is tracked and stored in “IOCs History” table.
- Network Visibility & IDS: Monitors network flows, detects intrusion attempts and automatically blocks offenders with active response.
- Security Policies: Monitors system configuration settings to ensure compliance with preset core security policies and provides CIS-benchmark reports.
- Active Response: Blocks suspicious IPs, stops processes, closes ports and quarantines files.
- Fleet Firewall: nftables-based fleet firewall blocks offenders across the fleet.
- Threat Intel: Integrates with high-quality threat intelligence providers to enrich your context data.
- Vulnerability Scanning: Discovers installed packages and associated CVEs.
- Self-Hosted & Open-Core: Data never leaves you servers.
Please feel free to share any requests for further development, this will be a community-driven project.
Roadmap: the next major iteration will have custom secure configuration packs, so that users can create checks specific to their infrastructure.
