30 open-source projects similar to comodosecurity/openedr, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Openedr alternative.
Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o
Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments
Security Onion is a security information and event management platform and network security monitoring suite. It functions as an intrusion detection system and a network traffic analysis tool designed to identify malicious activity and network intrusions through signature-based detection and host-based monitoring. The platform integrates a security case management system to organize investigations by tracking detections and grouping related security events. It provides capabilities for full packet capture, network metadata extraction, and the collection and indexing of security logs from dive
Tetragon is an eBPF-based runtime security and observability toolset designed for Linux and Kubernetes environments. It functions as a security policy manager, observability agent, and enforcement engine that hooks into kernel functions and tracepoints to detect privilege escalation, container escapes, and unauthorized system activity. The project distinguishes itself through its ability to perform real-time, in-kernel enforcement, allowing it to synchronously terminate malicious processes or modify function return values before a system call completes. It provides deep Kubernetes integration
Tracee is a cloud-native runtime security and forensics tool that uses eBPF to capture system calls and kernel events in real time. It operates as a standalone binary or a Helm-deployable agent for Kubernetes, normalizing system calls, network events, and container activities into a unified event pipeline for consistent analysis. The tool distinguishes itself through policy-driven event filtering using YAML-based rules, allowing users to target specific workloads and reduce noise during monitoring. It includes built-in threat detection signatures that flag suspicious behavioral patterns witho
Telegraf is a modular, cross-platform telemetry pipeline designed to collect, process, and route metrics from diverse infrastructure, applications, and hardware. It functions as a server-side middleware that normalizes heterogeneous data into a unified format, enabling consistent monitoring across complex environments. By utilizing a plugin-driven architecture, the agent manages the entire lifecycle of telemetry data from initial ingestion to final transmission. The project distinguishes itself through a declarative, configuration-driven execution model that allows users to define complex dat
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n
Vector is a high-performance observability data pipeline designed to collect, transform, and route logs, metrics, and traces across distributed infrastructure. It functions as a modular engine that decouples data ingestion from processing and transmission, utilizing a component-based architecture to connect diverse sources to multiple destinations. The project distinguishes itself through a focus on reliability and flow control. It implements backpressure-aware data movement to prevent data loss during traffic spikes and utilizes disk-backed event buffering to ensure durability during network
Alloy is a clustered telemetry collector and observability data pipeline that functions as an OpenTelemetry collector distribution. It acts as a declarative configuration engine for collecting and routing metrics, logs, traces, and profiles from various sources to monitoring backends. The system distinguishes itself through a distributed architecture that uses consistent hashing to balance scraping targets and collection workloads across multiple nodes. It manages fleet-wide settings via remote configuration fetching and a modular system for importing reusable pipeline patterns. As a Kubernet
This project is an OpenTelemetry reference implementation and distributed microservices environment used to demonstrate the collection and export of traces, metrics, and logs. It serves as a telemetry pipeline showcase and a polyglot instrumentation example, providing a sandbox for practicing distributed tracing and monitoring within a Kubernetes cluster. The system features a polyglot architecture to demonstrate consistent, vendor-neutral telemetry implementation across multiple programming languages. It includes a simulated environment for testing telemetry interoperability and troubleshoot
Fluent Bit is a cloud-native log shipper and unified telemetry collector designed as a resource-efficient data pipeline. It ingests logs, metrics, and traces from multiple sources, processing them in real-time before routing the data to external storage backends. The project functions as a real-time stream processor and OpenTelemetry log processor, capable of transforming and filtering data using SQL and conditional logic. It also acts as a distributed tracing agent that can sample traces to reduce data volume while preserving full request paths. The system provides reliable data delivery th
Coroot is an observability platform and Kubernetes performance monitor that utilizes eBPF to automatically collect metrics, logs, and traces without requiring manual code instrumentation. It functions as an OpenTelemetry trace analyzer and an LLM observability gateway, exposing system health data to large language models through the Model Context Protocol. The platform differentiates itself by combining automated root cause analysis and AI-driven diagnostics to investigate performance regressions. It also includes a cloud cost monitoring tool that attributes infrastructure spending to specifi
ProcMon-for-Linux is an eBPF-based system observability tool and process monitor for Linux. It functions as a system call tracer and activity logger, capturing real-time kernel and user-space events to analyze operating system behavior. The project features a text user interface for inspecting recorded trace files. It separates high-performance headless event recording from the analysis interface to prevent data loss during heavy system loads. The tool provides capabilities for system call tracing and activity monitoring, including the ability to filter events by process identifiers or speci
SkyWalking is an application performance monitoring system and observability platform designed to collect and analyze metrics, traces, and logs from distributed microservices. It functions as a distributed tracing platform and a telemetry data pipeline that ingests and aggregates observability data from various language agents. The project features an AI-powered anomaly detector that uses machine learning to calculate metric baselines and identify irregular URI patterns. It includes an eBPF performance profiler for diagnosing CPU and network bottlenecks at the kernel level and generates inter
SkyWalking is a comprehensive observability stack and application performance monitoring platform. It functions as a distributed tracing system and an AI application monitor, providing a centralized suite for collecting and analyzing logs, metrics, and traces to maintain the health of containerized architectures. The platform distinguishes itself through a service topology visualizer that renders interactive maps of infrastructure dependencies and communication patterns. It also includes specialized capabilities for generative AI workflow observation to track the execution flow and performanc
HyperDX is an OpenTelemetry observability platform that provides centralized log management, distributed tracing, and a self-hosted monitoring stack. It functions as a unified system for collecting, indexing, and visualizing logs, metrics, and traces from cloud and container environments. The platform distinguishes itself with specialized tooling for large language model monitoring and session replay, allowing user interactions in the browser to be linked to backend telemetry. It employs schema-less JSON parsing to index structured logs dynamically and uses source maps to resolve minified sta
This project is a detection-as-code framework providing a library of security monitoring rules and predefined detection content for Elasticsearch data indices. It serves as a threat detection rule library designed to identify malicious activity and attack patterns across diverse data streams in cloud and on-premises environments. The framework implements a detection engineering workflow where rules are defined in YAML and managed as versioned code. It includes a set of command-line utilities for automated rule deployment, metadata searching, and template generation, supported by a Python-base
RoadRunner is a high-performance application server and process manager designed to serve PHP applications using a persistent worker model. It eliminates bootload overhead and initialization time by keeping application processes alive between requests, acting as a protocol-agnostic proxy that routes traffic to a pool of supervised workers. The server is built with a plugin-based modular architecture, allowing it to be extended with custom Go plugins and compiled into tailored binaries. It distinguishes itself by providing a unified execution model for a wide array of communication protocols,
InvenTree is an open-source inventory management platform built on Django, designed for tracking parts, stock levels, and supply chain operations through a web interface and REST API. The system uses barcodes—including QR codes, 1D barcodes, and Data Matrix codes—as primary identifiers for scanning, linking, and triggering inventory actions, and extends core functionality through a Python plugin framework supporting custom actions, UI panels, barcode handlers, and scheduled tasks. The platform distinguishes itself through a comprehensive plugin-based extensibility system that allows custom in
Beats is a collection of lightweight, modular agents designed to gather, process, and forward operational telemetry from distributed infrastructure to centralized storage and analysis platforms. These agents function as a distributed data transport layer, decoupling the collection of logs, metrics, and network events from their final delivery destination. By maintaining local state and managing data flow, the system ensures reliable transmission of information across heterogeneous environments. The project distinguishes itself through a modular pipeline architecture that allows for the assemb
Daytona is a cloud-native development environment platform designed to orchestrate ephemeral, containerized workspaces. It provides a centralized system for managing reproducible coding environments as code, ensuring consistency across distributed teams by abstracting the underlying infrastructure. By utilizing declarative configuration, the platform automates the entire lifecycle of development sandboxes, from initial provisioning to resource governance. The platform distinguishes itself through its infrastructure-agnostic runner layer, which allows development environments to be deployed ac
CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl
This project is a security hardening guide and privacy configuration manual for macOS. It provides a comprehensive set of instructions for configuring system settings to improve privacy, reduce the attack surface, and implement a malware defense framework. The guide covers technical methods for validating software notarization, verifying application sandboxing, and auditing system activity. It distinguishes itself by providing detailed workflows for restricting high-risk features and applying advanced security configurations to protect the operating system. The documentation covers several k
Hayabusa is a Windows event log analyzer, threat hunting tool, and forensic timeline generator. It functions as a detection engine that applies threat patterns to logs to identify suspicious behavior and security threats. The project distinguishes itself through the ability to synchronize detection rules from remote repositories and tune risk levels to prioritize critical alerts. It also provides specialized forensic capabilities, such as extracting event log data into chronological records for incident response investigations. The tool's broader capabilities include security log enrichment
KubeArmor is a runtime security enforcement system designed to protect containerized workloads and host infrastructure by restricting unauthorized process, file, and network activity. It operates by deploying lightweight agents across nodes that utilize kernel-level interception and Linux Security Modules to monitor and block system operations in real time. By mapping these enforcement actions to specific container and pod identities, the platform maintains granular access control within multi-tenant environments. The project distinguishes itself through a declarative policy orchestration fra
Jeesite is a full-stack low-code development framework designed for building enterprise administrative portals using Spring Boot, MyBatis, and Vue. It functions as a comprehensive platform for creating administrative dashboards with integrated role-based access control and organizational data permission systems. The framework distinguishes itself through a combination of automated CRUD code generation and an integrated RAG platform that connects large language models to enterprise data via vector stores. It further incorporates a BPMN-based workflow engine to automate complex business process
LogonTracer is a security auditing tool designed for logon analysis and forensic log auditing. It functions as a dockerized security auditor that utilizes a security event graph database to map account names and network addresses, allowing for the visualization of complex system compromise patterns and authentication paths. The system features a Sigma detection engine that scans imported event logs against standardized rule sets to identify known malicious activity. It also includes an anomalous behavior detector that applies statistical analysis, graph algorithms, and hidden Markov models to
The OpenTelemetry .NET SDK is a set of libraries used to generate and export traces, metrics, and logs from .NET applications. It functions as an application performance monitoring tool and a distributed tracing implementation, providing the necessary infrastructure to capture system metrics and request paths across microservices. The project includes a zero-code instrumentation library that automatically captures telemetry from popular .NET frameworks without requiring manual changes to source code. It uses a provider-based API abstraction to decouple instrumentation from specific backend im
Grafana is an observability data platform designed to aggregate metrics, logs, and traces from diverse sources into a unified environment. It functions as a centralized interface for visualizing complex telemetry data, transforming raw streams into interactive dashboards that support real-time system health tracking and performance monitoring. The platform distinguishes itself through a plugin-based modular architecture that integrates disparate databases, cloud services, and monitoring tools via a standardized data abstraction layer. This framework allows for the dynamic loading of external
The OpenTelemetry Collector is a vendor-agnostic proxy and observability data pipeline that receives, processes, and exports traces, metrics, and logs. It functions as a telemetry ingestion gateway and multi-backend monitoring agent, translating various data formats into a standardized internal representation for consistent processing. The project distinguishes itself through a plugin-based component model, allowing the integration of custom receivers, processors, and exporters without modifying the core codebase. It utilizes a configurable pipeline system where telemetry flows through a sequ