Getting Started
Architecture & concepts
A PaladinX deployment has four core components working together.
| Component | Role |
|---|---|
| Agent | Runs on each monitored machine. Collects logs, file-integrity events, processes, vulnerabilities and configuration data, then forwards them securely to the manager. |
| Manager | The brain. Receives agent data, evaluates it against detection rules, generates alerts, and manages agent enrollment. |
| Indexer | Stores and indexes all alerts and events so they can be searched and visualised quickly. |
| Dashboard | The web interface at watchtower.paladinx.net where you investigate alerts and manage the platform. |
How data flows
Agent → (encrypted, port 1514) → Manager → analysis → Indexer → Dashboard.
Ports used
| Port | Purpose |
|---|---|
| 1514/TCP | Agent ⇄ manager event channel (encrypted) |
| 1515/TCP | Agent enrollment / registration |
| 443/TCP | Dashboard (web UI) |
Alerts are stored in the
paladinx-alerts-* index and shown across the dashboard modules.