OmniSight Docsv1.2.2

Getting Started

OmniSight is a self-hosted endpoint network monitoring system. The server runs in your environment, agents report network metadata to that server, and OmniSight managed services handle account state, entitlement, and private installer delivery.

This guide describes the current customer flow for the public site and the self-hosted console.

Current production model:

  • The public site is available at https://omnisight.info.
  • Account, entitlement, installer delivery, update metadata, and vulnerability lookup routing are handled by OmniSight managed services.
  • The self-hosted server and endpoint agents run in the customer environment.
  • Public self-serve checkout is temporarily paused during controlled early access. Pricing and account actions route to contact/access request until commercial release is opened.

Current Package Model

PackageDeployment profileAgent deploymentRemote terminal
Startercombined_singleServer and local agent install together on one computerNot included
Starter Separatesplit_singleServer-only install plus one separate agent seatIncluded
Team 10split_team10Server-only install plus up to 10 agentsIncluded
Team 50split_team50Server-only install plus up to 50 agentsIncluded

Remote desktop/RDP is planned for Phase 2. Current remote access support is remote terminal only.


System Requirements

Server Host

The current public installer flow targets macOS native server installs.

RequirementmacOS native server
OSmacOS 12 or newer
PythonInstaller detects a supported Python 3 runtime
TLSInstaller provisions a local certificate with localhost and LAN IP SANs
Service modelCurrent release starts the local server as a system LaunchDaemon and keeps a user menubar helper for status/update approval
Disk500 MB plus local data and log growth

The installer uses prebuilt frontend and agent bundles when they are present in the delivered package. Normal users should start from the account install workspace rather than cloning source and running build commands manually.

Agents

PlatformArchitectureCurrent status
macOSarm64Agent Installer app plus dashboard invite URL
macOSamd64Planned customer package; current published macOS runtime targets arm64
Linuxamd64, arm64CLI/systemd package path validated for Starter Separate
Windowsamd64Aggregate system metrics are implemented in the agent binary; customer installer and connection collection remain planned

Quick Start: Account-Gated Install

Step 1 - Create or Sign In to an Account

  1. Open Pricing.
  2. Choose a plan.
  3. Request access from the contact action while public checkout is paused.
  4. Return to the Account page after your workspace is enabled.

All plans currently use controlled onboarding. Public self-serve checkout remains closed until it is deliberately reopened.

Step 2 - Open the Install Workspace

When entitlement is trialing or active, the Account page exposes the package-specific install workspace.

The workspace issues a short-lived install session tied to:

  • your account
  • your current subscription state
  • the selected package
  • the target installer artifact
  • the self-hosted server identity

Installer downloads are not public static release links.

Each install session also reserves your package's deployment seat in OmniSight managed services. The deployment moves through a cloud-tracked lifecycle (reserved, claimed, active), and a second install attempt while a deployment is reserved or active is blocked until that seat is released. If an install fails partway, the failed session expires its reservation so a retry does not stay blocked.

Step 3 - Install the Server

Download and open the OmniSight Server Installer app on the Mac that will host the server.

For split packages such as Starter Separate:

  1. The installer opens a secure browser handoff. Authorization completes through a local form POST; install session tokens are never placed in browser URLs or history.
  2. OmniSight returns the package-specific server payload through an authenticated download.
  3. The local installer provisions /usr/local/omnisight.
  4. The server starts on https://localhost:52443 and the detected LAN URL, usually https://<server-lan-ip>:52443.
  5. The server writes a stable ENTITLEMENT_SERVER_ID and signed license configuration into its .env.

For the combined Starter package, the installer also installs the local agent for that same computer. The Deploy Agent workspace is intentionally blocked for combined Starter.

Step 4 - Log In to the Local Console

Open:

texthttps://localhost:52443

or from another device on the same LAN:

texthttps://<server-lan-ip>:52443

Initial admin credentials are shown once by the installer and are also written to:

text/usr/local/omnisight/server/.admin_credentials

Delete that file after the first successful login.

Step 5 - Deploy an Agent

For split packages, open the local console and go to Agents > Deploy Agent.

The current no-code console flow is macOS-focused:

  1. Create a short-lived macOS invite.
  2. Download the public OmniSight Agent Installer app from https://omnisight.info.
  3. Paste the invite URL into the app on the target Mac.
  4. The app claims the local server manifest and writes the delivered CA certificate into the agent config.

Linux agent packages are available through the controlled CLI/package path for eligible split packages. Linux services install under /opt/omnisight-agent, use /etc/omnisight-agent/agent.yaml, and run through omnisight-agent.service.


Step 6 - Review System Health, Events, Vulnerabilities, and Alerts

After the first agent reports:

  1. Open Dashboard to review System Health for the local server and reporting agents, including the current Custom range and Charts All time views when needed.
  2. Open Events to inspect endpoint connection metadata.
  3. Open Charts to review process, destination, and geographic enrichment. Public IP enrichment is enabled by default and skips private/internal addresses.
  4. Open Vulnerabilities to review software inventory, CVE/NVD matches, and per-CVE raw NVD details when deeper context is needed. Matching uses package metadata only.
  5. Open Alerts to run evaluation, inspect linked evidence, assign or unassign an owner, and mark true-positive or false-positive verdicts from the dense triage workspace.

Alert ownership and verdict changes are written to the audit trail.


Network Access Points

ServiceURL
Local dashboardhttps://localhost:52443
LAN dashboardhttps://<server-lan-ip>:52443
Health checkhttps://localhost:52443/health

Agents should use the server URL shown by the installer or the dashboard. For LAN/self-signed server certificates, agents must trust the delivered CA PEM or an explicit CA file path.


Entitlement and Seat Limits

The self-hosted server caches a signed entitlement lease from OmniSight managed services.

Healthy states:

  • trialing
  • active

Restricted states can block:

  • new downloads
  • new agent enrollment
  • updates
  • event ingest

Starter Separate allows one separate agent. The server host does not consume that separate agent seat.

Deployment seats are cloud-authoritative:

  • The first install reserves your package's deployment seat.
  • A second install attempt while the seat is reserved or active is blocked.
  • Uninstalling requests a cloud release; the deployment enters a short release quarantine (release_pending) before the seat frees, so an immediate reinstall may still be blocked until the quarantine elapses.
  • The Account page shows deployment and agent seat usage and provides a Request manual release action for owners/admins when a deployment needs recovery.
  • Continued server activity after a release request marks the deployment as needing review instead of silently reusing the seat.

For split and team packages, separate agent installs use single-use enrollment grants issued by OmniSight managed services; a consumed grant cannot be replayed.



Uninstalling

On macOS native combined Starter installs:

bash/usr/local/omnisight/installers/macos/uninstall.sh

On macOS native server-only / split installs:

bash/usr/local/omnisight/installers/macos/uninstall-server.sh

On Linux agent installs:

bashcd /path/to/extracted/agent-package
sudo bash installers/linux/uninstall-agent.sh

The uninstaller stops services, removes launchd/systemd entries, and removes installed files. Server uninstall also requests a cloud deployment release; the deployment stays in a short release quarantine before the seat frees for a new install. Your cloud account and subscription are not removed by local uninstall.