search
APIGitHubYouTubeCommunityWebsite

Posture Checks

Automated device compliance verification for network security

circle-info

PRO FEATURE — Posture Checks is available on Netmaker Pro

Status: BETA Minimum Client Version: 1.4.0 and above

hashtag
Overview

Device Posture Checks provide a policy-driven mechanism to evaluate the security and system state of client devices based on reported attributes. The goal is to ensure that only devices meeting defined posture requirements are considered compliant and allowed to operate within the platform.

This feature is intended to support Zero Trust principles, continuous compliance monitoring, and controlled access enforcement.

hashtag
What are Posture Checks?

Posture checks are security policies that validate device attributes against defined criteria. When a device fails to meet these requirements, it's flagged as non-compliant, allowing administrators to enforce security policies and maintain network integrity.

hashtag
Key Benefits

  • Enforce security standards across all network devices

  • Prevent unauthorized access from non-compliant devices

  • Monitor compliance in real-time

  • Automate security policy enforcement

  • Reduce security risks from outdated or misconfigured devices

hashtag
Interface Overview

The Posture Checks interface consists of three main tabs:

  • Posture Checks - Manage and view all posture check rules

  • Non-compliant Nodes - View devices that fail posture checks

  • Non-compliant Users - View users with non-compliant devices

Search and Actions

  • Search bar - Quickly filter posture checks by name

  • Add posture check button - Create new compliance rules

  • Refresh - Update compliance status in real-time

hashtag
Posture Check Attributes

The following attributes can be validated:

1

hashtag
Operating System (OS)

  • Description: Validates the device's operating system type

  • Use Case: Restrict network access to approved OS platforms

  • Example Values: Android, iOS, Linux, Windows

2

hashtag
Client Version

  • Description: Checks the installed Netmaker client version

  • Use Case: Ensure clients have required features and security patches

  • Example Values: 1.4.0+

3

hashtag
OS Version

  • Description: Validates specific operating system version

  • Use Case: Prevent outdated OS versions with known vulnerabilities

  • Example Values: 10.0.26100+

4

hashtag
Kernel Version

  • Description: Checks kernel version

  • Use Case: Ensure systems have security-patched kernels

  • Example Values: 24.04+

5

hashtag
OS Family

  • Description: Groups operating systems by family

  • Use Case: Apply broad OS category restrictions

  • Example Values: iOS, Android, Unix-like

6

hashtag
Auto Update

  • Description: Verifies if automatic updates are enabled

  • Use Case: Enforce update policies for security compliance

  • Example Values: True, False

hashtag
Creating a Posture Check

hashtag
Step-by-Step Guide

1

hashtag
Open the Creation Form

Click the "+ Add posture check" button in the top right corner of the dashboard.

2

hashtag
Enter Basic Information

Name (required)

  • Provide a clear, descriptive name

  • Use naming conventions like: [Attribute]-[Requirement]

Description (optional)

  • Explain what the check validates and why

  • Example: "Ensures devices are running approved operating systems. Devices with unsupported OS types will be denied network access."

3

hashtag
Configure Check Parameters

Attribute (required)

  • Click the dropdown to select the device property to validate

  • Choose from: OS, Client Version, OS Version, Kernel Version, OS Family, Auto Update

  • This determines what gets checked on each device

Severity Level (required)

  • Select from dropdown: Critical, High, Medium, Low

  • Align severity with your security policy priorities

  • Consider impact on business operations

Guidelines:

  • Critical: Use for security fundamentals (OS restrictions, auto-updates)

  • High: Important security features (kernel versions, encryption)

  • Medium: Standard compliance requirements

  • Low: Recommended but flexible standards (client version suggestions)

4

hashtag
Define Scope

Tags (optional, defaults to "All Resources")

  • Select which network resources this check applies to

  • Click the tag field to choose from available tags

  • Use "All Resources" for network-wide policies

  • Target specific tags for granular control (e.g., production servers, guest networks)

User Groups (required, defaults to "All Users")

  • Select which user groups must comply with this check

  • Click the user groups field to choose groups

  • Options include:

    • "All Users" - Network-wide enforcement

    • Specific groups (e.g., "developers-network", "stest", "contractors")

  • Mix and match for role-based compliance

5

hashtag
Review and Create

  • Double-check all settings

  • Ensure allowed values match your device inventory

  • Click "Add" to create the posture check

  • The check will immediately become active

hashtag
Monitoring Non-Compliance

hashtag
Visibility on Nodes Interface

Important: Violated nodes and users are automatically flagged on the main Nodes screen, providing immediate visibility without switching tabs.

Visual Indicators:

  • Warning icon (⚠️) appears next to device names with posture check violations

  • Devices with violations are easily identifiable in your nodes list

  • Quick scanning of device status without leaving the main view

  • Click on the warning icon (⚠️) for detailed violation information

This allows administrators to spot compliance issues at a glance while managing devices, without needing to navigate to dedicated compliance tabs.

hashtag
Non-compliant Nodes Tab

Switch to this tab to view:

  • Devices currently failing one or more posture checks

  • Which specific checks each device is violating

  • Device details (OS, version, user, etc.) for remediation planning

  • Centralized view of all violations across your network

hashtag
Non-compliant Users Tab

Switch to this tab to view:

  • Users with one or more non-compliant devices

  • Aggregate violation counts per user

  • Pattern identification (e.g., entire teams with compliance issues)

  • User-focused violation grouping for targeted communication

hashtag
Search and Filtering

Use the search bar to quickly find specific posture checks:

  • Search by name (e.g., "OS", "version", "update")

  • Filtering devices by compliance is useful when managing many posture checks

hashtag
Best Practices

Start with Critical Checks First

Begin your implementation with high-impact, critical security requirements:

  • Operating system restrictions (prevent unauthorized OS types)

  • Auto-update enforcement (ensure security patches)

  • Minimum client version (guarantee feature support)

hashtag
Version Information

  • Feature Status: BETA

  • Minimum Client Version: v1.4.0

  • Minimum UI Version: v1.4.0

  • Minimum Server Version: v1.4.0

  • Edition Required: Netmaker Pro

PreviousConditional AccessNextDevice Approvals

Last updated

Was this helpful?