/ 01

Asset Intelligence

Inventory across endpoints, network devices, firewalls, virtualisation hosts and identity. Without an agent on the endpoint.

Five-step matching cascade — assets reconcile across sources by hostname, then serial, then MAC, then IP, then Entra ID. The asset graph stays canonical.
Hardware specs — CPU, RAM, disk, OS and patch level pulled from each connector.
Discovered applications — installed software with version, vendor and category, surfaced from Defender / Intune / SolarWinds.
Change history — every change to an asset is timestamped and audit-logged. Why did this device drop EDR coverage on Tuesday? It's there.

10+ connectors 5-step correlation per-asset history tagging engine

asset · lt-finance-04 grade A

hostnamelt-finance-04.uk.local

serial5CG2401K0Z

mac3a:2b:91:ff:0d:1c

osWindows 11 Pro · 23H2

patch level2026.04 cumulative

edrdefender · healthy

encryptionbitlocker · enabled

last backup4h 12m ago

tagsfinancelondon

sourcesdefender · intune · entra · solarwinds

risk rules · evaluated 60s ago rules active

R-01EDR present and reporting×1.07 fails

R-02OS patch within 30 days×0.812 fails

R-03Disk encryption enabled×1.03 fails

R-04Backup within SLA×0.75 fails

R-05MFA enforced for privileged×1.22 fails

R-06Firewall mgmt-plane segregated×0.90 fails

+ more · CIS / NIST aligned

/ 02

Risk Visibility

A configurable rule set scores every asset against your control posture. A–F grade, control gaps, and a network topology that paints the risk surface.

Asset-class weighting — endpoints, servers, network devices and firewalls aren't graded by the same rubric. Configurable per asset class.
Live network topology — force-directed graph with LLDP / VPN edges and risk-glow node colouring. Find blast radius at a glance.
Control validation — EDR coverage, OS patch level, encryption, backup SLA and MFA coverage continuously checked.
Override with intent — every exception leaves a trail. Risk acceptance is a decision, not an oversight.

configurable rules A–F grades topology graph blast radius

/ 03

Compliance & Operations

Exemptions with audit trail and expiry. A dynamic tagging engine. CIS / NIST mapping. Five report types your auditors actually accept.

Per-asset risk acceptance — exempt a control with a reason, an owner, and an expiry date. Bulk rules supported. Auditor-friendly.
Dynamic tagging — built-in rules plus custom conditions. Tag as critical when the asset is a domain controller AND missing EDR AND in the finance subnet.
Framework mapping — control posture mapped to CIS Critical Security Controls and NIST CSF. Generate evidence for the categories your assessor cares about.
Five report types — executive summary, risk assessment, asset inventory, compliance, connector health. Scheduled delivery to a distribution list.

exemptions tags cis / nist 5 report types scheduled delivery

exemption · srv-legacy-03 accepted

ruleR-01 · EDR present

reasonDecommission window · Q3 2026

ownerm.holland · infrastructure lead

expires2026-09-30

approved byj.tewari · ciso

review cadencemonthly · automatic

audit trail23 events · view

action · enable EDR on 7 devices queued

generatedby R-01 risk rule · 4 minutes ago

scope7 windows endpoints · london

recommendedenrol via Intune · push Defender baseline

servicenowINC0231881 · escalated

assigneedesktop-eng · tier-2

sla48h target · 41h remaining

audit logcsv export · on demand

/ 04

Automation & Integration

The action centre auto-generates remediation tasks. Push them to ServiceNow for escalation, or close them in-platform. Either way, audit-logged.

Action centre — every control gap becomes an actionable task with scope, assignee, and SLA. Group by rule, asset class or owner.
ServiceNow integration — escalate with one click. Track the incident from EtherSight or work it inside ServiceNow.
API access — Professional and above. Pull asset state, push exemptions, integrate with your own pipelines.
Audit-log export — CSV export of the audit log on demand.

action centre servicenow csv export api

/ 05

Infrastructure & Gateway

A Docker agent that lives in your network and reaches systems without cloud APIs. SolarWinds Orion, UniFi Local, Proxmox VE — all in scope.

Why a gateway — most of the systems that matter inside an org don't have public APIs. Your firewall mgmt plane lives on a VLAN. Your virtualisation host expects local credentials. The gateway reaches those.
What it runs — single Docker container, low-footprint Node runtime, mTLS back to the EtherSight cloud. No inbound ports.
Multi-tenant ready — gateways are per-tenant, scoped to the connectors you assign them. Audit-logged at the cloud.
Where it sits in pricing — Professional and above. Community and Starter use cloud-only connectors.

docker mtls no inbound per-tenant

gateway · uk-1 healthy

imageethersight/gateway:1.0.0

uptime21 days · 7h

cpu0.3% avg · 256 MB resident

connectorssolarwinds · unifi · proxmox

last sync42 seconds ago

egressmtls · port 443 · *.ethersight.app

ingressnone

secretsaes-256-gcm · sealed at rest

integrations · 10+ live · more on the roadmap

Connect what you have. Roadmap what you don't.

Built connectors are tested and live in production. Roadmap connectors are scoped, prioritised, and confirmed with launch customers — not vapour.

/ identity & productivity

Microsoft Entra IDlive

Microsoft 365live

Microsoft Intunelive

Oktapost-ga

Google Workspacepost-ga

Jamfpost-ga

/ endpoint & edr

Microsoft Defender for Endpointlive

CrowdStrike Falconpremium · post-ga

SentinelOnepost-ga

/ network & firewall

FortiGatelive

Cisco Merakilive

UniFi Networklive · gateway

SolarWinds Orionlive · gateway

/ virtualisation & storage

Proxmox VElive · gateway

/ itsm & observability

ServiceNowlive · escalation

Qualys VMDRpremium · post-ga

Tenable Security Centerpremium · post-ga

Need a connector that isn't here? Tell us — we prioritise based on launch-customer asks.

Five modules. One operator-grade view.

Request a demo and we'll walk you through your own attack surface, using your own connectors. Not a sandbox.

Request a demo See pricing

Five modules, one operator view.