🚧 Work in Progress
This project is actively developed and will include both a community open-source edition and a private enterprise version.
RustShield is a high-performance Security Information and Event Management (SIEM) system written in Rust.
It is designed for real-time processing of security logs, enabling event correlation, anomaly detection, and alert generation in both cloud-native and on-premise infrastructures.
This project was originally developed as part of a school assignment at EPITA, under the supervision of Jules Aubert (EPITA alumnus, class of 2018).
Built collaboratively with Axel Cochepin, it received the maximum grade (20/20) for its technical depth, implementation quality, and originality.
🔧 Core Features
- Log Ingestion from multiple sources (JSON, syslog, HTTP, etc.)
- Event Correlation Engine using rule-based and statistical matching
- Anomaly Detection based on time-series patterns and custom heuristics
- Asynchronous architecture leveraging
tokio,axum, andserde - REST API for querying events, managing rules, and integration with dashboards
- Pluggable pipeline for future integration with Kafka, Elastic, Prometheus, etc.
🔐 Editions
- Community Edition: Open-source version with core SIEM functionalities, ideal for small setups and educational use.
- Enterprise Edition (coming soon): Advanced features such as role-based access control, persistent storage backends, advanced alert routing, and long-term data retention.
🎯 Use Cases
- Monitoring intrusion attempts, privilege escalation, or lateral movement
- Correlating logs across services (web, VPN, IAM, etc.)
- Triggering alerts on unusual behavior patterns or rule violations
This project is built to be modular, secure, and production-grade — with performance and observability as first-class concerns.