TomeSpell
Loading...
Lightweight Monitoring Agent

Monitor Systems.
Detect Threats.

Deploy lightweight agents across your infrastructure to monitor system weaknesses, detect vulnerabilities, and get real-time alerts on suspicious activity.

Get Started
3+
Cross-Platform
30s
Real-time
<1%
Lightweight
Scroll to explore
The Problem

Your Systems Are Under Constant Attack

Without continuous monitoring, you're blind to threats until it's too late.

File Tampering Goes Undetected

Critical configuration files and sensitive data can be modified without your knowledge.

Reconnaissance Before Attack

Attackers scan your network to find vulnerabilities before launching their attack.

Monitoring Blind Spots

Traditional security tools miss low-and-slow attacks that evade threshold-based detection.

Offline Monitoring Gaps

When connectivity is lost, critical events go unrecorded and evidence is lost.

The Solution

TS/Ward Agent gives you
continuous visibility.

A lightweight monitoring agent that runs on any system, tracks file access, detects network reconnaissance, and reports everything in real-time.

File Monitoring
Port Scan Detection
Network IDS
Real-time Alerts
Offline Resilience
Features

Complete Infrastructure Monitoring

Five powerful capabilities to give you full visibility into your systems.

File Monitoring

Filesystem Monitoring

Monitor file access, modification, and deletion events in real-time. Know when critical files are touched and by which process.

Network Security

Port Scan Detection

Detect reconnaissance attempts by monitoring trap ports that should never receive traffic. Catch attackers before they find your real services.

Network IDS

Hardware Network Monitoring

Deploy dedicated hardware devices on your office network for intrusion detection. Monitor internal traffic and detect lateral movement.

Alerting

Real-time Reporting

Events are reported to the controller immediately. Configure notifications via email, Slack, or webhooks to stay informed.

Reliability

Offline Resilience

When the controller is unreachable, agents buffer events locally and continue monitoring. Nothing is lost when connectivity returns.

How It Works

Deploy and Monitor in Minutes

Simple deployment workflow to get your infrastructure monitored quickly.

1

Deploy

Install the agent binary on your systems using enrollment tokens.

2

Configure

Set up monitored paths, trap ports, and alert thresholds.

3

Monitor

Agents start reporting file access and network events in real-time.

4

Alert

Receive instant notifications when suspicious activity is detected.

5

Investigate

Review detailed logs with timestamps, sources, and context.

Use Cases

Built for Security Operations

Whether you're running a SOC or managing IT security, the TS/Ward Agent has you covered.

SOC Teams

Continuous monitoring and real-time alerts for security operations centers.

IT Security

Protect infrastructure with lightweight agents that don't impact performance.

Compliance

Meet audit requirements with comprehensive file access logging.

Incident Response

Deploy rapid monitoring during active investigations.

FAQ

Frequently Asked Questions

Everything you need to know about TomeSpell.

The TS/Ward Agent runs on Linux, Windows, and macOS. It's written in Go and compiles to native binaries for each platform. Linux agents use inotify/fanotify for file monitoring, while Windows and macOS use their native APIs.
The agent is designed to be lightweight with minimal resource usage. It uses efficient OS-level APIs for monitoring and only reports relevant events. Most deployments see negligible CPU and memory overhead.
When the controller is unreachable, agents buffer events in memory and continue monitoring. Once connectivity is restored, all buffered events are sent with their original timestamps. The buffer size is configurable.
Agents communicate with the controller over HTTPS using agent-specific authentication tokens. Tokens are generated during enrollment and stored securely on the agent.
Yes! Agents poll the controller for configuration changes every 30 seconds. You can update monitored paths, trap ports, and other settings from the controller dashboard without restarting agents.

Ready to track your infrastucture
and catch intruders early?

Deploy TomeSpell today and gain complete visibility into your documents and infrastructure.

Get Started Now