From detection to audit evidence.

01

Detect

Wazuh agents on endpoints, Vyrex Edge in the network, and CVE scanners continuously gather evidence: vulnerabilities, MITRE ATT&CK patterns, suspicious DNS, missing patches, compliance gaps.

02

Normalize

Each finding gets a fingerprint (Wazuh rule + CVE + OS + package + agent). Duplicates merge. Triage computes risk class and business impact.

03

Create measure

Vyrex Ops turns the finding into a measure — with title, description, risk class, suggested fix recipe, and success rate from past runs.

04

Match recipe

The learning knowledge base searches for matching fix recipes (fingerprint exact, then finding_type+OS). Low-success recipes are disabled for auto-run.

05

Get approval

Risky measures require customer approval. You see risk, rollback plan, maintenance window, and success rate — no Wazuh rule IDs without plain text.

06

Execute safely

Pre-check via SSH (or WinRM/RustDesk Assist). If ok: prepare rollback script, run fix, capture output. Every step lands in audit log and Live Debug Center.

Safety modes: Safe (suggestions only), Assist (operator + RustDesk), Full Auto (approval + high success + maintenance window).

07

Verify

Post-check immediately after the fix. On success: recipe success rate +1. On failure: rollback recommendation + automatic debug event. A fresh scan confirms remediation.

08

Document

Every step lands in an audit-ready timeline: Who · When · Which customer · Which action · Pre-check · Post-check · Rollback · Result. NIS-2, GDPR, and TOM evidence ready.