Overview

SecPod SanerNow Cyberhygiene platform is a continuous and automated Vulnerability Management solution built for the modern IT security landscape. SanerNow enables you to go beyond traditional vulnerability management practices and get complete visibility and control over your organization’s attack surface. Leveraging the home-grown world’s largest vulnerability database with 160,000+ security checks, SanerNow runs the fastest scans to discover IT assets, vulnerabilities, misconfigurations, and other security risk exposures. It provides the necessary remediation fixes to mitigate the security loopholes and automates tasks end-to-end to make it a simple daily routine.

SanerNow Use Cases

SanerNow addresses the following business cases:

• Vulnerability Management – Continuously assess vulnerabilities and risks, automated to a daily routine.
• Patch Management – Apply patches on all operating system like Windows, Mac, Linux, and 300+ third-party applications.
• Compliance Management – Comply with regulatory standards benchmarks and achieve continuous compliance (PCI, HIPAA, NIST 800-53, NIST 800-171).
• Asset Exposure –  Gain complete visibility and control over your IT assets
• Endpoint Management – Manage endpoints and ensure their system health.
• Endpoint Query Response – Run query and analyze dataset from endpoints. Build response and act upon issues.

Getting Started With SanerNow

Introduction

SanerNow^TM is a platform and tools for managing and securing your endpoints. The platform is designed as a SaaS model and provides security and IT management tools on demand.

Please refer to the SanerNow website https://sanernow.com or click on the above

Getting started with SanerNow

There are only a few simple steps to get started with SanerNow.

• Sign Up
  • Select a Plan
  • Provision Tools
  • Update Profile
• Open SanerNow Platform
  • Create Account
  • Create User
  • Deploy Agents
• Use SanerNow Tools

Sign up

On the SanerNow web page https://www.sanernow.com, click “Sign Up” or “Try for free” at the top right.

The first and last name must contain alphanumeric characters. The password needs to have at least one number, one upper case, one lower case and a special character. It must be at least seven characters and no more than 20 characters. The password should only contain these special characters ~ ! @ $ ^ & * ( ) – = _

Click Sign Up to complete registration.

To sign up, enter a valid email address, your name, and password. The email address will be the username for your login.

Note: If you are unable to register, please check your email address to ensure it is valid and that it hasn’t been previously registered.

An email will be sent to you to verify your registration email.

Note: If you don’t receive the email within a few minutes, please check your email spam folder.

Click on the link in the email to finish the verification process. Within a few minutes you should receive a confirmation web page.

You will be redirected to a web page as shown below after email verification. Click Sign In with your email address and password.

Note: Please contact support@staging.secpod.com if you did not receive the registration email or if the Sign Up Confirmation isn’t displayed after clicking the email link. It may take a few minutes for the confirmation to display.

On the SanerNow web page (https://sanernow.com), click Sign In at the top right.

Select Plan (This step is not required if you clicked “Try for free”)

After signing in to SanerNow, you can select a free evaluation or monthly plan.

The Free SanerNow Evaluation plan lets you try out SanerNow tools for up to a month on up to ten endpoints. You can switch to a monthly plan at any time.

The SanerNow Monthly plan includes monthly billing based on tools provisioned and number of endpoints managed. An invoice will be generated after the end of each month, which will be sent to the account registration email address. Please contact support@staging.secpod.com if you will be managing more than 5,000 endpoints.

If you clicked “Try for free”, plan selection is not required. You’ll be taken to “Provision Tools” step.

Select the desired plan and click Next.

Click on next to proceed.

Provision Tools

Select the tools you would like to provision. For the Free Evaluation Plan, you will most likely want to provision all tools. With the Monthly Plan you can then provision specific tools for each account you create. Accounts allow you to segregate endpoints by site and to control user access.

Select the tools to provision and click Next.

Update Profile

Enter billing details to complete the sign up process. Enter your address, state, country, zip code and preferred currency. A valid phone number is required. This information will be used for generating invoices.

Click Save.

Open Saner Platform

Click Open Saner Platform at the top right. You will then be redirected to saner.secpod.com.

Create Account

Create an account or site with a name, organization, valid email address (that will be used for reports and alerts), number of subscriptions and tools to be provisioned.

Once an account or site is created, SanerNow agents will be built. The agents are built specifically for each account or site.

Note: This process takes several minutes. Please be patient.

Note: Later you can create additional accounts or sites by clicking the gear icon at the upper right.

Deploy Agents

SanerNow agents can be deployed to endpoints by using the links on this page. Select the appropriate agent for the endpoint operating system. When using SanerNow, you can also go to Manage > Devices > Deployment and use a URL for downloading agents.

Use SanerNow Tools

Click the icon at the top left corner of the screen to select an account or site to manage.

tools for more detail.

Click Manage > Devices to see device information after agents have been deployed

click on  at the top center to select SanerNow tools.

Note: If you are unable to view all tools by clicking , this could be because some of the tools were not provisioned for this account.

Note: Refer to the SanerNow User Guides in the Documentation section of the SanerNow website for detailed information (www.sanernow.com/documentation).

Note: If you have any issues, please contact Technical Support at support@staging.secpod.com.

Guides

User Guides

• General Settings
• Vulnerability Management
• Asset Management
• Patch Management
• Compliance Management
• Endpoint Detection and Response
• Endpoint Management
• SanerNow Network Scanner

Technical Guides

• Saner 4.1.1.0 Websocket
• Saner 4.1.1.0 Software Deployment
• Saner 4.2.1.0 Custom Reports

Release Notes SanerNow 5.1

At SecPod, we strive toward making your journey with us seamless and effective. Our 5.1 release is here with many exciting features and enhancements to help you make the best out of SanerNow.

Overview of what’s in store in SanerNow 5.1

New Features:

• Introducing Trending Reports: We have added 58 new reports to give insights on trending data on Vulnerability, Compliance, and Patching. You can generate these reports on a daily, weekly, monthly, quarterly, and yearly basis. 
• Introducing Risk Assessment report: This report will help you understand and analyze the security risks prevalent in your network and identify remediation actions.
• Introducing Patching Impact report: This report will help you understand the impact of the patching activities performed in your network. 
• Organization Reports: You can now create Organization reports for Risk Assessment and Patching Impact. This report will fetch and provide information for all the accounts in an organization.
• Introducing New User Role with read-only access: Users with this role will be able to perform read-only operations. You can customize the access at the tool level. For example, you can give full access to Vulnerability Management and read-only access to Patch Management.
• Introducing multi-factor authentication:  Supports PingOne multi-factor authentication to enhance security.

New Operating Systems Support: 

Introducing support for Rocky Linux (8.3, 8.4, and 8.5) and AlmaLinux (8.4 and 8.5)

Enhancements:

User Interface (UI) Enhancements:

• Redesigned interfaces: Redesigned Control Panel, Admin, and Account dashboard for better Usability.
• Simplifying Agent onboarding experience: Deployment and Device Management options are now available under the Deployment option in Control Panel. 

New REST APIs: 

• Introducing new APIs for Network scanner: 26 new REST APIs to create, configure, and manage Network Scanner. 
• Introducing new APIs for multi-factor authentication: 12 new REST APIs for configuring and managing multi-factor authentication.
• Introducing new APIs for Patch and Device Management: 11 new REST APIs to perform patching, rollback, reboot, and uninstallation of devices.

Updates to existing REST APIs:

• Updates to Default Rest API response format: Default REST API response format will now be in JSON instead of Zip. If you need the response format to be in Zip, the header accept attribute needs to be set as Application/ZIP. 
• New custom report elements: We have enhanced report APIs to include 19 new Vulnerability and Patch Management reports.

Tool name changes:

• Asset Management (AM) is now Asset Exposure (AE)
• Endpoint Detection and Response (EDR) is now Endpoint Query Response (EQR)

Along with these new features and enhancements, this release also includes bug fixes.

We hope SecPod SanerNow 5.1 will ease your experience with us to a greater extent. Please mail us at support@secpod.com for any feature requests or enhancements you expect in the product. To learn more about SecPod, visit www.secpod.com.

Release notes SanerNow 5.0

We are thrilled to announce the most exciting release of SecPod in the recent past. SanerNow 5.0 is here to put an end to the eternal search for a full-fledged and automated vulnerability management solution, that needs no scanner appliance, and no spec-heavy dedicated scanner servers, intended to make vulnerability management seamless and automated. SanerNow is going to give a 360 degree vulnerability exposure of all IP enabled devices in your network topology, aiding remediation from the same console. SanerNow’s new paradigm of Security, Risk, and Compliance also comes with numerous other enhancements to make this release even more interesting.

What’s new in SanerNow 5.0

Extending our vulnerability Assessment capabilities to Network Devices

Along with the end-to-end vulnerability management for endpoints, we have now built network scanning capabilities to detect non-endpoint devices and discover vulnerabilities in them. A few of the top capabilities of our network scanner includes:

• Detect the whole network topology, devices, operating system, and service fingerprinting across all IP-enabled devices.
• Discover vulnerabilities and mis-configurations in network enabled devices.
• Perform external security posture analysis of network and endpoint devices.
• Scanner is built on distributed hub and spoke model which will utilize the existing devices to perform network scanning. This will save additional investment in extra appliances or hardware. This distributes the scanning responsibility, achieves speed, and makes the process effortlessly continuous.
• Introducing a detailed device page which will list all the findings of network enabled devices.
• Achieve automated daily vulnerability scans without impacting productivity.
• Ability to perform external vulnerability assessment on any number of target devices.

Other crucial Enhancements

Vulnerability Management

• Introducing New MVE Schema: You can now view detailed description of attacks that exploit vulnerabilities in the “High Fidelity Attacks” view as we have introduced a new MVE (Malware Vulnerability Enumeration) language.
• Introducing Vulnerable Devices and Vulnerabilities view: This view will list detailed information of all vulnerabilities and vulnerable devices in the network. You can also view the risk level based on severity.
• Enhanced vulnerability visibility: Introducing new views to check vulnerabilities by group, vulnerability by OSs, and vulnerability by age.
• Know the most recommended remediation to manage vulnerabilities: Introducing “Top recommended remediation” view. This view will list top-recommended remediations based on CRE (Common Remediation Enumeration) and the number of hosts affected.

Asset Management

• Enhanced visibility in asset management dashboard to support network scanner devices: The “Device Types” view will show the distribution of devices based on the device types and the “Manufacturer view” shows the distribution of devices based on the publisher. The “Other” category is included now to view the list of network scanner devices.
• Redesigned Device view and Application Details view: A new dashboard element is added to represent the Device view and also Application Details view.
• Introducing filters to view only required details in the devices table: Added the Source, OS, Family, and Status filters in the Devices table.

Patch Management

• Enhancements in remediation job and rule creation: Ability to create multiple remediation jobs and automation rules for a single device or a group of devices.

Compliance Management

• Remediate Mis-Configurations within Compliance Management: Introduced “Missing Configuration”, “Automation”, “Rollback”, and “Status” sections in the Compliance Management dashboard to allow rollout of configuration patches. Actions are introduced to create and schedule a task to deploy configuration patches and view the status of all remediation jobs and rules.
• Pie chart view to assess deviations of a group of devices: Added “Deviations By Group” view to show the distribution of deviations based on the group of devices. The details can be assessed with the help of a pie chart.
• Introducing “Top Non-Compliant Rules” view: Added “Top Non-Compliant Rules” pane to show the list of remediation rules with CCE ID.
• Combining views for enhanced visibility: The Benchmarks and the Rule-Based Distribution views are combined for better visibility.
• Introducing “Top remediation recommendation” view: It will list the top recommended remediations based on the CRE and the number of hosts affected.

General Enhancements:

• Introducing new APIs and provided updates to many existing APIs to elevate product integration capabilities.
• Redesigned various views across the product to enhance user experience.

Check out our release notes document for detailed insights on the release.

We hope our new release will take the SanerNow experience to the next level. Please check out our latest update and do share your thoughts on any new enhancements you expect from us. For queries, please mail us at support@staging.secpod.com

Release Notes SanerNow 4.8.0.0

Release Notes SanerNow 4.7.0.0

To know more about the exciting updates of this release, please look at our release notes below.

Release Summary:

New Feature:

Introducing Active Directory Integration for scaling up operational efficiency.

SanerNow now enables you to seamlessly manage your organizational hierarchy, including Organizational Units (OU), Groups, and Devices with its latest AD integration.

1. Sync your AD with SanerNow’s Asset Info: Sync IT assets from your Organization’s active directory into SanerNow’s asset data using built-in and scheduled scanning.
2. Automatically scan and track the latest AD changes: Configure rules to automatically scan and synchronize the latest information of OUs, Groups, and Devices. Automatically track important changes, including newly commissioned and decommissioned devices, movements of assets across Groups and OUs, etc.
3. Install SanerNow agent through GPO policy: Easily install SanerNow agents your endpoints through AD Group Policy Object (GPO) policy.

Enhancements:

1. Effective management of Organization’s hierarchy: Introduced a new entity type, Organization in the hierarchy to contain Accounts, thereby truly representing an organization’s hierarchy.
2. Introducing a new user role: “Organization Admin”, a new role to have complete access to manage the entire organization.
3. Enhancements in control panel: Redesigned control panel to improve user experience.
4. Easy onboarding of organizations: Simplified onboarding of an Organization with quick and easy steps.
5. Secure Access using Two Factor Authentication: Introducing two factor authentication for all users across the Organization to tighten security.
6. Support for MS Windows Semi-Annual channel: Introducing support for Microsoft Windows Semi-Annual channel.
7. Improved patching efficiency for MS OS and other apps: Enhanced patching technology for Microsoft OS and other applications, and improved accuracy in patch reports.
8. Auto-detection of Network Proxy: Introducing support to auto-detect network proxy using Proxy Auto-Configuration (PAC) file.
9. Enhanced reboot pop-up window: Redesigned reboot pop-up and message windows for better user experience.
10. Reflecting the user’s time zone: Time representations are changed to reflect the user’s time zone.
11. Enhanced Device and Asset Inventory under Asset Management: Improved Asset Management efficiency in collecting additional device and asset details
12. Upgradation of all SanerNow components and third-party libraries:
    • Upgraded Ancor OS, application servers, and database components
    • Enabled UEFI boot support
    • Upgraded the third-party libraries
13. Speeding up on-prem server deployment: Introducing auto-configuration of the on-premise server to speed up deployment.
14. Enhancements in reports:
    • Two new report APIs has been added to support patch compliance and device patch compliance
    • Apply custom created templates to other Accounts and set as a rule to the new Accounts under an organization or across multiple organizations.
    • A high-level report has been added to analyze device risk posture in the PDF format.

Additionally, several bugs are fixed to improve the reliability, performance, and security of the SanerNow platform.

We hope SecPod SanerNow 4.7.0.0 will ease your endpoint security and management operations to a greater extent. Please mail us at support@staging.secpod.com for any feature request or enhancements you expect in the product.

Release Notes SanerNow 4.6.0.0

July 28, 2020

SanerNow 4.6.0.0 comes out with several enhancements to enrich the product usage experience. . This maintenance release also includes  bug fixes to enhance the performance of the SanerNow platform.

Release Summary

Patch Management (PM) module improved with new enhancements

1. Enhanced visibility in the Patch Management (PM) Dashboard to understand risks, patches, and the impact of patching at any given time.
2. Added search functionality in PM Dashboard, supporting granular searches on all patch metadata.
3. Ability to view the impact of patching while creating patching tasks.
4. Added search filters in the PM job status page
5. Added a new policy to automatically delete inactive devices based on specific criteria.

Others:

1. New support introduced to audit SQL based Database Servers

Several bugs have been addressed improving the reliability, performance, and security of the SanerNow platform.

We hope SecPod SanerNow 4.6.0.0 will ease your endpoint security and management operations to a greater extent. Please mail us at support@staging.secpod.com for any feature request or enhancements you expect in the product.

Release Notes SanerNow 4.5.0.0

May 17, 2020

SanerNow 4.5.0.0 brings several enhancements to the Patch Management (PM) module along with a few product performance improvements. This maintenance release also consists of fixes to bugs, security issues, and enhancements to REST API coverage.

Release Summary

Performance Improvements – Enhanced product performance for better usage

1. Access SanerNow Dashboards more efficiently now: Significant user experience and performance improvements are made to load the dashboard elements faster.
2. Enhanced management for transient devices: Improved support for transient devices changing locations frequently.
3. Introducing custom templates for reports: Ability to create a custom template for reports, which can then be applied to all other Customer Accounts or Sites.

Patch Management (PM) – Patch management improved with new functionalities

1. Included new filters for better visibility: Added filters to identify inactive devices and list devices by their operating system version and build number.
2. Introducing a single click filter: A single-click filter is introduced to list third-party application patches by the operating system family.
3. Test and deploy Firmware and non-security patches now: Firmware and non-security patches are included in the Test and Deploy feature. This would allow users to verify patches in a testbed and then approve for production rollout.
4. Enhancements to save bandwidth usage: The patching jobs are now sent only to the applicable devices in the selected group of devices significantly improving the performance and reducing network bandwidth utilization.

General enhancements and bug fixes

1. Fixed few security issues in the platform.
2. Inconsistency in the SanerNow agent upgrade is addressed considering a fail-over situation.
3. More indicaors are added to show the agent’s remediation progress.
4. Various bugs are resolved on dashboards, reports, and other tools.

We hope SecPod SanerNow 4.5.0.0 will ease your endpoint security and management operations to a greater extent. Please mail us at support@staging.secpod.com for any feature request or enhancements you expect in the product.

Release Notes SanerNow 4.4.0.0

March 19, 2020

At SecPod, we strive towards delivering solution to enhance user experience. SanerNow 4.4.0.0 comes with a bundle of new additions, enhancements and bug fixes to increase efficient product usage. In this release we have brought several enhancements to Patch Management, Endpoint detection and response and Agent Deployment Tool, covering other general enhancements and bug fixes as well.

Patch Management (PM) – Enhancing patch management for better visibility

1. Introducing device view and patch view: A new dashboard element is added to represent a Device view, with the option to switch to Patch view. The Device view shows a list of all applicable patches per device, risks, patch-ability status, etc along with a single click option to create a remediation job.
2. Check patch repository reachability status and resolve issues: Patch repository reachability status added on the dashboard to diagnose issues related to patching.
3. Introducing all new device-based reports: Device-based Report APIs are added in Patch Management (PM) under Reports. The APIs such as Devices with Missing Security Patches, Missing Configuration, Most Critical Patches to give you better insight on effective patching, Patches for Paid-Products or licensed products, Missing Patches of Non-reachable devices.
4. Insightful error messages to resolve patching obstacles: Error codes and reasons are added to better understand Status on Patch Remediation and Automation tasks.
5. Show customized alerts on functional end-user systems before initiating remediation: Reboot alert messages can be provided on fixing missing patches, automation or rollback tasks that notifies logged-in users on endpoints to save their work and prepare for the reboot of endpoints. A similar notification can also be sent before remediation tasks, alerting the user about the scheduled activity.
6. Enhanced Saner agents to comply with Windows Update component: Saner agents are now intelligent to gather any inconsistency with the Windows Update component and resolve issues automatically.

Endpoint Detection and Response (EDR) – Optimizing Endpoint Detection and response for improved performance:

1. Increased scalability to view huge data: EDR performance enhanced to load data for a large number of devices, assisting with scalability.
2. Introducing filters to view only required details: Status filters are also added in EDR for viewing a subset of data from endpoints.

Agent Deployment – Enhanced agent deployment tool to increase efficiency

Analyse, act and deploy agents according to the requirements of end-user computer: Saner Agent Deployment Tool is now smarter to gather pre-requisites and deploy agents with ease. It also allows users to deploy agents with single-sign-on credentials.

General enhancements and bug fixes

1. Microsoft Operating system details are added with a specific release version wherever Operating System names are displayed across the platform.
2. Various bugs are resolved on dashboards, reports, and patch management tasks.
3. Mac OS X agent adheres to the Mac OS X application signing and notarization guidelines.

We hope SecPod SanerNow 4.4.0.0 will ease your endpoint security management to a greater extent. Please mail us at support@staging.secpod.com for any feature request or enhancements you expect in the product.

Release Notes SanerNow 4.3.0.0

February 3, 2020

SanerNow 4.3.0.0 brings several enhancements to Patch Management (PM) tool. This maintenance release also includes fixes to major bugs, security issues and enhances Rest API coverage.

Release Summary

1. Operating System (OS) upgrade, a one-click OS version upgrade is introduced. This feature installs necessary Security KBs, and upgrades the system to the latest version.
2. Reboot Scheduler is introduced to schedule the reboots to a particular time. Reboot jobs are listed in the PM status page to track the reboot progress.
3. Added color scheme to charts in reports.
4. Inconsistency in the ‘Windows Update’ component is automatically resolved.
5. Superseded and older patches are suppressed and only the latest security patches are listed.
6. Non-Security patches are added to the individual device details page, in addition to the security patches.
7. Rest API coverage is enhanced to include newer APIs and improved security validations.
8. Inconsistencies while moving the device from one account to another account is addressed.
9. Upgraded 3rd party dependent libraries to the latest version.

Release Notes SanerNow 4.2.2.1

 June 28, 2019

SanerNow 4.2.2.1 enriches API coverage in custom reports and extends web service support for software deployment.

Introducing new Custom Report APIs for

1. Summary of Patch Aging
2. Detailed Information on Up-To-Date Assets
3. Listing assets without patch released by vendor
4. Vulnerability Metrics that is updated to show total number of vulnerabilities
5. Overall Remediation information
6. Vulnerability Statistics
7. Vulnerability Count of Active and Inactive Devices

Release Notes SanerNow 4.2.2.0

 June 14, 2019

SanerNow 4.2.2.0 provides more control over task scheduling, support for non-persistent desktop virtualization devices and minor bug fixes.

Task Scheduling

Extended the scheduler in PM Automation, EDR Detection and Response, EM Checks and Actions to have flexibility in scheduling patching and other tasks. Specifically, users can now choose selective months, weeks, days or any date to schedule tasks.

Non-Persistent Device Support

Support added for non-persistent desktop virtualized devices – agents are activated when such devices are initiated and are gracefully deactivated when shut down. This will ensure subscriptions are not locked down with an instance that is not running and are available for deploying on live systems.

Release Notes SanerNow 4.2.1.0

 May 06, 2019

SanerNow 4.2.1.0 introduces a unique, easy to use report generation tool with various data export APIs and report builder charts and tables. It also brings support for two new operating systems and further enhances AI driven search assistant.

Custom report generation

A unique and easy to use report generation and customization tool is introduced with 100s of pre-built data export APIs, report builder charts and tables. With this, users will have the facility to create custom reports, export, and schedule periodic backup of those reports. An intuitive user interface allows you to build custom dashboards, save and export these dashboards across SanerNow tools.

1. Create custom reports,
   • Predefined APIs for all SanerNow tools and their functions
   • An intuitive search interface to find or determine the right API
   • Apply filters to extract information of specific interest and plot them as data tables and charts
   • Export created report into PDF or send e-mail
   • Schedule backup of these reports for periodic export and sending e-mails
   • Export each data section into CSV
   • Build reports and set them as Default for periodic viewing
2. The current Default reports are made available as Canned Reports. With this release, you can also customize these reports.
3. The Reports tool is built for high performance.

New platform support

1. Alpine Linux – Alpine Linux is a Linux distribution based on musl and BusyBox, primarily designed for security, simplicity, and resource efficiency. The SanerNow agent is now available to deploy on this platform.
2. Windows Server 2019 – Microsoft Windows Server 2019 is the latest version of the Microsoft server operating system. The SanerNow agent is now available to deploy on this platform.

Enhancements to Plasma

Plasma is a Beta version of an intelligent machine learning based search assistant. This will be continuously enhanced to become smarter. New enhancements include,

• More search suggestions
• Filtering capability to reduce the scope of results
• Minor bug fixes

Other enhancements

1. Patch Management: Dates have been added to show when the remediation/patching task was performed on an individual device.
2. Endpoint Management:
   • USB Mass storage device and USB port blocking support is now supported on all Linux systems.
   • Blocking of devices by Device ID (device instance ID) is now supported in Windows and Linux.
3. Track EOL (End of Life) and EOS (End of Support) products across the platform. Such products are marked as Outdated.
4. Live system metrics on an individual device page (Click on the hostname under Manage -> Devices page to view this feature). This has a control to fetch system metrics only when refreshed, thus helps save network bandwidth.

Release Notes SanerNow 4.2.0.0

March 03, 2019

SanerNow 4.2.0.0 introduces Plasma, a beta version of a smart search assistant. New features are also introduced in Patch Management to further simplify endpoint patching.

Plasma

Plasma is a Beta version of an intelligent machine learning based search assistant. This marks the first release of Plasma which is intended to do smarter, AI (artificial intelligence) powered searches. This will be continuously enhanced to become smarter.

1. User Assist – Searches as you type across 1000+ documents to provide navigational help on the platform.
2. Discover – Search across platform’s rich endpoint data and indicators to discover meaningful information.

Patch Management

1. Test and Deploy – Test patches in a test environment before deployment. Administrators can create a test task and provide automation rules to deploy after validating results of the test task. This is useful to rollout patches in a production environment after testing in an identical test environment.
2. Batch Remediation – Administrators are able to include pre and post scripts to be bundled in a remediation job or rule. Pre-scripts are executed before the remediation task and post-scripts are executed once a remediation task completes. This feature is only available for security patches. Additionally, our content research team will add script-based patching to cover vulnerabilities that do not have vendor patches.
3. Firmware Patching – With an increasing number of attacks targeting the underlying hardware system, firmware patching has become a critical need. Firmware patches can now be applied on Microsoft Windows systems.
4. Reboot Control – Logged-in users are now able to postpone reboots until a specific time.
5. Retry Remediation – The Patch Management Status page now lets you re-attempt already created remediation tasks. A copy of the remediation job is created which can be edited and applied.
6. Detailed Remediation Status – Remediation status now includes Received, Initiated and Done to provide more visibility on tasks being performed.
7. Stop Ongoing Remediation Task – Ongoing remediation tasks can now be stopped to release devices that haven’t yet accepted the task. This will free devices for other remediation tasks.
8. Dashboard changes – A smart Patch Compliance calculator has been added to identify the number of patches required to patch a minimal number of devices to eliminate the maximum number of vulnerabilities. Patch compliance for devices and assets are also shown.
9. Bug Fixes and Performance – Various issues have been addressed.

Endpoint Management

1. Extended support to handle .bat, .sh, .reg, .deb, .rpm, .exe, .msp, .msi via zip file upload section under Software Deployment.

Device Management

1. Users can move Devices across accounts. This is useful when employees move to different locations or move to new projects, etc.
2. E-mail alerts are now provided when Saner agents are uninstalled.

Release Notes SanerNow 4.1.1.0

November 22, 2018

Software deployment

1. Deploy Software packages from array of pre-packaged list of Software applications to Saner enabled systems. We have 100’s of pre-bundled packages to choose from for Windows, Linux and Mac OS X.
2. Create rules to deploy Software packages for new devices while new systems are being provisioned. All your pre-selected Software packages are deployed at one go. This helps making your systems ready to use with all essential software.
3. Create your own deployer package and roll out across all Saner enabled endpoint systems. The deployer packages can be exe, MSI, archived files with script and other installers or it can even be a download URL.
4. Uninstall Software applications across endpoint systems to remove rogue applications, blacklisted applications, license violating applications or unauthorized software at one go across all affected systems.

Real-time communication

• Continuous, real-time visibility is a must for security operations. With new, web-socket based communication between the agents and the server, everything becomes instant. Sending a scan request, performing a query, monitoring system activities, scheduling an Action in response to a security event are all immediate.

Live system health

• System details now include trending graphs showing CPU, RAM, Network and Disk usage. Click on a device to witness live data from an endpoint, the most simple and sophisticated means to monitor system health.

Role based user access

• Introducing Role-based User Access – to delegate users to handle one or more Saner services across multiple accounts.

Password protect Saner agent service

• The Saner agent service is now password protected. Any unauthorized uninstallation of Saner agent is prevented unless configured password is supplied.

Others

1. Account administrators can alter device subscription limit for accounts and extend account expiry date
2. Improved Microsoft patching
3. Endpoint Protection Software displays devices without Anti-Virus software installed in addition to devices that are under risk
4. Performance improvements
5. Saner agent upgrade and scan optimization on agents
6. Bug and security fixes

Release Notes SanerNow 4.1

September 05, 2018

1. Patch Management Automation now supports security and non-security patches. A software patch can fix security vulnerabilities or improve the usability and performance. While creating an automation task, users can select from two options, either apply security patches only or apply both security and non-security patches.
2. Patch Rollback is now available for Linux and Mac operating systems. Saner tracks rollback point for a software asset while applying a patch. This helps revert changes and restores applications or operating systems to the last best-known version/configuration.
3. Saner users can prioritize patches based on severity. Patches are categorized as Critical, High, Medium and Low. A typical use-case would be to allow remediation tasks to qualify only critical patches for Software applications on various devices.
4. All scans now run in “Low” mode by default. This would ensure Saner agents consume minimal resources while a scan is run. A CPU threshold value can also be set to restrict resource utilization. This configuration can be altered using Settings.
5. Simplified Group and Device filtering.
6. Revamped patch automation and Remediation Status interface for better usability, with the ability to filter by Group/Devices and also by the family of Operating System.
7. Saner agents can now recover themselves in case of an abnormal shutdown of a system.
8. Other bugs and usability concerns are addressed.

Release Notes SanerNow 4.0.0.5

1. Updated Code Signing Certificate and signed all executables and binaries.

Release Notes SanerNow 4.0.0.4

1. Fixed cross-site scripting and remote code execution vulnerabilities that existed in update logo feature in Account Management that allows attackers to define potentially untrusted Javascript running within a web browser. Thanks to Sumit Birajdar helping us discover the vulnerability.
2. Integrated support for Fedora 28 operating system.
3. Patch Management supports MSI file format for remediating vulnerabilities in Windows Systems.
4. Fixed configuration file corruption issue on force shutdown/restart of devices using backup mechanism.
5. Minor bug fixes.

Release Notes SanerNow 4.0.0.3

1. Introduced device status on group-based view in Manage page.
2. Fixed Mail settings update for Administrators and Accounts/Sites.
3. Added persistence of task scheduling in Endpoint Management (EM) and Endpoint Detection and Response (EDR).
4. Minor bug fixes.

Release Notes SanerNow 4.0.0.2

1. Fixed host counters in Assets License Section in PDF reports. Fixed detection counters in IoC and IoA Sections under Endpoint Detection and Response (EDR) PDF reports.
2. Fixed Remediation action issues in Compliance Management (CM).
3. Other minor bug fixes.

Release Notes SanerNow 4.0.0.1

1. Fixed scheduling software deployment tasks in Endpoint Detection and Response (EDR).
2. Added hostnames of devices associated to a specific Software/Hardware License in in CSV report of Asset Management.
3. Fixed an update issue in Sensitive Data Detection detection scripts under Endpoint Management (EM) .
4. Fixed scheduler update issue in System Health detection scripts under Endpoint Management (EM) 

SanerNow Architecture

SanerNow’s platform-centric approach is designed on the same principles as that of an operating system. The core (‘kernel’) performs the analytical computations required to detect aberrations and deviations. The ‘shell’ provides the ability to query, monitor and make changes. The ‘user/application layer’ helps transform these computations to support various use cases.

SanerNow is built with these four primary concepts:

• Query the system to get visibility
• Monitor for changes and aberrations as they occur
• Analyze the system for risks and threats
• Respond to fix the issues

Key platform features include:

• Continuous monitoring: System controls
• Principle of Self-Healing: Detect and fix vulnerabilities, Identify unwanted/unused assets and uninstall them, Monitor the anti-virus program status, and start it if it is not running, Detect IoC/IoAs and respond to the threats.
• Speed: Deploy SanerNow in minutes, scan 1000s of endpoints in less than 5 minutes
• Scalability
• Multi-tenancy, multi-user and role-based access
• High-performance:Retrieve search results in less than a second
• Agents: Support for Windows, Linux and Mac OS X

SanerNow is a scalable analytics and correlation engine. It works with the SanerNow agent that resides on endpoint devices to collect and transmit data to the SanerNow server. SanerNow server correlates the data from agents on endpoint devices with compliance standards and best practices, and vulnerability and threat intelligence to provide real-time endpoint management and protection capabilities.

Platforms Supported

SanerNow Supported Operating Systems

• Microsoft Windows 7
• Microsoft Windows 8.1
• Microsoft Windows 10
• Microsoft Windows 11
• Microsoft Windows Server 2008
• Microsoft Windows Server 2008 R2
• Microsoft Windows Server 2012
• Microsoft Windows Server 2012 R2
• Microsoft Windows Server 2016
• Microsoft Windows Server 2019
• Microsoft Windows Server 2022
• Apple Mac OS X 10.10
• Apple Mac OS X 10.11
• Apple Mac OS 10.12
• Apple Mac OS 10.13
• Apple Mac OS 10.14
• Apple Mac OS 10.15
• Apple macOS 11
• Apple macOS 12
• Ubuntu 14.04
• Ubuntu 16.04
• Ubuntu 18.04
• Ubuntu 18.10
• Ubuntu 20.04
• Ubuntu 21.04
• Ubuntu 21.10
• Ubuntu 22.04
• Debian 8
• Debian 9
• Debian 10
• Debian 11
• Amazon Linux
• Amazon Linux 2
• AlmaLinux 8.4
• AlmaLinux 8.5
• Rocky Linux 8.3
• Rocky Linux 8.4
• Rocky Linux 8.5
• Redhat Enterprise Linux 6
• Redhat Enterprise Linux 7
• Redhat Enterprise Linux 8
• Redhat Enterprise Linux 9
• CentOS 6
• CentOS 7
• CentOS 8
• Oracle Linux 6
• Oracle Linux 7
• Oracle Linux 8
• Fedora 27
• Fedora 28
• Fedora 29
• Fedora 31
• Fedora 32
• Fedora 33
• Fedora 34
• Fedora 35
• Fedora 36
• Linux Mint 17
• Linux Mint 18
• Linux Mint 19
• Linux Mint 20
• Alpine Linux 3.6
• Alpine Linux 3.7
• Alpine Linux 3.8
• Alpine Linux 3.9
• Alpine Linux 3.10
• Alpine Linux 3.11
• Alpine Linux 3.12
• Alpine Linux 3.13
• Alpine Linux 3.14
• Alpine Linux 3.15

SanerNow Feature Map

SanerNow addresses the following business cases:

• Vulnerability Management – Continuously assess risks, automated to a daily routine.
• Patch Management – Apply operating system and third-party application patches for Windows, Linux and Mac OS X.
• Compliance Management – Comply with regulatory standards benchmarks and achieve continuous compliance (PCI, HIPAA, NIST 800-53, NIST 800-171).
• Asset Management – Discover and manage assets.
• Endpoint Management – Manage endpoints and ensure their well-being.
• Endpoint Threat Detection and Response – Detect and Respond to Indicators of Attack (IoA) and Indicators of Compromise (IoC).

Security Content and Intelligence

The security intelligence hosted at our content repository feeding the SanerNow platform.

INDEX

1. Security Content Statistics
2. OVAL Definitions Platform Coverage
3. OVAL Definitions Class-wise Distribution
4. OVAL Definitions Family-wise Distribution
5. Application and OS Remediation Coverage
6. Compliance Benchmark Coverage
7. List of Vulnerability to Exploit/Malware Mapping covered in SanerNow
8. List of IoA (Indicators of Attack) covered in SanerNow

Security Content Statistics

OVAL Definitions Platform Coverage

OVAL Definitions Class-wise Distribution

OVAL Definitions Family-wise Distribution

Application and OS Remediation Coverage

Compliance Benchmark Coverage

List of Vulnerability to Exploit/Malware Mapping covered in SanerNow

List of IoA (Indicators of Attack) covered in SanerNow

Windows Probes

Access token

An access token used to check the properties of Windows access token as well as in idual privileges and rights associated with it.

Active directory

This is used to check information about specific entries in active directory.

Anti-virus information

This is used to collect information about an installed Antivirus applications.

ARP Cache

This is used to collect various information about address resolution protocol cache table.

Audit Event Policy

This is used to check different types of events the system should audit.

Audit Event Policy Subcategories

This is used to check the audit event policy settings on a Windows system. These settings are used to specify which system and network events are monitored. For example, If Credential validation element has a value of AUDIT_FAILURE, it means that the system is configured to log all unsuccessful attempts to validate a user account on a system. It is important to note that these audit event policy settings are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information on each setting.

Auto Logon Last Logon Last Reboot

This is used to collect auto login is enabled or not, last user logon time and last system restart time.

BIOS Information

This is used to collect various information about BIOS.

Bit Locker Information

This is used to collect bit-locker enabled device information.

Computer Information

This is used to collect various information about computer system.

`

Device information

This is used to collect information about plug and play devices.

DNS cache

DNS cache is used to check the time to live and IP addresses associated with a domain name. The time to live and IP addresses for a particular domain name are retrieved from the DNS cache on the local system. The entries in the DNS cache can be collected using Microsoft’s DnsGetCacheDataTable() and DnsQuery() API calls.

Environment Variables

This is used to check an environment variable for the specified process, which is identified by its process ID, on the system .

Events

This is used to collect information about Security events, System events and Application events.

Family of Operating System

This is used to check the family a certain system belongs to. This test basically allows the high level system types (window, unix, ios, etc.) to be tested.

File

This is used to check metadata associated with files. File path is mandatory for this query while submitting to agents.

File Audit Permissions

This is used to check the audit permissions associated with Windows files. Note that the trustee’s audited permissions are the audit permissions that the SACL grants to the trustee or to any groups of which the trustee is a member. File path is mandatory for this query while submitting to agents.

File Effective Rights

This will collect directories and all Windows file types (FILE_TYPE_CHAR, FILE_TYPE_DISK, FILE_TYPE_PIPE, FILE_TYPE_REMOTE, and FILE_TYPE_UNKNOWN). File path is mandatory for this query while submitting to agents.

filehash58

This is used for a file hash of specific file(s). This only implies on regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. File path is mandatory for this query while submitting to agents.

Firewall

This is used to collect firewall status on private, public and domain profiles and inbound/outbound traffic information.

Group

This collects different users and subgroups that directly belong to specific groups (identified by name). When this collects the groups on the system, it only includes the local and built-in group accounts and not domain group accounts. However, it is important to note that domain group accounts can still be looked up. Also, note that the subgroups of the group will not be resolved to find indirect user and group members. If subgroups need to be resolved, it should be done using the SID query.

Group SID

This defines the specific group(s) identified by SID.

Installed Applications

This is used to collect information about installed application on the system.

Installed Patches

This is used to collect information about installed application on the system.

Network Interfaces

The interface test enumerate various attributes about the interfaces on a system.

Account Lockout Policy

The lockout policy test enumerates various attributes associated with lockout information for users and global groups in the security database.

Operating System Information

This is used to collect various information about installed operating system.

Password Policy

Specific policy items associated with passwords. It is important to note that these policies are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information. Information is stored in the SAM or Active Directory but is encrypted or hidden so the registry and activedirectory are of no use. If this can be figured out, then the password policy is not needed.

Port/Network Connection

Information about open ports and network connections.

Printer Effective Rights

This item stores the effective rights of a printer that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee’s effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.

Process

Information about running processes.

Registry

The windows registry item specifies information that can be collected about a particular registry key. Hive, Key and Name are mandatory fields while submitting to agents.

Registry Key Audit Permissions

The windows registry item specifies information that can be collected about a particular registry key. Hive and Key are mandatory fields while submitting to agents.

Registry Key Effective Rights

This item stores the effective rights of a registry key that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee’s effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api. Hive and Key are mandatory fields while submitting to agents.

Run command history

This is used to collect history of run command.

Scheduled Programs

This is used to collect various information about scheduled task.

Service Effective Rights

This item stores the effective rights of a service that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee’s effective rights are determined by checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.

Services

This is used to collect different metadata associated with a windows service.

Shared Resources

This is used to collect different metadata associated with a windows service.

sharedresourceauditedpermissions

This is used to collect different metadata associated with a windows service.

Shared resource effective rights

This is used to collect different metadata associated with a windows service.

SID

This is used to check properties associated with any shared resource on the system.

SID SID

This is used to check properties associated with any shared resource on the system.

System Autorun

This is used to collect information about startup applications.

System DEP Policy

This is used to collect information about system Data Execution Prevention (DEP) status.

System DHCP Information

This is used to collect system Dynamic Host Configuration Protocol (DHCP) information.

System DNS Information

This is used to collect domain name and domain name system ip information.

System UAC Policy

This is used to collect information about system User Account Control (UAC) status.

Text File Content

This element looks at the content of a text file (aka a configuration file) by looking at in idual lines. File path, pattern and instance are mandatory for this query while submitting to agents.

User SID

This allows collection of different groups (identified by SID) that a user belongs to.

WMI

The wmi57 outlines information to be checked through Microsoft’s WMI interface. Namespace and Windows Query Language(WQL) are mandatory fields while submitting to agents.

WSUS SCCM Information

This is used to collect configuration details about Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM).

WUA Update Searcher

This outlines information defined through the Search method of the IUpdateSearcher interface as part of Microsoft’s WUA (Windows Update Agent) API. This information is related to the current patch level in a Windows environment. Search criteria is a mandatory field while submitting query to agents.

Volume

The volume item enumerates various attributes about a particular volume mounted to a machine. This includes the various system flags returned by GetVolumeInformation(). It is important to note that these system flags are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information.

Wireless Information

This is used to collect various information about wireless connection (WLAN).

User

This is used to check information about Windows users. When this collects the users on the system, it only includes the local and built-in user accounts and not domain user accounts. However, it is important to note that domain user accounts can still be looked up. Also, note that the collection of groups, for which a user is a member, is not recursive. The groups that will be collected are those for which the user is a direct member. For example, if a user is a member of group A, and group A is a member of group B, the only group that will be collected is group A.

User SID

This is used to check information about Windows users. When this check collects the user SIDs on the system, it should only include the local and built-in user SIDs and not domain user SIDs. However, it is important to note that domain user SIDs can still be looked up. Also, note that the collection of groups, for which a user is a member, is not recursive. The only groups that will be collected are those for which the user is a direct member. For example, if a user is a member of group A, and group A is a member of group B, the only group that will be collected is group A.

License

The entity is used to check the content of a particular entry in the Windows registry HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions key, ProductPolicy value. Access to this data is exposed by the functions NtQueryLicenseValue (and also, in version 6.0 and higher, ZwQueryLicenseValue) in NTDLL.DLL. Name is a mandatory field while submitting to agents.

NTUser

This element defines the different metadata associated with a ntuser.dat file. This includes the key, name, type, and value. Key and name are mandatory fields while submitting to agents.

System Metric

This is used to check the value of a particular Windows system metric. Access to this information is exposed by the GetSystemMetrics function in User32.dll.

User right

This entity is used to enumerate all of the trustees/SIDs that have been granted a specific user right/privilege.

Junction

This used to obtain canonical path information for junctions (reparse points) on Windows filesystems. Path is a mandatory filed while submitting to agents.

PE Header

This defines the different metadata associated with the header of a PE file. For more information, please see the documentation for the IMAGE_FILE_HEADER and IMAGE_OPTIONAL_HEADER structures. File path is a mandatory field while submitting to agents.

User Access Control(UAC)

This element specifies the different settings that are available under User Access Control. A user access control test will reference a specific instance of this state that defines the exact settings that need to be evaluated.

XML File Content

This element is used by a xml file content test to define the specific piece of an xml file(s) to be evaluated. This will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. The set of files to be evaluated will be identified with a complete File path. File path and XPath are mandatory fields while submitting to agents.

Software Licenses

This is used to collect information of Software Licenses. It includes software name and license information.

Partition

This is used to check the information associated with partitions on the local system.

Missing Patches

This is used to investigate missing patches and security fixes in a computer system.

Linux Probes

ARP Cache

This is used to collect various information about address resolution protocol(ARP) cache table. It includes host IP address, mac address, interface name from ARP cache table.

BIOS Information

This is used to collect various information about BIOS (basic input/output system). It includes bios name, version, manufacture, serial number, smbios version, and bios status.

Anti-virus information

This is used to collect information about an installed Antivirus applications.

Computer Information

This is used to collect various information about computer system. It includes CPU, RAM, ROM, swap memory, virtual memory, disk, operating system, cache size, host name, model name, serial name etc.

Cron

This is used to collect various information about cron jobs. It includes user name, scheduled job and command.

Device information

This is used to collect information about installed devices on the system. It includes device name, driver, subsystem, device path, class and subclass.

DPKG Information

This is used to check information of a DPKG package.

Environment Variables

This is used to collect system environment variable information. It includes environment variable name, value and process id.

Hosts File(/etc/hosts)

This used to collect various information about hosts from /etc/hosts. It includes host IP address and host name.

Protocols File(/etc/protocols)

This is used to collect various information about protocol from /etc/protocols. It includes protocol name, protocol number and protocol aliases.

Services File(/etc/services)

This is used to collect various information about service from /etc/services. It includes service name, service port, service protocol and service aliases.

Family of Operating System

This is used to collect operating system family standard values being windows, unix or macos(Mac OS).

File

This is used to check metadata associated with files. File path is mandatory for this query while submitting to agents.

Group

This is used to collect various information about the groups. It includes group name and group id.

Interface Listeners

This is used to check what applications such as packet sniffers that are bound to an interface on the system. This is limited to applications that are listening on AF_PACKET sockets. Furthermore, only applications bound to an ethernet interface should be collected.

Inet-Listening Servers (Deprecated)

This is used to collect various information about listening ports. It includes protocol name, local ip address, local port, program name, foreign address, foreign port, process id and user id.

Installed Applications

This is used to collect information about installed applications on the system. It includes application name, version, release, architecture, epoch value.

Network Interfaces

The interface test enumerate various attributes about the interfaces on a system.

IP forwarding status

This is used to collect information about the IP forward settings. It includes IP forwarding status which can be either enabled or disabled.

IP tables rules

This is used to collect various information about IP table rules. It includes chain type, number packets matched to rule, packets size, action to be taken when rule matches (ACCEPT, DROP), pack flow direction, source ip address, destination ip address, rule desc etc.

Kernel Information

This is used to collect various information about loaded kernel. It includes kernel version, kernel image path, kernel on which device/volume and kernel arguments.

Kernel Modules

This is used to collect various information about modules loaded into the kernel. It includes kernel module name, kernel module depending on which module and module status.

Logged-in Users

This is used to collect various information about logged-in users. It includes user name, device tty, remote logged in host name, time when entry made, process id and record type.

Mount points

This is used to collect various information about mounted partitions. It includes disk filesystem name, file system type, disk size, disk space used, available disk space, disk use in terms of percentage and disk mounted path.

Partitions

This is used to check the information associated with partitions on the local system.

Password/User Information

This is used to collect various information about system users. It includes user name, password, user id, group id, user information, user home directory path and login shell.

Port/Network Connection

Information about open ports and network connections.

Process

Information about running processes.

RPC Map Information

This is used to collect various information about rpm program from /etc/rpc. It includes remote procedure call(RPC) program name, program number and program aliases.

RPC Network Connections

This is used to collect various information about RPC connection using rpcinfo. It includes remote procedure call(RPC) program name, program id, program version, transport protocol used, ip address and program owner.

RPM Information

This is used to check the RPM header information for a given RPM package.

RPM file verify

This is used to verify the integrity of the in idual files in installed RPMs. File path is mandatory for this query while submitting to agents.

RPM verify package

This is used to verify the integrity of installed RPMs.

Run level

This is used to check information about which run-level specified services are scheduled to exist at. For more information see the output generated by a chkconfig –list.

SE Linux Boolean

This is used to check the current and pending status of a SELinux boolean.

Services

This is used to collect information about services. It includes service name and status.

Shadow file(/etc/shadow)

This is used to check information from the /etc/shadow file for a specific user. This file contains user’s password, password ageing and lockout information.

Shell History

This is used to collect various information about shell history. It includes user name, used-id, history file path and command from history file.

Sudo Users

This is used to collect sudo users. It includes user name which has sudo access.

System Control

This is used to check the values associated with the kernel parameters that are used by the local system.

System DHCP Information

This is used to collect system Dynamic Host Configuration Protocol (DHCP) information. It includes DHCP enabled, DHCP server ip address, netmask, gateway ip address, interface type, lease time, lease renew/rebind time and interface description.

System DNS Information

This is used to collect domain name and domain name system ip information. It includes domain name and dns server ip address

System Executable shield status

Executable shield status gives information if data memory is executable/non-executable or/and program memory is writable/non-writable.

System Route Information

This is used to collect system route information. It includes destination, ip address, gateway, netmask, flags, metric and interface name.

System ASLR Status

This is used to collect address space layout randomization(ASLR) status. This technique give some protection against buffer overflow attacks by randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries.

Text File Content

This looks at the content of a text file (aka a configuration file) by looking at in idual lines. File path, pattern and instance are mandatory for this query while submitting to agents.

Unix name(uname)

This is used to collect various information about operating system. It includes hardware id, operating system name, version, release, processor type, time zone and locale.

Wireless Information

This is used to collect various information about wireless connection. It includes wireless name, state, mac address, SSID, interface description, network is infrastructure or ad hoc, frequency, receiving rate, transmission rate, signal quality and security enabled or disabled.

System unit dependency

This element is used to check the dependencies of the specific units.

Systemd unit property

This element is used to retrieve information about systemd units in form of properties. For more information see the output generated by systemctl show $unit.

App armor status

This is used to check properties representing the counts of profiles and processes as per the results of the “apparmor_status” or “aa-status” command.

Symlink

This is used to obtain canonical path information for symbolic links. File path is a mandatory field while submitting to agents.

Routing table

This is used to check information about the IPv4 and IPv6 routing table entries found in a system’s primary routing table. It is important to note that only numerical addresses will be collected and that their symbolic representations will not be resolved. This equivalent to using the ‘-n’ option with route(8) or netstat(8). Destination is a mandatory field while submitting to agents.

File extended attribute

This is used to check extended attribute values associated with UNIX files, of the sort returned by the getfattr command or getxattr() system call. This will collect all UNIX file types (directory, regular file, character device, block device, fifo, symbolic link, and socket). File path and attribute name are mandatory fields while submitting to agents.

GConf

This is used to check the attributes and value(s) associated with GConf preference keys. This can be used to define the preference keys to collect and the sources from which to collect the preference keys. Key and source are mandatory fields while submitting to agents

Virtual Memory Statistics (vmstat)

Virtual Memory Statistics (vmstat) reports information about processes, memory, paging, block IO, traps, and cpu activity.

System time

This is used to track the current date and time in the system.

SUID bin binary

Retrieves all the files from /bin, /sbin, /usr/bin, /usr/sbin,/usr/local/bin, /usr/local/sbin, /tmp in the target system that are setuid enabled.

SUID bin file

Retrieves all the files from /bin, /sbin, /usr/bin, /usr/sbin,/usr/local/bin, /usr/local/sbin, /tmp in the target system that are setuid enabled.

Grand Unified Bootloader (grub)

GRUB(Grand Unified Boot loader) is the default boot loader for many Linux distributions. Boot loader plays a major role in bring up the system into running state. Infact boot loader is the first program that runs when a computer is switched on. This helps in transferring control to an operating system kernel.

Boot priority policy

This defines the operating system boot priority policy. The Linux boot loader though (called Grub), usually defaults to booting Linux.

SUID bin binary

Retrieves all the files from /bin, /sbin, /usr/bin, /usr/sbin,/usr/local/bin, /usr/local/sbin, /tmp in the target system that are setuid enabled.

XML File Content

This element is used by a xml file content test to define the specific piece of an xml file(s) to be evaluated. This will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. The set of files to be evaluated will be identified with a complete File path. File path and XPath are mandatory fields while submitting to agents.

Missing Patches

This is used to investigate missing patches and security fixes in a computer system.

Mac Probes

Account Information

This is used to collect all users’ information. It includes user name, user ID, group ID, real name, home directory and login shell information.

ARP Cache

This is used to collect various information about address resolution protocol(ARP) cache table. It includes host IP address, mac address, interface name from ARP cache table.

Authorization Database

This is used to check the properties of the plist-style XML output from the security authorizationdb read right-name command, for reading information about rights authorizations on MacOSX. Right name and XPath are mandatory to query the database.

Anti-virus information

This is used to collect information about an installed Antivirus applications.

BIOS Information

This is used to collect various information about BIOS (basic input/output system). It includes bios name, version, manufacture, serial number, smbios version, and bios status.

Computer Information

This is used to collect various information about computer system. It includes CPU, RAM, ROM, swap memory, virtual memory, disk, operating system, cache size, host name, model name, serial name etc.

Core Storage

This is used to check the properties of the plist-style XML output from the “diskutil cs list -plist” command, for reading information about the CoreStorage setup on MacOSX. UUID and XPath are mandatory to query the database.

Cron

This is used to collect various information about cron jobs. It includes user name, scheduled job and command.

Device information

This is used to collect information about installed devices on the system. It includes device name, driver, subsystem, device path, class and subclass.

Disk Utility

This is used to collect various information to verify disks on a Mac OS system. File path and Device are mandatory for this query.

Gatekeeper

This is used to collect information to check the status of Gatekeeper and any unsigned applications that have been granted execute permission.

Hosts File(/etc/hosts)

This used to collect various information about hosts from /etc/hosts. It includes host IP address and host name.

Operating System Information

This is used to collect various information about installed operating system.

Protocols File(/etc/protocols)

This is used to collect various information about protocol from /etc/protocols. It includes protocol name, protocol number and protocol aliases.

Services File(/etc/services)

This is used to collect various information about service from /etc/services. It includes service name, service port, service protocol and service aliases.

Family of Operating System

This is used to collect operating system family standard values being windows, unix or macos(Mac OS).

File

This is used to check metadata associated with files. File path is mandatory for this query while submitting to agents.

Group

This is used to collect various information about the groups. It includes group name and group id.

Inet-Listening Servers

This is used to collect various information about listening ports. It includes protocol name, local ip address, local port, program name, foreign address, foreign port, process id and user id.

Installed Applications

This is used to collect information about installed applications on the system. It includes application name, version, architecture, path, developer and last used.

launchd (unified service-management)

This is used to collect information and status of daemons/agents, applications, processes and scripts running in a system.

Network Interfaces

The interface test enumerate various attributes about the interfaces on a system.

IP forwarding status

This is used to collect information about the IP forward settings. It includes IP forwarding status which can be either enabled or disabled.

Packet filter control(pfctl)

This is used to collect various information about packet filter control. It includes action, direction, interface, protocol source, destination, flags and state information.

Kernel Information

This is used to collect various information about loaded kernel. It includes kernel version, kernel image path, kernel on which device/volume and kernel arguments.

Key chain

This is used to collect various information to check the properties of the plist-style XML output from the ‘security show-keychain-info keychain’ command. File path is mandatory for this query.

Logged-in Users

This is used to collect various information about logged-in users. It includes user name, device tty, remote logged in host name, time when entry made, process id and record type.

Mount points

This is used to collect various information about mounted partitions. It includes disk filesystem name, file system type, disk size, disk space used, available disk space, disk use in terms of percentage and disk mounted path.

Non-volatile random-access memory (NVRAM)

This is used to collect information about Non-volatile random-access memory (NVRAM). It pulls data from the ‘nvram -p’ output. It includes variable and value associated with it.

Partitions

The partition_test is used to check the information associated with partitions on the local system.

Password/User Information

This is used to collect various information about system users. It includes user name, password, user id, group id, user information, user home directory path and login shell.

Property List(plist)

Information associated with property list preference keys. File path, App ID and Key entities are mandatory for this query.

Port/Network Connection

Information about open ports and network connections.

Process

Information about running processes.

Resource Limit

This is used to collect information to check system resource limits for launchd.

RPC Map Information

This is used to collect various information about rpm program from /etc/rpc. It includes remote procedure call(RPC) program name, program number and program aliases.

RPC Network Connections

This is used to collect various information about RPC connection using rpcinfo. It includes remote procedure call(RPC) program name, program id, program version, transport protocol used, ip address and program owner.

Services

This is used to collect information about services. It includes service name and status.

Shell History

This is used to collect various information about shell history. It includes user name, used-id, history file path and command from history file.

Software Updates

This is used to used to access automatic software update information.

Sudo Users

This is used to collect sudo users. It includes user name which has sudo access.

System Control

This is used to check the values associated with the kernel parameters that are used by the local system.

System DHCP Information

This is used to collect system Dynamic Host Configuration Protocol (DHCP) information. It includes DHCP enabled, DHCP server ip address, netmask, gateway ip address, interface type, lease time and lease renew/rebind time.

System DNS Information

This is used to collect domain name and domain name system ip information. It includes domain name and dns server ip address

System Profiler

This is used to check the properties of the plist-style XML output from the system_profiler -xml datatype command, for reading information about system inventory data on MacOSX. Data type and XPath are mandatory to query the database.

System Route Information

This is used to collect system route information. It includes destination, ip address, gateway, netmask, flags, metric, MTU, type and interface name.

System Setup

This is used to collect system setup properties.

Text File Content

This looks at the content of a text file (aka a configuration file) by looking at in idual lines. File path, pattern and instance are mandatory for this query while submitting to agents.

Unix name(uname)

This is used to collect various information about operating system. It includes hardware id, operating system name, version, release, processor type, time zone and locale.

Wireless Information

This is used to collect various information about wireless connection. It includes wireless name, state, mac address, SSID, interface description, network is infrastructure or ad hoc, frequency, receiving rate, transmission rate, signal quality and security enabled or disabled.

Symlink

This is used to obtain canonical path information for symbolic links. File path is a mandatory field while submitting to agents.

Routing table

This is used to check information about the IPv4 and IPv6 routing table entries found in a system’s primary routing table. It is important to note that only numerical addresses will be collected and that their symbolic representations will not be resolved. This equivalent to using the ‘-n’ option with route(8) or netstat(8). Destination is a mandatory field while submitting to agents.

File extended attribute

This is used to check extended attribute values associated with UNIX files, of the sort returned by the getfattr command or getxattr() system call. This will collect all UNIX file types (directory, regular file, character device, block device, fifo, symbolic link, and socket). File path and attribute name are mandatory fields while submitting to agents.

GConf

This is used to check the attributes and value(s) associated with GConf preference keys. This can be used to define the preference keys to collect and the sources from which to collect the preference keys. Key and source are mandatory fields while submitting to agents

Property list ‘plist’ (With App ID)

Note: Do not combine Property list ‘plist’ (With File path) with this query.
This is used to check the value(s) associated with property list preference keys. It can be used to represent any plist file in XML form (whether its native format is ASCII text, binary, or XML), permitting the use of the XPATH query language to explore its contents. App ID and XPath are mandatory fields while submitting to agents.

Property list ‘plist’ (With File path)

Note: Do not combine Property list ‘plist’ (With App ID) with this query.
This is used to check the value(s) associated with property list preference keys. It can be used to represent any plist file in XML form (whether its native format is ASCII text, binary, or XML), permitting the use of the XPATH query language to explore its contents. File path command XPath are mandatory fields while submitting to agents.

</ >
< id=”Macxmlfilecontent” class=”col-md-12″>

XML File Content

This element is used by a xml file content test to define the specific piece of an xml file(s) to be evaluated. This will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. The set of files to be evaluated will be identified with a complete File path. File path and XPath are mandatory fields while submitting to agents.

Software Licenses

This is used to collect information of Software Licenses. It includes software name and license information.

Missing Patches

This is used to investigate missing patches and security fixes in a computer system.

Common Probes

Environment Variables

This is used to collect system environment variable information. It includes environment variable name, value and process id.

Family of Operating System

This is used to collect operating system(OS) family, standard values being windows, unix or macos(Mac OS).

Text File Content

This looks at the content of a text file (aka a configuration file) by looking at in idual lines. File path, pattern and instance are mandatory while submitting to agents.

XML File Content

This element is used by a xml file content test to define the specific piece of an xml file(s) to be evaluated. This will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. The set of files to be evaluated will be identified with a complete File path. File path and XPath are mandatory fields while submitting to agents.

SanerNow Responses

Actions that can be performed on endpoints

Enable device

Disable device

Add ARP entry

Delete ARP entry

Modify ARP entry

Flush all ARP entries

Enable device

Disable device

Add ARP entry

Delete ARP entry

Modify ARP entry

Flush all ARP entries

Flush ARP IPV4 entries

Flush ARP IPV6 entries

Block Domain

Add entry into host file

Delete entry from host file

Modify entry from host file

Flush all entries from host file

Modify NTP Server

Network connection kill

Start process

Stop process by process ID

Stop process by name

Process block

Process unblock

Quarantine

Clean DLL

Clean font

Clean help

Clean installer

Clean MRU(Most Recently Used)

Clean MUI

Clean start

Clean system

Clean uninstaller

Clean user

Add registry

Modify registry

Delete registry

Service start

Service stop

Service restart

Service remove

Service start type automatic

Service start type manual

Service start type disabled

Remove programs from startup

Remove scheduled program

Reboot

Shutdown

Clean cache

Clean clipboard

Clean custom path

Clear error reports

Clean recent places

Empty recycle-bin

Clean CMD history

Clear temporary files

Clean windows credential

Clear windows update files

Enable firewall for all profiles

Enable firewall for domain profile

Enable firewall for private profile

Disable firewall for public profile

Disable firewall for all profiles

Disable firewall for domain profile

Disable firewall for private profile

Disable firewall for public profile

Application block