Lightweight Monitoring Agent

Monitor Systems.
Detect Threats.

Deploy lightweight agents across your infrastructure to monitor system weaknesses, detect vulnerabilities, and get real-time alerts on suspicious activity.

Get Started

Cross-Platform

30s

Real-time

<1%

Lightweight

process-tree

Live

●ts-ward-agentPID 1running

●ebpf-loaderkernel probes847 events

◆kprobe:sys_execve

◆kprobe:sys_open

◆tracepoint:syscalls

●fanotify-watcherfilesystem events234 events

◆/etc/*

◆/var/log/*

◇/home/*/.ssh

●seccomp-enforcersyscall filter12 events

◆SCMP_ACT_LOG

◆SCMP_ACT_ERRNO

○network-monitorpacket capture0 events

◆iptables:INPUT

◆iptables:OUTPUT

◇nftables:filter

●integrity-checkerfile hashes45 events

◆/usr/bin/*

◆/sbin/*

Active Monitoring

Scroll to explore

The Problem

Your Systems Are Under Constant Attack

Without continuous monitoring, you're blind to threats until it's too late.

File Tampering Goes Undetected

Critical configuration files and sensitive data can be modified without your knowledge.

Reconnaissance Before Attack

Attackers scan your network to find vulnerabilities before launching their attack.

Monitoring Blind Spots

Traditional security tools miss low-and-slow attacks that evade threshold-based detection.

Offline Monitoring Gaps

When connectivity is lost, critical events go unrecorded and evidence is lost.

The Solution

TS/Ward Agent gives you
continuous visibility.

A lightweight monitoring agent that runs on any system, tracks file access, detects network reconnaissance, and reports everything in real-time.

File Monitoring

Port Scan Detection

Network IDS

Real-time Alerts

Offline Resilience

Features

Complete Infrastructure Monitoring

Five powerful capabilities to give you full visibility into your systems.

File Monitoring

Filesystem Monitoring

Monitor file access, modification, and deletion events in real-time. Know when critical files are touched and by which process.

Network Security

Port Scan Detection

Detect reconnaissance attempts by monitoring trap ports that should never receive traffic. Catch attackers before they find your real services.

Network IDS

Hardware Network Monitoring

Deploy dedicated hardware devices on your office network for intrusion detection. Monitor internal traffic and detect lateral movement.

Alerting

Real-time Reporting

Events are reported to the controller immediately. Configure notifications via email, Slack, or webhooks to stay informed.

Reliability

Offline Resilience

When the controller is unreachable, agents buffer events locally and continue monitoring. Nothing is lost when connectivity returns.

How It Works

Deploy and Monitor in Minutes

Simple deployment workflow to get your infrastructure monitored quickly.

Deploy

Install the agent binary on your systems using enrollment tokens.

Configure

Set up monitored paths, trap ports, and alert thresholds.

Monitor

Agents start reporting file access and network events in real-time.

Alert

Receive instant notifications when suspicious activity is detected.

Investigate

Review detailed logs with timestamps, sources, and context.

Use Cases

Built for Security Operations

Whether you're running a SOC or managing IT security, the TS/Ward Agent has you covered.

SOC Teams

Continuous monitoring and real-time alerts for security operations centers.

IT Security

Protect infrastructure with lightweight agents that don't impact performance.

Compliance

Meet audit requirements with comprehensive file access logging.

Incident Response

Deploy rapid monitoring during active investigations.

FAQ

Frequently Asked Questions

Everything you need to know about TomeSpell.

The TS/Ward Agent runs on Linux, Windows, and macOS. It's written in Go and compiles to native binaries for each platform. Linux agents use inotify/fanotify for file monitoring, while Windows and macOS use their native APIs.

The agent is designed to be lightweight with minimal resource usage. It uses efficient OS-level APIs for monitoring and only reports relevant events. Most deployments see negligible CPU and memory overhead.

When the controller is unreachable, agents buffer events in memory and continue monitoring. Once connectivity is restored, all buffered events are sent with their original timestamps. The buffer size is configurable.

Agents communicate with the controller over HTTPS using agent-specific authentication tokens. Tokens are generated during enrollment and stored securely on the agent.

Yes! Agents poll the controller for configuration changes every 30 seconds. You can update monitored paths, trap ports, and other settings from the controller dashboard without restarting agents.

Ready to track your infrastucture
and catch intruders early?

Deploy TomeSpell today and gain complete visibility into your documents and infrastructure.

Get Started Now

Monitor Systems.Detect Threats.

Your Systems Are Under Constant Attack

File Tampering Goes Undetected

Reconnaissance Before Attack

Monitoring Blind Spots

Offline Monitoring Gaps

TS/Ward Agent gives youcontinuous visibility.

Complete Infrastructure Monitoring

Filesystem Monitoring

Port Scan Detection

Hardware Network Monitoring

Real-time Reporting

Offline Resilience

Deploy and Monitor in Minutes

Deploy

Configure

Monitor

Alert

Investigate

Built for Security Operations

SOC Teams

IT Security

Compliance

Incident Response

Frequently Asked Questions

Ready to track your infrastucture and catch intruders early?

Monitor Systems.
Detect Threats.

TS/Ward Agent gives you
continuous visibility.

Ready to track your infrastucture
and catch intruders early?