DocsAPI

Posture Checks

Automated device compliance verification for network security

Overview

Device Posture Checks provide a policy-driven mechanism to evaluate the security and system state of client devices based on reported attributes. The goal is to ensure that only devices meeting defined posture requirements are considered compliant and allowed to operate within the platform.

This feature is intended to support Zero Trust principles, continuous compliance monitoring, and controlled access enforcement.

PRO FEATURE
Posture Checks is available on Netmaker Pro

Status: BETA
Minimum Client Version: 1.4.0 and above

What are Posture Checks?

Posture checks are security policies that validate device attributes against defined criteria. When a device fails to meet these requirements, it's flagged as non-compliant, allowing administrators to enforce security policies and maintain network integrity.

Key Benefits

  • Enforce security standards across all network devices

  • Prevent unauthorized access from non-compliant devices

  • Monitor compliance in real-time

  • Automate security policy enforcement

  • Reduce security risks from outdated or misconfigured devices

Interface Overview

The Posture Checks interface consists of three main tabs:

  1. Posture Checks - Manage and view all posture check rules

  2. Non-compliant Nodes - View devices that fail posture checks

  3. Non-compliant Users - View users with non-compliant devices

Search and Actions

  • Search bar - Quickly filter posture checks by name

  • Add posture check button - Create new compliance rules

  • Refresh- Update compliance status in real-time

Posture Check Attributes

The following attributes can be validated:

1. Operating System (OS)

  • Description: Validates the device's operating system type

  • Use Case: Restrict network access to approved OS platforms

  • Example Values: Android, iOS, Linux, Windows

2. Client Version

  • Description: Checks the installed Netmaker client version

  • Use Case: Ensure clients have required features and security patches

  • Example Values: 1.4.0+

3. OS Version

  • Description: Validates specific operating system version

  • Use Case: Prevent outdated OS versions with known vulnerabilities

  • Example Values: 10.0.26100+

4. Kernel Version

  • Description: Checks kernel version

  • Use Case: Ensure systems have security-patched kernels

  • Example Values: 24.04+

5. OS Family

  • Description: Groups operating systems by family

  • Use Case: Apply broad OS category restrictions

  • Example Values: iOS, Android, Unix-like

6. Auto Update

  • Description: Verifies if automatic updates are enabled

  • Use Case: Enforce update policies for security compliance

  • Example Values: True, False

Creating a Posture Check

Step-by-Step Guide

1. Open the Creation Form

Click the "+ Add posture check" button in the top right corner of the dashboard.

2. Enter Basic Information

Name (required)

  • Provide a clear, descriptive name

  • Use naming conventions like: [Attribute]-[Requirement]

Description (optional)

  • Explain what the check validates and why

  • Example: "Ensures devices are running approved operating systems. Devices with unsupported OS types will be denied network access."

3. Configure Check Parameters

Attribute (required)

  • Click the dropdown to select the device property to validate

  • Choose from: OS, Client Version, OS Version, Kernel Version, OS Family, Auto Update

  • This determines what gets checked on each device

Severity Level (required)

  • Select from dropdown: Critical, High, Medium, Low

  • Align severity with your security policy priorities

  • Consider impact on business operations

Guidelines:

  • Critical: Use for security fundamentals (OS restrictions, auto-updates)

  • High: Important security features (kernel versions, encryption)

  • Medium: Standard compliance requirements

  • Low: Recommended but flexible standards (client version suggestions)

4. Define Scope

Tags (optional, defaults to "All Resources")

  • Select which network resources this check applies to

  • Click the tag field to choose from available tags

  • Use "All Resources" for network-wide policies

  • Target specific tags for granular control (e.g., production servers, guest networks)

User Groups (required, defaults to "All Users")

  • Select which user groups must comply with this check

  • Click the user groups field to choose groups

  • Options include:

    • "All Users" - Network-wide enforcement

    • Specific groups (e.g., "developers-network", "stest", "contractors")

  • Mix and match for role-based compliance

5. Review and Create

  • Double-check all settings

  • Ensure allowed values match your device inventory

  • Click "Add" to create the posture check

  • The check will immediately become active.

Monitoring Non-Compliance

Visibility on Nodes Interface

Important: Violated nodes and users are automatically flagged on the main Nodes screen, providing immediate visibility without switching tabs.

Visual Indicators:

  • Warning icon (⚠️) appears next to device names with posture check violations

  • Devices with violations are easily identifiable in your nodes list

  • Quick scanning of device status without leaving the main view

  • Click on the warning icon (⚠️) for detailed violation information

This allows administrators to spot compliance issues at a glance while managing devices, without needing to navigate to dedicated compliance tabs.

Non-compliant Nodes Tab

Switch to this tab to view:

  • Devices currently failing one or more posture checks

  • Which specific checks each device is violating

  • Device details (OS, version, user, etc.) for remediation planning

  • Centralized view of all violations across your network

Non-compliant Users Tab

Switch to this tab to view:

  • Users with one or more non-compliant devices

  • Aggregate violation counts per user

  • Pattern identification (e.g., entire teams with compliance issues)

  • User-focused violation grouping for targeted communication

Search and Filtering

Use the search bar to quickly find specific posture checks:

  • Search by name (e.g., "OS", "version", "update")

  • Filtering Devices by Compliance

  • Useful when managing many posture checks

Best Practices

Start with Critical Checks First

Begin your implementation with high-impact, critical security requirements:

  • Operating system restrictions (prevent unauthorized OS types)

  • Auto-update enforcement (ensure security patches)

  • Minimum client version (guarantee feature support)

Version Information

  • Feature Status: BETA

  • Minimum Client Version: v1.4.0

  • Minimum UI Version: v1.4.0

  • Minimum Server Version: v1.4.0

  • Edition Required: Netmaker Pro