One accurate record of your whole network, an assistant that cites every answer, and the analysis that tells you what to fix first, for the wired estate and the AV estate alike. This is the visual tour of all ten areas, with the proof behind every claim and not a single packet captured.
An operator preview in active development. Everything shown here is built and running today against a real demo network.
CrossConnect reads your network over its management protocols, keeps a current source of truth from what it finds, and turns the problems into a ranked, evidence-backed list of what to do. The product is organized into ten areas. This guide walks every one of them.
What CrossConnect shows you comes from reading the real devices over their management protocols, not from a spreadsheet someone last touched a year ago. The picture is built from the network and refreshed on a schedule.
Where CrossConnect infers something, it labels how sure it is and shows the next check instead of bluffing. No fake precision, anywhere.
It observes switch-derived signals only, no packet capture, no payloads. The assistant advises and cites; it never changes your network, and any write is confirm-before-commit.
No more staring at a dozen dashboards trying to guess what matters. Every risk the platform finds, aging gear, config drift, CVEs, capacity, outages, spoofing, becomes one ranked queue. Open any item and CrossConnect tells you whether a change caused it, and whether that change was even authorized.
The ranked “act on this now” queue across every risk the platform computes, worst first, each with the evidence and the recommended next step.
Walks the tamper-evident audit trail to tell you whether a problem was caused by a change, and flags it when that change carried no authorizing ticket.
The live Layer-2 map built from discovered neighbors. Filter to one service to isolate just the devices and links that deliver it.
Crestron, Q-SYS, Dante, NDI, cameras and codecs are not mysteries on your network anymore. CrossConnect identifies every AV device automatically, types each endpoint by role, proves it is properly walled off from the rest of the network, and verifies that the precision timing your audio and video lock to is healthy. All with zero extra data entry, and not one captured packet.
Every AV endpoint typed by role, codec, display, camera, mic, DSP, encoder/decoder, with a Confirmed / Inferred / Unconfirmed chip. Gear not in inventory is flagged as shadow AV.
A 0–100 segmentation score with ranked findings: a camera reachable from guest, a control port exposed, a shadow device on a sensitive segment, each proven by reachability, not guessed.
Scores whether the timing every Dante/AES67 stream locks to is resilient and in lock, and names the fix when a domain has no backup grandmaster.
_dante._tcp and sourcing AES67 is typed av-microphone, Confirmed; the AV posture score reads 62/100 with one camera reachable from guest; clock health 70/100 flags a domain with no failover.Every device, the modules inside it, the rack it sits in, and the power feed that carries it, one connected chain instead of four spreadsheets that disagree. This is the foundation every other area reasons over, and discovery keeps it current on its own.
Every switch, router, and AP with vendor, model, location, software, role, and status, sortable on every column, the object the rest of the platform hangs risk and connectivity off.
The intent layer: a named outcome (“Dante audio fabric”) with its devices, VLANs, and circuits bound to it, so health and impact roll up to the business outcome, not the box.
Drag-to-place rack elevations with half-width mounting, and a power chain that traces every watt from device PSU through PDU outlet to feed.
Type a MAC and find the exact switch port in one lookup, with the full story of what that endpoint is doing. Follow a VLAN across the fabric. And before you touch anything, ask “what loses connectivity if this device fails?” and get a real answer, simulated against the live network.
The where-is-it lookup with no manual entry, plus the context you would otherwise gather from four separate screens.
Every multicast group in plain language, as a list or a flow map, merged from real traffic and IGMP membership. No packet capture.
Pick a device; CrossConnect removes it from a copy of the live network and reports what loses connectivity and which services are at risk. Empty means verified redundancy.
From the blocks a registry issued you down to the individual host, plus the VLANs, routing instances, and trust planes layered over them. Utilization, overlap, and next-free answers come for free, and purpose labels let the network read by intent instead of by number.
CIDR blocks with status, utilization, overlap detection, and a next-free-subnet answer, the spreadsheet replaced by a working surface.
The estate grouped into trust planes derived from your VLANs, with a matrix showing where planes are bridged, the structure behind every segmentation check.
802.1Q VLANs with the devices that carry them, plus purpose labels (audio, video, control, guest) shared across prefixes and VLANs so intent is explicit.
Stop guessing from configs by eye. CrossConnect builds one formal model of your whole fleet and answers the hard questions: can guest reach the cameras, which change broke that flow, are you passing CIS and PCI, and which device should you fix first. Five overlapping risk lists become one decision per device.
Verifies intended behavior against your real ACLs: does A reach B, and should it? Surfaces the leak nobody catches, isolated in policy but traffic observed.
Name a flow that used to work; CrossConnect binary-searches the config history to find the exact change that broke it, with the diff and time window as proof.
CIS, NIST-CSF, SOC 2, PCI, and ISO scored as data over evidence you already have, one reusable check satisfying many frameworks at once.
Is the site ready? Where is capacity heading? Is this change safe to make right now? CrossConnect answers all three from telemetry it already has, then gives you the automation, maintenance windows, and reports to act. Change safety is the headline: four checks, none of which alone says “safe,” combined into one verdict.
Device health rolled up to the groups that deliver service, by site or role, so you see whether the site is ready, not whether one switch is up.
A pre-flight cockpit that joins reachability, blast radius, live traffic, and the maintenance window into one verdict.
Forecast-to-full across PoE, rack space, bandwidth, and IP, projected onto each network service so pressure reads against a business outcome.
A conversational layer over your whole source-of-truth. Ask in plain English and get an answer drawn from your real records, with the records it used shown right there. It honors who is allowed to see what, says “I don't know” instead of bluffing, and never changes anything without your confirmation.
Ask about your fleet and get cited, formatted answers from the live source-of-truth, with every prompt, retrieval, and output logged.
An improvement loop: a quality score and a backlog of weak answers to work, each pointing at a tool to add or a record to fix.
Provider, model, and an encrypted key per tenant, with a test-connection. Proposed write actions wait in a queue for your approval.
Tenant isolation, roles, an encrypted secrets vault, and a record of every change that cannot be quietly rewritten. Connectors stay dormant until you turn them on, and inbound data passes through a trust gate before it ever becomes truth. This is what lets an auditor, or your insurer, take the platform's word for it.
Every change hash-linked and verifiable, the guarantee behind the “what changed” traces and the compliance evidence.
External assertions arrive as proposals, resolved and confidence-scored, for you to confirm or dismiss. Nothing inbound silently becomes truth.
A one-click, control-mapped evidence pack an auditor or cyber-insurer accepts, assembled live with an integrity verdict on the chain itself.
A guided front door reads your real network and draws its shape, so a newcomer builds a mental model without typing anything. From there, single-job workflows and end-to-end playbooks walk every common task, and a full API reference and data-provenance map back it all up.
Reads your real estate and draws its shape, then previews every operational feature read-only against your own network, so it teaches the product and the network at once.
A searchable library of step-by-step jobs, chained into end-to-end journeys like “onboard a site” or “pass an audit.”
The full REST and webhook reference with copy-paste examples, plus a provenance map of where every piece of data comes from.
/start to see “your network in 60 seconds,” click the AV-fleet tile to see your Crestron and Q-SYS gear, then follow the clickable first-week path, all read-only, nothing at risk.CrossConnect reads your network over its management protocols, keeps a current source of truth from what it finds, and hands you a ranked, evidence-backed list of what to fix, for the wired estate and the AV estate alike, without touching a single packet.