Console

The LinuxGuard console is organized into five pillars: Dashboard, Identity Intelligence, Zero Trust Enforcement, Compliance & Audit, and Infrastructure. Each pillar groups related security functions into a coherent workspace. Pillars with module assignments — Identity Intelligence, Zero Trust Enforcement, and Compliance & Audit — are only visible to tenants with the corresponding module license; tenants without an entitled module see an upgrade prompt in place of that pillar's content. Settings, accessible below the pillar navigation, provides API key management, alert routing, and behavioral analytics configuration.

Dashboard

The Dashboard provides an identity-centric view of fleet security posture. It surfaces the highest-risk identities, critical findings from across all pillars, and module-gated security metrics for tenants with Professional or Enterprise licenses. The identity risk score — not a server posture score — is the primary metric on this page, supplemented by summary cards for privilege escalation exposure and SSH key risk.

Identity Intelligence

Identity Intelligence aggregates identity data across every enrolled server into unified cross-server profiles. Each identity — human, service account, or non-human — receives a risk score derived from privilege scope, behavioral baselines, SSH key exposure, and access pattern anomalies. The pillar covers five areas: Identity Overview, Accounts, Groups, Non-Human Identities, SSH Keys, and Access Patterns.

Zero Trust Enforcement

Zero Trust Enforcement provides security signals and configuration drift events with full identity context and MITRE ATT&CK mapping. It covers the full enforcement surface: real-time signals with attribution to original login users, SUDO policy analysis for privilege scope, configuration drift detection with the identity responsible for each change, file monitoring for writes to security-critical paths, SELinux policy status, and a unified Findings view across all signal sources.

Compliance & Audit

Compliance & Audit tracks pass/fail status against enabled security frameworks, maintains a searchable audit log trail, and provides findings suppression and report export capabilities. Framework scores reflect the current state of enrolled servers against each framework's control requirements, updated continuously as agent telemetry arrives.

Infrastructure

Infrastructure provides fleet server inventory with operational health indicators, efficiency recommendations, and baseline configuration management. Storage recommendations and CPU/memory rightsizing surfaces underutilized resources across the fleet. Baselines capture a server's known-good configuration state, enabling drift detection when that state changes.

Related: Dashboard | Identity Intelligence | Zero Trust Enforcement | Compliance & Audit | Infrastructure | Security Architecture