Beta Radegast EDR is currently under heavy construction — expect rough edges. Core functionality is in place and solid, but other features are still being developed. You can register to the console to try Radegast EDR out and receive mail notifications about new features, or subscribe to the RSS feed to follow our blog.
GitHub Docs Open Console
endpoint detection & response

Radegast EDR

Detect threats. Respond fast. Trust your data.

Open Console → View on GitHub
100 % Open-source
Free Forever
E2E Encrypted
1-Click Deployment
🔓 Open-source

Every line of code is public. Inspect it, fork it, contribute to it. No black boxes.

🔐 Privacy-first

All your EDR telemetry is end-to-end encrypted. Your data is yours — always.

🏠 Small-scale friendly

Lightweight, easy to deploy, no infrastructure needed. Perfect for small teams, families, and home labs.

// detection capabilities

Multi-layer endpoint detection

Radegast EDR combines proven detection approaches on a single cross-platform agent.

📡

Native Telemetry

ETW on Windows and eBPF on Linux — native kernel-level event streams for process, network, file, DNS, and registry activity.

ETW eBPF Windows Linux
🔍

Sigma Detection

Evaluate community Sigma rules for behavioral detections — PowerShell abuse, WMI execution, suspicious process chains, and more.

Sigma Behavioral
🧬

YARA Scanning

Scan executables at process creation and private memory regions for packed, obfuscated, or runtime-unpacked malware.

YARA Memory Files
🗂️

IOC Matching

Fast deterministic checks against file hashes, IP addresses, domains, and path regexes for threat intel and IR workflows.

Hashes IPs Domains
📤

SIEM-ready Output

Alerts are written as ECS 9.3.0 NDJSON — drop them straight into Elastic, Splunk, or any log pipeline without transformation.

ECS NDJSON SIEM
🦀

Built in Rust

Memory-safe, zero garbage-collection pauses, minimal footprint. The agent stays out of your way while staying in the fight.

Rust Memory-safe Fast
Full feature breakdown →
// screenshots

See it in action

Get a glimpse of the Radegast EDR Console interface.

Radegast Dashboard
Dashboard
Radegast Alert
Alert
Radegast Packs
Packs
View all screenshots →
// how it works

Up and running in four steps

01

Register at the Console

Create your free Radegast account at console.radegast.app. No credit card, no commitment.

02

Create a new device

Add a device from the Console dashboard. You'll get a unique agent configuration tied to that endpoint.

03

Select your detections

Choose which detection layers to enable — Sigma behavioral rules, YARA scanning, IOC matching, or all three.

04

Deploy the agent & watch telemetry roll in

Drop the agent binary on your device and start it. Alerts appear in the Console in real time, end-to-end encrypted.

Get started →

Powered by Rustinel

The detection engine behind Radegast EDR is Rustinel — an open-source endpoint detection project combining ETW, eBPF, Sigma, YARA, and IOC matching in a single Rust binary. 321 stars on GitHub and growing.

Explore Rustinel on GitHub →

Ready to protect your endpoints?

Open-source, free, and privacy-first. Your telemetry stays encrypted. No vendor lock-in, ever. Built for small teams, families, and home labbers.

Open Console → View on GitHub