Skip to main content

Compliance

Check a device against a baseline — a checklist of security/configuration rules it should pass (e.g. "SSH root login disabled", "firewall active", "sshd running"). This page walks through creating a baseline, running a check, and reading the results.

1. Create a baseline

Baselines are defined once for the organization and reused across devices (admins only).

  1. On the device → Compliance tab, click Baselines → the baseline editor opens.
  2. Under New Baseline, enter a Name (e.g. Linux Server Hardening) and an optional Description.
  3. Tick Set as default baseline if you want this to be the one used automatically when you run a check.

2. Add rules

Click + Add Rule for each check. A rule reads as: "this category item, matched on field = value, operator, and optionally also check a second field."

For each rule, fill in:

FieldWhat to pickExample
DescriptionPlain-English intentSSH must be running
CategoryWhat to inspect — Services, Open Ports, Software, Local Users, Firewall Rules, Scheduled Tasks, Network Config, Env VariablesServices
FieldThe identifier within that category (auto-fills per category — e.g. name, port, key)name
OperatorMust Exist, Must NOT Exist, Must Equal, Must NOT Equal, Contains, NOT ContainsMust Exist
ValueWhat to matchsshd
SeverityCritical, Warning, or InfoCritical
Also checkOptional second condition on a related field (e.g. a service's status, a port's state, software version)status = running

Worked examples:

  • SSH service is running → Category Services, field name = sshd, Must Exist, Also check status = running, severity Critical.
  • Telnet port is closed → Category Open Ports, field port = 23, Must NOT Exist, severity Critical.
  • Antivirus installed → Category Software, field name = defender, Must Exist, severity Warning.

Remove a rule with × Remove. When the baseline is complete, click Create Baseline.

3. Run a check

Back on the Compliance tab (Results view), run a check against the device. The agent inspects the device's live configuration, evaluates every rule, and reports back. The score = passed ÷ total rules.

You can run checks on demand or schedule them so drift is caught automatically.

4. Read the results & fix failures

  • The Results view lists checks with each device's score.
  • Click a result to open the rule-by-rule detail — each rule shows pass/fail, its category, operator, and the value that was found, so you know exactly what to remediate.
  • Fix the failing item on the device (start a service, close a port, install software), then re-run the check.
Audit evidence

Compliance results feed the Evidence Pack download — full rule-by-rule pass/fail with timestamps for auditors. Scores below 70% also surface in Correlations as warnings.