{"id":30595964,"url":"https://github.com/aessecurity/oburix","last_synced_at":"2025-10-18T00:51:51.325Z","repository":{"id":301568579,"uuid":"1009664713","full_name":"aessecurity/oburix","owner":"aessecurity","description":"eBPF-based runtime agent for Endpoint Detection and Response for Linux based operating systems.","archived":false,"fork":false,"pushed_at":"2025-08-19T12:05:09.000Z","size":623,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-29T21:42:07.201Z","etag":null,"topics":["agent","cybersecurity","ebpf","edr","linux","runtime-security","xdr"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aessecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-27T13:59:21.000Z","updated_at":"2025-08-19T12:05:13.000Z","dependencies_parsed_at":"2025-06-27T15:29:40.154Z","dependency_job_id":"26e99b8f-7de9-4b0a-8b6d-299fd4a35ec8","html_url":"https://github.com/aessecurity/oburix","commit_stats":null,"previous_names":["bych4n-group/oburix","aessecurity/oburix"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aessecurity/oburix","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aessecurity%2Foburix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aessecurity%2Foburix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aessecurity%2Foburix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aessecurity%2Foburix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aessecurity","download_url":"https://codeload.github.com/aessecurity/oburix/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aessecurity%2Foburix/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275160370,"owners_count":25415767,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-14T02:00:10.474Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","cybersecurity","ebpf","edr","linux","runtime-security","xdr"],"created_at":"2025-08-29T21:05:14.919Z","updated_at":"2025-10-18T00:51:46.273Z","avatar_url":"https://github.com/aessecurity.png","language":"C","readme":"# Oburix\n\n**Oburix** is an eBPF-based runtime agent for Endpoint Detection and Response (EDR). It targets Linux systems and continues to rely on eBPF for lightweight, kernel-observed telemetry collection.\n\nRepository and organization:\n\n- Organization: https://github.com/aessecurity\n- Repository: https://github.com/aessecurity/oburix\n\n## ✨ Features\n\n- 🐧 Linux support via native eBPF programs\n- 📡 Real-time process, file, and network activity monitoring\n- 🚨 Rule-based detection engine (YAML rules in `rules/`)\n- 🔥 Lightweight, low-overhead architecture\n- 📦 Integrates easily into SIEM/XDR pipelines\n\n## Important changes\n\n- The project no longer uses Rust. Any previous Rust components were removed.\n- A new KernelScript format is used for certain automation/config tasks: files with the `.ks` extension (\"KernelScript\"). See the repository for examples and current usage.\n- Development step-by-step instructions have been removed from this README. For low-level artifacts and build files, inspect the `runtime/` directory (for example `runtime/CMakeLists.txt`).\n\n\u003e Note: Oburix remains eBPF-based; the change is internal (tooling and scripting), not the telemetry backend.\n\n## 📦 Build / Runtime\n\nLow-level build artifacts and native components are located under `runtime/`. This repository no longer keeps full step-by-step development instructions in the top-level README; consult the corresponding subdirectory READMEs or CMake files for details.\n\n## 🧠 How It Works\n\nOburix uses eBPF to observe system-level events without intrusive kernel modules. It runs in userspace and collects telemetry from:\n\n- Process execution\n- Network connections\n- File system activity\n- Custom rules and detection logic (YAML rules in `rules/`)\n\n## 🚧 Status\n\nOburix is in active development. Use with caution and feel free to provide feedback or contributions.\n\n## 🤝 Contributing\n\nPull requests are welcome. For major changes, please open an issue first to discuss your design.\n\nIf you contribute KernelScript files (`*.ks`), document their intended runtime location and interpreter in your PR.\n\n## 📣 Contact\n\nStart a discussion or open an issue on the GitHub repository: https://github.com/aessecurity/oburix\n\n## 📄 License\n\nLicensed under the **MIT License**. See the [LICENSE](./LICENSE) file for details.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faessecurity%2Foburix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faessecurity%2Foburix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faessecurity%2Foburix/lists"}