Documentation

Deploy Kaimz on
your own infrastructure

Kaimz is self-hosted, end to end. Stand up the brain and console, install agents, and watch detections and the Threat Storyline populate in real time.

Getting started

Three components, five steps to live telemetry.

Architecture

Hub-and-spoke, all inside your network.

Deploy agents

Windows & Linux sensors with self-healing.

Engines reference

EDR, SIEM, SOAR, Identity, NHI and more.

API

REST over HTTPS, session or API-key auth.

FAQ

Endpoints, data residency, OS support.

Getting started / 01

Kaimz is self-hosted. You run three things: the brain (correlation + APIs), the console (web UI), and one or more agents on the endpoints you protect.

Provision a Linux host (2+ vCPU, 8 GB RAM) for the brain + console.
Deploy the brain and console (Node + Next.js) behind your reverse proxy.
Open the console, complete first-run setup and enable MFA.
Install the agent on each endpoint.
Watch telemetry, detections and the Threat Storyline populate in real time.

Architecture / 02

Hub-and-spoke, all inside your network:

Brain — ingests agent telemetry, runs detection/correlation engines, serves APIs over mTLS.
Console — operator UI (dashboards, SIEM, SOAR, identity, Threat Storyline).
Agents — lightweight endpoint sensors that stream events and execute response actions.

No component calls a vendor cloud. Intel feeds (NVD/CISA/IOC) are pulled on a schedule and cached locally.

Deploy agents / 03

Agents register to the brain, stream process / network / AMSI telemetry, and run scans (vuln, malware, NHI, exposure, ransomware canary, device posture).

Windows — runs as SYSTEM with a self-healing watchdog and ~30s heartbeat.
Linux — runs as a systemd unit.
RTR response — isolate/lift, kill, quarantine, scan, forensics.

# Linux — one-line install (registers to your brain)
curl -fsSL https://<brain-host>/install-agent.sh | sudo bash

# Windows — elevated PowerShell
irm https://<brain-host>/install-agent.ps1 | iex

Engines reference / 04

Every engine ships in every edition — nothing is a paid bolt-on to get basic protection.

EDR / XDRBehavioral protection + ATT&CK detection.

SIEM (KQL)Query alerts, detections & telemetry.

SOARVisual playbooks + DSL automation.

Identity / MFATOTP, conditional access, RBAC.

NHIKeys, tokens & secrets from the host.

ExposureRunning & reachable CVEs, not just CVSS.

RansomwareCanary tripwires + auto kill/isolate.

Device postureSecure Boot, TPM, BitLocker, ASR grading.

AI defenseLLM firewall + shadow-AI discovery.

API / 05

REST over HTTPS. Authenticate with a console session or an API-key header.

# List managed assets
curl -H "x-kaimz-key: <YOUR_KEY>" https://<brain-host>:4000/v1/assets

# Trigger a device-posture scan
curl -X POST -H "x-kaimz-key: <YOUR_KEY>" \
  https://<brain-host>:4000/v1/device-posture/scan

Common endpoints include /v1/assets, /v1/detections, /v1/incidents, /v1/siem, /v1/nhi, /v1/exposure, /v1/ransomware and /v1/device-posture.

FAQ / 06

Unlimited endpoints?+

Does data leave my network?+

Which operating systems are supported?+

Can I automate response?+

Get started

Deploy the full platform free

See plans Talk to us

Deploy Kaimz onyour own infrastructure