kodachi-soc
Kodachi SOC host-security monitor — full telemetry collector with MITRE ATT&CK annotations
Version: 9.0.1 | Size: 3.5MB | Author: Warith Al Maawali
License: Proprietary | Website: https://www.digi77.com
File Information
| Property | Value |
|---|---|
| Binary Name | kodachi-soc |
| Version | 9.0.1 |
| Build Date | REDACTED-BUILD-TIME |
| Rust Version | 1.82.0 |
| File Size | 3.5MB |
| Author | Warith Al Maawali |
| License | Proprietary |
| Category | Kodachi Binary |
| Description | Kodachi SOC host-security monitor — full telemetry collector with MITRE ATT&CK annotations |
| Git Commit | unknown |
| Metadata Generated | 2026-06-23T09:48:39Z |
| Binary Timestamp | Unknown |
| JSON Data | View Raw JSON |
SHA256 Checksum
Features
| # | Feature |
|---|---|
| 1 | 16 SOC collectors: vitals, network, connections, processes, threats, auth, privacy, system |
| 2 | FIM (SHA-256), SUID drift, ld.so.preload, kernel taint, capability audit |
| 3 | Background refresh with lock-file dedup |
| 4 | Dashboard DATA JSON: host/generated/overall/counts/load/score/findings/posture/clusters |
| 5 | MITRE ATT&CK annotations on all threat collectors |
Security Features
| Feature | Description |
|---|---|
| Authentication | Not provided by cli-core (see online-auth) |
| Encryption | Not provided by cli-core |
| Input Validation | Argument parsing via clap; per-command validation is the consumer's responsibility |
| Rate Limiting | Not provided by cli-core |
System Requirements
| Requirement | Value |
|---|---|
| OS | Linux (Debian-based) |
| Privileges | root/sudo for system operations |
| Dependencies | OpenSSL, libcurl |
Global Options
| Flag | Description |
|---|---|
-h, --help |
Print help information |
-v, --version |
Print version information |
-n, --info |
Display detailed information |
-e, --examples |
Show usage examples |
--json |
Output in JSON format |
-o, --output-format <FORMAT> |
Force output format (text |
--json-pretty |
Pretty-print JSON output with indentation |
--json-human |
Enhanced JSON output with improved formatting (like jq) |
--fields <FIELD_LIST> |
Select specific fields to include in output (comma-separated) |
--limit <NUMBER> |
Limit number of results returned |
--offset <NUMBER> |
Skip first N results (for pagination) |
-d, --work-dir <PATH> |
Working directory (defaults to auto-detected base directory) |
--port <PORT> |
Set custom port number (1024-65535) |
--log-level <LEVEL> |
Set log level (error |
--verbose |
Enable verbose output |
--quiet |
Suppress non-essential output |
--no-color |
Disable colored output |
--config <FILE> |
Use custom configuration file |
--timeout <SECS> |
Set operation timeout in seconds (optional; no default applied) |
--retry <COUNT> |
Retry attempts (optional; no default applied) |
Commands
Commands
snapshot
Collect all SOC telemetry and emit DATA JSON
Usage:
Examples:
refresh
Run all expensive background scans and populate the cache
Usage:
Examples:
Operational Scenarios
Scenario-oriented workflows generated from the binary's built-in -e --json examples.
Scenario 1: Basic Usage
Common operations
Step 1: Default operation
Expected Output: Shows help informationStep 2: JSON formatted output
Expected Output: JSON responseEnvironment Variables
| Variable | Description | Default | Values |
|---|---|---|---|
RUST_LOG |
Set logging level | info | error |
NO_COLOR |
Disable all colored output when set | unset | 1 |
Exit Codes
| Code | Description |
|---|---|
| 0 | Success |
| 1 | General error |
| 2 | Invalid arguments |
| 3 | Permission denied |
| 4 | Network error |
| 5 | File not found |