graph LR
%% -------------------------
%% Weakness Signal Acquisition
%% -------------------------
subgraph Weakness Signal Acquisition
AcquireFindings[Acquire Exposure Signals<br/><sub>~145M findings / month</sub>]
ValidateIngest[Assert Coverage & Freshness]
NormalizeFindings[Normalize & De-duplicate Findings]
AcquireFindings --> ValidateIngest
end
%% -------------------------
%% Incident Response
%% -------------------------
subgraph Incident Response
IdentifyExposure[Identify Active Exposure]
SupportDecisions[Support Incident Decisions]
IdentifyExposure --> SupportDecisions
end
%% -------------------------
%% Threat Context
%% -------------------------
subgraph Threat Context
ObserveExploitation[Observe Active Exploitation]
AnticipateThreats[Anticipate Likely Exploitation]
AnticipateImpact[Anticipate Possible Impact]
EstablishThreatContext[Establish Threat Context]
ObserveExploitation --> EstablishThreatContext
AnticipateThreats --> EstablishThreatContext
AnticipateImpact --> EstablishThreatContext
end
%% -------------------------
%% Business Context
%% -------------------------
subgraph Business Context
GatherAssetSignals[Gather Asset Signals]
AnchorToAssets[Anchor Findings to Assets<br/><sub>~3.5M assets</sub>]
EstablishExposedServices[Establish Affected Services<br/><sub>~9k services</sub>]
GatherAssetSignals --> AnchorToAssets
AnchorToAssets --> EstablishExposedServices
end
%% -------------------------
%% Ownership & Accountability
%% -------------------------
subgraph Ownership & Accountability
GatherOwnershipSignals[Gather Ownership Signals]
EstablishFixOwnership[Establish Fix Ownership<br/><sub>hundreds of owners</sub>]
EstablishRiskOwnership[Establish Risk Ownership<br/><sub>hundreds of owners</sub>]
GatherOwnershipSignals --> EstablishFixOwnership
GatherOwnershipSignals --> EstablishRiskOwnership
EstablishExposedServices --> EstablishRiskOwnership
end
%% -------------------------
%% Posture Construction
%% -------------------------
subgraph Posture Construction
ApplyContext[Apply Asset, Threat & Business Context]
PrioritizeRisk[Derive Risk Priority]
NormalizeFindings --> ApplyContext
EstablishExposedServices --> ApplyContext
EstablishThreatContext --> ApplyContext
ApplyContext --> PrioritizeRisk
end
%% -------------------------
%% Posture State & Aggregation
%% -------------------------
subgraph Posture State & Aggregation
StabilizeState[Maintain Long-Lived Risk State<br/><sub>millions of concurrent exposures</sub>]
AggregateExposure[Aggregate Exposure by Area]
DeriveTrends[Derive Trends & Signals]
StabilizeState --> AggregateExposure
AggregateExposure --> DeriveTrends
end
%% -------------------------
%% Response Mobilisation
%% -------------------------
subgraph Response Mobilisation
AssignResponsibility[Resolve Accountability<br/><sub>fix vs impact</sub>]
EnableAction[Enable Remediation Action]
AssignResponsibility --> EnableAction
end
%% -------------------------
%% Publication & Communication
%% -------------------------
subgraph Publication
PrepareOutputs[Translate State for Humans]
PublishFindings[Publish Risk Signal<br/><sub>hundreds of views, not millions of rows</sub>]
end
%% -------------------------
%% Flows
%% -------------------------
ValidateIngest --> NormalizeFindings
EstablishFixOwnership --> AssignResponsibility
EstablishRiskOwnership --> AssignResponsibility
PrioritizeRisk --> AssignResponsibility
AssignResponsibility --> StabilizeState
DeriveTrends --> PrepareOutputs
PrepareOutputs --> PublishFindings
PublishFindings --> IdentifyExposure
