> ## Documentation Index > Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt > Use this file to discover all available pages before exploring further. # Get CVEs by MAC Address > Retrieves all discovered vulnerabilities (CVEs) associated with a specific list of MAC addresses across all historical scans. This is the primary endpoint for tracking a device's vulnerability history. Note: This endpoint uses POST to allow for querying multiple MAC addresses in the request body, which is more robust and secure than a lengthy GET URL. ## OpenAPI ````yaml /api/en/cve-scans.yaml post /scans/cve/mac-address/cves openapi: 3.0.3 info: title: Altostrat CVE Scans API version: 1.0.0 description: >- The Altostrat CVE Scans API is the microservice responsible for scheduling, executing, and reporting on network vulnerability scans. It is a core component of the Altostrat SDX platform's security posture management, providing deep insights into potential vulnerabilities across MikroTik networks to complement the platform's automation and AI capabilities. This API allows you to programmatically manage: - **Scan Schedules:** Define recurring vulnerability scans for specific network sites, including frequency, timing, and vulnerability thresholds. - **Scan Results:** Access detailed historical and in-progress scan reports, including discovered CVEs, affected hosts, and severity scores. - **Vulnerability Management:** Query specific CVEs by device (MAC address) and manage their lifecycle by marking them as accepted or mitigated. Developers use this API to integrate automated vulnerability scanning and reporting into their network management workflows and security dashboards. servers: - url: https://v1.api.altostrat.io description: Altostrat Production API Server security: - bearerAuth: [] tags: - name: Scan Schedules description: Manage the configuration and scheduling of recurring vulnerability scans. - name: Scan Execution description: Manually trigger and terminate scan jobs. - name: Scan Results description: Retrieve historical and in-progress scan reports and data. - name: Vulnerability Intelligence description: Query for specific vulnerability data and mitigation advice. - name: Vulnerability Management description: Manage the lifecycle and status of discovered vulnerabilities. paths: /scans/cve/mac-address/cves: post: tags: - Vulnerability Intelligence summary: Get CVEs by MAC Address description: >- Retrieves all discovered vulnerabilities (CVEs) associated with a specific list of MAC addresses across all historical scans. This is the primary endpoint for tracking a device's vulnerability history. Note: This endpoint uses POST to allow for querying multiple MAC addresses in the request body, which is more robust and secure than a lengthy GET URL. operationId: getCvesByMac requestBody: required: true description: A list of MAC addresses to query. content: application/json: schema: type: object required: - mac_addresses properties: mac_addresses: type: array description: An array of one or more MAC addresses to search for. items: type: string example: 00:1A:2B:3C:4D:5E example: mac_addresses: - 00:1A:2B:3C:4D:5E - 08:00:27:7C:2E:5A responses: '200': description: A detailed list of CVEs found for the specified MAC addresses. content: application/json: schema: $ref: '#/components/schemas/MacAddressCveResponse' '204': description: No hosts were found with the provided MAC addresses. '401': $ref: '#/components/responses/UnauthorizedError' '403': $ref: '#/components/responses/ForbiddenError' '422': $ref: '#/components/responses/ValidationError' components: schemas: MacAddressCveResponse: type: object description: >- A comprehensive report of vulnerabilities for the requested MAC addresses. properties: mac_addresses: type: array description: The list of MAC addresses included in this report. items: type: string example: - 00:1A:2B:3C:4D:5E total_scans: type: integer description: The total number of unique scans where these MACs were found. example: 5 total_cve_instances: type: integer description: >- The total number of vulnerability instances found across all scans for these MACs. example: 23 total_host_count: type: integer description: >- The total number of host records (IP/port combinations) associated with these MACs. example: 8 mac_stats: type: object description: >- A breakdown of vulnerability statistics for each requested MAC address. additionalProperties: type: object properties: total_cve_instances: type: integer example: 23 unique_cve_count: type: integer example: 12 highest_score: type: number format: float example: 9.8 average_score: type: number format: float example: 7.2 hosts: type: integer example: 8 stats: type: object description: Aggregated statistics across all requested MAC addresses. properties: unique_cve_count: type: integer example: 15 highest_score: type: number format: float example: 9.8 average_score: type: number format: float example: 7.5 cves: type: array description: >- A list of unique vulnerabilities found, along with their occurrences. items: $ref: '#/components/schemas/CveOccurrence' CveOccurrence: allOf: - $ref: '#/components/schemas/Cve' - type: object properties: other_occurrences: type: array description: >- A list of other times this same CVE was found for this MAC address. items: type: object properties: id: type: string format: uuid description: The unique ID of the CVE instance. scan_id: type: string format: uuid description: The ID of the scan where this occurrence was found. host_id: type: string format: uuid description: The ID of the host where this occurrence was found. created_at: type: string format: date-time description: The start time of the scan where this was found. ErrorResponse: type: object properties: type: type: string description: A broad category for the error (e.g., 'invalid_request_error'). example: invalid_request_error code: type: string description: A short, unique string identifying the specific error. example: parameter_missing message: type: string description: A human-readable description of what went wrong. example: The 'description' parameter is required for this request. doc_url: type: string description: >- A direct link to the documentation page for this specific error code. example: https://docs.altostrat.io/errors/parameter_missing Cve: type: object properties: id: type: string format: uuid description: The unique identifier for this specific CVE instance. example: 9c46d2a1-1234-5678-9abc-def012345678 cve_id: type: string description: The official CVE identifier. example: CVE-2021-44228 description: type: string description: A detailed description of the vulnerability. example: >- Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. published_at: type: string format: date-time description: The date the CVE was published by NVD. example: '2021-12-10T11:15:00Z' created_at: type: string format: date-time description: The timestamp of the scan that discovered this vulnerability. example: '2025-10-29T12:10:00Z' vector: type: string description: The CVSS vector string providing detailed metrics. example: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H score: type: number format: float description: The CVSS base score. example: 10 severity: type: string description: The severity level of the vulnerability. enum: - NONE - LOW - MEDIUM - HIGH - CRITICAL example: CRITICAL scan_id: type: string format: uuid description: The ID of the scan in which this CVE was found. example: 9c46a6f1-a8d8-4f5a-9b2f-7d1b3e9c5a1d compliance_tags: type: array description: >- A list of compliance standards potentially impacted by this vulnerability. items: type: string example: - PCI-DSS - HIPAA - NIST host: $ref: '#/components/schemas/Host' status: type: string description: The current management status of this CVE for the associated device. enum: - open - accepted - mitigated example: open Host: type: object properties: id: type: string format: uuid description: The unique identifier for the host record. example: 9c46d4e5-a1b2-c3d4-e5f6-a1b2c3d4e5f6 hostname: type: string nullable: true description: The discovered hostname of the device. example: fileserver.local mac_address: type: string description: The MAC address of the device. example: 00:1A:2B:3C:4D:5E manufacturer: type: string nullable: true description: The manufacturer of the device, inferred from the MAC address. example: Apple, Inc. ip_address: type: string format: ipv4 description: The IP address of the device at the time of the scan. example: 192.168.1.101 responses: UnauthorizedError: description: >- Unauthorized - The request requires authentication, but none was provided or it was invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' ForbiddenError: description: >- Forbidden - The authenticated user does not have permission to perform this action. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' ValidationError: description: >- Unprocessable Entity - The request was well-formed but was unable to be followed due to semantic errors. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: 'Enter your bearer token in the format: Bearer {token}' ````