GitHunt
AE

aesecurity/oburix

eBPF-based runtime agent for Endpoint Detection and Response for Linux based operating systems.

agentcybersecurityebpfedrlinuxruntime-securityxdr

Oburix

Oburix is an eBPF-based runtime agent for Endpoint Detection and Response (EDR). It targets Linux systems and continues to rely on eBPF for lightweight, kernel-observed telemetry collection.

Repository and organization:

โœจ Features

  • ๐Ÿง Linux support via native eBPF programs
  • ๐Ÿ“ก Real-time process, file, and network activity monitoring
  • ๐Ÿšจ Rule-based detection engine (YAML rules in rules/)
  • ๐Ÿ”ฅ Lightweight, low-overhead architecture
  • ๐Ÿ“ฆ Integrates easily into SIEM/XDR pipelines

Important changes

  • The project no longer uses Rust. Any previous Rust components were removed.
  • A new KernelScript format is used for certain automation/config tasks: files with the .ks extension ("KernelScript"). See the repository for examples and current usage.
  • Development step-by-step instructions have been removed from this README. For low-level artifacts and build files, inspect the runtime/ directory (for example runtime/CMakeLists.txt).

Note: Oburix remains eBPF-based; the change is internal (tooling and scripting), not the telemetry backend.

๐Ÿ“ฆ Build / Runtime

Low-level build artifacts and native components are located under runtime/. This repository no longer keeps full step-by-step development instructions in the top-level README; consult the corresponding subdirectory READMEs or CMake files for details.

๐Ÿง  How It Works

Oburix uses eBPF to observe system-level events without intrusive kernel modules. It runs in userspace and collects telemetry from:

  • Process execution
  • Network connections
  • File system activity
  • Custom rules and detection logic (YAML rules in rules/)

๐Ÿšง Status

Oburix is in active development. Use with caution and feel free to provide feedback or contributions.

๐Ÿค Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss your design.

If you contribute KernelScript files (*.ks), document their intended runtime location and interpreter in your PR.

๐Ÿ“ฃ Contact

Start a discussion or open an issue on the GitHub repository: https://github.com/aessecurity/oburix

๐Ÿ“„ License

Licensed under the MIT License. See the LICENSE file for details.

Languages

C100.0%CMake0.0%Shell0.0%

Contributors

LA
MIT License
Created June 27, 2025
Updated January 7, 2026
aesecurity/oburix | GitHunt