Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Devices
Posture

Update a device posture rule

zero_trust.devices.posture.update(strrule_id, PostureUpdateParams**kwargs) -> DevicePostureRule
PUT/accounts/{account_id}/devices/posture/{rule_id}

Updates a device posture rule.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Zero Trust Write
ParametersExpand Collapse
account_id: str
rule_id: str

API UUID.

maxLength36
name: str

The name of the device posture rule.

type: Literal["file", "application", "tanium", 20 more]

The type of device posture rule.

One of the following:
"file"
"application"
"tanium"
"gateway"
"warp"
"disk_encryption"
"serial_number"
"sentinelone"
"carbonblack"
"firewall"
"os_version"
"domain_joined"
"client_certificate"
"client_certificate_v2"
"antivirus"
"unique_client_id"
"kolide"
"tanium_s2s"
"crowdstrike_s2s"
"intune"
"workspace_one"
"sentinelone_s2s"
"custom_s2s"
description: Optional[str]

The description of the device posture rule.

expiration: Optional[str]

Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client.

input: Optional[DeviceInputParam]

The value to be checked against.

One of the following:
class FileInput:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

exists: Optional[bool]

Whether or not file exists.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class UniqueClientIDInput:
id: str

List ID.

operating_system: Literal["android", "ios", "chromeos"]

Operating System.

One of the following:
"android"
"ios"
"chromeos"
class DomainJoinedInput:
operating_system: Literal["windows"]

Operating System.

domain: Optional[str]

Domain.

class OSVersionInput:
operating_system: Literal["windows"]

Operating System.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
version: str

Version of OS.

os_distro_name: Optional[str]

Operating System Distribution Name (linux only).

os_distro_revision: Optional[str]

Version of OS Distribution (linux only).

os_version_extra: Optional[str]

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

class FirewallInput:
enabled: bool

Enabled.

operating_system: Literal["windows", "mac"]

Operating System.

One of the following:
"windows"
"mac"
class SentineloneInput:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class TeamsDevicesCarbonblackInputRequest:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class TeamsDevicesAccessSerialNumberListInputRequest:
id: str

UUID of Access List.

maxLength36
class DiskEncryptionInput:
check_disks: Optional[List[CarbonblackInput]]

List of volume names to be checked for encryption.

require_all: Optional[bool]

Whether to check all disks for encryption.

class TeamsDevicesApplicationInputRequest:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

Path for the application.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class ClientCertificateInput:
certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36
cn: str

Common Name that is protected by the certificate.

class TeamsDevicesClientCertificateV2InputRequest:
certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36
check_private_key: bool

Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key.

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
cn: Optional[str]

Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables.

extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]

List of values indicating purposes for which the certificate public key can be used.

One of the following:
"clientAuth"
"emailProtection"
locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]
paths: Optional[List[str]]

List of paths to check for client certificate on linux.

trust_stores: Optional[List[Literal["system", "user"]]]

List of trust stores to check for client certificate.

One of the following:
"system"
"user"
subject_alternative_names: Optional[List[str]]

List of certificate Subject Alternative Names.

class TeamsDevicesAntivirusInputRequest:
update_window_days: Optional[float]

Number of days that the antivirus should be updated within.

class WorkspaceOneInput:
compliance_status: Literal["compliant", "noncompliant", "unknown"]

Compliance Status.

One of the following:
"compliant"
"noncompliant"
"unknown"
connection_id: str

Posture Integration ID.

class CrowdstrikeInput:
connection_id: str

Posture Integration ID.

last_seen: Optional[str]

For more details on last seen, please refer to the Crowdstrike documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
os: Optional[str]

Os Version.

overall: Optional[str]

Overall.

sensor_config: Optional[str]

SensorConfig.

state: Optional[Literal["online", "offline", "unknown"]]

For more details on state, please refer to the Crowdstrike documentation.

One of the following:
"online"
"offline"
"unknown"
version: Optional[str]

Version.

version_operator: Optional[Literal["<", "<=", ">", 2 more]]

Version Operator.

One of the following:
"<"
"<="
">"
">="
"=="
class IntuneInput:
compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]

Compliance Status.

One of the following:
"compliant"
"noncompliant"
"unknown"
"notapplicable"
"ingraceperiod"
"error"
connection_id: str

Posture Integration ID.

class KolideInput:
connection_id: str

Posture Integration ID.

count_operator: Literal["<", "<=", ">", 2 more]

Count Operator.

One of the following:
"<"
"<="
">"
">="
"=="
issue_count: str

The Number of Issues.

class TaniumInput:
connection_id: str

Posture Integration ID.

eid_last_seen: Optional[str]

For more details on eid last seen, refer to the Tanium documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator to evaluate risk_level or eid_last_seen.

One of the following:
"<"
"<="
">"
">="
"=="
risk_level: Optional[Literal["low", "medium", "high", "critical"]]

For more details on risk level, refer to the Tanium documentation.

One of the following:
"low"
"medium"
"high"
"critical"
score_operator: Optional[Literal["<", "<=", ">", 2 more]]

Score Operator.

One of the following:
"<"
"<="
">"
">="
"=="
total_score: Optional[float]

For more details on total score, refer to the Tanium documentation.

class SentineloneS2sInput:
connection_id: str

Posture Integration ID.

active_threats: Optional[float]

The Number of active threats.

infected: Optional[bool]

Whether device is infected.

is_active: Optional[bool]

Whether device is active.

network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]

Network status of device.

One of the following:
"connected"
"disconnected"
"disconnecting"
"connecting"
operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]

Agent operational state.

One of the following:
"na"
"partially_disabled"
"auto_fully_disabled"
"fully_disabled"
"auto_partially_disabled"
"disabled_error"
"db_corruption"
operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
class TeamsDevicesCustomS2sInputRequest:
connection_id: str

Posture Integration ID.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
score: float

A value between 0-100 assigned to devices set by the 3rd party posture provider.

match: Optional[Iterable[DeviceMatchParam]]

The conditions that the client must match to run the rule.

platform: Optional[Literal["windows", "mac", "linux", 3 more]]
One of the following:
"windows"
"mac"
"linux"
"android"
"ios"
"chromeos"
schedule: Optional[str]

Polling frequency for the WARP client posture check. Default: 5m (poll every five minutes). Minimum: 1m.

ReturnsExpand Collapse
class DevicePostureRule:
id: Optional[str]

API UUID.

maxLength36
description: Optional[str]

The description of the device posture rule.

expiration: Optional[str]

Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client.

input: Optional[DeviceInput]

The value to be checked against.

One of the following:
class FileInput:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

exists: Optional[bool]

Whether or not file exists.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class UniqueClientIDInput:
id: str

List ID.

operating_system: Literal["android", "ios", "chromeos"]

Operating System.

One of the following:
"android"
"ios"
"chromeos"
class DomainJoinedInput:
operating_system: Literal["windows"]

Operating System.

domain: Optional[str]

Domain.

class OSVersionInput:
operating_system: Literal["windows"]

Operating System.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
version: str

Version of OS.

os_distro_name: Optional[str]

Operating System Distribution Name (linux only).

os_distro_revision: Optional[str]

Version of OS Distribution (linux only).

os_version_extra: Optional[str]

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

class FirewallInput:
enabled: bool

Enabled.

operating_system: Literal["windows", "mac"]

Operating System.

One of the following:
"windows"
"mac"
class SentineloneInput:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class TeamsDevicesCarbonblackInputRequest:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class TeamsDevicesAccessSerialNumberListInputRequest:
id: str

UUID of Access List.

maxLength36
class DiskEncryptionInput:
check_disks: Optional[List[CarbonblackInput]]

List of volume names to be checked for encryption.

require_all: Optional[bool]

Whether to check all disks for encryption.

class TeamsDevicesApplicationInputRequest:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

Path for the application.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class ClientCertificateInput:
certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36
cn: str

Common Name that is protected by the certificate.

class TeamsDevicesClientCertificateV2InputRequest:
certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36
check_private_key: bool

Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key.

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
cn: Optional[str]

Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables.

extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]

List of values indicating purposes for which the certificate public key can be used.

One of the following:
"clientAuth"
"emailProtection"
locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]
paths: Optional[List[str]]

List of paths to check for client certificate on linux.

trust_stores: Optional[List[Literal["system", "user"]]]

List of trust stores to check for client certificate.

One of the following:
"system"
"user"
subject_alternative_names: Optional[List[str]]

List of certificate Subject Alternative Names.

class TeamsDevicesAntivirusInputRequest:
update_window_days: Optional[float]

Number of days that the antivirus should be updated within.

class WorkspaceOneInput:
compliance_status: Literal["compliant", "noncompliant", "unknown"]

Compliance Status.

One of the following:
"compliant"
"noncompliant"
"unknown"
connection_id: str

Posture Integration ID.

class CrowdstrikeInput:
connection_id: str

Posture Integration ID.

last_seen: Optional[str]

For more details on last seen, please refer to the Crowdstrike documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
os: Optional[str]

Os Version.

overall: Optional[str]

Overall.

sensor_config: Optional[str]

SensorConfig.

state: Optional[Literal["online", "offline", "unknown"]]

For more details on state, please refer to the Crowdstrike documentation.

One of the following:
"online"
"offline"
"unknown"
version: Optional[str]

Version.

version_operator: Optional[Literal["<", "<=", ">", 2 more]]

Version Operator.

One of the following:
"<"
"<="
">"
">="
"=="
class IntuneInput:
compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]

Compliance Status.

One of the following:
"compliant"
"noncompliant"
"unknown"
"notapplicable"
"ingraceperiod"
"error"
connection_id: str

Posture Integration ID.

class KolideInput:
connection_id: str

Posture Integration ID.

count_operator: Literal["<", "<=", ">", 2 more]

Count Operator.

One of the following:
"<"
"<="
">"
">="
"=="
issue_count: str

The Number of Issues.

class TaniumInput:
connection_id: str

Posture Integration ID.

eid_last_seen: Optional[str]

For more details on eid last seen, refer to the Tanium documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator to evaluate risk_level or eid_last_seen.

One of the following:
"<"
"<="
">"
">="
"=="
risk_level: Optional[Literal["low", "medium", "high", "critical"]]

For more details on risk level, refer to the Tanium documentation.

One of the following:
"low"
"medium"
"high"
"critical"
score_operator: Optional[Literal["<", "<=", ">", 2 more]]

Score Operator.

One of the following:
"<"
"<="
">"
">="
"=="
total_score: Optional[float]

For more details on total score, refer to the Tanium documentation.

class SentineloneS2sInput:
connection_id: str

Posture Integration ID.

active_threats: Optional[float]

The Number of active threats.

infected: Optional[bool]

Whether device is infected.

is_active: Optional[bool]

Whether device is active.

network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]

Network status of device.

One of the following:
"connected"
"disconnected"
"disconnecting"
"connecting"
operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]

Agent operational state.

One of the following:
"na"
"partially_disabled"
"auto_fully_disabled"
"fully_disabled"
"auto_partially_disabled"
"disabled_error"
"db_corruption"
operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
class TeamsDevicesCustomS2sInputRequest:
connection_id: str

Posture Integration ID.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
score: float

A value between 0-100 assigned to devices set by the 3rd party posture provider.

match: Optional[List[DeviceMatch]]

The conditions that the client must match to run the rule.

platform: Optional[Literal["windows", "mac", "linux", 3 more]]
One of the following:
"windows"
"mac"
"linux"
"android"
"ios"
"chromeos"
name: Optional[str]

The name of the device posture rule.

schedule: Optional[str]

Polling frequency for the WARP client posture check. Default: 5m (poll every five minutes). Minimum: 1m.

type: Optional[Literal["file", "application", "tanium", 20 more]]

The type of device posture rule.

One of the following:
"file"
"application"
"tanium"
"gateway"
"warp"
"disk_encryption"
"serial_number"
"sentinelone"
"carbonblack"
"firewall"
"os_version"
"domain_joined"
"client_certificate"
"client_certificate_v2"
"antivirus"
"unique_client_id"
"kolide"
"tanium_s2s"
"crowdstrike_s2s"
"intune"
"workspace_one"
"sentinelone_s2s"
"custom_s2s"

Update a device posture rule

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
device_posture_rule = client.zero_trust.devices.posture.update(
    rule_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    account_id="699d98642c564d2e855e9661899b7252",
    name="Admin Serial Numbers",
    type="file",
)
print(device_posture_rule.id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "description": "The rule for admin serial numbers",
    "expiration": "1h",
    "input": {
      "operating_system": "linux",
      "path": "/bin/cat",
      "exists": true,
      "sha256": "https://api.us-2.crowdstrike.com",
      "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e"
    },
    "match": [
      {
        "platform": "windows"
      }
    ],
    "name": "Admin Serial Numbers",
    "schedule": "1h",
    "type": "file"
  },
  "success": true
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "description": "The rule for admin serial numbers",
    "expiration": "1h",
    "input": {
      "operating_system": "linux",
      "path": "/bin/cat",
      "exists": true,
      "sha256": "https://api.us-2.crowdstrike.com",
      "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e"
    },
    "match": [
      {
        "platform": "windows"
      }
    ],
    "name": "Admin Serial Numbers",
    "schedule": "1h",
    "type": "file"
  },
  "success": true
}