Vault — Configuration Backup & Change Detection
Vault provides automated configuration backup, version tracking, and change detection for network infrastructure and control system devices. Think of it as version control for your entire OT network configuration.
How It Works
- Device Enrollment — Add devices to Vault from your Manifest inventory or manually
- Automated Collection — Vault periodically retrieves device configurations via SSH, SNMP, or protocol-specific methods
- Version Tracking — Every configuration change creates a new version with timestamp and diff
- Change Alerts — Unauthorized or unexpected changes trigger immediate alerts
- Restore — Roll back to any previous configuration version
Key Features
- Multi-Vendor Support — Cisco IOS/IOS-XE, FortiOS, Palo Alto PAN-OS, Moxa, Siemens SCALANCE, Rockwell Stratix
- Side-by-Side Diff — Visual comparison between any two configuration versions
- Change Detection Alerts — Immediate notification when configurations change outside maintenance windows
- Compliance Baseline — Define a golden configuration and alert on drift
- Scheduled Backups — Configurable collection intervals per device
- Secure Storage — Configurations encrypted at rest with SHA-256 integrity verification
Supported Collection Methods
| Vendor | Method | Command |
|---|---|---|
| Cisco IOS/IOS-XE | SSH | show running-config |
| Fortinet FortiOS | SSH | show full-configuration |
| Palo Alto PAN-OS | SSH | show config running |
| Moxa | SSH | show running-config |
| Siemens SCALANCE | SSH | show running-config |
| Rockwell Stratix | SSH | show running-config |
Dashboard
The Vault dashboard displays:
- All enrolled devices with last backup time and change status
- Version timeline per device with clickable diffs
- Change alert feed
- Restore history
- Collection job status and errors
Alert Codes
| Code | Severity | Description |
|---|---|---|
| 2003 | Critical | Configuration change detected |
| 2004 | Warning | Backup collection failed |
| 2005 | Info | Scheduled backup completed |