Noxen MSP

Name: Noxen MSP
Brand: Noxen
Price: 149 USD
Availability: PreOrder

Noxen MSP is for shops managing Linux and Unix fleets across multiple clients — managed service providers, security consultancies, and in-house ops teams that own more than one environment. It raises the host cap to 500, adds multi-tenant tagging so client fleets stay separated in one console, and ships per-tenant compliance and SIEM exports. The tier is in design and we are currently fielding interest via structured trials rather than self-service checkout — if it fits, email us and we will get you a build.

Built for MSPs from the inside out

Noxen runs on the technician's Mac, not in a SaaS console you rent. One Mac, one operator licence, one console — every host you manage across every client lives behind a tag in that single app. That shapes what the MSP tier ships:

500-host cap. Enough for a typical MSP book of 15–40 clients with 10–30 Linux hosts each.
Multi-tenant tagging. Tag every host with the client it belongs to, plus any number of secondary tags — environment, region, criticality, contract tier.
Webhook fan-out by tag. A Slack channel per client, a Teams channel for internal SOC traffic, or one generic JSON endpoint that demuxes downstream. Tag-aware routing is the point.
Per-tenant compliance export. Pull a CIS Controls v8 / SOC 2 / ISO 27001:2022 evidence CSV scoped to one client at a time, ready to hand to that client's auditor.
Per-tenant SIEM-NDJSON. Pipe findings into the client's Wazuh / Splunk / ELK / Loki stack with tenant tags already on each event.

Pricing

Flat $149 / month per operator. No per-host surcharge, no per-tenant ladder, no enterprise-style "talk to sales for a quote" pricing on the public page. What's included:

500 hosts across as many tenants as you need to model
Everything in Live Feed (daily CVE feed, scheduled nightly scans, webhooks)
SIEM-NDJSON export
Compliance mapping with per-tenant CSV scoping
Email support with business-day reply

What's not included: per-seat licensing for additional technicians (one Mac, one operator), a hosted dashboard for clients (Noxen does not run a SaaS — see data residency below), or white-labelling. If those are critical for you, tell us in the trial intake and we will be honest about whether we are the right fit yet.

Multi-tenancy model

Tenants in Noxen are tags, not separate databases. Every host carries a primary client tag and any number of secondary tags (env=prod, region=eu-west, contract=premium). The hosts list, the findings view, batch scans, webhook destinations, and every export can be filtered down to a single tag or a tag intersection before you ship anything to a client or upstream system.

This model is deliberate. A separate database per tenant means a database to back up, restore, version, and migrate per tenant — friction that adds up across 30 clients. A tag-based model means one store on the technician's Mac, one daily backup, and one set of filters across every workflow. The tradeoff is that you trust your own console operator with cross-tenant visibility, which is the same trust model every MSP already runs on.

Compliance evidence

Noxen maps every finding to control references in CIS Controls v8, SOC 2 (Common Criteria), and ISO 27001:2022 Annex A. Export per-host, per-tenant, or fleet-wide as CSV — directly usable as evidence attachments in an audit pack.

To be explicit: this is evidence supplement, not a certification claim. Noxen does not certify your clients to any framework, and we will not write copy that pretends it does. Your auditor decides what is sufficient. The CSV exists to save you and your client an hour of grep'ing through findings to find the rows that map to the control they are asking about. See /compliance/ for the full mapping table.

SIEM and alerting

Findings stream out as NDJSON (one JSON object per line, LF-delimited) with tenant and environment tags already attached. Drop the file into a Filebeat / Promtail / Splunk Universal Forwarder watch directory and the events land in your existing pipeline. No bespoke parser to maintain.

For real-time alerting, Noxen ships webhook delivery to Slack, Discord, Microsoft Teams, and any generic JSON endpoint, with payload auto-formatted per sink. Webhooks fire per-host per-severity with configurable thresholds — a Slack channel that only ever receives "new critical on this client's prod fleet" is two clicks to configure.

Data residency

Scan data lives in the SwiftData store on the technician's Mac, in ~/Library/Application Support/Noxen/. That is the authoritative store. Optional iCloud private-database sync via CloudKit (off by default in current builds; will be re-enabled when the iOS companion ships) syncs under your own Apple ID, encrypted by Apple in transit and at rest. Either way, no client fleet data ever touches Noxen-controlled infrastructure.

The only outbound traffic from the Noxen app to anything we run is the daily CVE-feed manifest fetch from feed.noxen.app — a snapshot version check and signed SQLite download. No fleet data leaves your perimeter as part of that fetch. See /security/ for the full data-flow accounting.

Onboarding path

The realistic evaluation flow for an MSP looks like this:

Start on Free. 3 hosts, manual scans, snapshot CVE feed. Confirms Noxen runs on your machines, confirms SSH key import works against a real client host, takes 10 minutes.
Move to a 14-day Noxen 1.x trial. 25 hosts, scheduled nightly scans. Run it across one client's fleet for a week, look at the reports your tech would have shipped that week.
Email us about the MSP tier. We send a build with the host cap raised and multi-tenant features enabled, schedule a 30-minute walkthrough, and run a structured trial against your real book for 2–4 weeks. Reviewer NFR licences are available on request.

Talk to us

The MSP tier is the page-1 buyer for Noxen and we want to get this right. Email snyman.ps@icloud.com with rough fleet size, the SIEM and ticketing stack you already run, and which compliance framework (if any) you report against. Procurement docs — security questionnaire responses, DPA, sub-processor list, insurance — are available on request.

Talk to us See MSP-tier comparison