About - CustosEye

About CustosEye

CustosEye is a local-first system monitoring tool that watches your processes, network connections, and file integrity. Everything runs on your machine, no cloud, no telemetry, no external connections. It uses a trust scoring engine (CSC v2) to evaluate processes and presents everything through a web dashboard that you access locally.

What It Monitors

CustosEye continuously monitors three core areas:

Process monitoring: Tracks all running processes, their parent relationships, memory usage, command lines, and network connections. Each process gets evaluated by a trust scoring engine that looks at where it came from, whether it's signed, what it's doing, and how often you've seen it before.
Network monitoring: Scans active network connections to see what's listening on ports and what outbound connections processes are making.
File integrity monitoring: Watches specific files you care about and alerts you when they change. Supports two modes: SHA-256 hashing for exact change detection, or mtime+size for lighter monitoring. Can show you what changed with a diff viewer that works on any text files including Office documents, JSONs and PDFs.

The Problem

Most security tools either require cloud subscriptions, leak telemetry to unknown servers, or are too complex for everyday use. You shouldn't need to trust a third party just to understand what's running on your own machine.

The Solution

CustosEye runs entirely on your machine. No cloud, no telemetry, no mystery. It uses a local trust scoring engine (CSC v2) to evaluate process behavior based on code signing, path context, network behavior, and local prevalence. It monitors file changes via hash checks or metadata tracking, and gives you a web dashboard with authentication (login with optional 2FA) to see everything at a glance. All data flows into real-time event feeds, process trees, and export capabilities, all accessible locally.

Why It Exists

Most existing tools are either too heavy, too intrusive, or too opaque. CustosEye is designed to be portable, private, and transparent, just download and run. Your data stays on your machine in the data/ directory, and you control what gets monitored. The dashboard serves only on 127.0.0.1 (localhost), ensuring no external network exposure.