Overview
Bastion EDR is an endpoint detection and response platform purpose-built for K-12 school districts, community hospitals, and outpatient clinics — organizations with 500–2,000 endpoints, limited IT staff, and real compliance obligations.
What Bastion does
Section titled “What Bastion does”A lightweight Rust agent runs on every endpoint (Windows, macOS, Linux) and streams telemetry to the Bastion backend. The backend correlates events, applies detection rules, and surfaces threats in the Flutter desktop console.
Core capabilities:
- Real-time threat detection — YARA rules, behavioral analytics, memory scanning, PowerShell/bash script analysis, MITRE ATT&CK v15 coverage
- Automated response — network isolation, file quarantine, process kill, configurable playbooks
- Built-in compliance — HIPAA and FERPA dashboards, PHI/PII detection, tamper-evident audit trail, breach notification workflow
- SIEM forwarding — native Splunk HEC, Elasticsearch, and Microsoft Sentinel connectors
- Software inventory — every installed application across your fleet, with shadow IT detection
Architecture
Section titled “Architecture”Endpoints (agent) → gRPC (port 50051) → Backend API (port 8080) → SurrealDB ↓ Flutter Console (desktop)The agent communicates with the backend over gRPC with optional mTLS. The console communicates with the backend REST API. SurrealDB is the database — it runs embedded or as a standalone service.
What Bastion does not do
Section titled “What Bastion does not do”- No cloud dependency — Bastion runs entirely on your infrastructure. No telemetry is sent to Halden Technologies servers.
- No managed SOC — Bastion is an IT-operated product. If you need a fully managed service, see our MSP partner program.
- No mobile MDM — Bastion manages Windows, macOS, and Linux endpoints only.
Editions
Section titled “Editions”| Feature | Starter | Professional |
|---|---|---|
| Endpoints | Up to 500 | Up to 2,000 |
| Core EDR | ✓ | ✓ |
| HIPAA dashboard | — | ✓ |
| FERPA dashboard | — | ✓ |
| SIEM integration | — | ✓ |
| Playbooks | — | ✓ |
| PHI encryption at rest | — | ✓ |
| Tamper-evident audit logs | — | ✓ |