nexus-fleet 1.0.9

Nexus Fleet — agent/manager/cli/dashboard keamanan endpoint (ala-Wazuh, ringan, stdlib-only)

Nexus Fleet

Lightweight, developer-first security platform for endpoints, servers, and web apps. Agent · Manager · CLI · Dashboard — a Wazuh-style architecture you can pip install.

---

Overview

Nexus Fleet lets a central Manager monitor many endpoints through a lightweight Agent, generating prioritized, MITRE ATT&CK–mapped alerts — while your security data stays inside your own network (offline-first). It pairs the proven Wazuh model (FIM, log monitoring, SCA, vulnerability detection, active response) with developer-first detections for modern web stacks (Laravel, Next.js, Nginx) that traditional SIEMs miss.

The agent is pure-Python (stdlib only) — deploy it on any host with Python 3.8+, no heavy runtime.

Why Nexus Fleet

• Offline-first — telemetry never leaves your LAN; ideal for compliance and on-prem.
• Developer-aware — detects Laravel APP_DEBUG, exposed .env, weak DB creds, leaked NEXT_PUBLIC_* secrets, source-map exposure, and parses Laravel/Nginx/auth logs.
• Lightweight & simple — single-command install; no cluster, indexer, or agent runtime to manage.
• Actionable — every alert carries a severity level (0–15), MITRE technique, and a remediation step.
• Founder-friendly — a 0–100 security posture score for network, server, and website.

Features

Domain	Capabilities
Network	Port/exposure detection, host discovery, DNS recon, firewall advisor
Server / Endpoint	File Integrity Monitoring (FIM), Security Configuration Assessment (SCA), software & process & network inventory, failed-login & disk monitoring
Web / App	Laravel & Next.js config audit, .env exposure, secret leakage, source-map checks
Detection	Rule engine (level 0–15 + MITRE ATT&CK), Sigma import, log decoders, Vulnerability Detection (inventory ↔ CVE)
Response	Alert engine with deduplication, ack/resolve, Active Response (block IP, dry-run by default), audit log
Operations	Multi-agent management, central policy, store-and-forward offline buffering, consistent reports, posture score

Architecture

        ┌──────────────────────┐         ┌──────────────────────┐
        │   nexus-dashboard    │         │      nexus-cli       │
        │  (web monitoring UI) │         │  (admin & SOC menu)  │
        └──────────┬───────────┘         └──────────┬───────────┘
                   │  REST API (admin token)         │
                   ▼                                 ▼
        ┌─────────────────────────────────────────────────────────┐
        │                     nexus-manager                        │
        │  enrollment · rule & alert engine · vuln detection ·     │
        │  policy · licensing · audit · reports   →  SQLite        │
        └──────────────────────────┬──────────────────────────────┘
                 HTTP + HMAC-SHA256 │  (heartbeat · events · policy)
        ┌──────────────────────────┴──────────────────────────────┐
        │                      nexus-agent                         │
        │  FIM · Log Monitoring · SCA · Syscollector · Web Audit · │
        │  Active Response · offline store-and-forward queue       │
        └──────────────────────────────────────────────────────────┘

Installation

With pip (recommended):

pip install nexus-fleet

With npm (Node wrapper around the Python engine):

npm install -g nexus-fleet

Both install five commands: nexus-manager, nexus-agent, nexus-cli, nexus-dashboard, nexus-license. Requires Python 3.8+ on the host.

Quick Start

# 1. Central server (also serves the dashboard at http://<host>:8765/)
nexus-manager run --host 0.0.0.0 --port 8765
nexus-manager info                       # prints enrollment key + admin token

# 2. On each endpoint
nexus-agent enroll --host <manager> --port 8765 --key <ENROLL_KEY> --labels prod,web
nexus-agent start                        # runs as a daemon (see deploy/ for service files)

# 3. Administration
nexus-cli                                # interactive SOC console (network & web menus)
nexus-cli --token <ADMIN_TOKEN> alerts   # list alerts (rule engine + MITRE)
nexus-cli --token <ADMIN_TOKEN> report   # consistent report (schema nexus.report/v1)

Run as a boot-time service using the units in deploy/ (systemd / Windows Task Scheduler).

Editions

	Free	Pro	Enterprise
Agents	2	seat-based	Unlimited
Detection rules	Core	Full (FIM, web audit, SCA, vuln)	Full
Sigma import · Active Response	—	✓	✓
Web/app audit · Reports · Posture score	Limited	✓	✓

Licensing is enforced by Ed25519-signed tokens (nexus-license). Without a license, the Manager runs in Free mode. Contact the vendor for Pro/Enterprise licensing.

Security Model

• Transport: HMAC-SHA256 per-agent message signing; enrollment key + admin token.
• Privacy: offline-first — scan/telemetry data is stored locally; nothing is sent to the internet.
• Authorized use only: for ethical, authorized security testing on systems you own or are permitted to assess.

Documentation

• Product brief & pricing — docs/PRODUCT-BRIEF.md
• IP & licensing — docs/IP-PROTECTION.md
• Validation: python tests/test_fleet.py, pwsh validate.ps1, pwsh validate_agent.ps1

License

© 2026 chandafa (Nexus Security). Proprietary — see LICENSE. Not open source; redistribution and resale are prohibited without written permission.