Detection (ODBRANA)
Continuous. Evidence-grounded. Priority scores that reflect what is actually true in your environment right now.
Most vulnerability scanners produce a list and stop there. An analyst receives a report, triages it manually against other data sources, and assembles a picture of what to fix first. That picture is already out of date by the time it's complete.
SPNT's detection module (ODBRANA) writes findings directly into the substrate. The moment a finding is confirmed and its evidence chain is validated, it is immediately visible to every other module on the platform — governance maps it to compliance obligations, offense verification can prove or disprove its exploitability, decision intelligence can reason about it. No export step. No manual correlation. No lag.
What ODBRANA covers
Web Application
Authentication, session management, input handling, access control, business logic, and client-side security across web endpoints. Coverage spans both standard vulnerability classes and stack-specific issues.
API Security
REST and GraphQL scanning — authentication enforcement, authorization logic, rate limiting, input validation, sensitive data exposure. APIs discovered during web scanning are automatically added to API scan scope.
Infrastructure
Network services, exposed management interfaces, default credentials, misconfigurations in cloud-hosted services, and container registry exposure. Findings reference specific asset records.
Cloud Configuration
IAM policies, storage bucket exposure, network security group rules, logging and monitoring gaps, and service-specific misconfigurations. Correlated automatically with telemetry from the same cloud accounts.
The evidence chain
No finding is accepted into the substrate without an evidence chain — an immutable, ordered record of the exact observations that proved the issue exists.
This isn't a nice-to-have. It is what makes everything downstream trustworthy. When the decision intelligence layer recommends a specific finding as the top priority for the day, an analyst can follow the citation to the evidence chain and verify that the recommendation is grounded in real observations rather than a generic severity score.
Evidence chains are immutable after creation. Subsequent re-scans and enrichment update the finding's metadata, but the original evidence chain is preserved as a permanent record of what was observed at detection time.
Priority scoring that moves
Every finding carries a priority score. The score is not static — it is recalculated whenever context changes. The inputs include:
- Severity baseline — standard vulnerability scoring as a starting point.
- Known-exploited status — whether the vulnerability appears in CISA's KEV catalog. A KEV addition significantly increases priority.
- Control validation — whether telemetry has confirmed that the controls mitigating this finding are actually being enforced. A failed control increases the priority of findings it would otherwise mitigate.
- External enrichment — the confidence and weight of any OSINT signals correlating to the finding. A high-confidence credential-leak signal for the affected asset increases priority.
- Exploitability verdict — if offense verification has run against the finding, the verdict carries significant weight.
The result is a score that reflects what is true now, not what was true at scan time.
What changes for an analyst
- Findings are continuously enriched. KEV publications, threat-intel signals, and credential leaks update priority automatically.
- Every finding is traceable back to the exact evidence that produced it.
- Findings know their own compliance status. The governance module already has the mapping.
- For Enterprise customers: findings know whether they are exploitable, because offense verification has either confirmed or denied it.
Tier availability
| Capability | Free | Commercial | Enterprise | Sovereign |
|---|---|---|---|---|
| Web application detection | Limited | Full | Full | Full |
| API security detection | — | Full | Full | Full |
| Infrastructure detection | Limited | Full | Full | Full |
| Cloud configuration detection | — | Full | Full | Full |
| OSINT enrichment | — | Full | Full | Full |
| Reasoning outputs | — | Full | Full | Full |
| Exploitability-aware prioritisation | — | — | Full | Full |
| Autonomous research engine | — | — | Full | Full |
Evaluate detection on your environment
Bring your target environment. We will run a live detection demonstration and show how findings flow from scan to substrate to governance in a single session.