Meet the Hounds Β· toggle theme, then print
MIMIR crest
MEET THE HOUNDS

MIMIR

Software Analyzer
Mimir Hound Β· Category: Discovery
β€œThe memory of everything installed.”

Keeper of the well of wisdom β€” Mimir remembers every package, version, and lifecycle across the estate.

THE PROBLEM

Software inventory is fragmented β€” package data says one thing, CPE fingerprints say another, and neither tells the whole story. Teams can't see version sprawl, can't spot end-of-life exposure before it becomes unpatchable, and can't answer the simplest board question: β€œwhich product is dragging the most risk?”

WHAT IT DOES

Mimir merges the software and CPE inventories into one unified product map β€” with a source delta metric showing what each source missed β€” then enriches it with endoflife.date lifecycle data, flags crown-jewel software, builds a β€œbehind latest” worklist, and ranks a risk leaderboard by KEV and critical exposure.

KEY CAPABILITIES

  • Merged product map with source badges β€” reconciles the software and CPE inventories into one product list, each row badged with which source saw it β€” and a delta metric that quantifies what either source alone would have missed.
  • Version-sprawl, most-deployed, and single-install views β€” instantly spot the product running fourteen versions, the package on half the estate, and the one-off install nobody owns.
  • EOL detection + tags β€” endoflife.date lifecycle status lands directly on your inventory, before end-of-life becomes an audit finding or an unpatchable CVE.
  • Crown-jewel software flags β€” role-based ACR suggestions raise the criticality of assets running the software the business depends on, feeding the pack's shared priority currency.
  • Risk leaderboard β€” products ranked by the KEV and critical exposure they drag into the estate, so patching effort lands where risk actually concentrates.
  • Gated tags + CSV export β€” every finding becomes a proposed, human-approved tag or an exportable worklist ready for the patch team.

HOW IT WORKS

Mimir runs against the local navi.db built from your Tenable data: the software and cpes tables reconciled into one map, enriched by a cached endoflife.date lifecycle feed, with the vulns table supplying risk. All writes are proposed, human-approved, and logged.

WHY IT'S DIFFERENT

  • Two inventory sources reconciled, with a delta metric β€” Mimir finds what either source alone misses, and tells you how big the gap is.
  • Lifecycle + risk in one view β€” EOL status and KEV exposure on the same row, instead of two spreadsheets and a prayer.
  • Feeds the pack: its product map powers EOL tagging, AI discovery, and attack-path software evidence downstream.
  • Gated, reviewable writes β€” Mimir proposes tags and ACR suggestions; a human approves.

PROOF POINTS

  • In a reference environment of 268 assets, Mimir reconciled:
  • ~28,700 software rows and ~43,700 CPE rows into a single unified product map β€” with source badges showing exactly which inventory contributed each product.

Illustrative results from a demo lab β€” not a guarantee. Inventory depth depends on scan coverage; blind or uncredentialed hosts are called out, not hidden.

WORKS BETTER WITH

Mimir feeds Charon (EOL tagging from lifecycle data), Anubis (crown-jewel software β†’ ACR calibration), Pythia (AI apps surfaced in CPEs), and Fenrir (exploitable software as attack-path evidence).

WHO IT'S FOR

Vulnerability management teams who need risk-ranked patching; IT asset managers reconciling inventories; patch teams that want one worklist instead of three exports.

CALL TO ACTION

Ask Mimir what's really installed β€” the well remembers everything.

THE HOUNDS β€” a human-in-the-loop security agent pack for Tenable VM / Tenable One.Gated writes Β· Evidence-first Β· Honest about coverage