Docs · Using Nexus

Nexus Mobile — Companion App

Incidents don't wait for you to be at your desk. Nexus Mobile is a SOC in your pocket — a React Native (Expo) companion app that talks to the same Manager REST API the CLI and dashboard use, so a responder can triage alerts, review incidents, and run a playbook from a phone. It's a companion to your self-hosted manager, not a separate cloud service.

Topic: Mobile · Companion app
Stack: React Native · Expo · TypeScript
Talks to: Manager REST API (admin token)
Status: Available — early

What it does

Nexus Mobile is a focused companion to the self-hosted manager. It authenticates with the same admin-token REST API as the CLI and dashboard, so there is no new backend and no cloud account — the app points at your manager and acts on your data. It is open in the repo at nexus-mobile/, built with Expo Router and TypeScript.

View alerts — a severity-colored list with pull-to-refresh, and drill into detail.
Acknowledge / resolve — act on an alert without leaving your phone.
Incidents & XDR — view incidents and correlated XDR incidents.
SOAR playbooks — list playbooks and run one behind a confirmation dialog.
Settings — enter manager host/port and an admin token, stored with expo-secure-store, and test connectivity.

How to run it

Install dependencies

From the nexus-mobile/ directory, install the Expo project.

bash

npm install

Start Expo

Launch the dev server, then press a (Android), i (iOS) or w (web), or scan the QR code with Expo Go.

bash

npx expo start

Point it at your manager

Open the Settings tab and enter your manager's LAN IP, the port (default 8765), and an admin token. On a LAN, use the manager's LAN IP — not localhost — and keep the phone on the same network.

Test connectivity & save

Tap Test connection — it hits GET /health. A green status means you are wired up. Save, and the credentials are stored in the device keychain via expo-secure-store.

The API it uses

Nexus Mobile uses the same admin-token REST API as the CLI and dashboard — base http://<host>:<port>/api/v1, authenticated with the X-Admin-Token header. No new endpoints are introduced.

endpoints used

GET  /health           # Settings → Test connection
GET  /alerts           # alerts list (severity-colored, pull-to-refresh)
POST /alerts/ack       # acknowledge / resolve an alert
GET  /incidents        # incidents tab
GET  /xdr/incidents    # correlated XDR incidents
GET  /soar/playbooks   # list SOAR playbooks
POST /soar/run         # run a playbook (behind a confirm dialog)

A companion, not a cloud

Nexus Mobile does not phone home to any service of ours. It talks only to the manager you point it at, with a token you supply, over your own network. Credentials never leave the device keychain. Treat the admin token like any other manager credential — anyone with it can act on your alerts.

Tips

Use the manager's LAN IP in Settings — localhost resolves to the phone, not the manager.
Run Test connection first; a failure here is almost always a host/port or network reachability issue.
It is an early companion app — there is no offline cache, so data refreshes on focus and pull-to-refresh.

Triage from anywhere. The dashboard is for the desk; Nexus Mobile is for everywhere else. Same manager, same admin token, same data — now in your pocket when the page comes in.

PreviousSecOps Dashboard Next Tips & Best Practices