Print Friendly, PDF & Email

Fine-Tuning Device Posture Rules by Leveraging AND and OR Control Capabilities

The Device Posture Rule was previously created using an AND operation on selected attributes. The upgraded system now empowers administrators with a broader choice of AND and OR operator combinations, allowing for more refined configuration control. It is particularly beneficial in managing allowed and blocked IP addresses, countries, and application parameters within the Firewall and DDoS pages.

The following comprehensive combinations are now supported:

Conjunction (AND) Operations

  • A and B and C

Disjunction (OR) Operations

  • A or B or C

Combining AND with OR

  • (A and B) or C
  • (A or B) and C

Complex Combinations

  • (A and B) or (C and D)
  • (A or B) and (C or D)

Creating a device posture rule based on the attributes

To create a device posture check rule, follow these steps,

The Device Posture Check Rule is applicable for Agent-Based applications only.

  1. Click Add Device Posture.
  2. The Add Rule page appears. Enter a Device Posture (DP) Rule Name. Provide Description.
  3. Select Attributes and corresponding Attribute Lists from the drop down.
  4. If the multiple attributes configure the Device Posture Check Rule, then you can use the AND/OR operations combinations as mentioned above would be performed on all the selected attributes.
  5. You can provide Exception Device Name to which you do not want the DP Rule to be applied. The devices mentioned in the exception list will be excluded from rule evaluation, and no policy will be enforced.
  6. Click Add Rule.
  7. Once the DP Rule gets added successfully, the DP Rule Details Page appears. It displays the DP Rule details along with selected attributes.

If a user cannot access applications post the Device Posture Check Rule implementation, the user needs to check the Devices > Action Logs tab. If the user’s device does not meet the criteria, HawkkProtect Agent will be disabled on that device. You can find out from the Action Logs tab.

You can enable or disable the DP Rule with the toggle option provided on the DP Rule Details page.

Was this page helpful?