We’ve built a self-managed EDR/XDR platform that combines real-time intrusion detection, enhanced user activity logging, and sensitive file monitoring, all driven by eBPF for deep system visibility. It’s designed to be efficient enough for thousands of endpoints, and comes with a clean, dual-dashboard UI (main + per-server) for managing everything at scale.
Works seamlessly across 1000s of servers Detects file access/modifications (e.g. /etc/passwd) Logs detailed user behavior and suspicious command activity Blocks malicious IPs across server groups with 1 click AI-assisted alert classification and risk scoring
Here’s a quick 2-minute demo: https://youtu.be/16BvgmfiYzQ — would love your thoughts!
Apart from this a major issue is DNS based dynamic filtering which is way batter to get right in a Kubernetes environment with something like Cilium. IP lists are impossible to manage with modern level of third party integrations.