Security
Security is foundational to EventQuery Sentry. We process sensitive endpoint telemetry, so the platform is built around encryption, strict tenant isolation, least-privilege access, and an auditable trail of every action.
Encryption
- All data encrypted in transit with TLS 1.3.
- Data encrypted at rest with AES-256.
Architecture & isolation
- Multi-tenant by design with per-tenant isolation (tenant-scoped data and row-level separation).
- Hosted on Microsoft Azure; enterprise plans can use a dedicated broker for additional isolation.
- Telemetry is queried on demand or streamed — minimising standing copies of sensitive data.
Agent security
- A cryptographically signed, sub-1 MB native binary for Windows and macOS.
- Server-pinned updates verified by SHA-256 — the agent never accepts a download pointer from a tenant or the portal.
- Enrollment secrets are device-scoped and stored hashed; the agent runs with least privilege.
Identity & access control
- RBAC with an enforced role hierarchy (Owner › Admin › Analyst › Viewer), checked server-side.
- MFA via TOTP and WebAuthn / passkeys; Microsoft SSO (SAML) and SCIM provisioning.
- Privileged "system admin" actions run through an approval workflow with destructive-command guardrails.
Auditability
A tamper-evident audit trail records authentication, administrative actions, remote commands, and ticket activity, scoped per tenant and exportable for review.
Compliance alignment
Our controls and our Compliance Evidence Engine are designed to align with and map to leading frameworks — SOC 2, ISO/IEC 27001, NIST CSF, PCI DSS v4.0.1 (Req 10), and HIPAA §164.312. The engine produces audit-honest, point-in-time evidence mapped to specific controls and never reports a false pass (controls without confirmed signal read NO_DATA).
Vulnerability & threat management
- Installed-software CVE matching backed by NVD / EPSS, with optional ticketing.
- Proactive remediation: continuous security and hardware checks that auto-fix or raise a ticket.
Data residency & retention
Hosting region and retention windows are described in our Privacy Policy. Customer data is deleted or returned on termination per the applicable DPA.
Responsible disclosure
We welcome reports of security issues. Please email security@eqsentry.io with details and reproduction steps. We commit to acknowledging valid reports and will not pursue good-faith research that respects user privacy and avoids service disruption. [Confirm disclosure policy / safe-harbor wording with counsel.]