DaemonEye

High-performance security process monitoring system with audit-grade integrity. Detect process anomalies, hollowing attacks, and suspicious behavior across your infrastructure.

Status: Active
View on GitHub View Docs

DaemonEye is a security-focused process monitoring system designed for cybersecurity professionals who need reliable detection of process anomalies, malware behavior, and suspicious system activity. Built for performance and security, it provides enterprise-grade monitoring with audit-grade integrity across your entire infrastructure.

Highlights

  • Enterprise Performance: High-performance monitoring with minimal system impact (<5% CPU overhead)
  • Universal Coverage: Native support across Linux, macOS, and Windows environments
  • Intelligent Detection: SQL-based detection engine for flexible custom rules and built-in threat patterns
  • Audit Integrity: Cryptographically-secured audit trails with tamper-evident logging
  • SIEM Ready: Multi-channel alerting integrates seamlessly with existing security infrastructure
  • Air-Gap Compatible: Works completely offline without external dependencies

Detection Capabilities

DaemonEye automatically detects critical security threats including:

  • Process Hollowing: Identifies processes running without legitimate executables
  • File Integrity Violations: Detects executable modifications during runtime
  • Suspicious Process Patterns: Flags unusual parent-child relationships and name duplications
  • Resource Anomalies: Monitors for abnormal CPU, memory, and network usage patterns
  • Custom Threats: Write your own detection rules using standard SQL queries

Usage

Monitor your systems:

# Start continuous monitoring
daemoneye-agent --database /var/lib/daemoneye/processes.db

# Query current system state
daemoneye-cli --format json

# Export security reports
daemoneye-cli --export-format csv --output security-report.csv

Integration examples:

# Send alerts to your SIEM
daemoneye-agent --syslog-endpoint your-siem.company.com:514

# Webhook integration for SOC automation
daemoneye-agent --webhook-url https://your-soar.company.com/webhook

# Email alerts for critical incidents
daemoneye-agent --email-smtp smtp.company.com --alert-email soc@company.com

Key Features

Real-Time Threat Detection

Monitor your systems continuously with intelligent detection rules that identify process hollowing, malware injection, privilege escalation attempts, and other advanced threats without overwhelming security teams with false positives.

Enterprise Integration

Seamlessly integrate with existing security infrastructure through multiple alert channels including syslog for SIEM platforms, webhooks for security orchestration, email notifications for incident response, and structured file outputs for log aggregation.

Audit-Grade Security

Every monitored event is cryptographically secured in tamper-evident audit logs, providing the integrity guarantees needed for forensic analysis, compliance reporting, and incident investigation.

Cross-Platform Deployment

Deploy consistent security monitoring across heterogeneous environments with native support for Linux servers, macOS endpoints, and Windows workstations using a single unified toolset.

Target Users

  • SOC Analysts: Monitor fleet infrastructure for process-level threats and anomalies
  • Incident Responders: Investigate compromised systems with detailed process history
  • Security Engineers: Integrate process monitoring into existing SIEM and SOAR platforms
  • System Administrators: Maintain security visibility across diverse server environments
  • DevSecOps Teams: Embed security monitoring into deployment pipelines and infrastructure

Free Forever

DaemonEye’s core functionality is completely free with no time limits, including full process monitoring, built-in detection rules, complete alerting system, and cross-platform support. Future Business and Enterprise tiers will add centralized management and advanced integrations for larger organizations.

Ready to Get Started?

Download DaemonEye and start using it in your environment.