UTMSTACK logoUTMSTACK logo
Vulnerability Scanning FAQ

Vulnerability Management FAQ

Does it have its own vulnerability scanner, and does it support agent, agentless, network, and credentialed scans across Windows, Linux, cloud, and network devices?

UTMStack includes a built-in vulnerability scanner powered by three detection engines: Nuclei (network and general scanning), Intel's CVE Binary Tool (agent-based scanning), and a proprietary in-house application scanner.

It supports two deployment models:

  • Agentless network scanning: Used for external exposure (open ports, exposed services, web apps, SSL/TLS, and cloud misconfigurations).

  • Agent-based scanning: Used on Windows and Linux hosts for deep internal visibility into installed applications and embedded libraries.

Network-reachable services on cloud and network devices (SSH, FTP, SMB, web consoles, etc.) are assessed via the network engine. Please note that UTMStack does not perform classic credentialed/authenticated remote scanning; internal host visibility is delivered through the lightweight agent rather than stored target credentials.

How comprehensive is its vulnerability intelligence (CVE coverage, update frequency, CVSS/KEV/EPSS scoring)?

Coverage draws from a broad set of authoritative feeds: NVD, Red Hat, OSV, the GitLab Advisory Database, and additional sources, cross-referenced with UTM Stacked Threat Intelligence.

The network engine uses a community-maintained library of 12,000+ detection templates, with new CVE templates frequently published within hours of public disclosure. The binary engine ships hundreds of component checkers for common open-source libraries (e.g., openssl, libpng, libxml2, log4j). Findings carry CVSS scoring and EPSS exploit-probability data, with recent KEV (known-exploited) coverage at the engine level, enabling exploit-aware prioritization rather than raw CVE counts.

Does it provide asset discovery, including rogue devices and shadow IT?

The scanner is target-directed; you scan defined IPs, hostnames, and ranges. It is not a passive/active asset-discovery platform and does not natively fingerprint rogue devices or shadow IT. For unmanaged-asset visibility, UTMStack relies on its broader SIEM telemetry (log and network data ingestion) rather than the vulnerability scanner. This is a deliberate scope boundary.

Can it automate remediation, integrate with patch management tools, and create tickets automatically?

The scanner provides scheduled, recurring scans and a managed remediation workflow (Open, Resolved, Mitigated, False Positive status tracking). It does not natively push patches or auto-deploy fixes. Automated ticketing and remediation orchestration are handled at the platform level through UTMStack's SOAR and Integrations modules rather than inside the scanner itself.

Does it provide executive, technical, compliance, and trend reporting comparable to Tenable, OpenVAS or Qualys?

It produces audit-ready, exportable PDF reports filtered by status, suitable as evidence for auditors and engineering teams, alongside a findings dashboard. It does not currently match Tenable's full suite of role-tiered executive dashboards, historical trend analytics, and framework-mapped compliance reports. Reporting is evidence-grade rather than analytics-grade.

Does it support compliance frameworks such as SOC 2, ISO 27001, HIPAA, NIST, and CIS Controls?

The vulnerability scanner supports compliance programs by supplying exportable vulnerability evidence and remediation tracking that feed SOC 2, ISO 27001, HIPAA, NIST, and CIS audit requirements. Note that compliance framework control-mapping and reporting are delivered through the broader UTMStack platform; the scanner's role is detection and audit-ready evidence, not native framework-mapped scorecards.