Mantis360 · Getting Started Guide

Mantis360 Getting Started

Last updated May 2026 · Applies to all Mantis360 tenants

This guide covers everything you need to get Mantis360 running — from installing your first vulnerability management agent to understanding risk scores, auto-remediation, network scanning, and compliance reporting. Follow steps in order if you're new, or jump to any section via the sidebar.

Overview

Mantis360 is a cloud-delivered vulnerability management platform. The management portal is at 360.mantisops.net — there is no server software to install. The only on-premises component is the lightweight agent installed on each monitored endpoint, and optionally a network probe for agentless network scanning.

Core concepts

Concept	Description
Asset	Any endpoint, network device, or cloud resource monitored by Mantis360.
Agent	Software installed on an endpoint that reports software inventory and system state every 60 seconds.
Finding	A specific CVE matched against software on a specific asset. One asset can have many findings.
Network Probe	A binary deployed to any network segment that discovers and scans hosts without requiring agents on those hosts.
STIG Bundle	A set of compliance checks (CIS, DISA, or custom) evaluated against an asset's configuration.
Risk Score	CVSS base score × EPSS probability — used to rank findings by actual exploitability.

ℹ️Mantis360 billing is per asset (not per agent). An asset is any host in your Mantis360 inventory — whether discovered via agent or network probe. Pricing is $4/asset/month in packs of 50.

Install Agents

Agents report software inventory to Mantis360 for CVE matching. They run as a lightweight background service on the endpoint and communicate outbound over HTTPS.

Download the agent

Log in to 360.mantisops.net → Settings → Agent Downloads. Download the platform-specific installer pre-configured for your tenant.

Windows installation

msiexec /i mantis360-agent-windows.msi /quiet /norestart

The agent installs as a Windows Service and starts automatically. For mass deployment, use GPO or SCCM with the silent install command above.

Linux installation

chmod +x mantis360-agent-linux-install.sh
sudo ./mantis360-agent-linux-install.sh
sudo systemctl status mantis360-agent

Supports Debian/Ubuntu, RHEL/CentOS, and Alpine on amd64 and arm64 architectures.

macOS installation

Run the .pkg installer as an admin user. Approve the System Extension in System Settings → Privacy & Security on first run.

First findings

Within 60–90 seconds of installation, the agent performs its first check-in. Mantis360 immediately matches the software inventory against the NVD CVE database. If any installed software has known CVEs, findings will appear in your dashboard within 2–3 minutes of the first check-in.

Vulnerability Findings

A finding is the association between a specific CVE and a specific asset where the vulnerable software is installed. The same CVE on 10 assets = 10 separate findings, each with its own lifecycle.

Finding states

State	Meaning
Open	CVE matched to installed software on the asset. Requires action.
Auto-remediated	Mantis360 detected the vulnerable software was removed during a check-in. Closed automatically.
Manually remediated	A user marked the finding as resolved — e.g., mitigating control applied.
Accepted risk	Finding is acknowledged but intentionally left open (e.g., legacy system).
False positive	CVE match was incorrect. Can be dismissed per-finding or per-CVE globally.

Finding severity

Severity is derived from CVSS but can be escalated:

CRITICAL — CVSS ≥ 9.0, or any CISA KEV finding (automatically escalated)
HIGH — CVSS 7.0–8.9
MEDIUM — CVSS 4.0–6.9
LOW — CVSS < 4.0

⚠️KEV escalation: Any CVE that appears in the CISA Known Exploited Vulnerabilities catalog is automatically escalated to CRITICAL severity, regardless of CVSS score. These represent actively exploited vulnerabilities confirmed by CISA.

Risk Scoring (CVSS × EPSS)

Mantis360 ranks findings by a combined risk score that accounts for both the severity of a vulnerability and the probability it will actually be exploited.

What is EPSS?

EPSS (Exploit Prediction Scoring System) is a machine-learning model from FIRST.org that predicts the probability a given CVE will be exploited in the next 30 days, based on threat intelligence signals. Scores range from 0 to 1 (0% to 100% probability).

The risk ranking formula

Risk Score = CVSS Base Score × EPSS Probability

A CVSS 9.8 (Critical) CVE with an EPSS of 0.02 (2% exploit probability) scores: 9.8 × 0.02 = 0.196

A CVSS 6.5 (Medium) CVE with an EPSS of 0.85 (85% actively exploited) scores: 6.5 × 0.85 = 5.525

The medium-severity CVE with high exploit probability ranks far higher — because it represents a more immediate real-world threat. This cuts the actionable vulnerability list by up to 90% compared to CVSS-only prioritization.

✅Practical guidance: Start your remediation work with the highest risk-score findings. Fixing just the top 10% of findings by risk score typically eliminates 90%+ of your real-world exposure.

Auto-Remediation

Mantis360's auto-remediation is a unique capability not found in Tenable, Qualys, or Rapid7. When the Mantis360 agent checks in, it reports the current installed software inventory. If a previously vulnerable piece of software is no longer present, Mantis360 automatically closes the finding.

How it works

Vulnerability found

Agent checks in → 7-Zip 22.01 is in the inventory → Mantis360 matches CVE-2023-31102 (High) → Finding created: OPEN.

Software removed

Technician uninstalls 7-Zip 22.01 via Winget, manual uninstall, or automated script.

Auto-close on next check-in

Agent checks in (within 60s) → 7-Zip is no longer in the inventory → Mantis360 marks finding as Auto-remediated with a timestamp. No manual action needed.

Manual remediation

If you've applied a mitigating control (e.g., WAF rule, network isolation, compensating control) rather than removing the software, you can manually mark a finding as remediated. Open the finding → click Mark Remediated → enter a note. This creates a Manually Remediated audit entry distinct from auto-remediation.

Bulk remediation

From the Findings list, use the checkbox column to select multiple findings and apply Bulk Mark Remediated. Useful after a patching cycle where many vulnerabilities were addressed simultaneously.

Network Scanning

The network probe is a separate binary that runs on any host inside a network segment. It performs continuous scanning of the subnet — no agent required on the target hosts.

Deploy a network probe

Go to Network → Probes → New Probe
Download the probe binary for your probe host's platform
Run the probe on a host inside the target subnet:

chmod +x mantis360-probe-linux
sudo ./mantis360-probe-linux --subnet 192.168.1.0/24

The probe registers itself in the portal and begins scanning within 60 seconds. Discovered hosts appear in Network → Assets.

What the probe discovers

Host discovery: ICMP ping sweep + ARP scan for the subnet
Port scanning: Top 1,000 ports per host (configurable)
Service fingerprinting: Banner grabbing and version detection on open ports
CVE matching: Detected service versions matched against NVD database
OS fingerprinting: TCP/IP stack analysis for OS identification
SSL/TLS checking: Certificate expiry and cipher suite analysis on HTTPS/LDAPS/SMTPS

Scan intervals

By default, the probe performs a full subnet scan every 4 hours. Adjust this in Network → Probes → Edit. New devices are picked up the next time a scan runs — they do not appear automatically the moment they join the network. If you need quicker discovery, lower the scan interval or trigger a manual scan from Network → Probes.

STIG Compliance

STIG (Security Technical Implementation Guide) compliance checks evaluate an endpoint's configuration against a security baseline. Mantis360 includes pre-built bundles for CIS and DISA STIG frameworks.

Available compliance bundles

Bundle	Applies to
CIS Level 1 (Windows)	Windows 10, Windows 11, Windows Server
CIS Level 2 (Windows)	High-security Windows environments
DISA STIG Windows	DoD-aligned Windows hardening
CIS Linux Server	Ubuntu/Debian and RHEL/CentOS
Custom bundle	Define your own checks in JSON format

Assign a bundle to assets

Go to Compliance → Bundles
Click Assign on any bundle
Select target assets, groups, or companies
Save — the bundle evaluates on the next agent check-in

Reading compliance results

Each control in a bundle has a Pass / Fail / Not Applicable result. Failed controls show the current value vs. the expected value, plus a remediation suggestion. The overall compliance score is the percentage of applicable controls that passed.

Identity Exposure Scanning

Identity exposure scanning checks your Active Directory environment for misconfigurations and over-privileged accounts that could be exploited for lateral movement or privilege escalation.

What is checked

Stale accounts — users and computers that haven't authenticated in 90+ days
Kerberoastable accounts — service accounts with SPNs vulnerable to offline cracking
ASREPRoastable accounts — accounts with Kerberos pre-authentication disabled
Weak password policy — domain password policy evaluation against best practices
Domain admin exposure — accounts with unnecessary Domain Admin membership
Unconstrained delegation — computers or accounts with risky Kerberos delegation settings

Enable identity scanning

Identity scanning requires a Mantis360 agent installed on a Domain Controller. Once an agent is running on the DC, go to Identity in the portal → Configure → select the domain controller asset. Scans run automatically on each check-in.

ICS/OT Device Detection

When the network probe is deployed in an environment with industrial control systems or OT (operational technology) devices, Mantis360 identifies these using protocol fingerprinting and device signature matching.

Detection methods

Protocol fingerprinting: Modbus, DNP3, BACnet, EtherNet/IP, Profinet
Device signature matching: Known ICS device fingerprints (PLCs, HMIs, RTUs, SCADA systems)
CISA ICS advisory matching: Discovered devices matched against active CISA ICS-CERT advisories

Detected ICS/OT devices appear in Network → Assets with an ICS/OT badge. Any active CISA advisories for the device type are shown inline.

⚠️ICS/OT scanning is read-only and uses passive protocol detection where possible to avoid disrupting operational systems. Aggressive port scanning is disabled by default for ICS/OT subnets — contact support to configure per-subnet scan profiles.

OSINT & External Attack Surface

Mantis360 can scan your external internet-facing footprint to identify what attackers see before they attack.

What's included

Subdomain enumeration: Public DNS records, certificate transparency logs
Exposed services: Internet-facing ports and services on your IP ranges
SSL/TLS audit: Expiry dates, weak ciphers, misconfigured HSTS, certificate validity
ThreatFox overlay: Cross-reference your IPs/domains against the ThreatFox threat intelligence feed
Traceroute visualization: Geographic path visualization for public-facing assets

Configure external scan targets

Go to Attack Surface → Targets → Add Target
Enter your domain or public IP range
Save — the initial scan starts within 5 minutes

Reports

Mantis360 provides several built-in report types for communicating vulnerability posture to stakeholders.

Available reports

Report	Description
Executive Summary	High-level risk score trends, open vs. remediated findings count over time, top-risk assets.
Full Findings	Complete list of all open findings with CVE details, affected assets, and remediation status.
Remediation Activity	Findings closed in a date range, broken down by auto vs. manual remediation.
Compliance Report	STIG/CIS compliance scores per asset with failing controls and remediation guidance.
Network Inventory	All discovered network hosts with service fingerprints, open ports, and associated CVEs.

Generate a report

Go to Reports → select a report type
Set the date range and scope (all assets, specific company, specific group)
Click Generate — the report downloads as a PDF or CSV

Need help?

Submit a support ticket via our support page or email support@mantisops.net. We respond within one business day.