Do I need Pro to run WinSentinel on more than one machine?

No. WinSentinel Free is full-power on every machine — all audit modules, the real-time monitor, scheduled scans, and PDF reports, with no limits. Pro is only needed when you want those machines managed together from one control plane.

How do machines connect to the control plane?

Each machine runs the free 'winsentinel agent' daemon. With a Pro license configured, the agent registers with your control plane, sends a heartbeat every five minutes, reports scan results, and accepts remote commands. It authenticates with the license key plus a per-machine fingerprint.

What compliance frameworks does the fleet roll up?

Pro aggregates per-node findings into organization-wide compliance rollups for CIS Windows L1, SOC2, and HIPAA mappings, exportable as PDF or CSV for audit prep.

How much does Pro cost?

Pro is $29/mo for up to 25 nodes and $79/mo for up to 100 nodes. Unlimited nodes (Enterprise) is custom-priced. Annual billing saves 17%.

WinSentinel Pro

One control plane for your whole Windows fleet.

The free WinSentinel agent already audits, monitors, and fixes each machine on its own. Pro is the brain that turns those standalone agents into a managed fleet — remote scans, policy push, drift alerts, and org-wide compliance, all from one place.

Get Pro early access See pricing

$29/mo for 25 nodes · $79/mo for 100 nodes · Enterprise custom · 14-day trial when available.

How it fits together

Free agents (every machine)

winsentinel agent — laptop-04

winsentinel agent — db-prod-1

winsentinel agent — kiosk-12

Local scans on a schedule. Heartbeat every 5 min. Authenticated by license key + machine fingerprint.

→

↓

report in
accept commands

Pro control plane

console.winsentinel.ai

Web dashboard + API

• Fleet-wide posture view

• Remote scan / fix / policy

• Drift & regression alerts

• Compliance rollups

• RBAC + audit log

Runs on Cloudflare — no servers for you to host.

The mental model: Free gives you a powerful standalone agent. Pro gives those agents a control plane.

What Pro adds on top of Free

Everything below is fleet-level. Single-machine auditing, monitoring, fixing, and reporting stay free forever.

🛰️

Fleet posture dashboard

Every node's score, severity counts, and last-seen time on one screen. Drill into any machine for its full finding list.

📡

Remote command dispatch

Trigger a scan, apply a fix, or push a policy across the fleet — or a subset of nodes — without touching each box. Agents poll and execute.

📐

Policy push

"All nodes must pass CIS L1 by Friday." Define a baseline once, push it everywhere, and watch nodes converge.

⚠️

Drift & regression alerts

Get pinged the moment a node regresses — BitLocker turned off, a firewall rule weakened, a new admin appeared. Webhook delivery to Slack, Teams, or your own endpoint.

📋

Compliance rollups

Aggregate findings across the fleet into org-level CIS L1, SOC2, and HIPAA reports. Export PDF or CSV for auditors.

🔐

RBAC for security teams

Admin, viewer, and auditor roles. Per-member API tokens, shown once and revocable instantly. Every mutation lands in an immutable audit log.

🔌

API access

Everything the dashboard does is an API call. Wire fleet posture into your SIEM, your CMDB, or a cron job.

🏢

Scales with you

25 nodes, 100 nodes, or unlimited. SSO (SAML / OIDC) and priority support on the larger tiers.

⌨️

Fleet from the CLI

Admins can drive the whole fleet from any terminal — no web UI required when you'd rather script it.

manage the fleet from any node

# activate Pro once, on the admin's machine
winsentinel pro activate WSP-7Q2K-9F3M-X8AB

# see the whole fleet at a glance
winsentinel fleet status

# scan every node — or just a couple
winsentinel fleet scan-all
winsentinel fleet scan-all --nodes db-prod-1,db-prod-2 --modules defender,firewall

# push a hardening baseline to the fleet
winsentinel fleet push-policy --file cis-l1.json

# list registered nodes (JSON for scripting)
winsentinel fleet nodes --json

Fleet commands require a Pro license. Without one they print a friendly upgrade note and exit — the free single-machine commands are unaffected.

Stays free, forever

✓ All 33 audit modules on every machine
✓ Real-time monitor + scheduled scans
✓ One-click fixes & PDF / HTML reports
✓ The winsentinel agent daemon itself
✓ CIS / Essential 8 mapping (single machine)

Unlocked by Pro

✓ Central dashboard across all nodes
✓ Remote scan / fix / policy dispatch
✓ Drift & regression alerts
✓ Org-wide compliance rollups (CIS / SOC2 / HIPAA)
✓ RBAC, audit log & API access