Get started in 5 minutes
Everything you need to deploy, configure, and start monitoring your network with Secured Networks and Wayne AI.
Quick Start
From zero to monitoring in under 30 minutes.
- Install Docker on any server with 8GB+ RAM (NVIDIA GPU recommended for Wayne AI)
- Run
docker compose -f docker-compose.onprem.yml up -d— spins up the full platform - Log into your dashboard at
http://your-server— default: admin / your-password - Go to Operations → Collectors and copy the one-line install command
- Paste on any machine on your local network (Windows or Linux)
- Ask Wayne: "scan 192.168.0.0/24 and add devices"
- Done. Devices appear on your dashboard. Monitoring starts immediately.
Deploy Collector
The Go collector is a single binary (~8 MB) with zero dependencies. It monitors everything on the local network and pushes data to your on-premises server every 30 seconds.
Windows (PowerShell as Admin):
.\secnet-collector.exe --url http://YOUR_SERVER:4000 --key YOUR_LICENSE_KEY --install
Linux:
chmod +x /tmp/secnet-collector
sudo /tmp/secnet-collector --url http://YOUR_SERVER:4000 --key YOUR_LICENSE_KEY --install
What it listens on:
| Service | Port | Protocol | Purpose |
|---|---|---|---|
| Syslog | 514 | UDP | Log collection from network devices |
| SNMP Traps | 162 | UDP | Trap notifications from devices |
| NetFlow | 2055 | UDP | Traffic flow data (v5/v9/IPFIX) |
| sFlow | 6343 | UDP | Sampled flow data from switches |
| Agent Relay | 4002 | TCP | Windows agents push data here |
Manage the collector:
| Action | Windows | Linux |
|---|---|---|
| Check status | schtasks /query /tn SecNetCollector | systemctl status secnet-collector |
| Stop | schtasks /end /tn SecNetCollector | sudo systemctl stop secnet-collector |
| Start | schtasks /run /tn SecNetCollector | sudo systemctl start secnet-collector |
| Uninstall | secnet-collector.exe --uninstall | sudo secnet-collector --uninstall |
Discover Devices
Two ways to discover devices on your network:
Option A: Ask Wayne
scan 192.168.0.0/24 and add devices
Option B: Discovery page
- Go to Operations → Discovery
- Enter your subnet (e.g.,
192.168.0.0/24) - Enter SNMP community (default:
public) - Click Scan
- Results appear in 30-60 seconds — click Import All or add individually
What the scan detects:
| Method | What it finds |
|---|---|
| ICMP Ping | Every alive host on the subnet |
| SNMP sysDescr | Vendor, model, OS version |
| SNMP sysName | Device hostname |
| Vendor detection | Cisco, Juniper, Fortinet, Palo Alto, Windows, Linux, Ubiquiti, Synology |
Windows Agent
Optional lightweight agent for Windows workstations and servers. Pushes data to the collector (not the internet). Supports remote commands, patch management, and database monitoring.
Install (PowerShell as Admin):
.\secnet-agent.exe --collector http://COLLECTOR_IP:4002 --key YOUR_LICENSE_KEY --install
GPO mass deployment:
- Copy
secnet-agent.exeto a network share (e.g.,\\FileServer\Software\) - Create
deploy-agent.bat— see the full script on Operations → Win Agent - GPO: Computer Config → Policies → Windows Settings → Scripts → Startup → point to the .bat
- Agents install on next reboot — check with
sc query SecNetAgent
What it collects: CPU, memory, disk, network, Windows Event Logs (Security, System, Application), running processes, Windows Update status (pending/critical), and accepts remote commands from Wayne including patch deployment and database health checks.
COLLECTOR_IP with the IP of the machine running your collector. The agent talks to the collector on port 4002 — all traffic stays on your network.Using Wayne AI
Wayne is your AI analyst. Type in the chat on any page. Some things to try:
| Ask Wayne | What happens |
|---|---|
scan 10.1.1.0/24 add devices | Runs discovery through your collector, imports devices |
why is the core switch slow? | Checks SNMP, interfaces, errors — gives root cause |
show me failed logins | Queries SIEM for Event ID 4625 and summarizes |
check windows updates | Queries all agents — shows pending updates per device |
patch MSI | Dispatches install_updates to the agent on MSI |
create RFC to patch servers | Scans KBs, builds change request, schedules to maintenance window |
install updates on all | Dispatches updates to every device with pending patches |
check database health | Auto-detects SQL Server, MySQL, PostgreSQL, Redis, MongoDB |
what changed on the firewall? | Compares config backups, shows the diff |
block 10.1.50.23 | Blocks the IP via agent firewall rule and logs the action |
Alerts & Tickets
Alerts are auto-created when thresholds are breached or SIEM detects a threat. Tickets track resolution.
| Severity | Example | Action |
|---|---|---|
| Critical | Device unreachable, ransomware detected | Immediate notification + auto-ticket |
| High | Interface errors >1000/hr, brute force attack | Notification + Wayne investigates |
| Medium | CPU >90% for 10 min, cert expiring in 14 days | Dashboard + email |
| Low | New device on network, config changed | Logged for review |
Notifications: Email, webhooks (Slack, Teams, PagerDuty), push notifications on mobile. Configure at Operations → Alerts.
Users & Roles
Roles:
| Role | Can do |
|---|---|
| Admin | Everything. Manage all users, licenses, settings, and system configuration. |
| Operator | Manage devices, alerts, tickets, users. Run Wayne commands. Deploy patches. |
| Analyst | View devices, alerts, SIEM. Investigate incidents. Read-only for most settings. |
| Viewer | Dashboard and reports only. No changes. |
User management: Create and manage users at Admin → Users. Supports local accounts and LDAP/Active Directory authentication (Enterprise license).
API & Webhooks
Base URL: http://YOUR_SERVER:4000/api/v1 (or http://YOUR_SERVER/api/v1 if behind NGINX)
Authentication: Authorization: Bearer YOUR_JWT_TOKEN or X-API-Key: snk_your_key
Common endpoints:
| Method | Endpoint | Description |
|---|---|---|
GET | /devices | List all monitored devices |
GET | /alerts | List active alerts |
GET | /tickets | List tickets |
POST | /discovery/scan | Trigger a network scan |
GET | /collectors | List registered collectors |
GET | /auth/me | Current user info + API key |
GET | /health | Server health check |
Example:
Webhooks: Configure outbound webhooks at Admin → Settings → Webhooks. Send alert events to Slack, Teams, PagerDuty, or any HTTP endpoint.
Troubleshooting
| Problem | Fix |
|---|---|
| Collector won't start | Run in foreground to see errors: secnet-collector.exe --url ... --key ... |
| Collector registered but no data | Check device list: the collector polls devices from the server. Add devices first via discovery or manually. |
| Discovery finds 0 hosts | Make sure the collector is on the same network. Check that the collector shows as "online" on the Collectors page. |
| Agent can't connect | Verify collector IP and port 4002. Agent connects to collector, not the server. Test: curl http://COLLECTOR_IP:4002/health |
| No SNMP data | Verify SNMP community string. Test: snmpwalk -v2c -c public DEVICE_IP 1.3.6.1.2.1.1.1.0 |
| Can't log in | Default admin account: admin. Reset password via Docker: docker exec secnet-app node -e "...". Check if account is enabled in Admin → Users. |
| 502 Bad Gateway | Server is starting up (~90 seconds). Wait and try again. Check: docker logs secnet-app --tail 10 |
| Wayne says "no collectors" | Your collector must have heartbeated within 10 minutes. Check Collectors page. Restart the collector if needed. |
Server logs:
docker logs secnet-app -f --tail 50
# Search for errors
docker logs secnet-app --since 10m 2>&1 | grep -i error
# Check database
docker logs secnet-db --tail 20
# Check all containers
docker compose -f docker-compose.onprem.yml ps -a
Need more help? Email support@securednetworks.ca — you're talking to the engineer who built it.
Get a License