๐ Recent activity
Loadingโฆ
๐งฐ SafeCadence Tool Hub
Every capability, organized by what you're trying to do. Each tool tells you when it's the right one to reach for.
๐ญ Discover & Inventory
๐ Inventory
Every device, identity, and NHI in one searchable list.
Use when: You want to see what's connected.
Open โ
๐บ๏ธ Topology
9 named graph views โ global, security-zone, lifecycle, risk heat, KEV, etc.
Use when: You need to see the network and identity graph visually.
Open โ
๐งญ Onboarding wizard
Guided path to add real assets โ CSV, scan, cloud, manual.
Use when: You're starting from zero and need to load real data.
$ safecadence onboard
Open โ
๐ฅ CSV importer
Bulk-load assets or credentials from a spreadsheet.
Use when: You have a CMDB / asset list to import.
$ safecadence import-assets file.csv
Open โ
๐ Policy & Compliance
๐ช Policy Builder (5-step wizard)
Build a policy from intent โ controls โ asset selection โ approvals โ schedule.
Use when: You want to define a new compliance / hardening policy.
$ safecadence policy create
Open โ
โ Compliance dashboard
Per-policy pass/fail, drift counts, top failures, executive-briefing card.
Use when: You need a fleet-wide compliance snapshot right now.
$ safecadence policy briefing
Open โ
๐ Drift
Cross-system drift detector (17 detectors) + per-policy drift over time.
Use when: Two systems disagree, or compliance moved.
$ safecadence policy drift-cross-system
Open โ
๐ Per-device diff
Side-by-side: declared policy vs running config for any single device.
Use when: A device is failing a policy โ show me exactly what's wrong.
Open โ
๐ Evidence pack (compliance)
One-click PDF/CSV evidence for SOC 2 / ISO27001 / NIST 800-53.
Use when: Auditor asked for a compliance snapshot.
$ safecadence evidence-pack --framework soc2
Open โ
๐ฉน Remediation export
Generate the per-vendor commands that fix a finding (Ansible / Terraform / raw / Markdown / PowerShell).
Use when: You want to hand a fix to the existing automation team.
Open โ
๐ Identity Intelligence
๐ง Identity translator (NL โ IR)
Plain English โ unified policy IR โ preview โ apply across Cisco ISE, ClearPass, AD, Entra, Okta.
Use when: You want to express a single intent and have it enforced across all 5 identity systems.
$ safecadence identity translate "..."
Open โ
๐ Effective-permission lookup (who-can)
Compose ALL connected identity systems and answer "can principal X do action Y on resource Z right now?"
Use when: You're investigating an incident or a permission question.
$ safecadence identity who-can ssh prod-db --as alice@x
Open โ
๐ฉ Identity findings
Stale NHIs, no-MFA tenants, over-privileged principals, orphan service accounts.
Use when: You want to proactively clean up identity hygiene.
Open โ
๐ฏ Identity attack paths
Human โ group โ SA โ role โ asset chains, ranked by reach.
Use when: You need to find "Alice โ BuildBot โ AdminRole โ crown-jewel" type chains.
Open โ
โ๏ธ Identity remediation
Given an attack path, generate the IR that severs it.
Use when: You found an attack path and want the fix.
Open โ
โฑ๏ธ JIT access grants
Time-bounded access grants with auto-revoke.
Use when: Someone needs prod-db read access for "the next 4 hours".
$ safecadence identity jit grant ...
Open โ
โ๏ธ Conflict resolution policy
Configurable precedence โ "AD wins over Okta on prod" โ applied when systems disagree.
Use when: ISE and AD declare different things; you need a rule.
Open โ
๐ Identity evidence pack
JSON / CSV / PDF: who has what, MFA %, JIT log, attack paths โ mapped to SOC 2 CC6, ISO 27001 A.9, NIST AC-2.
Use when: Auditor asked for identity evidence specifically.
Open โ
โ๏ธ Secure Execution
๐ค Command builder (AI-assisted)
Natural language โ per-vendor commands, RBAC + risk classified, dry-runnable.
Use when: You want to build a network change job without writing vendor-specific CLI from scratch.
$ safecadence execute build "..."
Open โ
๐ก๏ธ Approvals queue
Risk-tiered approval flow with TOTP + audit row.
Use when: Job is built and waiting for sign-off.
Open โ
๐ Execution queue
Active jobs by stage โ review, approved, scheduled, running.
Use when: You want a snapshot of what's about to change.
Open โ
โฎ๏ธ Rollback manager
Generated-at-approval-time rollback plans, one-click revert.
Use when: A job ran and you want to undo it.
Open โ
๐ Audit & Reports
๐ Audit trail
Immutable log of every change โ policy, identity, execution, JIT โ with full context.
Use when: You need to prove what happened, by whom, when.
Open โ
๐ง Email digest
Daily / weekly summary of findings, JIT, drift, approvals.
Use when: You don't want to babysit the dashboard.
$ safecadence digest --weekly
Open โ
๐ Continuous
๐ Daemon
Continuous re-evaluation: policies, drift, attack paths, JIT auto-revoke.
Use when: You want the dashboard to stay current without you running CLI.
$ safecadence daemon --interval 1800
(no UI)
๐ฃ Webhooks (Slack / Teams / PagerDuty)
HMAC-signed alerts on new critical findings.
Use when: You want to know when prod compliance breaks.
Open โ
โฐ Scheduled re-eval
Per-policy cadence โ hourly, daily, weekly.
Use when: Different policies run on different schedules.
Open โ
โ๏ธ Settings & Tenancy
๐ RBAC (6 roles)
Viewer / Auditor / Operator / Engineer / Security Admin / Super Admin.
Use when: You're delegating access to teammates.
Open โ
๐ TOTP MFA
Per-job step-up auth on Tier-3 commits.
Use when: Compliance requires MFA on production changes.
Open โ
๐ License manager
Free local-first, optional Enterprise / MSP modes.
Use when: You're moving from local install to MSP control plane.
Open โ