GitHub Open Console
endpoint detection & response

Radegast EDR

Detect threats. Respond fast. Trust your data.

Open Console → View on GitHub
100% Open-source
Free Forever
E2E Encrypted
Rust Powered
🚧 Radegast EDR is currently under heavy construction — expect rough edges and missing pieces. Subscribe to the RSS feed to follow progress.
🔓 Open-source

Every line of code is public. Inspect it, fork it, contribute to it. No black boxes.

🔐 Privacy-first

All your EDR telemetry is end-to-end encrypted. Your data is yours — always.

Zero cost

Radegast EDR is free. Cureated detections without an enterprise price tag.

// detection capabilities

Multi-layer endpoint detection

Radegast EDR combines three proven detection approaches on a single cross-platform agent.

📡

Native Telemetry

ETW on Windows and eBPF on Linux — native kernel-level event streams for process, network, file, DNS, and registry activity.

ETW eBPF Windows Linux
🔍

Sigma Detection

Evaluate community Sigma rules for behavioral detections — PowerShell abuse, WMI execution, suspicious process chains, and more.

Sigma Behavioral
🧬

YARA Scanning

Scan executables at process creation and private memory regions for packed, obfuscated, or runtime-unpacked malware.

YARA Memory Files
🗂️

IOC Matching

Fast deterministic checks against file hashes, IP addresses, domains, and path regexes for threat intel and IR workflows.

Hashes IPs Domains
📤

SIEM-ready Output

Alerts are written as ECS 9.3.0 NDJSON — drop them straight into Elastic, Splunk, or any log pipeline without transformation.

ECS NDJSON SIEM
🦀

Built in Rust

Memory-safe, zero garbage-collection pauses, minimal footprint. The agent stays out of your way while staying in the fight.

Rust Memory-safe Fast
Full feature breakdown →
// how it works

Up and running in four steps

01

Register at the Console

Create your free Radegast account at console.radegast.app. No credit card, no commitment.

02

Create a new device

Add a device from the Console dashboard. You'll get a unique agent configuration tied to that endpoint.

03

Select your detections

Choose which detection layers to enable — Sigma behavioral rules, YARA scanning, IOC matching, or all three.

04

Deploy the agent & watch telemetry roll in

Drop the agent binary on your device and start it. Alerts appear in the Console in real time, end-to-end encrypted.

Get started →

Powered by Rustinel

The detection engine behind Radegast EDR is Rustinel — an open-source endpoint detection project combining ETW, eBPF, Sigma, YARA, and IOC matching in a single Rust binary. 321 stars on GitHub and growing.

Explore Rustinel on GitHub →

Ready to protect your endpoints?

Open-source, free, and privacy-first. Your telemetry stays encrypted. No vendor lock-in, ever.

Open Console → View on GitHub