Policy Engine
Rules you define.
Evaluated continuously.
Define compliance rules like "production servers must have SSH Gatekeeper enabled" or "no MySQL port open to the world." HostAtlas evaluates every active policy against your fleet every 5 minutes — passing becomes proof, failing becomes a tracked violation with audit trail.
9
Built-in rules
5 min
Evaluation interval
5
Severity levels
Auto
Violation resolve
How it works
Define once. Enforce always.
Pick a rule, set parameters, target a group of servers (via tags or hostname patterns). HostAtlas takes it from there.
01 — Pick
Choose a rule
9 built-in rules across security, performance, reliability, and compliance. Categorized picker in the wizard.
02 — Target
Filter servers
Tag selectors like env:prod, hostname globs like web-*, or apply to the entire fleet.
03 — Evaluate
Every 5 minutes
Server-side scheduler runs each active policy against its target servers. Pass/fail/error recorded with details.
04 — React
Automatic violations
Failures become tracked violations with first/last-seen timestamps. Auto-resolve when the next pass comes in.
Rule catalog
Nine rules. Covers most real-world compliance asks.
Extensible via the RuleRegistry pattern — custom rules can be added by your team or on request.
SSH not on port 22
Defense-in-depth against automated scanners. Server must not allow SSH on the default port.
Port not open to 0.0.0.0/0
A specific port (configurable) must not be reachable from the public internet. Catches accidental MySQL-exposed or Redis-exposed servers.
Fail2Ban active
Server must have Fail2Ban installed and at least one jail enabled.
SSH Gatekeeper enabled
Server must have SSH Gatekeeper active with CA installed. No long-lived SSH keys on production.
Backup recent
At least one successful database backup within the configured window (default 24 hours).
No SSL cert expiring soon
No attached SSL certificate expires within N days (configurable, default 14).
Disk usage below threshold
No disk on the server exceeds the configured utilization percentage (default 85%).
No unwhitelisted AI
No unwhitelisted AI components detected on this server (integrates with AI Shadow Detection).
Agent feature supported
Server agent must support a specific feature (version gate check). Useful for ensuring fleet-wide agent updates.
Custom rules on request for Enterprise customers. Patterns like "container running > version X", "memory under Y%", or "user-defined scripts return exit 0" can be added.
Violations
Durable audit trail, not just alerts.
Every failure creates a violation record with first-seen and last-seen timestamps. When the next evaluation passes, the violation auto-resolves — and the full duration is preserved. "Port 3306 was open to the world for 47 hours" is something your auditor can read off the screen.
- schedule First-seen, last-seen, resolved-at — durable proof of state over time
- person Acknowledgement workflow with note + user attribution
- filter_list Filter by open / resolved / severity / policy / server
- check Auto-resolve on next passing evaluation
Integration
Already wired into your stack.
Policy Engine doesn't live in its own silo. Violations emit structured events that flow automatically through the rest of HostAtlas — no extra configuration needed.
- share Fire
policy.violation.new/policy.violation.resolvedevents - forward_to_inbox Routes through SIEM forwarders (Splunk / Datadog / Sentinel / Elastic)
- notifications Notification channels: Slack, PagerDuty, email — same as regular alerts
- history Server timeline shows violations alongside other events
Get started
Your compliance baseline, enforced continuously.
Define your first policy in under two minutes. Pick 'SSH Gatekeeper enabled' or 'No unwhitelisted AI,' target your prod servers, save. Five minutes later, you'll see exactly which servers pass and which don't — with full detail on why. Violations stream to your SIEM automatically, alert your team on new findings, and resolve themselves the moment you fix the underlying issue.