A collection of custom plugins for Watchman Monitoring
Activation Lock can be a major block for managed fleets of Macs. This plugin allows you to see the status of both Activation Lock and Find My Mac. It also reports the current user's iCloud account details, and whether or not the iCloud account is managed or personal.
No iCloud account is signed in and Find My Mac and Activation Lock are disabled:
An unmanaged iCloud account is signed in, but Find My Mac and Activation Lock are disabled:
Activation Lock is disabled, but Find My Mac is enabled and unmanaged iCloud account is signed in:
Pre-T2 chip Mac, or pre-Catalina macOS that doesn't support Activation Lock:
Activation Lock is enabled and an unmanaged iCloud account is signed in:
This plugin aims to replicate the functionality of the Windows Update plugin, but for macOS. It reports the status of available updates for the Macs in your fleet, showing the names up available updates or an All Clear status if the computer is up to date.
macOS is up to date (within the major release installed):
An error occurred while checking for updates:
There are updates available:
This plugin aims to replicate the functionality of the User Accounts plugin for Windows. It reports all of the user accounts on macOS, including account type and SecureToken status. This plugin always reports All Clear.
A list of all user accounts on the computer:
This plugin shows the MDM enrollment status of a computer, whether it was enrolled through DEP, and what MDM server it's enrolled with. Both MDM enrollment and Enrolled via DEP have configurable exit codes via the _mdm_settings.plist file. By default, this plugin will will return exit code 20 (Informational) if the computer is not enrolled in MDM, and return exit code 0 (OK) if it's not enrolled via DEP.
To change the exit codes, simply push these commands to your fleet (or use the scripts in the plugin-settings folder):
MDM: /usr/libexec/PlistBuddy -c "Set :MDM_Warning 2" /Library/MonitoringClient/PluginSupport/_mdm_settings.plist (sets MDM not enrolled to Warning)
DEP: /usr/libexec/PlistBuddy -c "Set :DEP_Warning 20" /Library/MonitoringClient/PluginSupport/_mdm_settings.plist (sets not enrolled via DEP to Informational)
Computer is enrolled in MDM:
Computer is not enrolled in MDM:
This plugin shows the status of the SentinelOne agent installed on an endpoint. There are versions for both macOS and Windows. It reports the version, ready status, protection status, infection status, and UUID of the endpoint.
SentinelOne is ready and enabled:
SentinelOne is either not ready, not enabled, or not installed:
The endpoint is reporting an infection
This plugin reports the status of the Cisco Umbrella DNS agent installed on macOS. It reports the enabled status, VPN status, last enabled date, Org ID, and Device ID. The first time the plugin is run, it will create a settings file that contains the grace period setting, which can be customized later via editing the file or sending a terminal command (see the Watchman documentation for remotely updating plugin settings). The plugin will report a warning if Umbrella has been disabled for longer than the specified grace period (the default is 24 hours).
Umbrella is enabled:
Umbrella status is unknown:
Umbrella has been disabled for longer than the specified grace period:
Created by Ella Hansen for Ignition, Inc., a California corporation https://www.ignitionit.com