Workflows
Safe testing on operational systems
Rail-safety guardrails: read-only modes, allow-listed checks, change windows, and rollback.
What the Console enforces
- Default mode
- Read-only. Active probes are opt-in per asset.
- Allow-list
- Each engine ships with a published list of checks safe for that asset class.
- Change window
- Active checks against OT assets only fire inside a configured maintenance window.
- Rollback
- Every check declares its rollback. Engines refuse to run a check without one for OT assets.
- Kill switch
- Any engineer can stop a run from the SecOps page; engines acknowledge within seconds.
Audit trail
Who approved the active mode, when, against what, and which checks fired — every transition is in the Audit log. Use it during post-incident reviews and regulator conversations.