Search code, repositories, users, issues, pull requests...
Venator is a flexible threat detection platform designed to provide full control over the execution, monitoring, and management of detection rules. By leveraging existing technologies like search engines (OpenSearch, BigQuery) and job schedulers (Kubernetes CronJob, HashiCorp Nomad), Venator offers a highly adaptable detection engine that focuses on simplicity, extensibility, and ease of maintenance.
Many existing open-source and commercial threat detection solutions lack the ability to reliably monitor and manage scheduled detection rules. Key limitations include the difficulty of ensuring whether detection jobs ran successfully, the inability to troubleshoot failed jobs, and challenges in running backfills or ad-hoc executions. Moreover, adding new detection rules or supporting additional log sources often leads to unnecessary complexity.
Venator was designed to address these gaps by leveraging existing infrastructure for job scheduling and query execution, while also offering a "Detection-as-Code" approach. This allows users to define detection rules as version-controlled YAML files, simplifying the process of rule creation, management, and deployment. Venator provides a lightweight, easy-to-maintain alternative to traditional SIEM detection engines, focusing on simplicity and flexibility without unnecessary complexity.
