ConfigSentry Terms of Use

1. About ConfigSentry

ConfigSentry is an automated firewall configuration auditing platform. It analyses firewall configuration files and connected appliances against a library of security rules, benchmark guidelines, and best-practice checks, and produces a structured audit report containing findings, risk scores, and recommended remediations.

Supported capabilities include:

Manual uploads — upload a FortiGate configuration backup file directly through the web interface for on-demand analysis.
Automated collection — deploy a ConfigSentry Collector agent to your environment to retrieve configurations automatically on a schedule or on demand.
Direct SSH auditing — connect directly to a supported appliance via SSH to retrieve and analyse the running configuration without a local collector.

ConfigSentry currently supports Fortinet FortiGate firewalls running FortiOS 6.4.5 and later. FortiOS versions 6.4.0 to 6.4.4 are not supported and may produce inaccurate or incomplete results.

2. Advisory Nature of Audit Results

Audit results, findings, risk scores, and reports produced by ConfigSentry are automated advisory outputs only. They are intended to assist your security team and operational staff in identifying potential configuration weaknesses, misalignments with security best practices, and areas for review — they are not a substitute for professional security consultancy, penetration testing, compliance certification, or human expert review.

Important limitations you must understand:

ConfigSentry analyses configurations based on the information available at the time of the audit. It does not have visibility into your network topology, connected systems, threat landscape, or compensating controls that exist outside the configuration file.
A passing audit result, high score, or absence of flagged findings does not mean your firewall or network is secure, compliant, or free of vulnerabilities.
A failing result or finding does not necessarily indicate an exploitable vulnerability — context, architecture, and operational requirements must be considered before acting on any finding.
Rule definitions and scoring weights are updated periodically. The same configuration may produce different results across different versions of the rule library.
Results are specific to the configuration data provided. If the uploaded or collected configuration does not accurately reflect the live running state of the appliance, results will not reflect actual live conditions.

All remediation decisions, production changes, and security conclusions remain your sole responsibility. You must validate any ConfigSentry finding against your own environment, policies, and risk tolerance before acting on it.

3. No Security Guarantee

secdit makes no representation, warranty, or guarantee that use of ConfigSentry will result in a secure, compliant, or vulnerability-free environment. The platform is provided "as is" and "as available", and its outputs should be treated as one input to a broader security programme — not as a definitive security assessment.

No audit tool, automated or otherwise, can detect all security weaknesses in a firewall deployment. ConfigSentry is not a substitute for qualified security professionals, independent security audits, or compliance accreditation processes.

4. Customer Responsibilities

You are responsible for:

Authorisation — ensuring you have explicit authorisation to upload, transmit, or connect to the configuration data or appliances you submit to ConfigSentry. Analysing devices or configurations you do not own or have permission to audit is prohibited.
Data sensitivity — firewall configurations may contain sensitive details including IP addresses, VPN credentials, pre-shared keys, and network topology information. You are responsible for handling, redacting, or sanitising this data in accordance with your own security and data protection policies before submission, and for understanding who within your organisation can access stored reports.
Credential security — maintaining the confidentiality of your account credentials, MFA codes, and any encryption passwords used to protect downloaded reports. secdit cannot recover encrypted report files if the password is lost.
Remediation decisions — evaluating, approving, testing, and implementing any changes to production systems based on audit findings. Do not apply remediations directly to production firewalls without appropriate review, change control, and testing.
Collector and SSH credentials — if you deploy a Collector agent or configure direct SSH access, you are responsible for the security of the credentials stored in ConfigSentry and for the access granted to those credentials on your appliances.
Compliance — ensuring your use of ConfigSentry complies with all applicable laws, regulations, and internal policies, including those relating to data protection, export controls, and information security.

5. Acceptable Use

You may use ConfigSentry only for legitimate security assessment, operational, and business purposes. The following are prohibited:

Uploading configurations or connecting to appliances you do not own or have explicit permission to audit.
Attempting to access, modify, or extract data belonging to other secdit customers.
Reverse engineering, decompiling, or attempting to derive the rule library, scoring logic, or proprietary algorithms used by ConfigSentry.
Attempting to circumvent access controls, authentication, rate limits, or usage restrictions.
Using the platform in a way intended to overload, disrupt, or degrade service availability for other users.
Introducing malicious code, malware, or files intended to interfere with platform operation.
Automated scraping of audit results, reports, or platform data beyond normal application use.
Reselling, sublicensing, or providing third-party access to the platform in a manner not expressly authorised by secdit.

6. Fair Usage

ConfigSentry operates on a credit-based model. Each audit consumes one credit from your account balance. Credits are consumed at the time an audit is successfully completed. Automated audits via licensed appliances may not consume credits depending on your license entitlement.

Fair usage expectations include:

Not deliberately triggering excessive automated audits to circumvent per-audit credit consumption in ways not intended by your license or credit entitlement.
Not attempting to upload artificially constructed configurations to manipulate or probe the rule library beyond normal operational use.
Collector agents must be deployed only in environments you control and must not be used to target or audit systems outside your ownership or explicit permission.

secdit reserves the right to apply rate limits, usage caps, or access restrictions where usage patterns suggest abuse, automated exploitation, or behaviour that places disproportionate load on shared infrastructure.

7. License Restrictions

Your right to use ConfigSentry is a limited, non-exclusive, non-transferable license granted for the duration of your active subscription or credit entitlement, subject to these Terms of Use.

You must not:

Copy, reproduce, or create derivative works from any part of the ConfigSentry platform, rule library, report templates, or associated software.
Transfer, assign, or sublicense your account, credits, or licenses to any third party without prior written consent from secdit.
Use ConfigSentry to build a competing product or service, or to benchmark secdit's proprietary rule sets against competing offerings.
Remove, obscure, or alter any proprietary notices, attributions, or branding within reports or platform outputs.

Appliance licenses are issued per monitored appliance. Each license authorises automated scheduled auditing of one appliance. Using a single license for multiple physical or logical appliances is not permitted unless the license terms expressly allow it.

Collector agents distributed by ConfigSentry are licensed solely for use with your authorised ConfigSentry account. Redistribution, modification, or use of collector binaries or scripts outside of your authorised account is prohibited.

8. Uploaded Data and Report Retention

Firewall configurations submitted for analysis are processed to generate audit reports and are not retained beyond what is necessary for report generation and storage. Stored audit reports are retained in your account until you delete them or your account is removed.

If you enable report encryption when running an audit, the report is stored in encrypted form. secdit cannot decrypt, access, or recover encrypted reports. You are solely responsible for retaining your encryption password.

You may choose to download and not save a report (a "download only" audit), in which case no report data is retained on the platform after the audit run completes. You are responsible for securing downloaded report files.

9. Credits, Licenses, and Purchases

Audit credits, appliance licenses, and promotional credits are subject to the entitlement conditions and expiry terms applicable at the time of issue. Promotional or complimentary credits may expire if unused within the stated period.

All purchases are subject to the pricing in effect at the time of the transaction. Purchased credits and licenses are non-refundable except where required by applicable consumer protection law or as set out in a separate commercial agreement with secdit.

10. Platform Availability and Changes

secdit may update, modify, suspend, or discontinue any feature, integration, or aspect of ConfigSentry at any time where reasonably required for maintenance, security, legal compliance, rule library improvements, or service enhancement. We do not guarantee uninterrupted availability and may apply maintenance windows, rate limits, or temporary access restrictions where necessary. Rule definitions and scoring logic may change over time; audits run before and after a rule update may produce different results for the same configuration.

11. Disclaimer of Warranties

ConfigSentry is provided "as is" and "as available" without warranties of any kind, whether express, implied, or statutory. secdit does not warrant that the platform will be error-free, uninterrupted, accurate, or fit for any particular purpose. To the fullest extent permitted by applicable law, secdit excludes all implied warranties, including merchantability, fitness for a particular purpose, and non-infringement.

12. Limitation of Liability

To the fullest extent permitted by applicable law, secdit is not liable for any indirect, incidental, special, consequential, punitive, or business interruption losses arising from:

Use of, or inability to use, ConfigSentry;
Reliance on audit findings, risk scores, report outputs, or recommendations produced by the platform;
Changes to firewall configurations, network infrastructure, or security posture made in response to audit results;
Loss or corruption of data, configurations, or reports;
Security incidents, breaches, or vulnerabilities that audit results did not identify.

Where liability cannot be excluded under applicable law, secdit's total aggregate liability to you for all claims arising from or related to use of ConfigSentry shall not exceed the amounts you have paid to secdit for the service during the twelve months preceding the event giving rise to the claim.

13. Suspension and Termination

secdit may suspend or terminate your account or access to ConfigSentry where required for security reasons, non-payment, violation of these terms, misuse of the platform, or legal compliance requirements. You may stop using the service at any time. Upon account closure, your data is subject to the account deletion and retention policies described in the platform documentation.

14. Changes to These Terms

secdit may update these Terms of Use from time to time. Where material changes are made, we will endeavour to notify users through the platform or by email. Continued use of ConfigSentry after updated Terms of Use are published constitutes acceptance of the revised terms.