# Centraleyezer > Risk-Based Vulnerability Management (RBVM) platform for enterprises, MSSPs, and regulated industries. European, self-hosted (or EU-SaaS), with contextual risk scoring built from DREAD, asset criticality, network exposure, exploitability, CTI signals, and a Human-AI reaction loop. For the long-form, machine-readable summary: https://centraleyezer.io/llms-full.txt ## What Centraleyezer is Centraleyezer prioritises vulnerabilities by actual business risk to your environment, not by raw severity scores. It supports NIS2, DORA, ISO 27001, PCI-DSS, EU Cyber Resilience Act (CRA), UAE Information Assurance Standards (IAS / NESA / SIA), and CBUAE Cyber Risk Regulations audit and evidence work. It is operated by Sandline SRL (Romania). ## What Centraleyezer does - **Risk-Based Vulnerability Management**: Contextual six-factor risk score per finding — DREAD, asset criticality, network exposure, exploitability in your environment, CTI signals, and a Human-AI feedback loop that adapts risk based on the asset owner's reaction time. CVSS, EPSS, and CISA KEV are NOT used as scoring inputs. - **Asset Management**: IPs, websites, applications, custom assets with group-based access control and business criticality scoring. - **Scanner Integrations**: Nessus, Tenable.io / Tenable SC, Qualys VMDR, Rapid7 InsightVM, Burp Suite Enterprise, Acunetix, AWS Inspector, Trivy, Shodan, SSL Labs, Wazuh, Detectify, Harbor, AgentSec, HCL AppScan, Red Hat Satellite, Censys, Invicti, CIS-CAT, OpenVAS. - **Compliance Evidence**: Vulnerability data and audit trails mapped to NIS2, DORA, ISO 27001, PCI-DSS, and CRA. Three vulnerability report views (Executive / CISO / Technical) generated as customisable DOCX templates. Centraleyezer supports compliance; it does not generate framework-specific compliance reports themselves. - **Remediation Workflows**: Action plans with assignee, deadline, SLA tracking, risk acceptance, full audit trail. REST API for ticketing. - **MSSP Multi-Tenancy**: Dedicated isolated container instance per client. Centralised admin console, reseller API, pooled licensing. - **Authentication**: LDAP/AD, SSO (SAML 2.0), Entra ID / Azure AD (OAuth2/OIDC), 2FA (TOTP), local. - **Deployment**: Self-hosted Docker, or SaaS (EU-hosted, 10 GB per tenant). Air-gap capable. Licence durations: 30-day trial, 1–5 years. ## Differentiators - Contextual six-factor scoring, not CVSS + EPSS + CISA KEV. - Human-AI reaction loop adapts risk to your team's actual response patterns. - EU-built, EU-hosted (or self-hosted), with full data sovereignty. - MSSP-native multi-tenancy with full per-client isolation. - Compliance evidence generation, not compliance report generation — the customer keeps ownership of the framework reports. ## Pricing Three tiers — all assets, findings, and user seats are unlimited: - Professional (SaaS) — €599/month, billed annually. 10 GB per-deployment cap (DB + files combined). - Enterprise — Self-hosted, custom pricing. - MSSP — Multi-tenant, custom pricing. Trial: 30 days, fully featured. ## Key pages - [Home](https://centraleyezer.io/) — Platform overview - [Platform](https://centraleyezer.io/platform) — Full feature breakdown - [Why RBVM](https://centraleyezer.io/risk-based-vulnerability-management) — Methodology, the case for contextual scoring - [NIS2](https://centraleyezer.io/compliance/nis2) — NIS2 Article 21 mapping - [DORA](https://centraleyezer.io/compliance/dora) — DORA Article 9 mapping - [ISO 27001](https://centraleyezer.io/compliance/iso-27001) — Annex A.8.8 mapping - [PCI-DSS](https://centraleyezer.io/compliance/pci-dss) — Requirement 6 mapping - [CRA](https://centraleyezer.io/compliance/cra) — EU Cyber Resilience Act mapping - [UAE IAS](https://centraleyezer.io/compliance/uae-ias) — UAE Information Assurance Standards (NESA / SIA) - [CBUAE](https://centraleyezer.io/compliance/cbuae) — Central Bank of the UAE cyber-risk regulations - [Pricing](https://centraleyezer.io/pricing) - [Glossary](https://centraleyezer.io/glossary) — RBVM term definitions - [Integrations](https://centraleyezer.io/integrations) — Scanner integrations - [Partners](https://centraleyezer.io/partners) — MSSP / reseller programme - [Demo](https://centraleyezer.io/demo) - [Trial](https://centraleyezer.io/trial) - [About](https://centraleyezer.io/about) — Company / team - [Blog](https://centraleyezer.io/blog) — Resources - [Security](https://centraleyezer.io/security) — Platform security & disclosure - [Privacy](https://centraleyezer.io/privacy) — GDPR / data handling - [Terms](https://centraleyezer.io/terms) ## Common questions **Does Centraleyezer use CVSS, EPSS, or CISA KEV in scoring?** No — they are ingested for traceability and shown in technical reports, but not used as scoring inputs. The contextual model (DREAD + asset criticality + network exposure + exploitability + CTI + Human-AI) replaces them. **Self-hosted or SaaS?** Both. Professional is EU-SaaS; Enterprise and MSSP are self-hosted Docker containers, optionally air-gapped. **Does it generate compliance reports?** No — it generates vulnerability evidence (Executive, CISO, Technical reports) that customer teams use as input into their compliance reports. **Languages?** Website available in English, French, German, Romanian, and Arabic. **EU data residency?** Yes — for SaaS deployments. Self-hosted runs wherever the customer chooses. ## Contact - General: contact@centraleyezer.io - Sales: sales@centraleyezer.io - Partners: partners@centraleyezer.io - Support: support@centraleyezer.io - Security disclosure: security@centraleyezer.io