1-SEC

Self-Hosted 1SEC

Single binary · No external DB · Your infra

Overview

1SEC is designed to run on your infrastructure with minimal moving parts. The default deployment is a single binary + embedded NATS JetStream.

You control data locality, retention, and network boundaries. If you need long retention, pair JetStream with the cold archive.

Why Self-Hosted

  • No external database required for core operation.
  • Zero phone-home by default.
  • Auditable detection and response logic.
  • Works in restricted environments where agents are not allowed.

Architecture

Telemetry is normalized into canonical events, published to JetStream, evaluated by modules, correlated into threats, and optionally enforced.

See: JetStream,Event Routing,Threat Correlation.

Deployment

Install & run
curl -fsSL https://1-sec.dev/get | sh
1sec up
Docker
docker compose -f deploy/docker/docker-compose.yml up -d

Hardening

Production hardening guidance is in SECURITY.md.