The agent that runs as root on your server is fully open source. Every detection pattern, every firewall rule, every malware signature — auditable on GitHub under the MIT license.
You are installing software that runs as root on your server. It reads your authentication logs, modifies your firewall, scans every file on disk, and communicates with an external API. That is an extraordinary level of trust.
With proprietary security agents like BitNinja or Imunify360, you cannot see what the binary does. You cannot verify it does not exfiltrate data, phone home to third parties, or open backdoors. You trust the vendor blindly. With Defensia, every line of detection logic is public. Security researchers, your team, or anyone can audit the code before deploying it. That is how security software should work.
We believe in transparency. Here is the exact boundary between open source and commercial components.
Free tier: 1 server. Pro: €9/server/month.
This is the same model used by GitLab (Community Edition vs Enterprise), Grafana (OSS vs Cloud), and Elastic (Basic vs Cloud). The critical security logic that runs on your infrastructure is open. The management layer is a hosted service.
A single statically compiled binary. No runtime dependencies. No Python, no Java, no Node.js on the target server.
Source code: github.com/defensia/agent. Supports linux/amd64 (standard VPS) and linux/arm64 (AWS Graviton, Raspberry Pi, Oracle Ampere).
Full transparency. Here is exactly what the agent reads, writes, and connects to. No hidden behavior.
Clone the repository, build with Go, run on any Linux server. No proprietary toolchain required.
# Clone the repository
git clone https://github.com/defensia/agent.git
cd agent
# Build for your architecture (amd64)
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o defensia-agent ./cmd/defensia-agent
# Or build for ARM64 (Graviton, Raspberry Pi)
CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o defensia-agent ./cmd/defensia-agent
# Cross-compile with Docker (from macOS/Windows)
docker run --rm -v "$(pwd):/app" -w /app golang:1.26-alpine \
sh -c "CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o build/defensia-agent ./cmd/defensia-agent"
The build produces a single binary with no external dependencies. Copy it to your server, register with your Defensia account token, and it starts protecting immediately. Or use the one-line installer: curl -fsSL https://defensia.cloud/install.sh | sudo bash
The agent is an active open source project. Contributions are welcome.
Open an issue on GitHub with steps to reproduce. Include agent version and OS details.
Fork the repo, create a branch, submit a PR. New detection patterns, performance improvements, and bug fixes are all welcome.
The MIT license means you can fork, modify, and distribute the agent — even for commercial use. No restrictions.
How does Defensia compare to other server security tools on openness, licensing, and architecture?
| Tool | License | Agent open? | Dashboard | Self-hosted? | Language |
|---|---|---|---|---|---|
| Defensia | MIT | Yes (full) | SaaS (free tier) | No | Go |
| CrowdSec | MIT | Yes | SaaS | Partial | Go |
| fail2ban | GPL v2 | Yes | None | Yes | Python |
| Wazuh | GPL v2 | Yes | Self-hosted | Yes (heavy) | C / Python |
| Wordfence | GPL v2 | WP plugin | WP admin | Yes | PHP |
| BitNinja | Proprietary | No | SaaS | No | Unknown |
| Imunify360 | Proprietary | No | cPanel plugin | No | Python / C |
Defensia is the only tool that combines an MIT-licensed agent with a full web dashboard, covering SSH, WAF, malware scanning, CVE detection, and bot management in a single binary. fail2ban covers SSH only. CrowdSec requires paid blocklists for full protection. Wazuh requires a multi-node Elasticsearch cluster. BitNinja and Imunify360 are entirely proprietary.
Yes. The agent is MIT licensed and all detection logic is in the public GitHub repository at github.com/defensia/agent. This includes SSH detection patterns, WAF rules, malware scanner, CVE matching, firewall management, and every other feature that runs on your server.
The agent requires the dashboard API for configuration and event storage. It connects to defensia.cloud to register, receive configuration updates, and report security events. A self-hosted dashboard is not available yet.
Yes. The MIT license allows modification, redistribution, and commercial use with no restrictions. You can add custom detection patterns, modify scoring thresholds, or fork the entire project for your own use.
No. The dashboard is a commercial SaaS built with Laravel and Vue. Free tier includes 1 server with SSH protection and the full dashboard. Pro costs €9/server/month and adds WAF, malware scanning, CVE intelligence, geoblocking, bot management, and alerts.
Contact security@defensia.cloud or open a private GitHub security advisory on the agent repository. We follow responsible disclosure practices and will credit researchers who report valid vulnerabilities.
Security events (attack type, source IP, timestamp, matched pattern), server metrics (CPU, RAM, disk usage), and agent version information. The agent never sends raw log contents, file data, or any information unrelated to security monitoring.
Full overview of automated protection.
Full comparison: fail2ban vs Defensia.
MIT agent vs MIT agent — what's different.
Lightweight alternative to Wazuh's SIEM stack.
Open source vs proprietary comparison.
OWASP attack detection from server logs.
One command. Under 30 seconds. Free for one server. Audit the code first if you want.
No credit card required.