How to get the Disk space details and Antivirus and firewall information using the Posture Anomaly Detection queries.

Modified on Sun, 16 Mar at 6:11 PM

Overview

The Posture Anomaly (PA) tool in SanerCVEM offers various detection queries, enabling users to create custom queries and retrieve system details from target endpoints. This article provides step-by-step guidance on obtaining Disk Space details, Antivirus status, and Firewall status using custom detection queries.


Follow the below steps to view the disk space, Antivirus, Firewall information:

1. Accessing the Posture Anomaly Tool

  1. Log in to your SanerNow account.

  2. Navigate to the required account/site section.

  3. Select the Posture Anomaly (PA) tool.

  4. Once the PA tool is loaded, click on Custom Rules.

  5. This will open the Detection and Response window. Ensure the Detection option is selected.

  6. Search for the required detection queries on the left panel, then drag and drop them into the Action Box.

  7. Select the target devices for deployment, update the task, and click on Create.


2. Creating Custom Queries

Fetching Disk Space Information

  1. Search for the 'Partitions' query.

  2. Drag and drop it into the Action Box panel.

  3. Click on 'And' to build the query.

  4. Select the required details from the dropdown, such as:

    • Disk Name

    • Disk Type

    • Total Space

    • Used Space

    • Available Space

  5. Check the box for the required target devices and click on Deploy.

  6. In the Deploy Package popup, enter a query name and click Create.

  7. The created query will appear under Custom Detection Rules in the PA module.

  8. Click Run under the Action tab and submit the query.

  9. Once devices respond, click Fetch to retrieve results, then click More to view details.


Fetching Antivirus Information

  1. Follow the same steps as above, but search for 'Antivirus Information'.

  2. Drag and drop it into the Action Box.

  3. Update the value to 'true'.

  4. Deploy the query and fetch the results as described above.


Fetching Firewall Status

  1. Follow the same steps as above, but search for 'Firewall'.

  2. Drag and drop it into the Action Box.

  3. Update the value to 'enabled'.

  4. Deploy the query and fetch the results as described above.


Conclusion

By using the Posture Anomaly tool in SanerCVEM, users can efficiently create custom detection queries to retrieve disk space, antivirus, and firewall status details from target devices. These steps help in monitoring system health and ensuring compliance with security policies.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article