Fine-Tuning Device Posture Rules by Leveraging AND and OR Control Capabilities
The Device Posture Rule was previously created using an AND operation on selected attributes. The upgraded system now empowers administrators with a broader choice of AND and OR operator combinations, allowing for more refined configuration control. It is particularly beneficial in managing allowed and blocked IP addresses, countries, and application parameters within the Firewall and DDoS pages.
The following comprehensive combinations are now supported:
Conjunction (AND) Operations
- A and B and C
Disjunction (OR) Operations
- A or B or C
Combining AND with OR
- (A and B) or C
- (A or B) and C
- (A and B) or (C and D)
- (A or B) and (C or D)
Device Posture Attributes
You can create a Device Posture Rule with the following supported attributes:
- Windows OS Edition-Version
- macOS Edition-Version
- Linux OS Edition-Version
- Antivirus Software (present on the device)
- MAC Addresses
- IPv4/IPv6 Addresses
- Device Serial Numbers
- Domain Joined
- HawkkScan Privacy Risk Score
- Apple Inc.
- Microsoft Defender
- Quick Heal
- Trend Micro
- Click Add Device Posture.
- The Add Rule page appears. Enter a Device Posture (DP) Rule Name. Provide Description.
- Select Attributes and corresponding Attribute Lists from the drop down.
- If the multiple attributes configure the Device Posture Check Rule, then you can use the AND/OR operations combinations as mentioned above would be performed on all the selected attributes.
- You can provide Exception Device Name to which you do not want the DP Rule to be applied. The devices mentioned in the exception list will be excluded from rule evaluation, and no policy will be enforced.
- Click Add Rule.
- Once the DP Rule gets added successfully, the DP Rule Details Page appears. It displays the DP Rule details along with selected attributes.
Note that the HawkkScan Risk Score is visible only for tenants who have opted for HawkkScan. If a tenant does not have HawkkScan, the risk score attribute will not be available in the attribute list during DP rule creation.
The Antivirus Software attribute expands its support beyond SEQRITE Endpoint Security by supporting following third-party Endpoint Protection Platforms (EPP) and Antivirus (AV) vendors, addressing a wider range of customer preferences.
The listed third-party antivirus solutions offer support for both Windows and Mac platforms. For Linux platforms, support is provided through SEQRITE Endpoint Security.
Creating a Device Posture Rule Based on the Attributes
Device Posture allows or denies access to the applications based on a Device Posture (DP) Rule. To create a device posture check rule, follow these steps:
The Device Posture Check Rule is applicable for Agent-Based applications only.
If a user cannot access applications post the Device Posture Check Rule implementation, the user needs to check the Devices > Action Logs tab. If the user’s device does not meet the criteria, HawkkProtect Agent will be disabled on that device. You can find out from the Action Logs tab.
You can enable or disable the DP Rule with the toggle option provided on the DP Rule Details page.