monsys.ai documentation

For sysadmins

One curl command per server. Static linked Rust binary of ~5 MB. Linux x86_64 + ARM64 + Windows x64. No yaml files.

Threshold + honeypot + DNA

Threshold breaches, honeypot canaries and process DNA fingerprints trigger an alert. Detection on the host — only aggregates upstream.

Local AI Explain

“Explain this”-button on every alert/log. Answer from a local llama3.1:8b — no external AI provider.

EU only or self-host

Hosting in the EU, or self-host the entire stack via Docker compose. Multi-tenant via Postgres RLS.

Audit-grade signing

Per-agent Ed25519 keypair signs every ingest. Bearer-token theft only is not sufficient to falsify telemetry — see Agent payload signing.

Compliance evidence

ISO 27001, NIS2, CyFun and CIS controls with automatic evidence from your inventory. Export to Trust OS, Vanta, CyberDay.

Emergency console

Browser-shell on an isolated host via the hub WebSocket — no SSH, monsys-console user (no sudo), 15 min limit, all input logged unerasable.

Asset governance

Per server: technical owner, criticality, data classification, backup confirmation, SLA tier — directly linked to compliance scoring.

Topology graph

Auto-detected architecture with nodes + edges + zones. Undocumented connections are flagged so you know they’ve been noted — see Topology.

Diagram generator

PNG / SVG / PDF / Mermaid export from your topology with 4 layout algorithms and optional Ollama analysis. No Visio needed — see Diagrams.

Cloud discovery

Auto-detection for AWS, Azure, GCP, Hetzner, Proxmox, DigitalOcean, Scaleway, OVH and IONOS. Agentless CIS-checks, cost estimate and auto-topology — see Cloud Discovery.