Skip to Content

Security & Compliance

Lynx Compliance - Vendor Public Posture Monitoring

Daily public-posture probes against each tracked vendor (TLS, security headers, DMARC/SPF/DKIM, breach exposure, IP reputation). Composite letter grade A-F with drift findings auto-raised on degradation.

Talk to sales See pricing

lynx_compliance_vendor_posture · v19.0.1.1.0 · Premium

What this solves

Lynx Compliance - Vendor Public Posture Monitoring

Continuous public-posture monitoring for every tracked vendor. Each day a cron probes the vendor's public surface from the open internet - the same view a buyer's threat-intel team would see - and writes a timestamped lynx.vendor.posture.snapshot plus a composite letter grade onto the underlying lynx.vendor.assessment. Score drops greater than ten points trigger compliance.finding records via the existing scanner pipeline.

Six checks ship out of the box. Four work with no API key required; the SSL Labs and AbuseIPDB checks need an admin-set key to enable. The framework is extensible - new checks register a code, weight, and Python implementation, and the cron picks them up.

Key Features

  • DMARC / SPF / DKIM check - DNS TXT lookups, no external API; score reflects which records are present.

  • TLS protocol probe - direct ssl module probe of the vendor's HTTPS endpoint; score reflects TLS 1.3 / 1.2 vs. legacy.

  • HTTP security headers - GET / and parse HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy.

  • Breach exposure - public haveibeenpwned domain query; recency-weighted score.

  • SSL Labs (admin-set API key) - polls api.ssllabs.com/api/v3/analyze and converts the letter grade.

  • IP reputation (admin-set API key) - AbuseIPDB confidence inverted to a 0-100 score.

  • Composite letter grade A-F - weighted across the enabled checks; surfaced on the vendor list with decoration.

  • Drift findings - score drop greater than ten points or grade demotion auto-raises a compliance.finding of severity matching the magnitude.

  • Federation hint - is_lynx_tenant boolean on the vendor; phase B4 federated trust v2 reads this to skip questionnaires when both sides run Lynx.

Integrates With

  • lynx_compliance_govern - extends lynx.vendor.assessment with posture fields.

  • lynx_compliance - new _scan_vendor_posture_drift method on the existing finding scanner.

Depends on

lynx_compliance_govern lynx_base lynx_compliance_navigation lynx_license_enforcer mail base lynx_compliance

Try Lynx Compliance - Vendor Public Posture Monitoring on your team.

Free trial, no credit card. Talk to sales when you're ready.

Start free trial Browse all modules