Quick Start
Get up and running with Process Mapping in 4 steps.
Deploy Agent
Platform: macOS / Windows
Auto-discovery: immediate
Background service: always-on
Review Apps
OS installed: ✓
Package managers: ✓
AI agents: MCP, skills, hooks
Set Policies
Allow / Block / Quarantine
Justify with popup prompt
Per-app policy rules
Monitor
Discovery events: real-time
Process spawns: correlated
Enforcement: full audit trail
QuilrAI
1. Deploy the System Monitor
Runs as a background service on each endpoint. Starts discovery immediately on first boot.
| Platform | Coverage |
|---|---|
| macOS | Installed apps, Homebrew, npm/pip/go globals, standalone binaries |
| Windows | Installed programs, Chocolatey, npm/pip/go globals, standalone binaries |
Deployed alongside the Sentinel endpoint agent.
2. Review Discovered Applications
| Discovery Method | What It Finds |
|---|---|
| OS Installers | Apps from native package managers |
| Package Managers | npm, pip, go, gem, Homebrew, Chocolatey binaries |
| Process Monitoring | Running processes correlated to applications |
| File System Scan | Standalone executables, AI agent configs, project files |
| AI Agent Discovery | MCP servers, skills, plugins, hooks, models, instruction files |
Navigate to Applications under Process Mapping to see your inventory.
3. Configure Policies
| Policy Action | Description |
|---|---|
| Allow | Application runs normally; activity is logged |
| Block | Application is terminated and prevented from running |
| Quarantine | Executable is renamed in place; supports restore |
| Justify | User is prompted for a justification before continuing |
Policies are evaluated through a Process Chain: enriches each event with catalog data, evaluates policies, resolves actions, and logs the decision. Every enforcement action is recorded for audit.
4. Monitor Activity
Every discovery event, policy decision, and enforcement action is logged and synced to the Quilr dashboard.
- Discovery events : new applications found with identity and catalog metadata
- Process spawns : real-time correlation of running processes to known applications
- Policy decisions : which policy matched, what action was taken, and why
- Enforcement actions : block, quarantine, justify outcomes with full audit trail
- AI agent artifacts : MCP servers, skills, plugins, hooks, and models per app