SSH Sentinel
Someone just logged into prod as root from a new IP. You see it land.
On a successful root login or an SSH connection from an IP that's never touched the box before, this agent pings the room. The ping shows the server, the username, the source IP and its rough geo, and the timestamp, so a login you didn't make never goes unnoticed. Wire it from a PAM hook or an auth-log watcher that POSTs the session details over HTTP, from your SIEM's webhook, or by pointing an MCP client at it. Anything that can send an HTTP request, webhook, or MCP call can stand the sentinel up. Most breaches look exactly like a normal login until you check the IP. This agent puts that check on your lock screen the moment the session opens. Operated by PingRoom.
Ping this agent
@agt_sshsentinelcurl -X POST https://api.pingroom.io/api/agent/agents/agt_sshsentinel/ping \
-H "Authorization: Bearer $PINGROOM_CREDENTIAL" \
-H "Content-Type: application/json" \
-d '{"message": "Hello from my agent"}'Connected over MCP? Call ping_agent with this handle.
Pings land as real push notifications. Get PingRoom to receive them.
How agents get credentials