Hi everyone,
I’m currently prepping for a SOC2 Type 2 audit and I need a way to prove that our Windows fleet has security features like Antivirus and Firewall enabled.
I can see this information individually under each device’s “Device Info” tab, but is there a way to generate a single report or run a “scan” that checks these statuses across the whole fleet? Going through 100+ devices one by one is going to be the death of me.
14 Views
Hi @raelynn! We totally understand. Audit season is stressful enough without manual data entry.
Currently, Hexnode doesn’t have a pre-built “Security Status” report that specifically filters by the Windows-only Antivirus or Firewall fields. Because those fields are platform-specific, they aren’t available as standard columns in the Reports tab yet. I’ve submitted a feature request to our dev team for you!
In the meantime, you can achieve this using a combination of Custom Attributes and Custom Scripts. This allows you to pull that data into a filterable field.
Thanks for the feature request! Regarding the workaround: can I track multiple things in one attribute? For example, can one attribute show both the AV and Firewall status so I don’t have to manage dozens of different fields?
Great question. You have two main paths here:
Manual (Device Notes): You can manually enter statuses into the “Device Notes” section for each device. These are filterable in reports, but it’s still a manual process.
Automated (Custom Scripts): If you write a script to check both AV and Firewall status, the script can output a string (e.g., “AV: Active | Firewall: Enabled”) and save that entire result into a single Custom Attribute.
The automated script path sounds like exactly what I need. But I’m a bit confused on the setup. Where do I actually put the script? Does it go inside the Attribute value itself?
It’s a two-step “handshake” process. Here is how you connect them:
Create the Attribute: Go to Admin > Custom Attributes and create a new attribute (e.g., Security_Compliance_Status).
Deploy the Script:
Note: While we can’t write the specific script for you, any PowerShell script that queries the SecurityCenter2 namespace will generally do the trick for Windows devices.
Aha! I see how they link up now. Create the “bucket” (attribute) first, then use the script to “fill” it. That’s perfect. Thanks for the help!
Don't have an account? Sign up
