Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Configuring Posture Anomaly Detection for Unwanted Entities

            Modified on Tue, 30 Sep at 4:27 PM

            Posture Anomaly (PA) Detection allows organizations to identify and manage deviations from the expected system posture. By configuring unwanted entities such as ports, services, processes, startup applications, devices, and environment variables, administrators can effectively detect and whitelist exceptions. This ensures that anomalies are only triggered for unauthorized or non-standard configurations, providing accurate and actionable posture analysis.

            This article explains how to configure Posture Anomaly Detection for Unwanted Entities in the Saner platform.

            Steps to Configure

            1. Navigate to PA Configure

              • From the console, go to PA → Configure

              • You will see categories such as Unwanted Ports, Services, Processes, Startup Applications, Devices, and Environment Variables.

            2. Choose the Appropriate Section

              • Use the vertical navigation menu on the left.

              • Each section corresponds to a specific type of unwanted entity:

                • PA-2022-1068 – Unwanted Ports

                • PA-2022-1069 – Unwanted Services

                • PA-2022-1070 – Unwanted Processes

                • PA-2022-1071 – Unwanted Startup Applications

                • PA-2022-1072 – Unwanted Devices

                • PA-2022-1073 – Unwanted Environment Variables

            3. Select or Add Entities to Whitelist

              • Check the boxes next to the entities (e.g., specific ports or processes) you want to whitelist.

              • If the entity is not listed, click Add New, type the name/value, and save.

            4. Save the Configuration

              • After selecting the required items, click the Save button on the top-right.

              • Saving triggers recalculation of PA detection with the updated whitelist.

            Configuration Indicators

            While configuring, you may notice the following icons:

            Example Use Cases

            • Unwanted Ports: Whitelist ports such as 443 (HTTPS) if required by your environment, while keeping unused ports like 135 or 139 flagged as anomalies.

            • Unwanted Services: Exclude approved services like Application Layer Gateway Service from detection while monitoring unapproved services.

            • Unwanted Processes: Allow critical processes (e.g., explorer.exe, powershell.exe) while treating unknown executables as anomalies.

            • Unwanted Startup Applications: Whitelist required startup items like OneDriveSetup while flagging unnecessary autostart entries.

            • Unwanted Devices: Configure permitted devices (e.g., NODE-1) and detect unauthorized hardware.

            • Unwanted Environment Variables: Maintain only approved environment variables to detect suspicious or injected entries.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0