The Checks feature is one of the ways Kolide provides insights into your devices. In this case, the insights are pre-set and opinionated. Checks look at common IT/security best practices, like whether or not FileVault 2 disk encryption is enabled, or if the macOS Gatekeeper setting is enabled.

Configuring Checks:

From the Checks page you can enable or disable checks, based on company priorities. You can also configure the type of notification that you wish to send/receive based on the Check.

For instance, you may want users to self-service their Firewall configuration if it is not currently enabled. You could set the Firewall Check to send a Slack direct message to the device's owner with Firewall configuration instructions when the device is not in compliance.

You can also send notifications to a Private or Public Slack channel where security team-members can be alerted when devices fall out of compliance.

Checks are not configured to notify end users or other channels by default. To enable the ability to alert end-users or a shared channel, click "Configure Notifications".

Under this setting, you can tag this check, configure notifications, and set your Escalation strategy.

You can also click on the three dots on the far right for more options, like:

  • View Issues - allows you to see each issue discovered on a device when it failed a check

  • Download Report - allows you to download a .csv report of the passing/failing devices for the check

  • Configure - this has the same set of actions as "Configure Notifications"

  • Disable - this will move the check to the Disabled page, and not show issues

With the Kolide slackbot enabled and notifications configured, users can check the current status of their device by messaging the Kolide slackbot with the command device or status.

If the user's device has an issue, they will get an alert with instructions on how to remediate it. This will be sent once a day in the afternoon until the issue is resolved. You can also set an escalation channel so admins can be alerted if the check is failing after a certain number of notifications are sent to the end user. This is a great way to get users involved in driving the security of your organization, while also facilitating communication between the IT/Security team and end users.

Want to add a custom check? Check out our help article to learn more.

If you have any questions about Checks, click on the Intercom button below and ask away!

Did this answer your question?