Compliance, Security & Auditability
Operational control with built-in governance. CIS benchmarks, policy-based compliance scanning, full audit log of every action, and file integrity monitoring with incident timeline.
Compliance Scanning
- Built-in policy library: CIS Benchmarks and custom policies
- Check types: file existence, content matching, permission validation
- Severity levels: Critical, High, Medium, Low
- Auto-remediation with step-by-step playbooks and dry-run
- Rollback: undo remediation if issues arise
- Scheduled scans for automated compliance checking
- Violation tracking: detection, remediation status, history
Compliance Posture Dashboard
- Overall compliance score with per-framework breakdown
- Policy coverage per scan
- Violation trends over time
Activity & Audit Log
- Full audit trail: every action logged with timestamp, user, IP, user-agent
- Event categories: Authentication, User management, Config changes, Service ops, File ops, Security events
- Filtering by action type, user, status, timestamp range, resource type
- Statistics: total events, failed operations, events by user/type
- Time-based: 1h, 24h, 7d, 30d, custom range
File Integrity Monitoring (FIM)
- inotify real-time detection of file changes
- Hash verification (xxh3/sha256) with baseline comparison
- Change type classification and severity levels
- Event timeline with correlation
- Select paths to monitor
Security Monitoring
- Security score (0-100) with grade and category breakdown
- Categories: Network, Authentication, Filesystem, Services, Logging
- Failed login attempts, sudo events, SSH sessions, root logins
- Geographic distribution of access events
Incident Timeline
- Event types: Config changes, service actions, alerts, log spikes, snapshots, package installations
- Chronological ordering with event correlation
- Related event grouping with severity indication
- Date range and event type filtering