Integrations

agents: —
MWLB
📚 DocsMythal v0.3

Mythal is scanner-agnostic and patch-tool-agnostic

We are a fabric, not a scanner. Mythal connects to whatever you already run, normalizes the findings, and dispatches remediations through whatever patch tooling you already operate. Below is the catalog with what we read, the canonical-schema mapping, and a connect flow.See the end-to-end flow ↗

Agent reasoning backends

Deterministic

availablerule engine
Zero external dependencies. Best for CI and demos.

Anthropic Claude

no keyopus-4-7 · sonnet-4-6
Supervisor + OT Safety on Opus 4.7; specialists on Sonnet 4.6.

OpenAI

no key
Set OPENAI_API_KEY to enable.

IT vulnerability scanners

click any card → field-mapping + connect

Qualys VMDR

available
Primary IT vulnerability scanner. Reads host detections via /api/2.0/fo/asset/host/vm/detection/ on a 5-minute poll + webhook for fresh findings.
API username + password (Qualys API user) · 5 min poll + webhook · reads 8 fields

Tenable.io / Nessus

available
Secondary IT scanner; valuable for cloud-asset coverage and credentialed scans. Reads /vulns/export and /assets/export.
Access Key + Secret Key · 15 min export job · reads 6 fields

Rapid7 InsightVM

available
Reads Vulnerability and Asset endpoints; useful where customer has Rapid7 as primary instead of Qualys.
API Key · 10 min · reads 4 fields

Wiz

available
Cloud-native scanner. Reads issues + assets via GraphQL; great for AWS / Azure / GCP coverage.
OAuth2 client credentials · 5 min · reads 6 fields

Microsoft Defender Vulnerability Management

available
Endpoint-resident scanner. Reads via Graph Security API.
Entra app registration · 5 min · reads 6 fields

OT vulnerability scanners

click any card → field-mapping + connect

Claroty xDome

available
Primary OT scanner. Passively profiles ICS assets and surfaces vendor advisories. Reads /api/v1/devices and /api/v1/vulnerabilities.
API token · 10 min · reads 6 fields

Nozomi Networks Guardian

available
OT/IoT passive monitor. Reads /api/open/query/do?query=vi_vulnerabilities.
API key · 10 min · reads 4 fields

Dragos Platform

available
OT threat detection; reads via REST API. Critical for rail/pipeline.
API token · 10 min · reads 4 fields

Patch & config management

click any card → field-mapping + connect

Microsoft SCCM / Intune

available
Primary patch tool for Windows estate. Executor agent pushes KBs through SCCM software updates.
Entra app + on-prem SMS Provider service account · on-demand · reads 2 fields

Tanium

available
Real-time endpoint visibility and patch push. Excellent for fast Windows/Linux estate.
API token (signing key) · on-demand · reads 2 fields

IBM BigFix

available
Where customer already has BigFix; Executor uses REST API to dispatch Fixlets.
Master Operator credentials · on-demand · reads 2 fields

Ansible (Tower / AWX / Automation Platform)

available
Linux + network gear patching via Ansible playbooks. Executor invokes job templates.
API token + inventory · on-demand · reads 2 fields

Cisco Catalyst Center

available
Network device patching and config push (IOS-XE).
Cisco DNA Center API token · on-demand · reads 2 fields

Firewall & network

click any card → field-mapping + connect

Palo Alto Panorama

available
Used by OT Safety Officer to deploy compensating controls (ACL tightening + IPS signatures).
API key · on-demand · reads 2 fields

Asset / CMDB

click any card → field-mapping + connect

ServiceNow CMDB

available
Source-of-truth for asset criticality, owner, business service. Reads cmdb_ci table.
OAuth2 / Basic · 30 min · reads 5 fields

Ticketing & change

click any card → field-mapping + connect

ServiceNow ITSM

available
Where applicable, Mythal opens change tickets and pushes evidence back to incident records.
OAuth2 · on-demand · reads 2 fields

Identity & SSO

click any card → field-mapping + connect

Okta / Auth0 / Keycloak

available
SSO + RBAC for approvers. Dual-approval keys bound to specific roles (security_approver, ot_operator).
OIDC · on-login · reads 3 fields