Configuring the Atmos Agent Device Posture

The Atmos Agent Device Posture conditions access based on findings from the Atmos Agent, leveraging OSQuery to collect the data on the endpoint. In order to create an Atmos Agent device posture, make sure you have the Atmos Agent Installed.

The process of configuring the Atmos Agent Device Posture includes two steps:

  1. Creating a Device Posture Object
  2. Adding a Policy Rule

Creating a Device Posture Object

  1. In the Management Console, go to Policy-> Device Trust-> New Device Trust.
  2. Select Atmos Agent as your new device posture method.
3534
  1. Enter a name and a description (optional). 

Platforms

Select the platform or platforms you wish to enable, and select their version. 

Conditions

📘

Note

Conditions are available based on the selected platform(s). If a condition was selected for one platform, and there is a change in platform (another was added or replaced), the condition may be unavailable.

  • Click Add Condition to open a list of existing conditions.
  • Start typing to find a condition. 
  • For each condition specify whether it is enabled or disabled. 
  • Delete a condition by clicking the delete icon ![delee] (https://files.readme.io/9bc9bba-delete2.png) icon
1008
Condition NameDescriptionPlatform
FirewallThe Atmos Agent inspects the firewall status for all three firewall profiles: public, private, and domain. To pass the posture validation check, at least one must be active.Windows, MacOs, both
Full Disk EncryptionThe Atmos Agent checks whether the device has full disk encryption enabled or disabled. To pass this posture validation check, full disk encryption must be enabledWindows, MacOs, both
File pathThe Atmos Agent searches for a file path that can be found on the users' systems. To pass the posture validation check the device must have that path. 

For example, you can enter: C:\Program Files\Git\bin\git.exe.
Windows, MacOs, both
ProcessThe Atmos Agent checks to see if a process is running.
Note: Enter only the last part of the process. E.g. in this process: C:\Program Files\Common Files\McAfee\AVSolution\Mcshield.exe only enter Mcshield.exe
Windows, MacOs
Registry Key PathThe Atmos Agent checks against the registry key Path or the Value. To pass this posture validation check, the device must have the specified registry key.

For the registry key Path, ensure that the path begins with HKEY. 

For example, you can enter: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
Windows
Windows PatchesThe Atmos Agent checks the windows patches installed. To pass this device posture check the relevant patches must be installed.
Note: The admin must explicitly mention every patch that should be checked.
Windows
CrowdstrikeThe Atmos Agent checks if Crowdstrike’s Falcon Sensor is installed on the device, and verifies that it is running and reporting.

The Agent verifies with Crowdstrike API that it is running and reporting to the right Crowdstrike tenant.

Note: This condition is only available if there is an integration between Crowdstrike and Axis Security. Click here to learn more.
Windows, MacOs, both
Domain-JoinedThe Atmos Agent checks whether a Windows device is domain-joined to an Active Directory domain. To pass this posture validation check, the device's server domain must be joined to the Active Directory domain that was configured in the Device Posture.Windows
Client CertificateThe Atmos Agent checks whether a valid certificate is available in the device’s registry. To pass this posture validation check, the device must have a Root CA certificate. 

The admin should upload Root/Intermediate CA Certificate that can be  .PEM,  .CRT or .CER file types.
Windows, MacOs, both
VersionThe Atmos Agent checks the device's version. To pass this posture validation check, the device's version must be the minimum specified version or up.iOS, Android
Screen LockThe Atmos Agent checks for screen lock protection such as passwords, Face ID, Touch ID, and more.iOS, Android
RootedThe Atmos Agent checks whether the operating system has been unlocked, such as by jailbreaking or rooting.iOS, Android
Anti VirusThe Atmos Agent checks whether the Windows' Security Center indicates that any Anti Virus is installed, running, and properly signed.Windows

📘

Note

"Screen Lock" check requires the following Axis Client versions:
For Android- version 2.60.0
For iOS- version 2.61.2

Adding a Policy Rule

A Policy is a collection of rules which provide granular access to your apps depending on a range of parameters. For example, access can be defined based on the destination application groups of the requester. In this use case, the admin can use the device posture created above as a rule that will block or allow access to the application.  

📘

Note

Under Device trust, select the device trust profile created in the previous section.

3534

Click Submit
Click Apply Changes in the top menu bar.