Overview
Blocklight is an open-source Runtime Security Engine for the EVM. It allows security engineers to define threat patterns using declarative YAML rules, ingest real-time blockchain data, and trigger automated alerts. Built for high-performance monitoring of DeFi protocols and on-chain infrastructure.Our Approach
Blocklight is built on the Detection-as-Code philosophy: security rules as version-controlled, testable, and maintainable code. Write detection logic in declarative YAML—no programming required. Core Principles:- Detection-as-Code - Version control your security rules, test them, and deploy with confidence
- YAML-Based Rules - Declarative syntax that’s easy to read, write, and maintain
- Real-Time Observability - Monitor EVM chains in real-time with structured alerts
- Production-Ready - Built for high-throughput monitoring with intelligent caching and concurrent processing
Use Cases
Security Monitoring
Detect threats in real-time: suspicious transfers, approval phishing, token burns, and high-risk transaction patterns.
Observability
Monitor on-chain activity, track protocol interactions, and gain visibility into your DeFi infrastructure.
Threat Detection
Identify malicious patterns, track known attacker addresses, and alert on high-risk transactions.
Compliance & Auditing
Track high-value movements, monitor sanctioned addresses, and generate audit trails for compliance.
How It Works
Blocklight connects to blockchain nodes via RPC/WebSocket, analyzes transactions in real-time, evaluates your detection rules, and sends alerts when threats are detected. Everything is configured in YAML—no coding required. For a detailed look at Blocklight’s architecture, see the Architecture page.Getting Started
Install Blocklight and create your first detection rule in minutes.
Writing Rules
Learn how to write powerful detection rules in YAML.
Deployment
Deploy Blocklight in production with Docker.
API Reference
Integrate Blocklight with your applications via REST API.