MANTIS360 · DISCOVER · DETECT · DEFEND

MANTIS360

Audit every endpoint. Find every vulnerability. Prove your compliance.

The unified security platform that audits endpoints against DISA STIG & CIS Benchmarks, scores vulnerabilities with KEV + EPSS, runs identity posture against O365 & AD, and surfaces compliance posture against NIST CSF, CIS Controls v8, CMMC, FedRAMP, and ISO 27001 — from a single tenant-isolated cloud console.

0STIG / CIS checks built-in
0CVEs tracked + KEV scored
0Compliance frameworks
0Years of trends
Start Free Trial
01 / Three pillars
Built for the security team

WHAT MANTIS360 DOES

🛡️
01

Asset Posture & Compliance

Continuously audit endpoints against DISA STIGs, CIS Benchmarks, or your own JSON-defined baselines. Software-presence checks for SentinelOne, CrowdStrike, Bitdefender, Defender for Endpoint, and any custom regex you write. Per-check operator overrides with expiry. Maps directly into the Compliance Audit dashboard.

  • Built-in: Windows 11 STIG, Server 2022 STIG, CIS Win11 L1
  • Custom bundles via point-and-click builder or JSON import
  • Software-presence + minimum-version checks (SentinelOne, CrowdStrike, Bitdefender, Sophos, Carbon Black, …)
  • Auto-remediation when re-scan no longer detects the issue
  • Per-check exception overrides with justification + expiry
🔍
02

Vulnerability & Identity

CVE matching against installed software with CISA KEV catalog flagging and EPSS exploitability scoring. MSRC inline KB→CVE expansion for missing Windows updates. Identity-posture scans against O365 (OAuth admin-consent flow) and AD surface MFA gaps, kerberoastable users, stale admins, and over-privileged accounts.

  • CVE / CVSS / EPSS / KEV ranked with MITRE ATT&CK mapping
  • MSRC inline: missing KBs expanded to the CVEs they patch
  • Identity posture: O365 (one-click OAuth) / AD / AWS / Azure / GCP
  • Default-credential checks on iLO, iDRAC, SuperMicro, Cisco IMC…
  • OSINT — subdomain, DNS, breach corpus checks
📡
03

Network Discovery

Drop a lightweight probe on any subnet and let it map the network from the inside. CIDR sweeps with auto-assignment to hierarchical sites, OS fingerprinting, role inference, and live LLDP/CDP topology — plus a Windows endpoint agent that reports inventory, KBs, and posture facts on a tunable cadence.

  • Multi-method OS fingerprinting (SMB / NTLM / DCE-RPC / banners)
  • CIDR → site auto-assignment on every scan + manual override
  • Windows agent: software / KBs / posture facts / push-deploy
  • Hierarchical sites (parent → subsite) with policy inheritance
  • SNMP polling with v1 / v2c / v3 credential vault
02 / Operations
Beyond detection

POLICY, COMPLIANCE & CONTEXT

Detection is half the job. MANTIS360 also tells you what to fix first, proves you're meeting your obligations, and lets you propagate policy across thousands of hosts with a single click.

📊

Insights

Prioritised remediation feed ranked by likely impact — KEV-listed CVEs first, then critical findings, identity gaps, out-of-compliance hosts. At-a-glance counter cards for assets without an agent, hosts failing posture audits, stale check-ins, and never-audited agents.

  • Severity-bucketed recommendation cards
  • Stat strip: out-of-compliance, no-agent, never-audited
  • Click-through to drill into the underlying view
📈

Trends

10 years of daily snapshots per tenant and per site — risk score, asset count, agent online/offline, finding counts by severity, KEV count, missing KBs. Show your CISO the line going down. Charts re-scope automatically when you change site selection.

  • 11 metrics tracked daily, retained indefinitely
  • 30d / 90d / 1yr / 5yr / 10yr ranges
  • Per-site rollup matches the topbar site selector
📋

Compliance Audit

Maps tenant signals (vuln findings, identity findings, posture, MFA enforcement) to control checklists across nine frameworks. Per-control evidence and remediation guidance — usable as a starting point for an audit binder, not a finished one.

  • NIST CSF 2.0 · CIS Controls v8 · CMMC L2 · FedRAMP
  • NIST 800-53 · ISO 27001 · HIPAA · PCI DSS · GDPR
  • Satisfied / partial / unsatisfied / manual review per control

Risk Assessment

Guided self-assessment against NIST CSF 2.0 and CIS Controls v8. Scope to specific sites, walk every subcategory answering Yes / Partial / No / N​/​A, then generate a scored HTML report. Completed assessments are archived in R2 — downloadable as JSON or HTML.

  • Per-function maturity scoring with gap-by-gap recommendations
  • NIST CSF 2.0 (six functions) + CIS Controls v8 L1+L2
  • Auto-archive to R2 with HTML + JSON export
⚙️

Agent & Site Policies

Bundle agent runtime settings (checkin cadence, inventory cadence, collection toggles) and posture baselines into named policies that resolve down a hierarchy: agent override → site default → tenant default. Attach STIG bundles to a parent site once; every descendant inherits.

  • Per-policy cadence + collection toggles + auto-update
  • STIG / CIS bundles attachable per policy or per site
  • Hierarchical sites with bundle accumulation up the chain
🚀

Push Deploy

Select assets, click Deploy. Each site holds its own Windows admin service account; the deploy plan validates credentials, generates per-target install commands, and rotates the per-site enrollment token so re-deployment stays idempotent. Blocked rows tell you exactly which site is missing service creds.

  • Per-site Windows service-account credential vault
  • Deploy plan with READY / BLOCKED / ERROR status
  • Permanent per-site install token (UI rotates on demand)
Aligned with the standards your auditors care about
🛡️NIST CSF 2.0
🪪CIS Controls v8
🪖DISA STIG
📐CIS Benchmarks
🇺🇸CMMC L1 & L2
☁️FedRAMP
🚨CISA KEV
📈EPSS
⚔️MITRE ATT&CK
🎯CVE / CVSS v3.1
🔐SOC 2 Type II
📋NIST 800-53
💳PCI DSS
🏥HIPAA
🇪🇺GDPR
🧭ISO 27001
🏭ISA / IEC 62443
03 / Diagnostics
Plus a complete diagnostic toolkit

NETWORK & SECURITY TOOLS, INCLUDED

Every probe ships with the day-to-day tools your engineers already reach for — plus security-focused tooling for OWASP scanning, OSINT recon, and SSL/TLS inspection — no extra tools, no separate logins.

📍Ping & Ping Monitor
🛣️Traceroute (with geo)
🌐DNS Lookup
📜WHOIS
🔒SSL / TLS Inspection
📋HTTP Headers
🔎Port Scan
📡SNMP Polling
🗺️Network Map (LLDP/CDP)
🆔OS Fingerprint
🕸️OWASP Scan
🔭OSINT Recon
📦Software Inventory
🩹Missing KBs / Updates
04 / Get started
Start your trial

FREE FOR 30 DAYS

Flagship product
360
MANTIS360
Endpoint Posture · Vulnerability · Compliance

Endpoint posture audits, vulnerability + identity detection, and on-prem network discovery — with policy inheritance and compliance evidence baked in.

  • STIG / CIS posture audits with custom-bundle builder & software-presence checks
  • CVE / CVSS / EPSS / KEV with MSRC inline KB→CVE expansion
  • Identity posture: O365 (one-click OAuth), AD, AWS, Azure, GCP
  • Insights feed + 10-year trends + Compliance Audit (9 frameworks)
  • Hierarchical sites with policy inheritance + agent push-deploy
  • Per-tenant database isolation, TOTP MFA, RBAC, scheduled scans
All Features →
RMM
MantisRMM
Remote Endpoint Management

Companion product. Manage Windows, Linux, and macOS endpoints alongside your MANTIS360 deployment.

  • Interactive remote terminal & full remote desktop
  • Live CPU, memory, disk telemetry per endpoint
  • iOS-aware mobile keyboard (Windows lock-screen capable)
  • Script deployment, scheduling, policy automation
  • SSO from your MANTIS360 account
Learn more →