Everything you need for endpoint visibility
A metadata-only endpoint visibility platform with live system health, storage retention controls, Splunk-style event search, SOC reporting, charts, CVE matching with raw NVD details, dense Alerts triage, webhook and email notifications, analyst ownership, and audit-backed controls.
Agent Management
Deploy and maintain a global fleet without the manual overhead of traditional monitoring tools.
- check_circleZero-touch bootstrap enrollment
- check_circleAgent metrics WebSocket for live host-health updates, with REST heartbeat fallback
- check_circleAggregate host metrics on macOS, Linux, and Windows, with Windows customer installers tracked for the next platform phase
$ sudo ./install.sh
[info] Server URL: https://server.local:52443
[success] Agent "nyc-edge-04" enrolled successfully.
[info] Metrics WebSocket connected (effective interval)
[info] Heartbeat fallback active
System Health
See the local server and every reporting endpoint at a glance with aggregate CPU, memory, disk, network throughput, and best-effort temperature metrics.
- check_circleDashboard and Agents use throttled realtime nudges with resilient REST polling fallback
- check_circleAgent list and detail views show compact live/stale/unavailable states, fleet defaults, per-agent overrides, and time-limited diagnostic sampling
- check_circleAggregate numeric metrics only — no payloads, command lines, ports, destinations, or per-connection records
Storage & Retention
Keep small servers usable with admin-controlled retention for events, audits, logs, and native update rollback backups.
- check_circleThe dedicated Storage page shows database, WAL, server logs, agent logs, update backups, managed total, and free disk with inline metric explanations
- check_circleManual and daily cleanup prune only managed retention targets and show completed, failed, skipped, or interrupted states
- check_circlePrivileged native updates repair managed rollback-backup ownership so normal app-user cleanup can remove old backups later
SIEM Alerts & Triage
Built-in and custom detections turn endpoint telemetry and software inventory into actionable alerts with dense triage, linked evidence, suppression controls, and analyst workflow.
- check_circleCleartext HTTP, CVE-driven, and custom detection rules
- check_circleOpen, in-progress, closed, true-positive, and false-positive workflows
- check_circleReadable selected-alert detail panels keep rule, risk, remote address, organization, and evidence fields visible in narrow triage layouts
- check_circle1h, 24h, and 7d snooze controls plus active and historical suppression review
Events Search Workspace
Run command-driven searches across endpoint network metadata with time presets, allowlisted fields, facets, and expandable raw event evidence.
Field and Facet Search
Search by event type, agent, timestamp, direction, endpoint IP/port, protocol, process, PID, domain, and organization.
Expandable Evidence Stream
Open each result to inspect normalized fields and raw JSON without capturing headers, cookies, payloads, or decrypted TLS.
Dashboard Operations
Start each investigation from a dense live dashboard that combines fleet state, event volume, top activity, system health, custom ranges, and the current Charts All time view without inventing unsupported metrics.
- check_circleSummary cards show active agents, latest events, hourly activity, and open alert pressure
- check_circleThe existing range selector drives real hourly events, top processes, and top destination data, including custom ranges and Charts All time where supported
- check_circleSystem Health cards show local server and fleet metrics with live, stale, and unavailable states
- check_circleAgent Detail refreshes metrics-only data at the selected agent's effective interval during diagnostic mode
- check_circleDashboard-only users degrade cleanly when Events or Alerts permissions are absent
- check_circlePrivacy note keeps the boundary explicit: aggregate operational metadata only
- check_circleNo packet payloads, HTTP bodies, cookies, decrypted TLS contents, command lines, credentials, or secrets

SOC Reports & Exports
Generate daily, weekly, or custom-range SOC summaries, manage schedules, delete obsolete schedules, and send aggregate-only report emails without leaving the self-hosted console.
Summary Preview
Review event volume, alert severity distribution, top event types, and top destinations before sharing a report.
Controlled Delivery
Events CSV, Alerts CSV, browser print / Save as PDF, schedules, and one-off email reports respect RBAC and send only aggregate report data through OmniSight-managed relay.
Security & Control
Enterprise-grade protection is baked into the core, not bolted on as an afterthought.
JWT Authentication
Short-lived signed sessions with issuer and audience claims, refresh token rotation, and TLS 1.3 enforcement.
Refresh Token Rotation
Automatic token cycling with theft detection and family-based revocation. Stolen tokens are instantly invalidated across the entire session chain.
Session Invalidation
Password changes instantly revoke all active sessions. Token versioning ensures no stale credentials remain valid.
Audit Logging
Immutable logs for every administrative action taken within the platform.
Protection Layer
Rate limiting on all API endpoints, bcrypt password hashing, HttpOnly secure cookies, and security response headers (HSTS, CSP, X-Frame-Options, Referrer-Policy) to mitigate XSS, CSRF, and clickjacking risks.
Privacy by Architecture
OmniSight is a metadata-only platform. We believe you should know where your data is going without looking at what's inside it.
Ready to deploy?
Get OmniSight running on your infrastructure in under 15 minutes.