"Osprey operates as an event stream decisions engine that investigates real-time platform activity and executes automated responses, providing a scalable architecture for threat detection."
"The project is managed in partnership with the ROOST organization and internet.dev, allowing early adoption by networks like Bluesky and Matrix.org."
"SML, a domain-specific language with a Python syntax, supports static validation and provides accessibility for security analysts while remaining extensible for software engineers."
"A standard deployment utilizes Apache Kafka to route results into an Apache Druid cluster, which powers real-time analysis through the Osprey UI."
Osprey, an open-sourced event stream decisions engine by Discord, evaluates 2.3 million rules per second across 400 million daily actions. Built with a Rust coordinator and stateless Python worker nodes, it offers a scalable architecture for real-time threat detection. The engine processes JSON-formatted event payloads against dynamically loadable rules written in SML. Developers can expand Osprey using User Defined Functions in Python. The system generates verdicts routed to configurable output sinks, utilizing Apache Kafka and Druid for real-time analysis through the Osprey UI.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]