guard command controls Panguard’s real-time protection agent — a three-layer AI pipeline that monitors your system continuously, detects threats, and responds automatically. Guard runs as a background service and reports events through your configured notification channels.
Usage
Subcommands
| Subcommand | Description | Plan Required |
|---|---|---|
start | Start the Guard agent | Solo+ |
stop | Stop the running Guard agent | Solo+ |
status | Show current Guard status and statistics | Community (Free) |
install | Install Guard as a system service (systemd / launchd) | Solo+ |
uninstall | Remove the Guard system service | Solo+ |
config | View or modify Guard configuration | Solo+ |
help | Show Guard subcommand help | All |
Options
Override the default data directory where Guard stores logs, baselines, and state files. Defaults to
~/.panguard/guard/.Examples
How It Works
Guard operates through three layers of AI processing:- Layer 1 — Rule Engine — Sigma rules and YARA signatures for known threat patterns (available on Community plan as status-only)
- Layer 2 — Behavioral AI — Machine learning baselines detect anomalous process, network, and file activity
- Layer 3 — LLM Judgment — Large language model correlates events, judges severity, and generates plain-language alerts
Plan Requirements
guard status is available on the Community (Free) plan. Starting, stopping, installing, and configuring Guard requires Solo ($9/mo) or higher.