Overview
Agents‑of‑Shield is a pragmatic security companion for very small teams. It bootstraps protective “lures” (honeypots/canaries), basic telemetry, and high‑signal alerts so founders get early warning without drowning in noise.
Problem
Two‑person startups rarely have time to stand up proper detection. Out‑of‑the‑box tools are heavyweight, noisy, and tuned for enterprises. You need tripwires that actually trigger only when something is wrong.
Highlights
- Lightweight agent to deploy honeypots and tripwires
- Signal‑first alerting designed for two‑person startups
- Simple install and minimal ongoing maintenance
Architecture
- Agent daemon provisions canary endpoints, fake credentials, honey files/dirs, and low‑noise eBPF/syscall hooks
- Control plane template: minimal config, env‑gated remote updates, signed rules
- Alerting fanout: Slack/Email/Webhook with rich context and suppression windows
Tech
- Python for agent, tiny Go sidecars for eBPF hooks
- SQLite state, signed rule bundles
- Dockerized deployment; optional k8s daemonset