Collect NetFlow v9 flow records from firewalls/routers to identify suspicious communication patterns and risky egress behaviorβthen correlate traffic with discovered assets and vulnerabilities for faster triage.
Multiple confidence tiers to reduce false positives: Level 0 (vulnerability match & exposure evidence), Level 1 (safe validation / configuration checks), Level 2 (internal simulated attack validation - controlled).
Centralized alerting with clear severity and recommended next actions (fix, isolate, block, validate).
Comprehensive vulnerability scans with customizable profiles. Auto-triggers on high-severity CVE discoveries.
Fingerprint database detects services, service engines, and code running on systems for accurate identification and vulnerability matching.
Real-time CVE feeds from NVD, CISA KEV, GitHub, OSV, and ExploitDB. Over 320,000 vulnerabilities tracked.
Exploit Prediction Scoring System integration to prioritize vulnerabilities based on real-world exploitation probability.
Deploy bootable honeypot sensors with 8 services (SSH, HTTP, MySQL, etc.) to capture attack intelligence.
Capture and track compromised credentials from attacker login attempts. SHA256 hashed for security.
Automatic subdomain enumeration using DNS, Certificate Transparency, and brute-force techniques.
Generate custom bootable ISOs for onsite sensor deployment with preconfigured agent and honeypots.
Monitor assets, scans, findings, and threat intelligence in a unified dashboard with dark mode support.
Deployed agents check for updates every 4 hours and self-update with automatic rollback on failure.
Track active scans and discoveries with live progress indicators and background task monitoring.
Instant toast notifications for scan starts, completions, and errors with auto-dismiss and manual control.
Automated network device discovery per agent with MAC address tracking and device fingerprinting.
Agent error logging with alerting for failed scans, connectivity issues, and operational problems.