A fully simulated Debian 12 environment. The client sensor is open source (MIT); the emulation engine is our managed service. It captures every command, download and credential — and turns them into actionable intelligence.
The SSH client is open source and deploys on your infrastructure. The emulation engine lives in the CipherSentry cloud and never leaves our servers.
Captures username, password, auth method and SSH client version.
Complete Debian 12 directory tree. Isolated per session.
ls, ps, netstat, wget, curl, gcc, python3 and many more, with realistic output.
Downloads and stores files without running them. ELF/shell/ZIP type analysis.
Every event with a precise timestamp. Exportable to JSON.
Country, city and ASN per attacking IP. Built-in interactive map.
Pipes, redirects, environment variables and interactive REPLs (Python, Perl).
Web dashboard with advanced analysis, maps and terminal reconstruction.
Captures SFTP sessions and direct executions (no interactive shell).
Lightweight image ready to deploy. Configurable environment variables.
JSON events with full metadata, aggregated in a single place.
Public statistics and per-tier intelligence (IOCs). More endpoints on the way.
The SSH client is always free and open source. The plans meter Shell API usage by commands per month. Start for free, with no credit card.
Card payments coming soon. Write to us to activate your plan now.
Standard JSON Lines logs: format-compatible with your stack (Filebeat→Elastic, Splunk, Grafana via datasource).
1 · Install the sensor (one command)
curl -fsSL https://ciphersentry.yoire.com/install.sh | bash
2 · Connect the node to your account
bash node.sh enroll
It gives you a link: you log in and your node joins your Swarm.
3 · See activity live
bash node.sh logs
Or from your web dashboard, in The Swarm: sessions, IPs and commands per node.