EVOLVE INTO
THE FUTURE
AI-powered endpoint detection and response that watches every device, explains every alert in plain language, and never acts without your approval. One console. Full fleet. Zero terminal.
One connected workflow, not five disconnected tools.
Telemetry, trust, correlation, explainable alerts, and guided remediation — wired into a single chain instead of bolted together.
Three-tier autonomy
From advisory to guided to auto-approved playbooks — you decide how much SHERIFF handles on its own. Every escalation is one tier, never a leap.
Continuous ZTNA scoring
Each endpoint carries a live 0–100 trust score that drives network access automatically. Drop below a tier and access tightens; recover and it opens back up.
Watch before you enforce
Run detection silently against real traffic to measure false positives before a single rule blocks anything. Confidence first, enforcement second.
Five-layer hybrid stack
MITRE ATT&CK rules, Isolation-Forest anomaly ML, an AI analyst, YARA + entropy file scanning, and a noise gate — layered so a miss in one is caught by the next.
Your whole fleet, on one screen.
Trust scores, active threats, and endpoint health update in real time over WebSocket — no refresh, no digging. Below is an illustrative snapshot of the admin console.
Priced for a cyber café. Built for an enterprise.
Cyber Café
Shared machines, tight margins, full protection.
- ✓Up to 20 endpoints
- ✓5-layer detection
- ✓Trust-based network isolation
- ✓Plain-English alerts
SME
Growing teams that need a real SOC without the headcount.
- ✓Up to 200 endpoints
- ✓Everything in Cyber Café
- ✓Auto Mode playbooks
- ✓AI threat analyst + hunting
- ✓Compliance reporting
Enterprise
Fleet-scale deployments with your own controls.
- ✓Unlimited endpoints
- ✓Everything in SME
- ✓Dedicated onboarding
- ✓SLA + priority support
- ✓On-prem / air-gapped options
Install once. It protects forever.
The agent installs silently, starts on boot, and recovers on its own. No terminal after setup.
Windows
beta · 10 / 11The Windows agent is in validated beta. Grab the installer or join the beta list to get build notifications.
▲ release assets pending first public build — links resolve to the latest GitHub release once published.
Teams that stopped fighting their tools.
Sample reviews shown for preview. Filter by rating, or leave one to see how it lands.
The plain-English alerts are the difference. My non-technical staff actually understand why a device got restricted, and the revalidation flow means fewer tickets to me.
Priced so I can actually afford it per machine. Installed once on all 18 stations and never touched a terminal again. Trust scores flag the odd customer USB instantly.
The five-layer stack catches things our old AV missed, and Shadow Mode let me measure false positives before enforcing. Docked one star — I want more SIEM export options.
Human-in-command sold it to our board. Nothing auto-executes without an approval click, and every AI suggestion shows its reasoning. Compliance loved the audit trail.
Rolling this out to clients is genuinely one command on Linux. The ZTNA trust tiers just work — low-trust boxes drop to a visitor network automatically. Windows beta is promising.
One console for the whole fleet, live over WebSocket. I watch trust scores recover after a rebaseline in real time. The Auto Mode tiers let me dial risk exactly where I want it.
Leave a review
▲ preview only — posted reviews stay in your browser, nothing is sent.