Skip to content

Frequently Asked Questions

General

What is SentriKat?

SentriKat is a vulnerability management platform that tracks your software inventory and matches it against the CISA Known Exploited Vulnerabilities (KEV) catalog and EPSS scoring data. It helps you identify which of your systems are affected by actively exploited vulnerabilities and prioritize remediation.

What editions are available?

SentriKat is available in two deployment models:

SaaS Plans (hosted at app.sentrikat.com):

  • Free — €0/mo, 3 agents, 1 user
  • Starter — €59/mo, 25 agents, 3 users
  • Pro — €249/mo, 100 agents, 10 users
  • Business — €649/mo, 500 agents, 50 users
  • Enterprise — €1,499/mo, unlimited agents and users

On-Premises Editions:

  • Demo — Free, up to 5 agents, for evaluation
  • Professional — €4,999/yr, 10+ agents (expandable), full-featured

See the pricing page for details.

How is SentriKat deployed?

SentriKat is available as a fully managed SaaS or as an on-premises deployment:

  • SaaS: Sign up at app.sentrikat.com and start immediately — no installation required. Deploy agents to your endpoints and view results in minutes.
  • On-Premises: Download the release package from the Customer Portal, configure your environment, and run it with Docker Compose.

See the Getting Started guide for both options.

What are the system requirements?

SaaS: No server infrastructure needed — just deploy agents to your endpoints. Agents are lightweight and run on Windows, Linux, and macOS.

On-Premises:

  • Minimum: 2 CPU cores, 4 GB RAM, 20 GB SSD
  • Recommended: 4 CPU cores, 8 GB RAM, 50 GB SSD
  • Software: Docker 20.10+ and Docker Compose v2
  • Network: Outbound HTTPS for KEV/EPSS sync, NVD CPE dictionary sync, and license validation

The 4 GB RAM minimum accounts for the application, PostgreSQL, and the full NVD CPE dictionary (~50K entries) that syncs automatically every 7 days.

Licensing

How do I get a license?

SaaS: No license key needed. Sign up at app.sentrikat.com and your subscription is managed through your account. Upgrade plans from account settings at any time.

On-Premises:

  1. Request a demo at sentrikat.com or purchase via the Customer Portal
  2. Receive your activation code (SK-XXXX-XXXX-XXXX-XXXX) via email
  3. Activate online from Admin > License, or set the signed license key in your .env file as SENTRIKAT_LICENSE

See the Licensing guide for full details.

Can I switch from DEMO to PRO?

SaaS: Upgrade your plan directly from account settings at app.sentrikat.com. Changes take effect immediately.

On-Premises: Contact sales@sentrikat.com for a Professional license key. Replace the license key in your .env file and restart SentriKat. No data is lost during the upgrade.

What happens when my license expires?

When a Pro license expires, SentriKat enters read-only mode. You can still view your existing data, but new agent reports and KEV syncs are paused. Renew your license to resume full functionality.

Can I transfer my license to a different server?

Yes. Use the license rebind feature in the customer portal at portal.sentrikat.com. Each license allows a limited number of rebinds per year. See the License Migration guide for details.

Agents

Which platforms are supported?

SentriKat provides native agents for:

Additionally, SentriKat integrates with Lansweeper for environments that already use it for asset management.

Agents collect installed software (Windows products, Linux packages, macOS applications) and scan container images in a single pass. For other platforms, use the REST API Import to submit inventory from any system.

How often do agents scan?

By default, agents scan every 24 hours. You can configure the interval in the agent configuration file. See the individual agent guides for details.

Do agents collect personal data?

No. Agents only collect installed software names, versions, and vendors. They do not collect file contents, user activity, browsing history, or credentials.

Can I deploy agents via Group Policy or Intune?

Yes. See the PDQ Deploy and SCCM/Intune integration guides for enterprise deployment methods.

Vulnerabilities

Where does vulnerability data come from?

SentriKat uses multiple data sources:

  • CISA KEV Catalog — Known Exploited Vulnerabilities actively used in attacks
  • EPSS — Exploit Prediction Scoring System for probability-based prioritization
  • NVD CPE Dictionary — ~50K vendor/product entries for accurate software identification
  • Vendor Advisories — Red Hat, Microsoft MSRC, Debian Security Tracker, OSV.dev
  • Community Knowledge Base — PRO installations share human-verified CPE mappings

KEV and EPSS sync daily. The NVD CPE dictionary refreshes every 7 days. Vendor advisories sync daily.

How does SentriKat match vulnerabilities?

SentriKat matches your software inventory against CVE data using CPE (Common Platform Enumeration) identifiers. Products imported with a CPE are matched directly. Products without a CPE are matched using fuzzy name and vendor matching.

What does "Priority" mean vs. "Severity"?

  • Severity is the standard CVSS score (critical, high, medium, low)
  • Priority is SentriKat's calculated priority that factors in EPSS score, KEV inclusion, ransomware usage, and your product criticality settings

Priority gives you a more actionable view of what to fix first.

How do I handle false positives?

Mark the vulnerability as "False Positive" in the vulnerability detail view. This removes it from active counts while preserving the audit trail. You can also add notes explaining why it's a false positive.

KEV Catalog

What is the KEV catalog?

The CISA Known Exploited Vulnerabilities (KEV) catalog lists CVEs that are confirmed to be actively exploited in the wild. Organizations subject to BOD 22-01 are required to remediate KEV entries by their due dates.

How often is the KEV catalog updated?

CISA updates the KEV catalog as new exploited vulnerabilities are confirmed, typically several times per week. SentriKat syncs daily by default, or you can trigger a manual sync from Admin > Sync.

What is the "ransomware" flag?

Some KEV entries are flagged as "Known to be Used in Ransomware Campaigns." SentriKat highlights these with a special indicator so you can prioritize them accordingly.

Troubleshooting

SentriKat won't start

SaaS users

This applies to on-premises only. If you're using SaaS and experiencing issues, contact support@sentrikat.com.

  1. Check that Docker and Docker Compose are installed and running
  2. Verify your .env file has all required variables (SECRET_KEY, ENCRYPTION_KEY, DB_PASSWORD, …) — see Configuration
  3. Check container logs: docker compose logs sentrikat
  4. Ensure ports are not in use by another service

Agent is not reporting

  1. Verify the agent service is running on the target machine
  2. Check network connectivity to your SentriKat instance — app.sentrikat.com for SaaS, or your self-hosted URL for on-premises (HTTPS port 443)
  3. Confirm the API key is valid in Integrations > Agent Keys
  4. Review agent logs for errors

KEV sync shows no new matches

This is normal if none of your software products are affected by new KEV entries. Check Admin > Sync for sync status and history. If you recently added new products, trigger a manual sync.

What is the Community Knowledge Base (KB)?

The Knowledge Base is a shared CPE mapping database that improves vulnerability matching accuracy over time. When a PRO installation discovers a new vendor/product → CPE mapping, it can push the mapping to the central KB. Once 3 or more independent installations confirm the same mapping, it is automatically published and available to all users on the next pull.

The KB also includes the complete NVD CPE dictionary (~50K entries) so you start with comprehensive coverage from day one.

Do I need to configure the KB?

No. KB sync is fully automatic for PRO installations. The on-premise SentriKat service pulls published mappings during its regular sync cycle. You can also browse the KB in the admin panel under KB Mappings.

Compliance & Reporting

Does SentriKat support NIS2 compliance?

Yes. SentriKat v1.0.2 includes NIS2 Article 21 compliance reports that map your vulnerability management activities to NIS2 requirements. Reports are generated as PDFs with executive summaries, compliance scoring, and evidence of activities. See the Compliance Reports guide.

What reports are available?

  • NIS2 Article 21 — EU NIS2 compliance mapping
  • CISA BOD 22-01 — KEV remediation deadline tracking
  • Executive Summary PDF — Risk scores, KPIs, and trends for management
  • CSV/Excel Export — Raw vulnerability and product data

All reports can be generated on-demand or scheduled for automatic delivery.

Can SentriKat forward events to my SIEM?

Yes. SentriKat v1.0.2 supports syslog forwarding in CEF, JSON, and RFC 5424 formats. It has been tested with Splunk, Elastic/ELK, ArcSight, and QRadar. See the SIEM Integration guide.

Does SentriKat integrate with issue trackers?

Yes. SentriKat can automatically create issues in Jira, GitHub Issues, GitLab Issues, and YouTrack when vulnerabilities are detected. See the Issue Trackers guide.

Can SentriKat run in an air-gapped environment?

Yes. SentriKat v1.0.2 supports air-gapped deployment. In air-gapped mode, KEV/EPSS data and the NVD CPE dictionary can be imported via offline bundles instead of syncing over the internet. See the Docker Deployment guide for air-gapped configuration.

Support

How do I get support?