Endpoint Detection and Response
Introducing Open Source Endpoint Detection and Response (EDR)

OpenEDR is a sophisticated, free, open source endpoint detection and response solution. It provides analytic detection with Mitre ATT&CK visibility for event correlation and root cause analysis of adversarial threat activity and behaviors in real time. This world-class endpoint telemetry platform is available to all cyber-security professionals, and every sized organization, to defend against threat actors and cyber criminals.

Here's how you can experience EDR Security!

Deploy and use OpenEDR by opening a FREE Xcitium Enterprise Platform account! Register now and improve your protection within minutes!


Free OpenEDR can help you convert your MSP to a best-in-class MSSP instantly, easily, and with minimal effort.


Use OpenEDR software as the free foundation on which you will provide world-class SOC services for your customers.

Enterprise Enterprises

Take advantage of this free, sophisticated, open source telemetry and visibility platform to create an EDR security of your own.

Access the source code, configure your environment, and refine your own solution to meet your needs.

Deploy Free OpenEDR To:

  • Enable continuous and comprehensive endpoint monitoring
  • Correlate and visualize endpoint security data
  • Perform malware analysis, anomalous behavior tracking, and in-depth attack investigations
  • Enact remediations and harden security postures to reduce risk on endpoints
  • Stop attempted attacks, lateral movement, and breaches

The creators of OpenEDR steadfastly believe that EDR should never be accessible only to the privileged, and that a fundamental cybersecurity stack must become a right. By offering this innovative source code for free, all financial barriers to expensive EDR solutions are eliminated, and this foundational technology is recast as a bona fide ‘right.’ Claim your right to OpenEDR today.

OpenEDR Is An Open Source Initiative Started By Xcitium

We at Xcitium believe in creating an open source cybersecurity platform where products and services can be provisioned and managed together. EDR is our starting point.

OpenEDR Tool is a full-blown EDR capability. It is one of the most sophisticated, effective EDR code base in the world and with the community’s help it will become even better.

OpenEDR Consists Of
The Following Components:
Core Library

the basic framework


service application

Process Monitoring

components for per-process monitoring

System Monitor

the genetic container for different kernel-mode components

File-System Mini-Filter

the kernel component that hooks I/O requests file system

Network Monitor

monitors processes creation/deletion using system callbacks

Low-Level Registry Monitoring Component

monitors registry access using system callbacks

Self-Protection Provider

prevents EDR components and configuration from unauthorized changes

Low-Level Process Monitoring Component

network filter for monitoring the network activity

Join the Open Community
Enroll to the Online Forums

Have questions about our OpenEDR open-source code? Join our open community! The community allows members to ask and respond to questions, interact with other users, and review topics related to OpenEDR.

Enroll Today
OpenEDR Community
OpenEDR & Xcitium

In addition to maintaining the OpenEDR project, Xcitium helps customers avoid breaches with groundbreaking isolation technology that fully neutralizes ransomware, zero-day malware, and cyberattacks that other security providers can’t do. Our isolation and containment technology complements our highly rated advanced endpoint protection and endpoint management to offer a single cloud-accessible Active Breach Protection solution with patented ZeroDwell technology. Xcitium’s Managed and Extended Detection and Response services are available to serve as your security partner and guide.

Learn More
OpenEDR Iniative