Posted on by John Capobianco

Introducing DefenseClaw: Enterprise Security for NetClaw

NetClaw Gets Enterprise Security with Cisco DefenseClaw

We’re excited to announce the integration of DefenseClaw from Cisco AI Defense as the enterprise security layer for NetClaw. This represents a major upgrade to our security posture, with a comprehensive, production-ready governance solution.

What is DefenseClaw?

DefenseClaw is an enterprise governance layer for OpenClaw-based AI agents developed by Cisco AI Defense. It provides:

  • OpenShell Sandbox: Kernel-level isolation using Landlock, seccomp, and network namespaces
  • Component Scanning: Static analysis of skills, MCPs, and plugins before execution
  • CodeGuard Analysis: Detects hardcoded credentials, eval(), shell commands, SQL injection
  • Runtime Guardrails: LLM prompt/completion inspection across 7 AI providers
  • Tool Call Inspection: 6 rule categories (secret, command, sensitive-path, C2, cognitive-file, trust-exploit)
  • Audit Logging: SQLite database with SIEM export (Splunk HEC, OTLP)

Why DefenseClaw?

Our original NetShell implementation required manual YAML policy configuration and custom Python scripts. DefenseClaw provides all this functionality out of the box:

Feature NetClaw(Old) DefenseClaw (New)
OpenShell Setup Manual Automatic
Component Scanning No Yes
LLM Inspection No Yes (7 providers)
Tool Rules YAML files CLI commands
SIEM Integration No Splunk HEC, OTLP
Webhook Alerts No Slack, PagerDuty, Webex

Getting Started

Fresh Installation

./scripts/install.sh
# When prompted:
# Enable DefenseClaw (recommended)? [y/N]: y

Existing Users

./scripts/defenseclaw-enable.sh

Key Commands

defenseclaw --version              # Check installation
defenseclaw skill scan <name>      # Scan a skill
defenseclaw tool block <tool>      # Block a tool
defenseclaw alerts                 # View security alerts
defenseclaw setup guardrail --mode action  # Enable blocking

Security Modes

DefenseClaw operates in two modes:

  1. Observe Mode (default): Logs all security events without blocking. Perfect for onboarding and development.
  2. Action Mode: Actively blocks dangerous operations. Use for production deployments.

Start in observe mode to understand your workflow’s security profile, then switch to action mode for production:

# Enable blocking mode
defenseclaw setup guardrail --mode action --restart

Compliance Ready

DefenseClaw’s audit logging supports enterprise compliance requirements:

  • SOC2 Type II: Audit trail, access controls, event monitoring
  • PCI-DSS v4.0: Anti-malware, audit trails, incident response
  • HIPAA: Audit controls, integrity, transmission security

Export audit data for compliance review:

defenseclaw alerts --export json > audit-$(date +%Y%m%d).json

Documentation

We’ve created comprehensive documentation:

Thank You, Cisco AI Defense

A huge thank you to the Cisco AI Defense team for creating DefenseClaw. This integration brings enterprise-grade security to NetClaw without requiring users to become security experts.

The combination of OpenClaw, Claude, and DefenseClaw creates a powerful, secure platform for AI-powered network operations.

Ready to upgrade? Run ./scripts/defenseclaw-enable.sh and enjoy enterprise security for your NetClaw deployment.

Questions? Open an issue on GitHub.

Tweet
Share
Share
Pin
0 Shares

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress