Findings,
ledgered.
VSNEP — Vectorio Secure NIS 2 Evidence Pipeline. Ingest Suricata IDS alerts and ASA vulnerability findings, normalise into a unified schema, hash-chain into a tamper-evident ledger, ship a self-verifying bundle any national authority or auditor can verify offline.
NIS 2 compliance,
without the spreadsheet.
Essential entities under the NIS 2 Directive must demonstrate cybersecurity risk management to national competent authorities. In practice, evidence is scattered across tools, assembled manually, and delivered as point-in-time reports that cannot be independently verified or reproduced.
VSNEP is the automated pipeline that replaces the spreadsheet. It takes outputs from existing security tooling — Suricata EVE intrusion-detection logs and ASA vulnerability findings in the reference build — normalises them into a unified finding schema, records a tamper-evident hash-chained evidence ledger, seals point-in-time snapshots, and exports self-contained evidence bundles.
The minimal verifier ships with the pipeline. National authorities can replay and verify all evidence artefacts without internet access and without Vectorio's involvement.
Twelve nodes,
four custom for NIS 2.
From nis2-evidence-pipeline.viow. Standard ETL meets four bespoke NIS 2 nodes.
Four signed NIS 2 nodes — Suricata EVE generator, ASA findings generator, hash-chain ledger, snapshot-boundary — sit alongside Protor's standard ETL toolkit.
Mandatory KPIs,
derived from the ledger.
Every KPI value can be recomputed from the exported evidence bundle. Auditors verify the chain, replay the derivation, compare to the export.
| KPI | Target | Derivation |
|---|---|---|
| KPI-1 · Penetration tests provided | ≥ 3 | Distinct campaign_id values with a campaign_end control event in the ledger. |
| KPI-2 · Essential entities supported | ≥ 2 | Energy/OT entity + Water/IT entity, each with sealed snapshot + export bundle. |
| KPI-3 · Vulnerabilities discovered | ≥ 500 | Unique finding_id by deduplication across all sealed snapshots. |
Targets are from the VSNEP proposal package · 8-month project window · TRL 5–6 → 7.
Why this matters.
- Reproducible compliance evidence. Same inputs, same code, same hashes — a year later, on different hardware, in a different jurisdiction.
- Cross-sector by profile, not code. Energy/OT and water/IT share the pipeline; the connector profile selects the right inputs and control-label table. No code changes per sector.
- Offline verification, by design. National authorities run a minimal CLI against the exported bundle. They do not need an account, a key, or a network connection.