Every enterprise has a fleet of Windows Server 2012, IIS 7, RHEL 6, MS SQL 2008, AS400, or Solaris boxes that cannot be retired this quarter. Most modern security tools refuse to run on them. LEGACY ships an agent that does, with a one-line install and an evidence pack for every finding.
Hospitals run Epic-adjacent imaging on Windows Server 2008 R2. Banks run COBOL on AS400. Carriers run billing on Solaris. The CISO knows the risk and cannot retire the box. LEGACY scans them anyway.
Windows Server 2008 R2 / 2012 / 2012 R2 / 2016, RHEL 5 / 6 / 7, IBM i (AS400), Solaris 10 / 11, plus IIS 7, MS SQL 2008. Read-only by default.
Each host gets the CVE list, scored by exploit-in-wild status. The CISO sees the box, the CVEs against it, and the compensating control or virtual-patch options.
Where retirement is impossible, LEGACY drafts the segmentation, MFA-jump-host, or virtual-patch path that the auditor accepts as a compensating control.
Each EOL host becomes its own audit document with a CISO sign-off line for the residual risk acceptance. Auditors receive the document, the controls, and the retirement plan.
Read-only scan. No credit card. Full evidence pack on every finding.