Security is not a feature. It's the foundation.

Every DINOC Agent authenticates to the DINOC Server using a unique client certificate. The server also presents its certificate to the agent — both sides verify each other before any data is exchanged.

• ›Each agent gets a unique client certificate issued by the DINOC CA
• ›Certificate revocation isolates a single agent without impacting others
• ›Zero plaintext SNMP community strings in agent-to-server communication
• ›TLS 1.3 minimum — no legacy cipher suites

Every user action in DINOC is governed by RBAC. Roles are composable and can be scoped to individual tenants, device groups, or sites — enabling least-privilege access for every team member.

• ›Built-in roles: Administrator, Operator, Viewer, Tenant Admin
• ›Custom roles with resource-level permission scoping
• ›LDAP/AD integration for SSO and group sync
• ›Full audit log: every action, every user, every timestamp

DINOC never sends your network telemetry, topology data, or AI queries to external cloud services. Every byte of your monitoring data stays within your infrastructure.

• ›VictoriaMetrics stores all metrics on your own storage
• ›Ollama runs the AI model locally — zero data exfiltration
• ›Optional air-gap mode: pull container images once, run indefinitely offline
• ›No phone-home telemetry — DINOC does not call back to our servers

DINOC is built to satisfy the requirements of security-conscious enterprise buyers — with audit trails, certificate management, and an architecture review-ready security model.

• ›Append-only audit logs with optional SIEM export (syslog, webhook)
• ›Certificate lifecycle management: issue, rotate, revoke via API
• ›Security review documentation available for enterprise procurement
• ›Penetration test reports available under NDA