FAQ

Short answers to common questions.

What data leaves my servers?

Only the allowlisted host facts you approve after preview, in a documented JSON contract. No file contents, no logs, and no hidden channels. The agent shows the exact payload before anything is sent.

Is this a penetration test?

No. Ghostpsy is visibility and prioritization on allowlisted collection—meant to complement pen-tests and your security program, not substitute for them.

How does billing work?

Per machine. Discovery is free with org caps on Discovery hosts and included scans. Operator is a one-time purchase per machine with a scan bundle; when checkout is live, you can top up more scans at the same per-machine price. Commander isn’t sold yet. No subscription. No surprise renewals.

What if I need org-wide reporting?

Commander will add cross-machine views when it ships. Until then, reporting stays per host under Discovery and Operator.

Two machines show as the same in Ghostpsy (cloned VMs / LXC containers)

Ghostpsy identifies machines by /etc/machine-id. Cloned VMs or LXC containers often share the same value. To fix it, regenerate the machine-id and clear the agent state on the duplicate machine:

cat /proc/sys/kernel/random/uuid | tr -d '-' > /etc/machine-id
rm -f /etc/ghostpsy/agent.conf /var/lib/ghostpsy/state.json

Then re-run the agent. It will register as a new machine.