The engine

Unified inventory. Control coverage. Real risk scoring.

Risk-based vulnerability prioritization is only as trustworthy as what it knows about your assets. Koopic builds the denominator first - one golden record per device - then layers control coverage and exploit signal on top to rank what actually matters.

Koopic merges asset data from every security tool into one transparent golden record per device, then uses that record as the engine for risk-based vulnerability prioritization. Because Koopic knows each asset's exposure, criticality, and which controls already cover it, it can down-rank vulnerabilities your existing controls neutralize and up-rank the ones that are truly exposed - something tools that only see CVSS, EPSS, and KEV cannot reliably do. The Analysis Table shows exactly which source contributed each field value, so the inputs behind every score are auditable.

The engine, end to end

Three layers, one explainable score

01 · Unified inventory

The trustworthy denominator

One golden record per device, merged and deduplicated across every connected tool. You cannot prioritize risk on assets you cannot see.

02 · Control coverage

What's already defended

Auto-detected and declared controls - EDR, segmentation, WAF, encryption - mapped onto each asset. This is the signal incumbents miss.

03 · Risk scoring

The handful that matter

CVSS + EPSS + KEV combined with exposure, criticality, and coverage into one ranked, explainable queue per asset.

Each layer feeds the next. Remove the inventory and the score has nothing to stand on; remove the coverage and you are back to triaging by CVSS.

THE PIPELINE

Every tool holds a piece of the puzzle.
None holds the full picture.

Koopic connects your entire security and IT stack into one pipeline - from scattered data across dozens of tools to board-ready reports.

EDR
MDM
Cloud
CMDB
Agent
01 / INGEST
Sources
Asset data scattered across disconnected tools.
host
MBP-JSmith
mbp-jsmith
MBP-JSMITH
edr
active
true
null
mdm
active
active
null
user
admin
jsmith
jsmith
seen
2d ago
1d ago
3d ago
02 / NORMALIZE
Mapping
Every source normalized. Field-level priority picks the winning value.
ENRICHMENT AGING EXCLUSIONS EXCEPTIONS COMPLIANCE koopic ENGINE
03 / MERGE
Engine
Dedup and merge logic creates one golden record per device.
Golden Record Live
MBP-JSmith
Active Compliant
OSmacOS 15.2
IP10.0.1.45
Userjsmith
Last Seen1d ago
Sources
04 / UNIFY
Unified Assets
One golden record per device, fully enriched.
Assetstracked
Coveragescored
Riskranked
Exceptionslogged
Exclusionsaudited
05 / REPORT
Reports
Real-time dashboards for leadership and the board.
01 / INGEST
Sources
Asset data scattered across disconnected tools.
EDR
MDM
Cloud
CMDB
Agent
02 / NORMALIZE
Mapping
Every source normalized. Field-level priority picks the winning value.
host
MBP-JSmith
mbp-jsmith
MBP-JSMITH
edr
active
true
null
mdm
active
active
null
user
admin
jsmith
jsmith
seen
2d ago
1d ago
3d ago
03 / MERGE
Engine
Dedup and merge logic creates one golden record per device.
ENRICHMENT AGING EXCLUSIONS EXCEPTIONS COMPLIANCE koopic ENGINE
04 / UNIFY
Unified Assets
One golden record per device, fully enriched.
Golden Record Live
MBP-JSmith
Active Compliant
OSmacOS 15.2
IP10.0.1.45
Userjsmith
Last Seen1d ago
Sources
05 / REPORT
Reports
Real-time dashboards for leadership and the board.
Assetstracked
Coveragescored
Riskranked
Exceptionslogged
Exclusionsaudited
See Koopic in Action

One platform. Complete visibility.

Watch how Koopic unifies your security tools into a single, transparent asset inventory with compliance scoring and full audit trails.

Unified Asset Inventory

One golden record per device

Every device in your organization gets a single, authoritative record - no matter how many tools report on it. Koopic automatically deduplicates across sources using configurable merge keys (hostname, serial number, IP, or custom fields).

  • Automatic deduplication across all sources
  • Configurable merge keys for your environment
  • Untracked asset detection for shadow IT

DESK-PC-0421

Golden Record

COMPLIANT
Hostname DESK-PC-0421
IP Address 10.0.12.47
Operating System Windows 11 Pro 23H2
Serial Number 5CG412KN7Q

Sources (4)

Defender Intune Azure VM OCS Inv.

Analysis Table

Field Defender Intune OCS Inv.
OS Win 11 Pro P1 Windows 11 P2 Win11 Pro P3
IP 10.0.12.47 P2 10.0.12.47 P1 10.0.12.47 P3
Last Seen 2h ago P1 6h ago P2 1d ago P3
P1 = Winning source P2 = Fallback
Analysis Table

See exactly how your data merges

The Analysis Table shows every field from every source, side by side. Color-coded priority badges reveal which source wins each field. Switch between auto (completeness-based) and manual priority with one click.

  • Field-level data lineage across all sources
  • Drag-and-drop priority reordering
  • Auto and manual merge modes
Universal Integrations

Connect your entire security stack

Native API connectors for Microsoft Defender, Intune, and Azure VMs. Cloud storage imports from GCP and Azure. An on-premises agent for local network collection. And a Universal REST API adapter for everything else.

  • Ever-growing library of production connectors
  • Universal REST API adapter for any tool
  • Scheduled ingestion with timezone-aware frequency
See all integrations

Connected Sources

Microsoft Defender

EDR · API Connector

Synced

Microsoft Intune

MDM · API Connector

Synced

On-Prem Agent

OCS + AD · Gateway

Synced

Azure VMs

Cloud · API Connector

Syncing
Unified Vulnerability Management

Know which vulnerabilities to fix first

Once your assets are unified, Koopic merges vulnerability findings onto each golden record and ranks every one by real risk - not raw CVSS. Exploit activity, asset exposure, criticality, and your own compensating controls decide the order, so the team works the queue that actually reduces risk. Included on every plan.

  • Exploit signals: EPSS, CISA KEV, exploit evidence
  • Asset context: exposure, criticality, compensating controls
  • Explainable, org-tunable scores with P0-P3 bands
Explore Unified Vulnerability Management

Prioritized Findings

CVE-2026-20182

KEV · internet-facing · critical asset

P0

CVE-2026-0300

High EPSS · public web tier

P1

CVE-2026-41940

Segmented · EDR covered

P2

CVE-2026-31431

Low likelihood · isolated host

P3

Ranked by exploit activity, exposure, criticality, and controls

Compliance Dashboard

85%
Compliant
342
Non-compliant
48
Unknown
12
AV Healthy 94% pass
EDR Healthy 91% pass
OS Up-to-Date 76% pass
Compliance Rules Engine

Define what healthy looks like

Create compliance rules with nested AND/OR condition trees. Two system rules ship out of the box (AV Healthy, EDR Healthy). Build custom rules targeting any field, any operator, any subset of devices.

  • Real-time per-asset compliance scoring
  • Three-value logic: compliant, non-compliant, unknown
  • Automatic evaluation after every merge
Enrichment Rules

Derive intelligence no single tool provides

Compute new fields from cross-source data using 20+ operations. Aggregate, compare, transform, and apply conditional logic - all without writing code.

  • 20+ operations: max, min, if_then_else, case_when, regex, and more
  • Source filtering to target specific integrations
  • Manual override with one-click revert

Enrichment Rules

Normalize OS Name regex_replace

Standardize OS names across Defender, Intune, and OCS

Auto-Tag Department case_when

Map hostname prefixes to department names

Last Seen Delta date_diff

Calculate days since last check-in across all sources

Source Coverage count

Count how many sources report on each device

Koopic Agent Online

Your Network

Active Directory

OCS Inventory

Zabbix

REST API

SQLite + E2EE

End-to-End Encrypted

Koopic Cloud

On-Premises Agent

Collect from local and on-prem environments

The Koopic Agent is a lightweight Docker container (~30MB) deployed behind your firewall. It collects from Active Directory, OCS Inventory, Zabbix, and any REST API - then pushes encrypted data to Koopic Cloud.

  • End-to-end encryption
  • 4 built-in collectors + Universal REST API
  • Offline queue for intermittent connectivity
Enterprise Security

Security built into every layer

Database-level tenant isolation for hard multi-tenant security. RBAC with viewer, member, and admin roles. Enterprise SSO with OIDC and SAML. A complete audit trail for every action.

Tenant Isolation

Database-level tenant isolation

RBAC

Viewer, member, admin roles with asset groups

Enterprise SSO

OIDC (Entra ID, Google) + SAML (Okta, generic)

Audit Trail

26 action types with before/after tracking

Encrypted Credentials

AES encryption at rest

Sandboxed Code

User-defined rules run in a secure sandbox with strict timeouts

Transparency

You deserve to know how your data merges.

Other platforms merge your data behind closed doors. Koopic's Analysis Table shows you exactly which source contributed each field value, so you can trust the result and override priorities when your team knows best.

  • Priority badges show which source wins
  • Drag-and-drop to reorder source priority
  • Switch between auto and manual merge modes
analysis-table
Field CrowdStrike 1 Intune 2 Defender 3
hostname
WS-PC-0142
WS-PC-0142
ws-pc-0142
os_version
Win 11 23H2
Windows 11
--
last_seen
2h ago
6h ago
1d ago
Winning values highlighted by source priority

Frequently Asked Questions

How does Koopic create a golden record for each asset?
Koopic connects to your security tools and pulls asset data automatically. When multiple tools report on the same device, Koopic merges the records using configurable merge keys (hostname, serial number, or custom fields) and priority rules. The result is one authoritative golden record per device.
What is the Analysis Table?
The Analysis Table is Koopic's transparency feature that shows exactly which data source contributed each field value in a unified asset record. If Defender says one OS version and Intune says another, the Analysis Table shows both and which one was chosen - and why.
How does Koopic handle compliance scoring?
Koopic includes a compliance rules engine that evaluates every unified asset against your defined rules - such as whether an EDR agent is installed or the OS is up to date. Each asset gets an individual compliance score, and you can build dashboards to track compliance across your fleet.
Does Koopic prioritize vulnerabilities?
Yes. Koopic includes Unified Vulnerability Management on every plan. It merges vulnerability findings onto the same golden-record assets, deduplicated per asset and CVE, then ranks each one by real risk using exploit signals (EPSS, CISA KEV), CVSS, asset exposure, criticality, custom priority rules, and compensating controls. Every score has a per-factor breakdown, so the patch order is explainable rather than a black box.
Can Koopic connect to tools behind a firewall?
Yes. The Koopic Agent is a lightweight Docker container deployed on your network. It collects from Active Directory, OCS Inventory, Zabbix, and any REST API, then pushes encrypted data to Koopic Cloud. The Universal REST API adapter can also connect to any tool with an API.
Does Koopic support custom field mappings?
Yes. When connecting a new integration, you can customize how source fields map to the unified asset schema. Koopic also supports enrichment rules with 20+ operations to derive new fields from cross-source data.
WHY THE SCORE IS TRUSTWORTHY

Not a black box that tells you to "trust the number." Every verdict shows its work.

5 reasons
M_01 · EXPLAINABLE reason on every row
Explainable
Scoring you can defend, line by line

Every score carries the factors that produced it - exposed, segmented, control present, in KEV. When leadership or an auditor asks why, you have an answer.

internet-exposed+ escalate
in CISA KEV+ escalate
EDR blocks path− contain
M_02 · CONTROLS transparent deltas
Control‑aware
Adjustments you can see and tune

A compensating control that already neutralizes a finding lowers its priority - and shows the exact, bounded adjustment it made. Nothing happens silently.

segmentation−15
EDR exploit-block−10
net adjustment−25
M_03 · EXPLOIT
EPSS + KEV
Real exploit signal, not just CVSS

We fold in exploit-prediction and known-exploited data.

EEPSS0.91
KCISA KEVlisted ✓
M_04 · COMPATIBLE
Your stack
Works with the scanners you already run

No rip-and-replace. We score on top.

Tenable Qualys Rapid7 Defender + more
M_05 · FOCUS illustrative
~150
Actionable, out of thousands flagged

The list that actually moves risk.

4,900 "critical" ~150 actionable
METHOD · explainable / CONTROLS · transparent / SETUP · your existing scanners
See it on your data

See it on your data.

Bring your scanner output and asset data - we'll show you which findings actually matter on your network, with the reason on every row.

See it on your data Talk to us