> For the complete documentation index, see [llms.txt](https://docs.linuxguard.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.linuxguard.io/concepts.md).

# Concepts

- [Concepts](https://docs.linuxguard.io/concepts/concepts.md): Conceptual scaffolding for LinuxGuard — security architecture, active response, alerting, and the console pillars.
- [Security Architecture](https://docs.linuxguard.io/concepts/concepts/security-architecture.md): LinuxGuard's zero-trust, least-privilege security architecture — privilege model, eBPF monitoring, and runtime protections.
- [Active Response](https://docs.linuxguard.io/concepts/concepts/active-response.md): How LinuxGuard's active-response model executes automated containment actions with triple opt-in safety and audited rollback.
- [Alerting & SIEM Integration](https://docs.linuxguard.io/concepts/concepts/alerting.md): How LinuxGuard routes security signals to webhook, syslog, and Splunk HEC delivery channels via notification rules.
- [Console](https://docs.linuxguard.io/concepts/concepts/console.md): Overview of the LinuxGuard console — the v3.0 five pillars plus v4.0 expanded pillars (Baselines, Efficiency, Audit, Integrations, Posture, Notifications).
- [Dashboard](https://docs.linuxguard.io/concepts/concepts/console/dashboard.md): The LinuxGuard console Dashboard — identity risk score, fleet posture, top identity risks, and findings feed.
- [Identity Intelligence](https://docs.linuxguard.io/concepts/concepts/console/identity-intelligence.md): Identity Intelligence pillar in the LinuxGuard console — cross-server identity profiles, risk scoring, SSH keys, and access patterns.
- [Zero Trust Enforcement](https://docs.linuxguard.io/concepts/concepts/console/zero-trust-enforcement.md): Zero Trust Enforcement pillar in the LinuxGuard console — signals with MITRE mapping, config drift, SUDO policy, and findings.
- [Compliance & Audit](https://docs.linuxguard.io/concepts/concepts/console/compliance-audit.md): Compliance & Audit pillar in the LinuxGuard console — framework scores, history, suppressions, and audit log export.
- [Infrastructure](https://docs.linuxguard.io/concepts/concepts/console/infrastructure.md): Infrastructure pillar in the LinuxGuard console — fleet inventory, efficiency and rightsizing analysis, and baseline configuration.
- [What Changed](https://docs.linuxguard.io/concepts/concepts/console/whats-changed.md): What Changed in the LinuxGuard console — mapping from the old flat section list to the 5-pillar model.
- [Baselines](https://docs.linuxguard.io/concepts/concepts/console/baselines.md): Baselines pillar in the LinuxGuard console — known-good snapshots of accounts, groups, SSH, and SUDO configuration with drift detection.
- [Efficiency](https://docs.linuxguard.io/concepts/concepts/console/efficiency.md): Efficiency pillar in the LinuxGuard console — rightsizing, storage, network IO, JVM, waste assessment, labor savings, and reports.
- [Audit](https://docs.linuxguard.io/concepts/concepts/console/audit.md): Audit pillar in the LinuxGuard console — authorizations audit and SUDO execution audit for privileged-action reconciliation.
- [Compliance Expansion](https://docs.linuxguard.io/concepts/concepts/console/compliance-expansion.md): Compliance Expansion pillar — frameworks browser, evidence collection, compliance history, reports, suppressions, and evidence location reference.
- [Integrations](https://docs.linuxguard.io/concepts/concepts/console/integrations.md): Integrations pillar — JIRA, Microsoft Teams, Slack, Syslog, SIEM, generic webhooks, and delivery tracking from the LinuxGuard console.
- [Zero Trust Expansion](https://docs.linuxguard.io/concepts/concepts/console/zero-trust-expansion.md): Zero Trust Expansion pillar — policies, findings, playbooks, active responses history, SUDO policies and executions, SELinux, and policy violations.
- [Posture](https://docs.linuxguard.io/concepts/concepts/console/posture.md): Posture pillar — Compliance Posture, Configuration Posture, Health Posture and the rationale for consolidation under one navigation label.
- [Notifications](https://docs.linuxguard.io/concepts/concepts/console/notifications.md): Notifications pillar — notification rules, suppressions, and rule edit/new flows in the LinuxGuard console.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.linuxguard.io/concepts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.