Home/ Toolkit Overview

How It Fits Together

Five Tools. One Operational Workflow.

From asset discovery through audit execution, controlled remediation with rollback, and tamper-evident evidence packaging, the five products in this suite cover the full security operations and compliance lifecycle. Each tool is purpose-built and self-hostable. Together they form a complete platform that deploys in your environment without external cloud dependencies.

Audit Admin Toolkit v6.4.8 Linux Security Lite v1.1.4 CMDB API v0.2.11 Asset Command Center v1.1.0 Secure Exposure Centre v0.1.2

Toolkit Structure

Main toolkit, sub-tools, and agent layers

The Audit Admin Toolkit is the core platform, with distinct sub-tools and agent models that support different deployment patterns across five products.

Layer What it includes Why it matters
Core platform Web application, central workflow engine, and REST API (390+ endpoints) Single control plane for findings, evidence, scheduling, and reporting
Audit script libraries Linux scripts, Windows PowerShell scripts, and hypervisor audit scripts Covers server, endpoint, and virtualisation audit scenarios in one platform
Agent execution layer Standalone Agent, Fleet Agent, Hypervisor agent, plus Fleet Agent coordinator service Supports single-host, fleet-scale, and hypervisor-native collection modes
Extension and companion tools Linux Security Lite, CMDB API Data Collection Tool, Asset Command Center, Secure Exposure Centre Adds deeper Linux controls, ingestion/normalization, and asset governance context
Remediation and evidence SuperAdmin-gated direct host remediation over SSH and WinRM. Secondary auth token required. Atomic rollback by execution ID. SHA-256 signed evidence packages with MANIFEST.json for auditor delivery. Controlled change execution with full audit trail, rollback safety, and tamper-evident compliance evidence output.
Naming note: older references to Managed Agent and Lightweight Agent map to Fleet Agent and Standalone Agent in current docs.

Tool Map

What each tool does

Each product is purpose-built, but designed to interoperate in one governance and operations model.

📡

CMDB API Data Collection Tool

Ingestion and normalization layer

  • 29+ connectors: VMware, Azure, AWS, Nutanix, HAProxy, and network integrations.
  • Agents for Windows (.NET 8), Linux (Go), macOS, BSD, and containers.
  • Dual-mode operation: standalone CMDB or integrated feeder to core platform.
  • Canonical payload contract (schema_version 2026.05.1) for normalized asset and vulnerability records.
  • Dead-letter queue with retry and backoff for reliable delivery.
View CMDB API Tool
🔍

Audit Admin Toolkit

Audit operations and evidence layer

  • 1,019 audit scripts across Linux (500), Windows (503), and hypervisors (16).
  • 712 fix scripts: Linux (348 runnable), Windows (353), and hypervisors (11).
  • Integrated asset discovery with CVE and KEV correlation per asset.
  • SuperAdmin-gated remediation with secondary auth, dry-run preview, execution history, and rollback by execution ID.
  • Seven SIEM integrations and ticketing integrations for operational workflows.
  • SHA-256 signed auditor-ready evidence packages.
View Audit Admin Toolkit
🐧

Linux Security Lite

Linux control depth extension

  • 500 Linux audit scripts across 11 domains: platform (140), apps (67), cloud (57), security (56), network (44), data (36), advanced-controls (24), automation (22), storage (23), web (25), Alpine (6).
  • Versioned control catalog with stable ID lock and CI guard enforcement.
  • Control plane contract v1 for result ingest and export operations.
  • Idempotent outbound queue with dead-letter and replay support.
  • SIEM webhook push and GitHub issue creation from audit findings.
  • RHEL, Debian, Ubuntu, SLES, Alpine, Arch, and openSUSE support.
View Linux Security Lite
🏗

Asset Command Center

Asset intelligence and enrichment layer

  • Auto-discovery across hypervisor and cloud environments.
  • CVE and KEV vulnerability context per asset.
  • Offline MSI for air-gapped and restricted environment deployment.
  • CMDB-aligned data normalization and enrichment.
  • Windows and Linux agent-based collection.
View Asset Command Center
🔄

Secure Exposure Centre

Network switch exposure operations layer

  • Cisco IOS-XE/NX-OS, Juniper JunOS, Arista EOS, Aruba AOS-CX, and Dell OS10 live API-backed collection.
  • SAN connector scaffolding for Brocade and Cisco MDS.
  • CVSS, KEV, and remediation state per device and firmware version.
  • Advisory automation with external scheduler model.
  • Customer-provided vendor feed credentials for gated advisory access.
View Secure Exposure Centre

Use-Case Matrix

Which tool to use for what

Primary indicates the main owning tool. Supporting indicates where companion tooling adds value.

Use Case Primary Tool Supporting Tool(s) Typical Output
Infrastructure data intake and connector polling CMDB API Data Collection Tool Asset Command Center Normalized inventory + vulnerability-linked records
Audit finding lifecycle and remediation tracking Audit Admin Toolkit Linux Security Lite Findings queue, evidence reports, closure records
Direct host remediation with atomic rollback Audit Admin Toolkit SuperAdmin remediation APIs Execution history, rollback records, change evidence
Asset discovery with CVE and KEV correlation Audit Admin Toolkit (native asset discovery) CMDB API Data Collection Tool Normalized asset records with CVE and KEV risk context
Linux hardening and compliance control verification Linux Security Lite Audit Admin Toolkit Control-level pass/fail evidence and reports
Asset governance and command-center views Asset Command Center CMDB API Data Collection Tool Asset context dashboards and enrichment state
Compliance evidence packaging for review Audit Admin Toolkit Linux Security Lite, CMDB API Data Collection Tool Evidence exports for internal/external assurance
Switch firmware advisory and network exposure tracking Secure Exposure Centre CMDB API Data Collection Tool, Asset Command Center Switch-centered exposure reports with CVE and advisory context

Operational Flow

How they fit in one lifecycle

The tools are designed as an operational chain, not isolated silos.

1. Discover and collect

CMDB API and asset discovery gather host, software, and network inventory. CVE and KEV context are applied per asset.

2. Enrich and contextualize

Asset Command Center layers governance context, ownership, and lifecycle visibility. Secure Exposure Centre adds network infrastructure posture.

3. Audit and validate

Audit Admin Toolkit runs audit workflows and Linux Security Lite adds deeper Linux control verification.

4. Remediate

SuperAdmin-gated direct host remediation over SSH and WinRM with secondary auth and dry-run preview before every execution.

5. Validate and roll back

Post-remediation validation with automatic or manual rollback by execution ID when outcomes are not compliant.

6. Evidence and improve

SHA-256 signed evidence packages, SIEM export, trend analysis, and compliance trajectory reporting for continual improvement.

Start Paths

Start by role

Quick entry points for teams that need an immediate operating path.

Security Operations

  • Start with Audit Admin Toolkit for findings and evidence workflows.
  • Add Linux Security Lite for deeper Linux control verification.

IT Operations / CMDB Teams

  • Start with CMDB API Data Collection Tool for connector-based intake.
  • Add Asset Command Center for enriched command-center operations.

Governance / Compliance

  • Use Audit Admin Toolkit as the evidence and reporting control point.
  • Pull supporting control outputs from Linux Security Lite and CMDB data sources.

Network Security Operations

  • Start with Secure Exposure Centre for switch-focused advisory and CVE workflows.
  • Integrate with CMDB API Data Collection Tool and Asset Command Center for broader estate context.

Deployment Models

How to deploy by operating pattern

Mode Description Best for
Single-host (Standalone Agent) Core platform plus Standalone Agent on one machine. Local dashboard, local findings, and no coordinator required. Small environments, evaluation, developer workstations
Fleet (Fleet Agent + Coordinator) Fleet Agent deployed to target hosts with a coordinator service for centralized collection and reporting. Multi-server environments and recurring scheduled audits
Hypervisor-native Hypervisor agent for ESXi, KVM, Nutanix, Proxmox, and Xen with audit scripts run against hypervisor layers directly. Virtualization estate audit and compliance
Air-gapped / offline Offline MSI installers with no outbound internet requirement and agent deployment without external connectivity. Financial services, healthcare, government, and defense supply chain
CI/CD integration Linux Security Lite with AUDIT_SKIP_LICENSE_CHECK for pipeline use, stable control IDs, and JSON/CSV outputs with GitHub issue creation. DevSecOps, developer workstations, and pipeline gates

Need help designing your rollout path?

Tell us your environment goals and we will map the right starting sequence across the four tools.

Contact Us Browse Documentation