Meet the Hounds Β· toggle theme, then print
CHARON crest
MEET THE HOUNDS

CHARON

EOL / Unsupported Tagging
Charon Hound Β· Category: Threat & Exposure
β€œTag the software that can no longer be saved.”

The ferryman β€” Charon finds the software whose time has passed, and marks it for the crossing: isolate or replace.

THE PROBLEM

End-of-life software is un-patchable risk hiding in the estate. No vendor fix is coming β€” every new CVE against it is permanent exposure. Yet EOL systems rarely announce themselves; they sit quietly in inventory, indistinguishable from healthy software until an auditor or an attacker finds them.

WHAT IT DOES

Charon tags every asset running unsupported or end-of-life software, so you can isolate or replace it deliberately instead of discovering it in an incident. It detects EOL two ways β€” lifecycle text in your findings, and Mimir's endoflife.date enrichment β€” and turns the result into gated, routable tags.

KEY CAPABILITIES

  • EOL detection from lifecycle text β€” finds the β€œno longer supported” evidence already sitting in your scan findings, surfacing unpatchable software with zero new data collection.
  • endoflife.date enrichment via Mimir β€” an independent lifecycle feed catches products whose EOL status the scanner never flags. Two detection paths, unioned, each covering the other's blind spot.
  • Gated EOL tagging β€” the unsupportable population becomes visible, taggable, and routable β€” approved by a human before any write lands.
  • Isolate-or-replace worklist β€” a bounded, evidence-backed modernization queue that turns β€œwe should deal with legacy someday” into a prioritized plan with names on it.

HOW IT WORKS

Charon runs against the local navi.db built from your Tenable data β€” lifecycle signals in the findings, unioned with Mimir's endoflife.date-enriched product map. All writes are proposed, human-approved, and logged.

WHY IT'S DIFFERENT

  • Two detection paths, unioned β€” scanner lifecycle text and an independent lifecycle feed catch what either alone misses.
  • EOL as attack-path evidence β€” Charon's tags feed Fenrir, where unpatchable software becomes a scored foothold, not a footnote.
  • Gated, reviewable writes β€” Charon proposes tags; a human approves.

PROOF POINTS

  • In a reference environment of 268 assets, Charon works the same product map Mimir reconciled from ~28,700 software rows and ~43,700 CPE rows β€” every EOL hit traceable to its lifecycle evidence.

Illustrative demo-lab context β€” not a guarantee. EOL detection depends on inventory coverage; blind or uncredentialed hosts are called out, not hidden.

WORKS BETTER WITH

Charon is unioned with Mimir (lifecycle enrichment), feeds Fenrir (EOL software as foothold evidence in attack paths), and drives Anubis so unpatchable assets carry criticality that reflects the risk.

WHO IT'S FOR

Vulnerability management teams carrying risk they can't patch away, and IT modernization owners who need a prioritized, evidence-backed replacement queue.

CALL TO ACTION

Ask Charon what's already past saving β€” then choose the crossing on your terms.

THE HOUNDS β€” a human-in-the-loop security agent pack for Tenable VM / Tenable One.Gated writes Β· Evidence-first Β· Honest about coverage