DaemonEye Documentation#

Welcome to the DaemonEye documentation! This comprehensive guide
covers everything you need to know about DaemonEye, a high-performance,
security-focused process monitoring system built in Rust.

What is DaemonEye?#

DaemonEye is a complete rewrite of the Python prototype, designed for
cybersecurity professionals, threat hunters, and security operations
centers. It provides real-time process monitoring, threat detection, and
alerting capabilities across multiple platforms.

Key Features#

• Real-time Process Monitoring: Continuous monitoring
  of system processes with minimal performance impact
• Threat Detection: SQL-based detection rules with
  hot-reloading capabilities
• Multi-tier Architecture: Core, Business, and
  Enterprise tiers with different feature sets
• Cross-platform Support: Linux, macOS, and Windows
  support
• Container Ready: Docker and Kubernetes deployment
  options
• Security Focused: Built with security best
  practices and minimal attack surface

Three-Component Security#

Architecture
DaemonEye follows a robust three-component security architecture:

1. procmond (Collector): Privileged process monitoring
   daemon built on collector-core framework with minimal attack
   surface
2. daemoneye-agent (Orchestrator): User-space
   orchestrator with:
   • Embedded EventBus broker for multi-collector coordination via
     topic-based pub/sub messaging
   • RPC service for collector lifecycle management
     (start/stop/restart/health checks)
   • IPC server for CLI communication using protobuf over Unix
     sockets/named pipes
   • Alert management with multi-channel delivery
3. daemoneye-cli: Command-line interface for database
   queries and system management
   This separation ensures robust security by isolating privileged
   operations from network functionality while enabling scalable
   multi-collector architectures with RPC-based lifecycle management.

Documentation Structure#

This documentation is organized into several sections:

• Getting Started:
  Quick start guide for new users
• Project
  Overview: Detailed project information and features
• Architecture:
  System architecture and design principles
• Technical
  Documentation: Technical specifications and implementation
  details
• User Guides:
  Comprehensive user and operator guides
• API Reference:
  Complete API documentation
• Deployment:
  Installation and deployment guides
• Security: Security
  considerations and best practices
• Testing: Testing
  strategies and guidelines
• Contributing:
  Contribution guidelines and development setup

Quick Links#

• Installation Guide
• Configuration
  Guide
• Operator Guide
• API Reference
• Docker Deployment
• Kubernetes Deployment

Getting Help#

If you need help with DaemonEye:

1. Check the Getting Started
   guide
2. Review the Troubleshooting
   section
3. Consult the API Reference
   for technical details
4. Join our community discussions on GitHub
5. Contact support for commercial assistance

License#

The DaemonEye components in this repository — procmond,
daemoneye-agent, daemoneye-cli, daemoneye-lib — are licensed under
Apache 2.0. Commercial extensions ship separately; see evilbitlabs.io
for details.

This documentation is continuously updated. For the latest
information, always refer to the most recent version.

Source note: Populated from the public repo
(docs/src/introduction.md) on 2026-04-18. This page was
previously empty; the content above mirrors the repo at the time of
sync.