Viriatus
VIRIATUS
8 Integrated Modules

The Complete Cybersecurity Platform

Nine integrated modules covering your entire attack surface management, autonomous pentesting, incident response, and governance needs.

External Surface

External Attack Surface

Automated subdomain reconnaissance, technology fingerprinting, vulnerability detection with CVSS/EPSS/KEV, domain intelligence (WHOIS, DNS, SSL), geographic infrastructure mapping, and real-time security score.

Subdomain Discovery

Passive and active enumeration via Certificate Transparency, DNS, crawling, and brute-force.

Technology Fingerprinting

Identification of frameworks, servers, CMS, CDN/WAF with versions and automatic CVE correlation.

Domain Intelligence

WHOIS, DNS records, SSL/TLS analysis, domain reputation, and email security assessment.

Geographic Map

Physical server location visualization with alerts for unexpected jurisdictions.

Security Score Domain Intelligence
View full module
Internal Surface

Internal Attack Surface

Endpoint inventory with health scoring, software with automatic CVE correlation, hardware and network interfaces, security alerts, asset classification (CIA triad), and manual asset management for agentless devices.

Endpoint Inventory

Complete list of computers and servers with health status, OS, tamper protection, and last contact.

Software & Vulnerabilities

Aggregated software inventory with automatic CVE Radar correlation and visual risk indicators.

Asset Classification

CIA classification (Confidentiality, Integrity, Availability), criticality, compliance scope (PCI, GDPR, NIS2).

Manual Assets

Agentless device management: printers, CCTV, IoT, SCADA, medical equipment, building automation.

Security Alerts Asset Classification (CIA Triad)
View full module
Firewall

Firewall Analytics

Universal firewall integration for real-time threat dashboard, application and category traffic analysis, user behavior with anomaly detection, interactive network graph, and detailed IP investigation.

Threat Dashboard

Blocked threats, processed traffic, active users, sessions, and temporal severity distribution.

Traffic Analysis

Application identification, URL categorization, bytes sent/received, session duration.

User Behavior

AD integration for IP→User mapping, per-user analysis, anomaly detection (volume, timing, geolocation).

Network Graph

Interactive communication flow visualization with C2 detection, data exfiltration, and lateral movement.

IP Investigation IP Reputation & Geolocation
View full module
Vulnerabilities

Vulnerability Management

CVE correlation across external and internal surfaces with CVSS v3.1, EPSS, and CISA KEV scoring. Exploit intelligence, smart P1-P4 prioritization, and integrated AI analysis via vCISO for contextualized recommendations.

Multi-Framework Scoring

CVSS v3.1 for severity, EPSS for exploitation probability in the next 30 days, CISA KEV for active exploitation.

Smart Prioritization

P1: KEV (active exploitation) → P2: EPSS>10% or CVSS≥9.0 → P3: Public exploits → P4: Remaining.

Exploit Intelligence

Public exploit count available (Exploit-DB, Metasploit, GitHub PoCs) per vulnerability.

AI Analysis

Executive summary, technical details, CIA impact, remediation roadmap, and risk contextualization via vCISO.

SSVC Prioritization AI Vulnerability Analysis
View full module
Incidents

Incident Response

CNCS taxonomy with 10 classes, 12-state lifecycle, real-time War Room for collaboration, automated response playbooks, CNCS/NIS2 notification workflow, stakeholder communications, public status page, and blameless post-mortems.

War Room

Dedicated channel per incident with typed messages (decisions, actions, system), pinned messages, and complete audit trail.

Automated Playbooks

Pre-built playbooks for each CNCS class: malware, ransomware, intrusion, phishing, DDoS, data breach.

NIS2/CNCS Workflow

4 notification phases with automatic deadlines: Initial Alert → Detailed Notification → End of Impact → Final Report.

Post-Mortems

Structured blameless analysis: timeline, root cause (5 Whys), impact, lessons learned, and action items.

Stakeholder Communications Case Management
View full module
GRC

Governance, Risk & Compliance

Complete GRC suite with FAIR risk analysis and Monte Carlo simulation, risk registry, Business Impact Analysis (BIA), multi-framework compliance (NIS2, GDPR, ISO 27001, PCI DSS), policy management, automated KPIs, DORA vendor management, and AI-generated daily executive summary.

FAIR Analysis

Risk quantification with complete FAIR methodology: TEF, TCap, Resistance Strength, Primary/Secondary Loss, ALE in euros.

Monte Carlo

10,000-iteration simulation: loss distribution, VaR 95%, CVaR 95%, sensitivity analysis, and what-if scenarios.

Multi-Framework Compliance

NIS2, GDPR, ISO 27001, PCI DSS, CIS Controls — with controls, evidence, and gap analysis.

Vendor Management

Registry, certifications, contracts, risk assessments, incidents, and DORA/NIS2 reports.

Business Impact Analysis Automated KPIs
View full module
vCISO

vCISO (Virtual CISO)

AI assistant with RAG over your organization's real data — vulnerabilities, incidents, risks, and compliance. Doesn't give generic advice: contextualizes every response with your data, cites sources, and structures recommendations for different audiences.

Contextualized RAG

Responses based on your real data via Retrieval-Augmented Generation. Your data is never used to train models.

Structured Responses

Executive Summary → Technical Analysis → Business Risk → Prioritized Recommendations → Success Metrics.

Security Frameworks

NIST CSF, MITRE ATT&CK, FAIR, ISO 27001, CIS Controls — contextually referenced in responses.

Daily Executive Summary

Automatic daily report with critical risks, trends, recommendations, and action items for leadership.

CVE Analysis Multi-audience Reports
View full module
Probus

Probus — Autonomous Pentest

Probus is the Viriatus autonomous penetration testing module. It continuously and autonomously performs intrusion tests, identifying exploitable vulnerabilities in your infrastructure before attackers do. Entirely developed by Portuguese engineering, it runs on European Union infrastructure — with no external cloud dependency.

Continuous Autonomous Pentesting

Executes automated intrusion tests 24/7 without human intervention. Identifies and attempts to exploit vulnerabilities in real-time.

Offensive Artificial Intelligence

AI engine that simulates real attacker tactics, techniques, and procedures (TTPs), adapting to your infrastructure context.

Exploit Validation

Does not just detect — proves the vulnerability is exploitable with concrete evidence, eliminating false positives.

Executive and Technical Reports

Detailed reports with evidence, impact, remediation recommendations, and risk scoring. Exportable in PDF.

100% Portuguese Engineering Viriatus Integration
View full module

Architecture

How modules connect in a unified view

SOURCES Reconnaissance XDR / EDR Firewalls CVE / KEV / EPSS VIRIATUS ENGINE Correlation + AI + FAIR OUTPUTS Unified Dashboard Real-time Alerts AI-powered vCISO Compliance Reports MODULES External 01 Internal 02 Firewall 03 Vulnerabilities 04 Incidents 05 GRC 06 vCISO 07 Probus 08
8in1

Ready to know your entire attack surface?

Request a demo and see how Viriatus can unify your organization's security management.

Request Free Demo Talk to Sales

Setup in under 1 hour · CyberS3C or your own infrastructure · Data in the EU