Security for
network, servers & web.
A lightweight agent · manager · CLI · dashboard you can pip install — now with a full SecOps brain: SIEM, XDR, EDR, UEBA, SOAR, Threat Intel, NDR, Cloud & a local AI triage. MITRE-mapped alerts and one-click response — your data never leaves your network.
01 — The platform
Most security tools watch logs. Nexus understands your stack — Laravel, Next.js, Nginx — and keeps every finding inside your own network.
Telemetry is signed with HMAC and stored locally. Nothing is sent to a third-party cloud.
Catches exposed .env, APP_DEBUG in production and leaked NEXT_PUBLIC secrets — not just raw logs.
A stdlib-only agent. Install with pip or npm, run as a service, scale to many endpoints.
02 — Capabilities
Everything you'd expect from a SIEM — plus what developers actually need.
File Integrity Monitoring
Baseline checksums detect when sensitive files like .env change — instantly, with the exact before/after hash.
Log Monitoring
App-aware decoders for Laravel, Nginx and auth logs catch SQLi, scanners, exceptions and brute-force in real time.
Vulnerability Detection
Correlates your software inventory against a CVE database — Log4Shell, PuTTY, 7-Zip and more, with version ranges.
Web & App Audit
Detects what SIEMs miss: APP_DEBUG in production, exposed .env, weak DB creds, leaked NEXT_PUBLIC secrets.
Rule & Alert Engine
Level 0–15 alerts mapped to MITRE ATT&CK, deduplicated, grouped into incidents to kill alert fatigue.
Active Response
One-click “Secure” — block IP, enable firewall, kill process, harden. Dry-run by default with protected-IP allowlists.
03 — SecOps
A full SOC brain, inside one install.
Nexus consolidates the de-duplicated capabilities of 20 enterprise tools into 9 modules inside nexus-fleet — one platform, one agent, no external API. They read the same real data and feed each other from detection to automated response.
Search & aggregate the event store with the NQL query language.
Splunk · Elastic · QRadarFuse many alerts across time into one kill-chain incident.
Defender · Cortex XDRReal process tree (pid/ppid) + suspicious-lineage detection.
CrowdStrike · SentinelOnePer-entity behavioral baselines + anomaly scoring + peer analysis.
Securonix · ExabeamPlaybooks → real active response, dry-run-safe and triple-gated.
Cortex XSOAR · Google SecOpsIOC store + match on real telemetry + feed import & retro-hunt.
MISP · OTX · abuse.chBeaconing/C2, port-scan & IOC-destination detection from flows.
Security Onion · QRadar QFlowEvaluate cloud config vs CIS + import Prowler; posture score.
Cortex · Defender for CloudPrioritize, summarize the kill-chain & recommend — no API cost.
Local · zero token04 — Architecture
One platform, four components.
- FIM · logs · SCA
- Syscollector · inventory
- Offline store-and-forward
- Rule & alert engine
- Vuln detection · policy
- License · RBAC · audit
- Web dashboard
- Interactive SOC console
- REST API
05 — Editions
Start free. Unlock more as you grow.
For evaluation and small setups.
- 2 agents
- Core detection rules
- Dashboard & CLI
- Community support
For teams securing real infrastructure.
- Seat-based agents
- All rules · FIM · Web audit · SCA · Vuln
- Sigma import & Active Response
- Reports · posture score · email support
Unlimited scale with priority care.
- Unlimited agents
- mTLS · at-rest encryption · RBAC
- Priority support & onboarding
- Custom licensing
06 — Get started
Up and running in one command.
No cluster, no indexer, no heavy runtime. Install the package, run the manager, enroll an agent — and watch real findings appear.
$ pip install nexus-fleet> nexus-manager run --host 0.0.0.0 --port 8765> nexus-agent enroll --host <manager> --key <KEY> --watch ./app> nexus-agent start> nexus-cli alerts07 — Founders