// why mimir

The endpoint security industry runs on trust "trust".
We'd rather you read the source.

Every commercial EDR vendor will tell you their detections are world-class, their telemetry handling is bulletproof, and their roadmap is yours. You will never see the code. Project Mimir is the opposite of that.

Read the source → See it running
// section 01 — license & auditability

Auditable, or take our word for it. Pick one.

Closed-source EDR is a vendor saying trust us on the same call where they're describing their zero-trust architecture. We're not going to do that.

// commercial EDR

Closed box. Yours to rent.

  • Source code: proprietary. You agreed to that in the MSA.
  • Telemetry: shipped to their cloud, processed by their pipeline, retained per their schedule.
  • Detections: "ML-powered." That's the depth of what you're allowed to know.
  • Pricing: per endpoint, per year, "let's get on a call."
  • Roadmap: theirs. You're a logo on a slide somewhere.
// mimir

Open. Yours to keep.

  • Source code: Apache 2.0 / BSL 1.1. Read it, fork it, ship it.
  • Telemetry: stays on your network. We never see it.
  • Detections: SQL queries. You can read every one. You can write your own.
  • Pricing: $0. The repo is right there.
  • Roadmap: a public issue tracker. Open a PR.
// security engineer

You can audit a detection

Open the pack, read the SQL, see exactly what's matched and why. No "the model said so."

// CISO

Your data never leaves

One binary in your VPC, your Postgres, your retention policy. A vendor breach doesn't include your fleet.

// developer / SRE

It's just osquery + a UI

Standard SQL, standard transport, standard outbound webhooks. Nothing magical, nothing locked.

// section 02 — the rent meter

While you've been on this page,
somebody's commercial EDR bill ticked up.

Industry-typical pricing, applied to a 25,000-endpoint fleet, billed by the second. Project Mimir's bill, over the same window: $0.00.

rent meter · running
$0.00

spent on commercial EDR since you opened this page — assuming a 25k-endpoint fleet at the typical $48/endpoint/year rack rate.

Fleet · 25,000 endpoints Rate · $48/endpoint/yr Mimir · $0.00
// section 03 — what you actually get

Free, in this case, doesn't mean toy.

Project Mimir is the same primitives the SaaS vendors charge you for, with the auditability they can't offer and the integrations you actually wanted. Real value, the moment the binary starts.

PILLAR 01

Day-one fleet visibility

Enroll, deploy the agent, query in under an hour. No professional services SOW. No "kickoff call."

PILLAR 02

Gap-fillers, not feature lists

Drift detection, ad-hoc SQL across thousands of hosts, IOC matching against your indicators — the things commercial EDR makes hard or expensive.

PILLAR 03

Plays with your stack

Outbound webhooks to Splunk, Elastic, Datadog, anything that takes JSON. Project Mimir is a sensor, not a destination — point it wherever you already operate.

PILLAR 04

Sovereign by default

One static binary. Postgres + Redis. In your VPC. The agent reports to you, not to a third party that happens to host you.

PILLAR 05

Shaped by people who use it

Built by security teams tired of shipping their fleet's secrets to a vendor. Issues, PRs, and roadmap are all in the open.

PILLAR 06

Free as in free

Apache 2.0 / BSL 1.1. No "open core." No premium tier dangling the actual feature you need behind a sales rep.

You don't need permission to look at your own fleet.

Clone the repo, run one binary, point your hosts at it. The whole thing is sitting on GitHub, waiting.

Get the source → Back to home