Skip to content

First Scan

After the agent installs, it runs an initial scan within 1–2 minutes. What happens:

1. System inventory

The agent collects:

  • OS version, kernel, hostname
  • Installed packages (apt, brew, dnf, winget, etc.)
  • Running services and open ports
  • Browsers and their extensions
  • USB devices

2. Security checks

210+ checks run across categories:

  • OS updates
  • Firewall configuration
  • Disk encryption (BitLocker, FileVault, LUKS)
  • Password policy
  • Antivirus / EDR presence
  • SSH hardening (Linux/macOS)
  • SUID binaries audit
  • Audit logging

3. Vulnerability scan

Detected packages are cross-referenced with:

  • OSV.dev (open source vulnerabilities)
  • CISA KEV (actively exploited CVEs)
  • EPSS (exploit probability scoring)
  • NVD (National Vulnerability Database)

4. Risk scoring

Each finding is scored using RICE methodology:

  • Reach — how many devices affected
  • Impact — severity (CVSS + KEV flag)
  • Confidence — data quality
  • Effort — remediation difficulty

Score determines priority in your Recommendations tab.

What you see

After scan completes, your dashboard updates in real-time with:

  • Security Score
  • Top vulnerabilities
  • Compliance gaps
  • Prioritized action list