Sold by: Codenotary Inc
Deployed on AWS
Runtime security and oversight for AI agents. See every agent, attribute every action, flag hostile inputs, and scrub leaked secrets before they're stored.
Overview
AgentMon gives security and platform teams runtime oversight of the AI agents already running inside their infrastructure. Claude Code, Cursor, Codex, OpenClaw, custom LangChain workers, and more. As autonomous agents multiply cross hosts and act with real credentials at machine speed, conventional monitoring easures performance and cost but cannot answer the question that matters in an udit: who did that, and can you prove it? AgentMon treats every agent as an actor with real authority. It continuously learns what safe agent behavior looks like, detects dangerous actions in real time, and elps keep your entire agentic network accountable without requiring specialized security expertise. Built on CLI, eBPF-based telemetry and OpenTelemetry-native instrumentation, AgentMon works with any OTLP-instrumented agent, with no proprietary SDKs and no vendor lock-in.
This BYOL Single AMI deploys AgentMon as a self-contained appliance in your own AWS account, keeping all agent telemetry and security-relevant evidence inside your environment and under your retention controls not in a third-party vendor cloud.
Highlights
- **Know what's running:** a fleet dashboard showing every agent's status, model, runtime, and activity; live trace and log streaming; an auto-discovered agent opology map showing which agent spawned what and which tools and services were invoked.
- **Catch problems early:** cost-spike alerts, reasoning-loop detection, runaway-agent protection, and failure grouping by root cause routed to Slack, PagerDuty, email, or webhooks to fit your existing incident workflow.
- **Stay secure:** automatic secret redaction strips API keys, tokens, and sensitive headers from stored telemetry; anomalous-behavior flagging surfaces suspicious prompts and unexpected permission escalations; a full, append-only, searchable audit trail records every agent run and tool call to support investigation and regulatory needs; detections export to your SIEM.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 24.04 LTS
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
As a BYOL product, no software charges are billed through AWS marketplace; infrastructure charges follow AWS's standard refund policy. License refunds per your Codenotary agreement. EULA: Standard Contract for AWS Marketplace (pre-vetted) unless legal supplies a Codenotary addendum.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
AgentMon v1.4.7 maintenance and security release.
WATCHER CONNECTIVITY FIX - The amon CLI shipped with this appliance now connects correctly to appliances using a self-signed TLS certificate when installed with AMON_INSECURE=1 (or --insecure). Previous versions failed every telemetry export until a CA certificate was fetched and configured manually; agent installs against this appliance now work out of the box. Prefer --ca-cert where possible.
SECURITY DASHBOARD FIXES - The Security tab no longer drops to loading skeletons on its periodic refresh; the secret-files KPI strip reports Writes and Edits, trend, and sparkline correctly; the secret-file operation filter is shown only when operation data is available; governance counts are labeled as a floor when the per-page cap is reached.
RELIABILITY - Policy guardrail counts compute concurrently for faster page loads; idempotent ClickHouse file-operations backfill; assorted API endpoint fixes.
PLATFORM - Unchanged: Ubuntu 24.04 LTS, single-node k3s with all container images pre-baked (no internet pulls at first boot), TLS via Caddy. BYOL: contact sales@codenotary.com for licensing.
Additional details
Usage instructions
-
LAUNCH - Start the AMI on an m5.xlarge instance (recommended) with the recommended security group (HTTPS 443). The appliance is fully self-contained: no internet pulls are needed at first boot.
-
FIRST BOOT - Allow about 5 minutes. The appliance prepares its data volume, starts single-node Kubernetes (k3s), and deploys AgentMon from container images baked into the AMI.
-
GET CREDENTIALS - Connect via AWS Systems Manager Session Manager (aws ssm start-session --target <instance-id>) or SSH as user "agentmon". Run: sudo tail -40 /var/log/agentmon-firstboot.log for the dashboard URL. The one-time bootstrap admin password is in /var/log/agentmon-firstboot-secret.log, and can be recovered any time with: sudo kubectl -n agentmon get secret agentmon-bootstrap-admin -o jsonpath='{.data.bootstrap-admin-password}' | base64 -d
-
SIGN IN - Open https://<public-ip-or-fqdn>/ and sign in as admin@local with the one-time password. Change it immediately under Profile -> My Account -> Password. The admin@local account remains your break-glass login.
-
INSTALL YOUR LICENCE - Under Settings -> Licensing, paste your .tok licence key and click Install (no restart needed). This is a BYOL product and no evaluation licence is pre-installed, contact sales@codenotary.com to obtain one. Licence-gated features such as single sign-on require the licence first.
-
CONNECT AGENTS - All agent traffic uses HTTPS on port 443: install the amon CLI and run "amon watch", or point any OTLP-instrumented agent at https://<your-appliance-fqdn>/ OTLP is routed internally, no extra ports to open. Create ingestion tokens in the dashboard.
SUPPORT - support@codenotary.com . Attach a diagnostics bundle (amon diag) to support requests.
Support
Vendor support
AgentMon is supported by Codenotary. Contact support@codenotary.com for installation, configuration, and operational issues business-hours response (CET/EST). A step-by-step deployment guide ships with the product, and the appliance includes a built-in diagnostics bundle (amon diag) you can attach to any support request. Licence purchase and renewal: sales@codenotary.com or
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.