Overview
Blocklight is an open-source Detection-as-Code engine for the EVM. It allows security engineers to define threat patterns using declarative YAML rules, ingest real-time blockchain data, and trigger automated alerts. Built for high-performance monitoring of DeFi protocols and on-chain infrastructure.Our Approach
Blocklight is built on the Detection-as-Code philosophy: security rules as version-controlled, testable, and maintainable code. Write detection logic in declarative YAML—no programming required. Core Principles:- Detection-as-Code - Version control your security rules, test them, and deploy with confidence
- YAML-Based Rules - Declarative syntax that’s easy to read, write, and maintain
- Real-Time Observability - Monitor EVM chains in real-time with structured alerts
- Production-Ready - Built for high-throughput monitoring with intelligent caching and concurrent processing
Use Cases
Security Monitoring
Detect threats in real-time: suspicious transfers, approval phishing, token burns, and high-risk transaction patterns.
Observability
Monitor on-chain activity, track protocol interactions, and gain visibility into your DeFi infrastructure.
Threat Detection
Identify malicious patterns, track known attacker addresses, and alert on high-risk transactions.
Compliance & Auditing
Track high-value movements, monitor sanctioned addresses, and generate audit trails for compliance.