Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Based on the design established by Lockheed Martin's Laika BOSS and similar projects (see: related projects), Strelka's purpose is to perform file extraction and metadata collection at huge scale.

Strelka differs from its sibling projects in a few significant ways:

• Codebase is Python 3 (minimum supported version is 3.6)
• Designed for non-interactive, distributed systems (network security monitoring sensors, live response scripts, disk/memory extraction, etc.)
• Supports direct and remote file requests (Amazon S3, Google Cloud Storage, etc.) with optional encryption and authentication
• Uses widely supported networking, messaging, and data libraries/formats (ZeroMQ, protocol buffers, YAML, JSON)
• Built-in scan result logging and log management (compatible with Filebeat/ElasticStack, Splunk, etc.)

• Target's CFC Slack Room

• Documentation

Guidelines for contributing can be found here.

• Laika BOSS
• File Scanning Framework
• Assemblyline

Strelka and its associated code is released under the terms of the Apache 2.0 license.