Getting Started
OmniSight is a self-hosted endpoint network monitoring system. The server runs in your environment, agents report network metadata to that server, and OmniSight managed services handle account state, entitlement, and private installer delivery.
This guide describes the current customer flow for the public site and the self-hosted console.
Current production model:
- The public site is available at
https://omnisight.info. - Account, entitlement, installer delivery, update metadata, and vulnerability lookup routing are handled by OmniSight managed services.
- The self-hosted server and endpoint agents run in the customer environment.
- Public self-serve checkout is temporarily paused during controlled early access. Pricing and account actions route to contact/access request until commercial release is opened.
Current Package Model
| Package | Deployment profile | Agent deployment | Remote terminal |
|---|---|---|---|
| Starter | combined_single | Server and local agent install together on one computer | Not included |
| Starter Separate | split_single | Server-only install plus one separate agent seat | Included |
| Team 10 | split_team10 | Server-only install plus up to 10 agents | Included |
| Team 50 | split_team50 | Server-only install plus up to 50 agents | Included |
Remote desktop/RDP is planned for Phase 2. Current remote access support is remote terminal only.
System Requirements
Server Host
The current public installer flow targets macOS native server installs.
| Requirement | macOS native server |
|---|---|
| OS | macOS 12 or newer |
| Python | Installer detects a supported Python 3 runtime |
| TLS | Installer provisions a local certificate with localhost and LAN IP SANs |
| Service model | Current release starts the local server as a system LaunchDaemon and keeps a user menubar helper for status/update approval |
| Disk | 500 MB plus local data and log growth |
The installer uses prebuilt frontend and agent bundles when they are present in the delivered package. Normal users should start from the account install workspace rather than cloning source and running build commands manually.
Agents
| Platform | Architecture | Current status |
|---|---|---|
| macOS | arm64 | Agent Installer app plus dashboard invite URL |
| macOS | amd64 | Planned customer package; current published macOS runtime targets arm64 |
| Linux | amd64, arm64 | CLI/systemd package path validated for Starter Separate |
| Windows | amd64 | Aggregate system metrics are implemented in the agent binary; customer installer and connection collection remain planned |
Quick Start: Account-Gated Install
Step 1 - Create or Sign In to an Account
- Open Pricing.
- Choose a plan.
- Request access from the contact action while public checkout is paused.
- Return to the Account page after your workspace is enabled.
All plans currently use controlled onboarding. Public self-serve checkout remains closed until it is deliberately reopened.
Step 2 - Open the Install Workspace
When entitlement is trialing or active, the Account page exposes the package-specific install workspace.
The workspace issues a short-lived install session tied to:
- your account
- your current subscription state
- the selected package
- the target installer artifact
- the self-hosted server identity
Installer downloads are not public static release links.
Each install session also reserves your package's deployment seat in OmniSight managed services. The deployment moves through a cloud-tracked lifecycle (reserved, claimed, active), and a second install attempt while a deployment is reserved or active is blocked until that seat is released. If an install fails partway, the failed session expires its reservation so a retry does not stay blocked.
Step 3 - Install the Server
Download and open the OmniSight Server Installer app on the Mac that will host the server.
For split packages such as Starter Separate:
- The installer opens a secure browser handoff. Authorization completes through a local form POST; install session tokens are never placed in browser URLs or history.
- OmniSight returns the package-specific server payload through an authenticated download.
- The local installer provisions
/usr/local/omnisight. - The server starts on
https://localhost:52443and the detected LAN URL, usuallyhttps://<server-lan-ip>:52443. - The server writes a stable
ENTITLEMENT_SERVER_IDand signed license configuration into its.env.
For the combined Starter package, the installer also installs the local agent for that same computer. The Deploy Agent workspace is intentionally blocked for combined Starter.
Step 4 - Log In to the Local Console
Open:
texthttps://localhost:52443
or from another device on the same LAN:
texthttps://<server-lan-ip>:52443
Initial admin credentials are shown once by the installer and are also written to:
text/usr/local/omnisight/server/.admin_credentials
Delete that file after the first successful login.
Step 5 - Deploy an Agent
For split packages, open the local console and go to Agents > Deploy Agent.
The current no-code console flow is macOS-focused:
- Create a short-lived macOS invite.
- Download the public OmniSight Agent Installer app from
https://omnisight.info. - Paste the invite URL into the app on the target Mac.
- The app claims the local server manifest and writes the delivered CA certificate into the agent config.
Linux agent packages are available through the controlled CLI/package path for eligible split packages. Linux services install under /opt/omnisight-agent, use /etc/omnisight-agent/agent.yaml, and run through omnisight-agent.service.
Step 6 - Review System Health, Events, Vulnerabilities, and Alerts
After the first agent reports:
- Open Dashboard to review System Health for the local server and reporting agents, including the current Custom range and Charts All time views when needed.
- Open Events to inspect endpoint connection metadata.
- Open Charts to review process, destination, and geographic enrichment. Public IP enrichment is enabled by default and skips private/internal addresses.
- Open Vulnerabilities to review software inventory, CVE/NVD matches, and per-CVE raw NVD details when deeper context is needed. Matching uses package metadata only.
- Open Alerts to run evaluation, inspect linked evidence, assign or unassign an owner, and mark true-positive or false-positive verdicts from the dense triage workspace.
Alert ownership and verdict changes are written to the audit trail.
Network Access Points
| Service | URL |
|---|---|
| Local dashboard | https://localhost:52443 |
| LAN dashboard | https://<server-lan-ip>:52443 |
| Health check | https://localhost:52443/health |
Agents should use the server URL shown by the installer or the dashboard. For LAN/self-signed server certificates, agents must trust the delivered CA PEM or an explicit CA file path.
Entitlement and Seat Limits
The self-hosted server caches a signed entitlement lease from OmniSight managed services.
Healthy states:
trialingactive
Restricted states can block:
- new downloads
- new agent enrollment
- updates
- event ingest
Starter Separate allows one separate agent. The server host does not consume that separate agent seat.
Deployment seats are cloud-authoritative:
- The first install reserves your package's deployment seat.
- A second install attempt while the seat is reserved or active is blocked.
- Uninstalling requests a cloud release; the deployment enters a short release quarantine (
release_pending) before the seat frees, so an immediate reinstall may still be blocked until the quarantine elapses. - The Account page shows deployment and agent seat usage and provides a Request manual release action for owners/admins when a deployment needs recovery.
- Continued server activity after a release request marks the deployment as needing review instead of silently reusing the seat.
For split and team packages, separate agent installs use single-use enrollment grants issued by OmniSight managed services; a consumed grant cannot be replayed.
What to Read Next
Uninstalling
On macOS native combined Starter installs:
bash/usr/local/omnisight/installers/macos/uninstall.sh
On macOS native server-only / split installs:
bash/usr/local/omnisight/installers/macos/uninstall-server.sh
On Linux agent installs:
bashcd /path/to/extracted/agent-package
sudo bash installers/linux/uninstall-agent.sh
The uninstaller stops services, removes launchd/systemd entries, and removes installed files. Server uninstall also requests a cloud deployment release; the deployment stays in a short release quarantine before the seat frees for a new install. Your cloud account and subscription are not removed by local uninstall.