Cybrium Agent
The Cybrium Agent is a lightweight binary that runs on your infrastructure, discovers and runs security sensors, and syncs findings to the Cybrium platform. No Docker required — a single binary handles everything.
| Language | Rust |
| License | Apache 2.0 |
| Binary size | ~3.5 MB |
| Source | github.com/cybrium-ai/cybrium-agent |
What it does
cybrium-agent activate --license "eyJ..."
cybrium-agent start
- Activates with a license key (issued by your platform admin)
- Discovers installed sensors (cysense, cyguard, cyprobe, cyweb, cyscan, cymail)
- Runs each sensor on a schedule
- Buffers findings locally in SQLite (survives network outages)
- Syncs to the platform every 60 seconds via HTTPS
- Heartbeats every 60 seconds (license validation + revocation check)
Architecture
Your Network
┌─────────────────────────────────────────┐
│ │
│ cysense ──┐ │
│ cyguard ──┤ │
│ cyprobe ──┼── cybrium-agent ──────────┼──► api.cybrium.ai
│ cyweb ──┤ (buffer + sync) │ (HTTPS only)
│ cyscan ──┤ │
│ cymail ──┘ │
│ │
│ SQLite buffer: ~/.cybrium-agent/ │
│ No inbound ports required │
└─────────────────────────────────────────┘
Key features
- Outbound only — no inbound ports opened on your network
- Offline resilient — findings buffered locally until network returns
- Hardware-bound license — agent binds to the machine on first activation
- Rolling authentication — agent token rotates on every sync
- Auto-discovery — detects which sensors are installed
- Cross-platform — Linux (x86_64, arm64), macOS (Apple Silicon, Intel)
Sensors it orchestrates
| Sensor | What it does | Runs as |
|---|---|---|
| cysense | Network traffic capture + protocol dissection | Continuous capture |
| cyguard | Endpoint process/port/software inventory | Every 5 minutes |
| cyprobe | OT/SCADA device discovery (ARP + OUI + NetBIOS) | Every 15 minutes |
| cyweb | Web vulnerability scanning | On demand |
| cyscan | Code security scanning (SAST) | On demand |
| cymail | Email security analysis | On demand |