The Atmos Agent Device Posture conditions access based on findings from the Atmos Agent, leveraging OSQuery to collect the data on the endpoint. In order to create an Atmos Agent device posture, make sure you have the Atmos Agent Installed.
The process of configuring the Atmos Agent Device Posture includes two steps:
- Creating a Device Posture Object
- Adding a Policy Rule
- In the Management Console, go to Policy-> Device Trust-> New Device Trust.
- Select Atmos Agent as your new device posture method.
- Enter a name and a description (optional).
Select the platform or platforms you wish to enable, and select their version.
Conditions are available based on the selected platform(s). If a condition was selected for one platform, and there is a change in platform (another was added or replaced), the condition may be unavailable.
- Click Add Condition to open a list of existing conditions.
- Start typing to find a condition.
- For each condition specify whether it is enabled or disabled.
- Delete a condition by clicking the delete icon ![delee] (https://files.readme.io/9bc9bba-delete2.png) icon
|Firewall||The Atmos Agent inspects the firewall status for all three firewall profiles: public, private, and domain. To pass the posture validation check, at least one must be active.||Windows, MacOs, both|
|Full Disk Encryption||The Atmos Agent checks whether the device has full disk encryption enabled or disabled. To pass this posture validation check, full disk encryption must be enabled||Windows, MacOs, both|
|File path||The Atmos Agent searches for a file path that can be found on the users' systems. To pass the posture validation check the device must have that path. |
For example, you can enter: C:\Program Files\Git\bin\git.exe.
|Windows, MacOs, both|
|Process||The Atmos Agent checks to see if a process is running.|
Note: Enter only the last part of the process. E.g. in this process: C:\Program Files\Common Files\McAfee\AVSolution\Mcshield.exe only enter Mcshield.exe
|Registry Key Path||The Atmos Agent checks against the registry key Path or the Value. To pass this posture validation check, the device must have the specified registry key.|
For the registry key Path, ensure that the path begins with HKEY.
For example, you can enter: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
|Windows Patches||The Atmos Agent checks the windows patches installed. To pass this device posture check the relevant patches must be installed.|
Note: The admin must explicitly mention every patch that should be checked.
|Crowdstrike||The Atmos Agent checks if Crowdstrike’s Falcon Sensor is installed on the device, and verifies that it is running and reporting.|
The Agent verifies with Crowdstrike API that it is running and reporting to the right Crowdstrike tenant.
Note: This condition is only available if there is an integration between Crowdstrike and Axis Security. Click here to learn more.
|Windows, MacOs, both|
|Domain-Joined||The Atmos Agent checks whether a Windows device is domain-joined to an Active Directory domain. To pass this posture validation check, the device's server domain must be joined to the Active Directory domain that was configured in the Device Posture.||Windows|
|Client Certificate||The Atmos Agent checks whether a valid certificate is available in the device’s registry. To pass this posture validation check, the device must have a Root CA certificate. |
The admin should upload Root/Intermediate CA Certificate that can be .PEM, .CRT or .CER file types.
|Windows, MacOs, both|
|Version||The Atmos Agent checks the device's version. To pass this posture validation check, the device's version must be the minimum specified version or up.||iOS, Android|
|Screen Lock||The Atmos Agent checks for screen lock protection such as passwords, Face ID, Touch ID, and more.||iOS, Android|
|Rooted||The Atmos Agent checks whether the operating system has been unlocked, such as by jailbreaking or rooting.||iOS, Android|
|Anti Virus||The Atmos Agent checks whether the Windows' Security Center indicates that any Anti Virus is installed, running, and properly signed.||Windows|
"Screen Lock" check requires the following Axis Client versions:
For Android- version 2.60.0
For iOS- version 2.61.2
A Policy is a collection of rules which provide granular access to your apps depending on a range of parameters. For example, access can be defined based on the destination application groups of the requester. In this use case, the admin can use the device posture created above as a rule that will block or allow access to the application.
Under Device trust, select the device trust profile created in the previous section.
Click Apply Changes in the top menu bar.
Updated 10 months ago