Published Date: April 03, 2025
We are excited to bring you our latest release – Saner CVEM 6.4.1. This release offers exciting new features, and bug fixes.
Note The feature and enhancements introduced in Saner CVEM 6.4.1 are also applicable for Saner CWPP. |
What’s New in Saner CVEM 6.4.1
New Features
Patch Approval Workflow for Controlled Remediation
We are introducing Patch Approval Workflow in Saner CVEM to give organizations tighter control over patch deployment. This new capability enables administrators to define who can approve patches before they are applied, ensuring better governance, accountability, and alignment with internal change control policies.
Key Highlights:
- Patch Approval Control: Enable or disable patch approval at the account level. When enabled, patches must be explicitly approved before users (without approval rights) can create remediation jobs.
- Role-Based Approvals:
- By default, Administrators and Org Admins have patch approval rights.
- Account Admins and Normal Users can be granted or revoked approval rights as needed by an administrator or Org admin. This flexibility ensures the right level of control across user roles.
- Patch Cleanup Setting: Configure how many previous versions of an approved patch are retained for each asset. This accepts values 1 to 5. For example, if set to 2, Saner CVEM retains the latest version and one earlier approved version of a patch, allowing users to select the previously approved version — even if a newer version is already available.
- Remediation Job Approval: Once a patch is approved and a remediation job is created, the job will be set to go through a second approval layer by default. Admins can override it using the “Auto-approve jobs created by non-approvers” setting. When enabled, remediation jobs are executed immediately without waiting for further approval.
The Patch Approval feature enhances operational control and audit readiness for organizations with structured patching and change management processes.
CIS Benchmark Support for Enhanced System Hardening
Saner CVEM now supports CIS Benchmarks, empowering organizations to assess and harden their systems against globally recognized security configuration standards.
Key Highlights:
- CIS Benchmark Selection: Choose CIS Benchmarks as a compliance standard within the Compliance Management module, in addition to existing standards Benchmarks like NIST, PCI, HIPAA, NIST CSF, and STIG.
- Automated Assessment: Scan devices and workload instances to identify configuration deviations and misconfigurations based on the selected CIS profile.
- Remediation Support: Generate and apply remediation scripts to fix misconfigurations.
Additionally, create Automation Rules to remediate misconfigurations automatically.
- Customizable Benchmark Policies: Create and tailor CIS benchmark profiles to match your organization’s security and operational needs.
The CIS Benchmark strengthens compliance and security capabilities, proactively enabling customers to enforce system hardening.
Organization-Level Remediation for Patch & Compliance Management (Beta)
Key Highlights:
- Centralized Remediation Control: Create patching or compliance remediation jobs at the organization level, eliminating the need to switch to individual accounts to initiate and monitor the job status.
- Multi-Account Execution: Apply a single remediation job across multiple accounts/sites in one go.
- Flexible Filtering Options: Use powerful filters to narrow down:
- Specific Accounts
- Patch Groups such as Security and Non-Security.
- Patch Types such as OS, Third Party, and Feature Update.
- Role-Based Access: Available to Administrators and Org Admins, ensuring the right level of control and visibility across the organization.
- Unified Monitoring: Monitor the status of jobs across all accounts centrally, reducing the complexity and making it easier to track progress.
The Organization-Level Remediation for Patch & Compliance Management feature significantly improves scalability for patching and compliance in distributed environments and helps standardize operations across large, multi-account organizations.
Reintroduction of Support for Select Legacy Operating Systems
Few of the vendors are continuing to offer extended support to legacy OSs. To accommodate this, we are reintroducing support for the following operating systems:
- Amazon Linux 2
- Debian 9
- Debian 8
- Oracle Linux 7.x
- RHEL 7.x
- SLES 12 SP5
- Ubuntu 18.04
- Ubuntu 16.04
Note a. The above-mentioned OS versions will be supported via legacy agent builds. b. For new installations, customers must use the legacy Saner Agent builds. c. If you have an older version of Saner Agent running on any of the above-mentioned OS platforms, they will be automatically upgraded to 6.4.1 version as part of this release. |
The reintroduction of support for selected legacy operating systems ensures continued support and patching capabilities for organizations leveraging vendor-extended OS support.
New Platform Support
In SanerNow 6.4.1, we have added support for the following operating system.
- Open SuSE(Leap) 15 SP6
Your feedback is of paramount importance to us. If you have any feature suggestions that will alleviate your experience with Saner CVEM, please feel free to write to us at [email protected].