I built an EDR/XDR in Rust
Built and open sourced my solo Rust project: a Windows-native EDR/XDR platform
Hey everyone,
I’m a solo developer and over the past several months I’ve been building a Windows-native EDR/XDR platform in Rust as a personal challenge and learning project.
The goal wasn’t to clone existing products 1:1, but to rethink parts of endpoint visibility and operator experience from the ground up while studying how real-world EDR/XDR systems work and how modern threats abuse Windows internals.
It’s built with:
- Rust core
- Tauri 2 desktop shell
- TypeScript/Vite frontend
- SQLite-backed event store
- Windows-native sensors and telemetry collection
Current implemented capabilities include:
- Live process telemetry with lineage / integrity / token analysis
- Overlay detection and transparent window abuse monitoring
- Capture shield / display-affinity monitoring
- Event correlation timeline
- IOC feed ingestion
- Hunt query workflows
- Process response actions
- Local fleet-style telemetry persistence
- Multi-view operator console (war room, attack topology, command center, behavioral views, etc.)
A big part of the project was trying to make the UX feel closer to an actual enterprise-grade security product rather than a developer dashboard.
A lot of cybersecurity tooling is technically strong but visually painful to work with, so I spent a lot of time on operator workflow design and interaction flow.
This is fully working code, not mocked telemetry or static UI concepts.
I’m open sourcing it because I learned a huge amount building it and figured other Rust / systems / security folks might find it interesting, useful, or worth contributing to.
Would genuinely love technical feedback, architecture criticism, and ideas from people deeper in Windows internals / detection engineering.
Repo: Link will be shared shortly
Would appreciate honest thoughts — especially from anyone working in endpoint security or low-level Windows telemetry.