Tripl-i

Xurrent Spark 2026
Intelligent Infrastructure Insights

01 · Discovery

From the installer to your first complete map — fifteen minutes.

The foundation

Drop a single collector into the network, point it at a subnet, and Tripl-i goes to work. No agents on servers, no traffic taps, no firewall changes. Within fifteen minutes the first sweep is done — servers, workstations, network gear, virtual hosts, cloud accounts, databases, software — and the result is already flowing into Xurrent in real time, both ways.

15 min

Install to First Map

0

Agents on Hosts

Real-time

Bidirectional Xurrent Sync

10+

Discovery Sources

What we discover — every layer, automatically

Servers & Workstations

Windows and Linux — hardware, OS, patches, services, processes, local accounts, live connections.

Monitors & Peripherals

External displays, docks, keyboards and mice — tracked by serial across desk moves.

Network Devices

Routers, switches, firewalls and storage — interfaces, VLANs, firmware and running config.

vCenter & Virtualization

Hosts, clusters, VMs, datastores, resource pools, snapshots — linked to parent ESXi.

Kubernetes

Clusters, namespaces, workloads, services and pod-level dependencies.

Cloud (AWS · Azure · GCP)

Compute, storage, identity, networking — with the native cloud relationships intact.

Databases

SQL Server and more — instances, databases, schemas, backup status, linked servers.

Software Inventory

Every installed product, normalized into product families and matched to a CPE for vulnerabilities.

How a scan flows

1

Scan

Agentless · WMI · SSH · SNMP · Cloud APIs

→

2

Normalize

Classify, tag, deduplicate

→

3

Relate

Dependencies scored 1–5

→

4

Sync

Live into Xurrent · both ways

What each CI carries

Identity — name, type, environment, owner, criticality, location.
Telemetry — hardware, OS, software, patches, configuration.
Relationships — Hosts · Depends-on · Talks-to · Installed-on, each scored.
Business context — service membership, compliance regime, change windows.
Tags — environment · criticality · ownership · backup · 13 categories total.

Why agentless matters

Agent-based pain	Tripl-i
Push agents to every host	Zero footprint
Maintain agent versions	No maintenance
Performance impact on hosts	None
Weeks of rollout	First map in 15 minutes

Page 01 of 04 · tripl-i.com

Tripl-i

Xurrent Spark 2026
The Xurrent Integration · One Platform

02 · Xurrent Integration

Pre-built. Bidirectional. No customization required.

How the integration actually works

Tripl-i ships with a native connector for Xurrent. There is no middleware to build, no nightly batch, no field mapping spreadsheet. Discovered CIs, their relationships, change-impact briefings and the work done by Tripl-i's operational agents all appear inside the Xurrent record — and edits made in Xurrent flow back to Tripl-i the same way. One bridge, every module of the platform on top.

✦

Zero configuration

One click provisions the webhook, change-record fields, task template and automation rule.

⟲

Real-time & both-ways

CIs and relationships sync the moment they change — Xurrent owns the work, Tripl-i owns the data.

◎

Embedded in the record

Risk, impact and recommended steps live on the change record itself — searchable, reportable.

✚

Every module wired

Discovery, CMDB, change, events, GRC, software, agents — all share the same Xurrent bridge.

The Tripl-i Platform — every module connects to Xurrent

intelligent · infrastructure · insights

Discover · Analyze · Respond · Solve

Discovery & Infrastructure

Network DiscoveryDevice Classification Software InventoryHardware Tracking Database Discovery

ITSM Integrations

Xurrent SyncAI Change Manager Product MappingWebhook Automation

Service & Dependency Intelligence

Dependency MappingBusiness Service Analyzer Semantic SearchAuto-Tagging

Software Asset Management

Software CatalogLicense Management Warranty TrackingMonitor & Peripheral

⛁CMDB — System of Record

Configuration Items

Relationships

Service Map

Change History

⚙Automation Engine

Rule Engine

Workflow Actions

Scheduled Tasks

API Integrations

◎AI Agents — Coordinator + Specialists

Service Desk

Identity Lifecycle

Offboarding

Windows / Infra Ops

Security & Vulnerabilities

CVE Sync · NVDSoftware Policies Network IOC DetectionThreat Intelligence Whitelist / Blacklist

Events & Change Risk

Event ManagementChange Impact Analysis Network SegmentationZone Traffic

GRC & Compliance

Risk RegisterControl Library AttestationsSOC 2 · ISO 27001

Reporting & Analytics

Executive DashboardsCustom Reports Compliance ReportsTrend Analysis

Page 02 of 04 · tripl-i.com

Tripl-i

Xurrent Spark 2026
Vulnerabilities · Events · GRC · Software Assets

03 · Operations on top of the CMDB

A live CMDB is just the start. This is what we do with it.

Four modules, one source of truth

A live CMDB is the start. On top of it: vulnerabilities tracked per CI with hotfix-aware exposure, a GRC posture that updates itself, and a software estate you can actually licence. All reading from the same CIs, all writing back to Xurrent.

Vulnerability Management — exposure, not noise

Live CVE feed — NVD for the world's CVEs plus MSRC for the Microsoft KB→CVE map; daily delta sync, no manual uploads.
Hotfix-aware exposure — installed KBs (QFE + WUA) deduct from CVE count: 89% fewer false positives than catalog-only matching.
Per-CI tracking — every vulnerability is its own instance with status, owner, due date and an audit trail.
Patch-level precision — UBR + WUA matching binds CVEs to the exact 4-part version (e.g. 10.0.17763.8276), not just major build.

By severity · sample tenant · last 30 days

Critical

23

High

187

Medium

412

Low

298

920 open total −141 closed by hotfix-aware filter

220k+

CVEs Tracked · NVD

875

Microsoft KBs Mapped

89%

Fewer False Positives

Daily

NVD + MSRC Delta Sync

Vulnerability lifecycle — assigned, tracked, closed

1

Open

CVE matched to CI · CVSS scored

→

2

Acknowledged

Triaged · owner & due date set

→

3

In Progress

Patch in flight · KB targeted

→

4

Resolved

KB verified · evidence on record

GRC & Software Asset Management — compliance that updates itself

Risk Register

Risks linked to controls and CIs. Inherent and residual scoring; treatment plans and owners on every entry.

Control Library

SOC 2, ISO 27001 and custom frameworks. Controls map to CIs, so coverage gaps surface automatically.

Attestations

Periodic attestation lifecycle with reminders, escalation, evidence capture and audit-ready exports.

Software Catalog

Every installed product normalized into a vendor and product family — CPE-matched to CVEs.

License Management

Per-user, per-device, per-core, SaaS seat — entitlements, true-ups and renewal alerts tied to actual installs.

Warranty & Renewals

Hardware warranties, support contracts and maintenance windows — surfaced before they expire.

NVD + MSRC live sync Hotfix-aware exposure Per-CI vulnerability instances SOC 2 & ISO 27001 ready Per-user · per-device · SaaS licensing

Page 03 of 04 · tripl-i.com

Tripl-i

Xurrent Spark 2026
Agentic AI — work that gets done

04 · Agentic AI

One Coordinator. A roster of specialists. Real tickets, resolved.

ITSM that does the work, not just describes it

An incoming Xurrent ticket can be handed to a Coordinator that reads the request, makes a plan, and dispatches specialists to run it — provisioning a user, offboarding a leaver, fixing a slow laptop. The specialists carry the credentials and the playbooks. Risky steps wait for human approval. Everything writes back to the Xurrent record with a forensic audit trail.

Worked examples — every step on the Xurrent record

"My computer is slow"

Ticket #48217 · WS-7421 · e.demir@acme.com
Agents Coordinator + Windows Ops

1

User

"Everything's taking forever. Outlook took 2 minutes to open."

2

Diagnose

CPU 94% · RAM 92% · disk C: 96% · 2 reboots pending · OneDrive re-syncing 41k files

3

Plan

Three issues stacked. Clean temp + cache (~6 GB), throttle OneDrive to on-demand, schedule reboot 18:30.

4

User approves

"Yes please."

✓

Execute & close

6.2 GB reclaimed · sync throttled · reboot scheduled · ticket auto-resolved with notes

Offboard a user

Request #51902 · Leaver: Ekrem Inan · Friday 17:00
Agents Coordinator + Offboarding

1

HR request

"Standard offboarding for Ekrem.Inan."

2

Plan

Gather → disable AD & revoke M365 → forward mailbox → remove DL/groups → reassign assets → archive home drive.

3

Manager approves

Approved at trigger.

4

Execute

AD disabled · licence freed · mailbox→manager (90d) · 14 groups + 6 DLs removed · laptop CI "to-collect" · monitors → stock · home drive archived

✓

Close

Offboarding complete. Full audit trail posted on the Xurrent request.

The roster of specialists

Service Desk low

Xurrent requests, tasks, notes, ticket context.

Asset Lookup low

Read-only user, CI and inventory queries.

Identity Lifecycle med

AD account creation, disablement and group membership.

Offboarding high

End-to-end leaver flow — identity, assets, tickets.

Windows Ops med

Services, processes, firewall, DNS, health probes.

Infrastructure Ops high

Restart, certificates, IIS, SQL, file server, K8s.

Vulnerability Mgr low

CVE exposure, patch status, hotfix-aware reporting.

GRC Risk Advisor med

Risk register reads and bounded writes through controls.

Guardrails that matter

Zero-trust grants per user, role and skill — every action attributable.
Plan-based execution — side-effects declared and owned by one step.
Credentials never leave — secrets resolve locally on the customer's collector.

Approval required for destructive actions; reads can skip the gate.
Token & cost ceilings per execution, hard stop.
Audit log for every command — including the reasoning behind it.

Page 04 of 04 · tripl-i.com