Deploy a lightweight agent to perform real 7-stage nmap-based network scans across your infrastructure. Findings are automatically enriched with CVE details, EPSS scores, exploitability analysis, and compliance control mappings.

• Local agent scans: Host Discovery → Port Detection → CVE Pattern Matching
• VulnGuard AI — AI false-positive analysis with multi-model support
• CSV bulk import + severity re-cast workflow with approval chain
• Full scan history, results view, and per-finding AI verdicts

Full enterprise patch lifecycle with 17 workflow states from identification through deployment and verification. The AI Patch Engine researches CVEs in real time, generates safe execution plans, and supports auto-rollback on failure.

• 17-state ITIL patch workflow: Draft → Review → Approved → Scheduled → Deployed → Verified
• AI Patch Engine: CVE research, safe execution plan generation, rollback strategy
• ServiceNow bi-directional integration — patches sync as change tickets
• Patch agent (Windows + Linux) with command allowlist and dry-run support

Run end-to-end security awareness programs directly inside Defend360. Deliver training campaigns, measure completion rates, and launch realistic phishing simulations to benchmark your team's resilience.

• Training programs with enrollment tracking and completion reporting
• Email campaigns via SendGrid (primary) or Mailchimp — target by department or AD group
• GoPhish phishing simulation — create groups, templates, and campaigns via live API
• 12+ third-party integrations: KnowBe4, Proofpoint, Microsoft Defender, and more

Transform alert overload into automated, structured response. Define IF-THEN playbooks that trigger on inbound webhooks and automatically create incidents, enrich IOCs, notify your team, raise ServiceNow tickets, or launch vulnerability scans.

• Inbound webhooks with HMAC-SHA256 signature verification and alert deduplication
• Playbook builder — ordered action chains with per-step conditions and on_failure control
• 8 built-in action types: create incident, enrich IOC, notify Slack/Teams, open ServiceNow ticket, run vuln scan
• Human approval gate — playbooks pause and wait before executing high-risk actions
• Response metrics dashboard: MTTD, MTTR, automation rate, and alert volume trends

Deploy the Defend360 agent inside your network to continuously discover and inventory assets without relying on cloud-side scanning. The agent reports discovered hosts, open services, and operating system details directly into your asset register.

• Lightweight Python agent for Windows and Linux — installs in minutes
• Adaptive polling: agent check-in intervals adjust based on active scan state
• Discovered assets auto-populate the Asset Register with host, service, and OS data
• Stale scan watchdog — Celery beat automatically clears stuck or timed-out scan jobs

Log, classify, and manage security incidents through a full lifecycle workflow. Incidents link directly to vulnerabilities, risks, assets, and audit findings — giving you a unified picture of what happened and what was done about it.

• 7-status lifecycle: Open → In Progress → Contained → Eradicated → Recovered → Closed → Cancelled
• Timeline, notes, tasks, evidence attachments, and full audit trail per incident
• Auto-incident creation from high/critical vulnerability findings and IOC enrichment
• Linked severity re-cast: approved vuln re-casts automatically close associated incidents