> ## Documentation Index
> Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Mitigation Steps

> Provides AI-generated, actionable mitigation steps for a specific CVE identifier. The response is formatted in Markdown for easy rendering.



## OpenAPI

````yaml /api/en/cve-scans.yaml get /scans/cve/mitigation/{cve_id}
openapi: 3.0.3
info:
  title: Altostrat CVE Scans API
  version: 1.0.0
  description: >-
    The Altostrat CVE Scans API is the microservice responsible for scheduling,
    executing, and reporting on network vulnerability scans.


    It is a core component of the Altostrat SDX platform's security posture
    management, providing deep insights into potential vulnerabilities across
    MikroTik networks to complement the platform's automation and AI
    capabilities.


    This API allows you to programmatically manage:

    - **Scan Schedules:** Define recurring vulnerability scans for specific
    network sites, including frequency, timing, and vulnerability thresholds.

    - **Scan Results:** Access detailed historical and in-progress scan reports,
    including discovered CVEs, affected hosts, and severity scores.

    - **Vulnerability Management:** Query specific CVEs by device (MAC address)
    and manage their lifecycle by marking them as accepted or mitigated.


    Developers use this API to integrate automated vulnerability scanning and
    reporting into their network management workflows and security dashboards.
servers:
  - url: https://v1.api.altostrat.io
    description: Altostrat Production API Server
security:
  - bearerAuth: []
tags:
  - name: Scan Schedules
    description: Manage the configuration and scheduling of recurring vulnerability scans.
  - name: Scan Execution
    description: Manually trigger and terminate scan jobs.
  - name: Scan Results
    description: Retrieve historical and in-progress scan reports and data.
  - name: Vulnerability Intelligence
    description: Query for specific vulnerability data and mitigation advice.
  - name: Vulnerability Management
    description: Manage the lifecycle and status of discovered vulnerabilities.
paths:
  /scans/cve/mitigation/{cve_id}:
    get:
      tags:
        - Vulnerability Intelligence
      summary: Get Mitigation Steps
      description: >-
        Provides AI-generated, actionable mitigation steps for a specific CVE
        identifier. The response is formatted in Markdown for easy rendering.
      operationId: getMitigationSteps
      parameters:
        - name: cve_id
          in: path
          required: true
          description: The CVE identifier (e.g., CVE-2021-44228).
          schema:
            type: string
            pattern: ^CVE-\d{4}-\d{4,}$
            example: CVE-2021-44228
      responses:
        '200':
          description: AI-generated mitigation steps for the specified CVE.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MitigationResponse'
        '401':
          $ref: '#/components/responses/UnauthorizedError'
        '403':
          $ref: '#/components/responses/ForbiddenError'
        '404':
          $ref: '#/components/responses/NotFoundError'
components:
  schemas:
    MitigationResponse:
      type: object
      properties:
        cve_id:
          type: string
          description: The CVE identifier for which mitigation was requested.
          example: CVE-2021-44228
        mitigation:
          type: string
          description: AI-generated, actionable mitigation steps in Markdown format.
          example: >
            ### Mitigation Steps for CVE-2021-44228 (Log4Shell)


            - **Upgrade Log4j:** The most effective mitigation is to upgrade
            Log4j to version `2.17.1` or later.

            - **Disable JNDI Lookups:** If upgrading is not possible, set the
            system property `log4j2.formatMsgNoLookups` to `true`.

            - **Remove the JndiLookup Class:** As a last resort, you can remove
            the `JndiLookup` class from the Log4j JAR file.
    ErrorResponse:
      type: object
      properties:
        type:
          type: string
          description: A broad category for the error (e.g., 'invalid_request_error').
          example: invalid_request_error
        code:
          type: string
          description: A short, unique string identifying the specific error.
          example: parameter_missing
        message:
          type: string
          description: A human-readable description of what went wrong.
          example: The 'description' parameter is required for this request.
        doc_url:
          type: string
          description: >-
            A direct link to the documentation page for this specific error
            code.
          example: https://docs.altostrat.io/errors/parameter_missing
  responses:
    UnauthorizedError:
      description: >-
        Unauthorized - The request requires authentication, but none was
        provided or it was invalid.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    ForbiddenError:
      description: >-
        Forbidden - The authenticated user does not have permission to perform
        this action.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    NotFoundError:
      description: Not Found - The requested resource could not be found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: 'Enter your bearer token in the format: Bearer {token}'

````