Data Loss Prevention System
A comprehensive endpoint and network monitoring system designed to detect and block unauthorized exfiltration of sensitive corporate data.
Overview
Corporate data leakage represents one of the most significant security hazards to contemporary IT infrastructure. Our Data Loss Prevention (DLP) system offers proactive monitoring for your networks and local endpoints to ensure sensitive corporate files never fall into the wrong hands.
Main Purpose
To secure trade secrets, PII, and financial information against exfiltration methods like USB extraction, cloud uploads, email attachments, and clipboard transfers.
Target Users
Enterprise security teams, compliance managers, and systems administrators looking to enforce strict data governance policies.
Key Features
Endpoint Guard
Real-time tracking of files loaded on external USB flash drives, local clipboards, and email platforms.
Data Hashing
Employs automated SHA-256 fingerprinting to recognize classified documents even if their extension is changed.
Preventative Defense
Terminates network communication blocks and blocks local file access immediately when anomalous activity is caught.
Central Dashboard
Review aggregated alerts, logs, and forensics through our WebUI or SIEM integration pipelines.
Installation
Step 1: Clone the repository
Step 2: Install dependencies
Requirements
Supported Platforms
- Ubuntu 20.04 LTS / 22.04 LTS
- Windows 10 / 11 (64-bit)
- macOS Monterey or higher
Dependencies
- Python 3.9+
- Docker & Docker Compose (optional)
- OpenSSL
Usage Guide
Run the DLP local scanner to monitor file activity inside a directory:
Technical Specifications
GitHub Statistics
Contributors
Documentation & Guides
User Guide
Step-by-step documentation on setting up alerting criteria, managing file watch lists, and configuring system blocks.
Developer Guide
Understand the system daemon lifecycle, writing custom exfiltration heuristics, and testing code patches.
API Reference
Complete JSON schema docs for pushing endpoint alert telemetry to custom remote monitoring endpoints.
Security Policy
We take security vulnerabilities seriously. If you find a security bug within our agent, please email us directly rather than raising a public GitHub issue.
security@hgema.orgCommunity channels
Discussions
Join our GitHub communityRoadmap
Q3 2026: Real-time Cloud Agent
Sync endpoint exfiltration metrics natively to AWS S3 & Google Cloud storage buckets.
Q4 2026: Machine Learning classification integration
Detect sensitive data exfiltration by training models to identify classified code formats, NDA files, and patents.
Alternatives & Comparison
| Feature | Our DLP | OpenDLP (Legacy) |
|---|---|---|
| Active Agent Blocks | Yes | No |
| Clipboard Tracking | Yes | No |
Changelog
v1.2.0 Release
June 18, 2026- Added clipboard monitoring on Windows systems.
- Reduced CPU utilization under high folder file IO operations.
- Integrated standard Unix syslog event streaming protocols.
FAQ
Does this monitor cloud uploads?
Yes, it hooks into network HTTP request endpoints to audit uploads to platforms like Google Drive, Dropbox, and generic S3 buckets.
Does the agent run in background?
Yes, it launches as a lightweight daemon process in Linux or a System Service in Windows hosts.
Resources
License
Distributed under the Apache 2.0 License. See the full license details at the official Open Source Initiative portal.