🔔 Recent activity
Loading…
🧰 SafeCadence Tool Hub
Every capability, organized by what you're trying to do. Each tool tells you when it's the right one to reach for.
🔭 Discover & Inventory
📋 Inventory
Every device, identity, and NHI in one searchable list.
Use when: You want to see what's connected.
Open →
🗺️ Topology
9 named graph views — global, security-zone, lifecycle, risk heat, KEV, etc.
Use when: You need to see the network and identity graph visually.
Open →
🧭 Onboarding wizard
Guided path to add real assets — CSV, scan, cloud, manual.
Use when: You're starting from zero and need to load real data.
$ safecadence onboard
Open →
📥 CSV importer
Bulk-load assets or credentials from a spreadsheet.
Use when: You have a CMDB / asset list to import.
$ safecadence import-assets file.csv
Open →
📐 Policy & Compliance
🪄 Policy Builder (5-step wizard)
Build a policy from intent → controls → asset selection → approvals → schedule.
Use when: You want to define a new compliance / hardening policy.
$ safecadence policy create
Open →
✅ Compliance dashboard
Per-policy pass/fail, drift counts, top failures, executive-briefing card.
Use when: You need a fleet-wide compliance snapshot right now.
$ safecadence policy briefing
Open →
📉 Drift
Cross-system drift detector (17 detectors) + per-policy drift over time.
Use when: Two systems disagree, or compliance moved.
$ safecadence policy drift-cross-system
Open →
🔍 Per-device diff
Side-by-side: declared policy vs running config for any single device.
Use when: A device is failing a policy — show me exactly what's wrong.
Open →
📑 Evidence pack (compliance)
One-click PDF/CSV evidence for SOC 2 / ISO27001 / NIST 800-53.
Use when: Auditor asked for a compliance snapshot.
$ safecadence evidence-pack --framework soc2
Open →
🩹 Remediation export
Generate the per-vendor commands that fix a finding (Ansible / Terraform / raw / Markdown / PowerShell).
Use when: You want to hand a fix to the existing automation team.
Open →
🔐 Identity Intelligence
🧠 Identity translator (NL → IR)
Plain English → unified policy IR → preview → apply across Cisco ISE, ClearPass, AD, Entra, Okta.
Use when: You want to express a single intent and have it enforced across all 5 identity systems.
$ safecadence identity translate "..."
Open →
🔎 Effective-permission lookup (who-can)
Compose ALL connected identity systems and answer "can principal X do action Y on resource Z right now?"
Use when: You're investigating an incident or a permission question.
$ safecadence identity who-can ssh prod-db --as alice@x
Open →
🚩 Identity findings
Stale NHIs, no-MFA tenants, over-privileged principals, orphan service accounts.
Use when: You want to proactively clean up identity hygiene.
Open →
🎯 Identity attack paths
Human → group → SA → role → asset chains, ranked by reach.
Use when: You need to find "Alice → BuildBot → AdminRole → crown-jewel" type chains.
Open →
✂️ Identity remediation
Given an attack path, generate the IR that severs it.
Use when: You found an attack path and want the fix.
Open →
⏱️ JIT access grants
Time-bounded access grants with auto-revoke.
Use when: Someone needs prod-db read access for "the next 4 hours".
$ safecadence identity jit grant ...
Open →
⚖️ Conflict resolution policy
Configurable precedence — "AD wins over Okta on prod" — applied when systems disagree.
Use when: ISE and AD declare different things; you need a rule.
Open →
📊 Identity evidence pack
JSON / CSV / PDF: who has what, MFA %, JIT log, attack paths — mapped to SOC 2 CC6, ISO 27001 A.9, NIST AC-2.
Use when: Auditor asked for identity evidence specifically.
Open →
⚙️ Secure Execution
🤖 Command builder (AI-assisted)
Natural language → per-vendor commands, RBAC + risk classified, dry-runnable.
Use when: You want to build a network change job without writing vendor-specific CLI from scratch.
$ safecadence execute build "..."
Open →
🛡️ Approvals queue
Risk-tiered approval flow with TOTP + audit row.
Use when: Job is built and waiting for sign-off.
Open →
📋 Execution queue
Active jobs by stage — review, approved, scheduled, running.
Use when: You want a snapshot of what's about to change.
Open →
⏮️ Rollback manager
Generated-at-approval-time rollback plans, one-click revert.
Use when: A job ran and you want to undo it.
Open →
📒 Audit & Reports
📜 Audit trail
Immutable log of every change — policy, identity, execution, JIT — with full context.
Use when: You need to prove what happened, by whom, when.
Open →
📧 Email digest
Daily / weekly summary of findings, JIT, drift, approvals.
Use when: You don't want to babysit the dashboard.
$ safecadence digest --weekly
Open →
🔁 Continuous
🌀 Daemon
Continuous re-evaluation: policies, drift, attack paths, JIT auto-revoke.
Use when: You want the dashboard to stay current without you running CLI.
$ safecadence daemon --interval 1800
(no UI)
📣 Webhooks (Slack / Teams / PagerDuty)
HMAC-signed alerts on new critical findings.
Use when: You want to know when prod compliance breaks.
Open →
⏰ Scheduled re-eval
Per-policy cadence — hourly, daily, weekly.
Use when: Different policies run on different schedules.
Open →
⚙️ Settings & Tenancy
🔐 RBAC (6 roles)
Viewer / Auditor / Operator / Engineer / Security Admin / Super Admin.
Use when: You're delegating access to teammates.
Open →
🔑 TOTP MFA
Per-job step-up auth on Tier-3 commits.
Use when: Compliance requires MFA on production changes.
Open →
📜 License manager
Free local-first, optional Enterprise / MSP modes.
Use when: You're moving from local install to MSP control plane.
Open →