Device Checks

Kolide has over a hundred checks to help you measure and achieve your organization's compliance and security goals. Here are some of our most popular:

Achieve your security and compliance goals with ease.

No SQL Queries to Write
User/Okta Driven Remediation
Security Training for End-Users

You can use Device Checks to...

Find and Securely Store 1Password Emergency Kits

1Password Emergency Kits usually contain the account's secret key and maybe even the master password. It's important that they are secured.

Find Non-Genuine Windows Installations and Activate Them

Non-Genuine Windows is highly correlated with malware infection and the presence of other pirated software.

Find and Secure Plain-Text GitHub 2FA Backup Codes

Github Two-Factor backup codes are as good as real passwords. It's important that they are secured.

Block GitHub Copilot

Github Copilot can put the IP rights of your code at risk. You may want to block engineers from using it.

Block iCloud Private Relay

Disabling iCloud Private Relay on macOS may be good idea if it conflicts with an existing VPN or network auditing requirements.

Configure macOS Firewall to Block Unauthorized Connections

The macOS firewall comes disabled by default, but should be enabled whenever possible.

Find Macs with Remote Login Enabled and Disable it

Remote Login is essentially a Remote SSH server which can reduce the security of your Macs.

Find Macs With SIP Disabled and Enable It

SIP protects Macs by preventing them from running unauthorized code. It should be enabled.

Ensure Ubuntu’s Unattended Upgrades Are Turned On

Enabling Unattended Upgrades ensures critical software on Ubuntu remains patched automatically. It's a must-have.

Find Unencrypted SSH Keys and Encrypt Them

SSH keys are commonly used to sign into servers, push code, and verify identities. It's important they are password-protected.

Ensure Windows' Ransomware Protection is Enabled

Controlled Folder Access is the easiest way to stop ransomware, but isn't enabled by default.

And many more checks...

1Password
Disallow 1Password Emergency Kit to Be Stored in Plaintext
AWS Credentials
Require AWS Credentials File to Be Encrypted
BIOS
Require CPU "No Execute" to Be Enabled
BIOS
Require Secure Boot to Be Enabled
BitDefender
Require BitDefender App to Be Installed and Running
BitLocker
Require Primary Disk to Be Encrypted
Brave
Require Brave Browser to Be Up-to-date
ClamAV
Require ClamAV to Be Installed and Running
ClamAV
Require Clamscan Cron Job to Be Running
ClamAV
Require Freshclam Cron Job to Be Running
CrowdStrike
Require CrowdStrike Agent to Be Installed and Running
Device Uptime
Require Device to Be Restarted Regularly
Disk Health
Ensure Sufficient Free Space on Primary Disk
Dropbox
Dropbox App Should Not Be Installed
ESET
Require ESET Agent to Be Installed and Running
F5 VPN
Require F5 VPN to Be Installed
Firefox
Require Firefox Browser to Be Up-to-date
Gatekeeper
Require macOS Gatekeeper to Be Enabled
GitHub Copilot
GitHub Copilot Should Not Be Installed
GitHub
Require GiHub 2FA Recovery Codes to Be Encrypted
Google Chrome
Require Chrome Browser to Be Up-to-date
Google
Require GSuite 2FA Recovery Codes to Be Encrypted
Grammarly
Grammarly Browser Extension Should Not Be Installed
Grammarly
Grammarly Mac App Should Not Be Installed
iCloud
Require iCloud Private Relay to Be Disabled
iTerm2
Require Secure Keyboard Entry to Be Enabled
Kolide Agent
Require Kolide Agent to Have Full Disk Access Entitlement
Linux Disk Encryption
Require Root Volume to Be Encrypted
Linux Firewall
Ensure iptables Has Suitable Default Policy
Linux Firewall
Require Uncomplicated Firewall (UFW) To Be Enabled
Linux Package Updates
Ensure Linux Packages Are Up-to-date
Linux Screen Lock
Require Cinnamon Secure Screen Lock Configuration
Linux Screen Lock
Require Gnome Secure Screen Lock Configuration
Linux Screen Lock
Require Mate Secure Screen Lock Configuration
Login and Access
Ensure Root Account Shells Are Set to nologin
Login and Access
Ensure System Account Shells Are Set to nologin
Login and Access
Require Guest User Account to Be Disabled
Login and Access
Require Root Accounts Have a Password Set or Be Locked
Login and Access
Require System Account Passwords To Be Locked
Login and Access
Require User Account Passwords To Be Locked or Set
macOS Battery
Ensure Device Battery Is Healthy
macOS Finder
Require File Extensions to Be Visible in Finder
macOS Find My
Require Find My Service to Be Enabled
macOS Firewall
Require Firewall to Be Enabled
macOS Location Services
Require Location Services to Be Enabled
macOS MDM
Require Device to Be Enrolled in macOS MDM
macOS MDM
Require Jamf Protect Agent to Be Installed and Running
macOS Notifications
Require Sensitive Previews to Be Disabled on Lock Screen
macOS Screen Lock
Require Secure Screen Lock Configuration
macOS Sharing
Require Bluetooth Sharing to Be Disabled
macOS Sharing
Require Content Caching to Be Disabled
macOS Sharing
Require Disc Sharing to Be Disabled
macOS Sharing
Require File Sharing to Be Disabled
macOS Sharing
Require Internet Sharing to Be Disabled
macOS Sharing
Require Printer Sharing to Be Disabled
macOS Sharing
Require Remote Apple Events/App Scripting to Be Disabled
macOS Sharing
Require Remote Login to Be Disabled
macOS Sharing
Require Remote Management to Be Disabled
macOS Sharing
Require Screen Sharing to Be Disabled
macOS Software Updates
Ensure OS Meets Minimum Required Version
macOS Software Updates
Ensure OS Version Is Supported by Apple
macOS Software Updates
Ensure OS Version Is Up-to-date
macOS Software Updates
Require Automatic Updates to Be Enabled
Microsoft Intune
Require Device Enrollment
Microsoft Intune
Require Regular Device Check In
Microsoft Software Licenses
Require Microsoft Windows to Be Licensed
Munki
Require Munki to Be Installed and Run Recently
Network Time Protocol
Require Date and Time to Be Set Automatically
Password Policies
Require Password Policies to Be Configured Securely
Rapid7
Require Rapid7 App to Be Installed and Running
Remote Access
Remote Access Daemon Should Not Be Installed or Running
Removable Media
Require Autorun to Be Disabled
Salt
Require Salt App to Be Installed
SentinelOne
Require SentinelOne Agent to Be Installed, Running, and Configured
Sophos
Require Sophos App to Be Installed and Running
SSH Keys
Require SSH Keys to Be Encrypted
Sudo
Disallow Passwordless Invocation
Sudo
Require use_pty to Be Configured
Symantec
Require Symantec Endpoint Protection to Be Installed and Running
System Integrity Protection
Require System Integrity Protection to Be Enabled
Ubuntu
Ensure Cron Is Running
Ubuntu
Ensure OS Version Is Supported
Ubuntu
Require Unattended Upgrades to Be Properly Configured
Vulnerabilities
Insecure Zoom Video Conference Server
Windows 11
Disallow TPM/CPU Installation Bypass
Windows Explorer
Require File Extensions to Be Visible
Windows Security Center
Require Antivirus to Be Enabled
Windows Security Center
Require Ransomware Protection (Controlled Folder Access) to Be Enabled
Windows Software Updates
Ensure Important OS Updates Are Installed
Windows Software Updates
Ensure OS Meets Minimum Version Requirement
Windows Software Updates
Ensure OS Version Is Supported by Microsoft
Windows UAC
Require User Account Control to Be Enabled
Zscaler
Require Zscaler App to Be Installed