Configuring the Atmos Agent Device Posture

The Atmos Agent Device Posture conditions access based on findings from the Atmos Agent, leveraging OSQuery to collect the data on the endpoint. In order to create an Atmos Agent device posture, make sure you have the Atmos Agent Installed.

The process of configuring the Atmos Agent Device Posture includes two steps:

  1. Creating a Device Posture Object
  2. Adding a Policy Rule

Creating a Device Posture Object

  1. In the Management Console, go to Policy-> Device Trust-> New Device Trust.
  2. Select Atmos Agent as your new device posture method.
35343534
  1. Enter a name and a description (optional). 

Platforms

Select the platform or platforms you wish to enable, and select their version. 

Conditions

📘

Note

Conditions are available based on the selected platform(s). If a condition was selected for one platform, and there is a change in platform (another was added or replaced), the condition may be unavailable.

  • Click Add Condition to open a list of existing conditions.
  • Start typing to find a condition. 
  • For each condition specify whether it is enabled or disabled. 
  • Delete a condition by clicking the delete icon deleedelee icon
10081008

Condition Name

Description

Platform

Firewall

The Atmos Agent inspects the firewall status for all three firewall profiles: public, private, and domain. To pass the posture validation check, at least one must be active.

Windows, MacOs, both

Full Disk Encryption

The Atmos Agent checks whether the device has full disk encryption enabled or disabled. To pass this posture validation check, full disk encryption must be enabled

Windows, MacOs, both

File path

The Atmos Agent searches for a file path that can be found on the users' systems. To pass the posture validation check the device must have that path. 

For example, you can enter: C:\Program Files\Git\bin\git.exe.

Windows, MacOs, both

Process

The Atmos Agent checks to see if a process is running.
Note: Enter only the last part of the process. E.g. in this process: C:\Program Files\Common Files\McAfee\AVSolution\Mcshield.exe only enter Mcshield.exe

Windows

Registry Key Path

The Atmos Agent checks against the registry key Path or the Value. To pass this posture validation check, the device must have the specified registry key.

For the registry key Path, ensure that the path begins with HKEY. 

For example, you can enter: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

Windows

Windows Patches

The Atmos Agent checks the windows patches installed. To pass this device posture check the relevant patches must be installed.
Note: The admin must explicitly mention every patch that should be checked.

Windows

Crowdstrike

The Atmos Agent checks if Crowdstrike’s Falcon Sensor is installed on the device, and verifies that it is running and reporting.

The Agent verifies with Crowdstrike API that it is running and reporting to the right Crowdstrike tenant.

Note: This condition is only available if there is an integration between Crowdstrike and Axis Security. Click here to learn more.

Windows, MacOs, both

Domain-Joined

The Atmos Agent checks whether a Windows device is domain-joined to an Active Directory domain. To pass this posture validation check, the device's server domain must be joined to the Active Directory domain that was configured in the Device Posture.

Windows

Client Certificate

The Atmos Agent checks whether a valid certificate is available in the device’s registry. To pass this posture validation check, the device must have a Root CA certificate. 

The admin should upload Root/Intermediate CA Certificate that can be  .PEM,  .CRT or .CER file types.

Windows, MacOs, both

Version

The Atmos Agent checks the device's version. To pass this posture validation check, the device's version must be the minimum specified version or up.

iOS, Android

Screen Lock

The Atmos Agent checks for screen lock protection such as passwords, Face ID, Touch ID, and more.

iOS, Android

Rooted

The Atmos Agent checks whether the operating system has been unlocked, such as by jailbreaking or rooting.

iOS, Android

Anti Virus

The Atmos Agent checks whether the Windows' Security Center indicates that any Anti Virus is installed, running, and properly signed.

Windows

📘

Note

"Screen Lock" check requires the following Axis Client versions:
For Android- version 2.60.0
For iOS- version 2.61.2

Adding a Policy Rule

A Policy is a collection of rules which provide granular access to your apps depending on a range of parameters. For example, access can be defined based on the destination application groups of the requester. In this use case, the admin can use the device posture created above as a rule that will block or allow access to the application.  

📘

Note

Under Device trust, select the device trust profile created in the previous section.

35343534

Click Submit
Click Apply Changes in the top menu bar.


Did this page help you?