ADS Endpoint Agent
Enterprise endpoint security daemon
Cross-platform endpoint security agent providing patch compliance monitoring, threat intelligence integration, baseline security scanning, and network controls. Powered by DarkAPI threat feeds and DNS Science.
Download
Or install via package manager: brew install afterdark/tools/ads-endpoint-agent
Features
Patch Compliance
Automated patch monitoring with urgency-based SLAs. Tracks critical (24h), high (48h), medium (72h), and standard (7d) patches.
Threat Intelligence
Real-time integration with DarkAPI threat feeds. Detects connections to known-bad IPs and domains.
Baseline Scanner
Comprehensive application inventory and vulnerability assessment with 24-hour scan intervals.
Network Monitor
DNS enforcement via DNSScience cache servers. Optional ICMP and fragmentation blocking.
Plugin Architecture
Extensible via gRPC plugins. Includes ClamAV antivirus, Linux rootkit scanner, and firewall modules.
Central Management
Configure via config.darkapi.io. Fleet-wide deployment, policy management, and real-time metrics.
Quick Start
1. Install
# macOS
brew install afterdark/tools/ads-endpoint-agent
# Linux (Debian/Ubuntu)
curl -fsSL https://releases.darkapi.io/install.sh | sudo bash
# Windows (PowerShell as Admin)
iwr -useb https://releases.darkapi.io/install.ps1 | iex2. Configure
# Register with DarkAPI
darkd-config register --api-key YOUR_DARKAPI_KEY
# Or pull config from config.darkapi.io
darkd-config pull --agent-id YOUR_AGENT_ID
# View configuration
darkd-config show3. Start
# Start the daemon (runs as system service)
sudo systemctl start afterdark-darkd # Linux
sudo launchctl load /Library/LaunchDaemons/io.darkapi.darkd.plist # macOS
# Check status
darkapi status
# View logs
darkapi logs --followArchitecture
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā ADS Endpoint Agent ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Services ā
ā āāā Patch Monitor (hourly scans, SLA enforcement) ā
ā āāā Threat Intel (6h sync with DarkAPI feeds) ā
ā āāā Baseline Scanner (24h app inventory + vuln scan) ā
ā āāā Network Monitor (DNS via DNSScience, ICMP control) ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Plugins (gRPC) ā
ā āāā ClamAV (antivirus scanning) ā
ā āāā Rootkit Scanner (Linux malware detection) ā
ā āāā Firewall (platform-specific rules) ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Platform Layer (macOS / Windows / Linux) ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā ā ā ā
DarkAPI.io DNSScience FilesHashes config.darkapi.io
(threat intel) (DNS cache) (hash lookup) (central config)Configuration
Configuration is stored in /etc/afterdark/darkd.yaml (Linux/macOS) or %PROGRAMDATA%\AfterDark\darkd.yaml (Windows).
# darkd.yaml
daemon:
log_level: info
data_dir: /var/lib/afterdark
api:
darkapi:
url: https://api.darkapi.io
key: ${DARKAPI_API_KEY}
dnsscience:
url: https://api.dnsscience.io
cache_servers:
- 104.21.67.123
- 172.67.188.212
services:
patch_monitor:
enabled: true
scan_interval: 1h
urgency_timeouts:
critical: 24h
high: 48h
medium: 72h
standard: 168h
threat_intel:
enabled: true
sync_interval: 6h
cache_ttl: 24h
baseline_scanner:
enabled: true
scan_interval: 24h
network_monitor:
enabled: true
block_icmp: true
block_fragmentation: trueReady to Deploy?
Get started with the ADS Endpoint Agent. Centrally manage your fleet via console.darkapi.io and receive real-time threat alerts.