Container Orchestration Remediation Management (CORM) helps organizations to remediate security findings identified across the Saner Container Orchestration Security Platform (COSP). After detecting the posture issues, entitlement risks, asset exposure, or anomalous activities, the next step is to remediate them through guided or automated remediation tasks. This helps reduce security risks, enforce Kubernetes security best practices, and maintain a secure container orchestration environment.
Remediation Objectives Across COSP Modules
| Tool | Objective | Example |
|---|---|---|
| COPM | Correct Kubernetes security configurations | Enable secure pod settings, enforce security contexts, and disable anonymous access. |
| COEM | Remove excessive permissions and strengthen RBAC | Remove unused ClusterRoles, reduce wildcard permissions, and revoke unnecessary role bindings. |
| COPA | Address anomalous behavior | Remediate suspicious workloads, resolve anomalous configurations, and enforce security policies. |
Remediation Methods
Saner COSP supports the following remediation approaches:
Job-Based Remediation
Create a remediation task for selected security findings and execute it immediately or schedule it for a later time. This approach provides administrators with complete control when remediation is performed.
Automated Remediation
Configure automation rules to execute remediation automatically after scans or according to a predefined schedule. Automated remediation minimizes manual effort and makes sure that recurring security issues get addressed consistently.
Types of Remediation
Saner CORM supports two categories of remediation:
- Predefined Remediation – Fully automated remediation workflows that require no additional user input
- Custom Remediation – Remediation workflows that require administrator input, such as specifying namespaces, labels, network policies, or other Kubernetes-specific configuration values before execution
[Automated Patching] Configure Patching to Run on Predefined Schedules
Users can configure automated patching tasks to run on predefined schedules such as Daily, Weekly, or Monthly. When a security scan identifies issues, patches are generated and applied automatically, without the need for manual intervention.
[Job-based Patching] Remediation Initiated from COPM, COEM, or COPA
CORM provides unified remediation guidance across Container Orchestration Posture Management (COPM), Container Orchestration Entitlement Management (COEM), and Container Orchestration Posture Anomaly (COPA).
Initiate Remediation Across Tools
Remediation can be initiated directly across the following COSP modules from various tools:
- Container Orchestration Posture Management (COPM) – Remediate Kubernetes misconfigurations and policy violations
- Container Orchestration Entitlement Management (COEM) – Remediate excessive permissions, unused roles, and insecure RBAC configurations
- Container Orchestration Posture Anomaly (COPA) – Remediate anomalous resource behavior and security anomalies
Directly Access the Relevant Tool from CORM for Remediation
Users have the facility to choose the relevant tool directly from CORM and proceed with the remediation tasks.
Real-time view of how the application facilitates direct remediation from CORM for COPM, COPA, or COEM:
Initiate Remediation from COPM and Get Redirected to CORM for Resolution
Guided remediation in real-time on how the misconfiguration identified in COPM is routed through CORM and finally resolved.
The same flow applies to COEM and COPA where misconfigurations or anomalies detected in these tools are remediated via CORM.
Initiate Remediation from COPA and Get Redirected to CORM for Resolution
Remediation of findings from COPA involves systematically addressing the anomalies directly from the interface with ease.
Real-time view of how users have the flexibility to initiate remediation for one or more resources:
Initiate Remediation from COEM and Get Redirected to CORM for Resolution
Remediation of findings from COPA involves systematically addressing the anomalies directly from the interface with ease.
Real-time view of how users have the flexibility to initiate remediation for one or more resources:
View the Job Status after Creating a Patching Task Across Tools
After completing the remediation, you have an option to view the status of the patching task by clicking the Status link on the top right of the CORM dashboard page.
Additional Ways to Remediate from CORM Dashboard
View the Product-wise Patch Count and Remediate
By viewing the patch count across different products(COPM, COPA, COEM) from the CORM dashboard, you have the facility to choose the relevant tool and do a bulk remediation.
View the Patch Count by Different Tools and Remediate
From the CORM dashboard, gather quick insight into the patch count for different resource types by moving your cursor over the bars in the graph. Just click the relevant resource to open the list of relevant remediation ids and begin remediation tasks.
Related Topics
How to Configure Automation Rules for COSP Misconfiguration Remediation?
How to Rollback a Remediation in Saner COSP?
Container Orchestration Remediation Management(CORM) Userguide
