VigilantGuard is a lightweight security monitoring service that uses Go and eBPF to produce SIGMA rules with a communication module to collect logs in distributed environments. The primary purpose of VigilantGuard is to mitigate microservice architecture risks by collecting standard SIGMA rules. โ
This repository is based on the tutorial and code from masmullin2000's repository. I have extended it to include a communication module and additional features to better suit our use case. ๐
- Uses eBPF to capture data. ๐
- Produces SIGMA rules that can be used with various security information and event management (SIEM) systems. โ๏ธ
- Supports communication between multiple instances in a distributed environment to collect logs (using gRPC). ๐ก
- Lightweight and designed for microservice architectures. โก
- Uses Golang to implement the logic. ๐น