Munin · entry door Munin · v3.2 · booking · slots through 10 Jul 2026

Seven days.
On-prem.
The report stays yours.

Munin is P3 Consulting's on-premise network audit service: over 7 calendar days, an agent installed in your DMZ collects data passively and produces an archivable report with a full inventory, NIS2 mapping and a security posture assessment. No data leaves the client's infrastructure.

Munin is the entry door to the P3 portfolio. 85% of structured clients enter here. Technically serious: an on-prem agent, zero invasive scans on your systems. Commercially light: a contained entry price, an archivable report, no strings attached.

We offer it to every prospect on every channel because it's the snapshot a real conversation grows from. Even if you buy nothing else, you take the report away with you.

01 What happens in 7 days Operational calendar

Seven days.
One at a time.

No "kickoff and then we'll see". Every day has a verifiable outcome, a partial deliverable and the client contact's sign-off.

D1
Mon · kickoff
Setup + scope
60' call. On-prem agent installed in the DMZ. Mutual NDA signed. Scope definition: subnets, endpoints, exclusions.
D2
Tue · discovery
Network mapping
Passive asset discovery. Inventory of servers, endpoints, IoT, shadow IT. Validation with the IT contacts.
D3
Wed · external
Attack surface
OSINT + HUGIN scan on the domain: subdomains, certificates, ports, GitHub secrets, third-party dependencies.
D4
Thu · internal
Posture review
AD/Identity, patch level, antivirus, SIEM logs. No active exploits: a reading of posture, not a penetration test.
D5
Fri · supply chain
ICT suppliers
Census of critical suppliers, NIS2 art. 21 mapping, third-party exposure identification. A list for the board.
D6
Mon · analysis
Findings + priorities
Triage of the issues found: critical, high, medium, low. Estimated effort and ROI. Alignment with the CISO.
D7
Tue · delivery
Report + handoff
Delivery of the PDF (40-80 pages) + 1-pager board summary. 90' walkthrough call. Sign-off.
02 What you take away Archivable deliverables · no lock-in

Four files.
Yours, forever.

No consultation portal that expires. No "come back to us for the detail". Static files, archivable, shareable with the board and the auditor.

munin-report.pdf
PDF · ~60 pp

The full technical report. Typeset, archivable. Language fit for CTOs and CISOs without being unreadable for those outside the field.

  • Full asset inventory
  • Vulnerability findings with CVSS
  • Precise NIS2 art. 21+23 mapping
  • Recommendations with effort and ROI
board-summary.pdf
PDF · 1 pp

The one-pager for the board of directors. Five numbers, three charts, two recommendations. Non-technical language, clear and formal.

  • Cyber posture score 0-100
  • Top 3 residual risks
  • Remediation budget estimate
  • NIS2 alignment in %
findings.csv
CSV · ~200 rows

The raw list of findings, in a format your IT team can work with. Jira, ServiceNow, Excel compatible. Each row with owner, severity, due date.

  • Unique ID per ticket
  • CVSS + business impact
  • Suggested remediation
  • Proposed ownership
supply-chain.xlsx
XLSX · multi-tab

Inventory of critical ICT suppliers with exposure, NIS2/DORA classification, expiring contracts. Usable directly by procurement.

  • Tier supplier classification
  • Risk score per supplier
  • Renewal date + leverage
  • Exit strategy map
03 The four questions everyone asks Pre-sales FAQ

What your
IT manager will ask.

Is the scan invasive? Do we risk downtime?

No. Zero packets sent to your systems. Munin uses passive reading of network flows and OSINT research on externally exposed systems. An active penetration test is a different matter, contracted separately with dedicated intervention windows.

Does the data really stay in Europe?

Yes. The on-prem agent lives in your DMZ. Aggregated data ends up in Frankfurt and Amsterdam datacentres. No US sub-processor, no BAA with US AWS/Azure/GCP. The full list of sub-processors is in the DPA you sign at kickoff: all EU, all audit-ready.

Does the report really cover NIS2?

Yes, precisely: every finding is mapped to the corresponding NIS2 article (mainly art. 21 technical measures and art. 23 incident reporting). For the AI Act side we run a separate dedicated audit: standard Munin is about network and security, not AI governance.

What happens after the 7 days? Will you sell me something?

It depends on the report. In most cases it identifies gaps that close with P3 portfolio products, but the report is yours and you can take it wherever you want. 85% of clients come back anyway within 18 months.

04 Booking Reply within 24h from the team

Book the next
available slot.

Fill in the form. We reply the same day or within 24 working hours with two slot options and the standard NDA. No 45-minute discovery call just to find out whether it's worth it.

Booking Munin

Five fields. No "company size 1-10 / 10-50 / 50-200" column to tick at random. Just what we actually need to book.

EU-hosted · no US CRM · privacy & cookies per DPA art. 28
"Never seen an audit that's technically serious and commercially honest in the same document. The mayor read it in 5 minutes, the CISO in 5 hours. Everyone happy."
CISO · provincial municipality · Sep. 2025 · 18k residents