# UAML Security Report — last 30d

- **Host:** `vmi3100682`
- **Period:** 2026-04-09 17:44 UTC → 2026-05-09 17:44 UTC
- **Generated:** 2026-05-09 17:44:47 UTC

## Summary

- **Security events:** 47 (critical=1, warning=16, info=30)
- **Audit runs:** 1
- **Auto-remediation runs:** 0
- **Baseline applies:** 0
- **Operator audits received:** 0

## Security score trend

- Latest: **30** (2026-05-09)
- Min: 30
- Max: 30
- Avg: 30.0

| Date | Score | Critical | Warnings |
|---|---|---|---|
| 2026-05-09 | 30 | 3 | 2 |

## Repeated incidents (≥3 occurrences)

| Source | Title | Count |
|---|---|---|
| `wal_truncate_maintenance` | WAL truncate maintenance warning | **4** |
| `wal_truncate_maintenance` | WAL truncate maintenance dry-run warning | **3** |
| `prod3-mesh-fix` | prod3-mesh-fix-1777370406 | **3** |
| `prod3-debug` | prod3-debug-1777370362 | **3** |
| `prod3-test` | prod3-e2e-repeat-test-1777370339 | **3** |

## Critical events (1)

- **2026-04-28 08:40:09** `auto_remediation` — unexpected_reboots: alert-only
  - cross-check Contabo panel login history; review systemd-logind events

## Events by source

- `perf_bench_full`: 20
- `wal_truncate_maintenance`: 9
- `enforcer`: 4
- `operator_advisor`: 3
- `prod3-mesh-fix`: 3
- `prod3-debug`: 3
- `prod3-test`: 3
- `security_report`: 1
- `auto_remediation`: 1

## Recommendations

- Review critical events above; investigate any pattern that auto-remediation could not resolve.
- Repeated incidents (≥3×) suggest a chronic condition — consider raising the relevant pattern's risk in `auto_remediation.py` or upgrading propose-only → aggressive.
- Score dropped below 70 at least once — re-run `uaml.security.enforcer apply` and check `--dry-run` output.
- No operator workstation audits received this period; consider running the recipe from /security on your local machine.