# comodosecurity/openedr **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/comodosecurity-openedr).** 2,603 stars · 504 forks · C++ · other ## Links - GitHub: https://github.com/ComodoSecurity/openedr - awesome-repositories: https://awesome-repositories.com/repository/comodosecurity-openedr.md ## Description OpenEDR is an endpoint detection and response platform designed to collect telemetry and monitor system activity to identify security breaches. It functions as a host-based intrusion detection system and telemetry collector, gathering detailed data on process, network, and file activity. The system includes a dockerized security stack that bundles search, logging, and visualization tools into containers for analyzing endpoint telemetry. It features a security event visualizer that maps process lineage and indexes logs to facilitate root-cause analysis of attacks. The platform provides capabilities for monitoring system API calls, file and registry access, and network traffic. It incorporates security breach detection and alerting through customizable telemetry filtering rules and policy configurations. To maintain system integrity, it employs a dedicated self-protection provider to prevent unauthorized modifications to monitoring agents and configurations. ## Tags ### Security & Cryptography - [Endpoint Detection and Response](https://awesome-repositories.com/f/security-cryptography/detection-engines/runtime-threat-detection/endpoint-detection-and-response.md) — Provides a comprehensive endpoint detection and response platform for monitoring system activity and detecting security breaches. - [Intrusion Detection Systems](https://awesome-repositories.com/f/security-cryptography/intrusion-detection-systems.md) — Implements a host-based intrusion detection system that monitors system activity and applies alerting policies to detect security breaches. - [Attack Root Cause Analysis](https://awesome-repositories.com/f/security-cryptography/attack-root-cause-analysis.md) — Provides a security event visualizer that maps process lineage to facilitate the root-cause analysis of system compromises. ([source](https://github.com/ComodoSecurity/openedr#readme)) - [Runtime Threat Detection](https://awesome-repositories.com/f/security-cryptography/detection-engines/runtime-threat-detection.md) — Evaluates real-time system activity against security rules to identify malicious patterns and breach indicators. ([source](https://github.com/ComodoSecurity/openedr#readme)) - [Agent Self-Protection](https://awesome-repositories.com/f/security-cryptography/agent-self-protection.md) — Implements a dedicated provider to protect monitoring agents and configurations from unauthorized modifications. - [Self-Protection Mechanisms](https://awesome-repositories.com/f/security-cryptography/intrusion-protection-systems/self-protection-mechanisms.md) — Implements a dedicated self-protection provider to prevent unauthorized modifications to monitoring agents and configurations. ([source](https://github.com/ComodoSecurity/openedr/blob/main/README.md)) - [Threat Hunting Workflows](https://awesome-repositories.com/f/security-cryptography/threat-detection/threat-hunting-workflows.md) — Provides workflows for querying indexed security logs and telemetry to proactively identify patterns of compromise. ### System Administration & Monitoring - [Telemetry Collection and Aggregation](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/telemetry-collection-aggregation.md) — Gathers detailed file, device, and system activity data to provide granular visibility into environment behavior. ([source](https://github.com/ComodoSecurity/openedr#readme)) - [Endpoint Activity Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/endpoint-activity-monitoring.md) — Tracks process creation, deletion, and API calls via kernel callbacks and library injection to detect malicious behavior. ([source](https://github.com/ComodoSecurity/openedr/blob/main/README.md)) - [System Registry Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/file-modification-tracking/system-registry-monitoring.md) — Provides hooks to record modifications and unauthorized changes to both the file system and system registries. ([source](https://github.com/ComodoSecurity/openedr/blob/main/README.md)) - [Log Aggregation Pipelines](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/log-management-systems/log-aggregation-pipelines.md) — Includes a log aggregation pipeline that indexes raw endpoint telemetry for rapid querying and root-cause analysis. - [Telemetry Collectors](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/telemetry-collection-aggregation/telemetry-collectors.md) — Gathers detailed process, network, and file activity data via kernel drivers and API hooking for security analysis. - [Process Lineage Visualizers](https://awesome-repositories.com/f/system-administration-monitoring/process-monitors/process-lineage-visualizers.md) — Provides a visualizer to map process lineage and parent-child relationships for performing root-cause analysis of attacks. - [System Call Monitors](https://awesome-repositories.com/f/system-administration-monitoring/real-time-monitoring-systems/system-call-monitors.md) — Instruments and tracks system calls on Windows to detect suspicious behavior or unauthorized activity. ([source](https://github.com/ComodoSecurity/openedr/blob/main/getting-started/BuildInstructions.md)) - [Root Cause Analysis](https://awesome-repositories.com/f/system-administration-monitoring/root-cause-analysis.md) — Parses and indexes endpoint data using a log-aggregation stack to enable breach detection and root-cause analysis. ([source](https://github.com/ComodoSecurity/openedr/blob/main/getting-started/InstallationInstructions.md)) - [Telemetry Querying](https://awesome-repositories.com/f/system-administration-monitoring/security-event-collection/telemetry-querying.md) — Provides the ability to query collected telemetry and alerts to identify patterns of compromise across the environment. ([source](https://github.com/ComodoSecurity/openedr/blob/main/README.md)) - [Security Event Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/security-event-monitoring.md) — Includes a graphical interface and dashboards for monitoring logs, metrics, and security events. ([source](https://github.com/ComodoSecurity/openedr/blob/main/getting-started/SettingKibana.md)) - [System Activity Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/system-activity-monitoring.md) — Tracks process creation, registry access, and network activity through kernel drivers and API hooking. ([source](https://github.com/ComodoSecurity/openedr#readme)) - [Security Alert Triggers](https://awesome-repositories.com/f/system-administration-monitoring/alert-notification-systems/real-time-event-triggers/security-alert-triggers.md) — Defines custom rule sets and policies that trigger security alerts when suspicious activities are detected. - [Telemetry Filters](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/telemetry-collection-aggregation/telemetry-collectors/telemetry-filters.md) — Implements customizable rule sets to filter telemetry and security events before they are forwarded to the server. ([source](https://github.com/ComodoSecurity/openedr/blob/main/getting-started/EditingAlertingPolicies.md)) ### Part of an Awesome List - [Intrusion Detection Systems](https://awesome-repositories.com/f/awesome-lists/security/intrusion-detection-systems.md) — Functions as a host-based intrusion detection system by tracking API calls and kernel activity on Windows endpoints. - [Forensics and Incident Response](https://awesome-repositories.com/f/awesome-lists/devops/forensics-and-incident-response.md) — Open-source endpoint detection and response platform. ### Operating Systems & Systems Programming - [Event Callbacks](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/operating-system-kernels/kernel-level-operations/event-callbacks.md) — Implements kernel-level callbacks to intercept process and thread lifecycle changes for security telemetry collection. - [User-Mode API Hooking Frameworks](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/system-calls/api-hooking-utilities/user-mode-api-hooking-frameworks.md) — Implements user-mode API hooking to intercept function calls in running processes for activity tracking. - [Process Hierarchy Tracking](https://awesome-repositories.com/f/operating-systems-systems-programming/process-hierarchy-tracking.md) — Tracks parent-child process relationships and lineage within the kernel to reconstruct attack timelines. - [Integrity Protection Managers](https://awesome-repositories.com/f/operating-systems-systems-programming/system-administration-maintenance/file-system-management/file-system-integration/integrity-protection-managers.md) — Uses a dedicated self-protection provider to prevent unauthorized changes to security components and configurations. ([source](https://github.com/ComodoSecurity/openedr#readme)) ### Testing & Quality Assurance - [Network Traffic Monitors](https://awesome-repositories.com/f/testing-quality-assurance/general-testing-utilities/test-utilities-assertions/network-api-mocking/network-traffic-monitors.md) — Filters and records network activity to identify communication with malicious domains or unusual data transfers. ([source](https://github.com/ComodoSecurity/openedr/blob/main/README.md)) ### DevOps & Infrastructure - [Docker Container Deployments](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/container-runtimes/runtime-configuration-interfaces/docker-socket-orchestrators/docker-target-configurators/docker-container-deployments.md) — Packages the security platform into Docker images to simplify installation and ensure consistent runtime environments. ([source](https://github.com/ComodoSecurity/openedr/blob/main/getting-started/DockerInstallation.md)) - [Multi-Container Stacks](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/container-runtimes/runtime-configuration-interfaces/docker-socket-orchestrators/docker-target-configurators/docker-container-deployments/multi-container-stacks.md) — Provides a multi-container Docker stack that bundles search, logging, and visualization tools for telemetry analysis. - [Event Filtering Rules](https://awesome-repositories.com/f/devops-infrastructure/event-filtering-rules.md) — Processes endpoint telemetry through customizable rule-based filtering to trigger security alerts. - [Infrastructure Deployment](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-deployment.md) — Enables the deployment of a search, logging, and visualization stack to collect and analyze telemetry from endpoints. ([source](https://github.com/ComodoSecurity/openedr/blob/main/getting-started/SettingELK.md))