S4E On-Prem is the self-hosted edition of the Security For Everyone Continuous AI-Based Security Operations platform. It delivers the same vulnerability scanning, asset discovery, web crawling, and threat intelligence capabilities as the S4E Cloud offering — but deployed entirely within your own infrastructure using Docker Compose on a Linux server.
Key Characteristics
- Self-contained — every component (API, workers, databases, message brokers) runs as a Docker container on your server. No data leaves your network.
- Cloud-synced — scan templates, action catalogs, and scanner updates are automatically pulled from S4E Cloud. Your scan results and asset data stay local.
- Single-server — the entire platform runs on one Linux machine. No Kubernetes cluster or external orchestration required.
- Managed via Nginx — a host-level Nginx reverse proxy routes HTTPS traffic to each service using subdomain-based virtual hosts.
How It Differs from S4E Cloud
| Aspect | S4E Cloud | S4E On-Prem |
|---|---|---|
| Hosting | Managed by S4E | Your own server |
| Data location | S4E infrastructure | Your network |
| Internal scanning | Internet-reachable targets only | Private IPs, internal domains |
| Updates | Automatic | Controlled by your team |
| Infrastructure | Multi-region, HA | Single or multi-node deployment |
| Setup | Account creation | Installation via setup.sh |
| Template sync | Real-time | Periodic pull from S4E Cloud |
Core Capabilities
Continuous AI-Based Security Operations
S4E On-Prem implements the full security operations lifecycle:
- Scoping — register internal and external assets (domains, IP ranges, web apps).
- Discovery — automated crawling and port scanning discover endpoints and services.
- Prioritization — findings are scored based on exploitability, severity, and exposure.
- Validation — active vulnerability checks confirm whether exposures are exploitable.
- Mobilization — actions and playbooks drive remediation workflows.
Asset Types Supported
- Private IP addresses and CIDR ranges
- Internal and external domain names
- Web applications (including apps behind authentication)
- API endpoints (REST, GraphQL)
Deployment Model
S4E On-Prem runs on a single Linux server using:
- Docker Compose or Kubernetes — all services are containerized and can be deployed on either orchestration platform.
- Nginx — host-installed reverse proxy for HTTPS and subdomain routing.
- Relational database — primary data store for scan results, users, and findings.
- Cache layer — caching, rate limiting, and session state.
- Message broker — asynchronous messaging between workers.
- Document store — stores crawler output and scan metadata.
- Object storage — stores reports and file attachments.
- Template registry — internal version-controlled repository for scan templates.
Minimum requirements
The server requires at least 4 CPU cores, 16 GB RAM, and 100 GB disk. See the requirements page for full details.
Licensing & Sync
S4E On-Prem is licensed via an API key tied to your S4E account. The key is used to:
- Authenticate against S4E Cloud to pull scan templates and action catalogs.
- Sync vulnerability intelligence updates periodically.
- Send anonymized telemetry logs (sync status, errors) to S4E.
Your scan results, asset data, and findings never leave your server.
Next Steps
- Architecture overview — understand how the services fit together.
- Differences from Cloud — detailed feature comparison.
- System requirements — verify your server readiness.