Skip to content

gnaixnaij/guardian

Repository files navigation

Guardian — Free EDR

Ko-fi

Lightweight, free endpoint detection and response for small teams who can't afford commercial EDR licenses.

Quick start

pip install -r requirements.txt
python guardian.py
# Open http://127.0.0.1:5000

Features

  • Process monitoring — detects new processes, flags suspicious tooling (mimikatz, bloodhound, etc.)
  • PowerShell detection — catches encoded commands, download cradles, and IEX patterns
  • File monitoring — watches temp directories for new files
  • Network monitoring — tracks active connections
  • Web dashboard — real-time alert view in browser
  • YAML rules — customizable detection rules

Detection rules

Built-in rules detect:

  • Known attack tools (Mimikatz, BloodHound, CrackMapExec, etc.)
  • Suspicious PowerShell (encoded commands, download strings, AMSI bypasses)
  • CLI download tools (curl, wget, certutil)
  • New files in sensitive directories

Add custom rules in detector/rules/ as YAML files.

Usage

# Run with dashboard (default)
python guardian.py

# Run headless (no web UI)
python guardian.py --headless

# Run for 60 seconds then exit
python guardian.py --duration 60

# Custom port
python guardian.py --port 8080

Requirements

  • Python 3.8+
  • Linux or Windows
  • psutil for process/network monitoring

Deploy

# Background service (Linux)
nohup python guardian.py --port 5000 &

# Or use systemd for persistence

License

MIT

About

Free lightweight EDR for small teams. Monitor processes, files, and network. Detect threats with YAML rules. Web dashboard included.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors