Total Endpoints
—
Loading...
🖥️
Open Threats
—
Loading...
⚠️
Clients Protected
—
Active tenants
🏢
Offline Agents
—
Need attention
📵
Alert Trend (7 Days)
Severity Breakdown
Live Endpoints
0 online| Host | Status | CPU | RAM | Last Seen |
|---|
Recent Threats
| Severity | Title | Time |
|---|
Client Management
🏢 New Client
⚠ Client name cannot be changed after creation.
Client
Devices
Recent Alerts
| Severity | Title | Device | Time |
|---|
Device
offline
Summary
Security
Processes
Software
Network
Patches
Device Logs
Security Scans
Recent Events
| Level | Category | Message | Time |
|---|
Loading...
Loading...
Loading...
Loading...
Loading...
Managed Endpoints
| Hostname | OS | IP | Client | CPU | RAM | Disk | Risk Score | Status | Last Seen | Actions |
|---|---|---|---|---|---|---|---|---|---|---|
🔑 Agent Registration Token
Paste into agent config.ini. Keep this secret.
Loading...
Live Telemetry
CPU %
RAM %
Disk %
Processes
Process Manager
| Process | PID | CPU % | RAM MB | User | Action |
|---|---|---|---|---|---|
| Select a device | |||||
Software Inventory
| Application | Version | Publisher | Installed |
|---|---|---|---|
| Select a device | |||
Threat Intelligence
| Severity | MITRE | Category | Title | Device | Status | Created | Actions |
|---|---|---|---|---|---|---|---|
➕ Create Alert
Compliance & Security Posture
CIS Controls
Agent Coverage
Vulnerability Summary
Network Connections
| Process | Local Address | Remote IP | Port | Status |
|---|---|---|---|---|
| Select a device | ||||
Missing Windows Updates
| Update Title | Severity | Status |
|---|---|---|
| Select a device | ||
Screen Access
Screen Feed
Inactive▶ Start session to view screen
Quick Actions
Session Info
No active session
Remote Shell
Command Console
⚠ All commands are logged
Phantom AI Remote Shell — select a device and type a command
$
Command History
| Command | Status | Time | Output |
|---|
Policies & Automation
📋 New Policy
Software Deployment
Custom Deployment
Quick Deploy Packages
Microsoft Teams
Collaboration & meetings
Zoom
Video conferencing
Google Chrome
Latest stable browser
7-Zip
File archiver
Adobe Reader
PDF viewer
VLC Media Player
Media player
Staff Management
Role Hierarchy:
Super Admin
→
Admin
→
MSP Admin
→
Client Admin
→
Technician
→
Viewer
Only Super Admin & Admin can create users
| User | Role | Auth Method | Last Login | Status | Actions | |
|---|---|---|---|---|---|---|
👤 Add Staff Member
⚠ Microsoft SSO users will use their Microsoft account — password is not required for them.
✏️ Edit Staff Member
📋 Activity Log —
| Time | Action | Resource | Detail |
|---|
🚫 Suspend Account
The user will be immediately logged out and cannot sign in until reactivated.
☁ Azure AD / Microsoft SSO Setup
Setup Instructions:
1. Go to portal.azure.com → Azure Active Directory → App Registrations
2. Click + New Registration → Name: "Phantom AI"
3. Redirect URI:
4. Click Register → copy the Application (client) ID
5. Go to Certificates & Secrets → New client secret → copy value
6. Add to Railway Variables:
2. Click + New Registration → Name: "Phantom AI"
3. Redirect URI:
Loading...4. Click Register → copy the Application (client) ID
5. Go to Certificates & Secrets → New client secret → copy value
6. Add to Railway Variables:
AZURE_CLIENT_ID = {your app id}
AZURE_CLIENT_SECRET = {your secret}
AZURE_TENANT_ID = {your tenant id}
AZURE_REDIRECT_URI = {the redirect URI above}
Activity Log
| Time | User | Action | Resource | Detail | IP |
|---|---|---|---|---|---|
DevCore AI — Self-Patching Engine
🤖 Powered by Claude AI · Patches apply instantly · Auto-backup before every change
⚡ Apply Patch
🚀 Quick Commands
📋 Patch History
Loading...
Firewall Management
Filter Rules
Quick Block
| Rule Name | Direction | Action | Protocol | Remote IP | Port | Scope | Status | Actions |
|---|---|---|---|---|---|---|---|---|
🔒 New Firewall Rule
DNS Filtering
📊 DNS Stats
🔍 Recent Queries
| Domain | Blocked | Count | Last Seen |
|---|---|---|---|
| Select a device | |||
Blocked Domains
| Domain | Category | Source | Client | Added | Actions |
|---|---|---|---|---|---|
🚫 Block Domain
⬇ Import Public Threat Feed
Import thousands of known malicious domains from public threat intelligence feeds.
⚠ This may import up to 5,000 domains. Import may take 30-60 seconds.
Bandwidth Monitor
Top Processes by Data Received
Top Processes by Data Sent
| Process | Data Received | Data Sent | Last Active |
|---|---|---|---|
| Select a device to view bandwidth usage | |||
Scheduled Policies
ℹ How Scheduling Works
📋
Create a Policy
Go to Policies and create a restart, script, or scan policy
🕐
Schedule It
Set daily, weekly or hourly schedule for automatic execution
✅
Auto Runs
Server fires the policy automatically on all matched devices
| Policy | Type | Schedule | Next Run | Last Run | Status | Actions |
|---|---|---|---|---|---|---|
🕐 Schedule a Policy
Threat IP Watchlist
How It Works
Any IP address added here will be monitored across all devices. When an agent detects an active connection to a listed IP, it immediately raises a Critical alert and logs the event. The agent checks connections during every security scan (every 5 minutes).
| IP Address | Description | Severity | Added By | Date Added | Actions |
|---|---|---|---|---|---|
🚨 Add Threat IP
Security Reports
📄 Generate PDF Report
Report includes:
✅ Device status summary (online/offline)
✅ All open threats with severity
✅ Missing Windows updates
✅ Network threats detected
✅ Resolved alerts this week
✅ Executive summary stats
✅ All open threats with severity
✅ Missing Windows updates
✅ Network threats detected
✅ Resolved alerts this week
✅ Executive summary stats
📧 Email Report
📋 Email Setup (Railway Variables)
SMTP_HOST = smtp.gmail.com
SMTP_PORT = 587
SMTP_USER = your@gmail.com
SMTP_PASS = your-app-password
SMTP_FROM = reports@phantomsecurity.online
SMTP_PORT = 587
SMTP_USER = your@gmail.com
SMTP_PASS = your-app-password
SMTP_FROM = reports@phantomsecurity.online
📅 Scheduled Reports
Coming soon — schedule weekly auto-reports
Agent Download
🔗 Client Install Link
Send this to your client — they click, download, run. Done.Select a client above to generate their install link
📋 What the Client Receives
🔗
Step 1 — You send them the link
Copy the link above and send via email or WhatsApp
🌐
Step 2 — They click it
They see a branded install page explaining everything in plain English
⬇️
Step 3 — They download & run
Extract ZIP → right-click doctor.bat → Run as administrator
✅
Device appears in your dashboard
Within 30 seconds. Auto-assigns to their client account.
🔑 Registration Token
This token is pre-baked into every installer. Agents use it to register with your server.
Current Token
⚠ Keep this token private. Anyone with this token can register a device to your platform.
What's included in the ZIP:
📄 phantom_agent.py — Main security agent
⚙️ config.ini — Pre-configured (URL + token + client ID)
🩺 doctor.bat — Installs everything as admin
🔄 watchdog.ps1 — Keeps agent running after crashes
⚙️ config.ini — Pre-configured (URL + token + client ID)
🩺 doctor.bat — Installs everything as admin
🔄 watchdog.ps1 — Keeps agent running after crashes
MITRE ATT&CK Coverage
What is MITRE ATT&CK?
MITRE ATT&CK is a globally recognised framework that maps adversary tactics and techniques observed in real-world attacks. Every alert in Phantom AI is automatically tagged with the relevant technique ID so you can identify attack patterns and report accurately to clients.
Techniques Detected
Tactics Breakdown
All Tagged Alerts
| Technique ID | Tactic | Technique | Total | Open |
|---|---|---|---|---|
Behavior Detection Engine
Behavior Events
| Time | Process | Score | MITRE | Tactic |
|---|---|---|---|---|
| Select a device | ||||
How Scoring Works
mimikatz / meterpreter / cobalt+100
vssadmin delete / ransomware+80-90
new user / schtasks / psexec+60-70
PowerShell / WMI / downloads+30-50
Discovery commands (whoami, ipconfig)+10-20
Score ≥ 75 = Critical alert. Score ≥ 60 = High alert. Score ≥ 25 = Medium. Updates every security scan cycle (5 min).
Risk Dashboard
Devices by Risk Level
Endpoint Isolation Control
Instantly cut a compromised device off from the network. The device can only reach the Phantom AI server — everything else is blocked at the Windows Firewall level.
All Devices — Risk Ranking
| Hostname | Risk Score | Risk Level | Behavior Score | Open Alerts | Missing Patches | Isolated | Actions |
|---|---|---|---|---|---|---|---|
Threat Hunting
Query Builder
Saved Queries
Available Tables
Results
| Run a query to see results |
|---|
Sites Management
Sites represent physical locations under a client — office branches, data centres, remote sites. Each device can be assigned to a site for organised management.
Hierarchy: Platform → Client → Site → Devices
Select a client to view sites