Fetches device posture rules for a Zero Trust account.
/accounts/{identifier}/devices/posture
get
Device posture rules
device-posture-rules-list-device-posture-rules
nullnull[
{
"in": "path",
"name": "identifier",
"required": true,
"schema": {
"example": "699d98642c564d2e855e9661899b7252"
}
}
]null{
"200": {
"content": {
"application/json": {
"schema": {
"allOf": [
{
"allOf": [
{
"properties": {
"errors": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"messages": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"result": {
"anyOf": [
{
"type": "object"
},
{
"items": {},
"type": "array"
},
{
"type": "string"
}
]
},
"success": {
"description": "Whether the API call was successful.",
"enum": [
true
],
"example": true,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
},
{
"properties": {
"result": {
"items": {},
"nullable": true,
"type": "array"
},
"result_info": {
"properties": {
"count": {
"description": "Total number of results for the requested service",
"example": 1,
"type": "number"
},
"page": {
"description": "Current page within paginated list of results",
"example": 1,
"type": "number"
},
"per_page": {
"description": "Number of results per page of results",
"example": 20,
"type": "number"
},
"total_count": {
"description": "Total results available without any search parameters",
"example": 2000,
"type": "number"
}
},
"type": "object"
}
}
}
],
"type": "object"
},
{
"properties": {
"result": {
"items": {
"properties": {
"description": {
"description": "The description of the device posture rule.",
"example": "The rule for admin serial numbers",
"type": "string"
},
"expiration": {
"description": "Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client.",
"example": "1h",
"type": "string"
},
"id": {
"description": "API UUID.",
"example": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"maxLength": 36,
"type": "string"
},
"input": {
"description": "The value to be checked against.",
"example": {
"operating_system": "linux",
"path": "/bin/cat",
"thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e"
},
"oneOf": [
{
"properties": {
"exists": {
"description": "Whether or not file exists",
"example": true,
"type": "boolean"
},
"operating_system": {
"description": "Operating system",
"enum": [
"windows",
"linux",
"mac"
],
"example": "mac",
"type": "string"
},
"path": {
"description": "File path.",
"example": "/bin/cat",
"type": "string"
},
"sha256": {
"description": "SHA-256.",
"example": "https://api.us-2.crowdstrike.com",
"type": "string"
},
"thumbprint": {
"description": "Signing certificate thumbprint.",
"example": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e",
"type": "string"
}
},
"required": [
"path",
"operating_system"
],
"title": "File Check",
"type": "object"
},
{
"properties": {
"id": {
"description": "List ID.",
"example": "da3de859-8f6e-47ea-a2b5-b2433858471f",
"type": "string"
},
"operating_system": {
"description": "Operating System",
"enum": [
"android",
"ios",
"chromeos"
],
"example": "android",
"type": "string"
}
},
"required": [
"operating_system",
"id"
],
"title": "Unique Client ID",
"type": "object"
},
{
"properties": {
"domain": {
"description": "Domain",
"example": "example.com",
"type": "string"
},
"operating_system": {
"description": "Operating System",
"enum": [
"windows"
],
"example": "windows",
"type": "string"
}
},
"required": [
"operating_system"
],
"title": "Domain Joined",
"type": "object"
},
{
"properties": {
"operating_system": {
"description": "Operating System",
"enum": [
"windows"
],
"example": "windows",
"type": "string"
},
"operator": {
"description": "Operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": "13.3.0",
"type": "string"
},
"os_distro_name": {
"description": "Operating System Distribution Name (linux only)",
"example": "ubuntu",
"type": "string"
},
"os_distro_revision": {
"description": "Version of OS Distribution (linux only)",
"example": "11.3.1",
"type": "string"
},
"os_version_extra": {
"description": "Product Verison Extra that Mac OS uses (mac only)",
"example": "(a)",
"type": "string"
},
"version": {
"description": "Version of OS",
"example": "13.3.0",
"type": "string"
}
},
"required": [
"operating_system",
"version",
"operator"
],
"title": "OS Version",
"type": "object"
},
{
"properties": {
"enabled": {
"description": "Enabled",
"example": true,
"type": "boolean"
},
"operating_system": {
"description": "Operating System",
"enum": [
"windows",
"mac"
],
"example": "windows",
"type": "string"
}
},
"required": [
"operating_system",
"enabled"
],
"title": "Firewall",
"type": "object"
},
{
"properties": {
"operating_system": {
"description": "Operating system",
"enum": [
"windows",
"linux",
"mac"
],
"example": "mac",
"type": "string"
},
"path": {
"description": "File path.",
"example": "/bin/cat",
"type": "string"
},
"sha256": {
"description": "SHA-256.",
"example": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
"type": "string"
},
"thumbprint": {
"description": "Signing certificate thumbprint.",
"example": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e",
"type": "string"
}
},
"required": [
"path",
"operating_system"
],
"title": "Sentinelone",
"type": "object"
},
{
"properties": {
"operating_system": {
"description": "Operating system",
"enum": [
"windows",
"linux",
"mac"
],
"example": "mac",
"type": "string"
},
"path": {
"description": "File path.",
"example": "/bin/cat",
"type": "string"
},
"sha256": {
"description": "SHA-256.",
"example": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
"type": "string"
},
"thumbprint": {
"description": "Signing certificate thumbprint.",
"example": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e",
"type": "string"
}
},
"required": [
"path",
"operating_system"
],
"title": "Carbonblack",
"type": "object"
},
{
"properties": {
"checkDisks": {
"description": "List of volume names to be checked for encryption.",
"example": [
"C",
"D",
"G"
],
"items": {
"type": "string"
},
"type": "array"
},
"requireAll": {
"description": "Whether to check all disks for encryption.",
"example": true,
"type": "boolean"
}
},
"title": "Disk Encryption",
"type": "object"
},
{
"properties": {
"operating_system": {
"description": "Operating system",
"enum": [
"windows",
"linux",
"mac"
],
"example": "mac",
"type": "string"
},
"path": {
"description": "Path for the application.",
"example": "/bin/cat",
"type": "string"
},
"sha256": {
"description": "SHA-256.",
"example": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
"type": "string"
},
"thumbprint": {
"description": "Signing certificate thumbprint.",
"example": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e",
"type": "string"
}
},
"required": [
"path",
"operating_system"
],
"title": "Application",
"type": "object"
},
{
"properties": {
"certificate_id": {
"description": "UUID of Cloudflare managed certificate.",
"example": "b14ddcc4-bcd2-4df4-bd4f-eb27d5a50c30",
"maxLength": 36,
"type": "string"
},
"cn": {
"description": "Common Name that is protected by the certificate",
"example": "example.com",
"type": "string"
}
},
"required": [
"certificate_id",
"cn"
],
"title": "Client Certificate",
"type": "object"
},
{
"properties": {
"compliance_status": {
"description": "Compliance Status",
"enum": [
"compliant",
"noncompliant",
"unknown"
],
"example": "compliant",
"type": "string"
},
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
}
},
"required": [
"connection_id",
"compliance_status"
],
"title": "Workspace One S2S Input",
"type": "object"
},
{
"properties": {
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
},
"operator": {
"description": "Operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
},
"os": {
"description": "Os Version",
"example": "13.3.0",
"type": "string"
},
"overall": {
"description": "overall",
"example": 90,
"type": "string"
},
"sensor_config": {
"description": "SensorConfig",
"example": 90,
"type": "string"
},
"version": {
"description": "Version",
"example": "13.3.0",
"type": "string"
},
"versionOperator": {
"description": "Version Operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
}
},
"required": [
"connection_id"
],
"title": "Crowdstrike S2S Input",
"type": "object"
},
{
"properties": {
"compliance_status": {
"description": "Compliance Status",
"enum": [
"compliant",
"noncompliant",
"unknown",
"notapplicable",
"ingraceperiod",
"error"
],
"example": "compliant",
"type": "string"
},
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
}
},
"required": [
"connection_id",
"compliance_status"
],
"title": "Intune S2S Input",
"type": "object"
},
{
"properties": {
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
},
"countOperator": {
"description": "Count Operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
},
"issue_count": {
"description": "The Number of Issues.",
"example": 1,
"type": "string"
}
},
"required": [
"connection_id",
"countOperator",
"issue_count"
],
"title": "Kolide S2S Input",
"type": "object"
},
{
"properties": {
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
},
"eid_last_seen": {
"description": "For more details on eid last seen, refer to the Tanium documentation.",
"example": "2023-07-20T23:16:32Z",
"type": "string"
},
"operator": {
"description": "Operator to evaluate risk_level or eid_last_seen.",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
},
"risk_level": {
"description": "For more details on risk level, refer to the Tanium documentation.",
"enum": [
"low",
"medium",
"high",
"critical"
],
"example": "low",
"type": "string"
},
"scoreOperator": {
"description": "Score Operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
},
"total_score": {
"description": "For more details on total score, refer to the Tanium documentation.",
"example": 1,
"type": "number"
}
},
"required": [
"connection_id"
],
"title": "Tanium S2S Input",
"type": "object"
},
{
"properties": {
"active_threats": {
"description": "The Number of active threats.",
"example": 1,
"type": "number"
},
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
},
"infected": {
"description": "Whether device is infected.",
"example": true,
"type": "boolean"
},
"is_active": {
"description": "Whether device is active.",
"example": true,
"type": "boolean"
},
"network_status": {
"description": "Network status of device.",
"enum": [
"connected",
"disconnected",
"disconnecting",
"connecting"
],
"example": "connected",
"type": "string"
},
"operator": {
"description": "operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
}
},
"required": [
"connection_id"
],
"title": "SentinelOne S2S Input",
"type": "object"
}
],
"type": "object"
},
"match": {
"description": "The conditions that the client must match to run the rule.",
"items": {
"properties": {
"platform": {
"enum": [
"windows",
"mac",
"linux",
"android",
"ios"
],
"example": "windows",
"type": "string"
}
},
"type": "object"
},
"type": "array"
},
"name": {
"description": "The name of the device posture rule.",
"example": "Admin Serial Numbers",
"type": "string"
},
"schedule": {
"description": "Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`.",
"example": "1h",
"type": "string"
},
"type": {
"description": "The type of device posture rule.",
"enum": [
"file",
"application",
"tanium",
"gateway",
"warp",
"disk_encryption",
"sentinelone",
"carbonblack",
"firewall",
"os_version",
"domain_joined",
"client_certificate",
"unique_client_id",
"kolide",
"tanium_s2s",
"crowdstrike_s2s",
"intune",
"workspace_one",
"sentinelone_s2s"
],
"example": "file",
"type": "string"
}
},
"type": "object"
},
"type": "array"
}
}
}
]
}
}
},
"description": "List device posture rules response"
},
"4XX": {
"content": {
"application/json": {
"schema": {
"allOf": [
{
"allOf": [
{
"allOf": [
{
"properties": {
"errors": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"messages": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"result": {
"anyOf": [
{
"type": "object"
},
{
"items": {},
"type": "array"
},
{
"type": "string"
}
]
},
"success": {
"description": "Whether the API call was successful.",
"enum": [
true
],
"example": true,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
},
{
"properties": {
"result": {
"items": {},
"nullable": true,
"type": "array"
},
"result_info": {
"properties": {
"count": {
"description": "Total number of results for the requested service",
"example": 1,
"type": "number"
},
"page": {
"description": "Current page within paginated list of results",
"example": 1,
"type": "number"
},
"per_page": {
"description": "Number of results per page of results",
"example": 20,
"type": "number"
},
"total_count": {
"description": "Total results available without any search parameters",
"example": 2000,
"type": "number"
}
},
"type": "object"
}
}
}
],
"type": "object"
},
{
"properties": {
"result": {
"items": {
"properties": {
"description": {
"description": "The description of the device posture rule.",
"example": "The rule for admin serial numbers",
"type": "string"
},
"expiration": {
"description": "Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client.",
"example": "1h",
"type": "string"
},
"id": {
"description": "API UUID.",
"example": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"maxLength": 36,
"type": "string"
},
"input": {
"description": "The value to be checked against.",
"example": {
"operating_system": "linux",
"path": "/bin/cat",
"thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e"
},
"oneOf": [
{
"properties": {
"exists": {
"description": "Whether or not file exists",
"example": true,
"type": "boolean"
},
"operating_system": {
"description": "Operating system",
"enum": [
"windows",
"linux",
"mac"
],
"example": "mac",
"type": "string"
},
"path": {
"description": "File path.",
"example": "/bin/cat",
"type": "string"
},
"sha256": {
"description": "SHA-256.",
"example": "https://api.us-2.crowdstrike.com",
"type": "string"
},
"thumbprint": {
"description": "Signing certificate thumbprint.",
"example": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e",
"type": "string"
}
},
"required": [
"path",
"operating_system"
],
"title": "File Check",
"type": "object"
},
{
"properties": {
"id": {
"description": "List ID.",
"example": "da3de859-8f6e-47ea-a2b5-b2433858471f",
"type": "string"
},
"operating_system": {
"description": "Operating System",
"enum": [
"android",
"ios",
"chromeos"
],
"example": "android",
"type": "string"
}
},
"required": [
"operating_system",
"id"
],
"title": "Unique Client ID",
"type": "object"
},
{
"properties": {
"domain": {
"description": "Domain",
"example": "example.com",
"type": "string"
},
"operating_system": {
"description": "Operating System",
"enum": [
"windows"
],
"example": "windows",
"type": "string"
}
},
"required": [
"operating_system"
],
"title": "Domain Joined",
"type": "object"
},
{
"properties": {
"operating_system": {
"description": "Operating System",
"enum": [
"windows"
],
"example": "windows",
"type": "string"
},
"operator": {
"description": "Operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": "13.3.0",
"type": "string"
},
"os_distro_name": {
"description": "Operating System Distribution Name (linux only)",
"example": "ubuntu",
"type": "string"
},
"os_distro_revision": {
"description": "Version of OS Distribution (linux only)",
"example": "11.3.1",
"type": "string"
},
"os_version_extra": {
"description": "Product Verison Extra that Mac OS uses (mac only)",
"example": "(a)",
"type": "string"
},
"version": {
"description": "Version of OS",
"example": "13.3.0",
"type": "string"
}
},
"required": [
"operating_system",
"version",
"operator"
],
"title": "OS Version",
"type": "object"
},
{
"properties": {
"enabled": {
"description": "Enabled",
"example": true,
"type": "boolean"
},
"operating_system": {
"description": "Operating System",
"enum": [
"windows",
"mac"
],
"example": "windows",
"type": "string"
}
},
"required": [
"operating_system",
"enabled"
],
"title": "Firewall",
"type": "object"
},
{
"properties": {
"operating_system": {
"description": "Operating system",
"enum": [
"windows",
"linux",
"mac"
],
"example": "mac",
"type": "string"
},
"path": {
"description": "File path.",
"example": "/bin/cat",
"type": "string"
},
"sha256": {
"description": "SHA-256.",
"example": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
"type": "string"
},
"thumbprint": {
"description": "Signing certificate thumbprint.",
"example": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e",
"type": "string"
}
},
"required": [
"path",
"operating_system"
],
"title": "Sentinelone",
"type": "object"
},
{
"properties": {
"operating_system": {
"description": "Operating system",
"enum": [
"windows",
"linux",
"mac"
],
"example": "mac",
"type": "string"
},
"path": {
"description": "File path.",
"example": "/bin/cat",
"type": "string"
},
"sha256": {
"description": "SHA-256.",
"example": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
"type": "string"
},
"thumbprint": {
"description": "Signing certificate thumbprint.",
"example": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e",
"type": "string"
}
},
"required": [
"path",
"operating_system"
],
"title": "Carbonblack",
"type": "object"
},
{
"properties": {
"checkDisks": {
"description": "List of volume names to be checked for encryption.",
"example": [
"C",
"D",
"G"
],
"items": {
"type": "string"
},
"type": "array"
},
"requireAll": {
"description": "Whether to check all disks for encryption.",
"example": true,
"type": "boolean"
}
},
"title": "Disk Encryption",
"type": "object"
},
{
"properties": {
"operating_system": {
"description": "Operating system",
"enum": [
"windows",
"linux",
"mac"
],
"example": "mac",
"type": "string"
},
"path": {
"description": "Path for the application.",
"example": "/bin/cat",
"type": "string"
},
"sha256": {
"description": "SHA-256.",
"example": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
"type": "string"
},
"thumbprint": {
"description": "Signing certificate thumbprint.",
"example": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e",
"type": "string"
}
},
"required": [
"path",
"operating_system"
],
"title": "Application",
"type": "object"
},
{
"properties": {
"certificate_id": {
"description": "UUID of Cloudflare managed certificate.",
"example": "b14ddcc4-bcd2-4df4-bd4f-eb27d5a50c30",
"maxLength": 36,
"type": "string"
},
"cn": {
"description": "Common Name that is protected by the certificate",
"example": "example.com",
"type": "string"
}
},
"required": [
"certificate_id",
"cn"
],
"title": "Client Certificate",
"type": "object"
},
{
"properties": {
"compliance_status": {
"description": "Compliance Status",
"enum": [
"compliant",
"noncompliant",
"unknown"
],
"example": "compliant",
"type": "string"
},
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
}
},
"required": [
"connection_id",
"compliance_status"
],
"title": "Workspace One S2S Input",
"type": "object"
},
{
"properties": {
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
},
"operator": {
"description": "Operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
},
"os": {
"description": "Os Version",
"example": "13.3.0",
"type": "string"
},
"overall": {
"description": "overall",
"example": 90,
"type": "string"
},
"sensor_config": {
"description": "SensorConfig",
"example": 90,
"type": "string"
},
"version": {
"description": "Version",
"example": "13.3.0",
"type": "string"
},
"versionOperator": {
"description": "Version Operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
}
},
"required": [
"connection_id"
],
"title": "Crowdstrike S2S Input",
"type": "object"
},
{
"properties": {
"compliance_status": {
"description": "Compliance Status",
"enum": [
"compliant",
"noncompliant",
"unknown",
"notapplicable",
"ingraceperiod",
"error"
],
"example": "compliant",
"type": "string"
},
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
}
},
"required": [
"connection_id",
"compliance_status"
],
"title": "Intune S2S Input",
"type": "object"
},
{
"properties": {
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
},
"countOperator": {
"description": "Count Operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
},
"issue_count": {
"description": "The Number of Issues.",
"example": 1,
"type": "string"
}
},
"required": [
"connection_id",
"countOperator",
"issue_count"
],
"title": "Kolide S2S Input",
"type": "object"
},
{
"properties": {
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
},
"eid_last_seen": {
"description": "For more details on eid last seen, refer to the Tanium documentation.",
"example": "2023-07-20T23:16:32Z",
"type": "string"
},
"operator": {
"description": "Operator to evaluate risk_level or eid_last_seen.",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
},
"risk_level": {
"description": "For more details on risk level, refer to the Tanium documentation.",
"enum": [
"low",
"medium",
"high",
"critical"
],
"example": "low",
"type": "string"
},
"scoreOperator": {
"description": "Score Operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
},
"total_score": {
"description": "For more details on total score, refer to the Tanium documentation.",
"example": 1,
"type": "number"
}
},
"required": [
"connection_id"
],
"title": "Tanium S2S Input",
"type": "object"
},
{
"properties": {
"active_threats": {
"description": "The Number of active threats.",
"example": 1,
"type": "number"
},
"connection_id": {
"description": "Posture Integration ID.",
"example": "bc7cbfbb-600a-42e4-8a23-45b5e85f804f",
"type": "string"
},
"infected": {
"description": "Whether device is infected.",
"example": true,
"type": "boolean"
},
"is_active": {
"description": "Whether device is active.",
"example": true,
"type": "boolean"
},
"network_status": {
"description": "Network status of device.",
"enum": [
"connected",
"disconnected",
"disconnecting",
"connecting"
],
"example": "connected",
"type": "string"
},
"operator": {
"description": "operator",
"enum": [
"<",
"<=",
">",
">=",
"=="
],
"example": ">",
"type": "string"
}
},
"required": [
"connection_id"
],
"title": "SentinelOne S2S Input",
"type": "object"
}
],
"type": "object"
},
"match": {
"description": "The conditions that the client must match to run the rule.",
"items": {
"properties": {
"platform": {
"enum": [
"windows",
"mac",
"linux",
"android",
"ios"
],
"example": "windows",
"type": "string"
}
},
"type": "object"
},
"type": "array"
},
"name": {
"description": "The name of the device posture rule.",
"example": "Admin Serial Numbers",
"type": "string"
},
"schedule": {
"description": "Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`.",
"example": "1h",
"type": "string"
},
"type": {
"description": "The type of device posture rule.",
"enum": [
"file",
"application",
"tanium",
"gateway",
"warp",
"disk_encryption",
"sentinelone",
"carbonblack",
"firewall",
"os_version",
"domain_joined",
"client_certificate",
"unique_client_id",
"kolide",
"tanium_s2s",
"crowdstrike_s2s",
"intune",
"workspace_one",
"sentinelone_s2s"
],
"example": "file",
"type": "string"
}
},
"type": "object"
},
"type": "array"
}
}
}
]
},
{
"properties": {
"errors": {
"allOf": [
{
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
}
],
"example": [
{
"code": 7003,
"message": "No route for the URI"
}
],
"minLength": 1
},
"messages": {
"allOf": [
{
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
}
],
"example": []
},
"result": {
"enum": [
null
],
"nullable": true,
"type": "object"
},
"success": {
"description": "Whether the API call was successful",
"enum": [
false
],
"example": false,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
}
]
}
}
},
"description": "List device posture rules response failure"
}
}[
{
"api_email": [],
"api_key": []
}
]