Strelka is a real-time, container-based file scanning system used for threat hunting, threat detection, and incident response. Originally based on the design established by Lockheed Martin's Laika BOSS and similar projects (see: related projects), Strelka's purpose is to perform file extraction and metadata collection at enterprise scale.
Strelka differs from its sibling projects in a few significant ways:
- Core codebase is Go and Python3.6+
- Server components run in containers for ease and flexibility of deployment
- OS-native client applications for Windows, Mac, and Linux
- Built using libraries and formats that allow cross-platform, cross-language support
Strelka's ZeroMQ architecture is retired and was migrated to the archive/zeromq branch. This branch is now considered legacy code, is no longer actively supported, and will only receive bugfix updates.
Guidelines for contributing can be found here.
Strelka and its associated code is released under the terms of the Apache 2.0 license.