How to Perform Queries for Endpoint Visibility Using Saner Endpoint Security Solution
Query Management with Saner Endpoint Security Solution:
A query is a request for information from a database or live data from endpoints where the agent is installed. SecPod Saner Business supports natural language-based queries to almost anything on the endpoint, including processes, services, users, registry, network and device configurations. Get query results in seconds to help make quick decisions around endpoint activities. Complex queries can be created or multiple queries can be cascaded with AND and OR combinations. The scalable architecture of Saner allows responding to IoCs in seconds without impacting the network or systems.
The Saner platform’s innovative metadata model makes it easy to search using unstructured natural language-based queries in microseconds. This is the only platform that is fully standards compliant with well-established standards, such as SCAP, STIX/TAXII. The collected real-time endpoint data makes the solution scan-less.
Queries are categorized into two:
1) Default Queries - The Saner solution provides default queries that include anti-virus information, Firewall disabled hosts, Bitlocker protection hosts etc.
2) Custom Queries - Users can create custom queries based on the problems.
To read the full article, please open the below pdf attachment.