Saner Endpoint Security Solution - Agent Settings Guide
The Saner agent requires a minimum settings requirement for its proper functioning. In the following document, we will see how the settings are applied to the Saner agent and what these settings are for.
The Settings section in the Viser dashboard allows the user to create agent configurations settings that are applied to a group of Saner devices. The various settings are as follows:
Scan Mode - The scan mode setting includes scanning in Full Throttle mode and Low mode. The Full Throttle mode consumes maximum system resources while scanning which will slow down system performance whereas the low scan mode consumes minimal system resources. If the setting is not applied, the default value is set as Full Throttle.
Scan for Vulnerability - This feature scans for vulnerabilities present in the OS/ assets and can be enabled/ disabled based on the requirement.
Scan for Compliance - This feature scans for misconfigurations present in the OS and can be enabled/ disabled based on the requirement.
If the setting is not applied, the default value is set as Enabled.
Scheduled Scan Time - This setting is used to define vulnerability/ compliance scanning time. The user can set the desired scheduled scan time manually. If the setting is not applied, the default value of this field is 12:00 PM.
Scheduled Download Time - This setting is used to define download time for the latest vulnerability/ compliance content. The user can change the default scheduled download time. If the setting is not applied, the default value of this field is 11.00 AM.
Agent Messaging - This setting allows agent/ Ancor server to respond to the requests. It has 2 values - Subscribes and Poll. If the Subscribe value is set, the agent will respond immediately to any requests from the server. If the Poll is set to a time value, the agent will respond at every specified time interval. For e.g if the poll is set for 5 minutes, then the
agent will respond to server requests every 5 minutes. Subscribe mode is preferred when endpoints/ Ancor server is on the same network. Else, Poll mode is preferred.
Real-time Monitor - The real-time monitoring setting monitors events in endpoints in real-time such as files, processes, and ports. New events will be uploaded to Ancor server for monitoring. If the setting is not applied, the default value is OFF.
To read the full article, please open the below pdf attachment.