Skip to content
SecPod  – Documentation
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
Search this website
Menu Close
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO

Saner Platform

  • Saner Platform Release Notes
    • Saner Platform Integration Release: ServiceNow Integration Introduced, Freshservice Enhanced
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner Platform Guide
    • Prerequisites For Saner SaaS Platform Deployment
    • Saner Administration Guide
    • Saner Device Management User Guide
    • Saner Platform and ServiceNow Integration Guide
    • Saner Platform and Freshservice Integration Guide
    • Saner Platform Function Guides
  • How Tos
    • General
      • How to increase the subscription count for an Account in Saner CVEM
      • How to increment license count for an Organization in Saner CVEM
      • How to provision Saner tools for an Organization
      • How to change subscription type in Saner CVEM
      • How to sign-up with Saner CVEM?
      • How to create a new account in Saner CVEM?
      • How to create a new user in Saner CVEM?
      • How to enable SSO authentication policy in Saner CVEM?
      • How to set alerts in Saner?
      • How to view, download and filter the audit logs?
      • How to designate Saner Agent to perform network scan?
      • How to Co-Brand with your logo?
      • How to fetch the details of the mandatory fields from the Okta account?
      • How to create MFA policy for Okta?
      • How to fetch the details of the mandatory fields from the PingID account?
      • How to create MFA policy for PingID?
      • How to fetch the details of the mandatory fields from the PingOne account?
      • How to create MFA policy for PingOne?
      • How to download and install Saner Agent in Mac?
      • How to download and install Saner agent in Linux?
      • How to download and install the Saner agent in Windows?
      • How to update the expiry date of an existing subscription?
      • How to manage users and their preferences using role-based access?
      • How to uninstall Saner Agent using Saner Offline deployer tool.
      • How to onboard a new organization?
      • How to deploy Saner Agent using Saner Offline deployer tool.
      • How to install a Saner agent through the command line?
      • How to uninstall the Saner agent through command line?
    • Saner Reports
      • How to configure mail settings to email Report PDF?
      • How to create a custom report in Saner?
      • How to schedule for the report back up?
    • Saner Device Management
      • How to create custom groups in Saner CVEM
    • Saner Mail Settings
      • How to create new mail settings in Saner?
      • How to use OAuth-enabled authentication in Saner mail settings
      • How to create OAuth Client ID and Client Secret for Gmail
      • How to create OAuth Client ID and Client Secret for Microsoft 365.
  • FAQs
    • Saner CVEM Technical FAQs
  • Supported OSs and Platforms
    • Operating Systems and Platforms Supported
    • Supported Third-party Applications for Patching

Saner Cloud

  • Before You Begin
    • Glossary of Terms
    • Read me First
  • Get Started
    • Saner Cloud Deployment Guides
      • Azure Onboarding
      • Troubleshooting
      • Get Started with Saner CNAPP AWS Cloud Deployment V1.0
      • Onboarding with AWS Credentials(Least Recommended Method)
      • Onboarding with AWS Role(Manual)
      • Onboarding with AWS Role CloudFormation (Automatic): Recommended
    • Roles and Permissions
      • Roles and Permissions for AWS Remediation Access
      • Roles and Permissions for Azure Onboarding, Detection, and Remediation
  • Learn About
    • Protected: Remediation Rollback
    • Automation and Job-driven Remediation
    • Cost and Usage
    • Excessive Permission Categories Evaluated Across Different Cloud Services
    • Publicly Accessible Resources
    • Patch Aging and Patch Impact
    • SecPod Default Benchmarks
    • Watchlists
    • Cloud Workload Protection Platform(CWPP)
    • Overview of Report Views in Saner Cloud
    • Whitelisting Resources
    • Saner Plasma AI Assistant for Seamless User Interaction
    • Critical Events to Monitor in AWS
    • High-Privilege Actions in Critical Activity Logs for AWS
    • Audit Logs in Saner Cloud
    • Excessive Permissions
    • Alerts in SanerCloud
  • User Guides
    • Cloud Security Remediation Management(CSRM) User Guide
    • Cloud Infrastructure Entitlement Management(CIEM) User Guide
    • Cloud Security Posture Anomaly(CSPA) User Guide
    • Cloud Security Asset Exposure(CSAE) User Guide
    • Cloud Security Posture Management(CSPM) User Guide
  • Tell Me How
    • How to Remediate in Saner Cloud?
    • How to Configure Automation Rule to Remediate Misconfigurations?
    • How to Manage Report Views at Organization-level in Saner Cloud?
    • How to Get a Cohesive View from Saner Cloud Unified Dashboard?
    • How to Use Tags to Quickly Filter Resources?
    • How to Troubleshoot Issues with Audit Logs?
    • How to Manage Groups and Tags in Saner Cloud?
    • How to Manage Report Views for a User Account in Saner Cloud?
    • How to Troubleshoot or Analyze with Critical Activity Logs?
    • How to Setup Alerts Across SanerCloud Tools?
    • How to Take Action on Alert Notifications from SanerCloud?
    • CSAE
      • How to Setup Watchlist Configuration for a Resource?
      • How to Identify Outdated Resources for Cleanup?
      • How does Resource Categorization Work in Saner CSAE?
      • How to Identify Resources Exposed to External Network?
      • How to Understand the Resource Footprint Globally Across Various Regions?
      • How to Make Informed Decisions on Your Expenditure based on Resource Usage Graph?
    • CSPM
      • How to Setup Benchmarks in Saner CSPM?
      • How to Use Quick Evaluation Benchmarks?
      • How to Detect Patterns over a Period with Resource Trends?
      • How to Assess System Compliance and Security Posture?
    • CSPA
      • How to Initiate Patch Remediation from CSPA Dashboard?
      • How to Quickly Identify the Detected and Remediated Anomalies for an Account?
      • How to Prioritize Remediation or Fixes based on Confidence Levels?
      • How to Examine the Overall Anomaly Information for Specific Rules or Checks?
      • How to Search and Retrieve Anomaly Data?
      • How to Whitelist Rules or Resources in Cloud Security Scans?
    • CIEM
      • How to See the Active Version for an IAM Policy?
      • How to Address Critical Activities Using Evidence?
      • How to View by Type and Usage for any Identity in CIEM?
      • How to Get Visibility into Cloud Entitlements?
      • How to Use Evidence to Address Policies with Excessive Permission?
      • How to Know the Excessive Permissions on a Specific Service?
      • How to Visually See the Relationship between Identity, Entitlement, Policy, or Permission?
      • How to Determine if a Policy has Excessive Permission?
      • How to Initiate Remediation for Different Identities from CIEM?
    • CSRM
      • Protected: Rollback an Applied Remediation
      • How to Configure Automation Rule to Remediate Misconfigurations?
      • How to Create a Patching Task for Items Currently in “Approval Pending” State?
      • How to Evaluate Remediation Effort with Patching Impact Chart?
      • How to Prioritize and Address Older or High-Risk Anomalies with Patch Aging?
      • How to Monitor the Overall Status of the Remediation Job?
      • How do I Get to Know the Regions Impacted by a Specific Rule?
      • How to View the Severity of a Missing Patch Affected by a Rule?
      • How to Address Missing Patches Via Remediation Tasks?
      • How to Quickly Access the Necessary Tool for Remediation and Begin Patching Tasks?
  • Frequently Asked Questions
    • Saner Cloud Technical FAQs
  • Saner Cloud Release Notes
    • Saner Cloud – V.1.1.0.0 Release Notes
    • Saner Cloud – V.1.1 Release Notes
    • Saner Cloud – V.1.0 Release Notes
  • Security Intelligence for Saner Cloud
    • Benchmark Compliance Rules in AWS and Azure
      • AWS
        • SecPod Rules in AWS
          • SecPod Default Rules in AWS: An Overview
          • Understand SecPod Default Rules in AWS
          • Understand SecPod Global Rules in AWS
          • Understand SecPod Regional Rules in AWS
        • PCI DSS 3.2.1 Rules in AWS
          • PCI DSS 3.2.1 Rules in AWS: An Overview
          • Understand PCI DSS 3.2.1 Rules in AWS
          • Understand PCI DSS 3.2.1 Global Rules in AWS
          • Understand PCI DSS 3.2. 1 Regional in AWS
        • CIS Rules in AWS
          • CIS Rules in AWS: An Overview
          • Understand CIS Rules in AWS
          • Understand CIS 3.0.0 Rules in AWS
          • Understand CIS 4.0.1 Rules in AWS
          • Understand CIS 4.0.0 Rules in AWS
          • Understand CIS 3.0.0 Global Rules in AWS
          • Understand CIS 4.0.0 Global Rules in AWS
          • Understand CIS 3.0.0 Regional Rules in AWS
          • Understand CIS 4.0.0 Regional Rules in AWS
        • NIST 800-53 Revision 5 Rules in AWS
          • NIST 800-53 Revision 5 Rules in AWS: An Overview
          • Understand NIST 800-53 Revision 5 Rules in AWS
          • Understand NIST 800-53 Revision 5 Global Rules in AWS
          • Understand NIST 800-53 Revision 5 Regional Rules in AWS
        • SOC 2 Rules in AWS
          • SOC 2 Rules in AWS: An Overview
          • Understand SOC 2 Rules in AWS
          • Understand SOC 2 Global Rules in AWS
          • Understand SOC 2 Regional Rules in AWS
        • HIPAA HITRUST Rules in AWS
          • HIPAA HITRUST Rules in AWS: An Overview
          • Understand HIPAA HITRUST Rules in AWS
          • Understand HIPAA HITRUST Global Rules in AWS
          • Understand HIPAA HITRRUST Regional Rules in AWS
      • Azure
        • SOC 2 Rules in Azure
          • SOC 2 Rules in Azure: An Overview
          • Understand SOC2 Rules in Azure
          • Understand SOC2 Global Rules in Azure
          • Understand SOC2 Regional Rules in Azure
        • CIS Rules in Azure
          • CIS Rules in Azure: An Overview
          • Understand CIS 1.2.0 Rules in Azure
          • Understand CIS 2.1.0 Rules in Azure
          • Understand CIS 1.1.0 Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Benchmark Compliance Rules in Azure
          • Understand CIS 1.2.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 2.1.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 2.1.0 Regional Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Regional Benchmark Compliance Rules in Azure
        • NIST 800-53 Revision Rules in Azure
          • NIST 800-53 Revision 5 Rules in Azure: An Overview
          • Understand NIST 800-53 Revision 5 Rules in Azure
          • Understand NIST 800-53 Revision 5 Global Rules in Azure
          • Understand NIST 800-53 Revision 5 Regional Rules in Azure
        • SecPod Rules in Azure
          • SecPod Default Rules in Azure: An Overview
          • Understand SecPod Global Rules in Azure
          • Understand SecPod Regional Rules in Azure
          • Understand SecPod Default Rules in Azure
        • HIPAA HITRUST Rules in Azure
          • HIPAA HITRUST Rules in Azure: An Overview
          • Understand HIPAA HITRUST 14.7.0 Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Global Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Regional Rules in Azure
        • PCI DSS Rules in Azure
          • PCI DSS 3.2.1 Rules in Azure: An Overview
          • Understand PCI DSS 4.0 Rules in Azure
          • Understand PCI DSS 4.0 Global Rules in Azure
          • Understand PCI DSS 4.0 Regional Rules in Azure
    • Posture Anomaly Checks in AWS and Azure
      • Implementing Posture Anomaly Checks in AWS
      • Implementing Posture Anomaly Checks in Azure
    • Infrastructure Entitlement Checks in AWS and Azure
      • Implementing Infrastructure Entitlement Checks in Azure
      • Implementing Infrastructure Entitlement Checks in AWS

Saner CVEM

  • Saner CVEM Release Notes
    • Release Notes Saner 6.5
    • Saner Platform Integration Release: ServiceNow Integration Introduced, Freshservice Enhanced
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • SanerNow Risk Prioritization Launch
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner CVEM Guide
    • What’s New in Saner CVEM?
    • Getting Started with Saner CVEM
    • Pre-requisites for Saner CVEM Deployment
    • How does Saner CVEM’s deployment architecture work?
  • Saner CVEM Products
    • Overview of Saner Continuous Vulnerability and Exposure Management
    • Saner CVEM Unified Dashboard User Guide
    • Saner CVEM Asset Exposure User Guide
    • Saner CVEM Continuous Posture Anomaly Management User Guide
    • Data Points IT teams can Fetch from Saner CPAM
    • Posture Anomaly Computation Rules
    • Saner CVEM Vulnerability Management User Guide
    • Saner CVEM Compliance Management User Guide
    • Saner CVEM Risk Prioritization User Guide
    • Saner CVEM Patch Management User Guide
    • Saner CVEM Endpoint Management User Guide
    • Saner CVEM Remote Scripting User Guide
    • Saner CVEM Remote Access User Guide
    • Saner CVEM Network Scanner User Guide
    • Saner CVEM Cyber Hygiene Score User Guide
  • How Tos
    • Saner AE
      • How to blacklist and whitelist applications in Saner AE?
      • How to manage asset licenses using Saner AE?
      • How to run an asset scan using Saner AE?
    • Saner CPAM
      • How to create new response in PA tool?
      • How to build your own detection and response in PA tool?
      • How to whitelist an entire PA ID?
      • How to configure Posture Anomaly tool for custom detection?
      • How to fix Anomalies from PA dashboard?
      • How to fix anomalies detected in your account from All Anomalies Page?
      • How to fix anomalies from PA Summary page?
      • How to delete PA scan preferences?
      • How to schedule PA Scans on Daily, Weekly, and Monthly basis?
      • How to launch Posture Anomaly scans?
    • Saner VM
      • How to automate and schedule vulnerability scans?
      • How to exclude vulnerabilities in Saner VM tool
      • How to manage excluded vulnerabilities in Saner VM?
      • How to remediate vulnerabilities from vulnerability management dashboard?
    • Saner CM
      • How to run a compliance scan?
      • How to custom create a security policy?
      • How to align with PCI security compliance management?
      • How to align with NIST 800-171 security compliance management?
      • How to align with NIST 800-53 security compliance management?
      • How to align with HIPAA security compliance management using Saner CM?
    • Saner PM
      • How to fix firmware in Saner?
      • How to exclude patches in Saner PM?
      • How to manage excluded patches in Saner PM?
      • How to automate patch management in Saner PM?
      • How to roll back patches in Saner PM?
      • How to specify Service Level Agreement (SLA) using Remediation SLA in Saner PM?
      • How to apply missing patches in Saner PM?
      • How to apply the most critical patches in Saner PM?
      • How to perform custom remediation for applications that require paid patches using Saner PM
      • How to check the status of patching activity?
    • Saner EM
      • How to collect all security events from Windows Events Log?
      • How to check password policy set in Windows systems?
      • How to check status of DEP in Windows systems?
      • How to check faulty Anti-Virus (AV) status in Windows systems?
      • How to check for Anti-Virus (AV) status in Windows systems?
      • How to check account lockout policy on Windows systems?
      • How to check if Bit-locker protection is OFF in Windows systems?
      • How to list all inactive users on Windows systems?
      • How to list all guest accounts in Windows systems?
      • How to list all Administrator accounts on Windows systems?
      • How to list last-logon details of users on Windows systems?
      • How to identify all users in Windows systems?
      • How to collect all services that are currently running in Windows systems?
      • How to list all Groups in Windows systems?
      • How to collect all keyboard and pointing devices connected to Windows systems?
      • How to collect all storage devices connected to Windows systems?
      • How to investigate total RAM or CPU threshold (greater than or equal to 80%) in Windows systems?
      • How to collect operating systems information in Windows?
      • How to investigate disks running out of space (<100 MB) in Windows systems?
      • How to collect and investigate disk information on Windows systems?
      • How to collect all installed patches in Windows systems?
      • How to collect all software patches that are hidden in the Windows Update server?
      • How to check the status of Windows Update Server (WSUS/SCCM)?
      • How to collect BIOS information such as serial number, version, manufacturer in Windows systems?
      • How to collect all the important missing patches in Windows systems?
      • How to check wireless security in Linux systems?
      • How to collect mounted disk information on Linux systems?
      • How to check wireless signal quality in Linux systems?
      • How to check all firewall policies on Linux systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Linux systems?
      • How to collect DNS information on Linux systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing in Linux?
      • How to check wireless signal quality in Windows systems?
      • How to check wireless security in Windows systems?
      • How to collect all open ports in Windows systems?
      • How to collect all network interfaces in Windows systems?
      • How to investigate DNS cache on Windows systems?
      • How to check all firewall policies on Windows systems?
      • How to collect DNS information on Windows systems?
      • How to collect all the applications with an unknown publisher in Linux systems?
      • How to perform system tuning?
      • How to collect all software licenses in Windows systems?
      • How to identify potentially unwanted programs such as torrent downloaders or unnecessary toolbars running on Windows systems?
      • How to collect a list of applications that are started when you boot your computer?
      • How to collect all the applications with an unknown publisher in Windows systems?
      • How to collect all software licenses in Mac systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing Windows?
      • How to collect all families of operating systems such as Windows, Unix, and macOS?
      • How to collect environment variables set in all operating systems?
      • How to collect all the applications with an unknown publisher in Mac systems?
      • How to delete and quarantine a file?
      • How to start and stop the processes in Saner?
      • How to block blacklisted applications in Saner?
      • How to enable/disable devices in Saner
      • How to manually import devices into Saner?
      • How to deploy software in Saner EM?
      • How to enable and disable firewall settings in Saner AE?
      • How to collect all shared resources on Windows systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Windows systems?
      • How to connect to a client machine graphically using Saner Remote Access
  • FAQs
    • Saner CVEM Technical FAQs

Security Intelligence

  • Overview of Security Content and Intelligence
  • Security Content Statistics
  • OVAL Definitions Platform Coverage
  • OVAL Definitions Class-wise Distribution
  • OVAL Definitions Family-wise Distribution
  • Application and OS Remediation Coverage
  • Compliance Benchmark Coverage
  • List of Vulnerability to Exploit/Malware Mapping covered in Saner
  • Network Scanner Product Support Matrix
  • Privilege levels for authenticated scans using Saner Network Scanner
View Categories
  • Home
  • Docs
  • Saner Platform
  • Saner Platform Guide
  • Prerequisites For Saner SaaS Platform Deployment

Prerequisites For Saner SaaS Platform Deployment

Print Friendly, PDF & Email

Introduction

This document provides the prerequisites for onboarding to the Saner SaaS Platform, SecPod’s unified solution for managing vulnerabilities, exposures, and security risks across enterprise IT and cloud environments. The Platform is fully hosted and managed by SecPod, with no infrastructure deployment required from customers for the core platform.

Customers must prepare their environment to support the following components:

  • Saner Agents: A lightweight agent installed on endpoints to collect asset inventory, detect vulnerabilities and misconfigurations, perform remediation, and execute endpoint operations
  • Network Scanner: Performs unauthenticated or authenticated network-based scans to detect vulnerabilities and misconfigurations.
  • Active Directory Scanner: Integrates with Active Directory (AD) to automate the discovery and organization of domain-joined devices, groups, and users. This simplifies agent deployment and aligns with your organizational structure.
  • Virtual Device Scanners: A lightweight agent installed on virtual machines running in Cloud Service Provider (CSP) environments such as AWS and Azure enabling Saner SaaS Platform’s CWPP capabilities. These agents provide asset visibility, detect vulnerabilities and misconfigurations, perform remediation, and execute workload operations to protect cloud workloads.
  • Cloud Scanners: A Saner SaaS Platform component that, once configured with the necessary credentials, scans native cloud resources across Cloud Service Providers (CSPs) such as AWS and Azure to provide comprehensive visibility into security risks, misconfigurations, asset exposure, identity entitlements, and overall cloud security posture.
  • External Scanners: A cloud-based scanner within the Saner Platform that, once configured, scans external-facing infrastructure to provide visibility into exposed assets and associated security risks, including vulnerabilities and misconfigurations.
  • Patch Repository (Saner CPR): An optional, secure, on-premises patch repository hosted within the customer environment and maintained by SecPod. It provides trusted, internal access to OS and third-party patches for Windows and Linux platforms, optimizing bandwidth and ensuring endpoints do not require direct internet connectivity for patch downloads.

This document details the system requirements, supported operating systems, network configurations, and security considerations required to successfully deploy Saner Agents, onboard cloud workloads, and configure both cloud and external scanners, ensuring seamless communication with the Saner SaaS Platform.

Following these prerequisites ensures successful onboarding and optimal operation of Saner CVEM (Continuous Vulnerability & Exposure Management), CNAPP (Cloud-Native Application Protection Platform), andCWPP (Cloud Workload Protection Platform) within your environment.

Saner SaaS Platform and Component Architecture

  • Saner SaaS Platform: The Saner SaaS Platform is a fully managed and hosted by SecPod. It acts as the central controller for asset management, data collection, remediation orchestration, and security operations. The integrated analytical and correlation engine continuously processes scan data to identify vulnerabilities, misconfigurations, and risks, providing prioritized, actionable insights across CVEM, CNAPP, and CWPP capabilities.
  • Saner Web Console: The Saner Web Console is a cloud-hosted, browser-based interface that provides administrators with centralized visibility and control over their security operations. It enables users to access real-time dashboards, generate reports, configure policies, initiate scans, and monitor remediation activities across CVEM, CNAPP, and CWPP environments.
  • Scanners: The Saner SaaS Platform incorporates multiple scanners designed to collect data, assess risks, and maintain security across enterprise and cloud environments. These scanners operate in various locations and communicate securely with the Saner SaaS Platform to centralize data and manage remediation actions.
  • Saner Agent: A lightweight agent installed on endpoints within enterprise networks. It collects system data, detects vulnerabilities and misconfigurations, enforces security policies, and applies patches. The agent initiates secure, outbound communication to the Saner Platform over port 443 (HTTPS).
  • Network Scanner: Performs authenticated or unauthenticated scans of network devices to detect vulnerabilities and misconfigurations. Requires local network access to target devices. An existing Saner Agent can be designated to function as the Network Scanner.
  • Active Directory Scanner: Discovers domain-joined organizational units (OUs), groups, and devices to simplify agent deployment and align with your organizational structure. Uses a secure, outbound connection to query Active Directory over port 636 (TCP) using LDAPS.
  • Virtual Device Scanner: A lightweight agent deployed on virtual devices running on Cloud Service Providers (CSPs) environment such as AWS or Azure to protect Cloud workloads. It collects system data, detect vulnerabilities and misconfigurations, enforces security policies, and apply patches. The agent initiates secure, outbound communication to the Saner SaaS Platform over port 443 (HTTPS).
  • Cloud Scanner: A managed component hosted within the Saner SaaS Platform that performs agentless, API-driven scans of native cloud resources across CSPs. It uses authorized API calls to discover assets, detect misconfigurations, and assess posture risks, supporting CNAPP capabilities including CSAE, CSAP, CSPM, CIEM, and CSRM.
  • External Scanner: A cloud-hosted component of the Saner SaaS Platform designed to assess internet-facing infrastructure. It scans public IPs, domains, and external services to identify vulnerabilities, misconfigurations, and potential risks—without requiring any agent deployment or outbound access configuration from customer environments.
  • Patch Repository (Optional): Saner CPR (Consolidated Patch Repository) is a secure, on-premises patch repository hosted within the customer environment and maintained by SecPod. The Saner CPR establishes secure outbound connections to vendor patch repositories to fetch OS patches for Windows and Linux platforms, and connects to Saner SaaS Platform hosted repositories to retrieve third-party patches. Saner Agents and Virtual Device Scanners are configured to download patches directly from the CPR over the internal network, ensuring faster deployments and compliance with organizational security policies.

Data Flow and Connectivity Summary

SourceDestinationDirectionProtocol /PortMandatory / OptionalPurpose
Saner AgentSaner SaaS PlatformOutboundHTTPS/443MandatorySends inventory, scan results; receives jobs, policies, and security updates for endpoints.
Saner AgentSaner CPROutboundHTTPS/443
(configurable)
OptionalFetches OS and third-party patches if Saner CPR is deployed
Virtual Device ScannerSaner SaaS PlatformOutboundHTTPS/443MandatorySends inventory, scan results; receives jobs, policies, and security updates for cloud-hosted workloads.
Virtual Device ScannerSaner CPROutboundHTTPS/443
(configurable)
OptionalFetches OS and third-party patches if Saner CPR is deployed
Saner CPRVendor Patch Repositories (OS patches)OutboundHTTP/80
HTTPS/443
OptionalDownloads OS patches from vendor repositories
Saner CPRSecPod-hosted Third-Party Patch RepositoryOutboundHTTPS 443OptionalDownloads third-party patches from Saner SaaS Platform
Active Directory ScannerActive DirectoryOutboundLDAPs/636OptionalSecure directory queries to discover domain-joined devices, groups, and users.
Network ScannerTarget DevicesOutboundDepends on Network scan profileOptionalPerforms authenticated or unauthenticated scans on network devices.
Cloud ScannerCloud Service Provider API EndpointsOutboundHTTPS/443MandatoryAgentless discovery and posture assessment via authorized cloud-native APIs.
External ScannerPublic-facing AssetsOutboundDepends on Network scan profileOptionalScans internet-exposed domains, IPs, and public services for vulnerabilities and misconfigurations.

Saner web console and Prerequisites

Browser Requirements

  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox
  • Apple Safari

Network Requirements

  • The web console is accessed over HTTPS (port 443) via the public domain
    • https://saner.secpod.com (Global SaaS Platform)
    • https://eu.saner.secpod.com (EU Region SaaS Platform)
    • https://uk.saner.secpod.com (UK Region SaaS Platform)
  • Ensure outbound HTTPS traffic is allowed from the administrator’s network to the above domains.

Display Resolution

  • Minimum recommended screen resolution: 1366 x 768
  • For best experience, use 1920 x 1080 or higher.

Authentication Requirement

  • Valid Saner subscription and login credentials.

Security Settings

Avoid browser extensions that block scripts or modify DOM elements, as these can interfere with dashboard rendering.

Saner Agent Prerequisites

Operating System Support

Saner Agent is supported on Windows, Linux (dpkg, rpm), macOS, and AIX platforms. For the complete list of supported operating system versions, refer to: Supported Operating Systems

System Requirements

Operating SystemDisk SpaceMemoryPrivileges Required
Windows800 MB400 MBAdministrator
Linux800 MB400 MBroot or equivalent privileges
macOS800 MB400 MBroot or equivalent privileges
AIX800 MB400 MBroot or equivalent privileges
Note
Ensure sufficient disk space is available during patch download or remediation workflows

Network Access Requirements

Saner Agent establishes secure outbound connections to the Saner SaaS Platform and associated content delivery services hosted by SecPod. These connections are required for agent-server communication, security intelligence synchronization, and patch content downloads.

Ensure that your organization’s firewall or proxy configuration allows HTTPS (port 443) access to the following Saner SaaS Platform URL based on your deployment region.

Global SaaS Platform

Saner SaaS Platform URLPortProtocolDirectionPurpose
https://saner.secpod.com443HTTPSOutboundAgent-to-server communication
https://resources.secpod.com443HTTPSOutboundDownloading Security Intelligence and related resources
Validation
curl -v https://saner.secpod.com
curl -v https://resources.secpod.com

Expected Output

  • Connection should succeed.
  • Look for HTTP/2 200 or HTTP/1.1 200 OK in the response headers.

Validation (Via Proxy)

curl -v -x http://<proxy-server>:<port> https://saner.secpod.com
curl -v -x http://<proxy-server>:<port> https://resources.saner.secpod.com

Replace <proxy-server>:<port> with your proxy details.

Expected Output

Look for HTTP/2 200 or HTTP/1.1 200 OK in the response headers.

Connection should succeed.

EU SaaS Platform

Saner SaaS Platform URLPortProtocolDirectionPurpose
https://eu.saner.secpod.com443HTTPSOutboundAgent-to-server communication
https://eu.resources.secpod.com443HTTPSOutboundDownloading Security Intelligence and related resources
Validation
curl -v https://eu.saner.secpod.com
curl -v https://eu.resources.secpod.com

Expected Output

Look for HTTP/2 200 or HTTP/1.1 200 OK in the response headers.

Connection should succeed.

Validation (Via Proxy)

curl -v -x http://<proxy-server>:<port> https://eu.saner.secpod.com
curl -v -x http://<proxy-server>:<port> https://eu.resources.saner.secpod.com

Replace <proxy-server>:<port> with your proxy details.

Expected Output

  • Connection should succeed.
  • Look for HTTP/2 200 or HTTP/1.1 200 OK in the response headers.

UK SaaS Platform

Saner SaaS Platform URLPortProtocolDirectionPurpose
https://uk.saner.secpod.com443HTTPSOutboundAgent-to-server communication
https://uk.resources.secpod.com443HTTPSOutboundDownloading Security Intelligence and related resources
Validation
curl -v https://uk.saner.secpod.com
curl -v https://uk.resources.secpod.com

Expected Output

  • Connection should succeed.
  • Look for HTTP/2 200 or HTTP/1.1 200 OK in the response headers.

Validation (Via Proxy)

curl -v -x http://<proxy-server>:<port> https://uk.saner.secpod.com
curl -v -x http://<proxy-server>:<port> https://uk.resources.saner.secpod.com

Replace <proxy-server>:<port> with your proxy details.

Expected Output

  • Connection should succeed.
  • Look for HTTP/2 200 or HTTP/1.1 200 OK in the response headers.

Additional Notes

  • Outbound HTTPS traffic must support TLS 1.2 or higher.
  • If curl returns errors like Connection refused, 403 Forbidden, or TLS handshake failures, verify firewall, proxy, or SSL interception policies.
  • For customers using SSL interception or forward proxies, ensure these endpoints are excluded from inspection or have proper root certificates installed.

Antivirus, EPP, and EDR Exclusions

Saner Agent performs continuous vulnerability assessment, compliance checks, remediation actions and endpoint monitoring. To ensure these tasks are not disrupted by antivirus (AV), endpoint detection and response (EDR), or endpoint protection platforms (EPP), you must exclude specific binaries and directories.

Why Exclusions are Needed

  • Prevent agent binaries from being quarantined, delayed, or flagged as suspicious.
  • Avoid interference during scans, checks, remediation action and endpoint monitoring. 
  • Ensure timely completion of scanning and remediation tasks.

Required Exclusions

Windows

Directory
C:\Program Files (x86)\SecPod Saner\

Executables
spdialogbox.exe
spdialogbox20.exe
spfileindexer.exe
spsanerrun.exe
spsaneruninstall.exe
spscriptrun.exe
spsaneragnt.exe
spscanmanager.exe
spagentwatchdog.exe
spupgradecontroller.exe
spldapmanager.exe
spfirmware32.exe
spfirmware64.exe
spadt.exe

Linux, macOS, and AIX

Directory
/etc/saner/
/var/saner/
/var/log/saner/
/usr/lib64/saner (Linux only)
/usr/lib/saner (AIX only)
/usr/local/lib/saner (macOS only)


Executables
/usr/bin/spsaner.service
/usr/bin/spscanmanager
/usr/bin/spagentwatchdog
/usr/bin/spsanerupgradecontroller
/usr/bin/spscriptrun
/usr/bin/spmessagebox
/usr/sbin/spsaneragent

Saner Remote Access

Saner Remote Access is an on-demand remote support tool included with Saner Endpoint Management (EM). In addition to the prerequisites listed for Saner Agent, the following additional requirements apply if you plan to use Saner Remote Access.

Network Requirements

In environments where direct P2P connections are not possible, Saner Remote Access uses relay servers to facilitate communication. Ensure the following URLs are whitelisted in your firewall or proxy settings:

Deployment RegionRelay Server to Whitelist
Global SaaS (saner.secpod.com)relay.secpod.com
EU SaaS (eu.saner.secpod.com)eu.relay.secpod.com
UK SaaS (uk.saner.secpod.com)uk.relay.secpod.com

Antivirus Exclusions

To ensure uninterrupted operation of Saner Remote Access, add the following executables to your antivirus exclusion list:

Windows

Directory
C:\ProgramData\SecPod Saner\remoteconnector
Executables
spremoteconnector.exe

Linux & macOS

Directory
/opt/saner/spremoteconnector
Executables
/var/saner/bin/spremoteconnector

Active Directory Scanner Prerequisites

Saner Agent can be designated as Active Directory Scanner. Ensure that your organization’s firewall or proxy configuration allows outbound to TCP access from designated Saner Agent to Active Directory (hostname or IP Address) using the ports specified below.

Network Scanner Prerequisites

Hostname or IP AddressPortProtocolDirectionPurpose
Active Directory Server636 (recommended)TCPOutboundQuerying for users, groups, devices and OUs.
Active Directory Server389 (Optional)TCPOutboundQuerying users, groups, devices and OUs.
Note
It is strongly recommended that port 636 (LDAPS) be used for communication with the Active Directory, as it provides secure, encrypted communication over TLS. Port 389 (LDAP) transmits data in plaintext and should only be used in trusted and internal networks.

Network Scanner Prerequisites

Saner Agent can be designated as Network Scanner. In addition to the prerequisites listed for Saner Agent, the following additional requirements apply if you plan to use Network Scanner.

The following executable should be added to your antivirus exclusion list.

Windows

Directory
C:\Program Files (x86)\SecPod Saner\

Executables
nmap.exe
npcap.exe

Linux & macOS

Directory
/var/saner

Executables
/usr/bin/nmapresultmanager
Note
Excluding nmap is necessary to prevent scans from being blocked or misclassified as intrusion attempts.

Virtual Device Scanner Prerequisites

The Virtual Device Scanner operates on cloud-based virtual machines and shares the same prerequisites as the Saner Agent, including:

  1. Supported Operating Systems
  2. System Requirements
  3. Network Access Requirements
  4. Antivirus, EPP, and EDR Exclusions
  5. Patch Repository Requirements

For detailed prerequisites, refer to the Saner Agent Prerequisites section.

Cloud Scanner Prerequisites

Cloud Scanner is a managed component hosted within the Saner SaaS Platform by SecPod. There is no deployment or infrastructure setup required from your side. However, to enable successful operation, you must complete the following::

  • Provide valid cloud account credentials with necessary API permissions for resource discovery and security assessment.
  • Example:
    • AWS: IAM Role or Access Key with permissions to describe resources, fetch configurations, and read entitlement details.
    • Azure: Service Principal with Reader role and API access to subscription resources.

API Permission Requirements

  • You should verify that no API restrictions (such as IP allowlists, network policies, or firewall rules) prevent the Saner Cloud Scanner from accessing supported CSP APIs (AWS, Azure).
  • Ensure required cloud APIs are enabled and accessible for inventory and posture assessments.

Defined Scope of Scanning

  • Clearly identify which accounts, subscriptions, or resource groups you want the Cloud Scanner to assess.

External Scanner Prerequisites

The External Scanner is a managed component hosted within the Saner SaaS Platform. There is no deployment or infrastructure setup required from your side. To enable scanning, configure the public-facing IPs or domains, target ports, scan schedule, and Scan Policy. Additionally, ensure you have authorization to conduct scans on identified public resources

Patch Repository Requirements

Saner Agents and Virtual Device Scanners require access to patch repositories to download and apply missing patches during remediation. These repositories serve as the source for operating system and third-party application patches. Based on your environment and security requirements, Saner SaaS Platform supports multiple repository configurations.

OS Patch Repositories

Saner supports the following three options for delivering OS patches to endpoints and virtual devices:

Option 1 – Saner CPR (Consolidated Patch Repository) [Recommended]

Saner CPR is a secure, on-premises patch repository hosted within your environment and maintained by SecPod. It provides trusted, internal access to OS patches, eliminating the need for direct internet connectivity on endpoints.

  • Saner CPR connects to vendor patch sources to download OS patches.
  • Saner Agents and Virtual Devices fetch patches directly from Saner CPR over the internal network (HTTPS, configurable).

Use Cases

  • Air-gapped deployments
  • Bandwidth optimization
  • Environments with strict security or compliance requirements

Option 2 – Organization-Managed Repositories

Organizations can configure endpoints and Virtual Device Scanners to fetch OS patches from existing internal repositories.

OS PlatformVendor Repository URL
Windowshttps://update.microsoft.com
Ubuntuhttps://archive.ubuntu.com/ubuntu
CentOShttps://mirror.centos.org
Red Hathttps://cdn.redhat.com

Option 3 – Vendor Cloud Repositories

Organizations can configure endpoints and Virtual Devices to fetch OS patches directly from vendor-hosted patch repositories over the internet.

OS PlatformVendor Repository URL
Windowshttps://update.microsoft.com
Ubuntuhttps://archive.ubuntu.com/ubuntu
CentOShttps://mirror.centos.org
Red Hathttps://cdn.redhat.com

Third-Party Application Patch Repositories

Saner supports the following options for delivering third-party application patches:

Option 1 – Saner CPR (Consolidated Patch Repository) [Recommended]

Saner CPR connects to the Saner SaaS Platform Hosted Repository to download third-party application patches, providing secure, internal access to patch content for endpoints and virtual devices.

  • Saner CPR downloads third-party patches from Saner SaaS Platform Hosted Repository and provides internal access for endpoints.
  • Ensures bandwidth optimization and removes the need for direct internet access on endpoints.

Option 2 – Saner SaaS Platform Hosted Repository

Endpoints and Virtual devices fetch third-party patches from Saner SaaS Platform Hosted repository.

  • Supported over HTTPS
  • Dynamically updated with latest patches and versions
  • Regional mirrors (EU, UK) used based on customer SaaS location

Option 3 – Customer-Hosted Repository

Organizations can create an internal HTTP/HTTPS/FTP server to host patches downloaded from Saner SaaS Platform Hosted repository  or other trusted sources.

Best Practices:

  • Whitelist necessary URLs/domains in firewall/proxy settings
  • Monitor repository availability to avoid remediation delays
  • If using WSUS or internal repos, ensure they are regularly synced with upstream vendors
  • For air-gapped deployments, sync patch content using staging servers or external media

Share This Article :
  • X
  • LinkedIn
Still stuck? How can we help?

Saner Documentation Feedback

Table of Contents
  • Introduction
  • Saner SaaS Platform and Component Architecture
  • Data Flow and Connectivity Summary
  • Saner web console and Prerequisites
    • Browser Requirements
    • Network Requirements
    • Display Resolution
    • Authentication Requirement
    • Security Settings
  • Saner Agent Prerequisites
    • Operating System Support
    • System Requirements
    • Network Access Requirements
  • Global SaaS Platform
    • Expected Output
    • Validation (Via Proxy)
      • Expected Output
  • EU SaaS Platform
    • Expected Output
    • Validation (Via Proxy)
      • Expected Output
  • UK SaaS Platform
    • Expected Output
    • Validation (Via Proxy)
    • Expected Output
  • Additional Notes
  • Antivirus, EPP, and EDR Exclusions
    • Why Exclusions are Needed
    • Required Exclusions
      • Windows
      • Linux, macOS, and AIX
  • Saner Remote Access
    • Network Requirements
    • Antivirus Exclusions
      • Windows
      • Linux & macOS
  • Active Directory Scanner Prerequisites
    • Network Scanner Prerequisites
  • Network Scanner Prerequisites
    • Windows
    • Linux & macOS
  • Virtual Device Scanner Prerequisites
  • Cloud Scanner Prerequisites
    • API Permission Requirements
    • Defined Scope of Scanning
  • External Scanner Prerequisites
  • Patch Repository Requirements
  • OS Patch Repositories
    • Option 1 - Saner CPR (Consolidated Patch Repository) [Recommended]
    • Use Cases
    • Option 2 - Organization-Managed Repositories
    • Option 3 - Vendor Cloud Repositories
  • Third-Party Application Patch Repositories
    • Option 1 – Saner CPR (Consolidated Patch Repository) [Recommended]
    • Option 2 – Saner SaaS Platform Hosted Repository
    • Option 3 – Customer-Hosted Repository
      • Best Practices:
Copyright 2025 - SecPod. All Rights Reserved. Privacy Policy.
SanerNow Version 6.5.x