Kairnex Solutions
Customer access Request demo

KairnexXray for Windows

Local host inspection before response action.

KairnexXray is a local-first Windows host IDS, inspection dashboard, sensor health check, event timeline, Defender trace, and safe response-action planner for defensive workstation triage.

Status: local-first Windows utility. KairnexXray runs on the customer workstation, preserves local evidence, and plans response steps before any containment action is applied. Hosted fleet management and Evidence export can be planned separately.

Request Xray rollout View security posture
Windows host inspection

Local inspection

Find suspicious workstation behavior without uploading raw logs.

Xray focuses on current host signals: active connections, listening ports, process paths, startup entries, scheduled tasks, services, DNS cache names, baseline drift, Defender posture, and Windows event context.

1Scan
2Inspect
3Baseline
4Trace
5Plan

Core capabilities

A practical endpoint triage layer for support and security teams.

KairnexXray is designed for defensive investigation and support handoff. It gives a reviewer enough context to decide whether to observe, investigate, contain, or escalate.

Host IDS scan

Review process context, network listeners, public outbound connections, startup entries, scheduled tasks, and services.

Focused inspection

Inspect a finding by alert, PID, file path, or remote host with hashes, signatures, persistence references, and DNS context.

Sensor health

Check Defender state, firewall posture, PowerShell logging, audit policy, update health, and core security services.

Safe containment planning

Generate dry-run response plans before applying reversible actions such as host blocks, process stops, or startup disablement.

Response posture

Preserve evidence first, then decide what to change.

KairnexXray is intentionally conservative. It does not claim that a machine is clean, and it does not make destructive changes by default. The product helps teams slow down, collect useful local context, and make a documented response decision.

Read-only by default Scans, inspections, event timelines, Defender traces, and health checks preserve context before action.
Evidence handoff Reports, structured alerts, snapshots, timelines, health checks, and response plans can be packaged for review.
Baseline drift Compare current listeners, processes, startup entries, tasks, and services against a known-good baseline.
Admin-aware containment Elevated actions are visible, planned, and logged with restore notes when containment is applied.

Security boundaries

Defensive local triage only.

KairnexXray is not an offensive tool, not a malware database, and not a full EDR. It is a local investigation layer for authorized users and support teams working on approved Windows hosts.

No remote exploitation, credential theft, persistence, or offensive automation
No cloud upload requirement for current local-first operation
Containment is planned through dry-run checks before apply mode
Reports are designed for customer-controlled review and support handoff