Category filter
Endpoint Incidents in Hexnode UEM: Device-Level Health Monitoring
Architecture Snapshot: The Endpoints section provides a consolidated telemetry view of all device-level issues. These incidents are dynamically generated to help administrators monitor fleet health, detect non-compliance, and ensure that Hexnode configurations (policies, restrictions, and commands) are executing as intended on the hardware level.
What are Endpoint Incidents?
Endpoint incidents are state-driven events triggered when Hexnode detects abnormal configurations, security parameter gaps, or communication breakdowns. They function as a real-time audit of whether enrolled endpoints continue to meet organizational security standards.
Detection Mechanism
Hexnode generates an endpoint incident automatically whenever:
- A configuration, restriction, or compliance rule fails to apply.
- A managed device fails to communicate with Hexnode servers within a defined heartbeat interval.
- Hardware thresholds (CPU, RAM, Battery) are breached.
Endpoint Incident Sources Matrix
| Source | Detection Logic and Security Impact |
|---|---|
| Endpoint Compliance | Detects Rooted/Jailbroken states, Geofence violations, and general Compliance Policy deviations. |
| Command Failures | Tracks instances where Policies or Certificate deployments fail to run, identifying security gaps. |
| High Usage Detected | Breach alerts when Memory (RAM) or Processor (CPU) usage exceeds 90% thresholds. |
| Owner Updates | Flags changes in device ownership to maintain asset accountability during re-enrollment. |
| Cellular & SIM | Monitors for SIM removal or SIM changes, critical for tracking lost or stolen assets. |
| Kiosk Exits | Logs unauthorized Kiosk Mode exits, ensuring devices remain locked to intended apps. |
| Encryption | Reports BitLocker or FileVault status. Failure indicates non-compliance with data-at-rest standards. |
| Disenrollments | Tracks Inactive devices, user-initiated disenrollments, and admin removals. |
| Battery Health | Flags hardware with Maximum Capacity below 50% (battery degradation), facilitating proactive replacement. |
Operational Importance
- Continuous Compliance: Identifies risky states (rooted/unencrypted) in real-time.
- Issue Escalation Prevention: Catches misconfigurations before they impact end-user productivity.
- Fleet Governance: Ensures strict policy enforcement across globally distributed devices.
Remediation Example: If an organization enforces mandatory disk encryption and a BitLocker command fails due to a TPM error, Hexnode logs an Encryption Failure incident. Admins can then isolate these specific endpoints for technical intervention.
