How to Perform Queries for Endpoint Visibility Using Saner Endpoint Security Solution
Query Management with Saner Endpoint Security Solution:
A query is a request for information from a database or live data from endpoints where the Saner agent is installed. SecPod Saner Business supports natural language-based queries, related to processes, services, users, registry, network, and device configurations on the endpoint. The Saner platform’s metadata model makes it easy to search using unstructured natural language-based queries. This is the only platform that is fully compliant with well-established standards, such as SCAP, STIX/TAXII Query results are fetched in microseconds, to help make quick decisions around endpoint activities. Complex queries can be created or multiple queries can be cascaded with AND and OR combinations. The scalable architecture of Saner allows responses to IoCs in seconds without impacting the network or systems.
Queries are categorized into two types:
1) Default Queries - The Saner solution provides default queries that can fetch information such as anti-virus
information, hosts that have disabled the firewall, hosts that have disabled Bit locker protection, etc.
2) Custom Queries - Users can create custom queries.
• Select an account you want to manage. The menu expands. Click Queries on the menu.
To read the full article, please open the below pdf attachment.