Vajra is an indigenous tool for endpoint security developed at IIT Bombay. Vajra agent collects logs of the endpoints at the kernel level using a custom-built Osquery. The logs are centrally monitored and correlated across the endpoints to detect any malicious activities, lateral movements, and privilege escalations. Vajra generate alters for any malicious attacks based on rules sets covering the major tactics and techniques of the MITRE ATT&CK framework.
Further, the threat hunting features of Vajra help in faster investigation of incidences. The main features of Vajra are:
— Real-time pre-infection filtering and protection of all devices without manual intervention.
— Continuous update of detection techniques for new malware attacks
— In-house R&D and support for new threats
— Scalable and cost-effective. Supports multi-tenancy
— Customizable to the needs of organizations
— Easy integration with other SIEM tools
— Supports indigenous BOSS operating systems.
Vajra is designed to support container security and automated threat detection based on AI/ML techniques.