Skip to main content
Version: 2.8

๐ŸŽจ Customization

๐ŸŽฏ Tailor Jibril to Your Security Needs

Customize Jibril with powerful automation, dynamic detection rules, and AI-powered analysis. Transform passive monitoring into active defense with programmable responses and intelligent filtering.

๐Ÿš€ Customization Featuresโ€‹

๐Ÿ›ก๏ธ Network Policy Featureโ€‹

๐ŸŒ Real-Time Network Control

Jibril's Network Policy feature provides granular control over network traffic through declarative policy definitions. Define and enforce sophisticated traffic policies based on CIDR ranges and domain resolutions, with flexible rule configurations supporting active enforcement and alerting for denied traffic.

๐Ÿšซ Block Traffic

Block malicious IPs, CIDRs, and entire subnets in real-time.

๐ŸŒ Domain Filtering

Prevent access to malicious or policy-violating domains.

๐Ÿ”” Alert Mode

Generate alerts for policy violations without blocking.

โšก Enforce Mode

Actively block traffic that violates policies.

๐Ÿ“‹ Configuration Overviewโ€‹

All customization features are configured through Jibril's main configuration file (config.yaml). Features can be enabled or disabled independently, and each feature supports detailed option configuration:

features:
  - attenuator  # Enable AI-powered analysis
  - alchemies   # Enable custom detection recipes
  - netpolicy   # Enable network policy enforcement
  - detect      # Enable built-in detection recipes

feature_options:
  attenuator:
    enabled: true
    model: gpt-4o
    mode: amend
  alchemies:
    builtin:
      enabled: true
    public:
      enabled: false
      paths:
        - /etc/jibril/alchemies/public
  netpolicy:
    file: /etc/jibril/netpolicy.yaml

๐Ÿš€ Getting Startedโ€‹

1๏ธโƒฃ

Start with Reactions to automate threat response

2๏ธโƒฃ

Add Alchemies for custom detection rules

3๏ธโƒฃ

Enable Attenuator to filter false positives