DEX check definitions for macOS
Check definitions for macOS are predetermined sets of rules and criteria that assess the performance, security, and conformance of macOS devices. These checks can cover various aspects such as CPU usage, memory usage, battery details, and firewall status.
Note:
You can configure the check definitions and associated retrievable data. Some of the listed check definitions might retrieve data that contains or is considered personal information.
Check definitions — Application (Metrics)
DEX provides the following check definitions, available while the application is running, except these listed below, which remain accessible even when the application isn’t running:
- os.mac.check-app-version
- os.mac.check-app-is-installed
- os.mac.check-app-last-access-time
- os.mac.check-app-last-updated
In the check definition parameters:
- appName = application name. For example, Webex.
- appSysId = sys_id of the application.
- primaryProcess = list of primary processes for the application separated by a pipe symbol ( | ). The first process that exists on the endpoint device is given priority. For example: Webex.app or Microsoft Teams.app | Microsoft
Teams Classic.app.Note:When determining priority based on process availability on an endpoint device, follow this logic: If the primary process for the Teams application is Microsoft Teams.app on one end-point device and it’s Microsoft Teams classic.app on another end-point device, then the process that is present on the endpoint device first is given precedence.
- secondaryProcesses = list of secondary processes for the application separated by a pipe symbol ( | ). For example: Cisco WebEx Start.app | webexmtaV2.app.
| Check definition name | Check definition parameters | Description |
|---|---|---|
| os.mac.check-app-cpu-usage |
|
Checks the amount of CPU resources being used by the primary process and secondary process of the application. . |
| os.mac.check-app-memory-usage |
|
Checks the amount of memory resources being used by the primary process and secondary process of the application. |
| os.mac.check-app-listening-ports |
|
Retrieves the port numbers that are open and through which incoming network traffic can reach the application. |
| os.mac.check-app-last-updated |
|
Checks the time and date of the latest application update installation. Note: This check definition doesn’t require the application to be in a running state. |
| os.mac.check-app-version |
|
Retrieves the version number of the application. Note:
|
| os.mac.check-app-is-installed |
|
Checks if the application is installed or not on the device. Note: This check definition doesn’t require the application to be in a running state. |
| os.mac.check-app-is-running |
|
Checks whether the application is in a running state or not. |
| os.mac.check-app-uptime |
|
Checks the uptime of the given application. |
| os.mac.check-app-last-access-time |
|
Checks the most recent time when the application was executed or run. Note:
|
| os.mac.check-app-io-usage-read |
|
Checks the Read I/O (Input/Output) operations performed by the application's primary and secondary processes. |
| os.mac.check-app-io-usage-write |
|
Checks the Write I/O (Input/Output) operations performed by the application's primary and secondary processes. |
| os.mac.check-app-domain-network-latency |
|
Fetches network latency of the application domain. |
| os.mac.check-app-crashes |
|
Fetches number of crashes and crash details of the application. |
| os.mac.check-app-freezes |
|
Fetches number of app freezes in the last 5 minutes and freeze details of the application. |
| os.mac.check-app-zscaler-service-status |
|
Retrieves the Zscaler service status information. |
Check definitions — Device (Metrics)
DEX provides the following types of check definitions for device.
| Check definition name | Description |
|---|---|
| os.mac.check-system-cpu-usage | Checks the CPU utilization. |
| os.mac.check-system-cpu-details | Retrieves the CPU name, number of physical and logical cores, and architecture information. |
| os.mac.check-system-memory-usage | Checks system memory utilization. |
| os.mac.check-system-last-access-time | Checks the last time that the current device was accessed. Note: This check definition works on locked and unlocked devices. |
| os.mac.check-system-uptime | Checks the amount of time elapsed since the system was last booted. |
| os.mac.check-system-time | Checks the current time in Coordinated Universal Time (UTC) using UNIX timestamp. |
| os.mac.check-system-device-crashes | Retrieves details of different crashes on your device. Note: This check fetches Kernel Panics present in the device logs in the last five minutes. |
| os.mac.check-system-device-details | Retrieves the type, model, and serial number of the chassis. |
| os.mac.check-system-device-events | Retrieves the details of events that occurred on the device during the specified time interval. Events for macOS include: Last boot, logged-in users, installed software, updated software, added users, and reset passwords. |
| os.mac.check-system-disk-details | Retrieves disk details such as total space, used space, and free space in bytes. |
| os.mac.check-system-disk-io-usage-read | Retrieves disk bytes read per second. |
| os.mac.check-system-disk-io-usage-write | Retrieves disk bytes written per second. |
| os.mac.check-system-disk-usage | Retrieves the disk used space as a percentage of the total space. |
| os.mac.check-system-os-details | Retrieves the name, version, platform, architecture, and installation date of the operating system. |
| os.mac.check-system-net-bytes-incoming | Retrieves the incoming network bytes per second across all network devices. |
| os.mac.check-system-net-bytes-outgoing | Retrieves the outgoing network bytes per second across all network devices. |
| os.mac.check-system-logged-in-users | Retrieves the detail of users currently logged in to the device. |
| os.mac.check-system-session-details | Retrieves the session time of currently logged-in users in minutes. |
| os.mac.check-system-network-details | Retrieves the network details, including Ethernet, Wi-Fi, and other relevant information. |
| os.mac.check-system-battery-details | Retrieves battery-related data, including the remaining battery percentage, the designed voltage, the estimated run time, and the battery's maximum capacity. Note:
|
| os.mac.check-system-battery-charge-percentage | Retrieves the charge percentage of batteries present on the device. Note:
|
| os.mac.check-system-firewall-enabled | Checks if the operating system firewall is active and enabled. |
| os.mac.check-system-pending-updates | Checks the status of pending software updates. |
| os.mac.check-system-admin-users | Retrieves all user accounts with local administrative privileges. |
| os.mac.check-system-reboot-details | Retrieves the reboot details for the device. |
| os.mac.check-system-os-setup-details | Retrieves the approximate OS age for the device. |
|
os.mac.check-system-compliance-details |
Retrieves the system’s compliance details. This includes the list of all configured apps and metric values that are non-compliant, and calculates a compliance rating based on that. Note:
|
| os.mac.check-system-vpn-details | Get the VPN details for your device. |
| os.mac.check-system-energy-consumption | Gets Energy consumed by Mac machine in coming 5 minutes. Note: It's important to consider the following:
|
| os.mac.check-system-power-consumption | Gets Power consumption for mac device. |
| os.mac.check-system-custom-query-on-change | Executes the custom query provided in the parameters. Returns value only when changed. |
| os.all.check.internal.get-device-configuration-on-change | Gets the configurations of a device. For example: sudo configured, debug on, agent user, and so on. Runs only if value changes. |
Check definitions — Diagnostic Actions
DEX provides the following types of check definitions for Diagnostic actions.
| Check definition name | Check definition parameters | Description |
|---|---|---|
| os.mac.check-app-process-ids | --process_name=<process name> | Retrieves the Process IDs (PIDs) of both the parent and all the child processes associated with the application. |
| os.mac.check-process-cpu | None | Retrieves a list of all running processes along with their CPU usage percentage, CPU time, Process ID (PID), Parent Process ID (PPID), and name. |
| os.mac.check-process-memory | None | Retrieves a list of all running processes along with their memory usage in kilobytes (KB), Process ID (PID), Parent Process ID (PPID), and name. |
| os.mac.check-process-data | None | Retrieves the CPU usage, memory usage, and disk usage of all currently running processes. |
| os.mac.check-process-disk | None | Retrieves a list of all running processes along with their disk usage in Bytes, Process ID (PID), Parent Process ID (PPID), and name. |
| os.mac.check-traceroute | --url=<url> --max_hops = <default value is 65> --timeout = <default value is 5> |
Retrieves the IP address, domain name, and round-trip time (RTT) for each network hop. |
| os.mac.check-ping-test | --url=<url> | Sends a ping request to the provided URL and returns the connectivity status, indicating whether the URL is reachable or not. |
| os.mac.check-services-data | service_type =<Type of service(one of user, system or all) | Retrieves the list of all services with PID, Service Name, Status, Service Type. |
Check definitions — Remedial Actions
DEX provides the following types of check definitions for Remedial actions.
| Check definition name | Check definition parameters | Description |
|---|---|---|
| os.mac.action-kill-process | --pid=<process id> OR --process_name=<executable file name> Note: The process ID takes priority over the application name. |
Terminates a running process or multiple processes specified by their Process ID (PID) or executable (.app) file name. |
| os.mac.action-restart-service | --service_name=<service name> | Restarts logged user services that take a service name as input to the system. |
| os.mac.action-execute-jamf-policy | --Policy ID - policy_id | Execute the Jamf policy either with a policy ID or with a predefined action. Predefined actions are set by the DEX admins in dex_jamf_policy table. The service desk agents are able to select and run the predefined
actions as they might not have access to Jamf policy IDs. Jamf policy has information about the application name, package version information, action to be performed (for example, install or uninstall), information on
enabled on self service, defined in the Jamf server. Note: Jamf client must be installed on the device to execute the Jamf policy. |
| os.mac.action-clear-app-cache | auto_close = <True/False whether you want the process to be closed before clearing the cache> process_name = <Process name> app_name = <Application name> cache_path = <Path to the cache folder> |
Clears the application cache. Note: Cache path is supported for Zoom, Microsoft Outlook, and Microsoft Teams. Enter cache path without the path to the user. For example, if the cache is at path C:\User\<UserName>\AppData\Roaming\Zoom\data enter AppData\Roaming\Zoom\data. |
| os.mac.action-zscaler-zpa-reconnect | None | Resolves Zscaler connectivity issues. |
| os.mac.action-restart-one-drive | None | Restarts one drive on the end-user's machine. |
| os.mac.action-clear-google-chrome-browsing-data | remove_web_data = <True/False whether you want to remove the web data> | Removes all the browsing data on Google Chrome from all the Google Chrome profiles. |
| os.mac.action-purge-recycle-bin | None | Purging Recycle Bin will clear all the files in the recycle bin. |
| os.mac.action-reset-google-chrome-settings | None | This action clears the settings and removes all the installed Google Chrome extensions on all the Google Chrome profiles. |
| os.mac.action-toggle-power-mode | power_mode - Automatic, High power, Low power. | This action toggles through different power modes in a user mac device. |
| os.mac.action-elevate-temporary-admin |
duration user_id = ID of the user |
Elevates temporary admin access to users for a period of time to perform specific tasks without compromising on security. |