Features Collection How It Works Security Get Started →
Enterprise-grade  ·  Multi-tenant  ·  Open architecture

Full-stack network
monitoring that actually scales

NetPulse NMS monitors every device on your network — servers, routers, switches, firewalls — with agent-based push or agentless SSH/WinRM pull collection. One dashboard, any scale, zero blind spots.

Terminal Topology Alerts
CPU — web-01
34%
All agents online
142 devices · 0 alerts
Bandwidth
1.4 Gbps
0
Uptime SLA
0
Devices supported
0
Metric resolution
0
Enterprise feature phases

Everything your ops team needs,
nothing they don't

From raw metric ingestion to SLA tracking, RBAC, synthetic monitoring, and topology discovery — it's all here.

📡

Real-time Monitoring

Metrics stream every 15 seconds into a time-series database. CPU, memory, disk, network interfaces, and custom counters.

🌐

Network Intelligence

SNMP polling, LLDP/CDP topology discovery, BGP/OSPF routing state, ARP cache, VLAN membership, STP status, and CEF tables.

🔔

Smart Alerting

Rule-based alerts with severity levels, on-call schedules, escalation policies, and multi-channel delivery — email, Slack, PagerDuty, and webhooks.

🗺️

Auto-Discovery

Scan subnets, fingerprint devices via SNMP and SSH banners, and auto-onboard them — including routers, switches, servers, and printers.

🔐

Secrets Vault

SSH keys and WinRM credentials stored encrypted. Decrypted at poll time only — never cached, never logged. Full vault access audit trail per operation.

🧪

Synthetic Monitoring

HTTP, ICMP, TCP, DNS, and SSL health checks from your own infrastructure. SLA-grade uptime reporting with response time percentiles.

🎫

Helpdesk & Ticketing

Built-in issue tracker with project boards, kanban views, custom workflows, SLA policies, and alert-to-ticket automation.

📊

Flow Analysis

NetFlow / sFlow ingestion with per-application and per-IP traffic breakdown. Spot bandwidth hogs in seconds with interactive charts.

🔒

Enterprise Security

RBAC, SSO (SAML 2.0 / OIDC), TOTP 2FA, API keys, rate limiting, audit logs, and configurable data-retention policies.

🏗️

Asset Management

Hardware inventory, software asset tracking, asset groups, lifecycle status, and contract data — all linked to monitored devices.

📅

Maintenance Windows

Schedule maintenance windows to automatically suppress alerts. Full history, approval workflows, and impact reporting.

🌩️

SNMP Traps & Syslog

Receive and parse SNMP traps and syslog events, correlate them with device state, and trigger automated incident workflows.


Agent-based or agentless —
your choice, same data

Deploy lightweight agents on hosts you control, or SSH/WinRM into devices where installing an agent isn't possible. Both produce identical metric records.

Agent-based (Push)

Install once, monitor forever

A lightweight agent runs on your host and pushes metrics directly to the collector endpoint over HTTPS every 15 seconds.

  • Linux, Windows, and network devices
  • Sub-second alert reaction time
  • Local buffering — survives brief outages
  • CPU, memory, disk, and network metric drivers
  • Secure authenticated device registration
Agentless (Pull)

No agent? No problem

Background workers SSH or WinRM into targets on a configurable schedule. Credentials live in the Vault — never in the database.

  • SSH key or WinRM — stored as vault secrets
  • Configurable poll interval per device
  • Identical metric schema — same dashboard
  • Full vault access log per poll
  • Works with legacy hosts and appliances
Data flow
Agents
Push / SSH / WinRM
API
Collector
Message
Queue
Background
Workers
Time-series
Database
Web
Dashboard

Up and running in minutes

Docker Compose brings the entire platform online. Add your first device and metrics start flowing immediately.

1
Deploy with Docker Compose

One command spins up the entire platform — backend, workers, database, and the web frontend. TLS is automatic with zero config.

2
Create your tenant & invite your team

Multi-tenant from day one. Each org gets fully isolated database rows enforced at the database level. Invite team members by email.

3
Register devices or run auto-discovery

Paste an agent token and start the agent — or scan a subnet to auto-onboard agentless targets via SNMP fingerprinting.

4
Set alert rules & on-call schedules

Define thresholds, assign on-call engineers, and add escalation policies. Alerts route to PagerDuty, Slack, email, or custom webhooks.

5
Explore dashboards & reports

Live topology map, time-series charts, availability heatmaps, SLA reports, and PDF exports — all filterable by device group.

Quick start
# 1. Clone & configure
git clone https://github.com/your-org/nms
cp .env.example .env
# Edit .env with your settings

# 2. Start all services
docker compose up -d

# 3. Apply database migrations
./database/migrate.sh

# 4. Open the dashboard
open https://localhost

# 5. Deploy a device agent
docker compose \
  --profile agent up -d

# Done — metrics flowing ✓

Built secure from the ground up

Enterprise security isn't a bolt-on. It's baked into every layer — from database row isolation to vault-encrypted credentials.

🏛️

Multi-tenant Row-Level Security

Database-level row isolation enforces tenant separation automatically. No query can accidentally leak cross-tenant data — ever.

🔑

JWT + RBAC

Every API request validates a signed token carrying tenant and role claims. Roles gate every single endpoint — no exceptions.

🛡️

SSO & 2FA

SAML 2.0 / OIDC for enterprise SSO. Time-based one-time passwords (TOTP) for 2FA. Both enforced per security policy.

🏦

Secrets Vault

SSH keys and WinRM credentials stored encrypted. Decrypted at poll time, never cached in memory, every access logged.

📋

Audit Logging

Every significant action — login, config change, vault access — immutably recorded with actor, timestamp, and source IP.

⏱️

Rate Limiting

Per-tenant and per-endpoint rate limits protect the collector endpoint under high agent volumes.

🗑️

Data Retention Policies

Configure automatic purge of metrics, audit logs, and events by retention window. GDPR-compliant by design.

🔗

Webhook Secret Hashing

Webhook signing secrets stored as cryptographic hashes — never returned via API, verified on every delivery.

Stop flying blind.
Know your network.

NetPulse NMS is production-ready. Deploy it in minutes and start monitoring everything.

✓ No cloud lock-in
✓ Self-hosted
✓ Multi-tenant
✓ Open architecture