Zedmos
ENDE
Get Started
All features
Security

Feed-Driven Threat Intelligence

Address, domain, URL, and TLS-fingerprint feeds drive blocking decisions. Updates apply atomically with no engine restart.

GA
HOW IT WORKS

Walk through a single flow

  1. 1Feeds normalise to four reference types — address, domain with wildcard support, URL, and TLS fingerprint.
  2. 2A suffix trie and purpose-built hash tables keep lookups fast at any feed size.
  3. 3Each feed has a generation identifier. The engine serves the current generation until a validated replacement is ready.
  4. 4Matches flag events so downstream policy can escalate, chain, or forward.
UNDER THE HOOD

Technical notes

Validated updates

A scheduler pulls feeds at operator-configured intervals and validates integrity before swapping. A corrupted or truncated feed is rolled back silently, with a clear reason on the control plane.

RELATED

Other capabilities that plug in here

Security
Multi-Action Policy Engine
allow / drop / reset / shape / redirect / quarantine / tarpit / scan / rewrite / exec / mark / escalate / route / log.
Platform
Hot-Reload Control Plane
SIGHUP and UNIX-socket commands swap policies, feeds, and routes with zero packet loss.