4.4.1.5. Operation

The EndPoint Compliance Operation involves understanding how to locate and visualize the compliance rules applied through the tagging system configured during the administration process in this module.

4.4.1.5.1. Agent parameters

If you want to view a tag for a specific agent parameter, navigate to ON Agent > Agent payloads.

../../../_images/epc5.png


Click on the tag icon under the Data column to view the tags associated with that user. They are based on the Agent rules previously configured.

../../../_images/epc6.png


From the example above, we can conclude that:

  • The Agent is installed (ONC_AGENT tag)

  • It is a virtual machine (HDT_VMGUEST tag)

  • It doesn’t have Edge and Firefox web browsers installed (CDT_EDGE and CDT_FIREFOX).

4.4.1.5.2. Grouped Tags

To view the tags generated after applying logical expressions, such as EPC_SECURITY_COMPLIANCE_ANY, navigate to ON NAC > Business Profiles and filter by tag:

../../../_images/epc2.png


By expanding the information of any filter result, you will see that it has the EPC_SECURITY_COMPLIANCE_ANY tag assigned to the device.

../../../_images/epc.png


This tag was assigned to the device because the following three tags were found on it.

  • ISS_AV_UPDATE

  • ISS_AV_ENABLED

  • ISS_FW_ENABLED

Remember that this tag example was defined using a logical expression when configuring the Tag grouping.

The result also indicates that the profiling matched a Windows desktop, which is why the EPT_DESKTOP_WINDOWS tag is present.

If you want to see the tag requirements, look for the IAI_ (Internal Application Installation) tags, which are grouped in the Application tags section:

../../../_images/epc7.png


It is important to be aware of all the application versions on the device. In this example, we can see that the device has:

  • The 1.0.13206 Agent version installed

  • The 99.0.4844.84 Chrome version

  • The 4.3.0 OSQuery version.