Cyguard — Endpoint Security Agent
Cyguard is a lightweight endpoint agent that inventories processes, open ports,
installed software, and running services. It detects suspicious processes,
identifies OT protocol listeners, and reports endpoint posture to the
Cybrium platform.
Capabilities
| Capability | Description |
|---|
| Process inventory | List all running processes with PID, user, CPU, memory |
| Port scanning | Detect open TCP/UDP listening ports |
| Software inventory | Enumerate installed packages and versions |
| Suspicious process detection | Flag known malicious process names, crypto miners, reverse shells |
| OT listener detection | Identify processes listening on Modbus (502), BACnet (47808), S7 (102) |
| Agent mode | Run as a persistent daemon reporting to the platform |
| Output formats | JSON, human-readable text |
When to use cyguard
- Endpoint hardening audits — find unnecessary services and open ports
- OT workstation assessment — verify no unauthorized OT protocol listeners
- Continuous monitoring — run as a persistent agent on critical hosts
- Incident response — quick snapshot of running processes and network connections