Vulnerability scanning helps you identify known CVEs on networks managed by Altostrat SDX. You can schedule scans, review generated reports, inspect affected hosts, and track remediation status over time.
Prerequisites
- You have permission to run scans for the target team and sites.
- You know the networks or hosts that should be scanned.
- You have approval to scan production networks.
What a Scan Produces
CVE reports summarize the risk picture for the selected targets. Reports can include:
- Hosts scanned
- Hosts with CVEs
- Sites with CVEs
- Total CVE count
- Unique CVE count
- Repeat ratio
- Highest and average CVE score
- Affected host details, including MAC address where available
- CVE status and operator notes
Create a Schedule
- Open Vulnerabilities and select CVE Schedules.
- Create a schedule for the sites or targets you want to scan.
- Choose timing that will not surprise local users or operations teams.
- Save the schedule.
- Review generated results under CVE Reports.
Review Results
Start with the highest-scoring findings and repeated findings across multiple hosts. Repeated CVEs usually indicate a shared device model, firmware family, or exposed service pattern.
For each important finding:
- Confirm the host and service are still present.
- Assign a remediation owner.
- Record status and notes in the report workflow.
- Re-scan after remediation to confirm the result.
Advanced Use Cases
Use recurring schedules for environments where device inventory changes frequently. Use focused scans for targeted validation after a firmware update, firewall change, or incident response activity.
Use Script Management carefully when you need to collect evidence or apply repeatable remediation commands across multiple MikroTik devices.
A vulnerability report is a signal for investigation, not automatic proof that a device is exploitable in your environment. Validate exposure, compensating controls, and business impact before prioritizing remediation.
