Only the latest release is actively supported with security updates.
If you discover a security vulnerability in DriftWatch, please report it responsibly. Do not open a public GitHub issue.
- Email the maintainer directly (see repository contact info).
- Include a clear description of the vulnerability and reproduction steps.
- Allow reasonable time for a fix before any public disclosure.
DriftWatch is designed to run locally as a developer/analyst tool. It should not be exposed directly to the internet without additional authentication and hardening.
- Sigma rule YAML and event JSON inputs are parsed server-side — do not accept untrusted input from external sources in production.
- The SQLite database (
driftwatch.db) contains saved reports — ensure it is not readable by untrusted users. - The Flask development server (
debug: true) should never be used in production.
- Issues in third-party dependencies (report to the respective project).
- Issues requiring physical access to the host machine.