Include Security Posture in API request
The idea is for the API call to provide security posture details that can then be used to make 802.1X authorization, remediation decisions. Since the agent is already installed on the device, it should be easy to remediate the issues and then grant access. Some values to include:
Security:
Antivirus: Bitdefender Endpoint Security Tools Antimalware (Installed or not)
Status: Active or not active
Anti spyware:
Status: Active and Updated or not active and outdated
Firewall: Bitdefender Endpoint Security Tools Firewall
Status: Active and Updated or not active and outdated
Patch Status:
Also, can get windows security patch details? Like what KBs are installed?
Query by MAC address and Serial number. This can be used for Mac Address Bypass via 802.1X.
Also, ability to trigger patch installation, software update via API request to remediate on the fly!
Esmeil Naqeeb
shared this idea
-
karl karl
commented
THIS. I was scouring the feature board to see if anyone else asked for this and all I saw was integration requests and rando items. Yes, we need AV and other sec info on dashboard, but we REALLY need it in API /agent command.
- Installed Antivirus
- List of local users
- Disk Encryption State (not sure if you can do this or whether this really becomes an MDM problem)The installed AV piece is absolutely critical, and if you can tell if it's running that's even better.
From a compliance standpoint we need to know the Population, then which computers have what AV, and then be able to answer questions like:
- Are there any computers that need AV?
- Which are they, and what remediation do they need?
- Are there computers with AV that is stuck (say you removed WebRoot but it died on uninstall)?