Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Devices
Posture

List device posture rules

zero_trust.devices.posture.list(PostureListParams**kwargs) -> SyncSinglePage[DevicePostureRule]
GET/accounts/{account_id}/devices/posture

Fetches device posture rules for a Zero Trust account.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
ParametersExpand Collapse
account_id: str
ReturnsExpand Collapse
class DevicePostureRule:
id: Optional[str]

API UUID.

maxLength36
description: Optional[str]

The description of the device posture rule.

expiration: Optional[str]

Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client.

input: Optional[DeviceInput]

The value to be checked against.

One of the following:
class FileInput:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

exists: Optional[bool]

Whether or not file exists.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class UniqueClientIDInput:
id: str

List ID.

operating_system: Literal["android", "ios", "chromeos"]

Operating System.

One of the following:
"android"
"ios"
"chromeos"
class DomainJoinedInput:
operating_system: Literal["windows"]

Operating System.

domain: Optional[str]

Domain.

class OSVersionInput:
operating_system: Literal["windows"]

Operating System.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
version: str

Version of OS.

os_distro_name: Optional[str]

Operating System Distribution Name (linux only).

os_distro_revision: Optional[str]

Version of OS Distribution (linux only).

os_version_extra: Optional[str]

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

class FirewallInput:
enabled: bool

Enabled.

operating_system: Literal["windows", "mac"]

Operating System.

One of the following:
"windows"
"mac"
class SentineloneInput:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class TeamsDevicesCarbonblackInputRequest:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class TeamsDevicesAccessSerialNumberListInputRequest:
id: str

UUID of Access List.

maxLength36
class DiskEncryptionInput:
check_disks: Optional[List[CarbonblackInput]]

List of volume names to be checked for encryption.

require_all: Optional[bool]

Whether to check all disks for encryption.

class TeamsDevicesApplicationInputRequest:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

Path for the application.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class ClientCertificateInput:
certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36
cn: str

Common Name that is protected by the certificate.

class TeamsDevicesClientCertificateV2InputRequest:
certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36
check_private_key: bool

Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key.

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
cn: Optional[str]

Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables.

extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]

List of values indicating purposes for which the certificate public key can be used.

One of the following:
"clientAuth"
"emailProtection"
locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]
paths: Optional[List[str]]

List of paths to check for client certificate on linux.

trust_stores: Optional[List[Literal["system", "user"]]]

List of trust stores to check for client certificate.

One of the following:
"system"
"user"
subject_alternative_names: Optional[List[str]]

List of certificate Subject Alternative Names.

class TeamsDevicesAntivirusInputRequest:
update_window_days: Optional[float]

Number of days that the antivirus should be updated within.

class WorkspaceOneInput:
compliance_status: Literal["compliant", "noncompliant", "unknown"]

Compliance Status.

One of the following:
"compliant"
"noncompliant"
"unknown"
connection_id: str

Posture Integration ID.

class CrowdstrikeInput:
connection_id: str

Posture Integration ID.

last_seen: Optional[str]

For more details on last seen, please refer to the Crowdstrike documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
os: Optional[str]

Os Version.

overall: Optional[str]

Overall.

sensor_config: Optional[str]

SensorConfig.

state: Optional[Literal["online", "offline", "unknown"]]

For more details on state, please refer to the Crowdstrike documentation.

One of the following:
"online"
"offline"
"unknown"
version: Optional[str]

Version.

version_operator: Optional[Literal["<", "<=", ">", 2 more]]

Version Operator.

One of the following:
"<"
"<="
">"
">="
"=="
class IntuneInput:
compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]

Compliance Status.

One of the following:
"compliant"
"noncompliant"
"unknown"
"notapplicable"
"ingraceperiod"
"error"
connection_id: str

Posture Integration ID.

class KolideInput:
connection_id: str

Posture Integration ID.

count_operator: Literal["<", "<=", ">", 2 more]

Count Operator.

One of the following:
"<"
"<="
">"
">="
"=="
issue_count: str

The Number of Issues.

class TaniumInput:
connection_id: str

Posture Integration ID.

eid_last_seen: Optional[str]

For more details on eid last seen, refer to the Tanium documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator to evaluate risk_level or eid_last_seen.

One of the following:
"<"
"<="
">"
">="
"=="
risk_level: Optional[Literal["low", "medium", "high", "critical"]]

For more details on risk level, refer to the Tanium documentation.

One of the following:
"low"
"medium"
"high"
"critical"
score_operator: Optional[Literal["<", "<=", ">", 2 more]]

Score Operator.

One of the following:
"<"
"<="
">"
">="
"=="
total_score: Optional[float]

For more details on total score, refer to the Tanium documentation.

class SentineloneS2sInput:
connection_id: str

Posture Integration ID.

active_threats: Optional[float]

The Number of active threats.

infected: Optional[bool]

Whether device is infected.

is_active: Optional[bool]

Whether device is active.

network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]

Network status of device.

One of the following:
"connected"
"disconnected"
"disconnecting"
"connecting"
operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]

Agent operational state.

One of the following:
"na"
"partially_disabled"
"auto_fully_disabled"
"fully_disabled"
"auto_partially_disabled"
"disabled_error"
"db_corruption"
operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
class TeamsDevicesCustomS2sInputRequest:
connection_id: str

Posture Integration ID.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
score: float

A value between 0-100 assigned to devices set by the 3rd party posture provider.

match: Optional[List[DeviceMatch]]

The conditions that the client must match to run the rule.

platform: Optional[Literal["windows", "mac", "linux", 3 more]]
One of the following:
"windows"
"mac"
"linux"
"android"
"ios"
"chromeos"
name: Optional[str]

The name of the device posture rule.

schedule: Optional[str]

Polling frequency for the WARP client posture check. Default: 5m (poll every five minutes). Minimum: 1m.

type: Optional[Literal["file", "application", "tanium", 20 more]]

The type of device posture rule.

One of the following:
"file"
"application"
"tanium"
"gateway"
"warp"
"disk_encryption"
"serial_number"
"sentinelone"
"carbonblack"
"firewall"
"os_version"
"domain_joined"
"client_certificate"
"client_certificate_v2"
"antivirus"
"unique_client_id"
"kolide"
"tanium_s2s"
"crowdstrike_s2s"
"intune"
"workspace_one"
"sentinelone_s2s"
"custom_s2s"

List device posture rules

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
page = client.zero_trust.devices.posture.list(
    account_id="699d98642c564d2e855e9661899b7252",
)
page = page.result[0]
print(page.id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "description": "The rule for admin serial numbers",
      "expiration": "1h",
      "input": {
        "operating_system": "linux",
        "path": "/bin/cat",
        "exists": true,
        "sha256": "https://api.us-2.crowdstrike.com",
        "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e"
      },
      "match": [
        {
          "platform": "windows"
        }
      ],
      "name": "Admin Serial Numbers",
      "schedule": "1h",
      "type": "file"
    }
  ],
  "success": true,
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "description": "The rule for admin serial numbers",
      "expiration": "1h",
      "input": {
        "operating_system": "linux",
        "path": "/bin/cat",
        "exists": true,
        "sha256": "https://api.us-2.crowdstrike.com",
        "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e"
      },
      "match": [
        {
          "platform": "windows"
        }
      ],
      "name": "Admin Serial Numbers",
      "schedule": "1h",
      "type": "file"
    }
  ],
  "success": true,
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}