Complete Feature List

An exhaustive reference of every capability in the TATER platform, organized by functional area. TATER provides unified compliance management across Microsoft 365, endpoint environments, and cloud infrastructure with automated scanning, remediation, and multi-framework reporting.

1. Compliance Management

The core of TATER: a unified control engine that evaluates, scores, and tracks compliance posture across every major security framework.

Unified Controls (V2 Engine)

5,000+ controls across 19 frameworks. The Unified Controls page is the primary view for managing compliance posture. Controls are organized by domain and evaluated using a threshold-based engine that supports boolean, compare, regex, composite, and custom evaluator types.

Learn more

Multi-Framework Support

19 compliance frameworks in a single platform. TATER maps controls to CIS Microsoft 365 Foundations Benchmark, CISA SCuBA Baselines, DISA STIGs, NIST 800-53, NIST CSF 2.0, NIST 800-171, ISO 27001, SOC 2, PCI-DSS v4.0.1, HIPAA, CIS Controls v8, UK Cyber Essentials, AU Essential Eight, and platform-specific CIS benchmarks for AWS, Docker, Kubernetes, macOS, Ubuntu/RHEL, MSSQL, and Cisco IOS.

Learn more

Control Detail Pages

Deep-dive view for every control. Each control has a dedicated detail page showing audit guidance, remediation steps, current status, scan history, evidence attachments, comments, and assignment tracking. Navigate via the View button on any control row.

Learn more

Filter Cascade

Three-level filtering: Authority, Framework, Application. Selecting an authority (e.g., CIS) narrows the available frameworks, and selecting a framework narrows the available applications. A separate Framework Category Filter provides a top-level split between Compliance and Vulnerability controls.

Learn more

Domain Grouping with Colored Chips

Visual categorization of controls by security domain. Controls are tagged with domains such as Identity, Data Protection, Network Security, and Threat Management. Each domain displays as a colored chip for rapid visual scanning across large control sets.

Learn more

Two-Tier Visibility

Default controls plus organization-specific overlays. Default controls (visible to all organizations) are managed by SuperAdmins. Each organization can create its own controls that layer on top of the defaults, enabling customization without affecting other tenants.

Learn more

Risk Scoring

Weighted risk prioritization on a 0–10 scale. Each control receives a risk score calculated from severity, impact, and current compliance status. Scores drive prioritization across the dashboard, reports, and remediation workflows.

Learn more

SLA Tracking

Time-based remediation targets by severity. Critical findings require resolution within 24 hours, High within 7 days, Medium within 30 days, and Low within 90 days. SLA status is tracked per control and surfaced on the dashboard.

Learn more

Compliance Drift Detection

Persistent history with regression alerts. TATER compares successive scans to detect controls that have regressed from Pass to Fail. Drift alerts appear on the dashboard and in reports, helping teams catch configuration backsliding before it becomes a compliance gap.

Learn more

MITRE ATT&CK Mapping

15 adversary techniques mapped to compliance controls. Controls are linked to MITRE ATT&CK techniques, providing a threat-intelligence overlay that shows which adversary behaviors are mitigated by your current compliance posture.

Learn more

Overrides & Risk Acceptance

Formal risk acceptance with justification and expiry. Failing controls can be marked as accepted risk with a written justification, expiration date, and approval workflow. Overridden controls display as "Override" status rather than "Fail," and are tracked separately for audit purposes.

Learn more

Control Assignments

Assign controls to team members for accountability. Individual controls or bulk selections can be assigned to people in your organization. Assignees see their outstanding items on the My Dashboard page, and assignment status is visible in reports.

Learn more

2. Standards & Frameworks

Manage regulatory standards, map controls across frameworks, and produce per-section compliance narratives for auditors.

Standards Detail Page

Granular section-level control mapping. Each standard has a detail page showing every section, the controls mapped to it, and the compliance percentage for that section. Navigate via the Standards page or from any framework view.

Learn more

NIST 800-53

325+ controls across 20 control families. Full coverage of the NIST 800-53 Rev 5 catalog, organized by family (AC, AU, CM, IA, SC, etc.) with control-to-standard mappings that chain through to other frameworks.

Learn more

ISO 27001

93 Annex A controls mapped from NIST. ISO 27001:2022 Annex A controls are cross-referenced to TATER compliance controls via the NIST chain, enabling organizations to demonstrate ISO compliance from their existing scan data.

Learn more

SOC 2

50+ Trust Services Criteria. SOC 2 Type II criteria (CC, A, C, PI, P series) are mapped to TATER controls, supporting both readiness assessments and ongoing compliance monitoring for service organizations.

Learn more

PCI-DSS v4.0

12 requirements with sub-control mapping. PCI-DSS v4.0 requirements are mapped to applicable TATER controls, covering network security, access control, vulnerability management, and monitoring.

Learn more

HIPAA

6 safeguard categories. HIPAA Security Rule safeguards (Administrative, Physical, Technical) plus Breach Notification and Privacy provisions are mapped to corresponding TATER compliance controls.

Learn more

Cross-Standard Mapping via NIST Chain

Automatic framework bridging through NIST 800-53. Because all frameworks map to NIST 800-53 as a common denominator, TATER can show compliance coverage across any pair of standards — for example, how your CIS M365 controls satisfy ISO 27001 requirements.

Learn more

Per-Org Narratives with AI Assist

Write compliance narratives for each standard section. Each organization can maintain narrative text per standard section, describing how they satisfy each requirement. AI Assist can generate draft narratives in three styles: Formal, Conversational, and Technical.

Learn more

Framework & Authority Management

Create and customize compliance frameworks. The Frameworks page lets administrators define custom frameworks, assign authorities, and map controls. The Authorities page manages the bodies that publish standards (CIS, NIST, DISA, CISA, etc.).

Learn more

3. Automated Scanning

Multiple scanning methods for M365 cloud tenants and endpoint devices, with scheduling and deduplication built in.

M365 Cloud Scanning

Azure Automation runbook for tenant-wide compliance audits. The Scan-M365Cloud runbook authenticates via certificate and evaluates hundreds of controls across Exchange Online, SharePoint, Teams, Defender, Entra ID, Purview, Power BI, and Power Platform.

Learn more

Endpoint Scanning (Agent-Based)

PowerShell agent for on-premises and remote machines. The TATER Agent runs on Windows endpoints, evaluating CIS Benchmarks for Windows 11/Server, collecting hardware inventory, running speed tests, and uploading results to the API.

Learn more

Server-Side Graph API Scanning

Scan directly from the TATER API without runbooks. When tenant credentials are stored in Settings, the API can authenticate to Microsoft Graph and run compliance checks server-side, eliminating the need for Azure Automation infrastructure.

Learn more

Scan Scheduling

Configurable scan frequency from hourly to weekly. The Settings > Scan Schedule page lets administrators configure recurring scans. Azure Automation schedules run M365 scans weekly and endpoint scans daily by default.

Learn more

Scan Deduplication

Automatic duplicate detection at upload time. The scan upload endpoint compares the summary and a sample of 100 controls against existing scans. Duplicates increment a scanCount counter and update the lastScannedAt timestamp instead of creating a new document.

Learn more

Scan Comparison

Diff between any two scans. Select two scans to see which controls changed status (Pass to Fail, Fail to Pass, etc.), enabling teams to understand exactly what changed between scan cycles.

Learn more

Scan Grouping by Type

Collapsible groups: Cloud Runbook, Cloud, Endpoint, Speed Test. The Scans page always groups results by type, with user-selected sort order applied within each group. Each group is collapsible for easy navigation across large scan histories.

Learn more

File-Based Scan Import

Upload JSON scan results from PowerShell scripts. For environments without Azure Automation, scan results can be exported as JSON files and uploaded through the Scans page import button.

Learn more

4. Automated Remediation

One-click remediation for failing controls, powered by a two-runbook architecture that handles both Graph API and Exchange Online operations.

Remediation Script Library

1,446+ pre-built PowerShell scripts for common compliance fixes. Each script follows the REM_*.ps1 naming convention, accepts parameters and connection objects, and returns structured success/failure results. Scripts are stored in Azure Blob Storage and downloaded on demand.

Learn more

Two-Runbook Architecture

PS7.2 primary with PS5.1 companion for Exchange operations. The primary runbook (Run-Remediation) handles Graph API-based remediations directly. When a script requires Exchange Online cmdlets, it automatically delegates execution to the PS5.1 companion runbook (Run-Remediation-EXO) and polls for completion.

Learn more

One-Click Remediation

Trigger remediation from any control detail card. The Remediate button appears on unified control variation cards when a remediation script is available. Clicking it opens a confirmation modal with parameter inputs before triggering the runbook.

Learn more

Remediation Status Tracking

Progress bar with real-time polling. After triggering a remediation, the UI polls the API every 5 seconds for status updates (with a 10-minute timeout). Statuses include Queued, Running, Succeeded, Failed, and Timed Out.

Learn more

Dedicated Remediation Page

Central view of all remediation activity. The Remediation page in the Security nav group shows all remediation jobs across the organization, with filtering by status, control, and date. Each job links back to the associated control.

Learn more

REST API Fallbacks

Graph token injection for environments without Graph SDK. Nine remediation scripts use direct REST API calls via $Connections.GraphToken when the Microsoft Graph PowerShell SDK is not available, ensuring compatibility across different Azure Automation configurations.

Learn more

5. Endpoint Security

Deep integration with Microsoft Defender for Endpoint and Intune for vulnerability management and device compliance.

MDE Device Integration

Automatic discovery of Defender-managed devices. The Scan-Endpoints runbook queries the MDE API for device inventory, enriching TATER's device list with health status, risk scores, exposure levels, onboarding status, and last-seen timestamps.

Learn more

Vulnerability Management with CVSS

Per-device CVE tracking with severity scores. Vulnerabilities discovered by MDE are imported per-device (to avoid memory issues with bulk queries), deduplicated, and displayed with CVSS severity ratings. The top Critical and High CVEs are highlighted for immediate attention.

Learn more

CISA Known Exploited Vulnerabilities

Cross-reference against actively exploited CVEs. The CISA KEV catalog (1,551+ entries) is downloaded during endpoint scans and cross-referenced with MDE findings. An alert banner highlights actively exploited vulnerabilities, including those linked to ransomware campaigns.

Learn more

EPSS Exploit Prediction Scores

Probability-based exploit likelihood scoring. EPSS (Exploit Prediction Scoring System) scores are displayed alongside CVEs, helping teams prioritize remediation based on the statistical likelihood of exploitation in the wild.

Learn more

Software Inventory

Full software catalog with version tracking. MDE software inventory data is imported and displayed with vendor, version, and weakness count. Software is sorted by vulnerability count, and end-of-life products are flagged for replacement.

Learn more

Intune Compliance Integration

Device configuration and compliance policy status. Intune-managed devices are pulled into the endpoint scan, showing compliance policy evaluation results, device configuration status, and managed-app inventory.

Learn more

Device Bridging

Merge MDE devices into the TATER device inventory. The bridgeEndpointScanDevices() function enriches existing TATER devices with MDE data and auto-creates entries for newly discovered devices, providing a single unified device view.

Learn more

Dashboard Tab Views

Six specialized views: Devices, Vulnerabilities, CISA KEV, Software, Recommendations, Intune. The Endpoint Security page provides summary KPI cards (Total Devices, Vulnerabilities by severity, CISA KEV count, Software count) and tab-based drill-down into each data category.

Learn more

6. Smart App Discovery

Automatically discover and track enterprise software from endpoint scan data, with lifecycle version checking.

Trackable Software Allowlist

80 enterprise applications tracked by default. A curated allowlist of common enterprise software (browsers, productivity tools, security products, runtimes) filters endpoint scan results to surface only relevant applications, preventing clutter from obscure system components.

Learn more

endoflife.date Version Checking

Automated lifecycle status via public API. TATER queries the endoflife.date API to determine the support status of discovered software versions, identifying products that are approaching or have reached end-of-life.

Learn more

Version Status Badges

Four visual indicators: Up to Date, Update Available, Major Update, EOL. Each discovered application displays a color-coded badge reflecting its version status, making it easy to identify which software needs attention across the fleet.

Learn more

Auto-Register Compliance Zones

Create compliance zones from endpoint scan discoveries. The autoRegisterDiscoveredApps() function automatically creates compliance zones for software that has vulnerabilities, 5+ device installs, or is end-of-life. Discovered zones are prefixed with disc- for identification.

Learn more

7. Identity Security

Monitor non-human identities, track credential expiry, and detect excessive permissions across your Entra ID tenant.

Non-Human Identity Monitoring

Track app registrations and service principals. The Identity Security page surfaces all non-human identities in your Entra ID tenant, including app registrations, managed identities, and service principals, with risk indicators for each.

Learn more Coming soon

App Registration Credential Expiry

Proactive alerts for expiring secrets and certificates. TATER tracks the expiration dates of all app registration credentials and surfaces warnings for those approaching expiry, preventing authentication failures from expired secrets.

Learn more Coming soon

Service Principal Analysis

Visibility into service principal permissions and usage. Each service principal is analyzed for its assigned API permissions, last sign-in activity, and whether it has excessive or unused permissions that could be reduced.

Learn more Coming soon

Excessive Permissions Detection

Flag identities with overly broad access. TATER evaluates the permissions granted to each non-human identity and flags those with high-privilege or broad-scope permissions that exceed what is typically needed for their stated purpose.

Learn more Coming soon

Identity Risk Scoring

0–100 risk score per identity. Each non-human identity receives a composite risk score based on permission scope, credential age, usage patterns, and owner assignment, enabling prioritized review of the riskiest identities.

Learn more Coming soon

Access Review Campaigns

Structured review workflows for permissions. The Access Reviews page allows administrators to create review campaigns that assign identity reviews to specific team members, track completion, and record approval or revocation decisions.

Learn more Coming soon

8. Device Management

Comprehensive fleet inventory with hardware details, compliance status, and agent deployment tracking.

Fleet Inventory

Complete device catalog with hardware and OS details. The Devices page displays all known machines with type icons, manufacturer logos, OS version, compliance scores, and last-scanned dates. Devices are auto-discovered from endpoint scans and agent check-ins.

Learn more

Agent Deployment Tracking

Percentage metric for agent coverage. The dashboard tracks what percentage of known devices have the TATER agent installed and reporting, helping administrators identify gaps in endpoint coverage.

Learn more

MDE Health, Risk, and Exposure Status

Defender for Endpoint enrichment on device cards. Devices enriched from MDE show health status, risk score, exposure level, onboarding status, last-seen timestamp, and device tags in a dedicated Defender section on the device detail page.

Learn more

Network Speed Test

100MB download and 50MB upload tests from self-hosted files. The TATER agent includes a built-in speed test using files hosted on the TATER marketing site, eliminating dependency on third-party services. Results are stored per device for historical tracking.

Learn more

Device Archive

Soft-archive decommissioned devices. Devices that are no longer active can be archived, removing them from the active fleet view while preserving their compliance history for audit purposes.

Learn more

Device Detail Pages

Deep-dive view with vulnerabilities, software, and compliance. Each device has a detail page showing Defender status, top CVEs by severity, installed software with EOL flags, compliance scan results, and hardware specifications.

Learn more

Device Management Page

Bulk operations and device configuration. The Manage Devices page provides administrative functions for device types, grouping, and bulk status changes across the fleet.

Learn more

9. Policy Library

Template-driven policy document generator with variable substitution, Markdown preview, and branded PDF export.

11 Pre-Built Policy Templates

Covering core security policy domains. Templates include Information Security Policy, Acceptable Use, Incident Response, Access Control, Data Classification, Business Continuity, Change Management, Vendor Management, Remote Work, Data Retention, and Vulnerability Management.

Learn more Coming soon

Template Variable Engine

{{varName}} syntax with typed inputs. Template variables support text, date, select, textarea, and number types. Variables are grouped (Organization, Document Control, Policy Details) and cached across template generation so common values like organization name only need to be entered once.

Learn more Coming soon

Template Browser

Visual template selection with metadata. The template browser displays category icons, difficulty dots (1–3), framework associations, and Recommended badges. Templates can be searched and filtered by category.

Learn more Coming soon

Organization Selector

Generate policies scoped to specific organizations. Both template-based and manual policy creation forms include an organization selector, allowing MSPs and multi-org users to generate branded policies for each client.

Learn more Coming soon

PDF Export with Branding

Cover page, table of contents, and back page. Policies can be exported as professionally formatted PDFs that include organization branding (logo, company name, accent colors), an auto-generated table of contents, and a branded cover and back page.

Learn more Coming soon

Markdown Editing and Preview

Write policies in Markdown with live preview. The policy editor supports Markdown formatting (headers, bold, italic, lists) with a side-by-side preview panel. Generated policies are saved as drafts with the template ID and variable snapshot for easy re-generation.

Learn more Coming soon

10. Security Questionnaires

Import, manage, and respond to security questionnaires with AI-powered assistance and control mapping.

Questionnaire Library

Central repository for all incoming questionnaires. The Questionnaires page lists all imported questionnaires with progress bars, question counts, and status indicators. Questionnaires can be created manually or imported from CSV files.

Learn more Coming soon

CSV Import

Bulk-import questions from spreadsheets. Upload a CSV file with question text, categories, and expected response types to create a questionnaire in bulk, saving time on large vendor assessments.

Learn more Coming soon

AI-Powered Response Generation

Draft answers using AI Assist. For each question, AI Assist can generate a response based on your organization's compliance data, mapped controls, and existing policy documents, significantly reducing the time to complete questionnaires.

Learn more Coming soon

Auto-Map to TATER Controls

Link questionnaire questions to compliance controls. Questions can be mapped to relevant TATER controls, automatically pulling in compliance status and evidence to support questionnaire responses.

Learn more Coming soon

CSV and PDF Export

Export completed questionnaires for submission. Finished questionnaires can be exported as CSV (for spreadsheet-based workflows) or PDF (for formal submission), including all responses, control mappings, and evidence references.

Learn more Coming soon

Per-Question Progress Tracking

Track completion status for each question. Each question can be marked as Draft, In Progress, or Complete. The questionnaire detail page shows overall completion percentage and highlights unanswered questions.

Learn more Coming soon

11. Incident Response Playbooks

Pre-built and customizable incident response playbooks with step-by-step execution tracking.

8 Pre-Built Playbook Templates

Common incident scenarios ready to execute. Templates cover scenarios such as phishing, malware, data breach, insider threat, ransomware, denial of service, account compromise, and supply chain attack. Each template defines steps, owners, and expected actions.

Learn more Coming soon

Step-by-Step Execution with Timer

Guided incident response with time tracking. When an incident is activated, each step can be started, completed, or skipped individually. A timer tracks elapsed time per step and total incident duration for post-incident review.

Learn more Coming soon

Action Types

Three categories: Automated, Investigation, Manual. Steps are classified by action type, making it clear which steps can be automated via remediation scripts, which require investigation, and which need manual human action.

Learn more Coming soon

Active Incident Tracking

Badge counter in the sidebar for active incidents. The Playbooks nav item displays a red badge showing the number of currently active incidents, ensuring responders never miss an in-progress event.

Learn more Coming soon

Per-Step Notes

Document findings and actions at each step. Each playbook step supports free-text notes for documenting what was found, what actions were taken, and any deviations from the planned response procedure.

Learn more Coming soon

12. Vendor Risk Management

Track third-party vendors, assess their security posture, and manage ongoing risk through structured review workflows.

Vendor Registry

Central catalog of all third-party vendors with risk tiers. Each vendor entry includes contact information, data handling details, risk tier classification (Critical, High, Medium, Low), and the date of the last assessment.

Learn more Coming soon

Risk Scoring

Composite score based on data sensitivity, access level, and certifications. Vendor risk scores combine factors including what data the vendor can access, the level of system access granted, and which security certifications they hold.

Learn more Coming soon

Assessment Workflow

Three trigger types: Initial, Annual, Incident-Triggered. Vendor assessments can be scheduled on an annual cycle, triggered by a security incident, or initiated when a new vendor is onboarded. Each assessment tracks questionnaire completion and finding resolution.

Learn more Coming soon

Certification Tracking

SOC 2, ISO 27001, PCI-DSS, HIPAA, FedRAMP, HITRUST. Vendor certification status is tracked with expiration dates, making it easy to identify vendors whose certifications have lapsed and need re-evaluation.

Learn more Coming soon

Vendor Detail Pages

Deep-dive into each vendor relationship. The vendor detail page shows assessment history, current risk posture, certification timeline, associated questionnaires, and notes from previous reviews.

Learn more Coming soon

13. Evidence & Audit

Collect, organize, and present compliance evidence for internal and external auditors.

Auto-Capture Compliance Snapshots

Automatic evidence collection from scans. Each scan run generates point-in-time compliance snapshots that serve as evidence of the organization's security posture at that moment. Snapshots are immutable once created.

Learn more

Evidence Library

Searchable repository with date filtering. The Evidence Library page provides a central view of all compliance evidence, filterable by date range, control, framework, and evidence type. Evidence count badges appear on control detail pages.

Learn more

File Evidence Upload

Attach CSV, PDF, XLSX, and image files to controls. Manual evidence (screenshots, exported reports, policy documents) can be uploaded and linked to specific controls or frameworks, supplementing automated scan evidence.

Learn more

Audit Package Report

Pre-assembled evidence bundle for auditors. The Reports page can generate an Audit Package that combines compliance scores, control status, override justifications, and evidence attachments into a single document suitable for external audit review.

Learn more

Activity Log (Audit Trail)

Searchable record of all create, update, and delete operations. The Activity Log page provides a filterable audit trail with entity type, action, user, date range, and detailed change deltas. Supports SIEM forwarding via syslog or webhook.

Learn more

14. Reporting & Analytics

Dashboard visualizations, compliance reports, and data exports for every audience from board rooms to security operations.

Dashboard with Trend Chart

Stacked area chart showing compliance posture over time. The main Dashboard page displays KPI cards, a compliance trend chart using historical scan data, application-level compliance cards, and risk distribution metrics. Primary applications sort to the top with accent highlighting.

Learn more

My Dashboard

Personalized view of assigned controls and tasks. The My Dashboard page shows controls assigned to the current user, pending overrides awaiting approval, and recent activity, providing a focused personal workqueue.

Learn more

Client Dashboard

Multi-client overview for managed service providers. The Client Dashboard (visible to ServiceProvider and SuperAdmin roles under MSP → Client Dashboard) provides a cross-organization view showing compliance posture, scan status, and alert counts for all managed clients in a single view.

Learn more

Priority Distribution Ribbon

Visual severity breakdown at a glance. A horizontal ribbon graph on the dashboard shows the distribution of findings by priority (Critical, High, Medium, Low), providing an instant read on the overall risk profile.

Learn more

Compliance Drift Alerts

Dashboard alerts for compliance regressions. When controls regress from Pass to Fail between scans, drift alerts appear prominently on the dashboard, drawing immediate attention to configuration backsliding.

Learn more

Framework Compliance Percentages

Per-framework pass rate on the dashboard. Each framework card shows its current compliance percentage, control count, and trend direction, enabling quick comparison across regulatory requirements.

Learn more

Cost Savings Report

Estimated value of automated compliance activities. The Reports page can generate a cost savings estimate based on the number of controls evaluated, scans completed, and remediations executed, quantifying the ROI of TATER adoption.

Learn more

Trust Center

Public-facing compliance posture page. The Trust Center provides a customer-facing view of your organization's compliance status, framework coverage, and security certifications. Suitable for embedding in public websites or sharing with prospective clients.

Learn more

Embeddable Compliance Score Widget

HTML/JavaScript widget for external sites. The Settings > Widget page generates embeddable code that displays your compliance score on external websites, customer portals, or internal dashboards.

Learn more

CSV/Excel Export

Export any table to CSV or Excel. All data tables throughout the application (controls, scans, devices, vulnerabilities, software) support one-click CSV/Excel export for offline analysis or SIEM ingestion.

Learn more

Multiple Report Types

Executive Summary, Detailed, Framework-Specific, Gap Analysis, Fleet, and Audit Package. Reports are rendered client-side as printable HTML with support for PDF generation. Each report type is tailored to a specific audience and use case.

Learn more

Compliance Roadmap

Multi-phase remediation planning generated directly from scan results. The Compliance Roadmap feature organizes failing and manual-review controls into a prioritized, phased remediation plan. It supports a Phase 0 Discovery phase for manual-review controls, cascading phase durations, MSP billing columns (estimated hours, billing rate, project cost), and multiple roadmaps per organization for tracking different initiatives in parallel.

Learn more

Manual Configuration Collection

Tenable-style manual evidence collection for offline or air-gapped systems. The Config Collection feature allows administrators to upload configuration files (JSON exports, registry outputs, CSV baselines) and have TATER evaluate them against control thresholds — providing compliance assessment without network access to the target system. Useful for SCIF environments, lab networks, and devices that cannot run the TATER agent directly.

15. Integrations

Connect TATER to your existing security toolchain with SIEM, ticketing, communication, and notification integrations.

SIEM: Syslog (RFC 5424 CEF)

Forward audit events via syslog in Common Event Format. TATER can send all audit log events to a SIEM endpoint via UDP or TCP syslog, formatted according to RFC 5424 with CEF (Common Event Format) payloads for standardized parsing.

Learn more

SIEM: Webhook (HMAC-Signed)

HTTPS webhook with SHA-256 HMAC signatures. Audit events can be forwarded to any HTTPS endpoint as JSON payloads. Each request includes an X-TATER-Signature header with an HMAC-SHA256 signature for payload verification.

Learn more

SIEM: Splunk HEC

Direct integration with Splunk HTTP Event Collector. Configure a Splunk HEC token and endpoint to send TATER events directly to Splunk indexes without intermediate syslog infrastructure.

Learn more

SIEM: Azure Sentinel

Native Azure Sentinel workspace integration. Send TATER compliance events to an Azure Sentinel workspace for correlation with other security signals in your Microsoft security ecosystem.

Learn more

Ticketing: Jira

Create and sync Jira tickets from failing controls. Failing controls can generate Jira issues automatically, with bidirectional status sync to keep TATER and Jira aligned on remediation progress.

Learn more

Ticketing: ServiceNow

ServiceNow incident and task creation. Integration with ServiceNow enables automatic incident creation from compliance findings, linking TATER controls to ServiceNow CMDB items and change management workflows.

Learn more

Ticketing: Generic Webhook

Send events to any ticketing system via webhook. For ticketing systems not directly supported, a generic webhook integration sends structured JSON payloads that can be consumed by any system with an HTTP endpoint.

Learn more

Communication: Microsoft Teams

Teams channel notifications for compliance events. Configure a Teams incoming webhook to receive notifications about scan completions, drift alerts, remediation status changes, and SLA breaches in your Teams channels.

Learn more

Communication: Slack

Slack channel notifications. Similar to Teams, Slack incoming webhook integration delivers compliance event notifications directly to designated Slack channels.

Learn more

Communication: Email

Email notifications for compliance events. Configure email recipients and triggers to receive formatted email notifications for critical compliance events, scan results, and SLA breaches.

Learn more

Notification Rules Engine

Configurable rules for when and where to send alerts. The notification engine supports rules based on event type, severity, framework, and application, allowing fine-grained control over which events trigger which integrations.

Learn more

16. Azure Resource Security

Scan Azure infrastructure resources for security misconfigurations across common resource types.

33 Security Checks

Covering 6 Azure resource categories. TATER evaluates Azure resources across Storage Accounts, Key Vaults, App Services, SQL Databases, Virtual Machines, and Network Security Groups for common security misconfigurations.

Learn more Coming soon

Azure Resources Page

Dedicated view in the Security nav group. The Azure Resources page displays scan results organized by resource category, with pass/fail status, severity ratings, and remediation guidance for each check.

Learn more Coming soon

17. Organization & User Management

Multi-tenant architecture with role-based access control, organization branding, and MSP white-label support.

Multi-Tenant Architecture

Complete data isolation between organizations. Every data record is partitioned by tenant, ensuring complete separation between organizations. Users can belong to multiple organizations and switch between them via the header organization selector.

Learn more

Role Hierarchy

Five roles with hierarchical permissions. SuperAdmin (cross-org, full access), ServiceProvider (cross-org for assigned clients), OrgAdmin (full access within org), Auditor (read plus audit operations), and Viewer (read-only). Roles are resolved from Azure AD app roles and organization memberships.

Learn more

Organization Branding

Custom logo, colors, and tagline per organization. Each organization can customize its appearance with separate logos for dark and light themes, custom accent colors, a company name, and a tagline. Branding appears in the header, reports, and PDF exports.

Learn more

People Management

Compliance contacts with Entra ID directory search. The People page manages stakeholders and compliance contacts. Users can be searched via the Microsoft Graph API directory, and people records link to control assignments and access reviews.

Learn more

MSP White-Label Portal

Service Provider view with client onboarding. MSPs see a dedicated portal with all their managed clients, per-client compliance scores, and the ability to onboard new client organizations. White-label branding ensures the MSP's brand is presented to end clients.

Learn more

Organization Management (SuperAdmin)

Create and manage organizations and memberships. SuperAdmins can create new organizations, add members by email (auto-resolved to OID on first login), assign per-org roles, and configure organization-level settings including remediation enablement and webhook URLs.

Learn more

Registered Users

View and manage all authenticated users. The Registered Users page (SuperAdmin-only) shows every user who has authenticated, their global role, last login, and organization memberships. Global roles (SuperAdmin, ServiceProvider) are assigned here.

Learn more

User Profile

Personal profile with theme and notification preferences. The Profile page shows the current user's identity, role assignments, organization memberships, and preferences for notifications and display theme.

Learn more

18. AI-Powered Features

AI Assist leverages language models to accelerate compliance documentation, questionnaire responses, and remediation guidance.

AI Assist for Compliance Narratives

Three prompt styles: Formal, Conversational, Technical. On the Standards Detail page, AI Assist generates draft compliance narratives for each standard section based on your mapped controls and their current status. Narratives can be edited and saved per organization.

Learn more

AI Assist for Questionnaire Responses

Draft answers from compliance data. When responding to security questionnaires, AI Assist can generate responses that reference your actual control status, policy documents, and certification data, producing accurate answers grounded in real evidence.

Learn more

AI Assist for Control Remediation

Guidance for filtered control sets. AI Assist can analyze a filtered set of failing controls and generate a prioritized remediation plan with step-by-step instructions, estimated effort, and dependency ordering.

Learn more

Bulk Narrative Generation

Generate narratives for all sections at once. Rather than generating narratives one section at a time, the bulk generation feature processes all sections of a standard in sequence, producing a complete set of compliance narratives for auditor review.

Learn more

19. TATER Agent

Endpoint agents for on-premises compliance scanning, available in PowerShell and .NET versions.

PowerShell Agent (v1.3.x)

Lightweight endpoint scanner for Windows machines. The PowerShell agent (TATER-Agent.ps1) runs compliance scans against CIS Benchmarks for Windows 11/Server, collects hardware inventory, performs speed tests, and uploads results to the TATER API.

Learn more

.NET Agent (v2.1.9)

Windows Service with system tray UI. The .NET 8 agent runs as a Windows Service for headless operation with an optional system tray application for status visibility and manual scan triggering. Built with C# targeting .NET 8.

Learn more

MSI Installer

WiX Toolset v4 installer with silent install support. The MSI installer (TATER-Agent.msi) supports silent deployment via Intune, SCCM, or Group Policy. Custom actions are built as AnyCPU to ensure compatibility with the 32-bit MSI process. Configurable parameters include API URL and organization ID.

Learn more

Auto-Update with SHA256 Verification

Automatic version checking and secure update. The agent checks GET /api/agent/version (no authentication required) on each run. If a newer version is available, it downloads the MSI from the TATER marketing site, verifies the SHA256 hash, and installs the update.

Learn more

System Tray with TATER Icon

Minimal UI presence with status indicators. The system tray icon provides at-a-glance agent status (running, scanning, error) and a context menu for manual scan triggering, viewing logs, and opening the TATER application. The taskbar entry is hidden to avoid clutter.

Learn more

Self-Hosted Speed Test Files

100MB and 50MB test files. Speed test files are self-hosted, eliminating dependency on third-party CDN size limits. Results are stored per device for historical comparison.

Learn more

History Cleanup

Automatic log rotation keeping last 10 entries. The agent automatically cleans up old log files, scan results, and speed test data on each run, keeping only the most recent 10 entries of each type to prevent disk space accumulation.

Learn more

20. Platform & Infrastructure

The technical foundation that powers TATER, from the API to deployment pipelines and developer tools.

Serverless API

Serverless API with automatic scaling. The TATER API provides automatic scaling, consumption-based pricing, and sub-second cold starts. All endpoints validate JWT tokens and enforce role-based access control.

Learn more Coming soon

Cloud Database

Multi-tenant data storage with automatic provisioning. All data is stored with tenant-level partitioning, ensuring complete isolation between organizations. Data stores are auto-provisioned on first access, handling first-run scenarios gracefully.

Learn more Coming soon

Azure Automation Runbooks

Four runbooks for scanning and remediation. Scan-M365Cloud (PS5.1, weekly), Scan-Endpoints (PS5.1, daily), Run-Remediation (PS7.2, on-demand), and Run-Remediation-EXO (PS5.1, on-demand). All authenticate via certificate from Key Vault with Managed Identity permissions.

Learn more

CI/CD via Azure DevOps

Three pipelines auto-deploying on push to main. The API, Frontend, and Runbook deploy pipelines trigger on path-specific changes to the main branch, ensuring continuous delivery of updates.

Learn more Coming soon

Two Static Web App Architecture

Separate SWAs for marketing and application. The marketing site (www.tatersecurity.com) and the application (app.tatersecurity.com) are deployed to separate Azure Static Web Apps because they require different root documents and routing configurations.

Learn more Coming soon

Interactive Runbook Creation Wizard

3-step guided setup for Azure Automation resources. The Settings → Cloud Scanning page includes a wizard that walks administrators through creating Azure Automation resources, generating resource names, and configuring the scanning infrastructure.

Learn more

QA Test Suite

74 automated tests with issue tracking integration. The automated test suite validates API endpoints, data integrity, and frontend syntax. Failed tests automatically create bug work items in the issue tracker.

Learn more Coming soon

API Rate Limiting

100 requests per minute per client. The API enforces rate limiting to prevent abuse and ensure fair resource allocation across tenants. Rate limit headers are included in API responses for client-side awareness.

Learn more Coming soon

AES-256-GCM Credential Encryption

Tenant credentials encrypted at rest. Client secrets and sensitive configuration are encrypted using AES-256-GCM before storage. Encryption keys are managed securely via a dedicated key management service.

Learn more Coming soon

API Key Management

SHA-256 hashed keys with prefix display. API keys for automation authentication are hashed with SHA-256 before storage. Only the key prefix is displayed in the UI after creation. Keys support rotation and revocation.

Learn more

Dual Authentication Model

Entra ID (RS256) and local password (HS256) authentication. The API supports both Microsoft Entra ID JWT tokens (RS256 validation against the OIDC discovery endpoint) and local password authentication (HS256) for environments without Entra ID.

Learn more

21. Settings & Configuration

All the configuration pages accessible from the Settings nav group in the sidebar.

Branding

Logo, company name, tagline, and accent colors. Customize the application appearance per organization with separate dark and light theme logos and accent colors. Branding cascades into reports and PDF exports.

Learn more

Tenant Credentials

Store M365 tenant credentials for server-side scanning. Configure tenant ID, client ID, and authentication method (secret or certificate) for each M365 tenant. Credentials are encrypted at rest with AES-256-GCM.

Learn more

API Keys

Generate and manage API keys for programmatic access. Create API keys for runbook authentication and external integrations. Keys are SHA-256 hashed; only the prefix is shown after creation.

Learn more

SIEM Configuration

Configure syslog and webhook SIEM destinations. Set up syslog endpoints (UDP/TCP, CEF format) and webhook URLs (HMAC-signed) for forwarding audit events to external SIEM platforms.

Learn more

Integrations Marketplace

41 integrations across 5 categories. Browse and configure SIEM, ticketing, communication, and automation integrations from a unified marketplace interface.

Learn more

Compliance Configuration

Compliance zones and application scoping. Define which M365 applications (Exchange, SharePoint, Teams, etc.) are in scope for each organization, with primary application flagging for dashboard prioritization.

Learn more

Remediation Settings

Per-org remediation enablement and webhook configuration. Enable or disable automated remediation per organization, configure the remediation webhook URL, and set the app registration ID used for runbook authentication.

Learn more

Scan Schedule

Configure recurring scan frequency and timing. Set scan schedules from hourly to weekly intervals with specific time-of-day preferences for M365 cloud scans and endpoint scans.

Learn more

Script Template

PowerShell script template for custom control scripts. View and customize the template used for generating new compliance control evaluation scripts.

Learn more

Scan Commands

Command builder for manual scan execution. Generate ready-to-use PowerShell commands for running scans with the correct parameters for your environment, including API URL, tenant ID, and output paths.

Learn more

Agent Management

KPI dashboard, MSI download, and runbook wizard. Monitor agent deployment coverage, download the latest MSI installer, view silent install commands for mass deployment, and access the interactive runbook creation wizard.

Learn more

Recycle Bin

Recover soft-deleted items. Items deleted from the application are moved to the Recycle Bin where they can be restored or permanently removed. Covers controls, overrides, catalog items, and other data types.

Learn more

Compliance Widget

Generate embeddable compliance score HTML. Create a JavaScript/HTML snippet that displays your organization's compliance score on external websites or internal portals. Customizable colors and size.

Learn more

Sample Data Seeding

Populate the platform with demo data (SuperAdmin only). The Sample Data page seeds the database with example organizations, scans, controls, and overrides for demonstration and testing purposes.

Learn more

Help & Documentation

In-app help page with links to documentation. The Help page provides quick links to all documentation pages, keyboard shortcuts, and version information.

Learn more

22. Risk Management

Enterprise risk register with visual heat maps, quantitative scoring, and treatment plan tracking for a complete risk management lifecycle.

Risk Register

Central repository for all identified risks. The Risk Register page catalogs organizational risks with fields for likelihood, impact, risk category, owner, treatment plan, and residual risk. Each risk links to related compliance controls and mitigation activities.

Learn more Coming soon

Risk Heat Map

5x5 likelihood-impact matrix with color-coded cells. The interactive heat map visualizes all risks on a likelihood vs. impact grid. Click any cell to drill into the risks at that intersection. Colors range from green (low) through amber (medium) to red (critical).

Learn more Coming soon

Quantitative Risk Scoring

Annualized loss expectancy (ALE) calculations. Each risk can be scored quantitatively using Single Loss Expectancy (SLE) and Annual Rate of Occurrence (ARO) to calculate ALE. Supports both qualitative (Low/Medium/High/Critical) and quantitative scoring modes.

Learn more Coming soon

Risk Treatment Plans

Four treatment options: Mitigate, Accept, Transfer, Avoid. Each risk has a treatment plan with status tracking, target dates, and responsible parties. Treatment progress is tracked on the risk detail page and summarized on the dashboard.

Learn more Coming soon

Risk-to-Control Linkage

Map risks to compliance controls that mitigate them. Risks can be linked to one or more TATER compliance controls, creating a bidirectional relationship that shows which controls mitigate which risks and which risks are unmitigated.

Learn more Coming soon

23. Exception & Waiver Management

Formal workflow for requesting, reviewing, and tracking compliance exceptions and policy waivers with approval chains and expiration enforcement.

Exception Request Workflow

Structured request forms with business justification. Users can submit exception requests specifying the control or policy, justification, compensating controls, requested duration, and risk impact assessment. Requests enter an approval queue visible to OrgAdmins.

Learn more Coming soon

Multi-Level Approval Chain

Configurable approval workflow with escalation. Exception requests can require approval from one or more reviewers (OrgAdmin, CISO, Risk Committee). Approvals track who approved, when, and any conditions attached to the approval.

Learn more Coming soon

Automatic Expiry and Renewal

Time-bound exceptions with renewal reminders. All exceptions have an expiration date. The system sends renewal reminders before expiry and automatically reverts the control to its original status when an exception expires without renewal.

Learn more Coming soon

Compensating Controls

Document alternative measures for excepted controls. Each exception can specify compensating controls that partially mitigate the risk introduced by the exception. Compensating controls are tracked and included in audit reports.

Learn more Coming soon

24. Regulatory Change Management

Track regulatory updates, assess their impact on your compliance posture, and manage the transition to new requirements.

Regulatory Change Feed

Curated feed of framework and regulation updates. The Regulatory Changes page surfaces updates to compliance frameworks (CIS version bumps, NIST revisions, new CISA directives) with impact assessments and affected control counts.

Learn more Coming soon

Impact Assessment

Automated gap analysis for regulatory changes. When a new regulation version is published, TATER identifies which existing controls are affected, which new controls are needed, and which can be retired, generating a transition plan.

Learn more Coming soon

Change Tracking and Deadlines

Timeline view of regulatory compliance deadlines. Each regulatory change has an effective date, a transition period, and a compliance deadline. The system tracks progress toward each deadline and surfaces overdue transitions.

Learn more Coming soon

25. Audit Management

Plan, execute, and track internal and external audits with evidence collection, finding management, and auditor collaboration.

Audit Planning

Define audit scope, objectives, and schedules. Create audit engagements with defined scope (frameworks, controls, date range), assigned auditors, and target completion dates. The audit plan links to relevant controls and evidence.

Learn more Coming soon

Finding Management

Track audit findings from discovery to resolution. Each finding has a severity, description, affected controls, recommended remediation, and status (Open, In Progress, Resolved, Closed). Findings link back to the audit engagement and forward to remediation tasks.

Learn more Coming soon

Evidence Collection Workflow

Request and track evidence from control owners. Auditors can create evidence requests assigned to specific people, with due dates and status tracking. Evidence submissions are linked to the audit engagement and archived for future reference.

Learn more Coming soon

Audit Calendar

Calendar view of past and upcoming audits. The Audit Calendar displays all audit engagements on a timeline, showing overlapping audits, approaching deadlines, and historical audit cadence for compliance reporting.

Learn more Coming soon

26. Business Continuity & Disaster Recovery

Document, test, and maintain business continuity and disaster recovery plans with impact analysis and recovery tracking.

BCP/DR Plan Library

Structured plan documents with version control. Create and maintain business continuity and disaster recovery plans with sections for scope, recovery objectives (RTO/RPO), critical processes, communication plans, and recovery procedures. Plans support versioning and approval workflows.

Learn more Coming soon

Business Impact Analysis

Identify and prioritize critical business processes. The BIA module catalogs business processes with their dependencies, recovery priorities, maximum tolerable downtime, and financial impact estimates. Results feed into BCP plan development.

Learn more Coming soon

Test and Exercise Tracking

Schedule and record BCP/DR tests. Plan tabletop exercises, walkthroughs, and full simulation tests. Record test results, lessons learned, and corrective actions. Track test frequency to satisfy audit requirements.

Learn more Coming soon

RTO/RPO Tracking

Monitor recovery objectives across critical systems. Define Recovery Time Objectives and Recovery Point Objectives for each critical system. Track actual recovery performance against targets during tests and real incidents.

Learn more Coming soon

27. Data Classification & Privacy

Classify data assets, track data flows, and manage privacy requirements across your organization.

Data Asset Inventory

Catalog data stores with classification labels. The Data Classification page inventories data assets (databases, file shares, SaaS applications, cloud storage) with classification levels (Public, Internal, Confidential, Restricted) and data types (PII, PHI, PCI, IP).

Learn more Coming soon

Data Flow Mapping

Visualize how data moves through your organization. Map data flows between systems, identifying where sensitive data is created, processed, stored, and transmitted. Data flow maps support privacy impact assessments and regulatory compliance.

Learn more Coming soon

Privacy Impact Assessments

Structured PIA workflow for new initiatives. When new systems or processes involve personal data, the PIA workflow guides teams through risk identification, mitigation planning, and DPO review before launch.

Learn more Coming soon

Retention Policy Management

Define and enforce data retention schedules. Set retention periods by data classification level and regulatory requirement. Track compliance with retention policies and flag data that has exceeded its retention period for disposition.

Learn more Coming soon

28. Security Awareness Training

Track employee security training completion, manage training campaigns, and demonstrate compliance with training requirements.

Training Campaign Management

Create and assign training campaigns to groups. Define training campaigns with target audiences, required courses, deadlines, and completion thresholds. Campaigns can target all employees, specific departments, or role-based groups.

Learn more Coming soon

Completion Tracking

Per-employee training status with dashboard metrics. Track which employees have completed required training, which are overdue, and overall organizational completion rates. Dashboard KPI cards show training compliance percentage.

Learn more Coming soon

Phishing Simulation Tracking

Record and analyze phishing test results. Import results from phishing simulation platforms to track click rates, report rates, and improvement trends over time. Results link to individual employee training records.

Learn more Coming soon

Training Evidence for Auditors

Generate training compliance reports for audit. Export training completion data as evidence for compliance audits (HIPAA, PCI-DSS, SOC 2, ISO 27001). Reports show completion rates, overdue counts, and historical trends.

Learn more Coming soon

29. Control Testing Automation

Schedule and execute periodic control effectiveness tests with evidence capture and gap identification.

Automated Test Scheduling

Recurring test plans on configurable schedules. Define test plans that execute on daily, weekly, monthly, or quarterly cadences. Each test plan specifies which controls to test, what evidence to collect, and who reviews the results.

Learn more Coming soon

Test Procedures Library

Reusable test procedures for control effectiveness. Build a library of test procedures with step-by-step instructions, expected outcomes, and pass/fail criteria. Procedures can be assigned to controls and executed during test cycles.

Learn more Coming soon

Test Result Tracking

Historical test results with trend analysis. Each test execution records pass/fail results, evidence collected, exceptions noted, and tester comments. Trend charts show control effectiveness over time across test cycles.

Learn more Coming soon

Gap Identification

Automatic gap detection from test failures. When control tests fail, the system automatically creates gap items linked to the failing control and test procedure, feeding into the remediation workflow for resolution tracking.

Learn more Coming soon

30. Custom Control Frameworks

Build and manage organization-specific compliance frameworks with custom controls, domains, and scoring rules.

Framework Builder

Visual framework creation with drag-and-drop domains. The Framework Builder lets administrators define custom frameworks with named domains, control groupings, and mapping rules. Frameworks can inherit from existing standards or be built from scratch.

Learn more Coming soon

Custom Control Definitions

Define controls with custom threshold logic. Create organization-specific controls with custom evaluation thresholds, audit guidance, remediation steps, and framework mappings. Custom controls integrate seamlessly with the existing V2 engine.

Learn more Coming soon

Framework Import/Export

Share frameworks between organizations via JSON export. Custom frameworks can be exported as JSON packages and imported into other TATER organizations, enabling MSPs to distribute standardized frameworks across their client base.

Learn more Coming soon

Cross-Framework Mapping

Map custom controls to standard frameworks. Custom framework controls can be mapped to controls in standard frameworks (CIS, NIST, ISO), enabling organizations to demonstrate how their internal requirements align with industry standards.

Learn more Coming soon

31. Groups & Feature Permissions

Tailor the TATER experience per organization and per user group. OrgAdmins and SuperAdmins can enable or disable individual features, create custom user groups, and assign fine-grained feature access through an interactive permission grid.

Custom Groups

Organize users into named groups with color-coded badges. Four default groups are provided (Administrators, Auditors, Viewers, All Users) and map automatically to TATER roles. OrgAdmins can create additional custom groups, assign members from the People directory, and give each group a distinctive color for at-a-glance identification throughout the platform.

Settings Reference

Feature Registry

33 configurable features across 5 categories. Every navigable area of the platform — from Dashboard and Controls to Risk Register and the MSP Client Dashboard — is registered in a central feature registry. Each feature belongs to a category (Core, Compliance, Output, Security, or Manage) and can be toggled on or off at the organization level by an OrgAdmin. Core features (Dashboard, My Dashboard, Controls) cannot be disabled.

Permission Grid

Interactive matrix mapping features to groups. The permission grid displays every feature as a row and every group as a column, with checkboxes at each intersection. OrgAdmins can grant or revoke access to individual features per group, use the “All / None” toggles for bulk assignment, and save the entire matrix in one click. Core features are always checked and cannot be unchecked.

Preset Templates

5 built-in permission profiles for rapid setup. Presets include Full Access, Compliance Only, Security Focus, GRC Suite, and Basic. Selecting a preset auto-fills the permission grid checkboxes for the target group, providing a quick starting point that can then be fine-tuned. Presets are applied via a dropdown on the permission grid page.

Simplified Views

Automatically hide features users don’t need. When feature permissions are configured, the sidebar navigation dynamically adjusts for each user. Features outside a user’s group permissions are hidden, and empty navigation groups collapse automatically. This creates a clean, focused interface tailored to each user’s responsibilities. SuperAdmins always see all features regardless of group configuration.