Admin guide
The operator's manual for running Kilasec day to day. This assumes a collector is installed and traffic is flowing. It's organized by the jobs you'll actually do.
The jobs
- Managing collectors — enroll, approve, restart, upgrade, revoke; reading collector health and the approval queue.
- Managing policy — writing and ordering rules, scope, testing changes in the Simulator, and applying them to the fleet.
- Approvals — resolving requests held for a human decision.
- Identity — wiring real user + AD-group attribution from Active Directory, DHCP, or CSV.
- Users, roles & 2FA — inviting teammates, roles, and two-factor authentication.
- Monitoring & health — Fleet health, collector-offline alerting, and the health endpoint.
- Audit & compliance — the audit log, retention, and exporting for SOC 2 / HIPAA / SIEM.
The mental model, in one paragraph
Policy lives in the cloud and is pulled by every collector. Each collector enforces it locally, in-line, on the AI traffic routed to it, and reports decisions (never raw payloads) back to the cloud. You manage everything — policy, identity, users, and the collector fleet — from the dashboard at kilasec.com/app/. Staff operating multiple customer tenants get a cross-tenant Fleet health view; a single customer admin sees their own workspace.
Where things are in the dashboard
| You want to… | Go to |
|---|---|
| See what's happening right now | Dashboard, Live Traffic |
| Triage what got blocked/held | Incidents, Approvals |
| Change what's allowed | Policy Rules, Scope, Simulator |
| Add / approve / check a collector | Collectors (staff: Fleet health) |
| See who's making calls | Agents, Identity |
| Prove what happened | Audit Log, Traffic Log |
| Manage people & security | Users & Roles, Settings (2FA) |
Each dashboard tab also has a page-by-page reference under The dashboard.
A sane operating rhythm
- Start permissive. Default
allow/log, redaction on for obvious secrets. Learn the network before you constrain it. - Watch for a week. Live Traffic, Agents, Incidents. Note the real providers, agents, and users.
- Tighten deliberately. Add
deny/require_approvalrules for the specific risks you saw, testing each in the Simulator before applying. - Keep the fleet green. Monitoring with offline alerting so a dead collector reaches you, not silently fails open.
- Review the audit log on your compliance cadence and export as needed.