Product Capabilities

Everything you need for endpoint visibility

A metadata-only endpoint visibility platform with live system health, storage retention controls, Splunk-style event search, SOC reporting, charts, CVE matching with raw NVD details, dense Alerts triage, webhook and email notifications, analyst ownership, and audit-backed controls.

hub

Agent Management

Deploy and maintain a global fleet without the manual overhead of traditional monitoring tools.

  • check_circleZero-touch bootstrap enrollment
  • check_circleAgent metrics WebSocket for live host-health updates, with REST heartbeat fallback
  • check_circleAggregate host metrics on macOS, Linux, and Windows, with Windows customer installers tracked for the next platform phase
Agent terminal

$ sudo ./install.sh

[info] Server URL: https://server.local:52443

[success] Agent "nyc-edge-04" enrolled successfully.

[info] Metrics WebSocket connected (effective interval)

[info] Heartbeat fallback active

monitoring

System Health

See the local server and every reporting endpoint at a glance with aggregate CPU, memory, disk, network throughput, and best-effort temperature metrics.

  • check_circleDashboard and Agents use throttled realtime nudges with resilient REST polling fallback
  • check_circleAgent list and detail views show compact live/stale/unavailable states, fleet defaults, per-agent overrides, and time-limited diagnostic sampling
  • check_circleAggregate numeric metrics only — no payloads, command lines, ports, destinations, or per-connection records
LOCAL SERVER
CPU 9.9% · Memory 6.9 GB / 16 GB
FLEET
Net ↓ 8.8 KB/s · Net ↑ 7.6 KB/s
AGENT METRICSLIVE
metrics WebSocket + heartbeat fallback → latest snapshot → dashboard and agent detail
MANAGED STORAGE
DB · WAL · logs · update backups
RETENTION
events 30d · audit 180d · backups keep 2
CLEANUP RUNCOMPLETED
count → prune eligible rollback backups → checkpoint → report bounded result
inventory_2

Storage & Retention

Keep small servers usable with admin-controlled retention for events, audits, logs, and native update rollback backups.

  • check_circleThe dedicated Storage page shows database, WAL, server logs, agent logs, update backups, managed total, and free disk with inline metric explanations
  • check_circleManual and daily cleanup prune only managed retention targets and show completed, failed, skipped, or interrupted states
  • check_circlePrivileged native updates repair managed rollback-backup ownership so normal app-user cleanup can remove old backups later
siren

SIEM Alerts & Triage

Built-in and custom detections turn endpoint telemetry and software inventory into actionable alerts with dense triage, linked evidence, suppression controls, and analyst workflow.

  • check_circleCleartext HTTP, CVE-driven, and custom detection rules
  • check_circleOpen, in-progress, closed, true-positive, and false-positive workflows
  • check_circleReadable selected-alert detail panels keep rule, risk, remote address, organization, and evidence fields visible in narrow triage layouts
  • check_circle1h, 24h, and 7d snooze controls plus active and historical suppression review
ALERT: MEDIUM
Cleartext HTTP traffic observed
OWNER
Assigned to analyst
EVIDENCE LINKEDTRIAGED
web_http_connection → event #1326 → true/false positive verdict
event_type="connection_close"
remote_port=443 direction="outbound"
FIELDS
process_name, remote_ip, org
FACET SEARCHRUN
remote="18.97.36.5:443" to expandable event stream
dynamic_feed

Events Search Workspace

Run command-driven searches across endpoint network metadata with time presets, allowlisted fields, facets, and expandable raw event evidence.

Field and Facet Search

Search by event type, agent, timestamp, direction, endpoint IP/port, protocol, process, PID, domain, and organization.

Expandable Evidence Stream

Open each result to inspect normalized fields and raw JSON without capturing headers, cookies, payloads, or decrypted TLS.

dashboard_customize

Dashboard Operations

Start each investigation from a dense live dashboard that combines fleet state, event volume, top activity, system health, custom ranges, and the current Charts All time view without inventing unsupported metrics.

Refresh Model
Nudged
Data Source
Live APIs
  • check_circleSummary cards show active agents, latest events, hourly activity, and open alert pressure
  • check_circleThe existing range selector drives real hourly events, top processes, and top destination data, including custom ranges and Charts All time where supported
  • check_circleSystem Health cards show local server and fleet metrics with live, stale, and unavailable states
  • check_circleAgent Detail refreshes metrics-only data at the selected agent's effective interval during diagnostic mode
  • check_circleDashboard-only users degrade cleanly when Events or Alerts permissions are absent
  • check_circlePrivacy note keeps the boundary explicit: aggregate operational metadata only
  • check_circleNo packet payloads, HTTP bodies, cookies, decrypted TLS contents, command lines, credentials, or secrets
OmniSight dashboard showing summary cards, system health, hourly events, top processes, and top destinations
REPORT: CUSTOM
Aggregate SOC summary prepared
DELIVERY
CSV, PDF print flow, email summary
CLOUD RELAYSENT
event volume → alert severity → top destinations → aggregate-only email
summarize

SOC Reports & Exports

Generate daily, weekly, or custom-range SOC summaries, manage schedules, delete obsolete schedules, and send aggregate-only report emails without leaving the self-hosted console.

Summary Preview

Review event volume, alert severity distribution, top event types, and top destinations before sharing a report.

Controlled Delivery

Events CSV, Alerts CSV, browser print / Save as PDF, schedules, and one-off email reports respect RBAC and send only aggregate report data through OmniSight-managed relay.

Security & Control

Enterprise-grade protection is baked into the core, not bolted on as an afterthought.

verified_user

JWT Authentication

Short-lived signed sessions with issuer and audience claims, refresh token rotation, and TLS 1.3 enforcement.

3
RBAC Roles
12
Permissions
sync_lock

Refresh Token Rotation

Automatic token cycling with theft detection and family-based revocation. Stolen tokens are instantly invalidated across the entire session chain.

person_off

Session Invalidation

Password changes instantly revoke all active sessions. Token versioning ensures no stale credentials remain valid.

security

Audit Logging

Immutable logs for every administrative action taken within the platform.

visibility_off

Privacy by Architecture

OmniSight is a metadata-only platform. We believe you should know where your data is going without looking at what's inside it.

closeNo TLS Interception
closeNo MITM Behavior
closeNo Payload Extraction
checkConnection Metadata Only
Read the full Trust Center →
shield
Metadata Secured

Ready to deploy?

Get OmniSight running on your infrastructure in under 15 minutes.

Open Deployment AccessSee How It Works