Posture

List device posture rules

zero_trust.devices.posture.list() -> SyncSinglePage[DevicePostureRule]

GET/accounts/{account_id}/devices/posture

Get device posture rule details

zero_trust.devices.posture.get(, ) -> DevicePostureRule

GET/accounts/{account_id}/devices/posture/{rule_id}

Create a device posture rule

zero_trust.devices.posture.create() -> DevicePostureRule

POST/accounts/{account_id}/devices/posture

Update a device posture rule

zero_trust.devices.posture.update(, ) -> DevicePostureRule

PUT/accounts/{account_id}/devices/posture/{rule_id}

Delete a device posture rule

zero_trust.devices.posture.delete(, ) -> PostureDeleteResponse

DELETE/accounts/{account_id}/devices/posture/{rule_id}

ModelsExpand Collapse

str

class ClientCertificateInput: …

certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36

cn: str

Common Name that is protected by the certificate.

class CrowdstrikeInput: …

connection_id: str

Posture Integration ID.

last_seen: Optional[str]

For more details on last seen, please refer to the Crowdstrike documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:

"<"

"<="

">"

">="

"=="

os: Optional[str]

Os Version.

overall: Optional[str]

Overall.

sensor_config: Optional[str]

SensorConfig.

state: Optional[Literal["online", "offline", "unknown"]]

For more details on state, please refer to the Crowdstrike documentation.

One of the following:

"online"

"offline"

"unknown"

version: Optional[str]

Version.

version_operator: Optional[Literal["<", "<=", ">", 2 more]]

Version Operator.

One of the following:

"<"

"<="

">"

">="

"=="

DeviceInput

The value to be checked against.

One of the following:

class FileInput: …

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:

"windows"

"linux"

"mac"

path: str

File path.

exists: Optional[bool]

Whether or not file exists.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class UniqueClientIDInput: …

id: str

List ID.

operating_system: Literal["android", "ios", "chromeos"]

Operating System.

One of the following:

"android"

"ios"

"chromeos"

class DomainJoinedInput: …

operating_system: Literal["windows"]

Operating System.

domain: Optional[str]

Domain.

class OSVersionInput: …

operating_system: Literal["windows"]

Operating System.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:

"<"

"<="

">"

">="

"=="

version: str

Version of OS.

os_distro_name: Optional[str]

Operating System Distribution Name (linux only).

os_distro_revision: Optional[str]

Version of OS Distribution (linux only).

os_version_extra: Optional[str]

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

class FirewallInput: …

enabled: bool

Enabled.

operating_system: Literal["windows", "mac"]

Operating System.

One of the following:

"windows"

"mac"

class SentineloneInput: …

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:

"windows"

"linux"

"mac"

path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class TeamsDevicesCarbonblackInputRequest: …

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:

"windows"

"linux"

"mac"

path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class TeamsDevicesAccessSerialNumberListInputRequest: …

id: str

UUID of Access List.

maxLength36

class DiskEncryptionInput: …

check_disks: Optional[List[CarbonblackInput]]

List of volume names to be checked for encryption.

require_all: Optional[bool]

Whether to check all disks for encryption.

class TeamsDevicesApplicationInputRequest: …

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:

"windows"

"linux"

"mac"

path: str

Path for the application.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class ClientCertificateInput: …

certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36

cn: str

Common Name that is protected by the certificate.

class TeamsDevicesClientCertificateV2InputRequest: …

certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36

check_private_key: bool

Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key.

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:

"windows"

"linux"

"mac"

cn: Optional[str]

Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables.

extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]

List of values indicating purposes for which the certificate public key can be used.

One of the following:

"clientAuth"

"emailProtection"

locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]

paths: Optional[List[str]]

List of paths to check for client certificate on linux.

trust_stores: Optional[List[Literal["system", "user"]]]

List of trust stores to check for client certificate.

One of the following:

"system"

"user"

subject_alternative_names: Optional[List[str]]

List of certificate Subject Alternative Names.

class TeamsDevicesAntivirusInputRequest: …

update_window_days: Optional[float]

Number of days that the antivirus should be updated within.

class WorkspaceOneInput: …

compliance_status: Literal["compliant", "noncompliant", "unknown"]

Compliance Status.

One of the following:

"compliant"

"noncompliant"

"unknown"

connection_id: str

Posture Integration ID.

class CrowdstrikeInput: …

connection_id: str

Posture Integration ID.

last_seen: Optional[str]

For more details on last seen, please refer to the Crowdstrike documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:

"<"

"<="

">"

">="

"=="

os: Optional[str]

Os Version.

overall: Optional[str]

Overall.

sensor_config: Optional[str]

SensorConfig.

state: Optional[Literal["online", "offline", "unknown"]]

For more details on state, please refer to the Crowdstrike documentation.

One of the following:

"online"

"offline"

"unknown"

version: Optional[str]

Version.

version_operator: Optional[Literal["<", "<=", ">", 2 more]]

Version Operator.

One of the following:

"<"

"<="

">"

">="

"=="

class IntuneInput: …

compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]

Compliance Status.

One of the following:

"compliant"

"noncompliant"

"unknown"

"notapplicable"

"ingraceperiod"

"error"

connection_id: str

Posture Integration ID.

class KolideInput: …

connection_id: str

Posture Integration ID.

count_operator: Literal["<", "<=", ">", 2 more]

Count Operator.

One of the following:

"<"

"<="

">"

">="

"=="

issue_count: str

The Number of Issues.

class TaniumInput: …

connection_id: str

Posture Integration ID.

eid_last_seen: Optional[str]

For more details on eid last seen, refer to the Tanium documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator to evaluate risk_level or eid_last_seen.

One of the following:

"<"

"<="

">"

">="

"=="

risk_level: Optional[Literal["low", "medium", "high", "critical"]]

For more details on risk level, refer to the Tanium documentation.

One of the following:

"low"

"medium"

"high"

"critical"

score_operator: Optional[Literal["<", "<=", ">", 2 more]]

Score Operator.

One of the following:

"<"

"<="

">"

">="

"=="

total_score: Optional[float]

For more details on total score, refer to the Tanium documentation.

class SentineloneS2sInput: …

connection_id: str

Posture Integration ID.

active_threats: Optional[float]

The Number of active threats.

infected: Optional[bool]

Whether device is infected.

is_active: Optional[bool]

Whether device is active.

network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]

Network status of device.

One of the following:

"connected"

"disconnected"

"disconnecting"

"connecting"

operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]

Agent operational state.

One of the following:

"na"

"partially_disabled"

"auto_fully_disabled"

"fully_disabled"

"auto_partially_disabled"

"disabled_error"

"db_corruption"

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:

"<"

"<="

">"

">="

"=="

class TeamsDevicesCustomS2sInputRequest: …

connection_id: str

Posture Integration ID.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:

"<"

"<="

">"

">="

"=="

score: float

A value between 0-100 assigned to devices set by the 3rd party posture provider.

class DeviceMatch: …

platform: Optional[Literal["windows", "mac", "linux", 3 more]]

One of the following:

"windows"

"mac"

"linux"

"android"

"ios"

"chromeos"

class DevicePostureRule: …

id: Optional[str]

API UUID.

maxLength36

description: Optional[str]

The description of the device posture rule.

expiration: Optional[str]

Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client.

input: Optional[DeviceInput]

The value to be checked against.

match: Optional[List[DeviceMatch]]

The conditions that the client must match to run the rule.

platform: Optional[Literal["windows", "mac", "linux", 3 more]]

One of the following:

"windows"

"mac"

"linux"

"android"

"ios"

"chromeos"

name: Optional[str]

The name of the device posture rule.

schedule: Optional[str]

Polling frequency for the WARP client posture check. Default: 5m (poll every five minutes). Minimum: 1m.

type: Optional[Literal["file", "application", "tanium", 20 more]]

The type of device posture rule.

One of the following:

"file"

"application"

"tanium"

"gateway"

"warp"

"disk_encryption"

"serial_number"

"sentinelone"

"carbonblack"

"firewall"

"os_version"

"domain_joined"

"client_certificate"

"client_certificate_v2"

"antivirus"

"unique_client_id"

"kolide"

"tanium_s2s"

"crowdstrike_s2s"

"intune"

"workspace_one"

"sentinelone_s2s"

"custom_s2s"

class DiskEncryptionInput: …

check_disks: Optional[List[CarbonblackInput]]

List of volume names to be checked for encryption.

require_all: Optional[bool]

Whether to check all disks for encryption.

class DomainJoinedInput: …

operating_system: Literal["windows"]

Operating System.

domain: Optional[str]

Domain.

class FileInput: …

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:

"windows"

"linux"

"mac"

path: str

File path.

exists: Optional[bool]

Whether or not file exists.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class FirewallInput: …

enabled: bool

Enabled.

operating_system: Literal["windows", "mac"]

Operating System.

One of the following:

"windows"

"mac"

class IntuneInput: …

compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]

Compliance Status.

One of the following:

"compliant"

"noncompliant"

"unknown"

"notapplicable"

"ingraceperiod"

"error"

connection_id: str

Posture Integration ID.

class KolideInput: …

connection_id: str

Posture Integration ID.

count_operator: Literal["<", "<=", ">", 2 more]

Count Operator.

One of the following:

"<"

"<="

">"

">="

"=="

issue_count: str

The Number of Issues.

class OSVersionInput: …

operating_system: Literal["windows"]

Operating System.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:

"<"

"<="

">"

">="

"=="

version: str

Version of OS.

os_distro_name: Optional[str]

Operating System Distribution Name (linux only).

os_distro_revision: Optional[str]

Version of OS Distribution (linux only).

os_version_extra: Optional[str]

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

class SentineloneInput: …

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:

"windows"

"linux"

"mac"

path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class SentineloneS2sInput: …

connection_id: str

Posture Integration ID.

active_threats: Optional[float]

The Number of active threats.

infected: Optional[bool]

Whether device is infected.

is_active: Optional[bool]

Whether device is active.

network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]

Network status of device.

One of the following:

"connected"

"disconnected"

"disconnecting"

"connecting"

operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]

Agent operational state.

One of the following:

"na"

"partially_disabled"

"auto_fully_disabled"

"fully_disabled"

"auto_partially_disabled"

"disabled_error"

"db_corruption"

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:

"<"

"<="

">"

">="

"=="

class TaniumInput: …

connection_id: str

Posture Integration ID.

eid_last_seen: Optional[str]

For more details on eid last seen, refer to the Tanium documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator to evaluate risk_level or eid_last_seen.

One of the following:

"<"

"<="

">"

">="

"=="

risk_level: Optional[Literal["low", "medium", "high", "critical"]]

For more details on risk level, refer to the Tanium documentation.

One of the following:

"low"

"medium"

"high"

"critical"

score_operator: Optional[Literal["<", "<=", ">", 2 more]]

Score Operator.

One of the following:

"<"

"<="

">"

">="

"=="

total_score: Optional[float]

For more details on total score, refer to the Tanium documentation.

class UniqueClientIDInput: …

id: str

List ID.

operating_system: Literal["android", "ios", "chromeos"]

Operating System.

One of the following:

"android"

"ios"

"chromeos"

class WorkspaceOneInput: …

compliance_status: Literal["compliant", "noncompliant", "unknown"]

Compliance Status.

One of the following:

"compliant"

"noncompliant"

"unknown"

connection_id: str

Posture Integration ID.

class PostureDeleteResponse: …

id: Optional[str]

API UUID.

maxLength36

ModelsExpand Collapse

class Integration: …

id: Optional[str]

API UUID.

maxLength36

config: Optional[Config]

The configuration object containing third-party integration information.

api_url: str

The Workspace One API URL provided in the Workspace One Admin Dashboard.

auth_url: str

The Workspace One Authorization URL depending on your region.

client_id: str

The Workspace One client ID provided in the Workspace One Admin Dashboard.

interval: Optional[str]

The interval between each posture check with the third-party API. Use m for minutes (e.g. 5m) and h for hours (e.g. 12h).

name: Optional[str]

The name of the device posture integration.

type: Optional[Literal["workspace_one", "crowdstrike_s2s", "uptycs", 5 more]]

The type of device posture integration.

One of the following:

"workspace_one"

"crowdstrike_s2s"

"uptycs"

"intune"

"kolide"

"tanium_s2s"

"sentinelone_s2s"

"custom_s2s"

Union[str, object, null]

One of the following:

str

object

Posture

List device posture rules

Get device posture rule details

Create a device posture rule

Update a device posture rule

Delete a device posture rule

ModelsExpand Collapse

PostureIntegrations

List your device posture integrations

Get device posture integration details

Create a device posture integration

Update a device posture integration

Delete a device posture integration

ModelsExpand Collapse