Compliance
Check a device against a baseline — a checklist of security/configuration rules it should pass (e.g. "SSH root login disabled", "firewall active", "sshd running"). This page walks through creating a baseline, running a check, and reading the results.
1. Create a baseline
Baselines are defined once for the organization and reused across devices (admins only).
- On the device → Compliance tab, click Baselines → the baseline editor opens.
- Under New Baseline, enter a Name (e.g.
Linux Server Hardening) and an optional Description. - Tick Set as default baseline if you want this to be the one used automatically when you run a check.
2. Add rules
Click + Add Rule for each check. A rule reads as: "this category item, matched on field = value, operator, and optionally also check a second field."
For each rule, fill in:
| Field | What to pick | Example |
|---|---|---|
| Description | Plain-English intent | SSH must be running |
| Category | What to inspect — Services, Open Ports, Software, Local Users, Firewall Rules, Scheduled Tasks, Network Config, Env Variables | Services |
| Field | The identifier within that category (auto-fills per category — e.g. name, port, key) | name |
| Operator | Must Exist, Must NOT Exist, Must Equal, Must NOT Equal, Contains, NOT Contains | Must Exist |
| Value | What to match | sshd |
| Severity | Critical, Warning, or Info | Critical |
| Also check | Optional second condition on a related field (e.g. a service's status, a port's state, software version) | status = running |
Worked examples:
- SSH service is running → Category
Services, fieldname=sshd, Must Exist, Also checkstatus=running, severity Critical. - Telnet port is closed → Category
Open Ports, fieldport=23, Must NOT Exist, severity Critical. - Antivirus installed → Category
Software, fieldname=defender, Must Exist, severity Warning.
Remove a rule with × Remove. When the baseline is complete, click Create Baseline.
3. Run a check
Back on the Compliance tab (Results view), run a check against the device. The agent inspects the device's live configuration, evaluates every rule, and reports back. The score = passed ÷ total rules.
You can run checks on demand or schedule them so drift is caught automatically.
4. Read the results & fix failures
- The Results view lists checks with each device's score.
- Click a result to open the rule-by-rule detail — each rule shows pass/fail, its category, operator, and the value that was found, so you know exactly what to remediate.
- Fix the failing item on the device (start a service, close a port, install software), then re-run the check.
Compliance results feed the Evidence Pack download — full rule-by-rule pass/fail with timestamps for auditors. Scores below 70% also surface in Correlations as warnings.