AI-Powered Security Monitoring
Castellan - a governor or warden of a castle or fort, responsible for its defense and administration. The term originates from Medieval Latin castellanus, meaning keeper of a castle. π Source: Merriam-Webster Dictionary
CastellanAI is an enterprise-grade security monitoring platform that transforms event logs into actionable security intelligence using AI-powered analysis, vector search, and real-time threat correlation.
Enterprise Features: Thousands of events/sec processing β’ Vector similarity search β’ Advanced correlation engine β’ Real-time Teams/Slack alerts β’ 800+ MITRE ATT&CK techniques β’ VirusTotal/MalwareBazaar integration β’ Complete malware detection with auto-updates β’ Human-in-the-loop action execution with rollback β’ Trend forecasting β’ Timeline visualization β’ Export capabilities β’ Centralized configuration management β’ Single consolidated database architecture
2-Minute Setup: 3 required fields β .\scripts\start.ps1 β Open http://localhost:3000 β Start monitoring
CastellanAI platform overview - AI-powered security monitoring in action
This is an open source, experimental security monitoring platform intended for research, education, and testing purposes.
- Not for Production: This software is not recommended for production environments without thorough testing and customization
- No Warranty: This software is provided "as is" without any warranties or guarantees of security effectiveness
- User Responsibility: Users are solely responsible for:
- Testing and validating all security features before deployment
- Ensuring compliance with their organization's security policies
- Implementing appropriate backup and disaster recovery procedures
- Monitoring and maintaining the system in their environment
- Experimental Features: Some features may be experimental or in development
- Regular Updates: Security threats evolve rapidly - ensure you keep the system updated
- Professional Review: Have qualified security professionals review your implementation
- Compliance: Verify compliance with applicable regulations and standards
The authors and contributors of CastellanAI disclaim all liability for any damages, losses, or security incidents that may occur from the use of this software.
For production deployments, consider:
- CastellanAI Pro - Commercial enterprise version with professional support, SLA guarantees, and production-ready features
- Professional security consulting
- Comprehensive testing and validation
- Regular security audits and penetration testing
- Conversational AI Chat - Natural language security queries with context-aware responses, Markdown formatting, and human-in-the-loop action execution
- Action Execution System - Execute security actions (BlockIP, IsolateHost, QuarantineFile, AddToWatchlist, CreateTicket) with full rollback capability
- AI-Powered Analysis - LLM-based threat classification with vector similarity search
- Real-time Detection - EventLogWatcher-powered live Windows Event Log monitoring with sub-second threat correlation
- Advanced Correlation - Attack chain detection, temporal bursts, lateral movement, and privilege escalation patterns
- Enterprise Scale - Thousands of events/sec processing with optimized performance
- Smart Notifications - Customizable Teams/Slack templates with rich formatting and adaptive rate limiting
- MITRE Integration - Auto-updated 800+ ATT&CK techniques with threat mapping
- Threat Intelligence - VirusTotal, MalwareBazaar, AlienVault OTX with configuration UI
- Malware Detection - Complete signature-based detection with automatic rule updates and deduplication
- Threat Scanner - On-demand Quick/Full scans with real-time progress tracking, scheduled scanning, quarantine management, and exclusions
- Timeline Visualization - Interactive security event timeline with granular analysis
- Data Export - CSV, JSON, PDF export with filtering and background processing
- Enterprise Security - BCrypt passwords, JWT tokens, audit trails
Real-time security monitoring dashboard with live threat intelligence
Natural language AI chat interface for conversational security analysis and threat investigation
Centralized notification settings for Microsoft Teams and Slack integration
- .NET 8.0 SDK
- Docker (for Qdrant)
- Ollama or OpenAI API key
-
Clone repository
git clone https://github.com/MLidstrom/castellan.git cd castellan
-
Configure authentication
$env:AUTHENTICATION__JWT__SECRETKEY = "your-secure-jwt-secret-key-minimum-64-characters" $env:AUTHENTICATION__ADMINUSER__USERNAME = "admin" $env:AUTHENTICATION__ADMINUSER__PASSWORD = "your-secure-password"
-
Install AI models (if using Ollama)
ollama pull nomic-embed-text ollama pull llama3.1:8b-instruct-q8_0
-
Start services
.\scripts\start.ps1
-
Access dashboard: Open
http://localhost:3000
β οΈ Security Note: See Configuration Setup for detailed setup instructions.
- AGPL-3.0 Licensed - 100% open source with complete transparency and strong copyleft
- 2-Minute Setup - Simplified configuration with only 3 required fields
- Enterprise Scale - 12K+ events/sec with snapshot caching for <50ms instant page loads
- AI-First - Vector search + LLM analysis built-in
- Zero Vendor Lock-in - Fork, modify, deploy anywhere
| Feature | CastellanAI | Splunk/QRadar/ELK |
|---|---|---|
| Deployment | 2 minutes | Weeks to months |
| AI/ML | Built-in LLM + Vector | Add-on modules |
| Customization | Full source access | Vendor limited |
| Cost | Free + self-hosted | $$$$ + licensing |
| Windows Focus | Native optimization | Generic approach |
Complete Documentation Index - Master documentation hub with organized access to all guides, features, and technical references.
| Topic | Description |
|---|---|
| Release Notes v1.0.0 | What's new in v1.0.0 - first official production release |
| Known Issues | Current limitations, known issues, and workarounds |
| Quick Start Guide | Complete installation and setup instructions |
| Features | Comprehensive feature overview and capabilities |
| YARA Detection | Signature-based malware detection and rule management |
| Configuration | Authentication, AI providers, centralized settings management |
| Notifications | Teams/Slack integration via Configuration tab |
| Architecture | System architecture, security, and observability |
| Performance | Performance metrics, benchmarks, and optimization |
| Troubleshooting | Common issues and solutions |
For the complete documentation catalog including API references, build guides, security features, integrations, and specialized guides, visit docs/README.md.
- GitHub Issues - Bug reports and feature requests
- GitHub Discussions - Community support and questions
- Contributing Guide - How to contribute to the project
- Security Policy - Security practices and responsible disclosure
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0) - see the LICENSE file for details.
The AGPL-3.0 license ensures that any modifications to CastellanAI, including those used to provide network services, must be made available under the same license terms.
The name Castellan / CastellanAI and the official logo are trademarks of Mats L. Canderfalk. Forks and derivatives must not use the same name or branding in a way that suggests official support.
CastellanAI - Your digital fortress guardian. π°
Built with β€οΈ by the open source community