Every machine. One dashboard.
Manage Quint daemons, policies, and agent activity across your entire fleet from a single control plane. Deploy in one command and integrate with your existing stack.
GET STARTEDCentralized Control Plane
Single view across every machine. See agent activity by machine, team, or environment. Roll out policy changes fleet-wide.
- One-line install: `curl -fsSL https://get.quintai.dev | sh`
- Single Go binary, ~15MB, zero dependencies, zero CGO
- Installs as launchd (macOS) or systemd (Linux). Auto-updates via GitHub releases
- Policy propagation without daemon restart
Multi-Tenant Architecture
Built multi-tenant from the ground up with complete data isolation between customers and teams. Every query and API call is scoped to the correct tenant.
- Row-level security + application-level isolation
- Integration-tested tenant isolation
Deployment Modes for Every Environment
Developer laptops (launchd on macOS, systemd on Linux), cloud VMs (EC2, GCE, Azure), Kubernetes clusters (DaemonSet + Helm chart), and CI/CD pipelines. Same policies, same enforcement everywhere.
- Stdio Relay, Gateway, and Watch modes
- One-line curl install with deploy token
- Kubernetes DaemonSet + Helm chart for cluster-wide rollout
- Single line in GitHub Actions or GitLab CI for pipeline coverage
Edge-First Architecture
ALL security-critical operations run locally on the machine — scoring, enforcement, and audit logging. Source code, credentials, and secrets never leave the device. The cloud handles fleet management and behavioral intelligence only.
- Sub-5ms scoring on typical developer hardware
- 100MB local buffer for full offline operation
- Zero cloud dependency for security-critical ops
- Structured event metadata only — no source code or secrets transmitted
QUINTAPI-First Architecture
Everything accessible via REST API. Score events, query history, manage policies, export audit bundles programmatically.
- RESTful API with ES256 JWT auth
- Webhook event delivery with configurable retry
- OCSF-formatted events for vendor-neutral compatibility
SIEM-Ready Event Format
All events emitted in OCSF format, ready to ingest into any SIEM. Export audit bundles on demand or stream via webhooks.
- OCSF v1.1 compliance
- Bulk export and real-time webhook delivery
Webhook Events
Subscribe to scoring events, policy violations, and audit completions. Route to any HTTP endpoint with HMAC-signed payloads.
- Configurable event filters by risk level
- Automatic retry with exponential backoff
Slack & PagerDuty Alerts
Alert routing to Slack and PagerDuty with threshold-based triggers. Configure alerts by risk level, framework, or agent type.
- Route high-risk events to PagerDuty, medium-risk to Slack
- Filter by compliance framework, agent identity, or action type
Microservice Architecture
Three independent microservices handle ingestion, session processing, and alert evaluation. The Ingest Service is stateless and horizontally scalable. The Session Processor maintains real-time session state. The Alert Processor evaluates rules and delivers webhooks.
- Ingest Service: stateless, horizontally scalable event ingestion
- Session Processor: real-time session state and behavioral analysis
- Alert Processor: rule evaluation and webhook delivery
SIEM Connectors
Native push to Splunk HEC, Microsoft Sentinel, and Google Chronicle.
GraphQL API
Flexible querying for dashboards, reporting, and custom tooling.
Identity Providers
Okta, Microsoft Entra ID, and CyberArk for agent identity mapping.
Secure your agents.
Ship with confidence.
One install. Every agent. Deploy in under 2 minutes. Free for your first two machines.