Weaklayer Docs

Welcome to the Weaklayer documentation. These pages will convey an understanding of how to effectively use Weaklayer and a bit regarding how it works. This page in particular covers some high level concepts regarding what Weaklayer is and how it is set up.

What is Weaklayer?

Weaklayer is a software system for "Browser Detection and Response". This term purposely resembles "Endpoint Detection and Response (EDR)", because a goal of Weaklayer is to give organizations EDR-like capabilities for events that happen inside the browser.

There is a sensor component and a server component to the Weaklayer software system. The sensor component is open source and there is an open source reference implementation for the server component.

The sensor component is a browser extension called the Weaklayer Sensor. The Weaklayer Sensor is what captures and records security-relevant events that happen inside the web browser. The Weaklayer Sensor achieves great visibility into browser events by using the unique capabilities granted to browser extensions. This allows the sensor to see events (e.g. user interaction with web pages) that would be impossible with network devices and extremely fragile/expensive with EDR.

The server component is called the Weaklayer Gateway. The Weaklayer Gateway is the initial destination for all Weaklayer Sensor data. The Weaklayer Gateway implements sensor authentication and makes data available for use in your security stack. It makes it easy to securely get your hands on the data that the sensor produces. These docs are concerned with the open source Weaklayer Gateway Reference Implementation.

What is Weaklayer Not?

Weaklayer is not a replacement for any of your existing security tools. Weaklayer gives you access to a brand new class of data that can help you detect and respond to security incidents. Integrating Weaklayer data into your existing security stack will produce even better results.

Weaklayer is not another agent on your endpoint. The Weaklayer Sensor is a sandboxed browser extension. It runs as part of the web browser process. Additionally, it does not have access to systems or processes outside the browser. This results in lower resource requirements and limits the blast radius of bugs and security issues.

What Next?

Head over to the Getting Started Tutorial to set up Weaklayer locally and start receiving your own data.

Alternatively, see Kicking Ass with Weaklayer to see how to detect credential phishing with Weaklayer data.