Overview
The Ravenxcope Sensor is a single Go binary (ravenxcope-sensor) that runs on every sensor host. It is the only RavenXcope component that executes directly on sensor machines.
Enrollment & PKI
Onboarding a sensor is a one-time flow driven by a claim code and culminating in an mTLS client certificate the sensor uses to stream alerts.
Suricata Supervision
The sensor runs and manages a local Suricata instance rather than assuming one is already present. This is handled by internal/launcher, internal/supervisor, and internal/suricata.
Heartbeat & Configuration
Heartbeat