With 1Password Device Trust (Kolide), you can use checks to query your team’s devices and make sure every device meets your company’s compliance requirements. If a device fails a check, Kolide can help the user remediate the issue and optionally block their access to sensitive data.
You can choose from a library of around 100 pre-written checks, including options for querying operating system patches, browser versions, and the presence of files with sensitive data. You can also build custom checks using SQL.
How to manage pre-written checks
When you first set up your account, Kolide automatically enables checks that help promote universally accepted best practices for device security.
After your account is created, any additional pre-written checks added later will not be automatically enabled. When Kolide adds new suggested checks, you’ll see a blue badge directing you to the check catalog so you can review and enable them.
Add and enable a new check
To add and enable a new check:
- Sign in to Kolide.
- Select Checks > Add New Checks to open the check catalog.
- Locate a check you’d like to add and select its corresponding card. If the check has multiple versions for different platforms, select the check for the desired platform.
- In the preview that appears, select Enable. This will add the check and begin running it in “Report Only” mode.
Learn more about writing your own checks.
Pause a check
Pausing a check immediately removes it from the device’s query schedule and prevents any results sent by devices from being accepted or processed. This means the check will no longer block devices from company data. Unlike when you remove a check, pausing a check is a reversible action. All previous check results, options, and issues are preserved.
To pause a check, select the ellipsis menu on the check’s results card and choose Pause Check.
To pause multiple checks at once, select their respective checkboxes to reveal the mass-action buttons, then choose Pause Selected.
Remove a check
Important
Removing a check is an irreversible, destructive action that deletes all associated check results, issues, and configuration.
After you remove a check, you’ll no longer see it in either the Active or Paused tabs, and you can only re-enable it through the check catalog. If there’s a chance you’ll need to reuse a check or access its associated data, pause the check instead of removing it.
To remove a check, select the ellipsis menu on the check’s results card and choose Remove Check.
How to control targets
By default, a check will automatically target all devices that match its compatible platforms. You can customize targeting by platform or groups.
- Sign in to Kolide and select Checks from the dashboard.
- Select Configure Check on the check’s results card.
- Under the Targets section, select Configure.
- In the form that appears, select the box preceding the text Run on only a subset of devices.
- Choose the groups you’d like the check to target. To avoid targeting specific groups, select them in the Unless It Is Also In The Following Groups section.
- For more information about groups, see Device Groups and Okta Groups.
- Select Save.
Once complete, you’ll see an updated summary that describes which devices the check targets.
After saving, the check will automatically hide any existing check results and issues for devices that are no longer targeted by the check. If you later increase the scope of the check’s targeting, those previously hidden check results and issues will re-appear.
How to configure check behavior
You can customize the behavior of some pre-written checks. If custom options are available, you’ll see them in the configuration sidebar. To access the configuration sidebar, select Configure Check on the check you want to customize.
When you customize a check, any existing check results prior to the change are marked as Stale. This is because changing a check’s options can have a dramatic impact on how the check determines a passing or failing state.
Learn more about writing your own checks and setting remediation strategies.
How to customize end-user fix instructions
Kolide allows you to customize the text that the Kolide agent shows to your team members to help them fix an issue on their device. There are two distinct sections you can individually customize: the remediation instructions and the rationale.
When editing a section, you can choose between three options:
- Use Default Text (default)
- Prepend/Append Custom Text to Defaults
- Compose Custom Text
Whenever possible, we recommend prepending or appending custom instructions to the default text so that you can benefit from any improvements made to the primary template.
If you choose to fully customize the text, you’ll be responsible for keeping the text up-to-date going forward.
To edit text:
- Sign in to Kolide and select Checks from the dashboard.
- Select Configure Check for the check you want to customize.
- Select Edit in the field you want to update.
- In the Fix Instructions section, select Use Kolide Default Text, Prepend/Append Custom Text to Kolide’s Defaults, or Compose Custom Text. If you’re not using the default option, enter your desired text.
- In the Rationale section, select Use Kolide Default Text, Prepend/Append Custom Text to Kolide’s Defaults, or Compose Custom Text. If you’re not using the default option, enter your desired text.
- Select Save & Publish in the top right.
Markdown & liquid
All end-user fix instructions can be formatted with markdown and can contain dynamic information using Liquid syntax . For example, this template uses Liquid to dynamically change the instructions based on the type of web browser:
{% if issue.browser == "chrome" %}
1. Make sure you are logged into the user account `{{issue.profile}}`
2. Open Chrome
3. At the top right, select **More : > More Tools > Extensions**
4. Locate Touch VPN and select **Remove**
{% elsif issue.browser == "safari" %}
1. Open Safari
2. In the toolbar, choose **Safari > Preferences**
3. Select Touch VPN and select **Uninstall**
{% elsif issue.browser == "edge" %}
1. Make sure you are logged into the user account `{{issue.profile}}`
2. Open Microsoft Edge
3. To the right of the browser bar, select **Extensions > More actions** next to Touch VPN
4. Select **Remove from Microsoft Edge > Remove** from the main menu
{% elsif issue.browser == "firefox" %}
1. Open Firefox
2. Select the menu button
3. Select **Add-ons and themes** > **Extensions**
4. Find the Touch VPN extension and select on **..** and select **Remove**
{% else %}
1. Open the web browser
2. Locate the extension manager
3. Find the Touch VPN extension and uninstall it from your browser
{% endif %}
1. Recheck your device to confirm you fixed the problem
When dynamically customizing instructions with Liquid, you’ll see a Simulate Notification sidebar on the right hand of the screen. Use this sidebar to modify the check data used to render the preview.
Tip
Kolide provides example data for each official check available in the check catalog. In instances where a check involves particularly complex logic, there may be multiple sets of example data. This allows you to confirm that any modifications you implement will continue to perform as expected in less common data scenarios or across different platforms.