AGENT Autonomous Vulnerability Management

VulnAgentic

An autonomous AI-driven agent that consolidates fragmented vulnerability data from multiple enterprise scanners into a unified, trustworthy service with full traceability and confidence scoring.

View Source See Architecture
vulnagentic pipeline
$ python -m src.agent.cli run
[00:00.1] Initializing database & seeding CMDB...
[00:00.3] Reading Qualys assets (247 records)
[00:00.4] Reading Tenable vulns (1,024 records)
[00:00.8] Normalizing to unified schema...
[00:01.2] Deduplicating: 38 duplicate groups found
[00:01.5] Merging with confidence scoring (avg: 0.91)
[00:01.8] Pipeline complete. 5 BU summaries generated.
[00:01.9] API server running on http://localhost:8000
ARCHITECTURE

9-Step Deterministic Pipeline

Same inputs always produce the same outputs. Every decision is traced, every merge is scored, every anomaly is flagged.

Ingest

Read CSV feeds from Qualys, Tenable, and CMDB asset sources

Normalize

Map source fields to unified schema with derived criticality scores

Deduplicate

Group duplicates by FQDN + CVE match keys across all scanners

Merge

Apply deterministic rules with confidence scoring and conflict resolution

Summarize

Top 10 vulns per business unit, risk-ranked with alert thresholds

CAPABILITIES

Built for Enterprise Security

Production-grade vulnerability consolidation with explainability at its core.

Multi-Scanner Consolidation

Unifies Qualys and Tenable vulnerability data with CMDB asset enrichment into a single source of truth.

Confidence Scoring

Every merged record gets a 0-1 confidence score based on source agreement, FQDN match, IP match, and data completeness.

Decision Audit Trail

Every merge decision is logged: chosen values, alternatives, reasoning, and confidence breakdown. Full traceability.

Data Quality Engine

Tracks missing fields, empty rows, low-confidence merges, and asset-vuln mismatches. Reports DQ metrics via API.

Alert Thresholds

Configurable critical and high vulnerability thresholds per business unit. API endpoint identifies BUs needing escalation.

Config-Driven

All business logic externalized in manifest.yaml: field mappings, merge policies, derivation rules, and confidence weights.

ENDPOINTS

Clean REST API

Six endpoints exposing consolidated vulnerability data, summaries, alerts, and quality metrics.

api/v1
GET /health // status, version, timestamp
GET /summary // all BU summaries (or by date)
GET /summary/{business_unit} // top 10 vulns for a BU
GET /assets/{asset_id} // asset details + open vulns
GET /alerts // BUs exceeding thresholds
GET /dq-metrics // data quality from latest run
STACK

Technology

Python 3.11+ FastAPI SQLAlchemy 2.0 SQLite Pandas Pydantic v2 Docker PyYAML Uvicorn pytest