Skip to content
SecPod  – Documentation
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
Search this website
Menu Close
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO

Saner Platform

  • Saner Platform Release Notes
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner Platform Guide
    • Saner Platform Function Guides
    • Saner Device Management User Guide
  • FAQs
    • Saner CVEM Technical FAQs
  • How Tos
    • General
      • How to increase the subscription count for an Account in Saner CVEM
      • How to increment license count for an Organization in Saner CVEM
      • How to provision Saner tools for an Organization
      • How to change subscription type in Saner CVEM
      • How to sign-up with Saner CVEM?
      • How to create a new account in Saner CVEM?
      • How to create a new user in Saner CVEM?
      • How to enable SSO authentication policy in Saner CVEM?
      • How to set alerts in SanerNow?
      • How to view, download and filter the audit logs?
      • How to designate Saner Agent to perform network scan?
      • How to Co-Brand with your logo?
      • How to fetch the details of the mandatory fields from the Okta account?
      • How to create MFA policy for Okta?
      • How to fetch the details of the mandatory fields from the PingID account?
      • How to create MFA policy for PingID?
      • How to fetch the details of the mandatory fields from the PingOne account?
      • How to create MFA policy for PingOne?
      • How to download and install Saner Agent in Mac?
      • How to download and install Saner agent in Linux?
      • How to download and install the Saner agent in Windows?
      • How to update the expiry date of an existing subscription?
      • How to manage users and their preferences using role-based access?
      • How to uninstall SanerNow Agent using SanerNow Offline deployer tool.
      • How to onboard a new organization?
      • How to deploy SanerNow Agent using SanerNow Offline deployer tool.
      • How to install a Saner agent through the command line?
      • How to uninstall the Saner agent through command line?
    • Saner Reports
      • How to configure mail settings to email Report PDF?
      • How to create a custom report in SanerNow?
      • How to schedule for the report back up?
    • Saner Device Management
      • How to create custom groups in Saner CVEM
    • Saner Mail Settings
      • How to create new mail settings in Saner?
      • How to use OAuth-enabled authentication in Saner mail settings
      • How to create OAuth Client ID and Client Secret for Gmail
      • How to create OAuth Client ID and Client Secret for Microsoft 365.
  • Supported OSs and Platforms
    • Operating Systems and Platforms Supported
    • Supported Third-party Applications for Patching

Saner Cloud

  • Before You Begin
    • Glossary of Terms
    • Read me First
  • Get Started
    • Saner Cloud Deployment Guides
      • Azure Onboarding
      • Troubleshooting
      • Get Started with Saner CNAPP AWS Cloud Deployment V1.0
      • Onboarding with AWS Credentials(Least Recommended Method)
      • Onboarding with AWS Role(Manual)
      • Onboarding with AWS Role CloudFormation (Automatic): Recommended
    • Roles and Permissions
      • Roles and Permissions for AWS Remediation Access
      • Roles and Permissions for Azure Onboarding, Detection, and Remediation
  • Learn About
    • Excessive Permission Categories Evaluated Across Different Cloud Services
    • Publicly Accessible Resources
    • Patch Aging and Patch Impact
    • SecPod Default Benchmarks
    • Watchlists
    • Cloud Workload Protection Platform(CWPP)
    • Overview of Report Views in Saner Cloud
    • Whitelisting Resources
    • Saner Plasma AI Assistant for Seamless User Interaction
    • Critical Events to Monitor in AWS
    • High-Privilege Actions in Critical Activity Logs for AWS
    • Audit Logs in Saner Cloud
    • Excessive Permissions
    • Alerts in SanerCloud
  • User Guides
    • Cloud Security Remediation Management(CSRM) User Guide
    • Cloud Infrastructure Entitlement Management(CIEM) User Guide
    • Cloud Security Posture Anomaly(CSPA) User Guide
    • Cloud Security Asset Exposure(CSAE) User Guide
    • Cloud Security Posture Management(CSPM) User Guide
  • Tell Me How
    • Protected: How to Manage Report Views at Organization-level in Saner Cloud?
    • How to Get a Cohesive View from Saner Cloud Unified Dashboard?
    • How to Use Tags to Quickly Filter Resources?
    • How to Troubleshoot Issues with Audit Logs?
    • How to Manage Groups and Tags in Saner Cloud?
    • How to Manage Report Views for a User Account in Saner Cloud?
    • How to Troubleshoot or Analyze with Critical Activity Logs?
    • How to Setup Alerts Across SanerCloud Tools?
    • How to Take Action on Alert Notifications from SanerCloud?
    • CSAE
      • How to Setup Watchlist Configuration for a Resource?
      • How to Identify Outdated Resources for Cleanup?
      • How does Resource Categorization Work in Saner CSAE?
      • How to Identify Resources Exposed to External Network?
      • How to Understand the Resource Footprint Globally Across Various Regions?
      • How to Make Informed Decisions on Your Expenditure based on Resource Usage Graph?
    • CSPM
      • How to Setup Benchmarks in Saner CSPM?
      • How to Use Quick Evaluation Benchmarks?
      • How to Detect Patterns over a Period with Resource Trends?
      • How to Assess System Compliance and Security Posture?
    • CSPA
      • How to Initiate Patch Remediation from CSPA Dashboard?
      • How to Quickly Identify the Detected and Remediated Anomalies for an Account?
      • How to Prioritize Remediation or Fixes based on Confidence Levels?
      • How to Examine the Overall Anomaly Information for Specific Rules or Checks?
      • How to Search and Retrieve Anomaly Data?
      • How to Whitelist Rules or Resources in Cloud Security Scans?
    • CIEM
      • How to See the Active Version for an IAM Policy?
      • How to Troubleshoot or Analyze with Critical Activity Logs?
      • How to View by Type and Usage for any Identity in CIEM?
      • How to Get Visibility into Cloud Entitlements?
      • How to Use Evidence to Address Policies with Excessive Permission?
      • How to Know the Excessive Permissions on a Specific Service?
      • How to Visually See the Relationship between Identity, Entitlement, Policy, or Permission?
      • How to Determine if a Policy has Excessive Permission?
      • How to Initiate Patch Remediation from CIEM Dashboard?
    • CSRM
      • Protected: How to Configure Automation Rule to Remediate Misconfigurations?
      • How to Create a Patching Task for Items Currently in “Approval Pending” State?
      • How to Evaluate Remediation Effort with Patching Impact Chart?
      • How to Prioritize and Address Older or High-Risk Anomalies with Patch Aging?
      • How to Monitor the Overall Status of the Remediation Job?
      • How do I Get to Know the Regions Impacted by a Specific Rule?
      • How to View the Severity of a Missing Patch Affected by a Rule?
      • How to Address Missing Patches Via Remediation Tasks?
      • How to Quickly Access the Necessary Tool for Remediation and Begin Patching Tasks?
  • Frequently Asked Questions
    • Saner Cloud Technical FAQs
  • Saner Cloud Release Notes
    • Saner Cloud – V.1.0 Release Notes
  • Security Intelligence for Saner Cloud
    • Infrastructure Entitlement Checks in AWS and Azure
      • Implementing Infrastructure Entitlement Checks in Azure
      • Implementing Infrastructure Entitlement Checks in AWS
    • Posture Anomaly Checks in AWS and Azure
      • Implementing Posture Anomaly Checks in AWS
      • Implementing Posture Anomaly Checks in Azure
    • Benchmark Compliance Rules in AWS and Azure
      • Implementing Benchmark Compliance Rules in Azure
      • Implementing PCI DSS 3 2 1 Regional in AWS
      • Implementing CIS 3 0 0 in AWS
      • Implementing HIPAA HITRUST Rules
      • Implementing PCI DSS 3 2 1 Global Rules in AWS
      • Implementing NIST 800 53 rev 5 Global Rules in AWS
      • Implementing SecPod Global Rules in AWS
      • Implementing CIS 3 0 0 Regional in AWS
      • Implementing CIS 4 0 0 Regional
      • Implementing SOC 2 in AWS
      • Implementing CIS 4 0 0 in AWS
      • Implementing NIST 800 53 rev 5 Rules in AWS
      • Implementing SecPod Regional Rules in AWS
      • Implementing SecPod Default Rules in AWS
      • Implementing NIST 800 53 rev 5 Regional in AWS
      • Implementing PCI DSS 3 2 1 in AWS
      • Implementing CIS 4 0 0 Global in AWS
      • Implementing CIS 3 0 0 Global Rules in AWS
      • Implementing SOC 2 Global Rules in AWS
      • Implementing SOC 2 Regional Rules in AWS

Saner CVEM

  • Saner CVEM Release Notes
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • SanerNow Risk Prioritization Launch
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner CVEM Guide
    • What’s New in Saner CVEM?
    • Getting Started with Saner CVEM
    • Pre-requisites for Saner CVEM Deployment
    • How does Saner CVEM’s deployment architecture work?
  • Saner CVEM Products
    • Overview of Saner Continuous Vulnerability and Exposure Management
    • Saner CVEM Unified Dashboard User Guide
    • Saner CVEM Asset Exposure User Guide
    • Saner CVEM Continuous Posture Anomaly Management User Guide
    • Data Points IT teams can Fetch from Saner CPAM
    • Posture Anomaly Computation Rules
    • Saner CVEM Vulnerability Management User Guide
    • Saner CVEM Compliance Management User Guide
    • Saner CVEM Risk Prioritization User Guide
    • Saner CVEM Patch Management User Guide
    • Saner CVEM Endpoint Management User Guide
    • Saner CVEM Remote Access User Guide
    • Saner CVEM Network Scanner User Guide
    • Saner CVEM Cyber Hygiene Score User Guide
  • How Tos
    • Saner AE
      • How to blacklist and whitelist applications in Saner AE?
      • How to manage asset licenses using Saner AE?
      • How to run an asset scan using Saner AE?
    • Saner CPAM
      • How to create new response in PA tool?
      • How to build your own detection and response in PA tool?
      • How to whitelist an entire PA ID?
      • How to configure Posture Anomaly tool for custom detection?
      • How to fix Anomalies from PA dashboard?
      • How to fix anomalies detected in your account from All Anomalies Page?
      • How to fix anomalies from PA Summary page?
      • How to delete PA scan preferences?
      • How to schedule PA Scans on Daily, Weekly, and Monthly basis?
      • How to launch Posture Anomaly scans?
    • Saner VM
      • How to automate and schedule vulnerability scans?
      • How to exclude vulnerabilities in Saner VM tool
      • How to manage excluded vulnerabilities in Saner VM?
      • How to remediate vulnerabilities from vulnerability management dashboard?
    • Saner CM
      • How to align with NIST 800-53 security compliance management?
      • How to align with NIST 800-171 security compliance management?
      • How to align with PCI security compliance management?
      • How to custom create a security policy?
      • How to run a compliance scan?
      • How to align with HIPAA security compliance management using Saner CM?
    • Saner PM
      • How to fix firmware in Saner?
      • How to exclude patches in Saner PM?
      • How to manage excluded patches in Saner PM?
      • How to automate patch management in Saner PM?
      • How to roll back patches in Saner PM?
      • How to specify Service Level Agreement (SLA) using Remediation SLA in Saner PM?
      • How to apply missing patches in Saner PM?
      • How to apply the most critical patches in Saner PM?
      • How to perform custom remediation for applications that require paid patches using Saner PM
      • How to check the status of patching activity?
    • Saner EM
      • How to check wireless security in Windows systems?
      • How to collect all open ports in Windows systems?
      • How to check all firewall policies on Windows systems?
      • How to collect all the applications with an unknown publisher in Mac systems?
      • How to investigate DNS cache on Windows systems?
      • How to collect all the applications with an unknown publisher in Linux systems?
      • How to collect all software licenses in Windows systems?
      • How to collect environment variables set in all operating systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing Windows?
      • How to collect all families of operating systems such as Windows, Unix, and macOS?
      • How to collect all software licenses in Mac systems?
      • How to collect DNS information on Windows systems?
      • How to identify potentially unwanted programs such as torrent downloaders or unnecessary toolbars running on Windows systems?
      • How to collect all the applications with an unknown publisher in Windows systems?
      • How to collect all network interfaces in Windows systems?
      • How to collect a list of applications that are started when you boot your computer?
      • How to delete and quarantine a file?
      • How to collect mounted disk information on Linux systems?
      • How to check wireless signal quality in Windows systems?
      • How to perform system tuning?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing in Linux?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Linux systems?
      • How to collect DNS information on Linux systems?
      • How to check all firewall policies on Linux systems?
      • How to check wireless security in Linux systems?
      • How to check wireless signal quality in Linux systems?
      • How to collect all the important missing patches in Windows systems?
      • How to collect all installed patches in Windows systems?
      • How to collect all software patches that are hidden in the Windows Update server?
      • How to check the status of Windows Update Server (WSUS/SCCM)?
      • How to collect BIOS information such as serial number, version, manufacturer in Windows systems?
      • How to collect and investigate disk information on Windows systems?
      • How to investigate disks running out of space (<100 MB) in Windows systems?
      • How to collect operating systems information in Windows?
      • How to investigate total RAM or CPU threshold (greater than or equal to 80%) in Windows systems?
      • How to list all Groups in Windows systems?
      • How to collect all services that are currently running in Windows systems?
      • How to list all Administrator accounts on Windows systems?
      • How to list all guest accounts in Windows systems?
      • How to list all inactive users on Windows systems?
      • How to list last-logon details of users on Windows systems?
      • How to identify all users in Windows systems?
      • How to check if Bit-locker protection is OFF in Windows systems?
      • How to collect all keyboard and pointing devices connected to Windows systems?
      • How to collect all storage devices connected to Windows systems?
      • How to check account lockout policy on Windows systems?
      • How to check for Anti-Virus (AV) status in Windows systems?
      • How to check status of DEP in Windows systems?
      • How to check faulty Anti-Virus (AV) status in Windows systems?
      • How to check password policy set in Windows systems?
      • How to collect all security events from Windows Events Log?
      • How to start and stop the processes in Saner?
      • How to block blacklisted applications in Saner?
      • How to enable/disable devices in Saner
      • How to manually import devices into Saner?
      • How to deploy software in Saner EM?
      • How to enable and disable firewall settings in Saner AE?
      • How to collect all shared resources on Windows systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Windows systems?
      • How to connect to a client machine graphically using Saner Remote Access
  • FAQs
    • Saner CVEM Technical FAQs

Security Intelligence

  • Overview of Security Content and Intelligence
  • Security Content Statistics
  • Application and OS Remediation Coverage
  • Compliance Benchmark Coverage
  • List of Vulnerability to Exploit/Malware Mapping covered in Saner
  • OVAL Definitions Family-wise Distribution
  • OVAL Definitions Class-wise Distribution
  • OVAL Definitions Platform Coverage
View Categories
  • Home
  • Docs
  • Saner CVEM
  • Saner CVEM Products
  • Saner CVEM Network Scanner User Guide

Saner CVEM Network Scanner User Guide

Print Friendly, PDF & Email

Product Overview

Saner Network Scanner helps you identify vulnerabilities and misconfigurations across all IP-enabled devices in your Organization. And to do this – you don’t have to invest in additional hardware.

Network Scanner scans your network by leveraging the endpoints that exist in your network. Saner Network Scanner is built on a hub and spoke model – which effectively reduces the scan time required to scan and discover vulnerabilities in your network – making the entire process seamless and continuous.

Features of Saner Network Scanner

  • Network Scanner tool can detect network topology, devices, and operating systems and perform service fingerprinting across all IP-enabled devices.
  • Using Network Scanner, you can identify vulnerabilities and misconfigurations in network devices. Additionally, you can perform an external security posture analysis of endpoint devices.
  • With Saner Network Scanner, you don’t need to invest in additional hardware to have network scanning capability. Instead, the Network Scanner tool automatically identifies endpoints and designates them as network scanners.
  • You can automate daily scans using Network Scanner to perform periodic scans on your network.
  • Saner Network Scanner supports authenticated network scans. You can provide credentials to the network scripts and perform a scan on network devices in your infrastructure to identify the vulnerabilities existing on these devices.
  • Saner Network Scanner supports agentless scan –  you don’t have to deploy Saner Agent on target devices and still perform vulnerability and compliance scans.

Saner Network Scanner Pre-requisites

Endpoints running the below-mentioned OSs can be designated as Network Scanners.

  • Windows (32bit and 64-bit)
  • macOS
  • Linux (only 64-bit is supported)

Endpoints running Linux OS (32-bit), Alpine Linux (32-bit and 64-bit) and AIX (32-bit and 64-bit) can’t be designated as network scanners.

Also, you must have an active subscription to either one of the tools – Vulnerability Management, Compliance Management, or Asset Exposure- to use the Network Scanner feature.

Designate an Endpoint as a Network Scanner

You need to designate endpoints within your network as network scanners. You can do this in two ways

  1. Using the Wizard available in the Saner tool to designate an endpoint as a network scanner automatically.
  2. Designating endpoints as network scanners from the list of Saner recommended devices.

Designate a Saner Agent as a Network Scanner using the wizard

In this method, we use the Saner Agent installed on an endpoint device and designate it as a Network Scanner.

Follow the below steps to designate an endpoint as a Network Scanner using the wizard.

1: Log in to the Saner web console. Click the Control Panel icon located at the top right corner of the page.

2. On the Control Panel page, from the organization drop-down menu, select the organization you want to work with.

3. Select CVEM from the product drop-down menu.

4. Under the Scanners menu, click Network Scanner.

5:  On the Designate and Manage Network Scanners page, click the Create New Scanner button.

A pop-up screen with a drop-down menu appears. You will see two options here listed under Scanner Type.

  1. Designate an existing agent to Network Scanner.
  2. Setup and designate a new agent to Network Scanner.

4: Select the option – Designate an existing agent to Network Scanner.

A drop-down box with all the Saner Agents available in the Account that can be designated as a Network Scanner appears.

5: Select the device you want to be designated as a Network Scanner and click the Next button.

The Scan Config screen appears.

6: You must fill in the information in the text boxes marked with an asterisk (*). Let’s look at each of these textboxes present on the screen and the type of information you need to provide.

Name: – You must specify a name for the Scan Config

Targets – Mention the IP addresses of the targets you wish to scan. The IP addresses must be specified in a comma-separated list of target IP addresses or domain names for scanning. Target IP addresses can also be specified using CIDR notation. For example, 192.168.1.1 or 192.168.1.1/32 or 192.168.1.1-10.

Exclude List: Mention the IP addresses of the targets that need to be excluded by the network scanner while performing a network scan. You can specify multiple IP addresses separated by a comma that needs to be excluded by the Network Scanner.

Select Ports: This drop-down box provides you with five options. You need to select one of these five options.

  1. Default Ports
  2. Top 1000
  3. Top 500
  4. Top 100
  5. None

However, if you want to specify your own set of custom ports, select the checkbox Enter Custom Ports and specify the TCP and UDP ports you want to be scanned by the Network Scanner.

7: Select the Scan Schedule. You can select the scan to run at the below intervals.

  1. None
  2. Daily
  3. Weekly
  4. Monthly

8: Select the Run Scan schedule. Once you do that, you will see a pop-up screen where you must choose the Scan Policy. By default, the Default Policy gets selected in the drop-down box. Saner configures the Default Policy. Any other Scan Policy that you have configured for the selected account will be shown here in the drop-down list. Click the Create button once you have chosen the Scan Policy.

Note:
You can opt to change the Scan Config and Scan Policy whenever you launch a network scan using Saner Network Scanner.

Set up a New Saner Agent as a Network Scanner using the wizard

In this method, we install the Saner Agent on an endpoint device and then promote the agent as a Network Scanner.

1: Select the option Setup new agent to perform network scan. And select the Saner Agent Installer depending on the operating system installed on the endpoint.

2: Install Saner Agent on the device. In the meantime, while Saner Agent is getting installed, the wizard will wait for the Saner Agent to get installed and communicate back to the wizard.

3:  Saner Agent installed device pops up on the wizard. Select the device and click the Next button.

4: Now follow the instructions specified in Steps 7- 10 from the section – Using the Wizard to designate an Agent as a Network Scanner.

Saner Network Scanner is now ready to perform a network scan on your network.

Manually designate endpoints as Network Scanners

1: On the Designate and Manage Network Scanners page, click the Scanners button.

A list of devices from the Account that can be designated as Network Scanners is shown here.

2: Check the box Show only recommended devices to allow Saner’s recommendation engine to choose the best endpoints designated as Network Scanners.

3: Saner shows the endpoints that can be used to designate as Network Scanners. You can do this by clicking the Designate button under the Action column.

The Device Available table displays the below information:

Field NameDescription
Host NameThis column displays the hostname of the endpoint.
IP AddressThis column displays the ip address of the endpoint.
Mac AddressThis column displays the mac address of the endpoint.
Operating SystemThis column displays the operating system on the endpoint.
CPUThis column displays the processor available on the endpoint.
RAMThis column displays the Random Access Memory available on the endpoint.
DHCP StatusThis column shows if DHCP is enabled on the device. If DHCP is enabled, DHCP Status will be displayed as yes.
StatusThis column displays the Status of the endpoint. The green system icon indicates that the endpoint is online. And red system icon indicates that the endpoint is offline.
ActionThis column contains the Designate button. You can use this button to designate an endpoint as a Network Scanner.

4: Click the Designate button, and the selected endpoint gets designated as a Network Scanner. The Network Scanner is listed under the Designated Scanners section above the Device available table.

The Designated Network Scanner section has multiple icons. The below table describes the usage of each icon.

IconsDescription
This icon will start the Network Scan when clicked. If this icon is disabled, the device is either shut down or the Saner Agent on the device is inactive.
This icon will abort the ongoing Network Scan.
This icon indicates that the Saner Agent on the designated network scanner is active.
This icon indicates an inactive Saner Agent on the designated network scanner.
This icon indicates that the Network Scanner is active and scanning.
This icon indicates that the last Network Scan was aborted.
This icon indicates that the Network Scanner is idle.
This icon provides the details of the last network scan.
This icon deletes the Network Scanner.
This icon downloads the last two network scan reports. However, deleting the designated Network Scanner will delete the reports as well. At the same time, re-designating the Network Scanner will not restore old network scan reports.

Last Scan Information

Saner Network Scanner stores the results of the network scan performed on the devices on the Saner Server. You can find the last scan details by clicking the icon.

The Last Scan Information window displays the following information after every successful network scan:

  1. Scanner: The name of the scanner used for scanning the network is displayed here.
  2. Scan Configuration: This label shows the scan configuration used by the network scanner.
  3. Scan Status: This label shows whether the last scan was successful.
  4. Scan Summary: This label shows the date, time, the number of hosts scanned, and the total time required to perform the scan.
  5. Last Scan: This label shows the date and time the previous network scan occurred.
  6. Next Scan: This label shows the date and time for the next network scan.
  7. Scan Duration: This label shows the total time required to perform the last network scan.
  8. Targets scanned: This label shows the count of the total number of devices scanned during the last network scan.
  9. Targets not scanned: This label shows the total number of devices not scanned during the last network scan.
  10. Scripts Scanned: This label shows the total number of scripts /policies used during the last network scan.
  11. Results Uploaded: The status of the Saner Network Scanner uploads the network scan results to the Saner Server.
  12. Failed to Upload: The Saner Network Scanner could not upload the network scan results to the Saner Server. If the upload fails, it will be shown here.

Manage Scan Configuration

Saner Network Scanner uses a scan configuration to identify targets to scan and exclude the ones not to scan.

Create a new Scan Configuration

1: On the Designate and Manage Network Scanners page, click the Scan Config button.

2: Click the New Scan Config button at the top right side of the page.

A new pop-up appears on the screen. Fill in the information in the text boxes marked with an asterisk (*). Let’s look at each of these textboxes present on the screen and the type of information you need to provide.

Name: – You must specify a name for the Scan Config

Targets – Mention the IP addresses of the targets you wish to scan. The IP addresses must be specified in a comma-separated list of target IP addresses or domain names for scanning. Target IP addresses can also be specified using CIDR notation. For example, 192.168.1.1 or 192.168.1.1/32 or 192.168.1.1-10.

Exclude List: Mention the IP addresses of the targets that need to be excluded by the network scanner while performing a network scan. You can specify multiple IP addresses separated by a comma that needs to be excluded by the Network Scanner.

Scan Type: You can choose between the TCP and TCP&UDP scan you want to perform on the target device. TCP scans require less time than TCP&UDP scans.

Select Ports: This drop-down box provides you with five options. You need to select one of these five options.

  1. Default Ports
  2. Top 1000
  3. Top 500
  4. Top 100
  5. None

However, if you want to specify your own set of custom ports, select the checkbox Enter Custom Ports and specify the TCP and UDP ports you want to be scanned by the Network Scanner.

3: Select the Scan Schedule. You can select the scan to run at the below intervals.

  1. None
  2. Daily
  3. Weekly
  4. Monthly.

4: Click the Create button once you have provided all the information. The Scan Config policy is created and is listed on the Scan Config page.

Edit and Delete a Scan Config

The Action column on the Scan Config page has two options – Edit and Delete.

IconUsage
To edit an existing Scan Config.
To delete an existing Scan Config.

Manage Scan Policy

By default, Network Scanner uses Default Policy to scan devices. Default Policy – a collection of multiple scripts belonging to different families helps Network Scanner to identify vulnerabilities across devices. You can import a new policy, create one, and modify the existing Default Policy.

Create a New Policy

A Default Policy exists in the Saner Network Scanner. The Default Policy consists of preselected scripts. You can modify the scripts you want to be part of the Default Policy. However, you can’t delete the Default Policy; you can change it.

Follow the below steps to create a new policy:

1: Click the New Policy button on the top right of the page.

A new screen appears, prompting you to select the scripts you want to be part of the New Policy.

You can filter the scripts by using the category filter. The scripts fall into the following categories.

  1. Safe
  2. Vulnerability
  3. Exploit
  4. Default
  5. Discovery
  6. Version
  7. Authentication

Select the scripts category and click the Apply button. A list of scripts relevant to the selected category appears on the page. You can manually deselect scrips you don’t want to be part of the Scan Policy. Click the Next button.

2:  Provide the path for the web apps hosted in your environment. The Global Variables input fields will allow you to input the absolute path for these web apps. This step is not mandatory and should be skipped if you have no web apps in your environment. And then provide the set of credentials for the protocol you want the script to authenticate. HTTP/HTTPS and SSH protocols are currently supported. If you’re using HTTP protocol for authentication, you must provide the username and password.

Similarly, if using SSH, you must provide the username, password, private key, and passphrase. Specifying credentials is a mandatory step and cannot be skipped. You can save credentials which will appear on the right side under Saved Credentials section.

3: Specify the Name of the New Policy and provide a brief description in the Description box. Click the Create Policy button, and a new policy is created.

You’ve successfully created a new Scan Policy!

Import Policy

You can import a scan policy from different Accounts within the same Organization. Also, you can import scan policies from Accounts in other Organizations.

Follow the below steps to import a policy from another account:

1: On the Designate and Manage Network Scanners page, click the Scan Policy button.

2: Click the Import Policy button.

2: Select the Organization and the relevant Account from where you want to import the policy. You can only select one policy at a time, even if the Account has multiple policies.

3: Click the Import button. The selected policy gets imported into the current Account and will be visible on the Scan Policy screen.

Perform Authenticated Network Scans

Saner Network Scanner supports authenticated network scanning. New network scripts that support authentication are introduced under the Authenticated category. These scripts allow you to provide credentials and perform an authenticated scan on network devices. Also, the Saner Network Scanner allows you to store credentials that can be used by network scripts that support authentication.

You can create a new policy and add network scripts from the Authenticated category to perform an Authenticated Network Scan. At the same time, you can modify the existing policy to incorporate Authenticated network-scripts to perform an authenticated network scan.

Follow the below steps to create a new policy for performing an Authenticated Network Scan:

1: On the Designate and Manage Network Scanners page, click the Scan Policy button.

2: Click the New Policy button on the top right of the page.

A new screen appears, prompting you to select the scripts you want to be part of the New Policy.

3: Click the filter icon and select the Authentication category. And click the Apply button.

Network scripts from all the existing categories supporting authentication appear on the screen.

4: Select the scripts and click the Next button.

If the network script supports web apps scan, you need to provide the path where the web app resides. Saner Network Scanner will scan the web app using your selected network scripts. If the selected network script supports authentication, you can specify the credentials. Saner Network Scanner supports the following protocols.

  1. HTTPS/HTTPS
  2. SSH

For HTTP-type Authentication, you need to provide the following information:

  1. HTTP Username
  2. HTTP Password

For SSH-type Authentication, you need to provide the following information:

  1. SSH Username
  2. SSH Password     OR

a.   SSH Private Key

b.  SSH Passphrase

Save Credentials in Network Scanner

While creating a new scan policy, your credentials are stored and available only within the created policy. However, Saner Network Scanner allows you to store credentials separately that are not tied to any scan policy and can be used with network scripts that support authentication.

Follow the below steps to save credentials in Network Scanner.

  1. Click the plus icon next to the Saved Credentials label. Previously saved credentials appear below the Saved Credentials label.

A pop-up window appears on the screen.

Before saving the credentials, select the Authentication Type; you can choose between HTTP and SSH.

If you select HTTP authentication, you need to provide the following information.

Name – Provide the name under which you want the credentials to be saved.

Authentication Type – Select the authentication type as HTTP.

HTTP Username – Provide the username you want the network script to authenticate. HTTP Password – Provide the password for the network script to authenticate.

If you select SSH authentication, you must provide the following information.

Name – Provide the name under which you want the credentials to be saved.

Authentication Type – Select the authentication type as SSH.

SSH Username – Provide the username you want the network script to authenticate.

SSH Password – Provide the password you want the network script to authenticate.

Alternatively, you can provide the Private Key and Passphrase instead of SSH Password.

Perform Agentless Scans on Endpoints

We’ve introduced the Saner Agentless Scanner – a unique scanner that allows you to perform an on-demand scan for vulnerabilities and misconfigurations on your devices without deploying an agent. You can also use the Saner Agentless Scanner to schedule periodic scans.

Saner Agentless Scanner can authenticate to the target devices using SMB and SSH to remote targets. However, the target machines need to meet specific prerequisites.

Pre-requisites needed for performing Agentless Scans

For Linux and Mac Devices

The device should have an SSH Server running on it.

For Windows Devices

  • Direct Host (TCP 445) port must be accessible in both Network Scanner and target devices.
  • File and Print Sharing must be enabled.
  • The %systemroot% share (usually C$ or similar) must be accessible on the target devices.
  • A common administrator credential is required to perform authenticated scanning for the targeted Windows devices (both Domain Devices & Local Devices).

For Workgroup Devices

  • The LocalAccountTokenFilterPolicy must be provisioned to allow a full token on remote login. To do this, you need to make few changes to the registry. Follow the steps below to make the changes to the registry.
    • Click Start, click Run, type regedit, and then press Enter.
    • Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    • If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
      1. a. On the Edit menu, point to New, and then click DWORD Value.
      2. b. Type LocalAccountTokenFilterPolicy and then press Enter.
    • Right-click LocalAccountTokenFilterPolicy and then click OK.
    • In the Value data box, type 1, and then click OK.

For Linux and Mac devices

  • SSH Server needs to be installed and running (including the Network Scanner if it is a Linux machine).
  • The port 22 must be open on all target devices and allowed over the device firewall.
  • A common administrator credential (user must have root privileges or should be part of the sudoers list) is required to perform authenticated scanning for the targeted Linux / Mac devices.
Note:
The above requirements apply to target devices where you want to perform Agentless Scans. Endpoints designated as Network Scanners need not meet the prerequisites mentioned above.

Launch an Agentless Scan on Targeted Devices

You need to ensure that a Network  Scanner exists in the Account. Follow the steps in the Designating an Endpoint as a Network Scanner section if a Network Scanner doesn’t exist.

You can create a new Scan Configuration or edit an existing Scan Configuration to specify the target devices’ IP address/ IP address range for the Saner Agentless Scanner to scan. You can refer to the Managing Scan Configuration section to know how to create/edit scan configuration in the Saner Network Scanner.

Create a Scan Policy for Agentless Scanner

1: Click the New Policy button on the top right of the page.

A new screen appears, prompting you to select the scripts you want to be part of the New Policy.

2: Click the filter icon and select the Authentication category. Click the Apply button.

3: Uncheck the Family checkbox. Select the Local Security Check checkbox. You have two scripts under the Local Security Check family – Compliance and Vulnerability Scan. You need an active Saner VM subscription to perform a vulnerability scan. Similarly, you need an active Saner CM subscription to issue a compliance scan on the target devices.

Saner Agentless Scanner allows you to perform an individual scan, such as the Compliance Scan or Vulnerability Scan, or you can perform both scans on the target devices.

4: Select the Authentication type. Saner Agentless Scan supports both SSH and SMB-type authentication on target devices.

For SSH-type Authentication, you need to provide the following information:

  1. SSH Username
  2. SSH Password     OR

a.   SSH Private Key

b.  SSH Passphrase

For SMB-type authentication, you need to provide the username and password.

Also, you can use the saved credentials in the Saner Network Scanner to authenticate to target devices. Refer to the Saving Credentials in the Network Scanner section to learn how to save credentials in the Saner Network Scanner.

5: Click the Next button after providing the credentials.

Note:
Saner Agentless Scanner only supports SSH and SMB-type authentication. While saving credentials, ensure you don’t use HTTP-type authentication to authenticate to target devices.

6: Provide a Name for the newly created policy. You can briefly describe the policy, although it’s not mandatory.

7: Click the Create Policy button to create the Scan Policy.

Assign the Scan Configuration and Scan Policy to the Agentless Scanner

Click the Summary button and assign the Scan Config and Scan Policy to the Agentless Scanner.

Launch the scan by clicking the play button located right next to the Agentless Scanner. The Agentless Scanner will launch the scan on the target devices specified in the Scan Config.

View the Agentless Scanner Results

Saner Agentless Scanner stores the scan results performed on the target devices. You can access this information by clicking the button. You can also download the result in PDF format by clicking the button.

The Network Scan Report PDF file has a Vulnerability and Misconfigurations Details section. The target device IP Address is listed in the Impacted Hosts table. Right next to the IP Address, in the bracket, it will be specified as Auth – this indicates the target device was scanned using the Saner Agentless Scanner.

Discover Devices Using Network Scanner

On the Control Panel page, under the Discovery menu, click Device Discovery.

On the Device Discovery page, select the Network Scanner and provide the IP address range. Click the Discover button. Saner Network Scanner will search for devices within the specified range.

You can schedule the Network Scanner to run the discovery scan periodically. The following options are available for scheduling a Device Discovery scan:

  1. Daily
  2. Weekly
  3. Monthly

The devices found by the Saner Network Scanner are listed under the Unmanaged Devices section on the Managed Devices page. This helps you get better clarity on the number of devices that don’t have Saner Agent installed.

You can perform actions on the devices listed under Unmanaged Devices using the Action buttons.

Button Usage
The Add Device button adds discovered devices into Saner platform. A system administrator can use this button to add multiple devices to Saner platform by importing a CSV file that contains information related to the device.
The Deployment button deploys Saner Agents onto a device. A system administrator can deploy Saner Agent onto a device using the ‘Show Agent Download URL’ or ‘Download Deployer Tool.’
The Create Group button creates custom groups. You can add devices to these custom groups.
The Delete Device button deletes a device permanently from Saner platform.

View Network Devices Vulnerabilities

Network Scanner stores the results of the network scan on the Saner server. These results contain the vulnerabilities discovered in devices scanned as part of the network scan by the Network Scanner. You can view all the details associated with the network device (that includes Vulnerabilities, Misconfigurations, Assets, Ports, and Services on the Device Details Page.)

You can access the Device Details page using the below-mentioned pages.

  1. Managed Device Page.
  2. Vulnerability Management Dashboard.
  3. Compliance Management Dashboard.
  4. Asset Exposure Dashboard.
Note:
Network Scanner only identifies vulnerabilities and misconfigurations in a device. To remediate a vulnerability found in a network device, you must manually remediate it. We recommend using Saner tools to remediate the discovered vulnerabilities and misconfigurations.

View Network Devices vulnerability on the Device Details Page

On the Menu bar, click the display icon on the left side of the Admin Dashboard. You will be redirected to the Managed Devices page.

On the Managed Devices page, on the right side, you will see all the managed devices available for the selected Account presented in a tabular format.

Here, you can see the devices that Sane Agent and Saner Network Scanner manage.

For devices managed by Network Scanner, under the Managed By column, you can see  icon right next to them. This means that these are network devices and don’t have Saner Agents installed on them. The vulnerabilities discovered in these network devices need manual remediation. We recommend subscribing to Saner tools to help you in remediation.

Click the Host Name. This will take you to the Device Details page. You can find all the information related to the device, including CHS Score, Vulnerabilities, Misconfigurations, Assets, Ports, and Services, on this page.

Click here to learn more about the Device Details page.

Device Details Page

You will find all the details related to the network device on the Device Details page. Let’s break down the details displayed on the Device Details Page.

The top section of the page displays the following details:

  1. Cyber Hygiene Score: The CHS Score for the device will be displayed right below the device icon.
  2. Device Name: This label displays the host’s name detected during the network scan.
  3. Operating System: This label displays the name of the operating system detected running on the host during the network scan.
  4. Mac Address: This label displays the host’s mac address detected during the network scan by the Network Scanner.
  5. IP Address: This field displays the IP Address assigned to the device.
  6. Last Scan: This label displays the date and time Network Scanner scanned the device.
  7. Export Device Report: This button downloads all the details about the host presented on the screen in a .pdf format.

You will find four menu options on the left side of the Device Details page. They’re as

  1. Device Details
  2. Posture Anomaly
  3. Vulnerabilities
  4. Patches

Assets

This section displays all the software present on the network device with their relevant version number.

Vulnerabilities

This section displays all the vulnerabilities detected in the device.

Misconfigurations

This section displays all the Common Configuration Enumeration (CCE) IDs related to the device.

Ports /Services

This section displays the various ports on the network device, the protocol running on each, and the local address mapped to these ports. Also, this section shows all the services on the device with their current status.

View vulnerable network devices in the Vulnerability Management tool

In the two sections below, you can view vulnerable devices connected to your network in the Saner VM tool.

  1. Vulnerable Devices Section
  2. Vulnerabilities Section

Vulnerable Devices Section

On the Saner VM tool dashboard, go to the Vulnerable Devices section. Click the Family filter and select Others to list all the vulnerable network devices in your Account.

Once you apply the Others filter, your screen will look like the screen below.

Below mentioned information is presented in the table under the Vulnerable Devices table.

  1. Host Name: This column displays the hostname of the device. You can click on the hostname, which will take you to the Device Details Page, where you can find detailed information about all the vulnerabilities detected in the device.
  2. Operating System: This column displays the operating system running on the device.
  3. Group: This column displays the group to which the device belongs.
  4. Risks Count: This column displays the total number of vulnerabilities found in the device.
  5. Severity Distribution: This column displays the breakdown of the total number of vulnerabilities found in the device. The vulnerabilities are categorized into Critical, High, Medium, and Low. And these categories are color coded. They are as follows:
Vulnerability CategoryColor Code
CriticalRed
HighOrange
MediumYellow
LowBlue

6. Assets: This column displays the name and the number of vulnerable software running on the device. You can view the list of vulnerable applications running on the device by clicking the number in the column.

7. Last Scanned: This column displays the date and time a scan was performed on the device.

8. Status: This column displays whether the device is Active or Inactive.

Note:
You will see a thumbs-up icon for devices with no associated vulnerabilities under the Risks Count column and No Vulnerabilities text is shown under the Severity Distribution column.

Vulnerabilities Section

In the Vulnerabilities section, you can view the vulnerabilities listed by Common Vulnerabilities and Exposures (CVE) ID. The vulnerabilities table displays Assets, Host, Detected( Released(the day the vendor publicized the vulnerability), . Also, the table shows the date on which the Saner VM tool detected the vulnerability and the relevant fix.

Below mentioned information is presented in the table under the Vulnerable Section:

  1. ID: This column shows the unique CVE ID associated with the vulnerability detected in the devices.
  2. Title: This column shows a brief description of the detected CVE.
  3. Severity: This column shows the Severity score given to the CVE.
  4. Assets: This column shows the total number of assets the CVE affects in the selected Account.
  5. Hosts: This column shows the total number of hosts affected by the CVE in the selected Account.
  6. Detection Date: This column shows the date the vulnerability related to the CVE was detected by the Saner VM tool.
  7. Release Date: This column shows the date on which the vendor released the CVE related to the vulnerability.
  8. Fix: This column displays the necessary action to fix the relevant vulnerability.

View Network Scanner Logs

Saner Network Scanner records all the actions performed within the tool and assigns a unique code to each action.

To access the Logs section, click the Logs button on the top right of the Network Scanner page.

Saner Network Scanner logs are displayed in a tabular format. The table below displays the following information:

  1. Job Code: The Job Code associated with the action performed within the Saner Network Scanner tool.
  2. Date: The date and time the action was performed within Network Scanner.
  3. Organization: The Organization to which the Account belongs is displayed here.
  4. Account: The Account to which the User belongs is displayed here.
  5. User: The user’s name who performed the action in Network Scanner is displayed here.
  6. Message: The action performed using the Network Scanner is described here.

You can filter the logs presented in the Log table. The following filters are available:

  1. Accounts: This filter will display Account-specific logs. You can specify more than one Account at a time while filtering logs by Account.
  2. Users: This filter displays User-specific logs. You can specify more than one User at a time while filtering logs by User.
  3. Start Date and Date: This filter can show logs within a specified date range.

To remove any applied filters, click the Clear All button on the top right of the page. If there are multiple log entries, you can limit the log entries displayed on the screen by selecting the value from the Size drop-down box. You can choose 10, 25, 50, and 100 log entries to be shown simultaneously.

The table below lists Saner Network Scanner job codes with their brief description.

Job CodeDescription
14000Network Scanner Management
14001Initiate Discovery Scan
14002Add Discovery Scan Configuration
14003Update Discovery Scan Configuration
14004Delete Discovery Scan Configuration
14005Upload Discovery Scan Data
14006Failed to Upload Discovery Scan Data
14007Add Network Scan Device
14008Failed to Add Network Scan Device
14009Updated Network Scan Device
14010Failed to Update Network Scan Device
14011Failed to Add Discovery Scan Configuration
14012Failed to Update Discovery Scan Configuration
14013Failed to Delete Discovery Scan Configuration
14014Stop Network Scan
14015Delete Device
14016Failed to Delete Device
14017Rename Network Scan Device
14018Failed to Rename Network Scan Device
14019Updated Device as Network Scanner
14020Failed to Update Device as Network Scanner
14021Removed Device as Network Scanner
14022Failed to Remove Device as Network Scanner
14023Initiate Network Scan
14024Add Network Scan Configuration
14025Failed to Add Network Scan Configuration
14026Update Network Scan Configuration
14027Failed to Update Network Scan Configuration
14028Delete Network Scan Configuration
14029Failed to Delete Network Scan Configuration
14030Add Network Scan Policy
14031Failed to Add Network Scan Policy
14032Update Network Scan Policy
14033Failed to Update Network Scan Policy
14034Delete Network Scan Policy
14035Failed to Delete Network Scan Policy
Share This Article :
  • X
  • LinkedIn
Still stuck? How can we help?

Saner Documentation Feedback

Saner CVEM Remote Access User GuideSaner CVEM Cyber Hygiene Score User Guide
Table of Contents
  • Product Overview
  • Features of Saner Network Scanner
  • Saner Network Scanner Pre-requisites
  • Designate an Endpoint as a Network Scanner
    • Designate a Saner Agent as a Network Scanner using the wizard
  • Set up a New Saner Agent as a Network Scanner using the wizard
  • Manually designate endpoints as Network Scanners
  • Last Scan Information
  • Manage Scan Configuration
    • Create a new Scan Configuration
    • Edit and Delete a Scan Config
  • Manage Scan Policy
    • Create a New Policy
  • Import Policy
  • Perform Authenticated Network Scans
    • Save Credentials in Network Scanner
  • Perform Agentless Scans on Endpoints
    • Pre-requisites needed for performing Agentless Scans
      • For Linux and Mac Devices
      • For Windows Devices
      • For Workgroup Devices
      • For Linux and Mac devices
  • Launch an Agentless Scan on Targeted Devices
    • Create a Scan Policy for Agentless Scanner
    • Assign the Scan Configuration and Scan Policy to the Agentless Scanner
    • View the Agentless Scanner Results
  • Discover Devices Using Network Scanner
  • View Network Devices Vulnerabilities
    • View Network Devices vulnerability on the Device Details Page
    • Device Details Page
  • View vulnerable network devices in the Vulnerability Management tool
    • Vulnerable Devices Section
    • Vulnerabilities Section
  • View Network Scanner Logs
Copyright 2025 - SecPod. All Rights Reserved. Privacy Policy.
SanerNow Version 6.3.x