Bastion // Local Defensive Sensor


 ____    _    ____ _____ ___ ___  _   _
| __ )  / \  / ___|_   _|_ _/ _ \| \ | |
|  _ \ / _ \ \___ \ | |  | | | | |  \| |
| |_) / ___ \ ___) || |  | | |_| | |\  |
|____/_/   \_\____/ |_| |___\___/|_| \_|

Bastion : Defender Watchdog
& Local Defensive Sensor

Bastion is an open-source local sensor designed to run alongsideMicrosoft Defender, not replace it. It covers the surfaces Microsoft structurally won't — camera and mic forensics, USB drift, kernel-driver provenance, and Defender's own tamper state — while keeping you in control with a tamper-evident audit chain and human-readable receipts for every action.

The names aren't an accident. A bastion is the projecting wall that gives a defenderthe firing angles a flat curtain wall can't. Same fortress, different jobs.

Unlock Console Download Windows x64 Source

Get Access

Access is donation-based. Enter $0.00 for free — or any amount you wish. Submit and we email your key instantly.

Get Access

Access is donation-based — enter 0.00 to get your key for free, or any USD amount you wish to pledge. We email your signed key immediately.

Email address *Donation amount (USD) — 0.00 = free

Optional — send BTC or ETH donation

BTCbc1qtf6fqllw7dny832ksw67p4a99txgvrct7u9e7d

ETH0x70B666c4e3EE5B2C9Ab92925F097330813D1848a

Any amount keeps development moving. Paste your email above and submit — your key is emailed regardless.

Comparison Snapshot

Directional comparison of default product behavior. Bastion is built to run alongsideone of these engines (usually Defender), not in place of it — the rows below show where a second sensor adds coverage the default engine doesn't provide.

Legend: yes · partial · no · n/a

Trait	Bastion	Defender	McAfee	Norton	Malwarebytes	Huntress	CrowdStrike	SentinelOne
Open source codebase	yes	partial	no	no	no	no	no	no
No required cloud account	yes	yes	no	no	no	no	no	no
Tamper-evident merkle event chain	yes	no	no	no	no	no	partial	partial
Local-first operation on 127.0.0.1	yes	partial	no	no	yes	no	no	no
Human-readable forensic receipts	yes	partial	no	no	no	partial	partial	partial
File integrity monitor on system paths	yes	partial	partial	partial	no	partial	yes	yes
Canary / decoy token detection	yes	no	no	no	no	yes	yes	yes
Per-process kill / quarantine from one UI	yes	yes	yes	yes	yes	partial	yes	yes
Reversible quarantine vault (audited)	yes	yes	partial	partial	yes	no	yes	yes
URLhaus / OpenPhish DNS blocklist refresh	yes	no	no	no	partial	no	no	no
Process fingerprint + lineage tracking	yes	partial	no	no	no	partial	yes	yes
Autoruns / persistence drift surfacing	yes	no	no	no	no	yes	yes	yes
Camera / mic access surveillance log	yes	no	no	no	no	no	no	no
Microsoft Sentinel ingest bridge	yes	n/a	no	no	no	yes	yes	yes
Per-event WHY explanation (LLM-optional)	yes	no	no	no	no	partial	partial	partial
Performance audit (power plan / GPU / RAM)	yes	no	no	no	no	no	no	no
Donation-based pricing	yes	n/a	no	no	no	no	no	no
No telemetry shipped off-device	yes	no	no	no	no	no	no	no

What You See When Running

Actual screenshots of the desktop app. Two surfaces over the same agent: a calm consumer console for day-to-day, and a terminal-themed operator console for triage and response.

Bastion simple console — 'You're protected' status, Quick actions (Run a full scan, Check performance, Reconnect agent), Recent activity feed. — Simple view— at-a-glance status, one-click scan & perf audit, recent activity feed. File: `src/app/app/page.tsx`

Bastion operator/advanced console — ASCII BASTION banner, alert/warn/info/removed counters, Sentinel connector, event source filters, full triage controls. — Advanced view — full event chain, source filters, Sentinel connector, triage actions. File: `src/app/app/operator/page.tsx`

Boot banner ([ok] phosphor calibrated …)
Five-line ready check. Confirms the local agent on 127.0.0.1:7878 is reachable and that the bearer token has been pasted.
backed by: BOOT_LINES in dashboard/src/app/app/page.tsx; /api/health in agent/src/api.rs
ALERT / WARN / INFO / REMOVED counters
Live counts of unresolved events at each severity, plus the count of items the operator has already quarantined or killed. Click any counter to filter the stream to that severity. Click REMOVED to open the vault.
backed by: counts{} block in app/page.tsx; data from /api/events and /api/quarantine/list
Source filter row ([all] [attestation] [autoruns] [camera_mic] [lineage] [proc_fp] [process_net] …)
One chip per detector that has emitted at least one event since boot. Pick a chip to narrow the stream to that subsystem.
backed by: sources = unique(events.source) in app/page.tsx; detectors/ in agent/src
[hide noise] / [show resolved] / [resolve N] / [reset triage] toggles
Hide-noise hides browser/shell signed-binary churn so only review-worthy rows remain. Resolve marks individual rows as triaged and decrements the counter without ever editing the merkle chain. Reset triage forgets the local resolved markers.
backed by: assessRisk() in app/page.tsx; triage table + /api/triage routes in agent/src/{store,api}.rs
[run full scan]
Forces a synchronous sweep: URLhaus refresh, FIM scan, canary verify, Defender + firewall log poll. Returns a per-stage report in a modal.
backed by: POST /api/scan/run in agent/src/api.rs
[perf audit]
Reads power plan, GPU, RAM headroom, disk free, Defender exclusions, WSL memory cap, top CPU/RAM consumers. Returns recommendations; safe ones can be applied via elevated PowerShell.
backed by: GET /api/perf/audit + POST /api/perf/apply in agent/src/api.rs
Event row body
Timestamp · severity glyph · detector source · risk chip (noise / review / suspicious / critical) · one-line summary, with full JSON details expanded underneath.
backed by: events list render in app/page.tsx; rows fetched from GET /api/events
Per-row response buttons ([kill pid] [quarantine] [trust fp] [trust exe] [why] [resolve])
Kill the offending PID, move a file to the reversible vault, suppress a fingerprint, ask the AI manager to explain causality, or mark this row resolved.
backed by: POST /api/respond/kill-pid + /api/respond/quarantine + /api/trust/* + /api/why/event/:id
Chain status (chain ok · N rows · head HASH)
Live verification that the merkle audit chain has not been edited. If anything modified the event log out-of-band, the dashboard shows a red [tamper] banner pointing at the broken row id.
backed by: GET /api/chain/verify in agent/src/api.rs
Microsoft Sentinel connector card
Optional cloud bridge. If azure-cli is signed in to a tenant + subscription + Log Analytics workspace, pulls Sentinel incidents into the local event stream. Honesty note: this does not run Sentinel for you, and never ships your local events outward.
backed by: Connectors API in agent/src/api.rs (connectors_list / sentinel_save / sentinel_pull)

Detection & Response Checklist

Every line below is either shipped today, partially implemented, or on the roadmap. Nothing is marketed that the agent does not actually do.

Sensing (read-only)

[shipped]Recent process tree (proc_fp) with novel-fingerprint flagging
[shipped]Network indicator blocklist (URLhaus + OpenPhish, refreshed in background)
[shipped]File integrity monitor on Windows system paths + hosts file
[shipped]Canary / decoy tokens planted, watched for tamper
[shipped]Microsoft Defender event ingest (event log poll)
[shipped]Windows Firewall rule-change ingest
[shipped]Autoruns / persistence (Run keys, services, scheduled tasks)
[shipped]Camera / mic access enumeration (privacy registry log)
[shipped]DGA-style hostname heuristic on outbound DNS
[shipped]MalwareBazaar SHA256 hashlist scan-on-write

Recording & integrity

[shipped]Append-only event store (sqlite)
[shipped]Merkle audit chain over every event row (tamper-evident)
[shipped]Boot integrity rollup before steady-state detectors
[shipped]Local DPAPI-sealed secrets storage — Windows only
[shipped]Forensic export bundle (signed zip)

Response (operator action)

[shipped]Kill PID with audited reason
[shipped]Quarantine to reversible vault (sha256 + original path receipt)
[shipped]Trust a fingerprint or a whole exe (suppresses future noise)
[shipped]Resolve / re-open per-event triage state
[shipped]Run full scan on demand
[shipped]Performance audit + elevated apply for safe recommendations

Bridges

[shipped]Microsoft Sentinel incident pull (azure-cli auth)
[shipped]ntfy.sh push notifications (optional)
[shipped]Windows toast notifier on alerts
[partial]Webhook ingest for arbitrary upstream SIEMs — Sentinel-shaped only today

UI

[shipped]Severity counters (ALERT/WARN/INFO) clickable to filter
[shipped]Hide-noise toggle + risk classification chip on each row
[shipped]Per-event WHY explanation (causal chain + AI manager)
[shipped]Quarantine vault list + reversible restore
[shipped]Source filter chips (proc_fp / autoruns / camera_mic / …)

Roadmap (next updates)

[shipped]Unified scan engine (single chokepoint: dedupe + hash + MalwareBazaar match + auto-quarantine)
[shipped]Drop-directory watcher (Downloads / Desktop / Documents via ReadDirectoryChangesW)
[shipped]System-wide on-access scan via Microsoft-Windows-Kernel-File ETW (admin-gated, graceful fallback)
[partial]AMSI provider DLL (PowerShell / Office / .NET scan hook) — cdylib + COM exports — scaffold builds; IAntimalwareProvider2 vtable + named-pipe IPC pending; needs Trusted Signing to load on Win10 1903+
[partial]Kernel minifilter driver: pre-create capture + user-mode verdict bridge (fail-open on agent crash) — KMDF source + INF + user-mode bridge scaffold landed; needs WDK build + EV cert + altitude allocation from Microsoft
[roadmap]Signed & loaded driver in production (EV cert → optional Partner Center attestation signing → Anti-Virus altitude)
[shipped]ASR-style behavioural rules (Office→script-host, browser→LOLBin, encoded PowerShell, mshta remote URL, certutil downloader, WMI shell spawn, rundll32 side-load)
[roadmap]YARA into scan_engine (community + custom rules over every scanned file)
[shipped]Defender Watchdog (alert when real-time protection off / exclusions added / Tamper Protection disabled / signatures stale)
[roadmap]Driver / service drift surveillance (every new kernel driver: signer chain + Authenticode + first-seen) — BYOVD defence
[roadmap]Restore-from-vault button + sha256 verify on restore
[roadmap]YARA scan integration into quarantine pipeline
[roadmap]Generic webhook ingest schema (Splunk / Elastic / Wazuh)
[roadmap]Sigma rule loader for custom detections
[roadmap]Optional remote forwarder for multi-host triage
[roadmap]Tor / Tailscale-friendly secondary bind
[roadmap]macOS launchd + EndpointSecurity port of the agent
[roadmap]Linux auditd + inotify port of the agent
[roadmap]Signed release artifacts (cosign + SLSA provenance)

Honesty Notes

Bastion is designed to coexist with Microsoft Defender, not replace it. Defender stays on; we are a second sensor with our own view.
Bastion is a defensive sensor. It does not block kernel rootkits or nation-state zero-days.
It runs locally and ships nothing to any cloud unless you explicitly configure a bridge (Sentinel, ntfy).
It cannot stop an attacker who already has SYSTEM privileges and can disable services.
The merkle chain is tamper-evident, not tamper-proof: it tells you the log was edited, not that it can't be.
Quarantine is best-effort: locked or in-use originals are copied to vault but may not be removed in place.

Support Development

Bastion is free. If it helps you, BTC or ETH donations keep development moving — any amount is welcome.

BTC: bc1qtf6fqllw7dny832ksw67p4a99txgvrct7u9e7d

ETH: 0x70B666c4e3EE5B2C9Ab92925F097330813D1848a

How Access Works

1. Enter your email and a USD donation amount ($0.00 = free).
2. Press Get Access Key — we email your signed key immediately.
3. Open /app, paste your key, then paste the agent bearer token from %APPDATA%\bastion\data\token.txt.
4. If you wish to donate, send BTC or ETH to the addresses above.

Bastion : Defender Watchdog& Local Defensive Sensor

Get Access

Comparison Snapshot

What You See When Running

Detection & Response Checklist

Sensing (read-only)

Recording & integrity

Response (operator action)

Bridges

UI

Roadmap (next updates)

Honesty Notes

Support Development

How Access Works

Bastion : Defender Watchdog
& Local Defensive Sensor