Skip to content

Admin guide

The operator's manual for running Kilasec day to day. This assumes a collector is installed and traffic is flowing. It's organized by the jobs you'll actually do.

The jobs

  • Managing collectors — enroll, approve, restart, upgrade, revoke; reading collector health and the approval queue.
  • Managing policy — writing and ordering rules, scope, testing changes in the Simulator, and applying them to the fleet.
  • Approvals — resolving requests held for a human decision.
  • Identity — wiring real user + AD-group attribution from Active Directory, DHCP, or CSV.
  • Users, roles & 2FA — inviting teammates, roles, and two-factor authentication.
  • Monitoring & health — Fleet health, collector-offline alerting, and the health endpoint.
  • Audit & compliance — the audit log, retention, and exporting for SOC 2 / HIPAA / SIEM.

The mental model, in one paragraph

Policy lives in the cloud and is pulled by every collector. Each collector enforces it locally, in-line, on the AI traffic routed to it, and reports decisions (never raw payloads) back to the cloud. You manage everything — policy, identity, users, and the collector fleet — from the dashboard at kilasec.com/app/. Staff operating multiple customer tenants get a cross-tenant Fleet health view; a single customer admin sees their own workspace.

Where things are in the dashboard

You want to…Go to
See what's happening right nowDashboard, Live Traffic
Triage what got blocked/heldIncidents, Approvals
Change what's allowedPolicy Rules, Scope, Simulator
Add / approve / check a collectorCollectors (staff: Fleet health)
See who's making callsAgents, Identity
Prove what happenedAudit Log, Traffic Log
Manage people & securityUsers & Roles, Settings (2FA)

Each dashboard tab also has a page-by-page reference under The dashboard.

A sane operating rhythm

  1. Start permissive. Default allow/log, redaction on for obvious secrets. Learn the network before you constrain it.
  2. Watch for a week. Live Traffic, Agents, Incidents. Note the real providers, agents, and users.
  3. Tighten deliberately. Add deny/require_approval rules for the specific risks you saw, testing each in the Simulator before applying.
  4. Keep the fleet green. Monitoring with offline alerting so a dead collector reaches you, not silently fails open.
  5. Review the audit log on your compliance cadence and export as needed.

Documentation for kilasec — the AI Agent Firewall.