API Reference

Zero Trust

Devices

Posture

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Get device posture rule details

client.ZeroTrust.Devices.Posture.Get(ctx, ruleID, query) (*DevicePostureRule, error)

GET/accounts/{account_id}/devices/posture/{rule_id}

Fetches a single device posture rule.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

ParametersExpand Collapse

ruleID string

API UUID.

maxLength36

query DevicePostureGetParams

AccountID param.Field[string]

ReturnsExpand Collapse

type DevicePostureRule struct{…}

ID stringoptional

API UUID.

maxLength36

Description stringoptional

The description of the device posture rule.

Expiration stringoptional

Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client.

Input DeviceInputoptional

The value to be checked against.

One of the following:

type FileInput struct{…}

OperatingSystem FileInputOperatingSystem

Operating system.

One of the following:

const FileInputOperatingSystemWindows FileInputOperatingSystem = "windows"

const FileInputOperatingSystemLinux FileInputOperatingSystem = "linux"

const FileInputOperatingSystemMac FileInputOperatingSystem = "mac"

Path string

File path.

Exists booloptional

Whether or not file exists.

Sha256 stringoptional

SHA-256.

Thumbprint stringoptional

Signing certificate thumbprint.

type UniqueClientIDInput struct{…}

ID string

List ID.

OperatingSystem UniqueClientIDInputOperatingSystem

Operating System.

One of the following:

const UniqueClientIDInputOperatingSystemAndroid UniqueClientIDInputOperatingSystem = "android"

const UniqueClientIDInputOperatingSystemIos UniqueClientIDInputOperatingSystem = "ios"

const UniqueClientIDInputOperatingSystemChromeos UniqueClientIDInputOperatingSystem = "chromeos"

type DomainJoinedInput struct{…}

OperatingSystem DomainJoinedInputOperatingSystem

Operating System.

Domain stringoptional

Domain.

type OSVersionInput struct{…}

OperatingSystem OSVersionInputOperatingSystem

Operating System.

Operator OSVersionInputOperator

Operator.

One of the following:

const OSVersionInputOperatorLess OSVersionInputOperator = "<"

const OSVersionInputOperatorLessOrEquals OSVersionInputOperator = "<="

const OSVersionInputOperatorGreater OSVersionInputOperator = ">"

const OSVersionInputOperatorGreaterOrEquals OSVersionInputOperator = ">="

const OSVersionInputOperatorEquals OSVersionInputOperator = "=="

Version string

Version of OS.

OSDistroName stringoptional

Operating System Distribution Name (linux only).

OSDistroRevision stringoptional

Version of OS Distribution (linux only).

OSVersionExtra stringoptional

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

type FirewallInput struct{…}

Enabled bool

Enabled.

OperatingSystem FirewallInputOperatingSystem

Operating System.

One of the following:

const FirewallInputOperatingSystemWindows FirewallInputOperatingSystem = "windows"

const FirewallInputOperatingSystemMac FirewallInputOperatingSystem = "mac"

type SentineloneInput struct{…}

OperatingSystem SentineloneInputOperatingSystem

Operating system.

One of the following:

const SentineloneInputOperatingSystemWindows SentineloneInputOperatingSystem = "windows"

const SentineloneInputOperatingSystemLinux SentineloneInputOperatingSystem = "linux"

const SentineloneInputOperatingSystemMac SentineloneInputOperatingSystem = "mac"

Path string

File path.

Sha256 stringoptional

SHA-256.

Thumbprint stringoptional

Signing certificate thumbprint.

type DeviceInputTeamsDevicesCarbonblackInputRequest struct{…}

OperatingSystem DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem

Operating system.

One of the following:

const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemWindows DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "windows"

const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemLinux DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "linux"

const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemMac DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "mac"

Path string

File path.

Sha256 stringoptional

SHA-256.

Thumbprint stringoptional

Signing certificate thumbprint.

type DeviceInputTeamsDevicesAccessSerialNumberListInputRequest struct{…}

ID string

UUID of Access List.

maxLength36

type DiskEncryptionInput struct{…}

CheckDisks []CarbonblackInputoptional

List of volume names to be checked for encryption.

RequireAll booloptional

Whether to check all disks for encryption.

type DeviceInputTeamsDevicesApplicationInputRequest struct{…}

OperatingSystem DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem

Operating system.

One of the following:

const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemWindows DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "windows"

const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemLinux DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "linux"

const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemMac DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "mac"

Path string

Path for the application.

Sha256 stringoptional

SHA-256.

Thumbprint stringoptional

Signing certificate thumbprint.

type ClientCertificateInput struct{…}

CertificateID string

UUID of Cloudflare managed certificate.

maxLength36

Cn string

Common Name that is protected by the certificate.

type DeviceInputTeamsDevicesClientCertificateV2InputRequest struct{…}

CertificateID string

UUID of Cloudflare managed certificate.

maxLength36

CheckPrivateKey bool

Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key.

OperatingSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem

Operating system.

One of the following:

const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemWindows DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "windows"

const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemLinux DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "linux"

const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemMac DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "mac"

Cn stringoptional

Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables.

ExtendedKeyUsage []DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageoptional

List of values indicating purposes for which the certificate public key can be used.

One of the following:

const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageClientAuth DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "clientAuth"

const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageEmailProtection DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "emailProtection"

Locations DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsoptional

Paths []stringoptional

List of paths to check for client certificate on linux.

TrustStores []DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreoptional

List of trust stores to check for client certificate.

One of the following:

const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "system"

const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreUser DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "user"

SubjectAlternativeNames []stringoptional

List of certificate Subject Alternative Names.

type DeviceInputTeamsDevicesAntivirusInputRequest struct{…}

UpdateWindowDays float64optional

Number of days that the antivirus should be updated within.

type WorkspaceOneInput struct{…}

ComplianceStatus WorkspaceOneInputComplianceStatus

Compliance Status.

One of the following:

const WorkspaceOneInputComplianceStatusCompliant WorkspaceOneInputComplianceStatus = "compliant"

const WorkspaceOneInputComplianceStatusNoncompliant WorkspaceOneInputComplianceStatus = "noncompliant"

const WorkspaceOneInputComplianceStatusUnknown WorkspaceOneInputComplianceStatus = "unknown"

ConnectionID string

Posture Integration ID.

type CrowdstrikeInput struct{…}

ConnectionID string

Posture Integration ID.

LastSeen stringoptional

For more details on last seen, please refer to the Crowdstrike documentation.

Operator CrowdstrikeInputOperatoroptional

Operator.

One of the following:

const CrowdstrikeInputOperatorLess CrowdstrikeInputOperator = "<"

const CrowdstrikeInputOperatorLessOrEquals CrowdstrikeInputOperator = "<="

const CrowdstrikeInputOperatorGreater CrowdstrikeInputOperator = ">"

const CrowdstrikeInputOperatorGreaterOrEquals CrowdstrikeInputOperator = ">="

const CrowdstrikeInputOperatorEquals CrowdstrikeInputOperator = "=="

OS stringoptional

Os Version.

Overall stringoptional

Overall.

SensorConfig stringoptional

SensorConfig.

State CrowdstrikeInputStateoptional

For more details on state, please refer to the Crowdstrike documentation.

One of the following:

const CrowdstrikeInputStateOnline CrowdstrikeInputState = "online"

const CrowdstrikeInputStateOffline CrowdstrikeInputState = "offline"

const CrowdstrikeInputStateUnknown CrowdstrikeInputState = "unknown"

Version stringoptional

Version.

VersionOperator CrowdstrikeInputVersionOperatoroptional

Version Operator.

One of the following:

const CrowdstrikeInputVersionOperatorLess CrowdstrikeInputVersionOperator = "<"

const CrowdstrikeInputVersionOperatorLessOrEquals CrowdstrikeInputVersionOperator = "<="

const CrowdstrikeInputVersionOperatorGreater CrowdstrikeInputVersionOperator = ">"

const CrowdstrikeInputVersionOperatorGreaterOrEquals CrowdstrikeInputVersionOperator = ">="

const CrowdstrikeInputVersionOperatorEquals CrowdstrikeInputVersionOperator = "=="

type IntuneInput struct{…}

ComplianceStatus IntuneInputComplianceStatus

Compliance Status.

One of the following:

const IntuneInputComplianceStatusCompliant IntuneInputComplianceStatus = "compliant"

const IntuneInputComplianceStatusNoncompliant IntuneInputComplianceStatus = "noncompliant"

const IntuneInputComplianceStatusUnknown IntuneInputComplianceStatus = "unknown"

const IntuneInputComplianceStatusNotapplicable IntuneInputComplianceStatus = "notapplicable"

const IntuneInputComplianceStatusIngraceperiod IntuneInputComplianceStatus = "ingraceperiod"

const IntuneInputComplianceStatusError IntuneInputComplianceStatus = "error"

ConnectionID string

Posture Integration ID.

type KolideInput struct{…}

ConnectionID string

Posture Integration ID.

CountOperator KolideInputCountOperator

Count Operator.

One of the following:

const KolideInputCountOperatorLess KolideInputCountOperator = "<"

const KolideInputCountOperatorLessOrEquals KolideInputCountOperator = "<="

const KolideInputCountOperatorGreater KolideInputCountOperator = ">"

const KolideInputCountOperatorGreaterOrEquals KolideInputCountOperator = ">="

const KolideInputCountOperatorEquals KolideInputCountOperator = "=="

IssueCount string

The Number of Issues.

type TaniumInput struct{…}

ConnectionID string

Posture Integration ID.

EidLastSeen stringoptional

For more details on eid last seen, refer to the Tanium documentation.

Operator TaniumInputOperatoroptional

Operator to evaluate risk_level or eid_last_seen.

One of the following:

const TaniumInputOperatorLess TaniumInputOperator = "<"

const TaniumInputOperatorLessOrEquals TaniumInputOperator = "<="

const TaniumInputOperatorGreater TaniumInputOperator = ">"

const TaniumInputOperatorGreaterOrEquals TaniumInputOperator = ">="

const TaniumInputOperatorEquals TaniumInputOperator = "=="

RiskLevel TaniumInputRiskLeveloptional

For more details on risk level, refer to the Tanium documentation.

One of the following:

const TaniumInputRiskLevelLow TaniumInputRiskLevel = "low"

const TaniumInputRiskLevelMedium TaniumInputRiskLevel = "medium"

const TaniumInputRiskLevelHigh TaniumInputRiskLevel = "high"

const TaniumInputRiskLevelCritical TaniumInputRiskLevel = "critical"

ScoreOperator TaniumInputScoreOperatoroptional

Score Operator.

One of the following:

const TaniumInputScoreOperatorLess TaniumInputScoreOperator = "<"

const TaniumInputScoreOperatorLessOrEquals TaniumInputScoreOperator = "<="

const TaniumInputScoreOperatorGreater TaniumInputScoreOperator = ">"

const TaniumInputScoreOperatorGreaterOrEquals TaniumInputScoreOperator = ">="

const TaniumInputScoreOperatorEquals TaniumInputScoreOperator = "=="

TotalScore float64optional

For more details on total score, refer to the Tanium documentation.

type SentineloneS2sInput struct{…}

ConnectionID string

Posture Integration ID.

ActiveThreats float64optional

The Number of active threats.

Infected booloptional

Whether device is infected.

IsActive booloptional

Whether device is active.

NetworkStatus SentineloneS2sInputNetworkStatusoptional

Network status of device.

One of the following:

const SentineloneS2sInputNetworkStatusConnected SentineloneS2sInputNetworkStatus = "connected"

const SentineloneS2sInputNetworkStatusDisconnected SentineloneS2sInputNetworkStatus = "disconnected"

const SentineloneS2sInputNetworkStatusDisconnecting SentineloneS2sInputNetworkStatus = "disconnecting"

const SentineloneS2sInputNetworkStatusConnecting SentineloneS2sInputNetworkStatus = "connecting"

OperationalState SentineloneS2sInputOperationalStateoptional

Agent operational state.

One of the following:

const SentineloneS2sInputOperationalStateNa SentineloneS2sInputOperationalState = "na"

const SentineloneS2sInputOperationalStatePartiallyDisabled SentineloneS2sInputOperationalState = "partially_disabled"

const SentineloneS2sInputOperationalStateAutoFullyDisabled SentineloneS2sInputOperationalState = "auto_fully_disabled"

const SentineloneS2sInputOperationalStateFullyDisabled SentineloneS2sInputOperationalState = "fully_disabled"

const SentineloneS2sInputOperationalStateAutoPartiallyDisabled SentineloneS2sInputOperationalState = "auto_partially_disabled"

const SentineloneS2sInputOperationalStateDisabledError SentineloneS2sInputOperationalState = "disabled_error"

const SentineloneS2sInputOperationalStateDBCorruption SentineloneS2sInputOperationalState = "db_corruption"

Operator SentineloneS2sInputOperatoroptional

Operator.

One of the following:

const SentineloneS2sInputOperatorLess SentineloneS2sInputOperator = "<"

const SentineloneS2sInputOperatorLessOrEquals SentineloneS2sInputOperator = "<="

const SentineloneS2sInputOperatorGreater SentineloneS2sInputOperator = ">"

const SentineloneS2sInputOperatorGreaterOrEquals SentineloneS2sInputOperator = ">="

const SentineloneS2sInputOperatorEquals SentineloneS2sInputOperator = "=="

type DeviceInputTeamsDevicesCustomS2sInputRequest struct{…}

ConnectionID string

Posture Integration ID.

Operator DeviceInputTeamsDevicesCustomS2sInputRequestOperator

Operator.

One of the following:

const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLess DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<"

const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLessOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<="

const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreater DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">"

const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreaterOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">="

const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "=="

Score float64

A value between 0-100 assigned to devices set by the 3rd party posture provider.

Match []DeviceMatchoptional

The conditions that the client must match to run the rule.

Platform DeviceMatchPlatformoptional

One of the following:

const DeviceMatchPlatformWindows DeviceMatchPlatform = "windows"

const DeviceMatchPlatformMac DeviceMatchPlatform = "mac"

const DeviceMatchPlatformLinux DeviceMatchPlatform = "linux"

const DeviceMatchPlatformAndroid DeviceMatchPlatform = "android"

const DeviceMatchPlatformIos DeviceMatchPlatform = "ios"

const DeviceMatchPlatformChromeos DeviceMatchPlatform = "chromeos"

Name stringoptional

The name of the device posture rule.

Schedule stringoptional

Polling frequency for the WARP client posture check. Default: 5m (poll every five minutes). Minimum: 1m.

Type DevicePostureRuleTypeoptional

The type of device posture rule.

One of the following:

const DevicePostureRuleTypeFile DevicePostureRuleType = "file"

const DevicePostureRuleTypeApplication DevicePostureRuleType = "application"

const DevicePostureRuleTypeTanium DevicePostureRuleType = "tanium"

const DevicePostureRuleTypeGateway DevicePostureRuleType = "gateway"

const DevicePostureRuleTypeWARP DevicePostureRuleType = "warp"

const DevicePostureRuleTypeDiskEncryption DevicePostureRuleType = "disk_encryption"

const DevicePostureRuleTypeSerialNumber DevicePostureRuleType = "serial_number"

const DevicePostureRuleTypeSentinelone DevicePostureRuleType = "sentinelone"

const DevicePostureRuleTypeCarbonblack DevicePostureRuleType = "carbonblack"

const DevicePostureRuleTypeFirewall DevicePostureRuleType = "firewall"

const DevicePostureRuleTypeOSVersion DevicePostureRuleType = "os_version"

const DevicePostureRuleTypeDomainJoined DevicePostureRuleType = "domain_joined"

const DevicePostureRuleTypeClientCertificate DevicePostureRuleType = "client_certificate"

const DevicePostureRuleTypeClientCertificateV2 DevicePostureRuleType = "client_certificate_v2"

const DevicePostureRuleTypeAntivirus DevicePostureRuleType = "antivirus"

const DevicePostureRuleTypeUniqueClientID DevicePostureRuleType = "unique_client_id"

const DevicePostureRuleTypeKolide DevicePostureRuleType = "kolide"

const DevicePostureRuleTypeTaniumS2s DevicePostureRuleType = "tanium_s2s"

const DevicePostureRuleTypeCrowdstrikeS2s DevicePostureRuleType = "crowdstrike_s2s"

const DevicePostureRuleTypeIntune DevicePostureRuleType = "intune"

const DevicePostureRuleTypeWorkspaceOne DevicePostureRuleType = "workspace_one"

const DevicePostureRuleTypeSentineloneS2s DevicePostureRuleType = "sentinelone_s2s"

const DevicePostureRuleTypeCustomS2s DevicePostureRuleType = "custom_s2s"

Get device posture rule details

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/zero_trust"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  devicePostureRule, err := client.ZeroTrust.Devices.Posture.Get(
    context.TODO(),
    "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    zero_trust.DevicePostureGetParams{
      AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", devicePostureRule.ID)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "description": "The rule for admin serial numbers",
    "expiration": "1h",
    "input": {
      "operating_system": "linux",
      "path": "/bin/cat",
      "exists": true,
      "sha256": "https://api.us-2.crowdstrike.com",
      "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e"
    },
    "match": [
      {
        "platform": "windows"
      }
    ],
    "name": "Admin Serial Numbers",
    "schedule": "1h",
    "type": "file"
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "description": "The rule for admin serial numbers",
    "expiration": "1h",
    "input": {
      "operating_system": "linux",
      "path": "/bin/cat",
      "exists": true,
      "sha256": "https://api.us-2.crowdstrike.com",
      "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e"
    },
    "match": [
      {
        "platform": "windows"
      }
    ],
    "name": "Admin Serial Numbers",
    "schedule": "1h",
    "type": "file"
  },
  "success": true
}