Overview
The Posture Anomaly (PA) tool in SanerCVEM offers various detection queries, enabling users to create custom queries and retrieve system details from target endpoints. This article provides step-by-step guidance on obtaining Disk Space details, Antivirus status, and Firewall status using custom detection queries.
Follow the below steps to view the disk space, Antivirus, Firewall information:
1. Accessing the Posture Anomaly Tool
Log in to your SanerNow account.
Navigate to the required account/site section.
Select the Posture Anomaly (PA) tool.
Once the PA tool is loaded, click on Custom Rules.
This will open the Detection and Response window. Ensure the Detection option is selected.
Search for the required detection queries on the left panel, then drag and drop them into the Action Box.
Select the target devices for deployment, update the task, and click on Create.
2. Creating Custom Queries
Fetching Disk Space Information
Search for the 'Partitions' query.
Drag and drop it into the Action Box panel.
Click on 'And' to build the query.
Select the required details from the dropdown, such as:
Disk Name
Disk Type
Total Space
Used Space
Available Space
Check the box for the required target devices and click on Deploy.
In the Deploy Package popup, enter a query name and click Create.
The created query will appear under Custom Detection Rules in the PA module.
Click Run under the Action tab and submit the query.
Once devices respond, click Fetch to retrieve results, then click More to view details.
Fetching Antivirus Information
Follow the same steps as above, but search for 'Antivirus Information'.
Drag and drop it into the Action Box.
Update the value to 'true'.
Deploy the query and fetch the results as described above.
Fetching Firewall Status
Follow the same steps as above, but search for 'Firewall'.
Drag and drop it into the Action Box.
Update the value to 'enabled'.
Deploy the query and fetch the results as described above.
Conclusion
By using the Posture Anomaly tool in SanerCVEM, users can efficiently create custom detection queries to retrieve disk space, antivirus, and firewall status details from target devices. These steps help in monitoring system health and ensuring compliance with security policies.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article