Compliance Hub
Compliance Hub is where the security and compliance surface of HostAtlas lives. It’s not a single dashboard — it’s a section in the sidebar (Security & Compliance) that groups the pages that matter when an auditor asks for evidence.
What lives here
Section titled “What lives here”- Vulnerabilities — the fleet-wide CVE dashboard with KEV highlighting, top-10 CVEs and worst-affected hosts.
- Security Scanner — the per-server posture view (packages, updates, CVE counts).
- Policy Engine — fleet-wide rules that continuously check for drift.
- Policy Violations — the flat “what’s failing now” view over every policy.
- SSH Gatekeeper — just-in-time SSH access with approvals and session recording.
- SIEM Forwarding — send HostAtlas events to Splunk / Sentinel / Elastic / QRadar.
- Audit Log — who did what, when, from where.
- Personal-data controls at /compliance — active sessions, login history, GDPR data export, account deletion.
The personal-data page (/compliance)
Section titled “The personal-data page (/compliance)”This page is your GDPR / data-subject controls, per logged-in user. Three tabs:
- Sessions — every device with an active login for your account, with IP, user agent, last activity. Terminate kicks a device out; Terminate all others kills every session except the current one (password confirmation required).
- Login History — the last 50 login / failed / logout events with IP and user agent.
- Data Export — download a JSON file containing your profile, servers, domains, incidents, events (last 500) and audit-log entries (last 500). This is GDPR Article 20 (Right to Data Portability).
Your account and tenant can also be deleted from your profile page (/profile). Deleting the last user in a tenant cascades to every resource.
Framework coverage (informal)
Section titled “Framework coverage (informal)”HostAtlas doesn’t ship a formal SOC 2 / ISO 27001 / GDPR framework mapping in-app — the compliance features it does ship map naturally to the controls those frameworks require:
- Access control — Roles, SSH Gatekeeper approvals, session termination.
- Audit logging — Central audit log for every write action, retained for the life of the tenant.
- Vulnerability management — CVE scanning, KEV tagging, per-host fix path.
- Data protection — Encryption in transit; offsite backups client-side encrypted; GDPR data export & deletion.
- Change management — Recipes, audit log entries for every recipe run and policy change.
- Incident response — Incidents with MTTR tracking, AI post-attack analysis, forensic replay.
- Log management — Central log tail, SIEM forwarding to your existing pipeline.