Home

Awesome

Elkeid - Bytedance Cloud Workload Protection Platform

English | 简体中文

Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.

With the business development of enterprises, the situation of multi-cloud, cloud-native, and coexistence of multiple workloads has become more and more prominent. We hope that there can be a set of solutions that can meet the security requirements under different workloads, so Elkeid was born.

Introduction

Elkeid has the following key capabilities:

Elkeid integrates these capabilities into one platform to meet the complex security requirements of different workloads, while also achieving multi-component capability association. What is even more rare is that each component undergoes massive byte-beating. Data and years of combat testing.

Elkeid Community Edition Description

It should be noted that there are differences between the Elkeid open source version and the full version. The current open source capabilities mainly include:

Therefore, it is necessary to have complete anti-intrusion and risk perception capabilities, and it is also necessary to construct policies based on Elkeid HUB and perform secondary processing of the data collected by Elkeid.

Elkeid Architecture

<img src="server/docs/server_new.png"/>

Elkeid Host Ability

Elkeid Backend Ability

Elkeid Function List

Ability ListElkeid Community EditionElkeid Enterprise Edition
Linux runtime data collection:white_check_mark::white_check_mark:
RASP probe:white_check_mark::white_check_mark:
K8s Audit Log collection:white_check_mark::white_check_mark:
Agent control plane:white_check_mark::white_check_mark:
Host Status and Details:white_check_mark::white_check_mark:
Extortion bait:ng_man::white_check_mark:
Asset collection:white_check_mark::white_check_mark:
Asset Collection Enhancements:ng_man::white_check_mark:
K8s asset collection:white_check_mark::white_check_mark:
Exposure and Vulnerability Analysis:ng_man::white_check_mark:
Host/Container Basic Intrusion Detectionfew samples:white_check_mark:
Host/Container Behavioral Sequence Intrusion Detection:ng_man::white_check_mark:
RASP Basic Intrusion Detectionfew samples:white_check_mark:
RASP Behavioral Sequence Intrusion Detection:ng_man::white_check_mark:
K8S Basic Intrusion Detectionfew samples:white_check_mark:
K8S Behavioral Sequence Intrusion Detection:ng_man::white_check_mark:
K8S Threat Analysis:ng_man::white_check_mark:
Alarm traceability (behavior traceability):ng_man::white_check_mark:
Alarm traceability (resident traceability):ng_man::white_check_mark:
Alert Whitelist:white_check_mark::white_check_mark:
Multi-alarm aggregation capability:ng_man::white_check_mark:
Threat Response (Process):ng_man::white_check_mark:
Threat Response (Network):ng_man::white_check_mark:
Threat Response (File):ng_man::white_check_mark:
File isolation:ng_man::white_check_mark:
Vulnerability discoveryfew vuln info:white_check_mark:
Vulnerability information hot update:ng_man::white_check_mark:
Baseline checkfew baseline rules:white_check_mark:
Application Vulnerability Hotfix:ng_man::white_check_mark:
Virus scan:white_check_mark::white_check_mark:
User behavior log analysis:ng_man::white_check_mark:
Agent Plugin management:white_check_mark::white_check_mark:
System monitoring:white_check_mark::white_check_mark:
System Management:white_check_mark::white_check_mark:
Windows Support:ng_man::white_check_mark:
Honey pot:ng_man::oncoming_automobile:
Active defense:ng_man::oncoming_automobile:
Cloud virus analysis:ng_man::oncoming_automobile:
File-integrity monitoring:ng_man::oncoming_automobile:

Front-end Display (Community Edition)

Security overview <img src="png/console0.png" style="float:left;"/>

K8s security alert list

<img src="png/console1.png" style="float:left;"/>

K8s pod list

<img src="png/console2.png" style="float:left;"/>

Host overview

<img src="png/console3.png" style="float:left;"/>

Resource fingerprint

<img src="png/console4.png" style="float:left;"/>

intrusion alert overwiew

<img src="png/console5.png" style="float:left;"/>

Vulnerability

<img src="png/console6.png" style="float:left;"/>

Baseline check

<img src="png/console7.png" style="float:left;"/>

Virus scan

<img src="png/console8.png" style="float:left;"/>

Backend hosts monitoring

<img src="png/console9.png" style="float:left;"/>

Backend service monitoring

<img src="png/console10.png" style="float:left;"/>

Console User Guide

Quick Start

Contact us && Cooperation

<img src="png/Lark.png" width="40%" style="float:left;"/>

Lark Group

About Elkeid Enterprise Edition

Elkeid Enterprise Edition supports separate intrusion detection rules(like the HIDS, RASP, K8s) sales, as well as full capacity sales.

If interested in Elkeid Enterprise Edition please contact elkeid@bytedance.com

Elkeid Docs

For more details and latest updates, see Elkeid docs.

License

404StarLink 2.0 - Galaxy

<img src="https://github.com/knownsec/404StarLink-Project/raw/master/logo.png" width="30%" style="float:left;"/>

Elkeid has joined 404Team 404StarLink 2.0 - Galaxy