Script Checks for Mac devices

To monitor your Mac devices, you can add system default script checks, or your own user defined script checks, to the devices. When you add a script check to devices, you configure the parameter values you require.

Before you can add a user defined script check to a device, the script must be uploaded to the All Devices view. For instructions to upload a user defined script check, see Add a script to Script Manager.

Default scripts with parameters for Mac devices

Expand the following sections for script descriptions and parameters:

Managed Patch Status

Queries /Library/Managed Installs/InstallInfo.plist for the installation status of patches deployed via Munki (including Managed Patch).
Does not report on patches deployed via other methods, including user installation.
Generates an alert if patch installs fail, or if patches are queued and pending user logout.
Results are reported in both the Script’s More Information section and in the View the Managed Patch for Mac report.
Script type: Python

Parameter	Description
Script Timeout Range	Range: 1 - 3600 seconds (default 120 seconds)

FileVault Status

Queries the computer to determine if FileVault is enabled. The script fails if FileVault is reported as off.
Script type: Bash

Parameter	Description
Script Timeout Range	Range: 1 - 3600 seconds (default 120 seconds)

Firewall Status

Queries the computer to determine if the firewall is enabled. The script fails if the firewall is reported as off.
Script type: Shell

Parameter	Description
Script Timeout Range	Range: 1 - 3600 seconds (default 120 seconds)

Gatekeeper Status Check

Queries the computer to determine if Gatekeeper is enabled. The script fails if Gatekeeper is reported as off.
Script type: Shell

Parameter	Description
Script Timeout Range	Range: 1 - 3600 seconds (default 120 seconds)

Time Machine Status Check

Queries the latest Time Machine snapshot to determine the backup status
Generates an alert if the latest backup date is the specified number of days ago or more.
Script type: Bash

Parameter	Description
Days without backup	Number of days without a snapshot before the Check fails
Script Timeout Range	Range: 1 - 3600 seconds (default 120 seconds)

You can suppress check alerts until the Check failures exceed a configured number of consecutive failures. For more information, see Configure alert thresholds to suppress alerts.

Check configuration

Add a script check to a device

On the All Devices view North-pane, select the device where you want to add the check.
In the South-pane, go to the Checks tab.
Select Add Check and choose the check frequency you want to use — Add 24x7 Check or Add DSC Check.
Select Script Check.
Select the target script and select Next.
Scripts are grouped by default script categories (if applicable) and User Defined Scripts depending on the Operating system.
Configure the parameters for the script.
To add the check to multiple devices at the same time, click Multiple Devices.
To Run an Automated Task when a check fails, select Assign a Task after creating the Check.
Click Finish to save and apply.
If you selected Assign a Task after creating the Check:
1. Select the Automated Task script and select Next to configure.
2. Enter any required Command Line parameters or Script parameters and select Next.
3. Set maximum permitted execution time for the script (optional).
4. Select Finish to save and apply.

Edit

Script Check - Endpoint Detection & Response cannot be edited and can only be removed by uninstalling EDR from the device.

On the All Devices view North-pane, select the device.
Go to the Checks tab in the South-pane.
Right-click the target Script Check and select Edit Check.
Edit the script details and parameters.
Select OK to save and apply.

Delete

On the All Devices view North-pane, select the device.
Go to the Checks tab in the South-pane.
Right-click the target check and select Delete Check .
Enter the password you used to sign into N-sight RMM to confirm removal.
Select OK to delete.