We at LevelBlue company have decided to do something for the community, with the hopes that more security vendors will follow suit.
For more than a year we have been developing an advanced open-source Linux engine we dubbed owLSM. This engine, which is accessible free of charge, has many unique features such as:
-
A full Sigma rules engine in the kernel, implemented with eBPF LSM (Linux Security Module).
-
Kernel prevention capabilities that allow us to block operations before they occur.
-
Broad anti-tampering capabilities.
-
Security-focused system monitoring where each event contains all the context a security expert needs.
Why We Created This Project
After years of using tools such as Tetragon and Falco, we kept running into the same issues. These solutions offer little to no prevention (enforcement) capabilities. Those that do offer enforcement policies lack basic features, including regex matching, stateful detections, and many more.
Who Is It For
Teams and companies that protect Linux and cloud environments. Developers who are looking for implementation examples of complex eBPF solutions.
How Can You Help
Try it, give us feedback, tell us what features you would like to see next. Send us good feature ideas or contributions, and we will honor your name on the project page. And most importantly, support us by giving the project a GitHub star. By giving us a star, you prove that our decision to open-source owLSM was correct and encourage more vendors to do the same.