TITAN AI — Command Center

4,473

Total Findings

173

Critical Open

81.0%

SLA Compliance

63.6%

Fix Rate

14.8h

MTTR Critical

33/33

Agents Active

Findings by Severity — Last 30 Days

SLA Compliance by Priority

P1 (<4h) · P2 (<24h) · P3 (<7d) · P4 (<30d)

Change Tracker

Fix Velocity (Mean Time to Remediate)

Compliance Scorecard

NIST 800-53

64%

PCI-DSS 4.0

66%

HIPAA

62%

SOC 2

63%

HITRUST

62%

ISO 27001

65%

FedRAMP

67%

CMMC

67%

Agent Performance (33/33 Active)

Agent	Findings	Fixed	Accuracy	Status
scout	488	297	1.0	healthy
comply	360	230	1.0	healthy
sentinel	265	159	1.0	healthy
hipaa	223	139	1.0	healthy
secure_code	217	144	1.0	healthy
bastion	211	147	1.0	healthy
ai_guard	173	111	1.0	healthy
oracle_portal_pack	161	91	1.0	healthy
phi	158	100	1.0	healthy
audit	153	92	1.0	healthy
fedramp_cmmc	150	101	1.0	healthy
databricks_lattice	149	85	1.0	healthy
aml	147	89	1.0	healthy
fraud	144	95	1.0	healthy
watch	124	80	1.0	healthy
baa	120	73	1.0	healthy
predict	120	79	1.0	healthy
datafactory_flux	116	76	1.0	healthy
phoenix	115	83	1.0	healthy
telco	114	76	1.0	healthy
shadow	112	73	1.0	healthy
forge	111	75	1.0	healthy
conduit	103	66	1.0	healthy
pulse	102	72	1.0	healthy
kyc	99	56	1.0	healthy
snowflake_lattice	89	61	1.0	healthy
voice	67	44	1.0	healthy
conductor	44	27	1.0	healthy
recon	142	142	1.0	healthy
command_center	138	138	1.0	healthy

Top Critical / High Findings

crit

Public-facing API with no authentication

scout

crit

Privileged service account with excessive permissions

comply

crit

Public-facing API with no authentication

comply

crit

Exposed secrets in environment variables

fedramp_cmmc

crit

SQL database with no encryption at rest

pulse

crit

Unencrypted storage account with public access enabled

phi

crit

Database backup stored without encryption

sentinel

crit

Database backup stored without encryption

scout

crit

Exposed secrets in environment variables

hipaa

crit

Root account without MFA in production environment

scout

Executive Brief (AI-Generated)

Loading live scan data...

Recent Activity

5m ago

Container registry with admin user enabled

comply

17m ago

Key Vault soft-delete not enabled

voice

19m ago

Unencrypted storage account with public access enabled

shadow

22m ago

Advisory: TLS version should be upgraded to 1.3

predict

41m ago

Non-critical resource without availability zone

pulse

49m ago

Resource lock not applied to production resources

aml

57m ago

Cost optimization: oversized VM instance

phi

1h ago

Disk encryption not enabled on VM OS disk

audit

1h ago

Advisory: TLS version should be upgraded to 1.3

ai_guard

1h ago

Resource naming convention deviation detected

sentinel

1h ago

Disk encryption not enabled on VM OS disk

telco

1h ago

Resource lock not applied to production resources

scout

1h ago

Backup policy not configured for database

baa

1h ago

Cross-subscription network peering unmonitored

sentinel

2h ago

Idle load balancer with no backend targets

oracle_portal_pack

SLA Breach Details — Root Cause Analysis

Finding	Severity	SLA Target	Actual	Reason Not Implemented	Agent
Privileged service account with excessive permissions	crit	24h	696.9h	No assignee — unowned finding	comply
Public-facing API with no authentication	crit	24h	700.7h	No assignee — unowned finding	scout
Public-facing API with no authentication	crit	24h	684.2h	No assignee — unowned finding	comply
Exposed secrets in environment variables	crit	24h	659.7h	No assignee — unowned finding	fedramp_cmmc
SQL database with no encryption at rest	crit	24h	655.0h	No assignee — unowned finding	pulse
Unencrypted storage account with public access enabled	crit	24h	648.0h	No assignee — unowned finding	phi
Database backup stored without encryption	crit	24h	616.7h	No assignee — unowned finding	sentinel
Root account without MFA in production environment	crit	24h	586.0h	No assignee — unowned finding	scout
Exposed secrets in environment variables	crit	24h	587.3h	No assignee — unowned finding	hipaa
Database backup stored without encryption	crit	24h	589.9h	No assignee — unowned finding	scout

142

Config Files

Recent Changes

Drift Detected

97%

Compliance

Environments

Policies Active

Configuration Files Detected Across Environments

File	Type	Environment	Location	Last Modified	Status
main.tf	Terraform	PROD	/infra/terraform/prod/	2026-05-10 14:22	synced
variables.tf	Terraform	PROD	/infra/terraform/prod/	2026-05-10 14:22	synced
main.tf	Terraform	DEV	/infra/terraform/dev/	2026-05-10 11:45	drift
deployment.yaml	Kubernetes	PROD	/k8s/prod/deployments/	2026-05-10 09:30	synced
nsg-rules.json	ARM Template	PROD	/arm/network/	2026-05-09 16:18	synced
appsettings.json	App Config	QA	/src/config/	2026-05-10 08:12	synced
helm-values.yaml	Helm	DEV	/charts/titan-api/	2026-05-10 13:55	drift
policy.json	Azure Policy	PROD	/governance/policies/	2026-05-08 10:00	synced
web.config	IIS Config	UAT	/iis/sites/api/	2026-05-10 07:44	changed
firewall.rules	Network	TEST	/network/fw/	2026-05-10 06:30	synced

Recent Configuration Changes

22m ago

NSG rule modified — inbound port 443 opened to 0.0.0.0/0

PROD

1h ago

Terraform state drift detected — VM SKU mismatch

DEV

2h ago

Kubernetes deployment scaled from 3 to 5 replicas

PROD

3h ago

Helm values changed — image tag updated to v2.4.1

DEV

4h ago

Azure Policy assignment updated — require HTTPS enforced

PROD

5h ago

web.config modified — custom error pages disabled

UAT

6h ago

Storage account firewall rules tightened — VNet only

Configuration Drift by Environment

PROD

98%

DEV

87%

95%

UAT

82%

TEST

100%

Active Incidents

Open Changes

94.2%

SLA Compliance

2.1h

MTTR P1

142

Resolved MTD

87%

LLM Confidence

96%

Change Success

CAB Pending

Incident Management

Change Management

Root Cause Analysis

Compliance Audit Trail

NIST SP 800-61r2 LIFECYCLE · ITIL v4 INCIDENT MANAGEMENT · AUTO-DETECTED · LIVE

INC-1042 Public-facing API with no authentication detected P1 CRITICAL PROD

DETECT

TRIAGE

INVESTIGATE

CONTAIN

ERADICATE

RECOVER

POST-REVIEW

Detection MethodTITAN Scout Agent — automated API endpoint scan (continuous)

Affected Resourceapp-gateway-prod-01 / /api/v2/patients (FHIR endpoint)

Impact Scope12,400 API calls/hr exposed · PHI data accessible · 3 downstream services

SLA Deadline1h 46m remaining (P1: 4h response / 8h resolution per ITIL)

ROOT CAUSE ANALYSIS

API Management policy removed during last deployment (CHG-0847). OAuth 2.0 validation policy was not included in ARM template v2.3. Deployment pipeline bypassed policy validation gate due to emergency change approval.

REMEDIATION APPLIED

1. Immediate: WAF rule deployed to block unauthenticated /api/v2/* requests (TITAN Forge auto-fix)
2. Permanent: OAuth2 policy restored in API Management instance via ARM template hotfix
3. Preventive: Pipeline gate added — API policy diff check required before deployment approval

LLM SELF-LEARNING INSIGHT

Pattern matched: 3 similar incidents (INC-0891, INC-0734, INC-0612) where deployment pipelines stripped API policies. Model now assigns 94% probability to deployment-caused API exposure. Recommended: pre-deployment API policy snapshot comparison added to TITAN Forge auto-fix library. Confidence: 94%.

NIST 800-53 AC-3 HIPAA 164.312(d) PCI DSS 6.5.10 SOC 2 CC6.1 ISO 27001 A.9.4

INC-1041 Exposed secrets in environment variables — production Key Vault bypass P1 CRITICAL PROD

DETECT

TRIAGE

INVESTIGATE

CONTAIN

ERADICATE

RECOVER

POST-REVIEW

Detection MethodTITAN Shadow Agent — secret exposure scan (real-time)

Affected Resourceapp-svc-prod-api / 4 connection strings + 2 API keys in App Settings

Impact ScopeDatabase credentials exposed in plaintext · lateral movement risk to 6 services

ROOT CAUSE ANALYSIS

Developer hardcoded connection strings during local debugging (commit a3f8e21). Code review missed plaintext secrets. CI/CD secret scanning was disabled for hotfix branch. Key Vault reference URIs were replaced with raw values.

REMEDIATION IN PROGRESS

1. Immediate: All 6 exposed credentials rotated via TITAN Forge auto-rotation
2. Containment: App Settings replaced with Key Vault references (@Microsoft.KeyVault(SecretUri=...))
3. Preventive: Pre-commit hook for secret detection enabled repo-wide · CI secret scan mandatory on all branches

LLM SELF-LEARNING INSIGHT

Historical correlation: 78% of secret exposure incidents originate from hotfix branches with relaxed CI gates. Model recommends: no CI gate bypass for security scans regardless of change urgency. Added to TITAN policy engine rule set. Confidence: 91%.

NIST 800-53 IA-5 PCI DSS 3.4 SOC 2 CC6.6 HIPAA 164.312(a)(1)

INC-1040 SQL database with no encryption at rest — TDE disabled P2 HIGH PROD

DETECT

TRIAGE

INVESTIGATE

CONTAIN

ERADICATE

RECOVER

POST-REVIEW

Detection MethodTITAN Sentinel Agent — encryption compliance scan

Affected Resourcesql-prod-analytics-01 / AnalyticsDB (142 GB, 2.4M patient records)

ROOT CAUSE ANALYSIS (5-WHY)

Why 1: TDE was disabled → Why 2: Database was migrated from on-prem with TDE off → Why 3: Migration runbook did not include TDE verification step → Why 4: Runbook authored before encryption mandate → Why 5: No automated post-migration compliance check existed. Root: Missing compliance gate in migration pipeline.

REMEDIATION APPLIED

1. TDE enabled with service-managed key (TITAN Forge auto-fix applied in 4m 12s)
2. Backup re-encrypted with customer-managed key in Key Vault
3. Migration runbook updated with mandatory encryption verification step
4. TITAN Sentinel rule added: block database creation without TDE flag

LLM SELF-LEARNING INSIGHT

Model detected 12 databases across 3 environments migrated in same window. Proactive scan found 2 additional databases with TDE disabled. All remediated preemptively. Learning: migration-era databases now flagged for encryption audit on detection. Confidence: 97%.

HIPAA 164.312(a)(2)(iv) PCI DSS 3.4.1 NIST 800-53 SC-28 FedRAMP SC-28

INC-1039 NSG allows unrestricted SSH (port 22) from 0.0.0.0/0 P2 HIGH DEV

DETECT

TRIAGE

INVESTIGATE

CONTAIN

ERADICATE

RECOVER

POST-REVIEW

Detection MethodTITAN Bastion Agent — network exposure scan (15-min interval)

Affected Resourcensg-dev-web-01 / Rule: AllowSSH priority 100 (source: Any)

ROOT CAUSE ANALYSIS

Developer added permissive NSG rule for remote debugging via Azure Portal (no IaC tracking). No expiration or justification tag. NSG change alert was suppressed during maintenance window.

REMEDIATION COMPLETE

1. NSG rule replaced: source restricted to VPN CIDR 10.0.0.0/8 only (TITAN Forge auto-fix)
2. Azure Policy deployed: deny NSG rules with source 0.0.0.0/0 on ports 22,3389
3. JIT VM Access enabled as approved alternative for developer SSH needs

NIST 800-53 SC-7 PCI DSS 1.3.1 ISO 27001 A.13.1 SOC 2 CC6.6

MTTR by Priority (ITIL SLA)

P1 Critical

2.1h

P2 High

5.8h

P3 Medium

16.4h

P4 Low

42.1h

ITIL v4: P1 ≤ 4h · P2 ≤ 8h · P3 ≤ 24h · P4 ≤ 72h

Incident Trend (30 Days)

Today

7 active · 3 resolved

Yesterday

5 active · 8 resolved

-3

May 8

4 active · 11 resolved

-7

May 7

8 active · 6 resolved

May 6

3 active · 14 resolved

-11

142 total incidents this month · 93.7% resolved within SLA

ITIL v4 CHANGE ENABLEMENT · CAB APPROVAL WORKFLOW · RISK ASSESSMENT · LIVE

CHG-0851 Enable TDE on all production SQL databases EMERGENCY PROD

Change TypeEmergency (bypasses standard CAB — ECAB approved)

Related IncidentINC-1040 — SQL database with no encryption at rest

Implementation2026-05-10 14:22 UTC — TITAN Forge auto-applied TDE via ARM

Downtime RequiredNone — TDE enable is online operation

ECAB Chair: APPROVED

Security Lead: APPROVED

DBA Lead: APPROVED

CISO: APPROVED

Impact: LOW
Online operation

Probability: LOW
Well-tested procedure

Overall Risk: LOW
Standard Azure TDE

ROLLBACK PLAN

1. Disable TDE on affected databases via ALTER DATABASE SET ENCRYPTION OFF
2. Restore from pre-change backup (taken 14:20 UTC)
3. Verify application connectivity and data integrity
4. Notify stakeholders via INC-1040 thread

POST-IMPLEMENTATION REVIEW

TDE enabled successfully on 3 databases (AnalyticsDB, PatientDB, AuditDB). Zero downtime. Encryption verified via sys.dm_database_encryption_keys. Backup encryption confirmed. Change closed successfully.

ITIL v4 Change Enablement HIPAA 164.312(a)(2)(iv) PCI DSS 6.4.5 SOC 2 CC8.1

CHG-0850 Deploy WAF rule to block unauthenticated API requests EMERGENCY PROD

Change TypeEmergency — active P1 incident INC-1042

Implementation2026-05-10 12:08 UTC — WAF custom rule deployed via TITAN Forge

ECAB: APPROVED

Security: APPROVED

App Owner: APPROVED

Impact: MED
May block legit calls

Probability: LOW
Rule is specific

Overall Risk: LOW
Targeted WAF rule

ITIL v4 Emergency Change NIST 800-53 SI-4

CHG-0849 Rotate all exposed credentials and enable Key Vault references NORMAL PROD

Change TypeNormal — standard CAB review required

Related IncidentINC-1041 — Exposed secrets in environment variables

Window2026-05-10 18:00-20:00 UTC (maintenance window)

Change Manager: APPROVED

Security Lead: APPROVED

CAB Review: PENDING (scheduled 16:00 UTC)

Implementation: AWAITING

ROLLBACK PLAN

1. Revert App Settings to pre-change snapshot (ARM template v2.2)
2. Restore original connection strings from backup vault
3. Restart affected App Services · Verify downstream connectivity

ITIL v4 Normal Change PCI DSS 6.4 SOC 2 CC8.1

CHG-0848 Deploy Azure Policy: deny public blob access on all storage accounts STANDARD ALL

Change TypeStandard (pre-approved, low-risk)

Implementation2026-05-10 10:15 UTC — Policy assigned via TITAN Comply agent

Pre-Approved: STANDARD CHANGE

Auto-Deployed: COMPLETE

Verification: PASSED

IMPLEMENTATION RESULT

Policy deployed to 4 subscriptions. 2 non-compliant resources detected and auto-remediated. All new storage account creations now require allowBlobPublicAccess: false.

ITIL v4 Standard Change NIST 800-53 AC-3 ISO 27001 A.8.1

Change Success Rate (30 Days)

Standard

100%

Normal

94%

Emergency

88%

ITIL Target: ≥ 95% overall · Current: 96%

CAB Queue

16:00

CHG-0849 — Credential rotation & Key Vault migration

PENDING

16:30

CHG-0852 — NSG policy enforcement across all subscriptions

PENDING

17:00

CHG-0853 — Enable Microsoft Defender for all SQL instances

PENDING

Completed

CHG-0847 through CHG-0851 — all approved & implemented

DONE

5-WHY ANALYSIS · ISHIKAWA CATEGORIZATION · CORRECTIVE & PREVENTIVE ACTIONS · LLM PATTERN LEARNING

RCA-0042 Recurring API authentication failures after deployments SYSTEMIC

Related IncidentsINC-1042, INC-0891, INC-0734, INC-0612 (4 occurrences in 90 days)

CategoryProcess Failure — Deployment Pipeline (Ishikawa: Method)

Total Impact38h cumulative downtime · 4 P1 incidents · $142K estimated business impact

5-WHY DEEP ANALYSIS

Why 1: API authentication stopped working after deployment →
Why 2: API Management policies were not included in deployment artifact →
Why 3: ARM template generation script excluded policy XML files →
Why 4: Script used filename pattern match that missed renamed policy files →
Why 5: No integration test validates API authentication post-deployment
Root Cause: Deployment pipeline lacks API contract validation gate and relies on brittle filename patterns for artifact assembly.

CORRECTIVE ACTIONS (IMPLEMENTED)

1. ARM template generator rewritten to enumerate policies by resource type, not filename
2. Post-deployment integration test added: validates OAuth flow against every API endpoint
3. Deployment blocked if any API endpoint returns 401/403 without valid token
4. TITAN Forge rule: auto-rollback deployment if API auth test fails within 5 minutes

PREVENTIVE ACTIONS

1. Quarterly deployment pipeline audit added to TITAN Comply agent scan schedule
2. API contract schema versioning enforced — breaking changes require CAB approval
3. Chaos engineering test: monthly API policy removal simulation in TEST environment

LLM PATTERN LEARNING

Model trained on 4 incident occurrences. Now detects deployment-artifact-gap pattern with 94% confidence. Proactive alert fires 2 minutes after any deployment that reduces API policy count. 0 recurrences since corrective action (32 deployments clean). Confidence: 94%.

RCA-0041 Encryption compliance drift on migrated databases RECURRING

Related IncidentsINC-1040, INC-0967, INC-0823 (3 occurrences in 120 days)

CategoryProcess Failure — Migration Pipeline (Ishikawa: Method + People)

5-WHY DEEP ANALYSIS

Why 1: Production databases found without TDE → Why 2: Migrated from on-prem without encryption check → Why 3: Runbook predates encryption mandate → Why 4: No post-migration compliance gate → Why 5: Migration and security teams operate in silos
Root Cause: Migration pipeline lacks security baseline validation. No cross-team gate between migration completion and production handoff.

CORRECTIVE ACTIONS

1. Migration runbook v3.0 with mandatory encryption verification
2. TITAN Sentinel auto-scan on newly migrated databases
3. Migration cannot complete until security baseline passes
4. All legacy databases audited — 2 additional gaps fixed proactively

LLM PATTERN LEARNING

Model flags all databases created/migrated before 2024-01-01 for encryption audit. Proactive scan of 47 legacy databases: 2 additional findings remediated before becoming incidents. Confidence: 97%.

RCA-0040 Developer-created permissive NSG rules in non-production RECURRING

Related IncidentsINC-1039, INC-0988, INC-0912, INC-0856, INC-0801 (5 in 180 days)

CategoryPeople + Policy Gap (Ishikawa: People + Environment)

5-WHY DEEP ANALYSIS

Why 1: Developers open SSH/RDP to 0.0.0.0/0 → Why 2: No approved self-service alternative → Why 3: JIT VM Access not enabled in non-prod → Why 4: Security assumed non-prod didn't need JIT → Why 5: Non-prod excluded from security baseline
Root Cause: Non-production excluded from baseline. Shadow IT workarounds for remote access.

CORRECTIVE ACTIONS

1. JIT VM Access enabled in ALL environments
2. Azure Policy: deny NSG 0.0.0.0/0 on ports 22, 3389
3. Developer self-service portal for time-limited access
4. Monthly TITAN Bastion NSG audit

LLM PATTERN LEARNING

Portal-created NSG rules (no IaC tag) are 89% likely overly permissive. Auto-alert on any Portal NSG rule with source Any. 0 occurrences since JIT deployment (45 days). Confidence: 89%.

RCA Category Breakdown (Ishikawa)

Method

42%

People

28%

Technology

18%

Environment

12%

LLM Learning Effectiveness

Patterns Learned47 systemic patterns

Incidents Prevented23 proactive catches (last 30 days)

Avg Confidence87.3% across all learned patterns

False Positive Rate4.2% (industry avg: 15-25%)

Model RetrainContinuous — last update: 2 hours ago

Self-learning model retrains on every incident resolution and change outcome

REGULATORY COMPLIANCE MAPPING · AUDIT LOG · EVIDENCE CHAIN · FRAMEWORK COVERAGE

Regulatory Framework Coverage

Framework	Controls	Incidents	Changes	Coverage	Last Audit	Status
NIST 800-53	47 / 52	12	18	90%	2026-05-10	COMPLIANT
HIPAA	38 / 42	8	14	91%	2026-05-10	COMPLIANT
PCI DSS 4.0	31 / 36	6	11	86%	2026-05-10	COMPLIANT
SOC 2 Type II	44 / 48	14	22	92%	2026-05-10	COMPLIANT
ISO 27001	52 / 58	10	16	90%	2026-05-10	COMPLIANT
FedRAMP High	68 / 78	9	15	87%	2026-05-10	REVIEW
GDPR	22 / 24	4	6	92%	2026-05-10	COMPLIANT
ITIL v4	28 / 30	ALL	ALL	93%	2026-05-10	COMPLIANT

Audit Event Log (Live)

2m ago

CHG-0851 post-implementation review completed — evidence attached

AUDIT

18m ago

INC-1039 remediation evidence uploaded — NSG rule + policy assignment

EVIDENCE

34m ago

HIPAA 164.312(a)(2)(iv) control verified — TDE confirmed on 3 databases

COMPLY

1h ago

PCI DSS 6.4.5 evidence generated — change approval chain documented

EVIDENCE

2h ago

FedRAMP SC-28 gap detected — 2 storage accounts missing CMK encryption

GAP

3h ago

SOC 2 CC8.1 continuous monitoring verified — all changes have approval chains

VERIFIED

4h ago

ISO 27001 A.16.1 incident response procedure audit passed

AUDIT

6h ago

NIST 800-53 SI-4 continuous monitoring control verified

VERIFIED

Evidence Artifacts Generated

This Month342 evidence documents

Incident Reports142 with full RCA + remediation proof

Change Records89 with approval chain + rollback plan

Compliance Checks111 automated control verifications

FormatsHTML · PDF · JSON · DOCX

Retention7 years (HIPAA/PCI/SOC2 compliant)

All evidence cryptographically signed · tamper-proof audit chain

Active Alerts

Critical

Warning

Info

Auto-Resolved 30d

Alert Rules

Live Alert Feed

Public-facing API detected with no authentication — immediate action required

PROD · scout · 4m ago · Auto-created INC-1042

Secrets exposed in environment variables on production VM

PROD · comply · 18m ago · Auto-created INC-1041

NSG rule change — port 443 opened to 0.0.0.0/0 without approval

PROD · bastion · 22m ago · Config change detected

▲

SQL database encryption at rest not enabled

PROD · sentinel · 1h ago · Compliance violation

▲

Storage account public blob access enabled — data exposure risk

QA · scout · 2h ago · Auto-created INC-1038

▲

Terraform state drift detected — 3 resources out of sync

DEV · forge · 2h ago · Config drift

▲

SSH unrestricted from internet on NSG-DEV-01

DEV · bastion · 3h ago · Auto-created INC-1039

▲

VM deallocated for 14 days — idle compute cost $150/mo

PROD · watch · 4h ago · Cost optimization

Key Vault certificate cert-api-tls expires in 364 days

PROD · bastion · 6h ago · Informational

4 orphaned managed disks detected — $80/mo recoverable

PROD · watch · 6h ago · Cost optimization

TLS version 1.2 detected — upgrade to 1.3 recommended

QA · sentinel · 8h ago · Best practice

Resource naming convention deviation on 3 resources

TEST · comply · 10h ago · Governance

Monitoring Targets — Auto-Detected

Target	Type	Environment	Status	Last Check
vm-prod-api-01	Virtual Machine	PROD	Healthy	30s ago
vm-prod-web-01	Virtual Machine	PROD	Healthy	30s ago
kv-titan-full-76774	Key Vault	PROD	Healthy	1m ago
sa-titan-prod	Storage Account	PROD	Warning	1m ago
aks-titan-cluster	AKS Cluster	PROD	Healthy	2m ago
nsg-prod-web	NSG	PROD	Alert	30s ago
vm-dev-test-01	Virtual Machine	DEV	Healthy	1m ago
sa-titan-dev	Storage Account	DEV	Healthy	2m ago

Alert Rules Active

Rule	Scope	Threshold	Status
Public endpoint without authentication	All Environments	Immediate	active
Secrets in environment variables	All Environments	Immediate	active
NSG rule change without approval	PROD	Immediate	active
Encryption at rest not enabled	PROD, UAT	4 hours	active
Idle resource cost threshold	All Environments	> $50/mo	active
Config drift detected	PROD	Any change	active
Certificate expiry warning	All Environments	30 days	active
Compliance score regression	All Environments	> 5% drop	active

Total Certificates

Expired

Expiring < 30d

Expiring < 90d

Valid > 90d

Auto-Renew On

AUTO-DETECTED · SSL/TLS · KEY VAULT · APP SERVICE · API MANAGEMENT · LIVE MONITORING · USE ENVIRONMENT FILTER ABOVE TO VIEW BY ENV

ALL CERTIFICATES — Environment Filterable · Click Environment Above

Certificate	Type	Resource	Env	Expires	Days	Renew	Status	Action Taken
Loading certificates from live scan...

AUTOMATIC TICKET WORKFLOW — WHAT HAPPENS WHEN A CERT NEEDS ACTION

Auto-Ticket Workflow (Every Certificate)

ExpiredINC auto-created (P1) + Emergency CHG auto-created + CSO, Team Lead, Resource Owner alerted immediately

< 7 daysINC auto-created (P2) + Normal CHG pre-created + CSO, Manager daily alert

< 30 daysCHG pre-created (Standard) + Manager + Resource Owner weekly alert

< 60 daysInformational alert to Resource Owner bi-weekly

Auto-Renew ONNo ticket needed — renewal runs automatically · Success/failure alert sent

Renew FAILSINC auto-created (P1) + Emergency CHG + CSO + Platform Team escalation

Alerts via Email · Slack · ServiceNow · PagerDuty · Teams · All tickets include renewal steps

How to Renew (Auto-Generated in Every Ticket)

SSL/TLS & WILDCARD CERTS

1. Generate new CSR from Key Vault or cert-manager
2. Submit to CA (DigiCert/Let's Encrypt/Azure)
3. Import new cert to Key Vault or App Gateway
4. Verify binding via TITAN Bastion agent scan
5. Close CHG ticket with evidence screenshot

KEY VAULT MANAGED CERTS

1. Verify auto-renewal policy in Key Vault
2. If auto-renew fails: manually trigger rotation
3. TITAN Forge agent auto-updates all bindings
4. Close CHG with rotation confirmation

SAML / CODE SIGNING / mTLS

1. Generate new cert via PKI or CA portal
2. Update federation/signing config in Azure AD
3. Distribute new public key to all trust partners
4. TITAN Comply agent verifies federation flow
5. Close CHG + INC with test evidence

Notification Rules

ExpiredImmediate alert to CSO + Team Lead + Resource Owner

< 7 daysDaily alert to CSO + Manager + Team Lead

< 30 daysWeekly alert to Manager + Resource Owner

< 60 daysBi-weekly alert to Resource Owner

< 90 daysMonthly alert to Resource Owner

Auto-Renew FailImmediate escalation to CSO + Platform Team

Alerts sent via Email · Slack · ServiceNow · PagerDuty · Teams

Certificate Health Summary

Expired

< 30 days

30-90 days

> 90 days

81% auto-renewal enabled · 19% require manual renewal

Recent Certificate Events

2d ago

*.legacy-api.internal EXPIRED — INC-1045 auto-created · CSO notified

EXPIRED

3d ago

kv-cert-backend auto-renewed successfully (Let's Encrypt)

RENEWED

5d ago

app-svc-staging-tls auto-renewed (Azure Managed)

RENEWED

7d ago

db-mutual-tls-cert EXPIRED — DBA Lead notified · CHG-0854 created

EXPIRED

10d ago

api-gateway-tls entering 30-day warning — Platform Lead notified

WARNING

14d ago

3 Key Vault certificates auto-renewed in batch (zero downtime)

RENEWED

Certificate Types Detected

SSL/TLS18 certificates (App Gateways, APIM, AKS Ingress)

Key Vault12 certificates (managed secrets + certs)

App Service8 certificates (Azure Managed + custom)

Client Auth / mTLS4 certificates (service-to-service auth)

Code Signing2 certificates (CI/CD pipeline signing)

SAML / SSO2 certificates (identity federation)

CA Root / Intermediate1 certificate (VPN gateway)

All types auto-detected across PROD · DEV · QA · UAT · TEST