Security Posture & Cyber Resilience Evidence
Aggregated, read-only view of InfiniBox security services, protection coverage and recovery readiness — for Security, Risk & Compliance teams
🛡 Role: SECURITY AUDITOR · READ ONLY
Overall Security Posture Attention Required
Composite score across all posture domains. Every status is explainable — click a domain to see exactly which configuration or dataset drives the risk.
78Posture Score
Identity & Access 2 Findings
MFA on, 2 stale local accounts
Encryption & FIPS Aligned
FIPS 140-3 enabled, TLS 1.2+
TLS / Cert Trust 1 Finding
LDAPS cert expires in 21 days
Audit & SIEM Aligned
Forwarding over TLS, NTP in sync
Protection Coverage 1 Finding
7 datasets without policy
Cyber Detection (ISCD) Aligned
87% scanned, last clean point 2h ago
Local accounts svc_backup_old and tmp_contractor have not logged in for >90 days and bypass the enterprise identity flow (Okta). Recommended action: disable via Security Operator role.
LDAPS certificate CN=ldap.acme.corp issued by ACME Enterprise Issuing CA 02 expires 2026-07-01 (21 days). Renew before expiry to avoid directory authentication outage.
7 datasets created in the last 14 days have no snapshot policy: KSorokin_vol2policy…, KSorokin_vol3policy…, dev_scratch_04, fs_team_x, vol_etl_stage, vol_tmp_qa, fs_logs_new.
Open Findings
View AllPrioritized, explainable gaps — each links to the exact object or setting.
- !2 datasets with stale recovery pointsLast immutable snapshot > 7 days · vol_finance_03, fs_hr_archive
- !LDAPS certificate expires in 21 daysCN=ldap.acme.corp · ACME Enterprise Issuing CA 02
- !2 inactive local accounts (>90 days)svc_backup_old, tmp_contractor — outside IdP flow
- !7 new datasets without protection policyCreated in last 14 days, no snapshot / immutability policy
- iSupport tunnel was open 2026-06-08 (43 min)Opened by infinidat-support, ticket #INF-88412 — closed, audited
Why this matters: a dataset may technically have a snapshot, but a recovery point older than the policy window does not meet cyber recovery requirements. Both datasets have a policy of 24h immutable snaps; last successful run failed on 2026-06-03.
Affects directory (LDAPS) authentication. Renew via enterprise CA; the management GUI/API cert is unaffected.
Local accounts bypass Okta MFA. Recommended: disable accounts (Security Operator permission) or convert to IdP-managed access.
New datasets are an unprotected-by-default risk. Recommend default protection policy on pool or automated policy assignment.
Identity & Access Posture
ViewAuthentication services and access-bypass risk indicators
| MFA | Enabled |
| Identity Provider | Okta (SAML 2.0) |
| SSO / SAML | Enabled |
| Secure LDAP (LDAPS) | Enabled port 636 |
| Local users (excl. Admin / Infinidat) | 5 |
| Local admin-role users | 2 |
| Inactive users (>90 days) | 2 ⚠ |
| Break-glass accounts | 1 (sealed, audited) |
| Failed logins (24h) | 3 / 0 lockouts |
| Last admin login | 2026-06-10 11:36 172.16.6.62 |
| Elevated-privilege groups | 2 (storage-admins, sec-admins) |
Local accounts: alev (admin), ksorokin (pool-admin), svc_backup_old (inactive 122d), tmp_contractor (inactive 97d), breakglass01 (sealed). Security Operator role may enable/disable accounts and reset local passwords; all other access on this page is read-only.
Platform Hardening & Encryption
ViewCryptographic mode, OS patch level and exposure indicators
| FIPS 140-3 mode | Enabled |
| Data-at-rest encryption (SED) | Enabled |
| InfuzeOS vulnerability / patch status | Up to date |
| Known CVEs unpatched | 0 critical / 0 high |
| Last security patch | 8.5.0.350 2026-05-18 |
| NFS exports with wildcards | 0 / 26 |
| Support tunnel | Closed last open 2026-06-08 |
| Weak / deprecated TLS ciphers | None detected |
| Minimum TLS version | TLS 1.2 (1.3 preferred) |
InfuzeOS 8.5.0.350 — all published security advisories applied. Last advisory review: 2026-06-01. Pending non-security maintenance release 8.5.1 available (optional).
All 26 NFS exports are restricted to explicit hosts/subnets. Wildcard (
*) client definitions are flagged here as an exposure risk when present.Audit Logging & SIEM
ViewEvidence is only useful if complete, trusted and time-aligned
| Audit logging | Enabled |
| External syslog | Configured 2 targets |
| SIEM destination | Splunk siem.acme.corp:6514 |
| Log forwarding transport | TLS 1.2 |
| Last successful forward | 2026-06-10 13:41 UTC |
| Failed forwarding (7 days) | 0 |
| NTP synchronization | Connected offset 4 ms |
| Security event retention | 365 days |
NTP: 2 of 2 sources reachable (ntp1.acme.corp, ntp2.acme.corp), stratum 2, max offset 4 ms. Status shows Degraded when a source is unreachable or drift exceeds threshold — degraded time undermines audit evidence integrity.
TLS & Certificate Trust Posture 1 Expiring Soon
View AllAll certificates presented by the system — status, issuer trust and time to expiry
| Interface | Status | Trust | Issuing CA | Subject / SAN | Expires | Days Left |
|---|---|---|---|---|---|---|
| Management GUI / API | Valid | Enterprise CA | ACME Enterprise Issuing CA 02 | ibox2811.acme.corp +2 SAN | 2027-03-14 | 277 |
| LDAPS trust chain | Expiring Soon | Enterprise CA | ACME Enterprise Issuing CA 02 | ldap.acme.corp | 2026-07-01 | 21 |
| SSO / SAML signing | Valid | IdP (Okta) | Okta CA | acme.okta.com | 2027-01-22 | 226 |
| Syslog / SIEM over TLS | Valid | Enterprise CA | ACME Enterprise Issuing CA 02 | siem.acme.corp | 2026-11-30 | 173 |
| Replication links (mTLS) | Valid | Enterprise CA | ACME Enterprise Issuing CA 02 | ibox2811-rep.acme.corp | 2027-02-09 | 244 |
ValidExpiring < 30 daysExpired / self-signed on external interface
Latest Security Events
ViewSecurity-relevant subset of the system event log
| i | USER_LOGIN_SUCCESS User 'alev@Infinidat' from IP 172.16.6.62 (MFA) | 13:36 |
| ! | USER_LOGIN_FAILED User 'ksorokin' — wrong password (1 of 3) | 12:58 |
| i | IMMUTABLE_SNAPSHOT_CREATED 'vol_erp_prod' — lock until 2026-07-10 | 12:00 |
| i | CERTIFICATE_EXPIRY_WARNING LDAPS chain — 21 days remaining | 09:00 |
| ✓ | ISCD_SCAN_CLEAN 42 datasets validated clean — recovery point 11:40 | 11:42 |
Snapshot & Immutable Snapshot Coverage
View GapsCoverage, policy compliance and freshness — does every dataset have a current, repeatable, immutable recovery point?
Volumes (129)Policy target: 95%
94% snapshot policy · 92% immutable
Immutable policy 119
Snapshot policy 121
No protection 8
Filesystems (26)Policy target: 95%
88% snapshot policy · 85% immutable
Immutable policy 22
Snapshot policy 23
No protection 3
12:00Last successful snap
1h / 24hSnap / immutable freq
30dImmutable retention
1Failed jobs (7d)
7New & unprotected
2Stale recovery points
Cyber Recovery Readiness Replication Healthy
ViewLocal, remote and third-copy immutable protection — is there a usable recovery copy, not just configured replication?
Immutable copy coverage (volumes + CGs + filesystems)
Local immutable 92%
Remote immutable (target-side) 74%
3rd copy — two independent IBOX targets 38%
| Replication health | 2 / 2 links active |
| Last successful replication | 2026-06-10 13:39 UTC |
| Replication lag / RPO exposure | max 38 s (RPO 60 s) |
| Protected locally but not remotely | 23 datasets ⚠ |
| Replicated to one target | 58 datasets |
| Replicated to two independent targets | 59 datasets |
| Recovery point age — target A (ibox2902) | 41 s |
| Recovery point age — target B (ibox3107) | 2 m 10 s |
23 datasets hold immutable snapshots locally but have no replica with target-side immutability. For ransomware scenarios, a remote immutable copy on an independent system materially improves recoverability.
ISCD — Cyber Detection Coverage Server Connected
ViewWhich protected datasets were actually scanned and validated as clean — and when. Connects immutable recovery points with clean-point validation.
155Eligible datasets
141Immutable-protected
135Scanned by ISCD
20Not scanned
131Clean
0Suspicious
4Scan failed
Scan coverage — datasets scanned vs. on system87%
Volumes 89%Filesystems 81%Consistency Groups 92%
Scan freshness: 96% scanned within last 24h
| Last scan completed | 2026-06-10 11:42 UTC |
| Last clean recovery point | 2026-06-10 11:40 UTC |
| Failed scans (24h) | 4 datasets ⚠ |
| ISCD server | iscd01.acme.corp v2.3 · latency 12 ms |
Scan failures on vol_etl_stage, vol_tmp_qa, fs_logs_new, dev_scratch_04 — datasets mounted mid-scan. Auto-retry scheduled 14:00 UTC. A failed scan means no validated clean point for these datasets in the current window.
Security Roles & Separation of Duties
ViewWho can see vs. who can act — all actions fully audited
| Role | Scope | Members |
|---|---|---|
| Security Auditor | Read-only: posture dashboard, status, exportable evidence reports | 3 |
| Security Operator | Auditor + enable/disable local users, reset local passwords | 1 |
| Storage Admin | Storage operations; local credential management moved to Security Operator | 4 |
A user requiring both storage operations and local credential management must be a member of both security and storage admin groups — preserving 8.x-equivalent permissions while keeping duties separable and auditable.