Basirah capability map
Eight capabilities. One execution loop.
Everything your vulnerability management program needs, from ingestion to sealed evidence.
Bassistant Intelligence
More than an assistant — Bassistant is a decision engine. It searches your live findings, risk scores, and compliance posture, builds a grounded recommendation, and cites every source it drew from.
- "What should we fix this week?" returns priorities ranked by financial exposure, not CVSS
- Every recommendation cites the specific finding, risk score, or compliance control it drew from
- Preview expected blast radius before any action executes
- Sensitive actions route through approval workflows. Nothing fires without operator confirmation
Fix Now Queue
One prioritized queue from all your scanners. FAIR-based risk scoring and asset ownership drive the order.
- Automatic asset-owner assignment from CMDB and cloud tags
- Drag-and-drop sprint planning with team assignment and due dates
- Filter by severity, SLA status, team, scanner source, or risk score
- One-click bulk actions: assign, snooze, accept risk, or escalate
FAIR Risk Quantification
Quantify risk in dollars, not severity labels. Monte Carlo simulation gives you P50 and P95 annualized loss for every finding group — the financial clarity a board expects.
- Risk attribution drills down by business unit, application, or control gap
- What-if modeling forecasts the impact of remediation campaigns before you commit
- Side-by-side comparison: current exposure vs post-remediation projection
- Board-ready PDF export with executive summary and trend charts
Independent Verification
Closed doesn't mean fixed. Independent re-scans across multiple scanners auto-reopen findings that fail.
- Automated re-scan orchestration triggered on status change
- Multiple scanners cross-check every fix to eliminate single-scanner blind spots
- Auto-reopen with full audit trail when verification fails
- Verification history tracked per finding so nothing slips through re-certification
Audit Evidence Packages
Your auditor gets a tamper-proof chain from scan to sign-off. Every action, scan result, and approval is cryptographically sealed and mapped to controls.
- SHA-256 hash links between evidence blocks prevent tampering without detection
- Pre-built control mappings for 20+ compliance frameworks
- One-click export of complete evidence packages as ZIP or PDF
- Auditor-friendly timeline view with linked source artifacts
SLA Enforcement
Every finding gets a deadline. Critical: 24h. High: 72h. Basirah tracks, escalates on breach, and logs every exception.
- Configurable severity-to-SLA mapping with grace periods
- Multi-tier escalation chains: owner, manager, CISO
- Breach logging with root-cause fields for trend analysis
- SLA clock pauses for accepted risk or vendor dependency windows
Ticket Dispatch
One finding, one ticket — guaranteed. Basirah dispatches to Jira, ServiceNow, and Azure DevOps with built-in deduplication and bi-directional status sync.
- Dispatch fires exactly once per finding. Retries never create duplicate tickets
- Native connectors for Jira, ServiceNow, and Azure DevOps
- Deduplication matches on CVE, asset, and scanner source to prevent duplicates across scanners
- Bi-directional sync keeps ticket status and finding status in lockstep
Compliance Mapping
See compliance posture across every major framework from a single screen. Real-time scoring updates as findings are remediated.
- Pre-built mappings for 20+ frameworks including ISO 27001, SOC 2, NIST CSF, PCI DSS, NCA ECC, DORA, and NIS2
- Real-time posture scoring per framework with drill-down by control
- Gap analysis highlights unaddressed controls with remediation guidance
- Cross-framework deduplication avoids redundant work across audits
See it live
Walk through the platform
Book a focused demo and review how Basirah takes you from finding to verified fix.