As a Systems Architect, I've worked with various Endpoint Detection and Response (EDR) solutions, and I'm excited to see an open-source alternative like ShadowStrike. One key aspect to consider when building an EDR from scratch is the ability to collect and analyze telemetry data from endpoints. This includes process creation, network connections, file access, and other system calls. To achieve this, ShadowStrike could utilize a kernel-mode driver to intercept and log system calls, providing a robust dataset for
• threat
detection and incident response.
Additionally, implementing a cloud-based backend for data storage and analytics would enable scalable and efficient processing of the collected data, facilitating the detection of advanced threats.
First of all, it's great to receive such feedback from a system architect like yours! Thank you for that. I'm trying my best; it will be a long-term project, and I'm considering a serious EDR platform. As you said, I'm planning endpoint cloud systems and even custom sandbox - AI integrations for these cloud systems, but these require money, and I can't afford them right now. Also, the product is still in its early stages and has a long way to go, but I will definitely try to add them in the future. As someone familiar with EDRs, I know them inside and out. I'm also thinking of adding systems like threat management dashboards, but if I do that, I'll probably have to release it as an Enterprise version of ShadowStrike, but as I said, these are things that will happen over time. This year, I'm completely focused on Shadow Sensor; it's a really challenging area, and I'm learning a lot while trying to do a good job. Let's see how things go.
As a Systems Architect, I've worked with various Endpoint Detection and Response (EDR) solutions, and I'm excited to see an open-source alternative like ShadowStrike. One key aspect to consider when building an EDR from scratch is the ability to collect and analyze telemetry data from endpoints. This includes process creation, network connections, file access, and other system calls. To achieve this, ShadowStrike could utilize a kernel-mode driver to intercept and log system calls, providing a robust dataset for • threat detection and incident response. Additionally, implementing a cloud-based backend for data storage and analytics would enable scalable and efficient processing of the collected data, facilitating the detection of advanced threats.
First of all, it's great to receive such feedback from a system architect like yours! Thank you for that. I'm trying my best; it will be a long-term project, and I'm considering a serious EDR platform. As you said, I'm planning endpoint cloud systems and even custom sandbox - AI integrations for these cloud systems, but these require money, and I can't afford them right now. Also, the product is still in its early stages and has a long way to go, but I will definitely try to add them in the future. As someone familiar with EDRs, I know them inside and out. I'm also thinking of adding systems like threat management dashboards, but if I do that, I'll probably have to release it as an Enterprise version of ShadowStrike, but as I said, these are things that will happen over time. This year, I'm completely focused on Shadow Sensor; it's a really challenging area, and I'm learning a lot while trying to do a good job. Let's see how things go.