An EDR server designed to monitor, detect, and respond to threats on network endpoints (POC).

A real-world, open-source Defense-in-Depth security framework built through CI/CD in production by security professionals.

A Dash app for database analysis. The app visualizes connections between tables and their metadata. Originally it was designed for inputs used in National Medical Data Integration Project

GuardSweep is a cross-platform Endpoint Detection and Response (EDR) tool built in Python. It monitors system processes, file creation, and network connections in real-time to detect and respond to suspicious activities, helping users secure their endpoints efficiently.

Welcome to Forge-XDR-Agent, an open-source Python project that represents my personal journey in developing an Extended Detection and Response (XDR) system.

Local-first privacy security suite with modular EDR-like tools (AI Watchdog, NetMon, Firewall Visualizer, Crypto, Messenger, Sentinel)

A simple utility to visualize detected behaviors from a CrowdStrike console.

BlackhawkLAB - cloud based end point detection and remediation solution

A proof-of-concept Technology Add-On for Splunk that queries and indexes alerts from Generic EDR.

An EDR (Environmental Data Retrieval) Server written in Python.

Python Scripts to convert HiRISE .IMG EDR files into a JPEG2000 image file

Windows endpoint hardening & exposure auditor with context-aware intelligence

AV/EDR Checker

An example implementation of a "data interface" to provide real data to `edr_server`

Uses the Damerau-Levenshtein distance to find suspicious tasks running on endpoints in Windows.

Carbon Black Fidelis XPS Connector

Carbon Black Response - IBM BigFix connector

Musashi is a Python-based rapid triage tool that applies SIGMA rules and DL anomaly detection to endpoint logs (e.g., Defender, Cortex) for threat detection and IOC extraction. It automates log analysis, helping security analysts quickly identify suspicious activity without manual querying. 🚀