ZelMap

Rocheston ZelMap

Rocheston ZelMap is an Attack Surface Intelligence Platform built to do one thing flawlessly: discover every asset across your organization and turn it into a clean, living attack-surface map with explainable risk scoring.

Powered by AINA, ZelMap normalizes messy discovery signals into one unified inventory, correlates duplicates, highlights exposure hotspots, and produces a fix-first queue so you always know what matters most.

Exclusively available to RCCE students.

“You can’t defend what you can’t see.”

Get Started

Ready to explore your attack surface? Launch ZelMap now.

🚀 Launch ZelMap

“Launch ZelMap”

Discover Every Asset

ZelMap continuously builds a complete inventory across cloud assets, software, and identities. The mission is simple: eliminate blind spots and ensure nothing slips through the cracks.

“Visibility is the first control.”

Attack Surface Intelligence

Inventory alone is not security. ZelMap converts asset presence into attack-surface intelligence: what is exposed, what is reachable, what is privileged, and what is risky right now.

“An asset list is not a defense plan.”

AINA-Powered Normalization

Assets appear as IPs, hostnames, domains, instance IDs, and certificates. AINA correlates signals, deduplicates records, and keeps the catalog clean and accurate.

“Less noise. More truth.”

Unified Asset Catalog

ZelMap merges on-prem, cloud, SaaS, containers, and identity objects into one searchable catalog with consistent fields, tags, and ownership.

“One catalog. One reality.”

Cloud Asset Discovery

Discover and catalog subscriptions/accounts, compute, storage, networks, databases, gateways, load balancers, and security boundaries across cloud environments.

“Cloud moves fast. So must visibility.”

Identity and Access Visibility

Identities are the new perimeter. ZelMap tracks users, groups, privileged roles, service accounts, and app registrations so you can see real access power.

“Your riskiest asset might be a login.”

Exposure Hotspots

ZelMap highlights what’s internet-facing, what’s publicly accessible, and what looks accidentally exposed. Clean views, ranked by risk, without clutter.

“Exposure is not a theory.”

Explainable Risk Scores

ZelMap assigns explainable risk scores per asset using exposure, criticality, imported findings, identity posture, staleness, and ownership gaps. Always show “why”.

“If you can’t explain it, it’s not intelligence.”

Fix-First Queue

ZelMap produces a ranked list of what to fix first. Internet-exposed critical assets, privileged no-MFA accounts, and stale risks rise to the top automatically.

“Start with the top ten.”

Software Inventory That Matters

Track software name, vendor, version, and where it runs. Connect software presence to exposure context and imported vulnerability findings.

“Software is the surface you installed.”

Import-Friendly by Design

Use CSV/JSON imports for software inventory, cloud exports, identity exports, vulnerabilities, and misconfig findings to get value immediately.

“Start now. Expand later.”

Identity Fires

Instantly surface privileged accounts without MFA, stale admins, and over-privileged service identities so the control plane stays locked down.

“Privilege without MFA is a breach waiting.”

Global Attack Surface Map

Visualize external exposure by region and concentration of risk. Real exposure data belongs in the Global Map view, with drill-down to assets.

“Risk has a geography.”

Ownership and Accountability

Assign business and technical owners, eliminate ownerless assets, and turn visibility into accountable action.

“Unowned assets become unattended fires.”

Stale Asset Detection

Flag assets not seen in 30/60/90 days to identify forgotten instances, abandoned endpoints, orphaned services, and shadow infrastructure.

“Stale assets are ghost doors.”

Evidence and Findings

Attach evidence and findings to assets: notes, exports, screenshots, vulnerabilities, and misconfigurations—organized and traceable.

“Evidence turns claims into conclusions.”

Reports That Make Sense

Generate clean reports: executive inventory summary, high-risk assets, cloud exposure, and identity posture—grounded in your catalog.

“Clarity is a security advantage.”

Built for RCCE Students

ZelMap is exclusively available to RCCE students, designed to train real attack-surface thinking: discover, validate, score, prioritize, and report.

“Train on the reality you’ll defend.”

Part of the Zelfire Suite

ZelMap is part of the Rocheston Zelfire suite. It evolves fast, stays focused, and keeps the mission disciplined: discovery, catalog, intelligence.

“Speed matters. Focus matters more.”

FAQ

Rocheston ZelMap is an Attack Surface Intelligence Platform that discovers assets across cloud environments, software inventory, and identities/access, then catalogs everything into a unified, searchable inventory with explainable risk scoring. ZelMap is designed to answer the security visibility questions that matter: what exists, what is exposed, what is privileged, what is stale, and what should be fixed first. Unlike bloated “do everything” tools, ZelMap focuses on discovery and intelligence outputs that security teams can act on immediately.

ZelMap produces a living attack surface map, not just a static list. It highlights external exposure (internet-facing assets, public storage, externally reachable services), identity posture risks (privileged accounts without MFA, over-privileged service accounts), and inventory gaps (unknown owners, unclassified assets, stale assets). The result is decision-grade visibility that is suitable for day-to-day operations, audits, and security reporting.

ZelMap is powered by AINA, Rocheston’s AI engine, to help normalize and correlate messy discovery signals into clean assets, explain risk reasons, and prioritize remediation. ZelMap is exclusively available to RCCE students and is part of the Rocheston Zelfire suite of cybersecurity products.

ZelMap is both, but it is positioned as an Attack Surface Intelligence Platform because the primary outcome is intelligence, not raw discovery. Asset discovery platforms typically focus on listing assets and basic attributes. Attack surface intelligence goes further: it converts discovery into security meaning—external exposure, identity posture, risk concentration, and prioritization—so operators can make fast, correct decisions.

In ZelMap, “asset discovery” is the input. ZelMap discovers and catalogs assets from cloud, software inventory, and identities. “Attack surface intelligence” is the output. ZelMap identifies what is internet-exposed, what is publicly accessible, what carries high vulnerability or misconfiguration burden, what is privileged without MFA, what is stale or ownerless, and what creates the highest operational risk. ZelMap then ranks and explains these issues so teams can fix the most dangerous items first.

If you want a precise definition: ZelMap is an asset discovery + inventory system with attack-surface intelligence outputs: exposure visibility, identity posture analysis, explainable risk scoring, and fix-first prioritization.

AINA is the intelligence layer inside ZelMap that turns raw discovery data into clean, actionable outputs. AINA’s role is not to “guess” or invent assets. AINA uses only the inventory evidence already collected by ZelMap (cloud metadata, software inventory records, identity posture signals, findings imports, exposure flags, and timestamps) and transforms it into structured intelligence that the user can trust.

AINA does four primary jobs in ZelMap. First, normalization and deduplication: it correlates signals like IPs, hostnames, domains, instance IDs, and certificates to reduce duplicates and keep the catalog accurate. Second, correlation and relationships: it helps link assets to each other (for example, a domain to a public endpoint, an application to a server, or an identity to a privileged role) when the evidence supports it. Third, explainable risk: it generates clear “why this score” explanations using evidence fields, so risk scoring is understandable and defensible. Fourth, prioritization: it helps build a fix-first queue by ranking assets that represent the most urgent exposure and identity risks.

AINA in ZelMap must be evidence-driven and must not hallucinate. It does not automatically modify your database; it returns structured suggestions and explanations that the UI can display. This keeps ZelMap credible, auditable, and operationally safe.

ZelMap discovers and catalogs three major security domains: cloud assets, software inventory, and identities/access. The goal is complete visibility across the modern perimeter: infrastructure, applications, and the identity control plane.

Cloud assets (AWS/Azure style) include: accounts/subscriptions/projects, regions in use, compute (VMs/instances), storage (buckets/containers/storage accounts), network boundaries (security groups/NSGs/firewall rules, public IPs), internet-facing services (load balancers, gateways, endpoints), managed databases, and secrets/key services metadata (key vault/KMS/key rotation indicators where available). ZelMap also records exposure indicators such as internet-facing status, public access status for storage, and risky inbound network rules.

Software inventory includes: software name, vendor/publisher, version/build, package identifiers where available, where the software runs (host/server/container reference), environment classification (prod/dev/stage/lab), and lifecycle signals like first seen/last seen. When vulnerabilities or misconfiguration findings are imported, ZelMap ties them directly to software and host assets.

Identities and access include: users, groups, privileged roles, MFA posture signals, service accounts/workload identities, app registrations/service principals, and entitlement indicators that drive real attack surface risk. ZelMap emphasizes identity posture because privileged identity mistakes often represent the fastest path to compromise.

Across all categories, ZelMap tracks ownership (business/technical), staleness (assets not seen for defined periods), and explainable risk scoring so the catalog becomes security intelligence, not just inventory.

Yes. ZelMap supports AWS and Azure discovery models that fit real-world environments. In permissive environments, ZelMap can use API connectors to query cloud resources and build a live catalog across subscriptions/accounts and regions. In restricted environments, ZelMap can operate using import-based discovery where you upload cloud exports (CSV/JSON) and ZelMap normalizes the data into the same inventory schema. This makes ZelMap usable even when organizations do not allow persistent API credentials in third-party tools.

For AWS, typical discovery coverage includes regions, compute instances, public IP inventory, security group posture signals, load balancers, storage buckets and public access indicators, and key services metadata depending on the available export/connectors. For Azure, typical coverage includes subscriptions, resource groups, VNets, VMs, NSGs, public IPs, load balancers, storage accounts/containers and access indicators, and key vault metadata depending on available exports.

ZelMap’s Global Attack Surface Map can visualize external exposure by cloud region (for example, mapping AWS/Azure regions to fixed coordinates) so you can see where internet-facing risk is concentrated. This visualization is backed by the cataloged region data rather than guessed geolocation.

Yes. ZelMap treats identity as a first-class part of the attack surface because identities are often the real perimeter in cloud-first organizations. ZelMap’s identity posture visibility is designed to highlight the conditions that most commonly lead to compromise: privileged accounts without MFA, stale admin accounts, over-privileged service accounts, risky application permissions, and uncontrolled app registrations.

Identity posture in ZelMap includes cataloging users, groups, privileged role assignments, service identities, and app identities (app registrations/service principals). Where MFA status is available through connector data or identity exports, ZelMap uses it as a primary risk signal. ZelMap also highlights “stale” identity risk, such as privileged accounts that have not logged in for extended periods, which often indicates abandoned accounts that attackers love.

On the AINA Intelligence page, ZelMap should surface “Identity Fires,” including:

  • Privileged accounts without MFA
  • Stale privileged accounts (no login for 60+ days, adjustable)
  • Service accounts with broad roles
  • Sudden privilege changes (if you track changes over time)

This identity posture view is designed to be operational: it points to the exact identities, the exact risk condition, and the recommended next action.

ZelMap uses explainable, evidence-driven risk scoring to convert inventory data into a decision-ready priority signal. The score is not a black box. Every asset’s risk score is derived from observable factors stored in the catalog, and ZelMap must display “why this score” so operators can trust and defend the output.

Risk scoring in ZelMap typically combines these inputs:

  • External exposure: internet_exposed assets, public storage access, risky inbound rules, exposed services/ports
  • Business criticality and data sensitivity: production systems and sensitive-data systems score higher
  • Vulnerability findings: imported CVEs and severity counts increase risk
  • Misconfiguration findings: critical misconfigurations increase risk
  • Identity posture: privileged assets/identities without MFA, over-privileged service accounts, risky app permissions increase risk
  • Staleness: assets not seen in 30/60/90 days increase risk because they are often unmanaged “ghost” infrastructure
  • Ownership gaps: unknown owner/unknown team increases risk because it blocks remediation

ZelMap should produce a numeric risk_score (0–100) plus a risk_level (low/medium/high/critical). The key requirement is explainability: the UI must list the evidence signals that contributed to the score, such as “internet_exposed=true,” “critical_vulns=3,” “owner_missing=true,” or “last_seen_days=91.” This makes risk scoring actionable and auditable.

Yes. ZelMap is designed to deliver value immediately using import-based discovery, which is critical in real organizations where API connectors may be restricted. You can import software inventory, cloud exports, identity exports, vulnerability findings, and misconfiguration findings. ZelMap then normalizes these imports into a unified catalog and applies exposure classification, staleness tracking, and risk scoring consistently.

Common import types include:

  • Software inventory CSV: software name/vendor/version, host reference, environment, ownership, last seen
  • Cloud export JSON/CSV: resources across accounts/subscriptions, regions, exposure signals, public endpoints
  • Identity export JSON/CSV: users, groups, roles, MFA posture signals where available
  • Vulnerability CSV/JSON: CVE lists, severity, affected asset/component mapping
  • Misconfiguration CSV/JSON: rule ID, severity, recommendation, affected resource mapping

Importing is not a second-class workflow in ZelMap. It is a core model. The point is to build a clean catalog even when direct API access is unavailable. As you expand, you can add connectors, but imports ensure ZelMap remains useful from day one.

No. Rocheston ZelMap is exclusively available to RCCE students. ZelMap is built as part of the Rocheston training and operator ecosystem so RCCE students can learn and operate with modern attack surface intelligence capabilities. This exclusivity also ensures the platform remains aligned with the RCCE learning model and the Rocheston Zelfire suite.

If you are not an RCCE student, ZelMap is not offered as a public SaaS product. It is part of the RCCE value and training environment, designed to help students develop real-world skills in asset discovery, exposure analysis, identity posture awareness, risk prioritization, and reporting.

Yes. ZelMap is part of the Rocheston Zelfire suite of cybersecurity products. ZelMap provides the foundational visibility layer—attack surface intelligence and inventory—so other security workflows can start from a clean, accurate catalog. In the Zelfire ecosystem, ZelMap’s mission is disciplined and focused: discover assets, normalize them, expose what matters, and present decision-grade risk and prioritization.

Being part of the Zelfire suite also means ZelMap is designed to evolve quickly while staying focused. New discovery sources, better correlation, stronger identity posture insights, and improved reporting can be added without turning ZelMap into a bloated “jack of all trades.” The platform’s purpose remains the same: complete visibility and intelligence over the attack surface.