Skip to main content

Documentation Index

Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt

Use this file to discover all available pages before exploring further.

Vulnerability scanning helps you identify known CVEs on networks managed by Altostrat SDX. You can schedule scans, review generated reports, inspect affected hosts, and track remediation status over time.

Prerequisites

  • You have permission to run scans for the target team and sites.
  • You know the networks or hosts that should be scanned.
  • You have approval to scan production networks.

What a Scan Produces

CVE reports summarize the risk picture for the selected targets. Reports can include:
  • Hosts scanned
  • Hosts with CVEs
  • Sites with CVEs
  • Total CVE count
  • Unique CVE count
  • Repeat ratio
  • Highest and average CVE score
  • Affected host details, including MAC address where available
  • CVE status and operator notes

Create a Schedule

  1. Open Vulnerabilities and select CVE Schedules.
  2. Create a schedule for the sites or targets you want to scan.
  3. Choose timing that will not surprise local users or operations teams.
  4. Save the schedule.
  5. Review generated results under CVE Reports.

Review Results

Start with the highest-scoring findings and repeated findings across multiple hosts. Repeated CVEs usually indicate a shared device model, firmware family, or exposed service pattern. For each important finding:
  1. Confirm the host and service are still present.
  2. Assign a remediation owner.
  3. Record status and notes in the report workflow.
  4. Re-scan after remediation to confirm the result.

Advanced Use Cases

Use recurring schedules for environments where device inventory changes frequently. Use focused scans for targeted validation after a firmware update, firewall change, or incident response activity. Use Script Management carefully when you need to collect evidence or apply repeatable remediation commands across multiple MikroTik devices.
A vulnerability report is a signal for investigation, not automatic proof that a device is exploitable in your environment. Validate exposure, compensating controls, and business impact before prioritizing remediation.