11# Stackdog Security
22
3- ![ Version] ( https://img.shields.io/badge/version-0.2.1 -blue.svg )
3+ ![ Version] ( https://img.shields.io/badge/version-0.2.2 -blue.svg )
44![ License] ( https://img.shields.io/badge/license-MIT-green.svg )
55![ Rust] ( https://img.shields.io/badge/rust-1.75+-orange.svg )
66![ Platform] ( https://img.shields.io/badge/platform-linux%20%7C%20macos%20%7C%20windows-lightgrey.svg )
1919
2020- ** 📊 Real-time Monitoring** — eBPF-based syscall monitoring with minimal overhead (<5% CPU)
2121- ** 🔍 Log Sniffing** — Discover, read, and AI-summarize logs from containers and system files
22+ - ** 🧭 Detector Framework** — Rust-native detector registry for web attack heuristics and outbound exfiltration indicators
2223- ** 🤖 AI/ML Detection** — Candle-powered anomaly detection + OpenAI/Ollama log analysis
2324- ** 🚨 Alert System** — Multi-channel notifications (Slack, email, webhook)
2425- ** 🔒 Automated Response** — nftables/iptables firewall, container quarantine
4748### Install with curl (Linux)
4849
4950``` bash
50- curl -fsSL https://raw.githubusercontent.com/vsilent /stackdog/main/install.sh | sudo bash
51+ curl -fsSL https://raw.githubusercontent.com/trydirect /stackdog/main/install.sh | sudo bash
5152```
5253
5354Pin a specific version:
5455``` bash
55- curl -fsSL https://raw.githubusercontent.com/vsilent /stackdog/main/install.sh | sudo bash -s -- --version v0.2.1
56+ curl -fsSL https://raw.githubusercontent.com/trydirect /stackdog/main/install.sh | sudo bash -s -- --version v0.2.2
5657```
5758
5859If your repository has no published stable release yet, use ` --version ` explicitly.
@@ -61,7 +62,7 @@ If your repository has no published stable release yet, use `--version` explicit
6162
6263``` bash
6364# Clone repository
64- git clone https://github.com/vsilent /stackdog
65+ git clone https://github.com/trydirect /stackdog
6566cd stackdog
6667
6768# Start the HTTP server (default)
@@ -164,21 +165,29 @@ docker compose -f docker-compose.app.yml down
164165
165166``` bash
166167# Discover and analyze logs (one-shot)
167- cargo run -- sniff --once
168+ stackdog -- sniff --once
168169
169170# Continuous monitoring with AI analysis
170- cargo run -- sniff --ai-provider openai
171+ stackdog -- sniff --ai-provider openai
171172
172173# Use Ollama (local LLM)
173174STACKDOG_AI_API_URL=http://localhost:11434/v1 cargo run -- sniff
174175
175176# Consume mode: archive to zstd + purge originals
176- cargo run -- sniff --consume --output ./log-archive
177+ stackdog -- sniff --consume --output ./log-archive
177178
178179# Add custom log sources
179- cargo run -- sniff --sources " /var/log/myapp.log,/opt/service/logs"
180+ stackdog -- sniff --sources " /var/log/myapp.log,/opt/service/logs"
180181```
181182
183+ The built-in sniff pipeline now includes Rust-native detectors for:
184+
185+ - web attack indicators such as SQL injection probes, path traversal probes, login brute force, and webshell-style requests
186+ - exfiltration-style indicators such as suspicious SMTP/attachment activity and large outbound transfer hints in logs
187+ - reverse shell behavior, sensitive file access, cloud metadata / SSRF access, exfiltration chains, and secret leakage in logs
188+ - Wazuh-inspired file integrity monitoring for explicit paths configured with ` STACKDOG_FIM_PATHS=/etc/ssh/sshd_config,/app/.env `
189+ - Wazuh-inspired configuration assessment via ` STACKDOG_SCA_PATHS ` , package inventory heuristics via ` STACKDOG_PACKAGE_INVENTORY_PATHS ` , Docker posture audits, and improved RFC3164/RFC5424 syslog parsing
190+
182191### Use as Library
183192
184193Add to your ` Cargo.toml ` :
@@ -457,7 +466,7 @@ dnf install sqlite-devel openssl-devel clang llvm
457466### Build from Source
458467
459468``` bash
460- git clone https://github.com/vsilent /stackdog
469+ git clone https://github.com/trydirect /stackdog
461470cd stackdog
462471cargo build --release
463472```
@@ -608,7 +617,7 @@ stackdog/
608617
609618``` bash
610619# 1. Clone and setup
611- git clone https://github.com/vsilent /stackdog
620+ git clone https://github.com/trydirect /stackdog
612621cd stackdog
613622cp .env.sample .env
614623
0 commit comments