DaemonEye Documentation

Welcome to the DaemonEye documentation! This comprehensive guide covers everything you need to know about DaemonEye, a high-performance, security-focused process monitoring system built in Rust.

What is DaemonEye?

DaemonEye is a complete rewrite of the Python prototype, designed for cybersecurity professionals, threat hunters, and security operations centers. It provides real-time process monitoring, threat detection, and alerting capabilities across multiple platforms.

Key Features

• Real-time Process Monitoring: Continuous monitoring of system processes with minimal performance impact
• Threat Detection: SQL-based detection rules with hot-reloading capabilities
• Multi-tier Architecture: Core, Business, and Enterprise tiers with different feature sets
• Cross-platform Support: Linux, macOS, and Windows support
• Container Ready: Docker and Kubernetes deployment options
• Security Focused: Built with security best practices and minimal attack surface

Three-Component Security Architecture

DaemonEye follows a robust three-component security architecture:

1. procmond (Collector): Privileged process monitoring daemon built on collector-core framework with minimal attack surface
2. daemoneye-agent (Orchestrator): User-space orchestrator with:
   • Embedded EventBus broker for multi-collector coordination via topic-based pub/sub messaging
   • RPC service for collector lifecycle management (start/stop/restart/health checks)
   • IPC server for CLI communication using protobuf over Unix sockets/named pipes
   • Alert management with multi-channel delivery
3. daemoneye-cli: Command-line interface for database queries and system management

This separation ensures robust security by isolating privileged operations from network functionality while enabling scalable multi-collector architectures with RPC-based lifecycle management.

Documentation Structure

This documentation is organized into several sections:

• Getting Started: Quick start guide for new users
• Project Overview: Detailed project information and features
• Architecture: System architecture and design principles
• Technical Documentation: Technical specifications and implementation details
• User Guides: Comprehensive user and operator guides
• API Reference: Complete API documentation
• Deployment: Installation and deployment guides
• Security: Security considerations and best practices
• Testing: Testing strategies and guidelines
• Contributing: Contribution guidelines and development setup

Quick Links

• Installation Guide
• Configuration Guide
• Operator Guide
• API Reference
• Docker Deployment
• Kubernetes Deployment

Getting Help

If you need help with DaemonEye:

1. Check the Getting Started guide
2. Review the Troubleshooting section
3. Consult the API Reference for technical details
4. Join our community discussions on GitHub
5. Contact support for commercial assistance

License

DaemonEye follows a dual-license strategy:

• Core Components: Apache 2.0 licensed (procmond, daemoneye-agent, daemoneye-cli, daemoneye-lib)
• Business Tier Features: $199/site one-time license (Security Center, GUI, enhanced connectors, curated rules)
• Enterprise Tier Features: Custom pricing (kernel monitoring, federation, STIX/TAXII integration)

This documentation is continuously updated. For the latest information, always refer to the most recent version.