Documentation

The Dashboard is the default landing page after login, providing a modular, widget-based overview of your mipo deploymen...

The Profile page lets you customize your personal preferences including theme, accent color, timezone, and password. The...

Subnets define the IPv4/IPv6 network ranges your scanners will probe. Each subnet is specified in CIDR notation and can ...

Subnet groups organize multiple subnets into named collections for easier scan configuration. Instead of selecting indiv...

FQDN-based scanning allows targeting specific domain names that are resolved to IP addresses at scan time. This feature ...

FQDN Groups organize collections of FQDNs for use in scan templates, similar to how subnet groups organize subnets. This...

The port catalog is a reference library of well-known service-to-port mappings (e.g., PostgreSQL = 5432). Use "Add from ...

Port lists define named collections of TCP/UDP ports for scanning. Ports can be entered manually or imported from the po...

Port list groups combine multiple port lists into named collections for comprehensive scan profiles. Instead of selectin...

Scanners are stateless Go binaries deployed on customer networks that execute port scans. This page lets you provision n...

Scan templates combine target subnets (or subnet groups) with port lists (or port list groups) to create reusable scan c...

Scan template groups organize scan templates for scheduling and permissions. A single schedule can reference a group to ...

Scanner groups organize multiple scanners for multi-vantage-point scanning. When a scan targets a scanner group, separat...

Discovery sources let you import IP targets from external systems (cloud providers, firewalls, CMDBs) without storing ex...

Active and historical system alarms. Alarms are created automatically when built-in rules detect faults (scanner offline...

Read-only log of system events generated by fault detection. Events are emitted by ingest (scanner heartbeat timeouts), ...

Read-only log of all notification dispatch attempts. Each row represents one notification sent (or attempted) to a chann...

Interactive architecture diagram showing all mipo components and their real-time health status. Each node represents a c...

Health metrics for the manager service, which handles the user-facing API, GUI, and admin functions on port 3000. Shows ...

Health and metrics for all ingest nodes. Mipo runs two ingest nodes (ingest-1 and ingest-2) that handle scanner API traf...

Monitors the health and connectivity status of all registered scanners. Shows each scanner's current status, version, ne...

Connection pool metrics for the Config DB (PostgreSQL) and Results DB (TimescaleDB). Shows pool utilization, active/idle...

Health metrics for the Traefik reverse proxy that terminates TLS and routes all traffic. Scanner API requests (/scanner/...

Read-only health view of the backup system showing schedule configuration, local storage usage, encryption status, S3 re...

DNS resolution status across four layers: public FQDN resolution via DNS-over-HTTPS, host system resolver configuration,...

TLS certificate health, HTTPS connectivity to the public URL, ACME/Let's Encrypt status, and certificate chain validatio...

Run Scan lets you manually trigger a scan by selecting an eligible scan template. Only templates whose subnets have scan...

Scan Status shows the history and real-time progress of all scans. The table auto-refreshes to show live updates for run...

Schedules automate recurring scans on a configurable cadence. Each schedule can run one or more scan templates (or templ...

Displays the detailed findings of a single completed scan, including all discovered hosts, ports, and services. Security...

The Changes page is the primary compliance audit trail. It logs every create, update, and delete action performed on sys...

The Views page tracks when users access sensitive resources such as scanners, users, roles, and scan results. Unlike Cha...

The Auth page tracks all authentication attempts including logins, logouts, and failures for both local and OIDC authent...

The Port State Changes page tracks port state transitions between consecutive scans. When a port changes from open to cl...

Built-in alarm rules define which system events create alarms and at what severity. Rules cannot be created or deleted —...

Notification channels define where alarm notifications are delivered. Supported types: webhook (HTTP POST with optional ...

Notification policies define which alarm transitions trigger notifications on which channels. Each policy combines a cha...

The Sessions page shows all currently active user sessions and lets administrators terminate individual sessions immedia...

The Backups page configures automated and on-demand database backups for the Config DB and Results DB. Backups can be sc...

The Settings page configures system-wide parameters including the Public URL (FQDN) which is used to generate scanner pr...

The Scanner ACL page exports a merged list of all registered scanner IP addresses, subnets, and ASNs in formats suitable...

The Maintenance page centralizes all container management into a single Admin page. Restart any service, infrastructure ...

The Users page manages all user accounts in the system. Users can authenticate via local password, external SSO (OIDC), ...

The Roles page manages permission roles that can be assigned to users. Each role contains a set of scopes following the ...

Configure OpenID Connect (OIDC) single sign-on to let users authenticate via your organization's identity provider (Okta...

Displays the current TLS configuration for the mipo instance. Shows the active TLS mode (self-signed, custom certificate...

Automatically obtain and renew trusted TLS certificates from Let's Encrypt using the DNS-01 challenge. This method works...

Upload your own PEM-encoded TLS certificate and private key to replace the default self-signed certificate. The certific...