Piscium

Features

Everything You Need to Close the Exposure Gap

From discovery to remediation, Piscium provides end-to-end continuous threat exposure management with capabilities purpose-built for critical infrastructure.

Request a DemoHow It Works
Feature ecosystem overviewDiscoveryAttack PathValidationIntegrationsArchitectureCTEM

Attack Surface Discovery

Continuously discover and inventory every asset across your IT and OT environments — including shadow IT, unmanaged devices, and internet-facing services. Piscium's discovery engine maps your true attack surface in real time, so you never operate on stale data.

  • Passive-first discovery that never disrupts OT operations
  • Automated asset classification by criticality and function
  • Real-time inventory updates as infrastructure changes
  • Cross-network visibility spanning IT, OT, and cloud environments
Attacker-side continuous discovery: radar sweep scanning network nodesRadar dish with a sweep beam rotating over concentric rings, scanning network nodes that pulse when the beam passes. Represents continuous attacker-side discovery across cloud, on-prem, and OT environments.Continuous DiscoveryCloud · On-Prem · OT/ICS

Attack Path Mapping & Prioritization

Dynamic attack graphs model how threats chain across your infrastructure — mapping lateral movement paths, privilege escalation routes, and blast radius for every validated exposure. Prioritization is driven by business impact, not just CVSS scores.

  • Real-time attack graph generation and continuous updates
  • Business-context scoring that factors asset criticality and regulation
  • Blast radius calculation for every exploitable path
  • Visual choke-point identification for efficient mitigation
Simulated attack path traveling from internet-exposed asset through chained steps to a critical assetA multi-hop attack path from Internet through Firewall, App Server, Database to Critical Asset. A particle travels the path illustrating how an adversary chains vulnerabilities across network segments.InternetFirewallApp ServerDatabaseCritical Asset

Continuous Validation & Attack Emulation

Autonomous offensive AI agents continuously validate real-world exploitability of discovered exposures. Unlike periodic pen tests, Piscium's validation runs 24/7 — adapting to infrastructure changes and emerging threats in real time.

  • Autonomous AI agents mimicking real adversary behavior
  • Continuous validation across IT, OT, and cloud environments
  • Safe, non-disruptive emulation for OT/ICS systems
  • Evidence-backed proof of exploitability for every finding
Attack path validation: shield icon verifying security fixes with animated pulse ringsA shield icon with concentric pulse rings validates that attack paths are broken. Two path segments separate and a green check confirms remediation success.Continuous ValidationAutomated re-tests · Evidence capture · Drift alerts

Integrations (SIEM, ITSM, Cloud & More)

Piscium connects to your existing security stack in minutes. Native connectors for SIEM, SOAR, ITSM, vulnerability scanners, cloud platforms, and EDR tools — plus a full REST API and real-time webhooks for custom workflows.

  • Pre-built connectors for Splunk, Microsoft Sentinel, ServiceNow, Jira, and more
  • Bi-directional data sync and automated remediation workflows
  • Full REST API with OAuth 2.0 authentication
  • Real-time webhook notifications for exposure and remediation events

Native Connectors

Pre-built integrations across your security stack. Click any connector for setup details.

SIEM & SOAR

Microsoft Sentinel

Native integration with Microsoft Sentinel via the Log Analytics Data Collector API. Piscium streams validated exposures, attack graph snapshots, and remediation events into custom Sentinel tables. Analytics rules can correlate Piscium findings with Defender, Entra ID, and Azure activity logs for enriched threat detection.

Palo Alto XSOAR

Full SOAR integration with Palo Alto Cortex XSOAR. Piscium validated exposures automatically create XSOAR incidents with structured context — CVE details, affected assets, attack path visualization, and recommended fix actions. XSOAR playbooks can orchestrate Piscium re-scans, update remediation status, and close the loop on validated fixes.

Splunk

Bi-directional integration with Splunk Enterprise and Splunk Cloud. Piscium forwards validated exposure events, attack graph updates, and remediation status changes as structured CIM-compliant events into Splunk indexes. Splunk correlation searches can trigger Piscium re-scans via the REST API, creating a closed-loop detection-validation workflow.

IT Service Management

Jira

Automated ticket creation and lifecycle management in Jira Cloud and Jira Data Center. Piscium creates detailed remediation tickets with exposure evidence, affected asset inventory, fix recommendations, and SLA deadlines. Ticket status changes in Jira automatically update remediation tracking in Piscium, and resolved tickets trigger verification re-scans.

ServiceNow

Enterprise ITSM integration with ServiceNow ITOM and Security Operations. Piscium creates and manages Change Requests, Incidents, and Vulnerability Response records with full exposure context. CMDB asset enrichment keeps the ServiceNow asset inventory synchronized with Piscium's continuously updated discovery data.

Vulnerability Scanners

Qualys

Integration with the Qualys Cloud Platform including VMDR, Policy Compliance, and Global AssetView. Piscium ingests Qualys vulnerability detections and asset inventory data, validates which findings represent exploitable paths, and enriches Qualys TruRisk scores with confirmed exploitation evidence.

Rapid7 InsightVM

Integration with Rapid7 InsightVM (Nexpose) for vulnerability data ingestion and validated risk enrichment. Piscium consumes InsightVM scan data and asset metadata, validates exploitability with autonomous AI agents, and writes validated exposure status back to InsightVM tags and custom attributes for unified dashboarding.

Tenable

Bi-directional integration with Tenable Vulnerability Management (formerly Tenable.io) and Tenable.sc. Piscium ingests Tenable scan results as discovery inputs, then validates which vulnerabilities are actually exploitable in your environment. Validation results and risk re-scoring are pushed back to Tenable for unified reporting.

Cloud Security

AWS Security Hub

Native integration with AWS Security Hub using the ASFF (AWS Security Finding Format). Piscium imports findings from Security Hub aggregated sources — GuardDuty, Inspector, Macie, and third-party tools — validates exploitability across your AWS and hybrid infrastructure, and publishes validated exposure findings back to Security Hub for centralized visibility.

Endpoint Detection & Response

CrowdStrike Falcon

Integration with CrowdStrike Falcon platform including Falcon Insight EDR, Falcon Spotlight, and Falcon Discover. Piscium ingests endpoint detection data, vulnerability assessments, and asset inventory from Falcon to enrich attack graph modeling. Validated exposures can trigger Falcon Real Time Response actions and Falcon Fusion SOAR workflows.

Architecture & Deployment

Deploy Piscium in the model that fits your security and compliance requirements — fully managed SaaS, hybrid with on-premise sensors, or entirely on-premise for air-gapped OT environments.

  • SaaS: Fully managed, zero infrastructure overhead
  • Hybrid: On-premise sensors with cloud orchestration
  • On-premise: Full deployment behind your firewall for air-gapped networks
  • SOC2 Type II certified infrastructure across all deployment models
Platform architecture diagram showing connectors feeding into the CTEM engine and out to integrationsArchitecture diagram: connectors (Cloud, On-Prem, OT/ICS) on the left feed data into the central CTEM engine (Discover, Prioritize, Validate), which outputs to SIEM, ITSM, and Dashboard on the right.CONNECTORSCTEM ENGINEOUTPUTSCloudOn-PremOT / ICSDiscoverPrioritizeValidateSIEMITSMDashboard

REST API

Piscium's RESTful API provides programmatic access to every platform capability.

GET/api/v1/exposures

List all validated exposures with filtering by severity, asset, category, and remediation status.

POST/api/v1/scans

Trigger an on-demand scan targeting specific asset groups, networks, or OT zones.

GET/api/v1/attack-graphs/{id}

Retrieve a dynamic attack graph with exploitable paths, blast radius, and business-impact scores.

POST/api/v1/remediations

Create a remediation task with assignee, priority, SLA, and linked exposure references.

Webhooks

Subscribe to real-time events from the Piscium platform. Webhook payloads are signed with HMAC-SHA256 for integrity verification.

exposure.validated

Fired when an offensive AI agent successfully validates a new exposure.

remediation.status_changed

Fired when a remediation task transitions state.

compliance.threshold_breached

Fired when risk score crosses a configured compliance threshold.

Ready to Connect Your Stack?

See Piscium integrate with your environment in a live demo.

Request a Demo