Hello, IT & Security Administrators!
If you are seeing traffic to ingest.cvewatch.au in your firewall, proxy, or DNS logs, it means a device on your network is running the secure cvewatch Passive Agent.
The cvewatch agent is a lightweight, read-only Rust binary deployed by Managed Service Providers (MSPs) and internal security teams. It periodically checks in with this endpoint to deliver hardware telemetry and software manifests (Shadow Dependency Mapping).
This data is used exclusively to proactively identify vulnerabilities (CVEs) affecting your infrastructure without requiring heavy, intrusive active network scans.
Yes. The agent operates strictly in read-only mode. It does not extract files, modify system state, or open listening ports. All telemetry is securely transmitted over TLS 1.3 directly to this endpoint.