Workshop On Cybersecurity For Critical Infrastructure Theme: 5G Networks
Vajra launch & Inauguration
Vajra is an indigenous cybersecurity tool designed to manage, detect, and respond to endpoint threats. Its core strength lies in the ability to gather detailed contextual information from endpoints in real time, along with robust rules for detecting malicious activities. The Vajra agent is lightweight and compatible with both Linux and Windows systems. It makes system activity logs available as a searchable database, facilitating the detection of potential threats and enabling incident response using SQL queries. Vajra includes built-in detection rules that encompass all Tactics, Techniques, and Procedures of the MITRE ATT&CK framework, and it allows the addition of new rules on the fly without causing disruptions. Additionally, it offers complete invisibility of activities within Docker containers, ensuring enhanced security for containerized applications. For more details about Vajra, please visit www.getvajra.com. To install Vajra, go to https://github.com/VajraSecurity/Install (to be made public). We acknowledge the funding support from NCETIS and TCA2I at IIT Bombay, as well as CDSL.
Vajra agent collects logs of the endpoints at the kernel level using a custom-built Osquery. The logs are centrally monitored and correlated across the endpoints to detect any malicious activities, lateral movements, and privilege escalations. Vajra generate alters for any malicious attacks based on rules sets covering the major tactics and techniques of the MITRE ATT&CK framework. Further, the threat hunting features of Vajra help in faster investigation of incidences.
The main features of Vajra are: — Real-time pre-infection filtering and protection of all devices without manual intervention. — Continuous update of detection techniques for new malware attacks — In-house R&D and support for new threats — Scalable and cost-effective. Supports multi-tenancy — Customizable to the needs of organizations — Easy integration with other SIEM tools — Supports indigenous BOSS operating systems. Vajra is designed to support container security and automated threat detection based on AI/ML techniques.
