Skip to main content
The Infrastructure Verification Engine is a per-client registry of network and endpoint assets — firewalls, servers, switches, access points, domain controllers, VPNs, backups, printers, cloud services, and workstations. For each client you build a device inventory by hand, import it from a CSV runbook, or sync it from Hudu, then run verification sweeps to confirm each device is reachable. Every change and check is written to an append-only audit trail, and the verified inventory feeds compliance, SIEM, RMM, and other modules. Open it at /infra.

When to use it

  • Onboard a client — stand up the asset inventory from Hudu or a runbook CSV.
  • Reconcile documented assets against what’s actually reachable.
  • Produce a verification report as compliance evidence.
  • Confirm a device is online before or after maintenance.

Building the inventory

  • Manual — create, update, and decommission devices (delete is soft — it marks the device decommissioned rather than removing it).
  • Hudu sync — pull assets and passwords for a Hudu-synced company and upsert them, mapping Hudu asset layouts to device types.
  • Runbook import — upload a CSV to create device shells (credentials are intentionally not stored here — they live in Hudu or the device vault).

Verification sweeps

Verify all devices for a company, or a single device. Each probe picks a protocol from the device (or a sensible default by type) and checks reachability:
  • HTTP/HTTPS — a GET with status and Server header
  • SSH / LDAP / generic TCP — a port connect
Results are cached on the device and appended to the audit trail, bucketed as verified, unreachable, timeout, protocol error, or pending — with average latency.

Important limitations

Verification checks reachability, not authentication. A “verified” result means the port or HTTP endpoint answered — not that credentials work. Deeper auth probes (firewall API, SSH login, LDAP bind) aren’t wired yet.
Sweeps target public management endpoints only. A built-in SSRF guard blocks private/LAN, loopback, and cloud-metadata addresses at the IP layer, so devices with private IPs (most LAN gear) will fail HTTP verification by design.
  • SNMP and RMM-agent device types always report pending — they aren’t actively probed here (printers and workstations won’t go green).
  • The HTTP probe skips TLS certificate validation.