PHANTOMLAB

Endpoint Data Loss Prevention Agent

PHANTOMLAB is a modular, silent DLP agent that enforces data protection policies in real time on the endpoint — stopping exfiltration before it leaves the machine. It monitors every channel a sensitive file or string could escape through and blocks or logs the attempt immediately.

What Makes It Different

• Runs entirely on the endpoint — no cloud dependency, no latency between detection and block
• Dual-engine classification: rule-based policies for known patterns plus ML for anomalous content rules have not yet seen
• USB write protection with a whitelist so approved drives work normally while unknown devices are blocked at hardware level
• Clipboard monitoring covers text and images, catching screenshot pastes that bypass document-level controls
• Forwards structured alerts to your SOC dashboard or directly into Wazuh via RFC5424 Syslog
• Modular design — each monitor (USB, clipboard, screenshot) can be toggled independently per policy

Key Capabilities

• USB write protection with whitelist support
• Clipboard monitoring — text and image
• Screenshot folder monitoring and interception
• Rule-based and ML-based content classification
• JSON-driven policy management with auto-generated agent IDs
• Log forwarding to HTTP SOC dashboard and Wazuh via Syslog