How to get started with SanerNow?
Sign up at https://sanernow.com// and choose the tools you need. To establish accounts and deploy on agents, go to “Open Console.” You should be able to set up one thousand devices and view their statistics within just 10 minutes.
What measures can we take to secure our account?
SanerNow supports PingOne MFA and Google Authenticator MFA to enable extra secure access to your account. SanerNow presently supports SMS, Email, and the Authenticator app as PingOne MFA authentication methods.
How is my data secured?
Your information is stored confidential. Data integrity and request or response verification are ensured in various ways. Our expert team guarantees that the platform undergoes many layers of security checks. These teams are up to speed on the most recent cyberattacks and threats, and they help define checks for products like OpenVAS. We keep your information safe.
What is the average size of content downloaded or network utilization by agents from your server during the scan?
On Windows Machines, an active agent may download an average of 4MB of data (only when the material requires an update/if modified). However, this varies based on identifying vulnerabilities and configuration issues. Our signatures are released every two to three weeks. We’ve designed ways to speed up the download of content.
How are system resources utilized, or how is the CPU performance during the scan?
In low mode scan, the CPU use averages 20-30%. While scans go quickly and conclude in minutes while running at full throttle, the CPU averages 50-80 percent for a few seconds before dropping to 20-30 percent. Saner service priorities are common, and operating systems handle them efficiently. It won’t get in the way of your activities.
What settings may be required to optimize the network during remediation/patching?
Set up a local patch server or a WSUS server in your organization. Agents are designed to detect WSUS server configurations and retrieve patches from them. If your endpoints do not have WSUS installed, you can utilize the EQR section to configure Registry Response.
Visit https://support.microsoft.com/en-in/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s for more information.
A local HTTP/HTTPS/FTP server can also serve third-party product fixes. Remediate may be found on Control Panel > Deployment> Agent configuration > Create Settings > Remediate.
Select Third-party goods patch server, then Local. A new set of options will appear, prompting you to enter the server URL. For a big setup, contact [email protected] for a Remediation resource feed.
Buffering patches with bandwidth consumption constraints, found under Manage> Create Settings > Remediate, might also aid in the optimization of remediation activities.
How are system resources utilized, or how is the CPU performance during remediation?
During remediation, the CPU average is relatively low. Patches are queued and applied in order. After the remediation operation, or rule, is completed, a scan is done.
Can I configure a period between which remediation should start and end?
Yes. When setting up a remediation job or rule, you can provide a timeline with a start and end date-time. For instance, remediation at a typical organization may finish at 8:00 a.m., when employees begin their workday. If an automatic remediation job is running at 8:00 a.m., it will come to its logical end, and any reboot or sequential tasks will be completed in the next interval. On the other hand, short-term remedial tasks will be completed, and the results uploaded.
After configuring a period between which remediation should start and end, can you change it?
Yes, you can modify the timeframe for remediation automation, which will take effect the next time. Tasks for short-term remediation cannot be modified.
Can I install a customized patch for remediation or install other applications using Saner?
Yes. In Endpoint Management’s Response section, you can perform Software Deployment. All software and updates will be deployed quietly, causing no interruption to end-users. If common options such as /S are not applied, it is recommended to evaluate your installation and offer an appropriate silent option.
Can I install a non-security patch also with Saner?
Yes, you can install a non-security patch with Saner.
What should I do if a remediation patch is not available?
You can opt to block the application and then unblock it later temporarily.
Go to EQR > Build your own Response > Application Block.
How can I remediate commercially licensed products such as Adobe Acrobat or Oracle WebLogic Server?
In Endpoint Management’s Response section, you may perform Software Deployment. Provide a vendor URL for downloading or uploading a patch and a silent option.
Can I find out how long a vulnerability existed in an organization?
Yes. The vulnerability patching graph in the VM dashboard shows how long a vulnerability has been present in an organization since it was discovered on our platform.
What are the following steps to vulnerability detection?
VM provides thorough information on current security vulnerabilities that make endpoints vulnerable to malware threats.
The following steps would be to plan patching activities with PM and ensure endpoint protection software is up to date with EM. EQR will also assist AE in determining whether such vulnerable software assets are employed frequently or sparingly in the case of an ongoing threat.
How can I mitigate vulnerabilities effectively?
To prioritize your patching activities, you can visualize vulnerability mitigation statistics. Because it is vulnerable to malware attacks, an awareness of high-fidelity attacks alerts you about operations that require immediate attention. Vulnerability based on severity scores and other statistics may also help determine the next steps in vulnerability mitigation.
Can I find out how long the patch was available and not applied in an organization?
Yes. When the vendor provided a missing patch, it did not apply to the PM dashboard’s endpoints, as seen in the patch patching graph. Patching Impact and Configuration Impact are useful tools for visualizing remediation consequences.
Remediation and Software Patching is a long and tough activity. What if something goes wrong? Is the rollback option available?
Technical specialists thoroughly test our patches to guarantee correct and timely. The saner agent has evolved as part of the remediation process to ensure rapid patching.
A Rollback function is provided for Windows, Linux, and Mac operating system fixes in any case. There is also a compliance rollback in place. Third-party software cannot be rolled back; however, it may be reinstalled with the previous version. Go to the PM dashboard > left panel > PM > Rollback.
Before deploying remediation, ensure that you’ve verified if a patch can be rolled back since certain vendor patches don’t allow it.
Can I know why particular remediation failed?
Yes. ‘Reason for Failure’ is seen on the PM dashboard. The ‘Job Status summary’ section of the dashboard also allows you to check the status of specific remediation jobs. To learn more about status, click expand.
A patch is available and approved in my WSUS server, but Saner remediation fails. Why?
Each configuration is unique, and some preventative action on your behalf may assist in the resolution of such issues. Check that the system is set up appropriately on your WSUS server (on one of the endpoints). To check if a patch is available, go to Windows Update. Saner should be able to get any appropriate patches that emerge in the system. If this is not the case, either WUS is incorrectly set up, or a pre-requisite patch prevents repair.
Please be aware that applying a patch may cause further patches in a software asset to become available. Additionally, the Windows Update software may require updating. Before you do anything else, consider installing it.
Feel free to send your observations to [email protected] so that your issue can be resolved. We will be pleased to assist you.
Can I identify software products that are out-of-life? What actions can be taken for out-of-life products?
Yes. Check AE dashboard > Outdated Applications. Consider installing upgrades using Software Deployment in the Response section of Endpoint Management. You may also uninstall such applications using the Application Management> uninstall option.
Does Saner provide tracking of software licenses?
Yes. An organization’s software licenses and expenses might be tracked in AE. You may also assess software licensing using an external feed.
Can I blacklist or whitelist software applications?
Yes. Import the blacklisted or whitelisted applications feed (in CSV format) into AE and check for any abnormalities on the dashboard. We do not currently uninstall or block applications using the feed automatically. This may be done automatically by using EQR > Build your Detection and Response to perform a response script on a constant schedule.
How can response actions be executed from Saner?
Network, Process, Service, Software Deployment, System, Application and Devices, Security, File, Windows Registry, Tune-up, and Startup Programs are all response activities. For further information, please see the individual categories. In the Response section, each category contains a set of actions.
Is it possible to automate responses/actions on detection scripts?
Yes. Actions may be created in EM based on existing detection scripts.
Can we add more detection scripts in EM?
There are currently over 100+ detection scripts defined and ready to use. Using the EM > Tools section, you may add additional. Please email us at [email protected] if you have any questions or special requests.
Can I know the system health of all my endpoints?
Yes. Go to EM tool > Checks > System Health. Click to get real-time data. Visualize Disks space used to reach 90% and high CPU and RAM usage.
Can I command my endpoint to scan now or reboot now?
Yes. Go to Devices>Select device>Click on ‘Scan now.’ For reboot, go to EQR> Response>Select Reboot.
What are the common indicators of compromise/attack?
Endpoint protection software is disabled, security systems are disabled, torrent-like downloads, a new application in the start-up software system, common operating system libraries have a different MD5sum, unknown processes are running, or multiple ports are open. Disc space is running out, to name a few.
What is the existing Compliance benchmark supported by Saner?
SecPod Default Compliance, the Vendor’s recommended (such as Microsoft) General Compliance, NIST-800-53, NIST 800-171, PCI, HIPPA, and others such as ISO 27001, WMI, ports, process control, service control, device control, anti-virus compliance, and so on, can all be customized to meet the needs of the user.
Can I remove checks from an existing Compliance benchmark?
If it does not comply with your organization, deselect the rule or category while creating/editing compliance.
Can I take remediation actions on customized Compliance checks?
Yes. Users create compliance, and remediation scripts are generated automatically. To understand more, go to CM dashboard > Remediation actions.
Why do some compliance checks show not selected or not checked status?
If you deselect some checks, they will appear in the report as ‘Not selected.’ Compliance checks that require input from the user are usually ‘Not checked’ unless the user provides information. If you encounter any problems, please get in touch with [email protected]. Screenshots of reports/dashboards and agent audit logs will help you understand the case.
Can I apply rollback on a customized Compliance benchmark?
Yes, you can apply rollback on a customized compliance benchmark.
Can I see trending reports?
Yes, you can generate trending reports. SanerNow provides the capability to generate daily, weekly, monthly, quarterly, and yearly reports for Vulnerability, Patching, and Compliance.
Can I export individual endpoint reports?
Yes, individual endpoint reports can be exported. On the left side of the dashboard, click Reports > Saved Reports>PDF Download. Users can export the canned report as a PDF file. The downloaded PDF report will maintain the alignment and filters applied to each part.
Can I be alerted to specific incidents on endpoints?
Various alerts can be issued to notify you of failed activities, endpoint incidents, critical vulnerabilities, configuration issues, and new endpoint detection, among other things. Select Alerts from the dashboard’s left side to find out more.
How long does a scan take?
In Windows, a typical scan takes less than 5 minutes, whereas Linux and Mac machines require 1-2 minutes. Agents’ unique methods and algorithms assist in this.
My scan is prolonged. What can I do?
Contact [email protected] with the endpoint’s audit log received from Devices>Click on hostname> Click on Audit Logs. You can also change settings > Log to debug, scan and send spsaneragent.log from the endpoint system under SecPod Saner installation directory/log folder in Windows and /var/log/saner in Unix-based machines.