Prometheus shows you a server is at 90% CPU. Monsys tells you a binary unexpectedly changed hash, which CVEs live in its linked libraries, requires 2FA to open a forensic shell on it, and logs every keystroke. Prom+Grafana is observability — monsys is detect · investigate · respond with supply-chain security baked in.
| Dimension | monsys.ai | Prometheus + Grafana |
|---|---|---|
| Category | ✓SOC platform: detect + investigate + respond + supply-chain | ✓Observability for metrics (TSDB + dashboards + alerting) |
| Setup complexity | ✓1 install command · agent + hub | ✗Prometheus + Alertmanager + Grafana + node_exporter + blackbox + cAdvisor + … |
| Linux distro coverage | ✓One musl-static binary · RHEL/Alma/Rocky 8+9, Fedora, Debian 11+12, Ubuntu 18-24, Alpine, SUSE, Oracle, Amazon Linux — no glibc-version drift | ~node_exporter packages per distro; static build exists but you own delivery |
| Default dashboards | ✓CPU/RAM/disk/network/CVE/compliance — out of the box | ~Import Grafana community JSONs — calibrate per environment |
| Process integrity (binary tampering) | ✓Process DNA: SHA256 fingerprint per binary, baseline + drift alert | ✗Not present — Prom is for numeric metrics, not state diffing |
| Honeypot canaries | ✓Bait files in /etc/shadow.bak etc — fire-on-touch with ntfy push | ✗Not present |
| Per-host CVE matching (OS packages) | ✓NVD v2 + EPSS, version-range matcher, risk score per host | ✗Not present — separate tools (Wazuh, OpenSCAP, Trivy) |
| Application dependency CVEs | ✓npm/pip/composer/go lockfiles → OSV.dev batch query, per project | ✗Not present |
| Container image scanning | ✓Trivy hub-side — no root needed on host | ✗Not present |
| Asset inventory | ✓Packages, services, open ports, users, sudo, ssh keys, hardware, PCI — automatic | ✗Not present — separate tools like OSQuery / Wazuh |
| Compliance evidence (NIS2/ISO/CyFun) | ✓Native control mapping with automated evidence collection | ✗Not present |
| Out-of-band forensic shell | ✓Emergency console: 2FA, Ed25519 signed token, 15min TTL, every keystroke audited | ✗Not present — Prom is pull-only, no interactive channel |
| Emergency Action Tokens | ✓Time-bound Ed25519 tokens for kill/isolate/dump/restart, full audit trail | ✗Not present |
| Anomaly detection (z-score baseline) | ✓7-day rolling baseline, |z|>2.5 → alert — no manual thresholds | ~Manual PromQL thresholds; Cortex/Loki add-ons for ML |
| Multi-tenant with data isolation | ✓PostgreSQL Row-Level Security + tenant-suspend toggle in admin UI | ~Grafana orgs give UI separation, not storage isolation — MSPs run instance per customer |
| Mass provisioning (Terraform/cloud-init) | ✓One enrolment token registers N agents — auto-merge tags + role from cloud metadata | ~Service discovery via consul/k8s; deploy node_exporter per host yourself |
| Mobile push out of the box | ✓ntfy topic per tenant — critical alerts straight to phone | ~Alertmanager → PagerDuty / Opsgenie / ntfy integration to wire up |
| Signed agent updates with supply-chain proof | ✓SHA256 manifest + auto-update + rotation via emergency token | ~OS package manager — supply-chain integrity is distro-dependent |
| MSP-ready billing | ✓€3/server/month after 5 free · Stripe + PayPal · VAT-ready · per-tenant invoicing | ✗Not present — build your own billing |
| Custom queries (PromQL) | ~Predefined aggregates via TimescaleDB hypertables | ✓Full PromQL — most powerful DSL in the industry |
| Kubernetes-first | ~Container inventory present; no kube-state-metrics yet | ✓De facto standard for k8s observability |
| Long-term retention | ✓TimescaleDB compression after 7 days — 90 days default | ~Requires Thanos/Cortex/Mimir — extra service to operate |
PromQL is a brilliant DSL and Prometheus itself is open source — hard to beat for pure metric power. But Prometheus is an observability tool, not a security platform. Saying "monsys = Prom+Grafana" misses ~80% of the product (process integrity, CVE matching, forensic console, compliance evidence) that lives outside the metric plane. For pure infra graphs Prom is fine; for monitoring customer environments against compromise it's the wrong tool.