Skip to content

Real-time, container-based file scanning at enterprise scale

License

Notifications You must be signed in to change notification settings

billmcchesney1/strelka

 
 

Repository files navigation

Strelka

Strelka is a real-time, container-based file scanning system used for threat hunting, threat detection, and incident response. Originally based on the design established by Lockheed Martin's Laika BOSS and similar projects (see: related projects), Strelka's purpose is to perform file extraction and metadata collection at enterprise scale.

Strelka differs from its sibling projects in a few significant ways:

  • Core codebase is Go and Python3.6+
  • Server components run in containers for ease and flexibility of deployment
  • OS-native client applications for Windows, Mac, and Linux
  • Built using libraries and formats that allow cross-platform, cross-language support

Strelka's ZeroMQ architecture is retired and was migrated to the archive/zeromq branch. This branch is now considered legacy code, is no longer actively supported, and will only receive bugfix updates.

Community

Slack

Target’s CFC-Open-Source Slack

Slack Invitation

Contributing

Guidelines for contributing can be found here.

Related Projects

Licensing

Strelka and its associated code is released under the terms of the Apache 2.0 license.

About

Real-time, container-based file scanning at enterprise scale

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 80.7%
  • Go 8.8%
  • YARA 6.7%
  • Dockerfile 2.3%
  • Zeek 1.5%