Detect. Investigate. Respond.
Unified platform for security operations, digital forensics, and endpoint response across hybrid environments.
Lightweight Rust agent, containerized server, and campaign-driven execution help teams detect and respond with confidence.
Built for security and operations teams
From SOC analysts running threat hunts to DFIR teams collecting forensic evidence, Cagan gives every team detection, response, and compliance capabilities in one platform.
SecOps / SOC
Run YARA, Sigma, and osquery campaigns across the fleet. Monitor findings with MITRE ATT&CK mapping and severity-based triage from a single dashboard.
Incident Response
Quarantine compromised endpoints, collect forensic artifacts, and investigate with 40+ live response commands — all with full audit trail.
DFIR Teams
Profile-driven artifact collection, automated analysis with multi-engine detection, evidence rendering, and timeline preservation for forensic investigations.
IT Operations
Complete asset management — collect hardware, software, network, user, certificate, and security data from every endpoint. Track connectivity, agent versions, and run approved scripts fleet-wide.
Compliance & Audit
RBAC with 4 system roles, CEF audit logging for every operation, tamper protection (agents require signed tokens to uninstall), and mTLS-secured communication by default.
Platform Engineering
Container runtime visibility, Docker security findings, automated agent updates with checksum verification, and dynamic device group targeting.
Multi-Engine Detection
YARA rules, Sigma event correlation, osquery system queries, and forensic pattern analysis with automated findings, MITRE ATT&CK technique mapping, and severity-based triage.
40+ Live Response Commands
Cross-platform terminal sessions for file system, process, network, and host investigation — with session governance, command controls, and CEF audit logging.
Fleet Visibility & Asset Management
Real-time inventory across Linux, macOS, and Windows — hardware, software, network, users, certificates, and security posture with computed connectivity status and dynamic grouping.
Security & Agent Policy
mTLS enrollment, Ed25519 signed uninstall, tamper protection, RBAC with 4 roles, and CEF audit logging. Agent policies control concurrency limits, resource usage, scan paths, and operational boundaries per device group.
See how operators work inside Cagan
Real interface snapshots from detection campaigns, forensic analysis, and fleet management workflows.
Fleet Dashboard
Real-time fleet overview with connectivity status, job trends, enrollment charts, and OS distribution.
Campaign & Detection
Multi-engine campaign execution with YARA, osquery, and collection jobs showing per-device state tracking.
Collection Analysis
Findings table with severity breakdown, MITRE ATT&CK technique mapping, and evidence rendering.
Asset Inventory
Fleet-wide endpoint visibility with connectivity badges, OS breakdown, and dynamic device grouping.
Rules & Scripts
Unified script registry with versioning, visual diff comparison, and admin approval workflow. YARA rules, osquery queries, and operational scripts with full change history.
Live Response Terminal
Cross-platform terminal with 40+ forensic commands, session governance, and real-time CEF audit logging for every operator action.
Minimal footprint, maximum capability
A containerized server that runs anywhere and a Rust agent that performs everywhere — designed for teams that value simplicity and reliability.
Containerized Server Platform
Server, API, and web interface run together in a single container-based deployment. Minimal resource footprint — runs comfortably on 2 vCPU / 4 GB RAM. No complex infrastructure required, production-ready out of the box.
High-Performance Rust Agent
Lightweight endpoint agent built in Rust for maximum performance and reliability. Sub-30MB binary with minimal CPU and memory overhead. Runs seamlessly on Linux, macOS, and Windows without runtime dependencies.
Multi-Platform Support
Full support for Linux (Ubuntu 20.04+, RHEL 8+, Debian 11+, CentOS Stream 9), macOS (13 Ventura+), and Windows (10/11, Server 2019+). ARM64 and AMD64 architectures. Consistent capabilities across all platforms.
Deploy in minutes, not days
Simple deployment model with automated agent enrollment and centrally managed updates across your entire fleet.
One-Command Agent Install
Deploy agents across your fleet with a single install command. Platform-detected scripts handle binary download, configuration, and service registration automatically.
Secure Enrollment
Token-based enrollment with automatic certificate provisioning. Agents establish mTLS-secured communication from the first connection — no manual certificate management required.
Managed Updates & Rollouts
Centrally managed agent updates with checksum verification. Push updates fleet-wide or target specific device groups with controlled rollout and version tracking.