Private-Cloud XDR & SIEM · Built in Rust

Security operations you actually own.

Detection, investigation, threat hunting, fleet operations, and governance — delivered as a single signed Rust binary. No cloud dependency. No vendor lock-in. No telemetry egress unless you enable it.

Explore Features See the Architecture Download Release →
$ curl -sSf https://github.com/pinkysworld/Wardex/releases/latest | bash
SLSA provenance Cosign-signed images CycloneDX SBOM Secret-scanned CI

Why Wardex

Three things most XDR platforms can't offer.

Wardex is built for security teams that need professional tooling without handing their telemetry to a vendor.

Data sovereignty by default

Your telemetry never leaves your infrastructure. Deploy on-prem, in your VPC, or air-gapped. Every integration — SIEM, IdP, threat feeds — is yours to configure or disable.

Memory-safe Rust, one binary

Rust edition 2024, MSRV 1.88. No runtime to manage, no JVM to patch, no Python toolchain drift. A single reproducible binary serves agents, API, and the browser console.

Verifiable supply chain

Every release ships with SLSA build provenance attestations, CycloneDX SBOMs, and cosign-signed container images. CI is SHA-pinned and secret-scanned on every push.

Platform Capabilities

Detection, investigation, and response — integrated.

One platform covering the full SOC lifecycle. Every surface is driven by the same data model and permission system.

Real-Time Detection

Adaptive scoring, Sigma rules, YARA scanning, side-channel fusion, and kernel-level event bridging work together out of the box.

Threat Hunting

Campaign clustering across the fleet, deception canaries, attacker profiling, and memory forensics for proactive investigations.

SOC Workbench

Queue, cases, SLAs, process trees, timelines, and storyline views keep analysts inside one investigation surface with full context.

File Integrity Monitoring

SHA-256 baselines for critical system paths with change detection and per-agent snapshots across Linux, macOS, and Windows.

UEBA & Geo-Validation

Behavioural baselines with impossible-travel detection catch compromised credentials that static rules miss.

Approval-Gated Response

Quarantine, isolate, and remediate with documented approvals, full audit trails, and automatic rollback on failure.

See all features →

By the Numbers

Ship-ready, today.

Deploy Anywhere

Linux. macOS. Windows. Air-gapped.

Ship a single binary with systemd, launchd, or Windows Service integration. Package as Debian and Homebrew artifacts straight from CI, or roll your own Helm chart for Kubernetes.

  • Debian packages with signed APT repository
  • Homebrew tap for macOS and Linux
  • Signed container images with cosign
  • Helm chart for Kubernetes rollouts
  • Auto-update with SHA-256 verification and atomic rollback

Deployment Models →

# Linux (Debian / Ubuntu)
$ curl -fsSL https://pinkysworld.github.io/Wardex/apt/pubkey.gpg \
    | sudo gpg --dearmor -o /usr/share/keyrings/wardex.gpg
$ sudo apt install wardex

# macOS
$ brew tap pinkysworld/wardex
$ brew install wardex

# Kubernetes
$ helm install wardex ./deploy/helm/wardex

 ready to serve

Own your detection stack.

Evaluate Wardex in your own environment today. The source code is open for inspection and non-production use under BSL 1.1.

View Licensing Star on GitHub