Getting Started with SecureExec

SecureExec is a lightweight endpoint security platform that collects real-time telemetry from your Linux and Windows hosts. This guide walks through deploying a full stack — ingestion server, webapp, and your first agent — using Docker Compose.

Prerequisites

• Docker and Docker Compose installed
• A Linux host to run the agent on (Windows support coming soon as primary test target)
• An Elasticsearch instance (included in the Compose stack)

Deploying with Docker Compose

Clone the repository and copy the example environment file:

git clone https://github.com/yourorg/secureexec
cd secureexec/deploy
cp .env.example .env

Edit .env to set your passwords and URLs, then start the stack:

docker compose up -d

This starts:

• secureexec-server — the gRPC ingestion server on port 50051
• webapp-backend — the REST API on port 8080
• webapp-frontend — the Next.js UI on port 3000
• elasticsearch — event storage

Creating Your First Agent Token

Open the webapp at http://localhost:3000, sign up, and navigate to Console → Agents. Create a new agent token — you'll need it to authenticate your agent.

Installing the Agent

Download the agent binary for your platform from the releases page. Create a config file:

backend_url = "https://your-server:50051"
auth_token = "your-agent-token"

Then run the agent:

./secureexec-agent --config agent.toml

Within seconds you'll see events appearing in Console → Events.

What Gets Collected

From the moment the agent starts, it streams:

• Process events — every process create, fork, and exit with full lineage
• File events — create, modify, delete, and rename with the originating process
• Network events — TCP/UDP connections and listen binds
• DNS queries — every resolution request and response
• User logons — with type and source address

Next Steps

Once events are flowing, explore the Events console to filter by hostname, event type, or process name. Check the blog for guides on writing detection rules and responding to alerts.