Dosu Logo
Home
Documents
Introduction
Introduction
Type
External
Status
Published
Created
Mar 8, 2026
Updated
Apr 3, 2026
Updated by
Dosu Bot

Welcome to the DaemonEye documentation! This comprehensive guide covers
everything you need to know about DaemonEye, a high-performance,
security-focused process monitoring system built in Rust.

What is DaemonEye?#

DaemonEye is a complete rewrite of the Python prototype, designed for
cybersecurity professionals, threat hunters, and security operations
centers. It provides real-time process monitoring, threat detection, and
alerting capabilities across multiple platforms.

Key Features#

  • Real-time Process Monitoring: Continuous monitoring of system processes with minimal performance impact
  • Threat Detection: SQL-based detection rules with hot-reloading capabilities
  • Multi-tier Architecture: Core, Business, and Enterprise tiers with different feature sets
  • Cross-platform Support: Linux, macOS, and Windows support
  • Container Ready: Docker and Kubernetes deployment options
  • Security Focused: Built with security best practices and minimal attack surface

Three-Component Security Architecture#

DaemonEye follows a robust three-component security architecture:

  1. procmond (Collector): Privileged process monitoring daemon built on collector-core framework with minimal attack surface
  2. daemoneye-agent (Orchestrator): User-space orchestrator with embedded EventBus broker for multi-collector coordination, IPC server for CLI communication, and alert management
  3. daemoneye-cli: Command-line interface for database queries and system management
    This separation ensures robust security by isolating privileged operations from network functionality while enabling scalable multi-collector architectures.

Documentation Structure#

This documentation is organized into several sections:

  • Getting Started: Quick start guide for new users
  • Project Overview: Detailed project information and features
  • Architecture: System architecture and design principles
  • Technical Documentation: Technical specifications and implementation details
  • User Guides: Comprehensive user and operator guides
  • API Reference: Complete API documentation
  • Deployment: Installation and deployment guides
  • Security: Security considerations and best practices
  • Testing: Testing strategies and guidelines
  • Contributing: Contribution guidelines and development setup
  • Installation Guide
  • Configuration Guide
  • Operator Guide
  • API Reference
  • Docker Deployment
  • Kubernetes Deployment

Getting Help#

If you need help with DaemonEye:

  1. Check the Getting Started guide
  2. Review the Troubleshooting section
  3. Consult the API Reference for technical details
  4. Join our community discussions on GitHub
  5. Contact support for commercial assistance

License#

DaemonEye follows a dual-license strategy:

  • Core Components: Apache 2.0 licensed (procmond, daemoneye-agent, daemoneye-cli, daemoneye-lib)
  • Business Tier Features: $199/site one-time license (Security Center, GUI, enhanced connectors, curated rules)
  • Enterprise Tier Features: Custom pricing (kernel monitoring, federation, STIX/TAXII integration)
    This documentation is continuously updated. For the latest information, always refer to the most recent version.