Documentation
InnerWarden Docs
Everything to install, operate, and extend InnerWarden. The source is available to licensed customers to audit; the signed binaries install in one command.
Install
curl -fsSL https://innerwarden.com/install | sudo bashStart here
Operate
- Everyday OperationsDay-to-day operator tasks for InnerWarden: check status, tame noisy detection, and manage the sensor, agent, and supervisor services.
- Responding to IncidentsHow to read an InnerWarden incident, the response actions available, how automatic containment works, and the guardrails you can trust.
- Configuration ReferenceThe full TOML and environment-variable reference for the InnerWarden sensor and agent, organised by area, with safe defaults explained.
- CLI ReferenceEvery innerwarden CLI command, its flags, and a real example: query state, respond, configure, run modules, and guard AI agents.
- Dashboard and NotificationsReach InnerWarden's local dashboard and set up notification channels (Telegram, Slack, Discord, webhook, web push) with plain-language explained alerts.
Guard AI agents
- AI Agent GuardrailHow InnerWarden guards an AI agent with three layers: advisory MCP checks, an inspecting proxy, and host eBPF the agent cannot talk its way past.
- Connect Your Agent to InnerWardenWire an AI agent to InnerWarden via an MCP server, the loopback check-command HTTP contract, or agent connect and proxy enforcement.
- Safe Observe and AllowlistThe never-blind workflow for tuning InnerWarden to a host: stay in observe, learn a baseline, verify each candidate, then arm enforcement gradually.
How it works
- What InnerWarden DetectsThe attack families InnerWarden catches, from brute force to firmware rootkits, and the exact collectors, detectors, and eBPF programs behind each.
- Data Formats: Events, Incidents, and DecisionsThe exact JSONL line shapes, SQLite schema, and CEF/syslog export for InnerWarden events, incidents, and decisions, with field-by-field tables.
Extend
- Write an InnerWarden ModuleBuild your first InnerWarden module (collector, detector, or skill) in about ten minutes: manifest, detector code, a test, a README, validate, and enable.
- Module ReferenceThe full InnerWarden module manifest schema, every module type, the skill safety rules, the AI-authoring checklist, and how to submit to the registry.
- Integration RecipesWrap an external security tool (Falco, Suricata, Wazuh, osquery) as an InnerWarden collector using a TOML recipe, with a full worked example.
Trust and compliance
- Trust and Safety InvariantsInnerWarden's autonomous-action safety contract: what it is allowed to do on its own, what it will never do, and the test that proves each promise.
- ISO 27001 Control MappingHow InnerWarden supports 13 ISO/IEC 27001:2022 Annex A controls, with a live compliance dashboard and a tamper-evident, hash-chained audit trail.
- Privacy and GDPRWhat personal data InnerWarden processes, how long it keeps it, and the CLI commands for honouring GDPR data-subject requests, all on your host.
- Customer Security PackSecurity posture overview for procurement reviewers: what InnerWarden is, how it is built, what it guarantees at runtime, and how to verify it.
- Vulnerability Disclosure PolicyHow to report a security vulnerability in InnerWarden, what is in and out of scope, our response-time targets, and the safe-harbour terms.