Virta Labs — Open Security for Connected Care

Platform

Three tools. One platform.

Use independently or together. Each component exposes a versioned REST API and connects via the pluggable connector framework — designed for maximum flexibility with no vendor lock-in.

BlueFlow™

Open-core asset platform

MIT Python / Django

Django REST API for healthcare IT asset management. Versioned API at /api/v1/ with full OpenAPI 3 schema, pluggable connector framework, SBOM generation, and role-based access control. Deploy with Docker Compose or install as a Python package.

Connector plugin framework — discovery, vuln, CMMS, SIEM, webhooks

SBOM generation in SPDX and CycloneDX formats for FDA compliance

Built-in RBAC: viewer, editor, biomed, security admin

Full Docker Compose stack — web, worker, beat, Postgres, Redis

Audit trail via django-simple-history on every model

GET/api/v1/assets/

POST/api/v1/assets/<id>/sbom/

POST/api/v1/webhooks/

POST/api/v1/connectors/<id>/sync/

GET/api/v1/schema/ → OpenAPI 3

View on GitHub →

Tapirx™

Passive device discovery

GPL-3.0 Go

Free, open-source medical device discovery written in Go. Passively identifies devices from HL7 and DICOM network traffic via SPAN port, live interface, or pcap file — with zero impact on clinical operations. Plugs into BlueFlow as a discovery-type connector.

Protocols: HL7 ADT/PRT (UDI extraction) and DICOM

Runs on Linux, macOS, Windows — no network disruption

SPAN port, live capture, or pcap file input with BPF filtering

MAC-keyed asset upsert with provenance and last-seen timestamps

CSV output or direct POST to BlueFlow discovery connector

$ tapirx -iface eth0 \

-apiurl http://bf:8000/api/v1/assets/

→ Infuse-O-Matic Peach B+

→ POST /api/v1/assets/ 201 Created

View on GitHub →

VulnFWRD™

AI risk orchestration

Proprietary

AI-powered risk orchestration with bidirectional BlueFlow integration. BlueFlow emits structured risk events when vulnerabilities map to assets or Pulse feed items match tracked devices. VulnFWRD returns scored remediation intents — the full closed-loop for healthcare vulnerability management.

Bidirectional integration via connector plugin framework

AI risk scoring with NVD, EPSS, CISA KEV, and asset criticality

Remediation intents returned as actionable BlueFlow alerts

Custom stakeholder dashboards per role

Policy engine and workflow automation via webhooks

POST/api/v1/intents/ ← risk event in

GET/api/v1/pulse/ ← threat feed

{ "event_type": "vulnerability_mapped",
"cve_id": "CVE-2024-1234",
"epss_score": 0.87 }

Request Access →

API Reference

Versioned.
Documented.
Complete.

Every endpoint lives at /api/v1/ with full OpenAPI 3 schema auto-generated by drf-spectacular. Swagger UI served at /api/v1/schema/ui/.

Assets & SBOM

Inventory, MAC-keyed upsert, FDA SBOM generation

Risk & Vulnerabilities

CVE tracking, Pulse feed, VulnFWRD intents

Connectors & Webhooks

Plugin sync, generalized webhook jobs

Schema & Discovery

OpenAPI 3, Swagger UI, autocomplete

GET /api/v1/assets/ · POST /api/v1/assets/<id>/sbom/ HTTP · JSON

GET /api/v1/assets/?network=ICU-Floor-3
Authorization: Token sk-bf-••••••••

200 OK
{
  "count": 1847,
  "results": [{
    "name": "Infuse-O-Matic Peach B+",
    "mac_address": "00:03:b1:b5:b6:48",
    "last_seen": "2026-03-18T09:14:22Z"
  }]
}

POST /api/v1/assets/a3f1b2c4/sbom/
{ "format": "cyclonedx" }

201 Created
{ "format": "cyclonedx", "components": 47 }
            

GET /api/v1/vulnerabilities/?asset=a3f1b2c4

200 OK
[{
  "cve_id": "CVE-2024-1234",
  "epss_score": 0.87,
  "cvss": 9.1,
  "kev": true
}]

POST /api/v1/intents/
// Risk event → VulnFWRD™
{
  "event_type": "vulnerability_mapped",
  "cve_id": "CVE-2024-1234",
  "network_segment": "ICU-Floor-3"
}
            

POST /api/v1/connectors/nessus-prod/sync/

202 Accepted
{ "task_id": "8f3a2c1d-..." }

POST /api/v1/webhooks/
{
  "connector_id": "viper-prod",
  "callback": "https://viper.example/cb",
  "since": "2026-03-01T00:00:00Z"
}

202 Accepted
{ "request_id": "7d8e9f0a-..." }
            

GET /api/v1/schema/
Accept: application/vnd.oai.openapi+json

200 OK  openapi: 3.1.0
{
  "openapi": "3.1.0",
  "info": { "title": "BlueFlow API", "version": "1" },
  "paths": { ... }
}

// Swagger UI available at:
GET /api/v1/schema/ui/

// Generate with management command:
$ python manage.py spectacular --validate
            

Connector Plugin Framework

Every integration, one interface.

Each connector implements ConnectorBase — standard pull(), push(), and validate_credentials() methods with Celery task binding. Trigger any connector on-demand via POST /api/v1/connectors/<id>/sync/ or schedule with Celery Beat.

Discovery

Passive Network Discovery

Identifies medical devices from HL7 and DICOM traffic without active scanning or any network disruption. SPAN port or pcap input.

TapirxSPAN portHL7DICOMpcap

Vulnerability Scanner

Safe Vulnerability Scanning

Safe scanning workflows that guard active medical devices. CVE cross-reference against NVD with EPSS and CISA KEV enrichment.

NessusQualysNexposenessrest

CMMS

Maintenance System Sync

Bidirectional sync with computerized maintenance management systems. Import existing device inventory; export scan scheduling and utilization data.

ServiceNowTMSREST import

SIEM

Security Event Integration

Push asset context and vulnerability events to SIEM platforms. Enrich alerts with device criticality, ePHI status, and network segment data.

SplunkQRadarSentinelsyslog

Threat Feed

Pulse™ Vulnerability Feed

Virta Labs proprietary threat intelligence matched to your specific device inventory. NVD, CISA KEV, and EPSS enrichment for tracked assets.

Pulse™NVDCISA KEVEPSS

Webhook

Generalized Webhook Jobs

Async paginated push to any subscriber. UUID job tracking, configurable page size, and full auditing. Powers the VIPER vulnerability intelligence bridge.

VIPERCeleryUUID jobspaginated

Deploy

From zero to secure in three steps.

Deploy the platform

Full Docker Compose stack — web, Celery worker, Celery Beat, PostgreSQL, Redis. Auto-migration on container boot. Running in minutes.

# Clone and start the full stack

$ git clone github.com/virtalabs/blueflow

$ cp .env.example .env

$ docker compose up -d

✓ postgres healthy

✓ redis healthy

✓ migrations applied

✓ celery worker ready

✓ web → localhost:8000

Discover your devices

Register connectors, deploy Tapirx on a SPAN port, trigger syncs via API. The safe-scanning guard protects active medical devices automatically.

# Start passive discovery

$ tapirx -iface eth0 \

-apiurl http://bf:8000/api/v1/assets/

→ Infuse-O-Matic Peach B+

→ GE Dash 4000 Monitor

→ Philips IntelliVue MP70

→ 47 new assets · 12 updated

Orchestrate your defenses

Connect vulnerability scanners, configure the VulnFWRD bridge, enable webhook subscribers. Celery Beat runs scheduled connector syncs.

# Trigger Nessus connector sync

$ curl -X POST \

/api/v1/connectors/nessus/sync/

202 { "task_id": "8f3a2c1d" }

# Generate FDA SBOM (CycloneDX)

$ curl -X POST /api/v1/assets/

a3f1/sbom/ -d '{"format":"spdx"}'

201 { "components": 47 }

Access Control

Every role. Every team.

Built-in RBAC with scoped API tokens. Permissions enforced at the ViewSet level on every endpoint. From read-only leadership dashboards to full security admin control.

Viewer

Read-only access for leadership and auditors. Export reports in JSON, CSV, SPDX, and CycloneDX formats.

GET all resources

Export CSV & SBOM

NIST CSF coverage view

Editor

Create and update assets, groups, and tags. For IT teams managing day-to-day device inventory.

All Viewer permissions

POST/PATCH assets

Manage groups & tags

Biomed

Clinical engineering access. Scan management, SBOM generation, ePHI tracking, and maintenance scheduling.

All Editor permissions

Manage scans & alerts

Generate FDA SBOMs

Security Admin

Full platform control. Connector management, webhook configuration, scoped API token issuance, and RBAC administration.

All Biomed permissions

Manage connectors

Issue scoped API tokens

Active Research

Built on a decade of pioneering security research.

Virta Labs co-authored the world's first research on cardiac implant cybersecurity in 2008. Our founders shaped FDA medical device security guidance, led industry standards bodies, and built the NSF-funded PowerGuard™ malware detection system. Now funded by ARPA-H's UPGRADE program to build hospital-scale digital twins for autonomous vulnerability remediation.

PATCH Project → NSF PowerGuard →

ARPA-H UPGRADE Program

PATCH Project — up to $19M — hospital-scale digital twins for autonomous vulnerability discovery and remediation across thousands of medical devices while ensuring uninterrupted patient care.

Clinical Partners

Michigan Medicine · Massachusetts General Hospital · Beth Israel Deaconess Medical Center

Industry Partners

Medcrypt · ForAllSecure — open-source commercialization and vulnerability mitigation platform deployment across healthcare systems.

Built by the Pioneers

The team that shaped the industry.

Federal Advisory Experience

Former federal advisors who shaped national medical device security policies, standards, and regulatory frameworks at FDA, NIST, and HHS. Founded the category through pioneering research.

Industry-Changing Research

Co-authored the first peer-reviewed research on cardiac implant cybersecurity. Exposed critical vulnerabilities and drove industry-wide security improvements across major device manufacturers.

Federal-Validated Technology

Production-grade technology proven through NSF SBIR grants, ARPA-H funding, and enterprise deployments at major health systems across the United States.

Get Access

Take control of your security stack.

Deploy locally. Own your data. Export anytime. We'll align VulnFWRD™ capabilities to your environment and share documentation.

MIT-licensed open core — inspect, extend, deploy

Full Docker Compose stack — production-ready in hours

100% self-hosted option available

No vendor lock-in — export all data at any time

FDA SBOM generation — SPDX and CycloneDX

NIST CSF coverage tracking built-in

Request Access to VulnFWRD™

We'll align capabilities to your environment and share API documentation.

Email Address

Organization

Environment Type

Primary Use Case

✓

Request received.

We'll be in touch to align capabilities to your environment.

Open Securityfor ConnectedCare.