At a Glance – StorageGuard 10.0
- MCP AI Integration – Connect StorageGuard to your enterprise LLM endpoints (Claude, OpenAI, Gemini)
- Native AI Assistant – In-UI chat for querying infrastructure configuration and investigating findings
- AI-Driven Workflows – Hardening, drift detection, compliance, and exposure analysis and guided remediation
- New UI Look and Feel
StorageGuard overview
StorageGuard secures enterprise storage and backup environments by continuously assessing configuration posture and exposure. It automatically collects configuration data across platforms and identifies misconfigurations, drift from approved baselines, deviations from vendor hardening guidelines, compliance gaps, and ransomware protection weaknesses.
Operators can interact with their environment in real time using natural language - querying configurations, investigating findings, and validating posture. AI-driven insights and pre-built workflows help guide security hardening, baseline management, drift detection, compliance reporting, and exposure analysis, with structured answers and actionable remediation steps based on live data.
StorageGuard helps teams detect exposure faster, prioritize risk, and remediate issues through integrated, API-driven workflows and guided, AI-assisted operations.
Key benefits of StorageGuard
StorageGuard offers the following key benefits for enterprise storage and backup environments.
Configuration Baselines and Drift Management
- Prevent configuration drift by defining approved configuration baselines, ensuring consistent deployment across the environment, and continuously monitoring for deviations.
- Eliminate manual configuration validation efforts by leveraging automated scans and actionable findings enriched with evidence and remediation guidance.
- Streamline reporting and remediation workflows using built‑in integrations (e.g., ServiceNow, Jira, CyberArk, HashiCorp) and comprehensive APIs.
- Automate configuration audit reporting and organizational requirements by easily defining custom security configuration checks and tailored reports.
Security and Compliance
- Maintain the security of storage and backup infrastructure by validating alignment with vendor‑recommended hardening guidelines and security configuration best practices.
- Prepare for audits and demonstrate compliance with industry standards, regulatory requirements, and cybersecurity frameworks, including NIST, CIS Controls, PCI DSS, FFIEC, NERC CIP, DORA, NIS2, HIPAA, CRI, and others.
- Proactively manage end‑of‑support (EOS) risks through advance notifications identifying systems affected by upcoming EOS events.
- Identify and remediate security exposures related to vendor advisories, known vulnerabilities (CVEs), and missing patches.
Enterprise Platform Coverage
- Support for enterprise storage and backup technologies, including NAS, AI storage, Object Storage, SDS, SAN arrays, Storage Networks, Storage Management, Storage Virtualization, Data Protection systems, Cloud storage and more.
- Support for heterogeneous, multi‑vendor storage and backup environments, covering leading platforms from Dell, VAST Data, Hitachi, Cohesity, IBM, Everpure (Pure Storage), HPE, Amazon, Commvault, NetApp, Rubrik, Lenovo, Azure, Veeam, Nasuni, CTERA, Fujitsu, Broadcom (Brocade), Veritas, Cisco and more.
- Enterprise‑grade architecture delivering a secure, scalable solution that is easily customizable and integrable with existing management systems.
New in Version 10.0
New features and highlights
This StorageGuard release introduces new features and major enhancements in the following areas:
Open AI Integration (MCP Server)StorageGuard now includes an MCP server that enables secure, structured integration with external LLM platforms such as Anthropic Claude, OpenAI GPT, and Google Gemini. This provides a standardized way to connect StorageGuard data and workflows to enterprise AI environments. Native AI AssistantBuilt on top of MCP, the StorageGuard AI Assistant is an embedded chat interface within the UI that enables operators to interact with their environment using natural language. Operators can:
The assistant includes pre-built prompts for common workflows, such as:
It also supports AI-assisted and guided remediation workflows to help resolve security configuration gaps faster. Figure 1: The StorageGuard AI Assistant
New Look & Feel Updated user interface reflecting the Core6 rebranding, with improved consistency and usability. | |
Enhanced securityThis release includes security enhancements and resolves third-party vulnerabilities. Refer to Support Announcements for additional information. | |
Note: As part of the Core6 rebranding process, certain screens, documents, and other materials now reference Core6 instead of the former company name, Continuity Software.
Additional changes and enhancements
The following section highlights additional notable changes or enhancements:
| Id | Description |
| SG-31691 | Added support for CyberArk for scanners requiring multiple accounts such as IBM Storage Protect and Dell Networker (added in 9.2.9.2). |
| SG-31585 | Dell Powerflex: Added support for token-based authentication. |
| SG-31436 | A new configuration screen is available for MCP client settings. Navigate to Settings > Interfaces > MCP Settings to access it. |
| SG-31669 | Updated the default set of columns for the Compliance tab. |
| SG-31696 | Database view – Added a new SAPI table to expose vulnerability status (added in 9.2.9.2). |
| SG-30838 | Check “SG-C0331T169V01: Audit log retention” – added a new custom parameter for event record log type (added in 9.2.9.2). |
| SG-31856 | Improved CyberArk database integration: Hibernate sessions are now automatically rebuilt when database credentials (username or password) change. (added in 9.2.9.3). |
| SG-31775 | Enhanced CVE detection: Added support for identifying multiple version types on the same asset/item (fixed in 9.2.9.3). |
| SG-31731 | Use site name instead of ID in case of Import or Export Policy or global parameters (fixed in 9.2.9.4). |
| SG-31855 | Upgraded Apache Tomcat to version 10.1.54 (fixed in 9.2.9.3). |
Fixed issues
The following issues are resolved:
| Id | Description |
| SG-31498 | The evidence provided in certain VSAN-related findings contains a too large data set. |
| SG-23548 | HCP are incorrectly counted for licensing. |
| SG-31739 | Cyber Analysis failed due to database view creation failure (fixed in 9.2.9.2). |
| SG-31738 | VSAN - Corrected evidence collection and check logic (fixed in 9.2.9.2) |
| SG-31729 | Resolved an accuracy issue in the “SG-C0392T187V01: Minimum account lockout duration” check (fixed in 9.2.9.2) |
| SG-31716 | Dell PowerFlex - Resolved an issue with CVE data collection (fixed in 9.2.9.2) |
| SG-31587 | Resolved an accuracy issue in the “SG-C0039T175V01: LDAP server configuration” check (fixed in 9.2.9.2) |
| SG-30688 | Resolved an accuracy issue in the “SG-C0470T169V01: Command approver user is not defined” check (fixed in 9.2.9.2) |
| SG-32031 | VSAN scan may return insufficient information results (fixed in 9.2.9.4) |
| SG-31497 | Brocade scan detects virtual fabrics that incorrectly utilize licenses (fixed in 9.2.9.4) |
| SG-32137 | CTERA - fix authentication cookie login (fixed in 9.2.9.4) |
| SG-31894 | Added support for WinRM4J (pure Java WinRM protocol) for WMIScanner (fixed in 9.2.9.4) |
| SG-31796 | Veeam version 13 requires PowerShell version 7 (fixed in 9.2.9.4) |
| SG-32102 | Username field under Credentials can not process more than 80 chars (fixed in 9.2.9.4) |
Installation Notes for this Release
Read the Installation Procedure Chapter of the User Guide for guidance about installing StorageGuard v10. In addition, review the Deployment and Scanning resources for guidance about the StorageGuard infrastructure requirements and the preparations needed for scanning your datacenters.
Upgrade for this Release
An upgrade path to version 10 is available from the 9.2.8 release and above. If your system is currently installed with an earlier release, an upgrade to version 9.2.8 or above is mandatory before upgrading to version 10.
Important notes:
- The upgrade will require the complete stop of StorageGuard operations, including data collection and data analysis. While it is fully automatic, the length of the upgrade process may require several hours to complete in large environments. During this time, it is important not to restart the StorageGuard server or terminate the upgrade task. In addition, it is essential that the database used by StorageGuard be available throughout the upgrade process.
- Prior to upgrading, take care to read the release notes in full, and make any necessary changes to the StorageGuard infrastructure and/or to user account permissions as required, and ensure sufficient free disk space is available on the master server. It is important to review newly required read-only privileged commands and make necessary changes to sudo to allow StorageGuard to run the commands.
- Prior to upgrading, verify you have an up-to-date backup of the StorageGuard server disk drives using your standard backup tools, and an up to date StorageGuard database export.
- Once the upgrade on the master StorageGuard server is completed and the Tomcat service starts, StorageGuard will automatically check and upgrade the StorageGuard collectors. There is no manual collector upgrade process. For gradual collector upgrade, disable the collectors before initiating the upgrade on the master server, and gradually enable the collectors you wish to upgrade following the completion of the software upgrade on the master server.
To upgrade from version 9.2.9 to version 10.0:
- Login as a local administrator to the master StorageGuard Server.
- Run Core6Suite_10.0.exe as an administrator.
- Click Next on the Welcome screen.
- Select “Yes, upgrade Core6 Suite 9.2.9 to 10.0”.
- Accept the License Agreement and click Next.
- Accept the GNU License Agreement and click Next.
- Select whether to perform a database export prior to upgrading and whether to start Tomcat after the upgrade completes and click Next. It is recommended to keep the default settings.
- Click Install to begin the Software Upgrade process. This process may require up to several hours to complete, depending on the size of the scanned environment.
- Click Finish.
Important Notes
Database Locale requirement
The Database instance used as the backend database for the Core6 Platform must be configured with the English Locale.
Scan of Storage and Replication Management servers
It is recommended to scan all production and DR storage management servers as hosts, even if they are already configured as storage proxies. Storage proxy scans operate at the API/CLI level, while host scans of the management servers enable collection of additional configuration files and settings.
Scan of Windows hosts through WMI
Scanning of Windows hosts updated with KB3139940 might fail with an “Access Is Denied” message. To overcome this failure, please make sure that the user configured to authenticate to this server is a member of the Local Administrator group on the StorageGuard server. StorageGuard also provides an alternative method of scanning Windows servers using WMI which requires PowerShell version 5.1 or higher.
User account for technical support only
The csadmin user provides access to support tools that can cause damage if not used properly; This user is intended to be used by Core6 support engineers only. Enable and login with the csadmin user only when directed to do so by support personnel. This user is locked by default.
Recommended scan protocol for Windows hosts
StorageGuard supports a variety of scan options for Windows hosts. The recommended scan option is using WinRM over HTTPS.
Known Issues
The following section highlights additional notable known product issues:
| Id | Description |
| SG-30082 | ONTAP SVM (vserver) assets may not display serial numbers in the inventory view |
| SG-29904 | The Cisco probe may execute commands for disabled features resulting in "Cmd exec error" |
| SG-29876 | Under Scan Troubleshooting, the Storage column may not show the Storage System Name; Workaround - the name is presented in the Summary column |
| SG-29861 | Under Compliance, the details column may present "Successfully scanned" even though the relevant API/CLI command failed; this is because the "Successfully scanned" message refers to the overall system's scan status and not specifically for the API/CLI command used in this check. Workaround: Review failed commands under the Scan Troubleshooting or Task Manager UI |
| SG-28627 | System Properties for controlling the Unisphere for PowerMax (U4P) timeout are missing (Contact support for workaround guidance) |
| SG-27459 | Brocade FOS commands executed as part of a script do not report an error if fail to execute |
| SG-21689 | Uninstalling SG update from "Add/Remove Programs" does not work as expected |
Limitations
Assigning a profile to an Active Directory group
When assigning a profile to an AD Universal Group, the StorageGuard master server must have access to the Global Catalog of the AD Forest.
When assigning a profile to an AD Local Domain Group, StorageGuard will not be able to assign the Profile to AD Users from a different Domain – even though such configuration is valid within AD. In other words – an AD user can log in to StorageGuard (with all the correct profiles assigned) only if each AD Local Domain Group it belongs to is part of the same AD Domain the AD user belongs to.
Special characters are converted during object import to StorageGuard
When importing names and properties of objects from CSV/CMDB/API, special characters such as “&”, ‘no-break-space’ and certain UTF8 chars are converted to alphanumeric chars.
In specific cases scan error messages are not sufficiently informative
The Scan Troubleshooting screen occasionally presents scan error messages that include the error code, but no additional details.
Workaround: Run the erroneous command or script manually to see the full scan error message. If further assistance is required, contact Technical Support.
SSH key supports only keys with less than 4000 characters [P-6645]
Elevated rights required for certain read‑only API calls and commands
Some optional read‑only APIs and commands executed by StorageGuard on specific platforms require elevated privileges. Granting these rights is recommended to enable a more comprehensive risk analysis, but it is not mandatory.
Regardless of the permissions granted, StorageGuard executes read‑only APIs and commands only.
Platform‑specific notes:
- Commvault: Certain optional read‑only API calls (including SNMP and Audit Trail APIs) require elevated rights.
- Dell PowerProtect Data Domain: Some read‑only commands require the limited‑admin role. Alternatively, the scan user can be configured with the read‑only user role.
- Dell Unity (Unisphere for Unity): Some read‑only API calls require the Security Administrator role. Alternatively, the scan user can be configured with the read‑only operator role.
- Hitachi Ops Center: Some read‑only API calls require the Security Administrator role. Alternatively, the scan user can be configured with the read‑only operator role.
- HPE Alletra 6000: User administration APIs are available only to admin users, which means some checks can only be executed with Admin privileges.
- Windows hosts: OS‑level scanning (via WinRM or WMI) runs read‑only commands and queries but requires elevated rights. OS‑level scans are optional but recommended, in addition to application‑level scans, for comprehensive security configuration analysis.
CVE detection limitation
StorageGuard may report a CVE vulnerability that was either worked around or mitigated through remedial steps other than applying software updates.
CVE knowledgebase
The CVE knowledgebase is limited to advisories and CVEs that have been publicly announced by the vendor, MITRE or other source to the community.
PowerMax 5978 patch level
StorageGuard cannot determine the patch level for Dell PowerMax 5978 arrays, only the microcode.
NetApp StorageGRID model and serial number (SG-30081)
The StorageGuard inventory does not present StorageGRID model and serial number in the inventory due to API limitations.
Revision History
Document revision history:
| Revision | Date | Description |
| 1.0 | 17 May 2026 | Initial publication |
Comments
0 comments
Please sign in to leave a comment.