Security First

Security & Network Trust

We design our monitoring infrastructure with transparency and isolation at its core. Learn how we protect your endpoints and servers.

Server Agent Permission Model

Monitor Hub utilizes native, lightweight system scripts (Python on Linux, PowerShell on Windows) to aggregate CPU, RAM, and disk vitals. We chose native scripts over heavy proprietary binaries to give you complete visibility into the code running on your server.

Read-Only Metrics: The script only queries system API nodes for resource utilization. It has no capability to run remote shell commands or modify system configurations.

Outbound Communications Only: The agent initiates a secure outbound POST request to our `/ingest` HTTP route. You do not need to open any inbound ports or adjust firewall rules.

Audit-Ready: Both scripts are fully open-source and human-readable, letting your security team inspect every line before executing.

SSRF & Loopback Protections

Synthetic HTTP probing engines can be manipulated to scan internal networks if not protected. Monitor Hub implements active DNS resolution validation for every configured target.

Before a probe executes, our resolver maps the target hostname to its IP address and validates it against a strict loopback and private network blocklist (RFC 1918, including `127.0.0.0/8`, `10.0.0.0/8`, `192.168.0.0/16`, etc.). If a target points to a private subnet, the monitor is rejected, preventing internal port scanning.

Global Edge Probe Nodes

Our synthetic check engine pings websites and API endpoints from regional nodes located across major global internet hubs to verify regional uptime.

Geographic Region	Infrastructure Provider	Status
US East (N. Virginia)	AWS Edge	ONLINE
Europe (Frankfurt)	AWS Edge	ONLINE
Asia Pacific (Tokyo)	AWS Edge	ONLINE
South America (São Paulo)	AWS Edge	ONLINE

*Note: For security-conscious teams who restrict incoming traffic, please contact support at [email protected] to receive our complete firewall whitelisting IP list.