DEX policies for macOS
Policies for macOS are guidelines and rules to promote that the application is used in a consistent, secure, and conforming manner. DEX policies your organization to reduce the risk of data breaches, improve data quality and accuracy, and optimize application performance and availability.
For macOS systems, to retrieve the entire data, include the subsequent content to /private/etc/sudoers.d/_servicenow.
# ServiceNow Agent Collector - Sudoers Configuration for macOS
# Command alias for ServiceNow allowed commands
# These commands can be executed by the _servicenow user with sudo privileges
Cmnd_Alias SN_ALLOWED = /usr/bin/powermetrics, \
/usr/bin/mdls, \
/usr/bin/log, \
/usr/bin/log show *, \
/bin/kill, \
/usr/bin/defaults, \
/usr/local/bin/jamf, \
/bin/rm, \
/bin/ls, \
/usr/bin/pgrep, \
/usr/bin/find, \
/usr/bin/pmset, \
/usr/bin/open, \
/Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/app_freeze.sh, \
/Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/zscaler_zpa_reconnect.sh, \
/Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/clear_google_chrome_browsing_data.sh, \
/Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/services.sh, \
/Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/restart_service.sh *, \
/Applications/Zscaler/Zscaler.app/Contents/PlugIns/zscli, \
/Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/elevate_temporary_admin.sh
# ServiceNow user permissions
# _servicenow user can run osqueryi and all SN_ALLOWED commands without password
# SETENV allows environment variables to be preserved
_servicenow ALL=NOPASSWD: SETENV: /Library/Application\ Support/servicenow/agent-client-collector/cache/osquery/bin/osqueryi *, SN_ALLOWED
# Defaults for _servicenow user
# !requiretty: Allow sudo without a TTY (required for automated scripts)
Defaults:_servicenow !requirettyCmnd_Alias SN_ALLOWED = /usr/bin/powermetrics, /usr/bin/mdls, /usr/bin/log, /bin/kill, /usr/bin/defaults, /usr/local/bin/jamf, /bin/rm, /bin/ls, /usr/bin/pgrep, /usr/bin/find, /usr/bin/pmset, /usr/bin/open, /Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/app_freeze.sh, /Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/zscaler_zpa_reconnect.sh, /Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/clear_google_chrome_browsing_data.sh, /bin/sh /Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/services.sh, /bin/sh /Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/restart_service.sh *, /Applications/Zscaler/Zscaler.app/Contents/PlugIns/zscli, /Library/Application\ Support/servicenow/agent-client-collector/cache/acc-dex-modules/bin/scripts/sudo/elevate_temporary_admin.sh
_servicenow ALL=NOPASSWD: SETENV: /Library/Application\ Support/servicenow/agent-client-collector/cache/osquery/bin/osqueryi *, SN_ALLOWED
Defaults:_servicenow !requiretty
Defaults timestamp_timeout=0
Defaults log_allowed주:
The historical data for an application or device is the information that is kept in the MetricBase database for the past 7
days, while the latest data pertains to the most recent information available.
Policies for Mac — Application
DEX provides the following policies for applications.
| Policy name | Description | Check instances | Frequency | Historical or latest | Check instance parameters |
|---|---|---|---|---|---|
| DEX Mac Apps Metrics | Collects the application metrics in the Mac device and sends metric data to Metric Base. | os.mac.check-app-historical | 5 mins | Historical | cpu_usage, memory_usage, uptime, io_usage_read, io_usage_write, is_running, last_access_time, crashes |
Policies for Mac — Device
DEX provides the following policies for devices.
| Policy name | Description | Check instances | Frequency | Historical or latest | Check instance parameters |
|---|---|---|---|---|---|
| DEX Mac Device Metrics | Collects macOS device metrics and sends the metric data to the ServiceNow instance. | os.mac.check-system-metrics-latest | 24 hours | Latest | uptime, logged_in, firewall_enabled, session_details, disk_details, os_details, cpu_details, battery_details, device_details, network_details, pending_updates, device_events, cpu_usage, memory_details, os_setup_details, last_access_time, reboot_details |
| DEX Mac Device Metrics | Collects macOS device metrics and sends the metric data to MetricBase. | os.mac.check-system-metrics-historical | 5 mins | Historical | disk_usage, io_usage_write, io_usage_read, power_consumption, cpu_usage, memory_details, uptime, crashes, battery_charge_percentage, wifi_transmit_rate, wifi_rssi |
| DEX Mac Device Metrics | Collects data for running macOS processes and sends the data to the ServiceNow instance. | os.mac.check-process-data | 24 hours | N/A | N/A |
| DEX Mac Device Metrics | Collects macOS device metrics and sends the metric data to the ServiceNow instance. |
os.mac.check-sys-compliance-historical |
5 minutes | Historical | N/A |
| DEX Mac Device Metrics | Collects macOS device metrics and sends the metric data to the ServiceNow instance. |
os.mac.check-sys-compliance-latest |
24 Hours | Latest | N/A |
| DEX Mac Device Metrics |
Collects macOS device metrics and sends the metric data to the ServiceNow instance.
주: If the previous check runs for more than five minutes, the current check gets skipped. |
os.mac.check-energy-consum-historical |
5 minutes | Historical | N/A |
| DEX Mac Device Metrics |
Collects macOS device metrics and sends the metric data to the ServiceNow instance. |
os.mac.check-system-metrics-historical | 30 minutes | Historical | vpn_details |
| DEX Get online macOS user on change | Gets a logged-in user's data on a macOS device whenever there’s a change. | os.mac.check-system-custom-query-on-chan | 60 secs | Latest | query,query_sys_id, query_type |
| DEX Get device configuration on change | Gets a logged-in user's device configuration whenever there’s a change. | os.all.check.internal.get-device-configu | 60 secs | Latest | N/A |
주:
If you upgrade the Content Playbook plugin on an instance and encounter unexpected policy update issues, see the Troubleshooting: Policy update issues post DEX plugin upgrade [KB1586917] article in the Now Support knowledge base.