Free Tier Available

See Everything.
Secure Everything.

Enterprise-grade endpoint visibility and control with a local-authority trust model. Your machines, your rules.

0 Features

0 Product Tiers

0 Platforms

eyelog-agent

$ eyelog-agent status

╔═══════════════════════════════════════════════════════════╗
║                      EyeLog Agent                         ║
╠═══════════════════════════════════════════════════════════╣
║  Status:     ● ACTIVE                                    ║
║  Manifest:   standard v2.1.0                              ║
║  Collector:  collector.example.com:9443                   ║
║  Connected:  Yes (mTLS)                                   ║
╠═══════════════════════════════════════════════════════════╣
║  INFO Capabilities:                                       ║
║    ✓ System Metrics    ✓ Network Telemetry            ║
║    ✓ Inventory         ✗ Security Monitoring          ║
╠═══════════════════════════════════════════════════════════╣
║  CONTROL Capabilities:                                    ║
║    ✓ Config Push       ✓ Diagnostics                  ║
║    ✓ Lock Screen       ✗ Remote Shell                 ║
╚═══════════════════════════════════════════════════════════╝

Scroll to explore

What is EyeLog?

Eyes, Ears, and Hands
on Every Endpoint

A lightweight agent that provides real-time visibility into what's happening on your machines, with the control capabilities you need to respond.

See

Real-time visibility into processes, connections, services, and everything happening on your endpoints.

Secure

Local-authority trust model. Your machines, your rules. The agent decides what it will do—not the collector.

Control

Execute commands, manage services, respond to incidents—all with capability-based permissions.

Architecture

Dual-Channel Design

Separate channels for control and data. Each optimized for its purpose.

🖥️ AGENT

CONTROL FEATURES gRPC

Receive commands
Execute actions
Apply configuration
Acknowledge results

INFO FEATURES QUIC

Send logs
Send metrics
Send inventory
Send security events

gRPC :9443 ⟷ Bidirectional

QUIC :5514 → Agent to Collector

🏢 COLLECTOR

📡 Receives telemetry

💾 Stores data

📤 Dispatches commands

🖥️ Admin portal

Why Two Channels?

⚡

QUIC for Data

UDP-based, handles high throughput, multiplexed streams, 0-RTT reconnection

🎯

gRPC for Control

Reliable delivery, bidirectional streaming, strong typing with Protobuf

🔒

Both Use mTLS

Mutual authentication, encrypted in transit, certificate-based identity

Capabilities

394 Features Across 4 Tiers

From basic visibility to full incident response. Choose what you need.

📦

System Inventory

Core Hardware (CPU, RAM, disk, network)
Core OS info, hostname, domain
Starter Detailed BIOS, GPU, USB devices
Starter Software packages, services
Business User accounts, SSH keys, sudoers
Enterprise Full persistence scan

📊

Metrics & Telemetry

Core CPU, memory, disk, network
Core Network connections (TCP/UDP)
Starter Per-core CPU, disk I/O
Starter Process-to-connection mapping
Business Latency, queue depth
Enterprise Custom Prometheus scrape

📜

Log Collection

Core File tailing, glob patterns
Core Windows Event Log, Journald
Starter JSON/regex parsing
Starter Docker/Kubernetes logs
Business PowerShell, Sysmon logs
Enterprise Compressed log reading

🔐

Security Monitoring

Business Process creation events
Business File Integrity Monitoring
Business Authentication events
Enterprise YARA scanning
Enterprise Sigma rules
Enterprise Anomaly detection

⚡

Command Execution

Starter Shell commands (bash, cmd)
Starter PowerShell execution
Business Run as user, elevated
Business Real-time streaming
Business Background execution
Enterprise Script deployment

📁

File Operations

Starter List, read, hash
Business Upload, download
Business Create, delete, move
Enterprise Set permissions
Enterprise Search by content
Enterprise Compress/extract

⚙️

System Control

Core Agent restart, config
Starter Agent update
Business Service start/stop
Business Reboot, shutdown
Enterprise Lock screen, logout
Enterprise User management

🚨

Incident Response

Enterprise Quarantine file
Enterprise Kill & quarantine process
Enterprise Network isolation
Enterprise Memory dump
Enterprise Evidence collection
Enterprise Disk acquisition

Trust Model

Agent as Authority

The agent—controlled by a local administrator—has final say over what it will do. No blind trust in centralized infrastructure.

Traditional Model ❌ Rejected

Collector
(Authority)

→ "Do whatever I say"

Agent
(Subordinate)

Collector compromise = full estate compromise
No local control or consent
Single point of policy failure

EyeLog Model ✓ Implemented

Collector
(Requestor)

→ "Please do X if allowed"

Agent
(Authority)

📋 Check Manifest

→

✓ Allowed

✗ Rejected + Alert

Defense in Depth

To compromise an agent, an attacker needs ALL THREE layers:

mTLS

Transport protection. Agent ↔ Collector connection encrypted and mutually authenticated.

Manifest Signing

Content protection. Capability manifests are cryptographically signed. Password required to sign.

Local Admin Approval

Human gate. Local administrator must approve capability changes with elevated privileges.

Capability Manifest

A YAML document defines exactly what the agent will do:

standard-manifest.yaml

manifest:
  id: "standard"
  version: "2.1.0"
  name: "Standard Monitoring"
  
  # What the agent will SEND
  info:
    metrics:
      enabled: true
      categories: [cpu, memory, disk, network]
    inventory:
      enabled: true
      exclude: [user_accounts]  # Privacy
    security_monitoring:
      enabled: false  # Explicitly disabled
  
  # What the agent will ACCEPT
  control:
    diagnostics:
      ping: true
      traceroute: true
    execution:
      shell: false  # No remote shell!
    system:
      lock_screen: true
      reboot: false
  
  # Who controls capabilities
  meta:
    collector_can_manage_capabilities: false

Pricing

Start Free, Scale as You Grow

Free tier for small teams. Premium features for organizations that need more.

Core

Individual / Small Teams

Free up to 5 agents

74 Features

✓ Basic hardware/OS inventory
✓ CPU, memory, disk, network metrics
✓ Network connections telemetry
✓ File tailing, Windows Event Log
✓ Agent config & restart
✓ Community forum support

Get Started

Starter

Small Teams

$5 /agent/month

184 Features +110 vs Core

✓ Everything in Core
✓ Detailed inventory (BIOS, GPU, USB)
✓ Software & service details
✓ Shell command execution
✓ File read, list, hash
✓ Agent update mechanism
✓ Email support

Start Trial

Business

Growing Orgs

$12 /agent/month

304 Features +120 vs Starter

✓ Everything in Starter
✓ Security monitoring (process, FIM)
✓ Authentication monitoring
✓ Full file operations
✓ Service & process control
✓ Reboot, shutdown control
✓ Compliance checks
✓ Priority support

Start Trial

Enterprise

Large Orgs / Regulated

Custom contact us

394 Features +90 vs Business

✓ Everything in Business
✓ YARA, IOC, Sigma detection
✓ Forensic artifact collection
✓ CIS/STIG compliance
✓ Incident response toolkit
✓ Memory & disk acquisition
✓ Network isolation
✓ HSM signing support
✓ Dedicated support

Contact Sales

All plans include: mTLS encryption, capability manifests, local admin control, and the same agent binary.

Feature availability is determined by your license, not a different agent build.

Our Approach

Design Transparency

We don't hide our design thinking. Security through obscurity isn't security. You deserve to know how we protect your infrastructure.

📖

Public Design Documents

Our architecture decisions, state machine design, capability system, and trust model are all documented publicly. You can understand exactly how EyeLog works before deploying.

🔐

No Security by Obscurity

We believe security should come from sound design principles, not from hiding how things work. Our defense-in-depth approach is strong enough to withstand scrutiny.

🎯

Clear Trade-offs

Every architectural decision has trade-offs. We document ours openly—why two channels, why local authority, why manifest signing. Informed customers make better decisions.

Key Design Decisions

📡

Agent-Initiated Connections

Agent connects outbound to collector. No inbound ports, no firewall rules, works through NAT automatically.

🏗️

Dual-Channel Architecture

gRPC for control (reliable), QUIC for data (fast). Each protocol optimized for its purpose.

🛡️

Local Authority Model

Agent decides what to do, not the collector. Collector compromise doesn't mean full estate compromise.

📋

Capability Manifests

YAML documents define exactly what each agent can do. Explicit opt-in, no implicit permissions.

✍️

Manifest Signing

Cryptographic signatures prevent tampering. Password-protected keys, HSM support for enterprise.

🔒

Defense in Depth

Three layers: mTLS (transport) + Signing (content) + Local Admin (human). All three required.

⚡

State Machine

Operational state tracking prevents command conflicts. No corrupted deployments from concurrent admins.

Explore Full Documentation →

See Everything. Secure Everything.

Eyes, Ears, and Handson Every Endpoint

See