{"id":19234193,"url":"https://github.com/kaisonox/edr-server","last_synced_at":"2026-06-27T06:30:15.928Z","repository":{"id":244384111,"uuid":"815088884","full_name":"scrymastic/edr-server","owner":"scrymastic","description":"An EDR server designed to monitor, detect, and respond to threats on network endpoints.","archived":false,"fork":false,"pushed_at":"2024-07-22T06:59:15.000Z","size":3947,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-05T00:46:11.842Z","etag":null,"topics":["cybersecurity","django","edr","sigma","threat-detection"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scrymastic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-14T10:25:52.000Z","updated_at":"2024-07-18T19:57:11.000Z","dependencies_parsed_at":"2024-07-21T23:15:37.021Z","dependency_job_id":null,"html_url":"https://github.com/scrymastic/edr-server","commit_stats":null,"previous_names":["scrymastic/edr-server"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scrymastic%2Fedr-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scrymastic%2Fedr-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scrymastic%2Fedr-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scrymastic%2Fedr-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scrymastic","download_url":"https://codeload.github.com/scrymastic/edr-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240310872,"owners_count":19781341,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","django","edr","sigma","threat-detection"],"created_at":"2024-11-09T16:13:09.291Z","updated_at":"2026-06-27T06:30:15.883Z","avatar_url":"https://github.com/scrymastic.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# EDR Server\n\n![EDR Server](https://img.shields.io/badge/EDR-Server-blue)\n![License](https://img.shields.io/badge/License-MIT-green)\n![Status](https://img.shields.io/badge/Status-Development-red)\n\n\nEDR Server is a comprehensive (simple for now) Endpoint Detection and Response (EDR) system designed to monitor, detect, and respond to threats on network endpoints. It aims to provide real-time security against malware and other cyber threats by continuously monitoring endpoint activities and identifying suspicious behaviors.\n\n## Features\n\n- **Real-time Monitoring:** Continuous observation of endpoint activities to identify suspicious behaviors.\n- **Threat Detection:** Advanced algorithms to detect known and unknown threats.\n- **Automated Response:** Immediate action on detected threats to mitigate damage. (not implemented yet)\n- **Incident Reporting:** Detailed reports on security incidents for analysis and compliance. (not implemented yet)\n- **Customizable Policies:** Tailor security policies to meet specific organizational needs.\n\n## Installation\n\n1. Clone the repository:\n\n```bash\ngit clone https://github.com/scrymastic/edr-server.git\n```\n\n2. Build the Docker compose file:\n\n```bash\ndocker-compose build\n```\n\n3. Run the Docker compose file:\n\n```bash\ndocker-compose up\n```\n\n4. Access the EDR Server at `http://localhost:8001`. Default credentials are `kali:kali`.\n\n## Usage\n\n### Dashboard\n\nAfter logging in with the default credentials, navigate to the `Dashboard` to get an overview of the system's status, including the distribution of alerts and events.\n\n### Alerts View\n\nThe `Alerts` tab shows all real-time alerts generated by the system, enabling quick identification and response to potential threats.\n\n### Events View\n\nThe `Events` tab displays a timeline of all security events detected by the system, allowing for easy tracking and investigation of potential threats.\n\n`Read events` button will enable you to read the events from the event log file (extension: .evtx).\n\nSearch for specific events using the search bar.\n\nSupported operators are `=`, `~` (contains), `\u003e`, `\u003c`. All queries are case-insensitive.\n\nSimple logical operators `AND`, `OR` (not nested) are also supported.\n\nFor example, to search for events with the event ID `13`, use the query `event_id=\"13\"`. To search for events with the username `kali`, use the query `username~\"kali\"`. To search for time range, use the query `time_created__SystemTime\u003c\"2024-07-17T12:00:00.0000000Z\"`.\n\n### Rules Engine\n\nUnder the `Rules` tab, users can create and manage detection rules based on specific criteria, enhancing the system's ability to identify threats.\n\nThere are 1814 rules available in the system, imported from [Sigma rules for Windows](https://github.com/SigmaHQ/sigma/tree/master/rules/windows)\n\n![alt text](imgs/image-1.png)\n\n### Agents View\n\nThe `Agents` tab provides a detailed view of all endpoints monitored by the system, including their current status and recent activities.\n\nThe system offers the capability to establish a connection with the agent via a reverse shell. However, this functionality has raised security concerns.\n\nTo start a connection from the server, initiate a listening service by executing the command below. Ensure you replace `4444` with your preferred port number, which should match the one specified in the edr-agent's configuration file:\n\n```bash\nnc -lvp 4444\n```\nSubsequently, establish a connection to the agent by selecting the `Connect` button.\n\n![alt text](imgs/image.png)\n\n## Testing\n\nPerform attacks on the endpoint to test the EDR system.\n\n\u003e **Note:** Install [edr-agent](https://github.com/scrymastic/edr-agent) to enable endpoint monitoring.\n\nAfter completing the installation, connect the agent to the EDR server by running the following command:\n\n```bash\nedr-agent.exe\n```\n\n![alt text](imgs/image-2.png)\n\n### Reconnaissance\n\nGain information about the system using the following commands:\n\n```bash\nwhoami\nsysteminfo\n```\nAfter running the commands, the EDR system will generate alerts for the following events:\n\n![alt text](imgs/image-3.png)\n\n### Weaponization\n\n### Delivery\n\n### Exploitation\n\nStart a process, notepad.exe in this case, using powershell base64 encoded command:\n\n```bash\npowershell.exe -EncodedCommand UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAG4AbwB0AGUAcABhAGQALgBlAHgAZQA=\n```\n![alt text](imgs/image-4.png)\n\n### Installation\n\n### Command and Control (C2)\n\n### Actions on Objectives\n\n## Contributing\n\nContributions are welcome! Feel free to open issues and pull requests to help improve the project.\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaisonox%2Fedr-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkaisonox%2Fedr-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaisonox%2Fedr-server/lists"}