Knowledge Base

Symptoms: Agent status shows "offline", "error", or "unknown" in the dashboard. No recent activity logs.

Resolution steps:

• Check agent process is running: gridlock status --agent [agent-id]
• Verify network connectivity: gridlock ping — should show <200ms to api.lockthegrid.com
• Check API key validity: gridlock auth test
• Review agent logs: gridlock logs --agent [agent-id] --tail 50
• Restart the agent: gridlock restart --agent [agent-id]
• If persistent, regenerate API key and redeploy

# Full diagnostic
gridlock doctor --agent msp-hunter

# Force restart with fresh config
gridlock restart --agent msp-hunter --force --fresh-config

If the issue persists after restart, check your firewall rules for outbound HTTPS to *.lockthegrid.com.

Common causes and fixes:

• Browser cache: Hard refresh with Ctrl+Shift+R (Cmd+Shift+R on Mac)
• Browser extensions: Disable ad blockers and privacy extensions for lockthegrid.com
• Network issues: Verify WebSocket connections aren't blocked by corporate proxy
• Session expired: Clear cookies and re-authenticate
• Browser version: Ensure you're on Chrome 100+, Firefox 100+, or Edge 100+

# Check dashboard backend health
curl -s https://api.lockthegrid.com/api/health | jq .

# Expected: {"status":"healthy","uptime":86400}

Diagnosis:

• Check rate limit headers: X-RateLimit-Remaining in response headers
• Verify you're not exceeding your tier's rate limit (100/min Starter, 1000/min Pro)
• Large tenant scans may take longer — use async endpoints for heavy operations
• Check status.lockthegrid.com for platform incidents

# Test API latency
curl -w "%{time_total}s\n" -o /dev/null -s \
  -H "Authorization: Bearer $GRIDLOCK_API_KEY" \
  https://api.lockthegrid.com/v1/api/health

# Use async mode for long operations
curl -X POST \
  -H "Authorization: Bearer $GRIDLOCK_API_KEY" \
  -H "X-Async: true" \
  https://api.lockthegrid.com/v1/api/compliance/assessments

Check these in order:

• Verify webhook URL returns 200 OK: gridlock webhook test --id [webhook-id]
• Check webhook is active (not disabled after repeated failures): gridlock webhook list
• Review delivery logs: gridlock webhook logs --id [webhook-id] --last 10
• Ensure your endpoint accepts POST and responds within 10 seconds
• Verify SSL certificate is valid on your endpoint
• Check event type subscriptions match what you're expecting

# Test webhook endpoint manually
gridlock webhook ping --url https://your-app.com/api/gridlock-webhook

# Resend failed deliveries
gridlock webhook resend --id [webhook-id] --event evt_abc123

Common scenarios:

• Paid but still showing as trial: Lemon Squeezy webhooks can be delayed 1-5 minutes. Force sync: gridlock billing sync
• Tier upgrade not reflected: Check Lemon Squeezy portal for confirmation, then run gridlock billing sync
• Payment failed but service still active: 3-day grace period is active. Update payment method in billing portal

# Force billing sync
gridlock billing sync --force

# Check subscription status
gridlock billing status

# View billing history
gridlock billing history --limit 10

Prerequisites: Professional tier subscription, API key configured, RMM tool connected (optional but recommended).

Steps:

1. Create tenant: gridlock tenant create --name "Client Corp"
2. Configure tenant profile (endpoint count, industry, compliance needs)
3. Generate deployment package: gridlock package generate --tenant "client-corp"
4. Deploy via RMM push or manual installer
5. Wait for agent discovery phase (typically 30-60 minutes)
6. Review baseline security assessment report
7. Configure alert channels (Slack, email, PSA tickets)
8. Schedule kickoff call to review initial findings with client

# Quick onboarding in one command
gridlock onboard --tenant "client-corp" \
  --endpoints 150 \
  --industry healthcare \
  --compliance hipaa,soc2 \
  --rmm connectwise

Step 1: Select frameworks

gridlock compliance set --tenant "client-corp" \
  --frameworks soc2-type2,hipaa --schedule weekly

Step 2: Map controls — The Compliance Engine auto-maps your existing infrastructure to framework controls. Review the mapping and adjust as needed.

Step 3: Review gaps — After the first assessment, review the gap analysis report:

gridlock compliance report --tenant "client-corp" \
  --framework soc2 --type gap-analysis

Step 4: Remediate — Set auto-remediate for low-risk items, create tickets for manual items:

gridlock compliance remediate --auto low-risk \
  --ticket high-risk --psa connectwise

Gridlock's Threat Researcher agent generates alerts at multiple severity levels. Configure how each level reaches your team:

# Critical threats → Slack + SMS + PSA ticket
gridlock alert config --severity critical \
  --channel slack --slack-channel "#security-critical" \
  --channel sms --sms-group "on-call" \
  --create-ticket true --psa connectwise

# High severity → Slack + email
gridlock alert config --severity high \
  --channel slack --slack-channel "#security-alerts" \
  --channel email --email "[email protected]"

# Medium → Slack only
gridlock alert config --severity medium \
  --channel slack --slack-channel "#security-info"

# Low → Dashboard only (daily digest)
gridlock alert config --severity low \
  --channel digest --digest-frequency daily

Multi-tenant is included in the Professional tier. Each client gets an isolated workspace while you maintain a unified view:

# List all tenants
gridlock tenant list

# Switch between tenant contexts
gridlock tenant use "client-corp"
gridlock tenant use "acme-industries"

# Cross-tenant threat correlation
gridlock threat correlate --all-tenants --lookback 7d

# Aggregate dashboard
gridlock dashboard --multi-tenant --summary

Best practices:

• Use consistent naming conventions: [client]-[service]
• Group tenants by compliance requirements for efficient auditing
• Set up tenant-level alert routing to avoid alert fatigue
• Use the Account Manager agent to compare health scores across tenants

Data we collect: Endpoint telemetry (process list, network connections, file hashes), compliance control states, user access logs, agent activity logs.

Data we do NOT collect: File contents, email bodies, personal browsing history, keystrokes, passwords.

Storage: All data encrypted at rest (AES-256) in SOC2-certified data centers. US-based storage by default, EU residency available on Enterprise tier.

Retention:

• Threat telemetry: 90 days (active), 1 year (archived)
• Compliance reports: Duration of subscription + 1 year
• Audit logs: 7 years (SOC2 requirement)
• Agent activity: 30 days (full), 1 year (summary)

Data deletion: On account termination, all data is purged within 30 days. Immediate deletion available on request.

In Transit:

• TLS 1.3 minimum for all API communications
• Certificate pinning on agent-to-platform connections
• HSTS enabled on all endpoints

At Rest:

• AES-256-GCM encryption for all stored data
• Encryption keys managed via AWS KMS with automatic rotation (90 days)
• Database-level encryption with separate per-tenant keys
• Backups encrypted with separate key hierarchy

Application Level:

• API keys hashed with bcrypt (never stored in plaintext)
• JWT tokens with RS256 signing, 1-hour expiry
• Webhook secrets never logged or exposed after creation

Gridlock's own SOC2 status: Gridlock is SOC2 Type II certified. Our audit report is available under NDA to Enterprise customers.

Using Gridlock for your SOC2 audit:

• CC6.1 (Logical Access): Agent monitors access controls and alerts on unauthorized changes
• CC6.2 (Authentication): Tracks MFA adoption and password policy compliance
• CC7.1 (Detection): Threat Researcher provides continuous monitoring evidence
• CC7.2 (Incident Response): Automated incident logging with full audit trail
• CC8.1 (Change Management): Tracks all configuration changes with timestamps

# Generate SOC2 evidence package
gridlock compliance export --framework soc2 \
  --period "2026-01-01:2026-03-31" \
  --format audit-package

Automated Response (no human required):

1. Detection: Threat Researcher identifies anomalous behavior
2. Classification: Severity assessed (critical/high/medium/low)
3. Containment: Auto-quarantine for critical/high — endpoint isolated in <30 seconds
4. Notification: Alert dispatched per configured channels
5. Documentation: Full incident log created automatically

Escalation to Humans:

• Novel attack patterns not in threat database
• Incidents requiring business decision (e.g., take production system offline)
• Multi-stage attacks spanning multiple endpoints
• Incidents requiring client communication

Recommended schedules by environment size:

• <100 endpoints: Default schedules are optimal. Threat Researcher every 5min, Compliance weekly.
• 100-500 endpoints: Increase Threat Researcher to every 3min during business hours. Schedule Compliance for off-hours (2:00 AM local).
• 500-2000 endpoints: Enable parallel agent execution. Use tenant-level scheduling to distribute load.
• 2000+ endpoints: Contact support for custom scheduling profiles. Consider Enterprise tier for dedicated resources.

# Set optimized schedule for large environments
gridlock schedule set --agent threat-researcher \
  --cron "*/3 8-18 * * 1-5" --timezone "America/New_York" \
  --cron-off-hours "*/15 * * * *" \
  --parallel 4

Layer your alert channels:

• Critical: Immediate (Slack + SMS + PSA ticket) — should be rare (<5/month)
• High: Near-realtime (Slack + email) — expect 10-20/month
• Medium: Batched (hourly Slack digest) — most alerts live here
• Low: Daily email digest — informational only

Tune false positives:

# Suppress known-benign detections
gridlock alert suppress --rule "legitimate-admin-tool" \
  --endpoint "WS-ADMIN-*" --duration 30d

# Tune sensitivity per tenant
gridlock config set --agent threat-researcher \
  --tenant "low-risk-client" \
  --sensitivity reduced

Health score components (0-100):

• Security Posture (30%): Endpoint coverage, vulnerability count, threat resolution time
• Compliance Standing (25%): Framework scores, open gaps, audit readiness
• Agent Engagement (20%): Ticket volume trend, resolution rate, proactive detections
• Operational Health (15%): System uptime, deployment coverage, config drift
• Satisfaction Signals (10%): Response time to alerts, report engagement, support interactions

# Get detailed health breakdown
gridlock health --tenant "client-corp" --detailed

# Compare health scores across all tenants
gridlock health --all-tenants --rank

Quick wins: Ensure 100% endpoint coverage (biggest health factor), resolve all critical compliance gaps within 48 hours, and enable automated ticket resolution.