Illumio Core 20.1.0 REST API
20.1.0
Known Issues: Some parameter tables, JSON request bodies, and JSON response bodies are currently not included.
This Illumio Core 20.1.0 v2 REST API Reference includes all Public Stable and Public Experimental APIs in this release. It contains curl code examples, parameter definitions, and JSON request and response bodies.
For detailed curl code examples and in-depth information about methods, parameters, and API calls, see the Illumio Core 20.1.0 REST API Developer Guide.
NOTE: The Illumio Core platform was previously known as the Illumio Adaptive Security Platform (ASP). References to "Adaptive Security Platform" and ASP still appear in the REST API Reference.
README
API Properties
Code Examples
The $KEY and $TOKEN constants in the code examples represent authentication credentials (session and token, API key and token, or username and password as appropriate).
Required Parameters
Required parameters in the parameter tables have a Required field of true with an orange asterisk. However, the requirements are based on nesting, so if you're not using any parameters in an indented nested block then none of the parameters in the nested block are required, even if they have an asterisk.
If at least one of multiple parameters is required, their Required fields are false with two orange asterisks, indicating that at least one of the parameters with two asterisks must be defined. For example, when creating a workload, a name and/or a hostname for the workload must be defined.
Search
Use the search field at the top of the left column for whole words like IP Lists.
Use Ctrl-F to search for whole words or words joined by underscores and/or slashes like ip_lists or workloads/bulk_create.
Agents (deprecated, see VEN Operations)
Get an Agent
Example Code
curl -X GET /orgs/{org_id}/agents/{agent_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/agents/{agent_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| agent_id | path | integer | true* | Agent ID |
Example Response Body
200 Response
{
"name": "string",
"description": "string",
"online": true,
"mode": "idle",
"uid": "string",
"last_heartbeat_on": null,
"uptime_seconds": null,
"hostname": "string",
"agent_version": "string",
"public_ip": "string",
"ip_tables_saved": null,
"os_id": "string",
"os_detail": "string",
"log_traffic": true,
"target_pce_fqdn": "string",
"active_pce_fqdn": "string",
"labels": [
{
"href": "string"
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | agents_get |
Update an Agent
Example Code
curl -X PUT /orgs/{org_id}/agents/{agent_id}/update \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/agents/{agent_id}/update
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"target_pce_fqdn": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| agent_id | path | integer | true* | Agent ID |
| body | body | agents_update_put | false | none |
| » target_pce_fqdn | body | string | false | cluster FQDN for target PCE |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Create an Agent Traffic Flow
Example Code
curl -X POST /orgs/{org_id}/agents/bulk_traffic_flows
POST /api/v2/orgs/{org_id}/agents/bulk_traffic_flows
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
API Keys
Get API Keys
Example Code
curl -X GET /users/{user_id}/api_keys \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/users/{user_id}/api_keys
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| user_id | path | integer | true* | User ID |
Example Response Body
200 Response
{
"key_id": "string",
"auth_username": "string",
"created_at": "2020-08-19T21:34:26Z",
"name": "string",
"description": "string",
"href": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | users_api_keys_get |
Get an API Key
Example Code
curl -X GET /users/{user_id}/api_keys/{key_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/users/{user_id}/api_keys/{key_id}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| user_id | path | integer | true* | User ID |
| key_id | path | string | true* | key_id |
Example Response Body
200 Response
{
"key_id": "string",
"auth_username": "string",
"created_at": "2020-08-19T21:34:26Z",
"name": "string",
"description": "string",
"href": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | users_api_keys_get |
Create an API Key
Example Code
curl -X POST /users/{user_id}/api_keys \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/users/{user_id}/api_keys
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| user_id | path | integer | true* | User ID |
| body | body | users_api_keys_post | false | none |
| » name | body | string | true* | The key name - just a label to be used |
| » description | body | string | false | The description of the key |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update an API Key
Example Code
curl -X PUT /users/{user_id}/api_keys/{key_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/users/{user_id}/api_keys/{key_id}
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| user_id | path | integer | true* | User ID |
| key_id | path | string | true* | key_id |
| body | body | users_api_keys_put | false | none |
| » name | body | string | false | The key name - just a label to be used |
| » description | body | string | false | The description of the key |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete an API Key
Example Code
curl -X DELETE /users/{user_id}/api_keys/{key_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/users/{user_id}/api_keys/{key_id}
Exposure: Public Stable
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| user_id | path | integer | true* | User ID |
| key_id | path | string | true* | key_id |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Auth Security Principals
Get Auth Security Principals
Example Code
curl -X GET /orgs/{org_id}/auth_security_principals \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/auth_security_principals
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| name | query | string | false | Name of the auth_security_principal to filter by. Supports partial matches |
| type | query | string | false | Type (user or group) to filter by |
Example Response Body
200 Response
[
{
"type": "user",
"name": "string",
"display_name": "string",
"href": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | orgs_auth_security_principals_get |
Get an Auth Security Principal
Example Code
curl -X GET /orgs/{org_id}/auth_security_principals/{auth_security_principal_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/auth_security_principals/{auth_security_principal_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| auth_security_principal_id | path | string | true* | UUID of the auth_security_principal |
Example Response Body
200 Response
[
{
"type": "user",
"name": "string",
"display_name": "string",
"href": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | orgs_auth_security_principals_get |
Create an Auth Security Principal
Example Code
curl -X POST /orgs/{org_id}/auth_security_principals \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/auth_security_principals
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"type": "user",
"name": "string",
"display_name": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| body | body | orgs_auth_security_principals_post | false | none |
| » type | body | string | true* | type of the auth_security_principal |
| » name | body | string | true* | name of auth_security_principal |
| » display_name | body | string | false | name of auth_security_principal |
Enumerated Values
| Parameter | Value |
|---|---|
| » type | user |
| » type | group |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update an Auth Security Principal
Example Code
curl -X PUT /orgs/{org_id}/auth_security_principals/{auth_security_principal_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/auth_security_principals/{auth_security_principal_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| auth_security_principal_id | path | string | true* | UUID of the auth_security_principal |
| body | body | orgs_auth_security_principals_put | false | none |
| » type | body | string | false | type of the auth_security_principal |
| » name | body | string | false | name of the auth_security_principal |
| » display_name | body | string | false | display name of the auth_security_principal |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
Enumerated Values
| Parameter | Value |
|---|---|
| » type | user |
| » type | group |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete an Auth Security Principal
Example Code
curl -X DELETE /orgs/{org_id}/auth_security_principals/{auth_security_principal_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/auth_security_principals/{auth_security_principal_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| auth_security_principal_id | path | string | true* | UUID of the auth_security_principal |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Authentication Settings
Get Password Policy
Example Code
curl -X GET /authentication_settings/password_policy \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/authentication_settings/password_policy
Exposure: Public Experimental
Auditable: No
Example Response Body
200 Response
{
"require_type_number": true,
"require_type_lowercase": true,
"require_type_uppercase": true,
"require_type_symbol": true,
"min_characters_per_type": 0,
"min_length": 0,
"min_changed_characters": 0,
"history_count": 0,
"expire_time_days": 0,
"session_timeout_minutes": 0,
"updated_at": "2020-08-19T21:34:26Z",
"updated_by": {
"username": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | authentication_settings_password_policy_get |
Update Password Policy
Example Code
curl -X PUT /authentication_settings/password_policy \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/authentication_settings/password_policy
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"require_type_number": true,
"require_type_lowercase": true,
"require_type_uppercase": true,
"require_type_symbol": true,
"min_characters_per_type": 0,
"min_length": 0,
"min_changed_characters": 0,
"history_count": 0,
"expire_time_days": 0,
"session_timeout_minutes": 0
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | authentication_settings_password_policy_put | false | none |
| » require_type_number | body | boolean | false | Flag to indicate whether password must contain numerical digit |
| » require_type_lowercase | body | boolean | false | Flag to indicate whether password must contain lowercase letter |
| » require_type_uppercase | body | boolean | false | Flag to indicate whether password must contain uppercase letter |
| » require_type_symbol | body | boolean | false | Flag to indicate whether password must contain symbol (i.e. !@#$%^&*<>?) |
| » min_characters_per_type | body | integer | false | Minimum number of characters for each character type |
| » min_length | body | integer | false | Minimum length of password |
| » min_changed_characters | body | integer | false | Minimum number of changed characters for new passwords |
| » history_count | body | integer | false | Number of old passwords to remember |
| » expire_time_days | body | integer | false | Number of days password expires; a value of 0 means it never expires |
| » session_timeout_minutes | body | integer | false | Number of minutes to timeout the user session without activity |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Get Authentication Setting
Example Code
curl -X GET /authentication_settings \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/authentication_settings
Exposure: Public Experimental
Auditable: No
Example Response Body
200 Response
{
"authentication_type": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | authentication_settings_get |
Update Authentication Setting
Example Code
curl -X PUT /authentication_settings \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/authentication_settings
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"authentication_type": "Local"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | authentication_settings_put | false | none |
| » authentication_type | body | string | true* | Authentication types |
Enumerated Values
| Parameter | Value |
|---|---|
| » authentication_type | Local |
| » authentication_type | RADIUS |
| » authentication_type | SAML |
| » authentication_type | LDAP |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Containers
Get Container Clusters Workload Profiles
Example Code
curl -X GET /orgs/{org_id}/container_clusters/{container_cluster_id}/container_workload_profiles \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/container_clusters/{container_cluster_id}/container_workload_profiles
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| container_cluster_id | path | string | true* | Cluster UUID |
| assign_labels | query | string | false | List of lists of label URIs, encoded as a JSON string |
| linked | query | boolean | false | Filter by linked container workload profiles. |
| log_traffic | query | boolean | false | Return container workload profile(s) with log traffic true or false |
| max_results | query | integer | false | Maximum number of container workloads to return. |
| mode | query | string | false | Filter by mode. |
| name | query | string | false | Name string to match.Supports partial matches. |
| namespace | query | string | false | Namespace string to match.Supports partial matches. |
Example Response Body
200 Response
{
"href": "string",
"name": null,
"namespace": null,
"description": "string",
"assign_labels": [
{
"href": "string"
}
],
"mode": "string",
"log_traffic": true,
"linked": true,
"created_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"updated_at": "2020-08-19T21:34:26Z"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | container_clusters_container_workload_profiles_get |
Create a Container Cluster Workload Profile
Example Code
curl -X POST /orgs/{org_id}/container_clusters/{container_cluster_id}/container_workload_profiles \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/container_clusters/{container_cluster_id}/container_workload_profiles
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"name": null,
"description": "string",
"assign_labels": [
{
"href": "string"
}
],
"mode": "unmanaged",
"log_traffic": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| container_cluster_id | path | string | true* | Cluster UUID |
| body | body | container_clusters_container_workload_profiles_post | false | none |
| » name | body | string,null | true* | A friendly name given to a profile if the namespace is not user friendly |
| » description | body | string | false | Description of the profile |
| » assign_labels | body | [object] | false | Assigned labels |
| » href | body | string | true* | Label URI |
| » mode | body | string | false | none |
| » log_traffic | body | boolean | false | True if we want to log traffic events from this workload |
Enumerated Values
| Parameter | Value |
|---|---|
| » mode | unmanaged |
| » mode | illuminated |
| » mode | enforced |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update the Container Cluster Workload Profile
Example Code
curl -X PUT /orgs/{org_id}/container_clusters/{container_cluster_id}/container_workload_profiles/{container_workload_profile_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/container_clusters/{container_cluster_id}/container_workload_profiles/{container_workload_profile_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"name": null,
"description": null,
"assign_labels": [
{
"href": "string"
}
],
"mode": "unmanaged",
"log_traffic": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| container_cluster_id | path | string | true* | Cluster UUID |
| container_workload_profile_id | path | string | true* | Container workload profile UUID |
| body | body | container_clusters_container_workload_profiles_put | false | none |
| » name | body | string,null | false | A friendly name given to a profile if the namespace is not user friendly |
| » description | body | string,null | false | Description of the profile |
| » assign_labels | body | [object] | false | Assigned labels |
| » href | body | string | true* | Label URI |
| » mode | body | string | false | none |
| » log_traffic | body | boolean | false | True if we want to log traffic events from this workload |
Enumerated Values
| Parameter | Value |
|---|---|
| » mode | unmanaged |
| » mode | illuminated |
| » mode | enforced |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Get Container Clusters
Example Code
curl -X GET /orgs/{org_id}/container_clusters \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/container_clusters
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| max_results | query | integer | false | Maximum number of container clusters to return |
| name | query | string | false | Name of the container cluster(s) to return. Supports partial matches |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"description": "string",
"nodes": [
{
"pod_subnet": "string"
}
],
"manager_type": "string",
"network_type": "string",
"last_connected": "2020-08-19T21:34:26Z",
"online": true,
"errors": [
{
"audit_event": {
"href": "string"
},
"duplicate_ids": [],
"error_type": "string"
}
],
"kubelink_version": "string",
"pce_fqdn": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | container_clusters_get |
Create a Container Cluster
Example Code
curl -X POST /orgs/{org_id}/container_clusters \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/container_clusters
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | container_clusters_post | false | none |
| » name | body | string | false | User assigned name of the cluster |
| » description | body | string | false | User assigned description of the cluster |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update a Container Cluster
Example Code
curl -X PUT /orgs/{org_id}/container_clusters/{container_cluster_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/container_clusters/{container_cluster_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| container_cluster_id | path | string | true* | Cluster UUID |
| body | body | container_clusters_put | false | none |
| » name | body | string | false | User assigned name of the cluster |
| » description | body | string | false | User assigned description of the cluster |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Get Container Clusters Service Backend
Example Code
curl -X GET /orgs/{org_id}/container_clusters/{container_cluster_id}/service_backends \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/container_clusters/{container_cluster_id}/service_backends
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| container_cluster_id | path | string | true* | Cluster UUID |
Example Response Body
200 Response
[
{
"name": "string",
"kind": "string",
"namespace": "string",
"updated_at": "string",
"created_at": "string",
"virtual_services": {
"href": "string",
"name": "string"
}
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | container_clusters_service_backends_get |
Get Container Clusters Workload Profiles
Example Code
curl -X GET /orgs/{org_id}/container_clusters/{container_cluster_id}/container_workload_profiles/{container_workload_profile_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/container_clusters/{container_cluster_id}/container_workload_profiles/{container_workload_profile_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| container_cluster_id | path | string | true* | Cluster UUID |
| container_workload_profile_id | path | string | true* | Container workload profile UUID |
Example Response Body
200 Response
{
"href": "string",
"name": null,
"namespace": null,
"description": "string",
"assign_labels": [
{
"href": "string"
}
],
"mode": "string",
"log_traffic": true,
"linked": true,
"created_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"updated_at": "2020-08-19T21:34:26Z"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | container_clusters_container_workload_profiles_get |
Delete Container Clusters Container Workload Profiles
Example Code
curl -X DELETE /orgs/{org_id}/container_clusters/{container_cluster_id}/container_workload_profiles/{container_workload_profile_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/container_clusters/{container_cluster_id}/container_workload_profiles/{container_workload_profile_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| container_cluster_id | path | string | true* | Cluster UUID |
| container_workload_profile_id | path | string | true* | Container workload profile UUID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Get a Container Cluster
Example Code
curl -X GET /orgs/{org_id}/container_clusters/{container_cluster_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/container_clusters/{container_cluster_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| container_cluster_id | path | string | true* | Cluster UUID |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"description": "string",
"nodes": [
{
"pod_subnet": "string"
}
],
"manager_type": "string",
"network_type": "string",
"last_connected": "2020-08-19T21:34:26Z",
"online": true,
"errors": [
{
"audit_event": {
"href": "string"
},
"duplicate_ids": [],
"error_type": "string"
}
],
"kubelink_version": "string",
"pce_fqdn": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | container_clusters_get |
Delete a Container Cluster
Example Code
curl -X DELETE /orgs/{org_id}/container_clusters/{container_cluster_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/container_clusters/{container_cluster_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| container_cluster_id | path | string | true* | Cluster UUID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Datafiles
Get Job Results
Example Code
curl -X GET /orgs/{org_id}/datafiles/{uuid}
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/datafiles/{uuid}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| uuid | path | string | true* | uuid of file resource |
| filename | query | string | false | Filename to save as |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | None |
Events
Get Events
Example Code
curl -X GET /orgs/{org_id}/events \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/events
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| created_by | query | string | false | User, agent, or system that created the event |
| event_type | query | string | false | Type of event |
| max_results | query | integer | false | Maximum number of results to return |
| severity | query | string | false | Severity of event |
| status | query | string | false | Status of event |
| timestamp[gte] | query | string | false | Earliest event date to return (RFC 3339 format) |
| timestamp[lte] | query | string | false | Latest event date to return (RFC 3339 format) |
Enumerated Values
| Parameter | Value |
|---|---|
| severity | emerg |
| severity | alert |
| severity | crit |
| severity | warning |
| severity | err |
| severity | notice |
| severity | info |
| severity | debug |
| status | success |
| status | failure |
| status | nil |
| timestamp[gte] | success |
| timestamp[gte] | failure |
| timestamp[gte] | nil |
| timestamp[lte] | success |
| timestamp[lte] | failure |
| timestamp[lte] | nil |
Example Response Body
200 Response
{
"href": "string",
"org_id": 0,
"version": "string",
"event_id": "string",
"event_type": "string",
"status": "string",
"severity": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"action": {
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"event_type": "string",
"status": "string",
"severity": "string",
"task_name": "string",
"api_endpoint": "string",
"api_method": "string",
"http_status_code": 0,
"src_ip": "string",
"errors": [
{
"token": "string",
"message": "string"
}
],
"info": {}
},
"resource_changes": [
{
"href": "string",
"version": "string",
"org_id": 0,
"uuid": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"resource": null,
"changes": {},
"change_type": "string"
}
],
"notifications": [
{
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"notification_type": "string",
"severity": "err",
"info": {}
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | events_get |
Get an Event
Example Code
curl -X GET /orgs/{org_id}/events/{composite_log_event_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/events/{composite_log_event_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| composite_log_event_id | path | string | true* | UUID of event to return |
Example Response Body
200 Response
{
"href": "string",
"org_id": 0,
"version": "string",
"event_id": "string",
"event_type": "string",
"status": "string",
"severity": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"action": {
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"event_type": "string",
"status": "string",
"severity": "string",
"task_name": "string",
"api_endpoint": "string",
"api_method": "string",
"http_status_code": 0,
"src_ip": "string",
"errors": [
{
"token": "string",
"message": "string"
}
],
"info": {}
},
"resource_changes": [
{
"href": "string",
"version": "string",
"org_id": 0,
"uuid": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"resource": null,
"changes": {},
"change_type": "string"
}
],
"notifications": [
{
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"notification_type": "string",
"severity": "err",
"info": {}
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | events_get |
Explorer
Get Traffic
Example Code
curl -X POST /orgs/{org_id}/traffic_flows/traffic_analysis_queries \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/traffic_flows/traffic_analysis_queries
Exposure: Public Experimental
Auditable: No
Example Request Body
{
"start_date": "2020-08-19",
"end_date": "2020-08-19",
"sources_destinations_query_op": "and",
"sources": {
"include": [
[
{
"label": {
"href": "string"
}
}
]
],
"exclude": [
{
"label": {
"href": "string"
}
}
]
},
"destinations": {
"include": [
[
{
"label": {
"href": "string"
}
}
]
],
"exclude": [
{
"label": {
"href": "string"
}
}
]
},
"services": {
"include": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"process_name": "string",
"windows_service_name": "string"
}
],
"exclude": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"process_name": "string",
"windows_service_name": "string"
}
]
},
"policy_decisions": [
"allowed"
],
"max_results": 0,
"exclude_workloads_from_ip_list_query": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | traffic_flows_traffic_analysis_queries_post | false | none |
| » start_date | body | string(date) | false | Starting date for query |
| » end_date | body | string(date) | false | Ending date for query |
| » sources_destinations_query_op | body | string | false | Query logical operator between sources and destinations |
| » sources | body | object | true* | Source labels, workloads, IP addresses to include or exclude |
| » include | body | [array] | true* | List of included sources or targets |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/0 | false | A label parameter for a traffic query |
| » label | body | object | true* | none |
| » href | body | string | true* | Label URI |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/1 | false | A workload parameter for a traffic query |
| » workload | body | object | true* | none |
| » href | body | string | true* | Workload URI |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/2 | false | An IP address parameter for a traffic query |
| » ip_address | body | string | true* | IP address value |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/3 | false | An IP List parameter for a traffic query |
| » ip_list | body | object | true* | none |
| » href | body | string | true* | IP List draft URI |
| » exclude | body | [anyOf] | true* | List of excluded sources or targets |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/0 | false | A label parameter for a traffic query |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/1 | false | A workload parameter for a traffic query |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/2 | false | An IP address parameter for a traffic query |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/3 | false | An IP List parameter for a traffic query |
| » destinations | body | object | true* | Target labels, workloads, IP addresses, domain names, transmission to include or exclude |
| » include | body | [array] | true* | List of included sources or targets |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/0 | false | A label parameter for a traffic query |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/1 | false | A workload parameter for a traffic query |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/2 | false | An IP address parameter for a traffic query |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/destinations/properties/include/items/items/oneOf/3 | false | An DNS parameter for a traffic query |
| » fqdn | body | string | true* | parameter for querying the matched fqdn |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/3 | false | An IP List parameter for a traffic query |
| » exclude | body | [anyOf] | true* | List of excluded sources or targets |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/0 | false | A label parameter for a traffic query |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/1 | false | A workload parameter for a traffic query |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/2 | false | An IP address parameter for a traffic query |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/destinations/properties/include/items/items/oneOf/3 | false | An DNS parameter for a traffic query |
| » anonymous | body | object | false | Parameter representing broadcast/multiccast |
| » transmission | body | string | true* | transmission type |
| » anonymous | body | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/3 | false | An IP List parameter for a traffic query |
| » services | body | object | true* | Services (5-tuple of port/to_port/proto/process/service) to include or exclude |
| » include | body | [object] | true* | List of included services (5-tuple of port/to_port/proto/process/service) |
| » port | body | integer | false | Port Number (integer 0-65535). Also the starting port when specifying a range. |
| » to_port | body | integer | false | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | body | integer | false | protocol number |
| » process_name | body | string | false | Process Name |
| » windows_service_name | body | string | false | Windows Service Name |
| » exclude | body | [object] | true* | List of excluded services (5-tuple of port/to_port/proto/process/service) |
| » port | body | integer | false | Port Number (integer 0-65535). Also the starting port when specifying a range. |
| » to_port | body | integer | false | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | body | integer | false | protocol number |
| » process_name | body | string | false | Process Name |
| » windows_service_name | body | string | false | Windows Service Name |
| » policy_decisions | body | [string] | true* | List of policy decisions |
| » max_results | body | integer | false | maximum number of flows to return |
| » exclude_workloads_from_ip_list_query | body | boolean | false | exclude workload traffic when IP List is provided either in consumer or provider part of traffic query |
Enumerated Values
| Parameter | Value |
|---|---|
| » sources_destinations_query_op | and |
| » sources_destinations_query_op | or |
| » transmission | broadcast |
| » transmission | multicast |
| » transmission | unicast |
| » policy_decisions | allowed |
| » policy_decisions | potentially_blocked |
| » policy_decisions | blocked |
| » policy_decisions | unknown |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Firewall Settings
Get Firewall Policies
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/firewall_settings \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/firewall_settings
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
Example Response Body
200 Response
{
"static_policy_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"firewall_coexistence": null,
"containers_inherit_host_policy_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"blocked_connection_reject_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"update_type": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_firewall_settings_get |
Update Firewall Policies
Example Code
curl -X PUT /orgs/{org_id}/sec_policy/{pversion}/firewall_settings \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/firewall_settings
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"update_type": "create",
"static_policy_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"firewall_coexistence": null,
"containers_inherit_host_policy_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"blocked_connection_reject_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| body | body | sec_policy_firewall_settings_put | false | none |
| » update_type | body | string | false | Type of update |
| » static_policy_scopes | body | [sec_policy_firewall_settings_get/properties/blocked_connection_reject_scopes/items] | false | Rule set scopes |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » firewall_coexistence | body | array,null | false | none |
| » scope | body | [object] | true* | Assigned labels |
| » href | body | string | true* | Label URI |
| » workload_mode | body | string | false | Additional match criteria to select workload(s) |
| » illumio_primary | body | boolean | true* | Configure Illumio to be the primary firewall |
| » containers_inherit_host_policy_scopes | body | [sec_policy_firewall_settings_get/properties/blocked_connection_reject_scopes/items] | false | Rule set scopes |
| » blocked_connection_reject_scopes | body | [sec_policy_firewall_settings_get/properties/blocked_connection_reject_scopes/items] | false | Scopes whose blocked connection action will be reject |
Enumerated Values
| Parameter | Value |
|---|---|
| » update_type | create |
| » update_type | update |
| » update_type | delete |
| » workload_mode | enforced |
| » workload_mode | illuminated |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Health
Get Health
Example Code
curl -X GET /health \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/health
Exposure: Public Experimental
Auditable: No
Example Response Body
200 Response
{
"status": "string",
"type": "string",
"fqdn": "string",
"available_seconds": 0,
"notifications": [
{
"status": "string",
"token": "string",
"message": "string"
}
],
"listen_only_mode_enabled_at": null,
"nodes": [
{
"hostname": null,
"ip_address": null,
"runlevel": null,
"uptime_seconds": null,
"cpu": {
"status": "normal",
"percent": 0
},
"disk": [
{
"location": "string",
"value": {
"status": "normal",
"percent": 0
}
}
],
"memory": {
"status": "normal",
"percent": 0
},
"services": {
"status": "string",
"running": [
"string"
],
"not_running": [
"string"
],
"partial": [
"string"
],
"optional": [
"string"
],
"unknown": [
"string"
]
},
"generated_at": null
}
],
"network": {
"replication": [
{
"type": "string",
"details": {
"database_name": "string",
"master_fqdn": "string",
"slave_fqdn": "string"
},
"value": {
"status": "string",
"lag_seconds": 0
}
}
]
},
"generated_at": null
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | health_get |
IP Lists
Get IP Lists
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/ip_lists \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| description | query | string | false | Description of IP list(s) to return. Supports partial matches |
| external_data_reference | query | string | false | A unique identifier within the external data source |
| external_data_set | query | string | false | The data source from which a resource originates |
| fqdn | query | string | false | IP lists matching FQDN. Supports partial matches |
| ip_address | query | string | false | IP address matching IP list(s) to return. Supports partial matches |
| max_results | query | integer | false | Maximum number of IP Lists to return. |
| name | query | string | false | Name of IP list(s) to return. Supports partial matches |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ip_ranges": [
{
"description": "string",
"from_ip": "string",
"to_ip": "string",
"exclusion": true
}
],
"fqdns": [
{
"fqdn": "string",
"description": "string"
}
],
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_ip_lists_get |
Get an IP List
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| ip_list_id | path | string | true* | IP list ID |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ip_ranges": [
{
"description": "string",
"from_ip": "string",
"to_ip": "string",
"exclusion": true
}
],
"fqdns": [
{
"fqdn": "string",
"description": "string"
}
],
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_ip_lists_get |
Create an IP List
Example Code
curl -X POST /orgs/{org_id}/sec_policy/{pversion}/ip_lists \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ip_ranges": [
{
"description": "string",
"from_ip": "string",
"to_ip": "string",
"exclusion": true
}
],
"fqdns": [
{
"fqdn": "string",
"description": "string"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| body | body | sec_policy_ip_lists_post | false | none |
| » name | body | string | true* | Name (must be unique) |
| » description | body | string | false | Description |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
| » ip_ranges | body | [object] | false | IP addresses or ranges |
| » description | body | string | false | Description |
| » from_ip | body | string | true* | IP address or a low end of IP range. Might be specified with CIDR notation |
| » to_ip | body | string | false | High end of an IP range |
| » exclusion | body | boolean | false | Whether this IP address is an exclusion. Exclusions must be a strict subset of inclusive IP addresses. |
| » fqdns | body | [object] | false | Collection of FQDN |
| » fqdn | body | string | true* | none |
| » description | body | string | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update an IP List
Example Code
curl -X PUT /orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id}
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ip_ranges": [
{
"description": "string",
"from_ip": "string",
"to_ip": "string",
"exclusion": true
}
],
"fqdns": [
{
"fqdn": "string",
"description": "string"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| ip_list_id | path | string | true* | IP list ID |
| body | body | sec_policy_ip_lists_put | false | none |
| » name | body | string | false | Name (must be unique) |
| » description | body | string | false | Description |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
| » ip_ranges | body | [object] | false | IP addresses or ranges |
| » description | body | string | false | Description |
| » from_ip | body | string | true* | IP address or a low end of IP range. Might be specified with CIDR notation |
| » to_ip | body | string | false | High end of an IP range |
| » exclusion | body | boolean | false | Whether this IP address is an exclusion. Exclusions must be a strict subset of inclusive IP addresses. |
| » fqdns | body | [object] | false | Collection of FQDN |
| » fqdn | body | string | true* | none |
| » description | body | string | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete an IP List
Example Code
curl -X DELETE /orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/ip_lists/{ip_list_id}
Exposure: Public Stable
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| ip_list_id | path | string | true* | IP list ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Jobs
Get Jobs
Example Code
curl -X GET /orgs/{org_id}/jobs \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/jobs
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| job_type | query | string | false | The job-type value to use for filtering the results. |
| max_results | query | integer | false | Maximum number of jobs to return. |
Example Response Body
200 Response
{
"href": "string",
"job_type": "string",
"description": "string",
"status": "string",
"requested_at": "2020-08-19T21:34:26Z",
"requested_by": {
"href": "string"
},
"terminated_at": "2020-08-19T21:34:26Z",
"result": {
"href": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | jobs_get |
Get a Job
Example Code
curl -X GET /orgs/{org_id}/jobs/{job_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/jobs/{job_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| job_id | path | string | true* | ID of a job. |
Example Response Body
200 Response
{
"href": "string",
"job_type": "string",
"description": "string",
"status": "string",
"requested_at": "2020-08-19T21:34:26Z",
"requested_by": {
"href": "string"
},
"terminated_at": "2020-08-19T21:34:26Z",
"result": {
"href": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | jobs_get |
Delete a Job
Example Code
curl -X DELETE /orgs/{org_id}/jobs/{job_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/jobs/{job_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| job_id | path | string | true* | ID of a job. |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Labels
Get Labels
Example Code
curl -X GET /orgs/{org_id}/labels \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/labels
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| external_data_reference | query | string | false | A unique identifier within the external data source |
| external_data_set | query | string | false | The data source from which a resource originates |
| include_deleted | query | boolean | false | Include deleted labels |
| key | query | string | false | Key by which to filter |
| max_results | query | integer | false | Maximum number of Labels to return. |
| usage | query | boolean | false | Include label usage flags as well |
| value | query | string | false | Value on which to filter. Supports partial matches |
Example Response Body
200 Response
[
{
"href": "string",
"deleted": true,
"key": "string",
"value": "string",
"external_data_set": null,
"external_data_reference": null,
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
}
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | labels_get |
Get a Label
Example Code
curl -X GET /orgs/{org_id}/labels/{label_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/labels/{label_id}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| label_id | path | integer | true* | Label ID |
| usage | query | boolean | false | Include label usage flags as well |
Example Response Body
200 Response
[
{
"href": "string",
"deleted": true,
"key": "string",
"value": "string",
"external_data_set": null,
"external_data_reference": null,
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
}
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | labels_get |
Create a Label
Example Code
curl -X POST /orgs/{org_id}/labels \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/labels
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"key": "role",
"value": "string",
"external_data_set": null,
"external_data_reference": null
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | labels_post | false | none |
| » key | body | string | true* | Key in key-value pair |
| » value | body | string | true* | Value in key-value pair |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
Enumerated Values
| Parameter | Value |
|---|---|
| » key | role |
| » key | loc |
| » key | env |
| » key | app |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update a Label
Example Code
curl -X PUT /orgs/{org_id}/labels/{label_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/labels/{label_id}
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"value": "string",
"external_data_set": null,
"external_data_reference": null
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| label_id | path | integer | true* | Label ID |
| body | body | labels_put | false | none |
| » value | body | string | false | Value in key-value pair |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Label
Example Code
curl -X DELETE /orgs/{org_id}/labels/{label_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/labels/{label_id}
Exposure: Public Stable
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| label_id | path | integer | true* | Label ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Label Groups
Get Label Groups
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/label_groups \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| description | query | string | false | Description of Label Group(s) to return. Supports partial matches |
| external_data_reference | query | string | false | A unique identifier within the external data source |
| external_data_set | query | string | false | The data source from which a resource originates |
| key | query | string | false | Key by which to filter |
| max_results | query | integer | false | Maximum number of Labels to return. |
| name | query | string | false | Name of Label Group(s) to return. Supports partial matches |
| usage | query | boolean | false | Include label usage flags as well |
Example Response Body
200 Response
{
"name": "string",
"description": "string",
"key": "string",
"labels": [
{
"href": "string",
"value": "string"
}
],
"sub_groups": [
{
"href": "string",
"name": "string"
}
],
"usage": {
"label_group": true,
"ruleset": true,
"rule": true,
"static_policy_scopes": true,
"containers_inherit_host_policy_scopes": true,
"blocked_connection_reject_scope": true
},
"external_data_set": null,
"external_data_reference": null
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_label_groups_get |
Get a Label Group
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| label_group_id | path | string | true* | Label Group UUID |
| usage | query | boolean | false | Include label usage flags as well |
Example Response Body
200 Response
{
"name": "string",
"description": "string",
"key": "string",
"labels": [
{
"href": "string",
"value": "string"
}
],
"sub_groups": [
{
"href": "string",
"name": "string"
}
],
"usage": {
"label_group": true,
"ruleset": true,
"rule": true,
"static_policy_scopes": true,
"containers_inherit_host_policy_scopes": true,
"blocked_connection_reject_scope": true
},
"external_data_set": null,
"external_data_reference": null
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_label_groups_get |
Is Group Member of Other Groups?
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}/member_of \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}/member_of
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| label_group_id | path | string | true* | Label Group UUID |
Example Response Body
200 Response
[
{
"href": "string",
"name": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_label_groups_member_of_get |
Create a Label Group
Example Code
curl -X POST /orgs/{org_id}/sec_policy/{pversion}/label_groups \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"key": "string",
"labels": [
{
"href": "string"
}
],
"sub_groups": [
{
"href": "string"
}
],
"external_data_set": null,
"external_data_reference": null
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| body | body | sec_policy_label_groups_post | false | none |
| » name | body | string | true* | Name of the label group |
| » description | body | string | false | The long description of the label group |
| » key | body | string | true* | Key in key-value pair of contained labels or label groups |
| » labels | body | [object] | false | Contained labels |
| » href | body | string | true* | Label URI |
| » sub_groups | body | [object] | false | Contained label groups |
| » href | body | string | true* | Sub label group URI |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update a Label Group
Example Code
curl -X PUT /orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"labels": [
{
"href": "string"
}
],
"sub_groups": [
{
"href": "string"
}
],
"external_data_set": null,
"external_data_reference": null
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| label_group_id | path | string | true* | Label Group UUID |
| body | body | sec_policy_label_groups_put | false | none |
| » name | body | string | false | Name of the label group |
| » description | body | string | false | The long description of the label group |
| » labels | body | [object] | false | Contained labels |
| » href | body | string | true* | Label URI |
| » sub_groups | body | [object] | false | Contained label groups |
| » href | body | string | true* | Sub label group URI |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Label Group
Example Code
curl -X DELETE /orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/label_groups/{label_group_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| label_group_id | path | string | true* | Label Group UUID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Login Users
Create a User Auth Token
Example Code
curl -X POST /login_users/authenticate?pce_fqdn=string \
-u user@my-company.com:'password' -H 'Content-Type: application/json'
POST /api/v2/login_users/authenticate
Exposure: Public Stable
Auditable: Yes
Example Request Body
{}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| pce_fqdn | query | string | true* | Fully qualified name of PCE |
| body | body | login_users_authenticate_post | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update User Password
Example Code
curl -X PUT /login_users/{user_uuid}/password \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/login_users/{user_uuid}/password
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"password": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| user_uuid | path | string | true* | User UUID; use 'me' for the currently authenticated user |
| body | body | login_users_password_put | false | none |
| » password | body | string | true* | New password |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Pairing Profiles
Get Pairing Profiles
Example Code
curl -X GET /orgs/{org_id}/pairing_profiles \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/pairing_profiles
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| agent_software_release | query | string | false | The agent software release for pairing profiles |
| description | query | string | false | Description of Pairing Profile(s) to return. Supports partial matches |
| external_data_reference | query | string | false | A unique identifier within the external data source |
| external_data_set | query | string | false | The data source from which a resource originates |
| labels | query | string | false | List of lists of label URIs, encoded as a JSON string |
| max_results | query | integer | false | Maximum number of Pairing Profiles to return. |
| name | query | string | false | Name of Pairing Profile(s) to return. Supports partial matches |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"description": "string",
"mode": "idle",
"enabled": true,
"total_use_count": 0,
"allowed_uses_per_key": 1,
"key_lifespan": 1,
"last_pairing_at": "string",
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"is_default": true,
"labels": [
{
"href": "string"
}
],
"env_label_lock": true,
"loc_label_lock": true,
"role_label_lock": true,
"app_label_lock": true,
"mode_lock": true,
"log_traffic": true,
"log_traffic_lock": true,
"visibility_level": "string",
"visibility_level_lock": true,
"external_data_set": null,
"external_data_reference": null,
"agent_software_release": null
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | pairing_profiles_get |
Get a Pairing Profile
Example Code
curl -X GET /orgs/{org_id}/pairing_profiles/{pairing_profile_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pairing_profile_id | path | integer | true* | Pairing Profile ID |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"description": "string",
"mode": "idle",
"enabled": true,
"total_use_count": 0,
"allowed_uses_per_key": 1,
"key_lifespan": 1,
"last_pairing_at": "string",
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"is_default": true,
"labels": [
{
"href": "string"
}
],
"env_label_lock": true,
"loc_label_lock": true,
"role_label_lock": true,
"app_label_lock": true,
"mode_lock": true,
"log_traffic": true,
"log_traffic_lock": true,
"visibility_level": "string",
"visibility_level_lock": true,
"external_data_set": null,
"external_data_reference": null,
"agent_software_release": null
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | pairing_profiles_get |
Create a Pairing Profile
Example Code
curl -X POST /orgs/{org_id}/pairing_profiles \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/pairing_profiles
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"mode": "idle",
"enabled": true,
"allowed_uses_per_key": 1,
"key_lifespan": 1,
"labels": [
{
"href": "string"
}
],
"env_label_lock": true,
"loc_label_lock": true,
"role_label_lock": true,
"app_label_lock": true,
"mode_lock": true,
"log_traffic": true,
"log_traffic_lock": true,
"visibility_level": "flow_full_detail",
"visibility_level_lock": true,
"external_data_set": null,
"external_data_reference": null,
"agent_software_release": null
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | pairing_profiles_post | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Create a Pairing Key
Example Code
curl -X POST /orgs/{org_id}/pairing_profiles/{pairing_profile_id}/pairing_key \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id}/pairing_key
Exposure: Public Stable
Auditable: Yes
Example Request Body
{}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pairing_profile_id | path | integer | true* | Pairing Profile ID |
| body | body | pairing_profiles_pairing_key_post | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update a Pairing Profile
Example Code
curl -X PUT /orgs/{org_id}/pairing_profiles/{pairing_profile_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"mode": "idle",
"enabled": true,
"allowed_uses_per_key": 1,
"key_lifespan": 1,
"labels": [
{
"href": "string"
}
],
"env_label_lock": true,
"loc_label_lock": true,
"role_label_lock": true,
"app_label_lock": true,
"mode_lock": true,
"log_traffic": true,
"log_traffic_lock": true,
"visibility_level": "flow_full_detail",
"visibility_level_lock": true,
"external_data_set": null,
"external_data_reference": null,
"agent_software_release": null
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pairing_profile_id | path | integer | true* | Pairing Profile ID |
| body | body | pairing_profiles_put | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Pairing Profile
Example Code
curl -X DELETE /orgs/{org_id}/pairing_profiles/{pairing_profile_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/pairing_profiles/{pairing_profile_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pairing_profile_id | path | integer | true* | Pairing Profile ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Permissions
Get All Permissions
Example Code
curl -X GET /orgs/{org_id}/permissions \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/permissions
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| auth_security_principal | query | string | false | Auth_security_principal URI (JSON-encoded string) to filter on |
| role | query | string | false | Role URI (JSON-encoded string) to filter on |
| scope | query | string | false | Scope to filter on, where scope is a list of label URIs, encoded as a JSON string |
Example Response Body
200 Response
[
{
"role": {
"href": "string"
},
"scope": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"auth_security_principal": {
"href": "string"
},
"href": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | orgs_permissions_get |
Get a Permission
Example Code
curl -X GET /orgs/{org_id}/permissions/{permission_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/permissions/{permission_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| permission_id | path | string | true* | UUID of the permission |
Example Response Body
200 Response
[
{
"role": {
"href": "string"
},
"scope": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"auth_security_principal": {
"href": "string"
},
"href": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | orgs_permissions_get |
Create a Permission
Example Code
curl -X POST /orgs/{org_id}/permissions \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/permissions
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"role": {
"href": "string"
},
"scope": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"auth_security_principal": {
"href": "string"
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| body | body | orgs_permissions_post | false | none |
| » role | body | orgs_permissions_put/properties/role | true* | none |
| » href | body | string | true* | URI of Role |
| » scope | body | [object] | true* | Assigned labels summary |
| » href | body | string | true* | Label URI |
| » key | body | string | false | Key in key-value pair |
| » value | body | string | false | Value in key-value pair |
| » auth_security_principal | body | orgs_permissions_put/properties/auth_security_principal | true* | none |
| » href | body | string | true* | URI of auth_security_principal |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update a Permission
Example Code
curl -X PUT /orgs/{org_id}/permissions/{permission_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/permissions/{permission_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| permission_id | path | string | true* | UUID of the permission |
| body | body | orgs_permissions_put | false | none |
| » role | body | orgs_permissions_put/properties/role | false | none |
| » href | body | string | true* | URI of Role |
| » scope | body | [object] | false | Assigned labels |
| » href | body | string | true* | Label URI |
| » auth_security_principal | body | orgs_permissions_put/properties/auth_security_principal | false | none |
| » href | body | string | true* | URI of auth_security_principal |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Permission
Example Code
curl -X DELETE /orgs/{org_id}/permissions/{permission_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/permissions/{permission_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| permission_id | path | string | true* | UUID of the permission |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Organization Settings
Get Events Settings
Example Code
curl -X GET /orgs/{org_id}/settings/events \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/settings/events
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
Example Response Body
200 Response
{
"audit_event_retention_seconds": 0,
"audit_event_min_severity": "error",
"format": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | settings_events_get |
Update Events Settings
Example Code
curl -X PUT /orgs/{org_id}/settings/events \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/settings/events
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"audit_event_retention_seconds": 86400,
"audit_event_min_severity": "error",
"format": "JSON"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| body | body | settings_events_put | false | none |
| » audit_event_retention_seconds | body | integer | false | The time in seconds an audit event is stored in the database |
| » audit_event_min_severity | body | settings_events_get/properties/audit_event_min_severity | false | Minimum severity level of audit event messages. |
| » format | body | string | false | The log format (JSON, CEF, LEEF), which applies to all syslog destinations |
Enumerated Values
| Parameter | Value |
|---|---|
| » audit_event_min_severity | error |
| » audit_event_min_severity | warning |
| » audit_event_min_severity | informational |
| » format | JSON |
| » format | CEF |
| » format | LEEF |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Root Level Methods
Get Supercluster Leader
Example Code
curl -X GET /supercluster/leader
GET /api/v2/supercluster/leader
Authorization: Anyone
Exposure: Public Experimental
Auditable: No
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | None |
Get Available Node
Example Code
curl -X GET /node_available
GET /api/v2/node_available
Authorization: Anyone
Exposure: Public Stable
Auditable: No
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | None |
Get Illumio Core Version
Example Code
curl -X GET /product_version \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/product_version
Exposure: Public Stable
Auditable: No
Example Response Body
200 Response
{
"product_version": {
"version": "string",
"build": 0,
"release_info": "string",
"engineering_info": "string",
"long_display": "string",
"short_display": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | product_version_get |
Get No Op
Example Code
curl -X GET /noop \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/noop
Exposure: Public Stable
Auditable: No
Example Response Body
200 Response
{}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | noop_get |
Rulesets and Rules
Get Rulesets
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/rule_sets \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| description | query | string | false | Description of Rule Set(s) to return. Supports partial matches |
| external_data_reference | query | string | false | A unique identifier within the external data source |
| external_data_set | query | string | false | The data source from which a resource originates |
| labels | query | string | false | List of lists of label URIs, encoded as a JSON string |
| max_results | query | integer | false | Maximum number of Rule Sets to return. |
| name | query | string | false | Name of Rule Set(s) to return. Supports partial matches |
Example Response Body
200 Response
{
"href": "string",
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"update_type": "string",
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"enabled": true,
"scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"rules": [
{
"href": "string",
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true,
"update_type": "string"
}
],
"ip_tables_rules": [
{
"href": "string",
"enabled": true,
"description": "string",
"statements": [
{
"table_name": "nat",
"chain_name": "PREROUTING",
"parameters": "string"
}
],
"actors": [
{
"actors": "string",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
}
}
],
"ip_version": "4"
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_rule_sets_get |
Get a Ruleset
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| rule_set_id | path | integer | true* | Rule Set ID |
Example Response Body
200 Response
{
"href": "string",
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"update_type": "string",
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"enabled": true,
"scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"rules": [
{
"href": "string",
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true,
"update_type": "string"
}
],
"ip_tables_rules": [
{
"href": "string",
"enabled": true,
"description": "string",
"statements": [
{
"table_name": "nat",
"chain_name": "PREROUTING",
"parameters": "string"
}
],
"actors": [
{
"actors": "string",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
}
}
],
"ip_version": "4"
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_rule_sets_get |
Create a Ruleset
Example Code
curl -X POST /orgs/{org_id}/sec_policy/{pversion}/rule_sets \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"enabled": true,
"scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"rules": [
{
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true
}
],
"ip_tables_rules": [
{
"enabled": true,
"description": "string",
"statements": [
{
"table_name": "nat",
"chain_name": "PREROUTING",
"parameters": "string"
}
],
"actors": [
{
"actors": "string",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
}
}
],
"ip_version": "4"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| body | body | sec_policy_rule_sets_post | false | none |
| » name | body | string | true* | Name (must be unique) |
| » description | body | string | false | Description |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
| » enabled | body | boolean | false | Enabled flag |
| » scopes | body | [sec_policy_firewall_settings_get/properties/blocked_connection_reject_scopes/items] | true* | Rule set scopes |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » rules | body | [object] | false | Array of sec rules (access rules) in this rule set |
| » enabled | body | boolean | true* | Enabled flag |
| » description | body | string | false | Description |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
| » ingress_services | body | [oneOf] | true* | Array of service URI and port/protocol combinations |
| » anonymous | body | sec_policy_dependencies_post/properties/change_subset/properties/virtual_services/items | false | none |
| » href | body | string | true* | none |
| » anonymous | body | object | false | none |
| » port | body | integer | false | Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol. |
| » to_port | body | integer | false | Upper end of port range; this field should not be included if specifying an individual port. |
| » proto | body | integer | true* | Transport protocol (numeric) |
| » resolve_labels_as | body | sec_policy_rule_sets_put/properties/rules/items/properties/resolve_labels_as | true* | none |
| » providers | body | [string] | true* | none |
| » consumers | body | [string] | true* | none |
| » sec_connect | body | boolean | false | Whether a secure connection is established |
| » stateless | body | boolean | false | Whether packet filtering is stateless for the rule |
| » machine_auth | body | boolean | false | Whether machine authentication is enabled |
| » providers | body | [object] | true* | Providers |
| » actors | body | string | false | Rule actors are all workloads ('ams') |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » workload | body | object | false | none |
| » href | body | string | true* | Workload URI |
| » virtual_service | body | object | false | none |
| » href | body | string | true* | Virtual service URI |
| » virtual_server | body | object | false | none |
| » href | body | string | true* | Virtual server URI |
| » ip_list | body | object | false | URI of associated IP List |
| » href | body | string | true* | IP List URI |
| » consumers | body | [object] | true* | Consumers |
| » actors | body | string | false | Rule actors are all workloads or container host |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » workload | body | object | false | none |
| » href | body | string | true* | Workload URI |
| » virtual_service | body | object | false | none |
| » href | body | string | true* | Virtual service URI |
| » ip_list | body | object | false | URI of associated IP List |
| » href | body | string | true* | IP List URI |
| » consuming_security_principals | body | [object] | false | Hrefs of consuming security principals |
| » href | body | string | false | none |
| » unscoped_consumers | body | boolean | false | Set the scope for rule consumers to All |
| » ip_tables_rules | body | [object] | false | Array of custom iptables rules in this rule set |
| » enabled | body | boolean | true* | Enabled flag |
| » description | body | string | false | Description |
| » statements | body | [sec_policy_rule_sets_put/properties/ip_tables_rules/items/properties/statements/items] | true* | list of the iptables statements in this rule |
| » table_name | body | string | true* | name of the iptables table for this rule |
| » chain_name | body | string | true* | name of the iptables chain for this rule |
| » parameters | body | string | true* | the remainder of the iptables rules (excluding table/chain) |
| » actors | body | [object] | true* | none |
| » actors | body | string | false | Rule Actors are all workloads ('ams') |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » workload | body | object | false | none |
| » href | body | string | true* | Workload URI |
| » ip_version | body | string | true* | IP version for the rules to be applied to |
Enumerated Values
| Parameter | Value |
|---|---|
| » proto | 6 |
| » proto | 17 |
| » providers | workloads |
| » providers | virtual_services |
| » consumers | workloads |
| » consumers | virtual_services |
| » actors | ams |
| » actors | ams |
| » actors | container_host |
| » table_name | nat |
| » table_name | mangle |
| » table_name | filter |
| » chain_name | PREROUTING |
| » chain_name | INPUT |
| » chain_name | OUTPUT |
| » chain_name | FORWARD |
| » chain_name | POSTROUTING |
| » ip_version | 4 |
| » ip_version | 6 |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update a Ruleset
Example Code
curl -X PUT /orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"enabled": true,
"update_type": "create",
"scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"rules": [
{}
],
"ip_tables_rules": [
{}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| rule_set_id | path | integer | true* | Rule Set ID |
| body | body | sec_policy_rule_sets_put | false | none |
| » name | body | string | false | Name (must be unique) |
| » description | body | string | false | Description |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
| » enabled | body | boolean | false | Enabled flag |
| » update_type | body | string | false | Type of update |
| » scopes | body | [sec_policy_firewall_settings_get/properties/blocked_connection_reject_scopes/items] | false | Rule set scopes |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » rules | body | [anyOf] | false | Array of rules in this rule set |
| » href | body | string | false | URI of Rule |
| » enabled | body | boolean | false | Enabled flag |
| » description | body | string | false | Description |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string | false | External data reference identifier |
| » ingress_services | body | [oneOf] | false | Array of service URI and port/protocol combinations |
| » anonymous | body | sec_policy_dependencies_post/properties/change_subset/properties/virtual_services/items | false | none |
| » href | body | string | true* | none |
| » anonymous | body | object | false | none |
| » port | body | integer | false | Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol. |
| » to_port | body | integer | false | Upper end of port range; this field should not be included if specifying an individual port. |
| » proto | body | integer | true* | Transport protocol (numeric) |
| » resolve_labels_as | body | sec_policy_rule_sets_put/properties/rules/items/properties/resolve_labels_as | false | none |
| » providers | body | [string] | true* | none |
| » consumers | body | [string] | true* | none |
| » sec_connect | body | boolean | false | Whether a secure connection is established |
| » stateless | body | boolean | false | Whether packet filtering is stateless for the rule |
| » machine_auth | body | boolean | false | Whether machine authentication is enabled |
| » providers | body | [object] | false | Providers |
| » actors | body | string | false | Rule actors are all workloads ('ams') |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » workload | body | object | false | none |
| » href | body | string | true* | Workload URI |
| » virtual_service | body | object | false | none |
| » href | body | string | true* | Virtual service URI |
| » virtual_server | body | object | false | none |
| » href | body | string | true* | Virtual server URI |
| » ip_list | body | object | false | URI of associated IP List |
| » href | body | string | true* | IP List URI |
| » consumers | body | [object] | false | Consumers |
| » actors | body | string | false | Rule actors are all workloads or container host |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » workload | body | object | false | none |
| » href | body | string | true* | Workload URI |
| » virtual_service | body | object | false | none |
| » href | body | string | true* | Virtual service URI |
| » ip_list | body | object | false | URI of associated IP List |
| » href | body | string | true* | IP List URI |
| » consuming_security_principals | body | [object] | false | Hrefs of consuming security principals |
| » href | body | string | false | none |
| » update_type | body | string | false | Type of update |
| » unscoped_consumers | body | boolean | false | Set the scope for rule consumers to All |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
| » ip_tables_rules | body | [anyOf] | false | Array of iptables rules in this ruleset |
| » href | body | string | false | URI of Rule |
| » enabled | body | boolean | false | Enabled flag |
| » description | body | string | false | Description |
| » statements | body | [sec_policy_rule_sets_put/properties/ip_tables_rules/items/properties/statements/items] | false | list of the iptables statements in this rule |
| » table_name | body | string | true* | name of the iptables table for this rule |
| » chain_name | body | string | true* | name of the iptables chain for this rule |
| » parameters | body | string | true* | the remainder of the iptables rules (excluding table/chain) |
| » actors | body | [object] | false | none |
| » actors | body | string | false | Rule Actors are all workloads ('ams') |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » workload | body | object | false | none |
| » href | body | string | true* | Workload URI |
| » ip_version | body | string | false | IP version for the rules to be applied to |
| » update_type | body | string | false | Type of update |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
Enumerated Values
| Parameter | Value |
|---|---|
| » update_type | create |
| » update_type | update |
| » update_type | delete |
| » proto | 6 |
| » proto | 17 |
| » providers | workloads |
| » providers | virtual_services |
| » consumers | workloads |
| » consumers | virtual_services |
| » actors | ams |
| » actors | ams |
| » actors | container_host |
| » update_type | create |
| » update_type | update |
| » update_type | delete |
| » table_name | nat |
| » table_name | mangle |
| » table_name | filter |
| » chain_name | PREROUTING |
| » chain_name | INPUT |
| » chain_name | OUTPUT |
| » chain_name | FORWARD |
| » chain_name | POSTROUTING |
| » ip_version | 4 |
| » ip_version | 6 |
| » update_type | create |
| » update_type | update |
| » update_type | delete |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Ruleset
Example Code
curl -X DELETE /orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}
Exposure: Public Stable
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| rule_set_id | path | integer | true* | Rule Set ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Get Security Rules
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| rule_set_id | path | integer | true* | Rule Set ID |
| external_data_reference | query | string | false | A unique identifier within the external data source |
| external_data_set | query | string | false | The data source from which a resource originates |
Example Response Body
200 Response
{
"href": "string",
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true,
"update_type": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_rule_sets_sec_rules_get |
Get a Security Rule
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| rule_set_id | path | integer | true* | Rule Set ID |
| sec_rule_id | path | integer | true* | Rule ID |
Example Response Body
200 Response
{
"href": "string",
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true,
"update_type": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_rule_sets_sec_rules_get |
Create a Security Rule
Example Code
curl -X POST /orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| rule_set_id | path | integer | true* | Rule Set ID |
| body | body | sec_policy_rule_sets_sec_rules_post | false | none |
| » enabled | body | boolean | true* | Enabled flag |
| » description | body | string | false | Description |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
| » ingress_services | body | [oneOf] | true* | Array of service URI and port/protocol combinations |
| » anonymous | body | sec_policy_dependencies_post/properties/change_subset/properties/virtual_services/items | false | none |
| » href | body | string | true* | none |
| » anonymous | body | object | false | none |
| » port | body | integer | false | Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol. |
| » to_port | body | integer | false | Upper end of port range; this field should not be included if specifying an individual port. |
| » proto | body | integer | true* | Transport protocol (numeric) |
| » resolve_labels_as | body | sec_policy_rule_sets_put/properties/rules/items/properties/resolve_labels_as | true* | none |
| » providers | body | [string] | true* | none |
| » consumers | body | [string] | true* | none |
| » sec_connect | body | boolean | false | Whether a secure connection is established |
| » stateless | body | boolean | false | Whether packet filtering is stateless for the rule |
| » machine_auth | body | boolean | false | Whether machine authentication is enabled |
| » providers | body | [object] | true* | Providers |
| » actors | body | string | false | Rule actors are all workloads ('ams') |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » workload | body | object | false | none |
| » href | body | string | true* | Workload URI |
| » virtual_service | body | object | false | none |
| » href | body | string | true* | Virtual service URI |
| » virtual_server | body | object | false | none |
| » href | body | string | true* | Virtual server URI |
| » ip_list | body | object | false | URI of associated IP List |
| » href | body | string | true* | IP List URI |
| » consumers | body | [object] | true* | Consumers |
| » actors | body | string | false | Rule actors are all workloads or container host |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » workload | body | object | false | none |
| » href | body | string | true* | Workload URI |
| » virtual_service | body | object | false | none |
| » href | body | string | true* | Virtual service URI |
| » ip_list | body | object | false | URI of associated IP List |
| » href | body | string | true* | IP List URI |
| » consuming_security_principals | body | [object] | false | Hrefs of consuming security principals |
| » href | body | string | false | none |
| » unscoped_consumers | body | boolean | false | Set the scope for rule consumers to All |
Enumerated Values
| Parameter | Value |
|---|---|
| » proto | 6 |
| » proto | 17 |
| » providers | workloads |
| » providers | virtual_services |
| » consumers | workloads |
| » consumers | virtual_services |
| » actors | ams |
| » actors | ams |
| » actors | container_host |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update a Security Rule
Example Code
curl -X PUT /orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id}
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"update_type": "create",
"unscoped_consumers": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| rule_set_id | path | integer | true* | Rule Set ID |
| sec_rule_id | path | integer | true* | Rule ID |
| body | body | sec_policy_rule_sets_sec_rules_put | false | none |
| » enabled | body | boolean | false | Enabled flag |
| » description | body | string | false | Description |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
| » ingress_services | body | [oneOf] | false | Array of service URI and port/protocol combinations |
| » anonymous | body | sec_policy_dependencies_post/properties/change_subset/properties/virtual_services/items | false | none |
| » href | body | string | true* | none |
| » anonymous | body | object | false | none |
| » port | body | integer | false | Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol. |
| » to_port | body | integer | false | Upper end of port range; this field should not be included if specifying an individual port. |
| » proto | body | integer | true* | Transport protocol (numeric) |
| » resolve_labels_as | body | sec_policy_rule_sets_put/properties/rules/items/properties/resolve_labels_as | false | none |
| » providers | body | [string] | true* | none |
| » consumers | body | [string] | true* | none |
| » sec_connect | body | boolean | false | Whether a secure connection is established |
| » stateless | body | boolean | false | Whether packet filtering is stateless for the rule |
| » machine_auth | body | boolean | false | Whether machine authentication is enabled |
| » providers | body | [object] | false | Providers |
| » actors | body | string | false | Rule actors are all workloads ('ams') |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » workload | body | object | false | none |
| » href | body | string | true* | Workload URI |
| » virtual_service | body | object | false | none |
| » href | body | string | true* | Virtual service URI |
| » virtual_server | body | object | false | none |
| » href | body | string | true* | Virtual server URI |
| » ip_list | body | object | false | URI of associated IP List |
| » href | body | string | true* | IP List URI |
| » consumers | body | [object] | false | Consumers |
| » actors | body | string | false | Rule actors are all workloads or container host |
| » label | body | object | false | none |
| » href | body | string | true* | Label URI |
| » label_group | body | object | false | none |
| » href | body | string | true* | Label group URI |
| » workload | body | object | false | none |
| » href | body | string | true* | Workload URI |
| » virtual_service | body | object | false | none |
| » href | body | string | true* | Virtual service URI |
| » ip_list | body | object | false | URI of associated IP List |
| » href | body | string | true* | IP List URI |
| » consuming_security_principals | body | [object] | false | Hrefs of consuming security principals |
| » href | body | string | false | none |
| » update_type | body | string | false | Type of update |
| » unscoped_consumers | body | boolean | false | Set the scope for rule consumers to All |
Enumerated Values
| Parameter | Value |
|---|---|
| » proto | 6 |
| » proto | 17 |
| » providers | workloads |
| » providers | virtual_services |
| » consumers | workloads |
| » consumers | virtual_services |
| » actors | ams |
| » actors | ams |
| » actors | container_host |
| » update_type | create |
| » update_type | update |
| » update_type | delete |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Security Rule
Example Code
curl -X DELETE /orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/rule_sets/{rule_set_id}/sec_rules/{sec_rule_id}
Exposure: Public Stable
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| rule_set_id | path | integer | true* | Rule Set ID |
| sec_rule_id | path | integer | true* | Rule ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Security Policies
Get Security Policy Versions
Example Code
curl -X GET /orgs/{org_id}/sec_policy \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
Example Response Body
200 Response
{
"href": "string",
"version": "string",
"workloads_affected": 0,
"commit_message": "string",
"object_counts": {
"rule_sets": 0,
"ip_lists": 0,
"services": 0,
"virtual_services": 0,
"label_groups": 0,
"virtual_servers": 0,
"firewall_settings": 0,
"secure_connect_gateways": 0
},
"created_at": "string",
"created_by": {
"href": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_get |
Get a Security Policy Version
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
Example Response Body
200 Response
{
"href": "string",
"version": "string",
"workloads_affected": 0,
"commit_message": "string",
"object_counts": {
"rule_sets": 0,
"ip_lists": 0,
"services": 0,
"virtual_services": 0,
"label_groups": 0,
"virtual_servers": 0,
"firewall_settings": 0,
"secure_connect_gateways": 0
},
"created_at": "string",
"created_by": {
"href": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_get |
Get Security Policy Modifications
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/modified_objects \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/modified_objects
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
Example Response Body
200 Response
{
"update_type": null,
"object_type": null,
"href": null,
"name": "string",
"modified_at": "string",
"modified_by": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_modified_objects_get |
Get Pending Security Policy
Example Code
curl -X GET /orgs/{org_id}/sec_policy/pending \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/pending
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
Example Response Body
200 Response
{
"rule_sets": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "string",
"related_ip_lists": [
{
"href": "string"
}
],
"related_services": [
{
"href": "string"
}
]
}
],
"firewall_settings": {
"href": "string",
"update_type": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z"
},
"ip_lists": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
],
"services": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
],
"virtual_servers": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
],
"label_groups": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
],
"secure_connect_gateways": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
],
"virtual_services": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_pending_get |
Revert Pending Security Policy
Example Code
curl -X PUT /orgs/{org_id}/sec_policy/delete \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/sec_policy/delete
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"change_subset": {
"label_groups": [
{
"href": "string"
}
],
"services": [
{
"href": "string"
}
],
"rule_sets": [
{
"href": "string"
}
],
"ip_lists": [
{
"href": "string"
}
],
"virtual_services": [
{
"href": "string"
}
],
"firewall_settings": [
{
"href": "string"
}
],
"secure_connect_gateways": [
{
"href": "string"
}
],
"virtual_servers": [
{
"href": "string"
}
]
}
}
Parameters
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Get Security Policy Dependencies
Example Code
curl -X POST /orgs/{org_id}/sec_policy/{pversion}/dependencies \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/dependencies
Exposure: Public Experimental
Auditable: No
Example Request Body
{
"operation": "commit",
"change_subset": {
"label_groups": [
{
"href": "string"
}
],
"services": [
{
"href": "string"
}
],
"rule_sets": [
{
"href": "string"
}
],
"ip_lists": [
{
"href": "string"
}
],
"virtual_services": [
{
"href": "string"
}
],
"firewall_settings": [
{
"href": "string"
}
],
"secure_connect_gateways": [
{
"href": "string"
}
],
"virtual_servers": [
{
"href": "string"
}
]
}
}
Parameters
Enumerated Values
| Parameter | Value |
|---|---|
| » operation | commit |
| » operation | revert |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Provision Security Policy Changes
Example Code
curl -X POST /orgs/{org_id}/sec_policy \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/sec_policy
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"update_description": "string",
"change_subset": {
"label_groups": [
{
"href": "string"
}
],
"services": [
{
"href": "string"
}
],
"rule_sets": [
{
"href": "string"
}
],
"ip_lists": [
{
"href": "string"
}
],
"virtual_services": [
{
"href": "string"
}
],
"firewall_settings": [
{
"href": "string"
}
],
"secure_connect_gateways": [
{
"href": "string"
}
],
"virtual_servers": [
{
"href": "string"
}
]
}
}
Parameters
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Restore Previous Security Policy
Example Code
curl -X POST /orgs/{org_id}/sec_policy/{pversion}/restore \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/restore
Exposure: Public Stable
Auditable: No
Example Request Body
{}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| body | body | sec_policy_restore_post | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Security Policy Check
Get Rules Allowing Communication
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/allow \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/allow
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| dst_container_workload | query | string | false | The URI of the destination container workload |
| dst_external_ip | query | string | false | The external IP of the destination workload |
| dst_workload | query | string | false | The URI of the destination workload |
| port | query | integer | false | The specific port number to check |
| protocol | query | integer | false | The specific protocol number to check |
| service | query | string | false | The specific service to check |
| src_container_workload | query | string | false | The URI of the source container workload |
| src_external_ip | query | string | false | The external IP of the source workload |
| src_workload | query | string | false | The URI of the source workload |
Example Response Body
200 Response
[
{
"href": "string",
"enabled": true,
"description": "string",
"service": {
"href": "string"
},
"ub_service": null,
"sec_connect": true,
"providers": [
{
"actors": "string",
"label": {
"href": "string"
},
"agent": {
"href": "string"
},
"workload": {
"href": "string"
},
"bound_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "string",
"label": {
"href": "string"
},
"agent": {
"href": "string"
},
"workload": {
"href": "string"
},
"bound_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_allow_get |
Security Principals
Get Security Principals
Example Code
curl -X GET /orgs/{org_id}/security_principals \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/security_principals
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| max_results | query | integer | false | Maximum number of entries to return |
| name | query | string | false | Name of security principal to filter by |
| sid | query | string | false | SID of security principal to filter by |
Example Response Body
200 Response
{
"sid": "string",
"name": "string",
"description": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | security_principals_get |
Get a Security Principal
Example Code
curl -X GET /orgs/{org_id}/security_principals/{sid} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/security_principals/{sid}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| sid | path | string | true* | Security principal SID |
Example Response Body
200 Response
{
"sid": "string",
"name": "string",
"description": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | security_principals_get |
Create a Security Principal
Example Code
curl -X POST /orgs/{org_id}/security_principals \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/security_principals
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"sid": "string",
"name": "string",
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | security_principals_get | false | none |
| » sid | body | string | true* | Active Directory SID (or any other unique identifier) |
| » name | body | string | true* | Name of the security principal |
| » description | body | string | false | A longer description of the security principal |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Bulk Create Security Principals
Example Code
curl -X PUT /orgs/{org_id}/security_principals/bulk_create \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/security_principals/bulk_create
Exposure: Public Stable
Auditable: Yes
Example Request Body
[
{
"sid": "string",
"name": "string",
"description": "string"
}
]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | security_principals_bulk_create_put | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Update a Security Principal
Example Code
curl -X PUT /orgs/{org_id}/security_principals/{sid} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/security_principals/{sid}
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| sid | path | string | true* | Security principal SID |
| body | body | security_principals_put | false | none |
| » name | body | string | false | Name of the security principal |
| » description | body | string | false | A longer description of the security principal |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Security Principal
Example Code
curl -X DELETE /orgs/{org_id}/security_principals/{sid}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/security_principals/{sid}
Exposure: Public Stable
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| sid | path | string | true* | Security principal SID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Services
Get Security Policy Services
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/services \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/services
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| description | query | string | false | Description of Service(s) to return. Supports partial matches |
| external_data_reference | query | string | false | A unique identifier within the external data source |
| external_data_set | query | string | false | The data source from which a resource originates |
| max_results | query | integer | false | Maximum number of Services to return. |
| name | query | string | false | Name of Service(s) to return. Supports partial matches |
| port | query | string | false | Specify port or port range to filter results. The range is from -1 to 65535 (0 is not supported). |
| proto | query | integer | false | Protocol to filter on |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"description": "string",
"description_url": "string",
"process_name": "string",
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"windows_services": [
{
"service_name": "string",
"process_name": "string",
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"external_data_set": null,
"external_data_reference": null,
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"update_type": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_services_get |
Get a Security Policy Service
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/services/{service_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/services/{service_id}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| service_id | path | string | true* | Service ID |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"description": "string",
"description_url": "string",
"process_name": "string",
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"windows_services": [
{
"service_name": "string",
"process_name": "string",
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"external_data_set": null,
"external_data_reference": null,
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"update_type": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_services_get |
Create a Security Policy Service
Example Code
curl -X POST /orgs/{org_id}/sec_policy/{pversion}/services \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/services
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"process_name": "string",
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"windows_services": [
{
"service_name": "string",
"process_name": "string",
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"external_data_set": null,
"external_data_reference": null
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| body | body | sec_policy_services_post | false | none |
| » name | body | string | true* | Name (does not need to be unique) |
| » description | body | string | false | Description |
| » process_name | body | string | false | The process name |
| » service_ports | body | [object] | false | Service ports |
| » port | body | integer | false | Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range. |
| » to_port | body | integer | false | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | body | workloads_get/properties/services/properties/open_service_ports/items/properties/protocol | true* | Transport protocol |
| » icmp_type | body | integer | false | ICMP Type (integer 0-255 for icmp protocol) |
| » icmp_code | body | integer | false | ICMP Code (integer 0-15 for icmp protocol) |
| » windows_services | body | [sec_policy_rule_search_post/properties/ingress_services/items/oneOf/1] | false | Windows services |
| » service_name | body | string | false | Name of Windows Service |
| » process_name | body | string | false | Name of running process |
| » port | body | integer | false | Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range. |
| » to_port | body | integer | false | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | body | workloads_get/properties/services/properties/open_service_ports/items/properties/protocol | false | Transport protocol |
| » icmp_type | body | integer | false | ICMP Type (integer 0-255 for icmp protocol) |
| » icmp_code | body | integer | false | ICMP Code (integer 0-15 for icmp protocol) |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update a Security Policy Service
Example Code
curl -X PUT /orgs/{org_id}/sec_policy/{pversion}/services/{service_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/services/{service_id}
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"process_name": "string",
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"windows_services": [
{
"service_name": "string",
"process_name": "string",
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"external_data_set": null,
"external_data_reference": null
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| service_id | path | string | true* | Service ID |
| body | body | sec_policy_services_put | false | none |
| » name | body | string | false | Name (does not need to be unique) |
| » description | body | string | false | Description |
| » process_name | body | string | false | The process name |
| » service_ports | body | [object] | false | Service ports |
| » port | body | integer | false | Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range. |
| » to_port | body | integer | false | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | body | workloads_get/properties/services/properties/open_service_ports/items/properties/protocol | true* | Transport protocol |
| » icmp_type | body | integer | false | ICMP Type (integer 0-255 for icmp protocol) |
| » icmp_code | body | integer | false | ICMP Code (integer 0-15 for icmp protocol) |
| » windows_services | body | [sec_policy_rule_search_post/properties/ingress_services/items/oneOf/1] | false | Windows services |
| » service_name | body | string | false | Name of Windows Service |
| » process_name | body | string | false | Name of running process |
| » port | body | integer | false | Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range. |
| » to_port | body | integer | false | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | body | workloads_get/properties/services/properties/open_service_ports/items/properties/protocol | false | Transport protocol |
| » icmp_type | body | integer | false | ICMP Type (integer 0-255 for icmp protocol) |
| » icmp_code | body | integer | false | ICMP Code (integer 0-15 for icmp protocol) |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Security Policy Service
Example Code
curl -X DELETE /orgs/{org_id}/sec_policy/{pversion}/services/{service_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/services/{service_id}
Exposure: Public Stable
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| service_id | path | string | true* | Service ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Settings
Get Settings Traffic Collectors
Example Code
curl -X GET /orgs/{org_id}/settings/traffic_collector \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/settings/traffic_collector
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
Example Response Body
200 Response
{
"href": "string",
"transmission": "string",
"target": {
"dst_port": 0,
"proto": 0,
"dst_ip": "string"
},
"action": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | settings_traffic_collector_get |
Create a Settings Traffic Collector
Example Code
curl -X POST /orgs/{org_id}/settings/traffic_collector \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/settings/traffic_collector
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"transmission": "broadcast",
"target": {
"dst_port": 0,
"proto": 0,
"dst_ip": "string"
},
"action": "drop"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| body | body | settings_traffic_collector_post | false | none |
| » transmission | body | string | true* | transmission type: broadcast/multicast |
| » target | body | object | false | none |
| » dst_port | body | integer | false | none |
| » proto | body | integer | true* | none |
| » dst_ip | body | string | false | single ip address or CIDR |
| » action | body | string | true* | drop or aggregate the target traffic |
Enumerated Values
| Parameter | Value |
|---|---|
| » transmission | broadcast |
| » transmission | multicast |
| » action | drop |
| » action | aggregate |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update a Settings Traffic Collector
Example Code
curl -X PUT /orgs/{org_id}/settings/traffic_collector/{traffic_collector_setting_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/settings/traffic_collector/{traffic_collector_setting_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"transmission": "broadcast",
"target": {
"dst_port": null,
"proto": 0,
"dst_ip": "string"
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| traffic_collector_setting_id | path | string | true* | traffic_collector setting UUID |
| body | body | settings_traffic_collector_put | false | none |
| » transmission | body | string | false | transmission type: broadcast/multicast |
| » target | body | object | false | none |
| » dst_port | body | integer,null | false | none |
| » proto | body | integer | false | none |
| » dst_ip | body | string | false | single ip address or CIDR |
Enumerated Values
| Parameter | Value |
|---|---|
| » transmission | broadcast |
| » transmission | multicast |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Get a Settings Traffic Collector
Example Code
curl -X GET /orgs/{org_id}/settings/traffic_collector/{traffic_collector_setting_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/settings/traffic_collector/{traffic_collector_setting_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| traffic_collector_setting_id | path | string | true* | traffic_collector setting UUID |
Example Response Body
200 Response
{
"href": "string",
"transmission": "string",
"target": {
"dst_port": 0,
"proto": 0,
"dst_ip": "string"
},
"action": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | settings_traffic_collector_get |
Delete a Settings Traffic Collector
Example Code
curl -X DELETE /orgs/{org_id}/settings/traffic_collector/{traffic_collector_setting_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/settings/traffic_collector/{traffic_collector_setting_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| traffic_collector_setting_id | path | string | true* | traffic_collector setting UUID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Syslog Destinations
Get Syslog Destinations
Example Code
curl -X GET /orgs/{org_id}/settings/syslog/destinations \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/settings/syslog/destinations
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
Example Response Body
200 Response
[
{
"href": "string",
"pce_scope": [
"string"
],
"type": "string",
"description": "string",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": true,
"min_severity": "error"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address": "string",
"port": 0,
"protocol": 0,
"tls_enabled": true,
"tls_ca_bundle": "string",
"tls_verify_cert": true
}
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | settings_syslog_destinations_get |
Get a Syslog Destination
Example Code
curl -X GET /orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| syslog_destination_id | path | string | true* | PCE destination UUID |
Example Response Body
200 Response
[
{
"href": "string",
"pce_scope": [
"string"
],
"type": "string",
"description": "string",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": true,
"min_severity": "error"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address": "string",
"port": 0,
"protocol": 0,
"tls_enabled": true,
"tls_ca_bundle": "string",
"tls_verify_cert": true
}
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | settings_syslog_destinations_get |
Create a Syslog Destination
Example Code
curl -X POST /orgs/{org_id}/settings/syslog/destinations \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/settings/syslog/destinations
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"pce_scope": [
"string"
],
"type": "local_syslog",
"description": "string",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": true,
"min_severity": "error"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address": "string",
"port": 0,
"protocol": 0,
"tls_enabled": true,
"tls_ca_bundle": "string",
"tls_verify_cert": true
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| body | body | settings_syslog_destinations_post | false | none |
| » pce_scope | body | [string] | true* | none |
| » type | body | string | true* | Destination type |
| » description | body | string | true* | Description of the destination |
| » audit_event_logger | body | object | true* | none |
| » configuration_event_included | body | boolean | true* | Configuration (Northbound) auditable events |
| » system_event_included | body | boolean | true* | System (PCE) auditable events |
| » min_severity | body | settings_events_get/properties/audit_event_min_severity | true* | Minimum severity level of audit event messages. |
| » traffic_event_logger | body | object | true* | none |
| » traffic_flow_allowed_event_included | body | boolean | true* | Set to enable traffic flow events |
| » traffic_flow_potentially_blocked_event_included | body | boolean | true* | Set to enable traffic flow events |
| » traffic_flow_blocked_event_included | body | boolean | true* | Set to enable traffic flow events |
| » node_status_logger | body | object | true* | none |
| » node_status_included | body | boolean | true* | Syslog messages regarding status of the nodes |
| » remote_syslog | body | object | false | none |
| » address | body | string | true* | The remote syslog IP or DNS address |
| » port | body | integer | true* | The remote syslog port |
| » protocol | body | integer | true* | The protocol for streaming syslog messages |
| » tls_enabled | body | boolean | true* | To enable TLS |
| » tls_ca_bundle | body | string | false | Trustee CA bundle |
| » tls_verify_cert | body | boolean | true* | Perform TLS verification |
Enumerated Values
| Parameter | Value |
|---|---|
| » type | local_syslog |
| » type | remote_syslog |
| » min_severity | error |
| » min_severity | warning |
| » min_severity | informational |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update a Syslog Destination
Example Code
curl -X PUT /orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"href": "string",
"pce_scope": [
"string"
],
"type": "local_syslog",
"description": "string",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": true,
"min_severity": "error"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address": "string",
"port": 0,
"protocol": 0,
"tls_enabled": true,
"tls_ca_bundle": "string",
"tls_verify_cert": true
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| syslog_destination_id | path | string | true* | PCE destination UUID |
| body | body | settings_syslog_destinations_put | false | none |
| » href | body | string | false | URI of the destination |
| » pce_scope | body | [string] | false | none |
| » type | body | string | false | Destination type |
| » description | body | string | false | Description of the destination |
| » audit_event_logger | body | object | false | none |
| » configuration_event_included | body | boolean | false | Configuration (Northbound) auditable events |
| » system_event_included | body | boolean | false | System (PCE) auditable events |
| » min_severity | body | settings_events_get/properties/audit_event_min_severity | false | Minimum severity level of audit event messages. |
| » traffic_event_logger | body | object | false | none |
| » traffic_flow_allowed_event_included | body | boolean | false | Set to enable traffic flow events |
| » traffic_flow_potentially_blocked_event_included | body | boolean | false | Set to enable traffic flow events |
| » traffic_flow_blocked_event_included | body | boolean | false | Set to enable traffic flow events |
| » node_status_logger | body | object | false | none |
| » node_status_included | body | boolean | false | Syslog messages regarding status of the nodes |
| » remote_syslog | body | object | false | none |
| » address | body | string | false | The remote syslog IP or DNS address |
| » port | body | integer | false | The remote syslog port |
| » protocol | body | integer | false | The protocol for streaming syslog messages |
| » tls_enabled | body | boolean | false | To enable TLS |
| » tls_ca_bundle | body | string | false | Trustee CA bundle |
| » tls_verify_cert | body | boolean | false | Perform TLS verification |
Enumerated Values
| Parameter | Value |
|---|---|
| » type | local_syslog |
| » type | remote_syslog |
| » min_severity | error |
| » min_severity | warning |
| » min_severity | informational |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Syslog Destination
Example Code
curl -X DELETE /orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/settings/syslog/destinations/{syslog_destination_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| syslog_destination_id | path | string | true* | PCE destination UUID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
System Events
Get System Events
Example Code
curl -X GET /system_events \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/system_events
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| created_by | query | string | false | User, agent, or system that created the event |
| event_type | query | string | false | Type of event |
| max_results | query | integer | false | Maximum number of results to return |
| severity | query | string | false | Severity of event |
| status | query | string | false | Status of event |
| timestamp[gte] | query | string | false | Earliest event date to return (RFC 3339 format) |
| timestamp[lte] | query | string | false | Latest event date to return (RFC 3339 format) |
Enumerated Values
| Parameter | Value |
|---|---|
| severity | emerg |
| severity | alert |
| severity | crit |
| severity | warning |
| severity | err |
| severity | notice |
| severity | info |
| severity | debug |
| status | success |
| status | failure |
| timestamp[gte] | success |
| timestamp[gte] | failure |
| timestamp[lte] | success |
| timestamp[lte] | failure |
Example Response Body
200 Response
{
"href": "string",
"org_id": 0,
"version": "string",
"event_id": "string",
"event_type": "string",
"status": "string",
"severity": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"action": {
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"event_type": "string",
"status": "string",
"severity": "string",
"task_name": "string",
"api_endpoint": "string",
"api_method": "string",
"http_status_code": 0,
"src_ip": "string",
"errors": [
{
"token": "string",
"message": "string"
}
],
"info": {}
},
"resource_changes": [
{
"href": "string",
"version": "string",
"org_id": 0,
"uuid": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"resource": null,
"changes": {},
"change_type": "string"
}
],
"notifications": [
{
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"notification_type": "string",
"severity": "err",
"info": {}
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | system_events_get |
Get a System Event
Example Code
curl -X GET /system_events/{composite_log_event_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/system_events/{composite_log_event_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| composite_log_event_id | path | string | true* | UUID of system event to return |
Example Response Body
200 Response
{
"href": "string",
"org_id": 0,
"version": "string",
"event_id": "string",
"event_type": "string",
"status": "string",
"severity": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"action": {
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"event_type": "string",
"status": "string",
"severity": "string",
"task_name": "string",
"api_endpoint": "string",
"api_method": "string",
"http_status_code": 0,
"src_ip": "string",
"errors": [
{
"token": "string",
"message": "string"
}
],
"info": {}
},
"resource_changes": [
{
"href": "string",
"version": "string",
"org_id": 0,
"uuid": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"resource": null,
"changes": {},
"change_type": "string"
}
],
"notifications": [
{
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"notification_type": "string",
"severity": "err",
"info": {}
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | system_events_get |
Users
Get All Users' Information
Example Code
curl -X GET /users \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/users
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| type | query | string | false | User type which to filter, (e.g. local or external) |
Example Response Body
200 Response
{
"href": "string",
"username": "string",
"last_login_on": "string",
"last_login_ip_address": "string",
"login_count": 0,
"full_name": "string",
"time_zone": "string",
"locked": true,
"effective_groups": [
"string"
],
"local_profile": {},
"updated_at": "2020-08-19T21:34:26Z",
"created_at": "2020-08-19T21:34:26Z",
"type": "string",
"presence_status": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | users_get |
Get All Org Users' Information
Example Code
curl -X GET /users/{id}/orgs \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/users/{id}/orgs
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | path | integer | true* | User ID |
Example Response Body
200 Response
{
"href": "string",
"username": "string",
"last_login_on": "string",
"last_login_ip_address": "string",
"login_count": 0,
"full_name": "string",
"time_zone": "string",
"locked": true,
"effective_groups": [
"string"
],
"local_profile": {},
"updated_at": "2020-08-19T21:34:26Z",
"created_at": "2020-08-19T21:34:26Z",
"type": "string",
"presence_status": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | users_get |
Get a User's Information
Example Code
curl -X GET /users/{id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/users/{id}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | path | integer | true* | User ID |
Example Response Body
200 Response
{
"href": "string",
"username": "string",
"last_login_on": "string",
"last_login_ip_address": "string",
"login_count": 0,
"full_name": "string",
"time_zone": "string",
"locked": true,
"effective_groups": [
"string"
],
"local_profile": {},
"updated_at": "2020-08-19T21:34:26Z",
"created_at": "2020-08-19T21:34:26Z",
"type": "string",
"presence_status": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | users_get |
Convert External User to Local User
Example Code
curl -X POST /users \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/users
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"username": "user@example.com",
"full_name": "string",
"time_zone": "string",
"type": "local"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | users_post | false | none |
| » username | body | string(email) | true* | username is an email address e.g. user@example.com |
| » full_name | body | string | false | User's full name |
| » time_zone | body | string | false | Time Zone IANA Region Name |
| » type | body | string | true* | User's type, i.e. user authenticated local or remotely via SAML |
Enumerated Values
| Parameter | Value |
|---|---|
| » type | local |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Update User Information
Example Code
curl -X PUT /users/{id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/users/{id}
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"full_name": "string",
"time_zone": "string",
"locked": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | path | integer | true* | User ID |
| body | body | users_put | false | none |
| » full_name | body | string | false | User's full name |
| » time_zone | body | string | false | Time Zone IANA Region Name |
| » locked | body | boolean | false | Flag to indicate whether account is locked |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Login & Get Session Token
Example Code
curl -X GET /users/login \
-H 'Authorization: Token token=<auth_token>'
GET /api/v2/users/login
Exposure: Public Stable
Auditable: Yes
Example Response Body
200 Response
{
"href": "string",
"auth_username": "string",
"session_token": "string",
"inactivity_expiration_minutes": 0,
"last_login_on": "2020-08-19T21:34:26Z",
"last_login_ip_address": "string",
"full_name": "string",
"type": "string",
"time_zone": "string",
"product_version": {
"product_version": {
"version": "string",
"build": 0,
"release_info": "string",
"engineering_info": "string",
"long_display": "string",
"short_display": "string"
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | users_login_get |
Logout & Destroy Session Token
Example Code
curl -X PUT /users/{id}/logout \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/users/{id}/logout
Exposure: Public Stable
Auditable: Yes
Example Request Body
{}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | path | integer | true* | User ID |
| body | body | users_logout_put | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Users Local Profile
Create a Local User
Example Code
curl -X POST /users/{user_id}/local_profile \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/users/{user_id}/local_profile
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"locked": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| user_id | path | integer | true* | User ID |
| body | body | users_local_profile_post | false | none |
| » locked | body | boolean | false | Flag to indicate if account is locked |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Reinvite a User
Example Code
curl -X PUT /users/{user_id}/local_profile/reinvite \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/users/{user_id}/local_profile/reinvite
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| user_id | path | integer | true* | User ID |
| body | body | users_local_profile_reinvite_put | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Change a User Password
Example Code
curl -X PUT /users/{user_id}/local_profile/password \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/users/{user_id}/local_profile/password
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"current_password": "string",
"new_password": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| user_id | path | integer | true* | User ID |
| body | body | users_local_profile_password_put | false | none |
| » current_password | body | string | true* | current password |
| » new_password | body | string | true* | new password |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Convert Local User to External User
Example Code
curl -X DELETE /users/{user_id}/local_profile
\ -u $KEY:$TOKEN
DELETE /api/v2/users/{user_id}/local_profile
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| user_id | path | integer | true* | User ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Vens
Get the collection of all VENs
Example Code
curl -X GET /orgs/{org_id}/vens \
-H 'Authorization: Token token=<auth_token>'
GET /api/v2/orgs/{org_id}/vens
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| activation_type | query | string | false | The method in which the VEN was activated |
| active_pce_fqdn | query | string | false | FQDN of the PCE |
| container_clusters | query | string | false | Array of container cluster URIs, encoded as a JSON string |
| description | query | string | false | Description of VEN(s) to return. Supports partial matches. |
| hostname | query | string | false | Hostname of VEN(s) to return. Supports partial matches. |
| ip_address | query | string | false | IP address of VEN(s) to return. Supports partial matches |
| labels | query | string | false | 2D Array of label URIs, encoded as a JSON string |
| last_goodbye_at[gte] | query | string | false | Greater than or equal to value for last goodbye at timestamp |
| last_goodbye_at[lte] | query | string | false | Greater than or equal to value for last goodbye at timestamp |
| last_heartbeat_at[gte] | query | string | false | Greater than or equal to value for last heartbeat timestamp |
| last_heartbeat_at[lte] | query | string | false | Less than or equal to value for last heartbeat timestamp |
| max_results | query | integer | false | Maximum number of VENs to return. |
| name | query | string | false | Name of VEN(s) to return. Supports partial matches. |
| os_id | query | string | false | Operating System of workload(s) to return. Supports partial matches. |
| status | query | string | false | The current status of the VEN |
| version | query | string | false | The release version that the VEN is using. Supports partial matches. |
Enumerated Values
| Parameter | Value |
|---|---|
| activation_type | pairing_key |
| activation_type | kerberos |
| activation_type | certificate |
| status | active |
| status | suspended |
| status | uninstalled |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"description": "string",
"hostname": "string",
"uid": "string",
"os_id": "string",
"os_detail": "string",
"version": "string",
"status": "string",
"activation_type": "string",
"active_pce_fqdn": "string",
"target_pce_fqdn": "string",
"labels": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"interfaces": [
{
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
}
],
"workloads": [
{
"href": "string",
"name": "string",
"hostname": "string",
"os_id": "string",
"os_detail": "string",
"labels": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"public_ip": "string",
"interfaces": [
{
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
}
],
"security_policy_applied_at": "2020-08-19T21:34:26Z",
"security_policy_received_at": "2020-08-19T21:34:26Z",
"log_traffic": true,
"mode": "idle",
"visibility_level": "string",
"online": true
}
],
"container_cluster": {
"href": "string",
"name": "string"
},
"secure_connect": {
"matching_issuer_name": "string"
},
"last_heartbeat_at": null,
"last_goodbye_at": "2020-08-19T21:34:26Z",
"created_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_at": "2020-08-19T21:34:26Z",
"updated_by": {
"href": "string"
},
"conditions": [
{
"first_reported_timestamp": "2020-08-19T21:34:26Z",
"latest_event": {
"notification_type": "string",
"severity": "error",
"href": "string",
"info": {},
"timestamp": "2020-08-19T21:34:26Z"
}
}
],
"caps": [
"string"
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | vens_get |
Start unpairing of one or more VENs
Example Code
curl -X PUT /orgs/{org_id}/vens/unpair \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/vens/unpair
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"vens": [
{
"href": "string"
}
],
"firewall_restore": "default"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | vens_unpair_put | false | none |
| » vens | body | [object] | true* | VENs to unpair |
| » href | body | string | true* | URI of VEN to unpair |
| » firewall_restore | body | string | false | The strategy to use to restore the firewall state after the VEN is uninstalled. |
Enumerated Values
| Parameter | Value |
|---|---|
| » firewall_restore | saved |
| » firewall_restore | default |
| » firewall_restore | disable |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Get details on a VEN instance
Example Code
curl -X GET /orgs/{org_id}/vens/{ven_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/vens/{ven_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| ven_id | path | string | true* | VEN id |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"description": "string",
"hostname": "string",
"uid": "string",
"os_id": "string",
"os_detail": "string",
"version": "string",
"status": "string",
"activation_type": "string",
"active_pce_fqdn": "string",
"target_pce_fqdn": "string",
"labels": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"interfaces": [
{
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
}
],
"workloads": [
{
"href": "string",
"name": "string",
"hostname": "string",
"os_id": "string",
"os_detail": "string",
"labels": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"public_ip": "string",
"interfaces": [
{
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
}
],
"security_policy_applied_at": "2020-08-19T21:34:26Z",
"security_policy_received_at": "2020-08-19T21:34:26Z",
"log_traffic": true,
"mode": "idle",
"visibility_level": "string",
"online": true
}
],
"container_cluster": {
"href": "string",
"name": "string"
},
"secure_connect": {
"matching_issuer_name": "string"
},
"last_heartbeat_at": null,
"last_goodbye_at": "2020-08-19T21:34:26Z",
"created_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_at": "2020-08-19T21:34:26Z",
"updated_by": {
"href": "string"
},
"conditions": [
{
"first_reported_timestamp": "2020-08-19T21:34:26Z",
"latest_event": {
"notification_type": "string",
"severity": "error",
"href": "string",
"info": {},
"timestamp": "2020-08-19T21:34:26Z"
}
}
],
"caps": [
"string"
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | vens_get |
Set the target_pce_fqdn on a VEN
Example Code
curl -X PUT /orgs/{org_id}/vens/{ven_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/vens/{ven_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"target_pce_fqdn": "string",
"name": "string",
"description": "string",
"status": "active"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| ven_id | path | string | true* | VEN id |
| body | body | vens_put | false | none |
| » target_pce_fqdn | body | string | false | cluster FQDN for target PCE |
| » name | body | string | false | Friendly name of the VEN |
| » description | body | string | false | Description of the VEN |
| » status | body | string | false | VEN Status |
Enumerated Values
| Parameter | Value |
|---|---|
| » status | active |
| » status | suspended |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Virtual Services
Get Virtual Services
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/virtual_services \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| description | query | string | false | Description on which to filter. Supports partial matches |
| external_data_reference | query | string | false | A unique identifier within the external data source |
| external_data_set | query | string | false | The data source from which a resource originates |
| labels | query | string | false | List of lists of label URIs, encoded as a JSON string |
| max_results | query | integer | false | Maximum number of Virtual Services to return. |
| name | query | string | false | Name on which to filter. Supports partial matches |
| service | query | string | false | Service URI |
| service_address.fqdn | query | string | false | FQDN configured under service_address property, supports partial matches |
| service_address.ip | query | string | false | IP address configured under service_address property, supports partial matches |
| service_ports.port | query | string | false | Specify port or port range to filter results. The range is from -1 to 65535. |
| service_ports.proto | query | integer | false | Protocol to filter on |
| usage | query | boolean | false | Include Virtual Service usage flags |
Example Response Body
200 Response
{}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_virtual_services_get |
Get a Virtual Service
Example Code
curl -X GET /orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| virtual_service_id | path | string | true* | Virtual Service ID |
| usage | query | boolean | false | Include Virtual Service usage flags |
Example Response Body
200 Response
{}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | sec_policy_virtual_services_get |
Create a Virtual Service
Example Code
curl -X POST /orgs/{org_id}/sec_policy/{pversion}/virtual_services \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| body | body | sec_policy_virtual_services_post | false | none |
| » name | body | string | true* | Name |
| » description | body | string | false | Description |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
| » labels | body | [object] | false | Assigned labels |
| » href | body | string | true* | Label URI |
| » service_ports | body | [object] | false | Service ports |
| » port | body | integer | false | Port Number (integer 0-65535 or -1 for any port). Also the startng port when specifying a range. |
| » to_port | body | integer | false | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | body | workloads_get/properties/services/properties/open_service_ports/items/properties/protocol | true* | Transport protocol |
| » service | body | object | false | URI of associated service |
| » apply_to | body | string | false | Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network |
| » ip_overrides | body | [string] | false | Array of IPs or CIDRs as IP overrides |
| » service_addresses | body | [oneOf] | false | none |
| » anonymous | body | object | false | none |
| » ip | body | string | true* | IP address to assign to the virtual service |
| » network | body | object | false | none |
| » href | body | string | true* | Network URI for this IP address |
| » port | body | integer | false | Port associated with the IP address for the service (1-65535 integer) |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
| » fqdn | body | string | true* | FQDN to assign to the virtual service |
| » description | body | string | false | none |
| » port | body | integer | false | Port associated with the FQDN for the service |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
Enumerated Values
| Parameter | Value |
|---|---|
| » apply_to | host_only |
| » apply_to | internal_bridge_network |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Bulk Create Virtual Services
Example Code
curl -X PUT /orgs/{org_id}/sec_policy/{pversion}/virtual_services/bulk_create \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/bulk_create
Exposure: Public Experimental
Auditable: Yes
Example Request Body
[
{}
]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| body | body | sec_policy_virtual_services_bulk_create_put | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Update a Virtual Service
Example Code
curl -X PUT /orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"labels": [
{
"href": "string"
}
],
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0
}
],
"service": {},
"apply_to": "host_only",
"ip_overrides": [
"string"
],
"service_addresses": [
{}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| virtual_service_id | path | string | true* | Virtual Service ID |
| body | body | sec_policy_virtual_services_put | false | none |
| » name | body | string | false | Name |
| » description | body | string | false | Description |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
| » labels | body | [object] | false | Assigned labels |
| » href | body | string | true* | Label URI |
| » service_ports | body | [object] | false | Service ports |
| » port | body | integer | false | Port Number (integer 0-65535 or -1 for any port). Also the startng port when specifying a range. |
| » to_port | body | integer | false | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | body | workloads_get/properties/services/properties/open_service_ports/items/properties/protocol | true* | Transport protocol |
| » service | body | object | false | URI of associated service |
| » apply_to | body | string | false | Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network |
| » ip_overrides | body | [string] | false | Array of IPs or CIDRs as IP overrides |
| » service_addresses | body | [oneOf] | false | none |
| » anonymous | body | object | false | none |
| » ip | body | string | true* | IP address to assign to the virtual service |
| » network | body | object | false | none |
| » href | body | string | true* | Network URI for this IP address |
| » port | body | integer | false | Port associated with the IP address for the service (1-65535 integer) |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
| » fqdn | body | string | true* | FQDN to assign to the virtual service |
| » description | body | string | false | none |
| » port | body | integer | false | Port associated with the FQDN for the service |
Enumerated Values
| Parameter | Value |
|---|---|
| » apply_to | host_only |
| » apply_to | internal_bridge_network |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Bulk Update Virtual Servcies
Example Code
curl -X PUT /orgs/{org_id}/sec_policy/{pversion}/virtual_services/bulk_update \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/bulk_update
Exposure: Public Experimental
Auditable: Yes
Example Request Body
[
{
"href": "string",
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"labels": [
{
"href": "string"
}
],
"service": {},
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0
}
],
"apply_to": "host_only",
"ip_overrides": [
"string"
],
"service_addresses": [
{}
]
}
]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| body | body | sec_policy_virtual_services_bulk_update_put | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Virtual Service
Example Code
curl -X DELETE /orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/sec_policy/{pversion}/virtual_services/{virtual_service_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| pversion | path | string | true* | Security Policy Version |
| virtual_service_id | path | string | true* | Virtual Service ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Vulnerabilities
Get Vulnerabilities
Example Code
curl -X GET /orgs/{org_id}/vulnerabilities \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/vulnerabilities
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| max_results | query | integer | false | Maximum number of vulnerabilities to return. |
Example Response Body
200 Response
[
{
"href": "string",
"score": 0,
"cve_ids": [
"string"
],
"description": "string",
"name": "string",
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
}
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | vulnerabilities_get |
Get a Vulnerability
Example Code
curl -X GET /orgs/{org_id}/vulnerabilities/{reference_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/vulnerabilities/{reference_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| reference_id | path | string | true* | Vulnerability Reference ID |
Example Response Body
200 Response
[
{
"href": "string",
"score": 0,
"cve_ids": [
"string"
],
"description": "string",
"name": "string",
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
}
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | vulnerabilities_get |
Create or Modify a Vulnerability
Example Code
curl -X PUT /orgs/{org_id}/vulnerabilities/{reference_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/vulnerabilities/{reference_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"score": 0,
"cve_ids": [
"string"
],
"description": "string",
"name": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| reference_id | path | string | true* | Vulnerability Reference ID |
| body | body | vulnerabilities_put | false | none |
| » score | body | integer | true* | The normalized score of the vulnerability within the range of 0 to 100. CVSS Score can be used here with a 10x multiplier. |
| » cve_ids | body | [string] | false | The cve_ids for the vulnerability |
| » description | body | string | false | An arbitrary field to store some details of the vulnerability class |
| » name | body | string | true* | The title/name of the vulnerability |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Vulnerability
Example Code
curl -X DELETE /orgs/{org_id}/vulnerabilities/{reference_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/vulnerabilities/{reference_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| reference_id | path | string | true* | Vulnerability Reference ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Vulnerability Reports
Get Vulerability Reports
Example Code
curl -X GET /orgs/{org_id}/vulnerability_reports \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/vulnerability_reports
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| max_results | query | integer | false | Maximum number of vulnerability_reports to return. |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"report_type": "string",
"num_vulnerabilities": 0,
"authoritative": true,
"scanned_ips": [
"string"
],
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | vulnerability_reports_get |
Get a Vulerability Report
Example Code
curl -X GET /orgs/{org_id}/vulnerability_reports/{reference_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/vulnerability_reports/{reference_id}
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| reference_id | path | string | true* | Vulnerability Report Reference ID |
Example Response Body
200 Response
{
"href": "string",
"name": "string",
"report_type": "string",
"num_vulnerabilities": 0,
"authoritative": true,
"scanned_ips": [
"string"
],
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | vulnerability_reports_get |
Update a Vulerability Report
Example Code
curl -X PUT /orgs/{org_id}/vulnerability_reports/{reference_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/vulnerability_reports/{reference_id}
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"name": "string",
"report_type": "string",
"authoritative": true,
"scanned_ips": [
"string"
],
"detected_vulnerabilities": [
{
"ip_address": "string",
"port": 0,
"proto": 0,
"workload": {
"href": "string"
},
"vulnerability": {
"href": "string"
}
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| reference_id | path | string | true* | Vulnerability Report Reference ID |
| body | body | vulnerability_reports_put | false | none |
| » name | body | string | true* | User generated name of the vulnerability report |
| » report_type | body | string | true* | A string representing the type of the report |
| » authoritative | body | boolean | false | Boolean value specifies whether a report is authoritative (or) not |
| » scanned_ips | body | [string] | false | The ips on which the scan was performed |
| » detected_vulnerabilities | body | [object] | false | none |
| » ip_address | body | string | true* | The ip address of the host where the vulnerability is found |
| » port | body | integer | false | The port which is associated with the vulnerability |
| » proto | body | integer | false | The protocol which is associated with the vulnerability |
| » workload | body | object | true* | none |
| » href | body | string | true* | The URI of the workload to which this vulnerability belongs |
| » vulnerability | body | object | true* | none |
| » href | body | string | true* | The URI of the vulnerability class to which this vulnerability belongs |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Vulerability Report
Example Code
curl -X DELETE /orgs/{org_id}/vulnerability_reports/{reference_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/vulnerability_reports/{reference_id}
Exposure: Public Experimental
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| reference_id | path | string | true* | Vulnerability Report Reference ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Workload Interfaces
Get All Workload Interface Statuses
Example Code
curl -X GET /orgs/{org_id}/workloads/{workload_id}/interfaces \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| workload_id | path | string | true* | Workload UUID |
Example Response Body
200 Response
{
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | workloads_interfaces_get |
Get Workload Interface Status
Example Code
curl -X GET /orgs/{org_id}/workloads/{workload_id}/interfaces/{name} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces/{name}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| workload_id | path | string | true* | Workload UUID |
| name | path | string | true* | Interface Name |
Example Response Body
200 Response
{
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | workloads_interfaces_get |
Create a Workload Interface
Example Code
curl -X POST /orgs/{org_id}/workloads/{workload_id}/interfaces \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"name": "string",
"link_state": "up",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"friendly_name": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| workload_id | path | string | true* | Workload UUID |
| body | body | workloads_interfaces_post | false | none |
| » name | body | string | true* | Interface name |
| » link_state | body | string | true* | Link State |
| » address | body | any | false | none |
| » anonymous | body | number | false | none |
| » anonymous | body | number | false | none |
| » cidr_block | body | integer | false | The number of bits in the subnet /24 is 255.255.255.0 |
| » default_gateway_address | body | any | false | none |
| » friendly_name | body | string | false | User-friendly name for interface |
Enumerated Values
| Parameter | Value |
|---|---|
| » link_state | up |
| » link_state | down |
| » link_state | unknown |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Delete a Workload Interface
Example Code
curl -X DELETE /orgs/{org_id}/workloads/{workload_id}/interfaces/{name}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/workloads/{workload_id}/interfaces/{name}
Exposure: Public Stable
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| workload_id | path | string | true* | Workload UUID |
| name | path | string | true* | Interface Name |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Workload Settings
Get Workloads Settings
Example Code
curl -X GET /orgs/{org_id}/settings/workloads \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/settings/workloads
Exposure: Public Experimental
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
Example Response Body
200 Response
{
"workload_disconnected_timeout_seconds": [
{
"scope": [
{
"href": "string"
}
],
"value": -1
}
],
"workload_goodbye_timeout_seconds": [
{
"scope": [
{
"href": "string"
}
],
"value": -1
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | settings_workloads_get |
Update Workloads Settings
Example Code
curl -X PUT /orgs/{org_id}/settings/workloads \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/settings/workloads
Exposure: Public Experimental
Auditable: Yes
Example Request Body
{
"workload_disconnected_timeout_seconds": [
{
"scope": [
{
"href": "string"
}
],
"value": -1
}
],
"workload_goodbye_timeout_seconds": [
{
"scope": [
{
"href": "string"
}
],
"value": -1
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Org ID |
| body | body | settings_workloads_put | false | none |
| » workload_disconnected_timeout_seconds | body | [object] | false | none |
| » scope | body | [object] | true* | Assigned labels |
| » href | body | string | true* | Label URI |
| » value | body | integer | true* | Property value associated with the scope |
| » workload_goodbye_timeout_seconds | body | [object] | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Workloads
Get Workloads
Example Code
curl -X GET /orgs/{org_id}/workloads \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/workloads
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| agent.active_pce_fqdn | query | string | false | FQDN of the PCE |
| container_clusters | query | string | false | List of container cluster URIs, encoded as a JSON string |
| description | query | string | false | Description of workload(s) to return. Supports partial matches |
| external_data_reference | query | string | false | A unique identifier within the external data source |
| external_data_set | query | string | false | The data source from which a resource originates |
| hostname | query | string | false | Hostname of workload(s) to return. Supports partial matches |
| include_deleted | query | boolean | false | Include deleted workloads |
| ip_address | query | string | false | IP address of workload(s) to return. Supports partial matches |
| labels | query | string | false | List of lists of label URIs, encoded as a JSON string |
| last_heartbeat_on[gte] | query | integer | false | Greater than or equal to value for last heartbeat on timestamp |
| last_heartbeat_on[lte] | query | integer | false | Less than or equal to value for last heartbeat on timestamp |
| log_traffic | query | boolean | false | Whether we want to log traffic events from this workload |
| managed | query | boolean | false | Return managed or unmanaged workloads using this filter |
| max_results | query | integer | false | Maximum number of workloads to return. |
| mode | query | string | false | Management mode of workload(s) to return |
| name | query | string | false | Name of workload(s) to return. Supports partial matches |
| online | query | boolean | false | Return online/offline workloads using this filter |
| os_id | query | string | false | Operating System of workload(s) to return. Supports partial matches |
| policy_health | query | string | false | Policy of health of workload(s) to return. Valid values: active, warning, error, suspended |
| security_policy_sync_state | query | string | false | Advanced search option for workload based on policy sync state |
| security_policy_update_mode | query | string | false | Advanced search option for workload based on security policy update mode |
| soft_deleted | query | boolean | false | DEPRECATED WITH NO REPLACEMENT: Only soft-deleted workloads |
| ven | query | string | false | URI of VEN to filter by. |
| vulnerability_summary.vulnerability_exposure_score[gte] | query | integer | false | Greater than or equal to value for vulnerability_exposure_score |
| vulnerability_summary.vulnerability_exposure_score[lte] | query | integer | false | Less than or equal to value for vulnerability_exposure_score |
Enumerated Values
| Parameter | Value |
|---|---|
| security_policy_sync_state | staged |
| security_policy_update_mode | static |
| security_policy_update_mode | adaptive |
Example Response Body
200 Response
{
"href": "string",
"deleted": true,
"delete_type": "string",
"name": "string",
"description": "string",
"hostname": "string",
"service_principal_name": "string",
"agent_to_pce_certificate_authentication_id": null,
"distinguished_name": "string",
"public_ip": "string",
"external_data_set": null,
"external_data_reference": null,
"interfaces": {
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
},
"service_provider": "string",
"data_center": "string",
"data_center_zone": "string",
"os_id": "string",
"os_detail": "string",
"online": true,
"firewall_coexistence": null,
"containers_inherit_host_policy": true,
"blocked_connection_action": "drop",
"labels": [
{
"href": "string"
}
],
"services": {
"uptime_seconds": 0,
"created_at": "2020-08-19T21:34:26Z",
"open_service_ports": [
{
"protocol": 0,
"address": "string",
"port": 0,
"process_name": "string",
"user": "string",
"package": "string",
"win_service_name": "string"
}
]
},
"vulnerabilities_summary": {
"num_vulnerabilities": 0,
"vulnerable_port_exposure": null,
"vulnerable_port_wide_exposure": {
"any": null,
"ip_list": null
},
"vulnerability_exposure_score": null,
"vulnerability_score": 0,
"max_vulnerability_score": 0
},
"detected_vulnerabilities": [
{
"ip_address": "string",
"port": 0,
"proto": 0,
"port_exposure": null,
"port_wide_exposure": {
"any": null,
"ip_list": null
},
"workload": {
"href": "string"
},
"vulnerability": {
"href": "string",
"score": 0,
"name": "string"
},
"vulnerability_report": {
"href": "string"
}
}
],
"agent": {
"config": {
"mode": "idle",
"log_traffic": true,
"security_policy_update_mode": "string"
},
"href": "string",
"secure_connect": {
"matching_issuer_name": "string"
},
"status": {
"uid": "string",
"last_heartbeat_on": null,
"uptime_seconds": null,
"agent_version": "string",
"managed_since": "2020-08-19T21:34:26Z",
"fw_config_current": true,
"firewall_rule_count": 0,
"security_policy_refresh_at": "2020-08-19T21:34:26Z",
"security_policy_applied_at": "2020-08-19T21:34:26Z",
"security_policy_received_at": "2020-08-19T21:34:26Z",
"agent_health_errors": {
"errors": [
"string"
],
"warnings": [
"string"
]
},
"agent_health": [
{
"type": "string",
"severity": "string",
"audit_event": "string"
}
],
"security_policy_sync_state": "string"
},
"active_pce_fqdn": "string",
"target_pce_fqdn": "string",
"type": "string"
},
"ven": {
"href": "string",
"hostname": "string",
"name": "string",
"status": "string"
},
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"container_cluster": {
"href": "string",
"name": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | workloads_get |
Get a Workload
Example Code
curl -X GET /orgs/{org_id}/workloads/{workload_id} \
-u $KEY:$TOKEN -H 'Accept: application/json'
GET /api/v2/orgs/{org_id}/workloads/{workload_id}
Exposure: Public Stable
Auditable: No
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| workload_id | path | string | true* | Workload UUID |
Example Response Body
200 Response
{
"href": "string",
"deleted": true,
"delete_type": "string",
"name": "string",
"description": "string",
"hostname": "string",
"service_principal_name": "string",
"agent_to_pce_certificate_authentication_id": null,
"distinguished_name": "string",
"public_ip": "string",
"external_data_set": null,
"external_data_reference": null,
"interfaces": {
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
},
"service_provider": "string",
"data_center": "string",
"data_center_zone": "string",
"os_id": "string",
"os_detail": "string",
"online": true,
"firewall_coexistence": null,
"containers_inherit_host_policy": true,
"blocked_connection_action": "drop",
"labels": [
{
"href": "string"
}
],
"services": {
"uptime_seconds": 0,
"created_at": "2020-08-19T21:34:26Z",
"open_service_ports": [
{
"protocol": 0,
"address": "string",
"port": 0,
"process_name": "string",
"user": "string",
"package": "string",
"win_service_name": "string"
}
]
},
"vulnerabilities_summary": {
"num_vulnerabilities": 0,
"vulnerable_port_exposure": null,
"vulnerable_port_wide_exposure": {
"any": null,
"ip_list": null
},
"vulnerability_exposure_score": null,
"vulnerability_score": 0,
"max_vulnerability_score": 0
},
"detected_vulnerabilities": [
{
"ip_address": "string",
"port": 0,
"proto": 0,
"port_exposure": null,
"port_wide_exposure": {
"any": null,
"ip_list": null
},
"workload": {
"href": "string"
},
"vulnerability": {
"href": "string",
"score": 0,
"name": "string"
},
"vulnerability_report": {
"href": "string"
}
}
],
"agent": {
"config": {
"mode": "idle",
"log_traffic": true,
"security_policy_update_mode": "string"
},
"href": "string",
"secure_connect": {
"matching_issuer_name": "string"
},
"status": {
"uid": "string",
"last_heartbeat_on": null,
"uptime_seconds": null,
"agent_version": "string",
"managed_since": "2020-08-19T21:34:26Z",
"fw_config_current": true,
"firewall_rule_count": 0,
"security_policy_refresh_at": "2020-08-19T21:34:26Z",
"security_policy_applied_at": "2020-08-19T21:34:26Z",
"security_policy_received_at": "2020-08-19T21:34:26Z",
"agent_health_errors": {
"errors": [
"string"
],
"warnings": [
"string"
]
},
"agent_health": [
{
"type": "string",
"severity": "string",
"audit_event": "string"
}
],
"security_policy_sync_state": "string"
},
"active_pce_fqdn": "string",
"target_pce_fqdn": "string",
"type": "string"
},
"ven": {
"href": "string",
"hostname": "string",
"name": "string",
"status": "string"
},
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"container_cluster": {
"href": "string",
"name": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Success | workloads_get |
Create a Workload
Example Code
curl -X POST /orgs/{org_id}/workloads \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
POST /api/v2/orgs/{org_id}/workloads
Exposure: Public Stable
Auditable: Yes
Example Request Body
{}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | workloads_post | false | none |
| » name | body | string | false | The short friendly name of the workload |
| » description | body | string | false | The long description of the workload |
| » external_data_set | body | string,null | false | External data set identifier |
| » external_data_reference | body | string,null | false | External data reference identifier |
| » hostname | body | string | false | The hostname reported from the host itself |
| » service_principal_name | body | string,null | false | The Kerberos Service Principal Name (SPN) |
| » agent_to_pce_certificate_authentication_id | body | string,null | false | PKI Certificate identifier to be used by the PCE for authenticating the VEN |
| » distinguished_name | body | string | false | X.509 Subject distinguished name |
| » public_ip | body | string | false | The public IP address of the server |
| » interfaces | body | [object] | false | Workload network interfaces |
| » name | body | string | true* | Interface name |
| » link_state | body | string | false | Link State |
| » address | body | any | true* | none |
| » anonymous | body | number | false | none |
| » anonymous | body | number | false | none |
| » cidr_block | body | integer | false | The number of bits in the subnet /24 is 255.255.255.0 |
| » default_gateway_address | body | any | false | none |
| » friendly_name | body | string | false | User-friendly name for interface |
| » service_provider | body | string | false | Service provider |
| » data_center | body | string | false | Data center |
| » data_center_zone | body | string | false | Data center zone |
| » os_id | body | string | false | Our OS identifier |
| » os_detail | body | string | false | Additional OS details - just displayed to end user |
| » online | body | boolean | false | If this workload is online |
| » labels | body | [object] | false | Assigned labels |
| » href | body | string | true* | Label URI |
| » agent | body | object | false | Agent info |
| » config | body | workloads_post/properties/agent/properties/config | false | none |
| » mode | body | agents_get/properties/mode | false | Agent management mode |
| » log_traffic | body | boolean | false | True if we want to log traffic events from this workload |
| » anonymous | body | object | false | none |
| » anonymous | body | object | false | none |
Enumerated Values
| Parameter | Value |
|---|---|
| » link_state | up |
| » link_state | down |
| » link_state | unknown |
| » mode | idle |
| » mode | illuminated |
| » mode | enforced |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Success | None |
Bulk Create Workloads
Example Code
curl -X PUT /orgs/{org_id}/workloads/bulk_create \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/workloads/bulk_create
Exposure: Public Experimental
Auditable: Yes
Example Request Body
[
{}
]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | workloads_bulk_create_put | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Unpair a Workload
Example Code
curl -X PUT /orgs/{org_id}/workloads/unpair \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/workloads/unpair
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"workloads": [
{
"href": "string"
}
],
"ip_table_restore": "default"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | workloads_unpair_put | false | none |
| » workloads | body | [object] | true* | Workloads to update |
| » href | body | string | true* | URI of workload to update |
| » ip_table_restore | body | string | false | The desired state of IP tables after the agent is uninstalled. |
Enumerated Values
| Parameter | Value |
|---|---|
| » ip_table_restore | saved |
| » ip_table_restore | default |
| » ip_table_restore | disable |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Update a Workload
Example Code
curl -X PUT /orgs/{org_id}/workloads/{workload_id} \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/workloads/{workload_id}
Exposure: Public Stable
Auditable: Yes
Example Request Body
{
"href": "string",
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"service_principal_name": null,
"agent_to_pce_certificate_authentication_id": null,
"service_provider": "string",
"data_center": "string",
"data_center_zone": "string",
"labels": [
{
"href": "string"
}
],
"agent": {
"href": "string",
"config": {
"mode": "idle",
"log_traffic": true
},
"status": {
"status": "active"
}
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| workload_id | path | string | true* | Workload UUID |
| body | body | workloads_put | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Bulk Update Workloads
Example Code
curl -X PUT /orgs/{org_id}/workloads/bulk_update \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/workloads/bulk_update
Exposure: Public Experimental
Auditable: Yes
Example Request Body
[]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | workloads_bulk_update_put | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Delete a Workload
Example Code
curl -X DELETE /orgs/{org_id}/workloads/{workload_id}
\ -u $KEY:$TOKEN
DELETE /api/v2/orgs/{org_id}/workloads/{workload_id}
Exposure: Public Stable
Auditable: Yes
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| workload_id | path | string | true* | Workload UUID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Bulk Delete Workloads
Example Code
curl -X PUT /orgs/{org_id}/workloads/bulk_delete \
-u $KEY:$TOKEN -H 'Content-Type: application/json'
PUT /api/v2/orgs/{org_id}/workloads/bulk_delete
Exposure: Public Experimental
Auditable: Yes
Example Request Body
[
{
"href": "string"
}
]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| org_id | path | integer | true* | Organization |
| body | body | workloads_bulk_delete_put | false | none |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | Success | None |
Schemas
agents_get
{
"name": "string",
"description": "string",
"online": true,
"mode": "idle",
"uid": "string",
"last_heartbeat_on": null,
"uptime_seconds": null,
"hostname": "string",
"agent_version": "string",
"public_ip": "string",
"ip_tables_saved": null,
"os_id": "string",
"os_detail": "string",
"log_traffic": true,
"target_pce_fqdn": "string",
"active_pce_fqdn": "string",
"labels": [
{
"href": "string"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | The short friendly name of the agent |
| description | string | false | none | The long description of the agent |
| online | boolean | true* | none | If this agent is online |
| mode | string | true* | none | Agent management mode |
| uid | string | true* | none | The unique ID reported by the server |
| last_heartbeat_on | string,null(date-time) | true* | none | The last time (rfc3339 timestamp) a heartbeat was received from this agent |
| uptime_seconds | integer,null | true* | none | How long since the last reboot of this server. Recorded in DB at the time of the last heartbeat |
| hostname | string | true* | none | The hostname reported from the host itself |
| agent_version | string | false | none | Agent software version string |
| public_ip | string | true* | none | The public IP address of the server |
| ip_tables_saved | boolean,null | true* | none | The agent was able to save IP tables |
| os_id | string | false | none | Our OS identifier |
| os_detail | string | false | none | Additional OS details - just displayed to end user |
| log_traffic | boolean | true* | none | True if we want to log traffic events from this agent |
| target_pce_fqdn | string | false | none | The FQDN of the PCE the agent will use for future connections |
| active_pce_fqdn | string | false | none | The FQDN of the PCE that received the agent's last heartbeat |
| labels | [object] | false | none | Assigned labels |
| » href | string | true* | none | Label URI |
Enumerated Values
| Property | Value |
|---|---|
| mode | idle |
| mode | illuminated |
| mode | enforced |
agents_update_put
{
"target_pce_fqdn": "string"
}
target cluster for a VEN move
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| target_pce_fqdn | string | false | none | cluster FQDN for target PCE |
audit_log_events_get
{
"event_type": "server_added",
"severity": "info",
"timestamp": "2020-08-19T21:34:26Z",
"href": "http://example.com",
"created_by": null,
"data": {}
}
Properties
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | string(date-time) | true* | none | RFC 3339 timestamp |
| » href | string(uri) | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » interfaces | [object] | false | none | Set of interfaces |
| » address | string | true* | none | The IP address to assign to this interface |
| » link_state | string | true* | none | Link state |
| » name | string | true* | none | Interface name |
| » labels | [object] | false | none | Set of workload labels |
| » label_href | string(uri) | true* | none | HREF for label affected |
| » label_key | string | true* | none | Key of label affected |
| » label_value | string | true* | none | Value of label affected |
| » log_traffic | boolean | false | none | Whether we record traffic events for this agent or pairing profile |
| » mode | string | false | none | Mode of agent or pairing profile |
| » pairing_profile | string | false | none | Name of pairing profile |
| » pairing_profile_href | string(uri) | false | none | HREF of pairing profile |
| » service_principal_name | string | false | none | The Kerberos Service Principal Name (SPN) |
| » visibility_level | string | false | none | Visibility level of agent or pairing profile |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » interfaces | audit_log_events_get/oneOf/0/properties/data/properties/interfaces | false | none | Set of interfaces |
| » labels | audit_log_events_get/oneOf/0/properties/data/properties/labels | false | none | Set of workload labels |
| » log_traffic | audit_log_events_get/oneOf/0/properties/data/properties/log_traffic | false | none | Whether we record traffic events for this agent or pairing profile |
| » mode | audit_log_events_get/oneOf/0/properties/data/properties/mode | false | none | Mode of agent or pairing profile |
| » pairing_profile | audit_log_events_get/oneOf/0/properties/data/properties/pairing_profile | false | none | Name of pairing profile |
| » pairing_profile_href | audit_log_events_get/oneOf/0/properties/data/properties/pairing_profile_href | false | none | HREF of pairing profile |
| » service_principal_name | audit_log_events_get/oneOf/0/properties/data/properties/service_principal_name | false | none | The Kerberos Service Principal Name (SPN) |
| » visibility_level | audit_log_events_get/oneOf/0/properties/data/properties/visibility_level | false | none | Visibility level of agent or pairing profile |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » server | string | true* | none | Name of server |
| » workload_href | string(uri) | true* | none | HREF for workload affected |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » agent_href | string(uri) | false | none | HREF for agent affected |
| » server | audit_log_events_get/oneOf/2/properties/data/properties/server | false | none | Name of server |
| » workload_href | audit_log_events_get/oneOf/2/properties/data/properties/workload_href | false | none | HREF for workload affected |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » agent_href | audit_log_events_get/oneOf/3/properties/data/properties/agent_href | false | none | HREF for agent affected |
| » labels | audit_log_events_get/oneOf/0/properties/data/properties/labels | true* | none | Set of workload labels |
| » workload_href | audit_log_events_get/oneOf/2/properties/data/properties/workload_href | true* | none | HREF for workload affected |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Details of workload interfaces reported by ven and set by PCE user |
| » workload_interfaces | audit_log_events_get/oneOf/0/properties/data/properties/interfaces | false | none | Set of interfaces |
| » agent_reported_interfaces | audit_log_events_get/oneOf/0/properties/data/properties/interfaces | false | none | Set of interfaces |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » clone_of | string | true* | none | Name of agent this agent was cloned from |
| » clone_of_agent_href | string(uri) | true* | none | HREF of agent this agent was cloned from |
| » labels | audit_log_events_get/oneOf/0/properties/data/properties/labels | true* | none | Set of workload labels |
| » log_traffic | audit_log_events_get/oneOf/0/properties/data/properties/log_traffic | true* | none | Whether we record traffic events for this agent or pairing profile |
| » mode | audit_log_events_get/oneOf/0/properties/data/properties/mode | true* | none | Mode of agent or pairing profile |
| » visibility_level | audit_log_events_get/oneOf/0/properties/data/properties/visibility_level | true* | none | Visibility level of agent or pairing profile |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » pairing_profile | audit_log_events_get/oneOf/0/properties/data/properties/pairing_profile | false | none | Name of pairing profile |
| » pairing_profile_id | integer | false | none | ID of pairing profile |
| » reason | string | false | none | Reason the attempted action failed |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » policy_generation_id | integer | true* | none | ID of security policy generated |
| » provision_note | string | false | none | policy provision note (also known as policy commit msg) |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » pairing_profile | audit_log_events_get/oneOf/0/properties/data/properties/pairing_profile | true* | none | Name of pairing profile |
| » pairing_profile_href | audit_log_events_get/oneOf/0/properties/data/properties/pairing_profile_href | true* | none | HREF of pairing profile |
| » src_ip | string | false | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » pairing_profile | audit_log_events_get/oneOf/0/properties/data/properties/pairing_profile | true* | none | Name of pairing profile |
| » pairing_profile_id | audit_log_events_get/oneOf/14/properties/data/properties/pairing_profile_id | true* | none | ID of pairing profile |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | false | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » pairing_profile | audit_log_events_get/oneOf/0/properties/data/properties/pairing_profile | true* | none | Name of pairing profile |
| » pairing_profile_href | audit_log_events_get/oneOf/0/properties/data/properties/pairing_profile_href | true* | none | HREF of pairing profile |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | false | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » pairing_profile | audit_log_events_get/oneOf/0/properties/data/properties/pairing_profile | true* | none | Name of pairing profile |
| » pairing_profile_id | audit_log_events_get/oneOf/14/properties/data/properties/pairing_profile_id | true* | none | ID of pairing profile |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | false | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason | audit_log_events_get/oneOf/14/properties/data/properties/reason | true* | none | Reason the attempted action failed |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
| » user_email | string(email) | false | none | Email for the user |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
| » user_email | audit_log_events_get/oneOf/24/properties/data/properties/user_email | true* | none | Email for the user |
| » user_href | string(uri) | true* | none | HREF for the user |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » href | string(uri) | true* | none | HREF for the permission |
| » role | object | true* | none | Details of the role for the permission |
| » href | string(uri) | false | none | HREF for the role |
| » scope | [object] | true* | none | Details of the scope for the permission |
| » href | string(uri) | false | none | HREF for the label in this scope |
| » auth_security_principal | object | true* | none | Details of the auth_security_principal for the permission |
| » href | string(uri) | false | none | HREF for the auth_security_principal |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » href | audit_log_events_get/oneOf/26/properties/data/properties/href | true* | none | HREF for the permission |
| » role | audit_log_events_get/oneOf/26/properties/data/properties/role | true* | none | Details of the role for the permission |
| » scope | audit_log_events_get/oneOf/26/properties/data/properties/scope | true* | none | Details of the scope for the permission |
| » auth_security_principal | audit_log_events_get/oneOf/26/properties/data/properties/auth_security_principal | true* | none | Details of the auth_security_principal for the permission |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » href | audit_log_events_get/oneOf/26/properties/data/properties/href | true* | none | HREF for the permission |
| » role | audit_log_events_get/oneOf/26/properties/data/properties/role | true* | none | Details of the role for the permission |
| » scope | audit_log_events_get/oneOf/26/properties/data/properties/scope | true* | none | Details of the scope for the permission |
| » auth_security_principal | audit_log_events_get/oneOf/26/properties/data/properties/auth_security_principal | true* | none | Details of the auth_security_principal for the permission |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| string | true* | none | Email of affected user | |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | false | none | Source IP that generated the event |
| » user_href | audit_log_events_get/oneOf/25/properties/data/properties/user_href | true* | none | HREF for the user |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| audit_log_events_get/oneOf/29/properties/data/properties/email | true* | none | Email of affected user | |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | false | none | Source IP that generated the event |
| » user_href | audit_log_events_get/oneOf/25/properties/data/properties/user_href | true* | none | HREF for the user |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
| » uri_path | string(uri) | true* | none | URI of path user was attempting to access |
| » username | string | true* | none | Username attempting to authenticate |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
| » uri_path | audit_log_events_get/oneOf/31/properties/data/properties/uri_path | true* | none | URI of path user was attempting to access |
| » username | audit_log_events_get/oneOf/31/properties/data/properties/username | true* | none | Username attempting to authenticate |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
| » uri_path | audit_log_events_get/oneOf/31/properties/data/properties/uri_path | true* | none | URI of path user was attempting to access |
| » uri_origin | string(uri) | false | none | The origin of the URI |
| » username | audit_log_events_get/oneOf/31/properties/data/properties/username | true* | none | Username attempting to authenticate |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » local_ip | string | true* | none | Local IP for SecureConnect |
| » prev_state | string | true* | none | Previous state for SecureConnect |
| » remote_ip | string | true* | none | Remote IP for SecureConnect |
| » role | string | true* | none | SecureConnect role (initiator or sender) |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » local_ip | audit_log_events_get/oneOf/36/properties/data/properties/local_ip | true* | none | Local IP for SecureConnect |
| » prev_state | audit_log_events_get/oneOf/36/properties/data/properties/prev_state | true* | none | Previous state for SecureConnect |
| » remote_ip | audit_log_events_get/oneOf/36/properties/data/properties/remote_ip | true* | none | Remote IP for SecureConnect |
| » role | audit_log_events_get/oneOf/36/properties/data/properties/role | true* | none | SecureConnect role (initiator or sender) |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » error_id | integer | false | none | ID of error associated with event |
| » local_ip | audit_log_events_get/oneOf/36/properties/data/properties/local_ip | true* | none | Local IP for SecureConnect |
| » prev_state | audit_log_events_get/oneOf/36/properties/data/properties/prev_state | true* | none | Previous state for SecureConnect |
| » remote_ip | audit_log_events_get/oneOf/36/properties/data/properties/remote_ip | true* | none | Remote IP for SecureConnect |
| » role | audit_log_events_get/oneOf/36/properties/data/properties/role | true* | none | SecureConnect role (initiator or sender) |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
| » user_email | audit_log_events_get/oneOf/24/properties/data/properties/user_email | true* | none | Email for the user |
| » user_href | audit_log_events_get/oneOf/25/properties/data/properties/user_href | true* | none | HREF for the user |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » hard_limit | integer | true* | none | Hard limit |
| » limit_type | string | true* | none | Type of limit |
| » num_found | integer | true* | none | Number found |
| » object_href | string(uri) | true* | none | URI of object that reached limit |
| » object_name | string | true* | none | Name of the object that reached limit |
| » soft_limit | integer | true* | none | Soft limit |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » hard_limit | audit_log_events_get/oneOf/41/properties/data/properties/hard_limit | true* | none | Hard limit |
| » limit_type | audit_log_events_get/oneOf/41/properties/data/properties/limit_type | true* | none | Type of limit |
| » num_found | audit_log_events_get/oneOf/41/properties/data/properties/num_found | true* | none | Number found |
| » object_href | audit_log_events_get/oneOf/41/properties/data/properties/object_href | true* | none | URI of object that reached limit |
| » object_name | audit_log_events_get/oneOf/41/properties/data/properties/object_name | true* | none | Name of the object that reached limit |
| » soft_limit | audit_log_events_get/oneOf/41/properties/data/properties/soft_limit | true* | none | Soft limit |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » agent_uuid | string | true* | none | UUID |
| » hostname | string | true* | none | The hostname reported from the host itself |
| » ips | [string] | true* | none | IP addresses of lost agent |
| » remote_ip | audit_log_events_get/oneOf/36/properties/data/properties/remote_ip | true* | none | Remote IP for SecureConnect |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » agent_href | audit_log_events_get/oneOf/3/properties/data/properties/agent_href | false | none | HREF for agent affected |
| » label_href | audit_log_events_get/definitions/data/definitions/labels/items/properties/label_href | true* | none | HREF for label affected |
| » label_key | audit_log_events_get/definitions/data/definitions/labels/items/properties/label_key | true* | none | Key of label affected |
| » label_value | audit_log_events_get/definitions/data/definitions/labels/items/properties/label_value | true* | none | Value of label affected |
| » server | audit_log_events_get/oneOf/2/properties/data/properties/server | true* | none | Name of server |
| » workload_href | audit_log_events_get/oneOf/2/properties/data/properties/workload_href | false | none | HREF for workload affected |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » agent_href | audit_log_events_get/oneOf/3/properties/data/properties/agent_href | false | none | HREF for agent affected |
| » label_href | audit_log_events_get/definitions/data/definitions/labels/items/properties/label_href | true* | none | HREF for label affected |
| » label_key | audit_log_events_get/definitions/data/definitions/labels/items/properties/label_key | true* | none | Key of label affected |
| » label_value | audit_log_events_get/definitions/data/definitions/labels/items/properties/label_value | true* | none | Value of label affected |
| » server | audit_log_events_get/oneOf/2/properties/data/properties/server | true* | none | Name of server |
| » workload_href | audit_log_events_get/oneOf/2/properties/data/properties/workload_href | false | none | HREF for workload affected |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » agent_href | audit_log_events_get/oneOf/3/properties/data/properties/agent_href | true* | none | HREF for agent affected |
| » log_traffic | audit_log_events_get/oneOf/0/properties/data/properties/log_traffic | true* | none | Whether we record traffic events for this agent or pairing profile |
| » mode | audit_log_events_get/oneOf/0/properties/data/properties/mode | true* | none | Mode of agent or pairing profile |
| » server | audit_log_events_get/oneOf/2/properties/data/properties/server | true* | none | Name of server |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | false | none | Source IP that generated the event |
| » visibility_level | audit_log_events_get/oneOf/0/properties/data/properties/visibility_level | true* | none | Visibility level of agent or pairing profile |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » server | audit_log_events_get/oneOf/2/properties/data/properties/server | true* | none | Name of server |
| » workload_href | string(uri) | true* | none | HREF for workload affected |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » server | audit_log_events_get/oneOf/2/properties/data/properties/server | true* | none | Name of server |
| » workload_href | string(uri) | true* | none | HREF for workload affected |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » data | object | true* | none | Additional data associated with event |
| » server | audit_log_events_get/oneOf/2/properties/data/properties/server | true* | none | Name of server |
| » workload_href | string(uri) | true* | none | HREF for workload affected |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » required_processes_not_running | [string] | true* | none | List of VEN processes not running |
| » agent_href | string(uri) | true* | none | HREF for agent affected |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » agent_href | string(uri) | true* | none | HREF for agent affected |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » description | string | false | none | Extra information |
| » service_name | string | true* | none | Name of service |
| » service_status | string | true* | none | Type of service outage |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » failed_proc | string | true* | none | Name of process that had the failure |
| » reason_code | integer | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | string | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | integer | true* | none | Process ID of process reporting event |
| » reporter_proc | string | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » failed_proc | audit_log_events_get/oneOf/53/properties/data/properties/failed_proc | true* | none | Name of process that had the failure |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » failed_proc | audit_log_events_get/oneOf/53/properties/data/properties/failed_proc | true* | none | Name of process that had the failure |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » failed_proc | audit_log_events_get/oneOf/53/properties/data/properties/failed_proc | true* | none | Name of process that had the failure |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » failed_proc | audit_log_events_get/oneOf/53/properties/data/properties/failed_proc | true* | none | Name of process that had the failure |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » api_version | string | true* | none | API version supported by the VEN |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
| » started_proc | string | true* | none | Name of process that just started |
| » sw_version | string | true* | none | Software version of the VEN |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
| » stopped_proc | string | true* | none | Name of process that just stopped |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » pce_version | string | true* | none | Software version of the PCE |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » pce_max_version | string | true* | none | Maximum API version supported by the PCE |
| » pce_min_version | string | true* | none | Minimum API version supported by the PCE |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » ike_auth_mode | string | true* | none | Authentication mode being used for SecureConnect IKE |
| » ipv6_fw_mode | string | true* | none | The mode of the VEN ipv6 firewall |
| » mode | audit_log_events_get/oneOf/0/properties/data/properties/mode | false | none | Mode of agent or pairing profile |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
| » rule_count | integer | false | none | Count of firewall rules in use on the VEN |
| » visibility_level | audit_log_events_get/oneOf/0/properties/data/properties/visibility_level | true* | none | Visibility level of agent or pairing profile |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » ipsec_conn_state | string | true* | none | New state of an IPsec connection |
| » ipsec_peer | string | true* | none | IP address in dotted quad format of the remote end of an IPsec connection |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » reason_code | audit_log_events_get/oneOf/53/properties/data/properties/reason_code | true* | none | Identifying code that gives a particular reason for the event |
| » reason_str | audit_log_events_get/oneOf/53/properties/data/properties/reason_str | true* | none | Descriptive string that gives detail to the event |
| » reporter_pid | audit_log_events_get/oneOf/53/properties/data/properties/reporter_pid | true* | none | Process ID of process reporting event |
| » reporter_proc | audit_log_events_get/oneOf/53/properties/data/properties/reporter_proc | true* | none | Name of process reporting event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » alert_str | string | true* | none | Descriptive string describing VEN devalert |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » key_id | integer | true* | none | Key ID of the API Key |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | false | none | none |
| » severity | string | false | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | false | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | false | none | HREF for this event |
| » created_by | any | false | none | none |
| » data | object | false | none | Additional data associated with event |
| » key_id | audit_log_events_get/oneOf/87/properties/data/properties/key_id | true* | none | Key ID of the API Key |
| » src_ip | audit_log_events_get/oneOf/18/properties/data/properties/src_ip | true* | none | Source IP that generated the event |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » signature_algorithm | string | true* | none | Certificate signature algorithm |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » service_principal_name | audit_log_events_get/oneOf/0/properties/data/properties/service_principal_name | true* | none | The Kerberos Service Principal Name (SPN) |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » event_type | string | true* | none | none |
| » severity | string | true* | none | none |
| » timestamp | audit_log_events_get/oneOf/0/properties/timestamp | true* | none | RFC 3339 timestamp |
| » href | audit_log_events_get/oneOf/0/properties/href | true* | none | HREF for this event |
| » created_by | any | true* | none | none |
| » data | object | true* | none | Additional data associated with event |
| » service_principal_name | audit_log_events_get/oneOf/0/properties/data/properties/service_principal_name | false | none | The Kerberos Service Principal Name (SPN) |
| » distinguished_name | string | false | none | The X.509 Distinguished Name (DN) |
Enumerated Values
| Property | Value |
|---|---|
| event_type | server_added |
| severity | info |
| link_state | down |
| link_state | unknown |
| link_state | up |
| label_key | app |
| label_key | env |
| label_key | loc |
| label_key | role |
| mode | enforced |
| mode | illuminated |
| visibility_level | flow_drops |
| visibility_level | flow_full_detail |
| visibility_level | flow_off |
| visibility_level | flow_summary |
| event_type | workload_created |
| severity | info |
| event_type | server_delete_initiated |
| severity | info |
| event_type | server_deleted |
| severity | info |
| event_type | workload_deleted |
| event_type | workload_undeleted |
| severity | info |
| event_type | workload_update_mismatched_interfaces |
| severity | warning |
| event_type | server_cloned |
| severity | info |
| event_type | server_clone_detected |
| severity | warning |
| event_type | server_offline |
| severity | info |
| event_type | server_unreachable |
| severity | info |
| event_type | server_online |
| severity | info |
| event_type | server_ip_change |
| severity | info |
| event_type | server_oob_policy_changes |
| severity | error |
| event_type | server_oob_policy_changes_revert_failed |
| severity | error |
| event_type | server_pairing_failed |
| severity | error |
| event_type | policy_provisioned |
| severity | info |
| event_type | policy_deploy_succeeded |
| severity | info |
| event_type | policy_deploy_failed |
| severity | crit |
| event_type | pairing_profile_created |
| severity | info |
| event_type | pairing_profile_deleted |
| severity | info |
| event_type | pairing_profile_modified |
| severity | info |
| event_type | pairing_key_created |
| severity | info |
| event_type | user_login |
| severity | info |
| event_type | user_logout |
| severity | info |
| event_type | user_login_failed |
| severity | info |
| event_type | user_admin_locked |
| severity | info |
| event_type | user_permission_added |
| severity | info |
| event_type | user_permission_removed |
| severity | info |
| event_type | user_permission_changed |
| severity | info |
| event_type | org_access_granted |
| severity | info |
| event_type | org_access_revoked |
| severity | info |
| event_type | authn_failure |
| severity | warning |
| event_type | authz_failure |
| severity | warning |
| event_type | authz_csrf_validation_failure |
| severity | alert |
| event_type | user_pw_reset_request |
| severity | info |
| event_type | user_pw_reset_complete |
| severity | info |
| event_type | secure_connect_sa_up |
| severity | info |
| event_type | secure_connect_sa_down |
| severity | info |
| event_type | secure_connect_error |
| severity | warning |
| event_type | user_unlocked |
| severity | info |
| event_type | user_login_failure_count_exceeded |
| severity | crit |
| event_type | soft_limit_exceeded |
| severity | warning |
| event_type | hard_limit_exceeded |
| severity | crit |
| event_type | unpaired_server_detected |
| severity | crit |
| event_type | server_label_added |
| severity | info |
| event_type | server_label_removed |
| severity | info |
| event_type | server_state_change |
| severity | info |
| event_type | server_suspended |
| severity | warning |
| event_type | server_unsuspended |
| severity | warning |
| event_type | server_already_unsuspended |
| severity | warning |
| event_type | agent_processes_down |
| severity | error |
| event_type | agent_processes_up |
| severity | info |
| event_type | service_not_available |
| severity | crit |
| service_name | firewall |
| service_name | secure_connect |
| service_status | disabled |
| service_status | not installed |
| service_status | stopped |
| event_type | proc_envsetup_failure |
| severity | crit |
| failed_proc | AgentLogManager |
| failed_proc | AgentManager |
| failed_proc | AgentMonitor |
| failed_proc | AgentSend |
| failed_proc | EventSync |
| failed_proc | PlatformHandler |
| failed_proc | VtapServer |
| reporter_proc | AgentLogManager |
| reporter_proc | AgentManager |
| reporter_proc | AgentMonitor |
| reporter_proc | AgentSend |
| reporter_proc | EventSync |
| reporter_proc | PlatformHandler |
| reporter_proc | VtapServer |
| event_type | proc_init_failure |
| severity | crit |
| event_type | proc_config_failure |
| severity | crit |
| event_type | proc_restart_failure |
| severity | crit |
| event_type | proc_malloc_failure |
| severity | crit |
| event_type | proc_started |
| severity | info |
| started_proc | AgentLogManager |
| started_proc | AgentManager |
| started_proc | AgentMonitor |
| started_proc | AgentSend |
| started_proc | EventSync |
| started_proc | PlatformHandler |
| started_proc | VtapServer |
| event_type | proc_stopped |
| severity | info |
| stopped_proc | AgentLogManager |
| stopped_proc | AgentManager |
| stopped_proc | AgentMonitor |
| stopped_proc | AgentSend |
| stopped_proc | EventSync |
| stopped_proc | PlatformHandler |
| stopped_proc | VtapServer |
| event_type | pce_incompat_version |
| severity | crit |
| event_type | pce_incompat_api_version |
| severity | crit |
| event_type | pce_unreachable |
| severity | crit |
| event_type | pce_reachable |
| severity | notice |
| event_type | activation_failure |
| severity | crit |
| event_type | activation_success |
| severity | notice |
| event_type | deactivation_failure |
| severity | error |
| event_type | deactivation_success |
| severity | notice |
| event_type | refresh_token_failure |
| severity | error |
| event_type | refresh_token_success |
| severity | notice |
| event_type | lost_agent |
| severity | crit |
| event_type | invoke_powershell_failure |
| severity | crit |
| event_type | missing_os_updates |
| severity | crit |
| event_type | fw_config_change |
| severity | notice |
| ike_auth_mode | psk |
| ike_auth_mode | pubkey |
| ipv6_fw_mode | closed |
| ipv6_fw_mode | open |
| event_type | fw_config_failure |
| severity | crit |
| event_type | fw_tampering_subsystem_failure |
| severity | crit |
| event_type | fw_tampering_reverted |
| severity | notice |
| event_type | fw_tampering_revert_failure |
| severity | crit |
| event_type | ipsec_conn_state_change |
| severity | notice |
| ipsec_conn_state | down |
| ipsec_conn_state | up |
| event_type | ipsec_conn_state_failure |
| severity | crit |
| event_type | ipsec_subsystem_started |
| severity | info |
| event_type | ipsec_subsystem_stopped |
| severity | info |
| event_type | ipsec_subsystem_failure |
| severity | crit |
| event_type | ipsec_monitoring_started |
| severity | info |
| event_type | ipsec_monitoring_stopped |
| severity | info |
| event_type | ipsec_monitoring_failure |
| severity | crit |
| event_type | dev_alert |
| severity | debug |
| event_type | api_key_created |
| severity | info |
| event_type | api_key_deleted |
| severity | info |
| event_type | saml_cert_sig_algo_unknown |
| severity | warning |
| event_type | kerberos_credential_reused |
| severity | crit |
| event_type | agent_activation_conflict |
| severity | crit |
authentication_settings_get
{
"authentication_type": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| authentication_type | string | true* | none | Authentication types |
authentication_settings_password_policy_get
{
"require_type_number": true,
"require_type_lowercase": true,
"require_type_uppercase": true,
"require_type_symbol": true,
"min_characters_per_type": 0,
"min_length": 0,
"min_changed_characters": 0,
"history_count": 0,
"expire_time_days": 0,
"session_timeout_minutes": 0,
"updated_at": "2020-08-19T21:34:26Z",
"updated_by": {
"username": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| require_type_number | boolean | true* | none | Flag to indicate whether password must contain numerical digit |
| require_type_lowercase | boolean | true* | none | Flag to indicate whether password must contain lowercase letter |
| require_type_uppercase | boolean | true* | none | Flag to indicate whether password must contain uppercase letter |
| require_type_symbol | boolean | true* | none | Flag to indicate whether password must contain symbol (i.e. !@#$%^&*<>?) |
| min_characters_per_type | integer | true* | none | Minimum number of characters for each character type |
| min_length | integer | true* | none | Minimum length of password |
| min_changed_characters | integer | true* | none | Minimum number of changed characters for new passwords |
| history_count | integer | true* | none | Number of old passwords to remember |
| expire_time_days | integer | true* | none | Number of days password expires; a value of 0 means it never expires |
| session_timeout_minutes | integer | true* | none | Number of minutes to timeout the user session without activity |
| updated_at | string(date-time) | true* | none | Timestamp when password policy was last updated |
| updated_by | object | true* | none | none |
| » username | string | false | none | The username which last updated this password policy |
authentication_settings_password_policy_put
{
"require_type_number": true,
"require_type_lowercase": true,
"require_type_uppercase": true,
"require_type_symbol": true,
"min_characters_per_type": 0,
"min_length": 0,
"min_changed_characters": 0,
"history_count": 0,
"expire_time_days": 0,
"session_timeout_minutes": 0
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| require_type_number | boolean | false | none | Flag to indicate whether password must contain numerical digit |
| require_type_lowercase | boolean | false | none | Flag to indicate whether password must contain lowercase letter |
| require_type_uppercase | boolean | false | none | Flag to indicate whether password must contain uppercase letter |
| require_type_symbol | boolean | false | none | Flag to indicate whether password must contain symbol (i.e. !@#$%^&*<>?) |
| min_characters_per_type | integer | false | none | Minimum number of characters for each character type |
| min_length | integer | false | none | Minimum length of password |
| min_changed_characters | integer | false | none | Minimum number of changed characters for new passwords |
| history_count | integer | false | none | Number of old passwords to remember |
| expire_time_days | integer | false | none | Number of days password expires; a value of 0 means it never expires |
| session_timeout_minutes | integer | false | none | Number of minutes to timeout the user session without activity |
authentication_settings_put
{
"authentication_type": "Local"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| authentication_type | string | true* | none | Authentication types |
Enumerated Values
| Property | Value |
|---|---|
| authentication_type | Local |
| authentication_type | RADIUS |
| authentication_type | SAML |
| authentication_type | LDAP |
container_clusters_container_workload_profiles_get
{
"href": "string",
"name": null,
"namespace": null,
"description": "string",
"assign_labels": [
{
"href": "string"
}
],
"mode": "string",
"log_traffic": true,
"linked": true,
"created_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"updated_at": "2020-08-19T21:34:26Z"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of the container workload profile |
| name | string,null | false | none | A friendly name given to a profile if the namespace is not user friendly |
| namespace | string,null | false | none | Namespace name |
| description | string | false | none | Description of the profile |
| assign_labels | [object] | false | none | Assigned labels |
| » href | string | true* | none | Label URI |
| mode | string | false | none | none |
| log_traffic | boolean | false | none | True if we want to log traffic events from this workload |
| linked | boolean | false | none | True if the namespace exists in the cluster and is reported by kubelink |
| created_at | string(date-time) | false | none | Time stamp when this profile was created |
| created_by | object | false | none | none |
| » href | string | true* | none | User who originally created this profile |
| updated_by | object | false | none | none |
| » href | string | true* | none | User who last updated this profile |
| updated_at | string(date-time) | false | none | Time stamp when this profile was updated |
container_clusters_container_workload_profiles_post
{
"name": null,
"description": "string",
"assign_labels": [
{
"href": "string"
}
],
"mode": "unmanaged",
"log_traffic": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string,null | true* | none | A friendly name given to a profile if the namespace is not user friendly |
| description | string | false | none | Description of the profile |
| assign_labels | container_clusters_container_workload_profiles_get/properties/assign_labels | false | none | Assigned labels |
| mode | string | false | none | none |
| log_traffic | boolean | false | none | True if we want to log traffic events from this workload |
Enumerated Values
| Property | Value |
|---|---|
| mode | unmanaged |
| mode | illuminated |
| mode | enforced |
container_clusters_container_workload_profiles_put
{
"name": null,
"description": null,
"assign_labels": [
{
"href": "string"
}
],
"mode": "unmanaged",
"log_traffic": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string,null | false | none | A friendly name given to a profile if the namespace is not user friendly |
| description | string,null | false | none | Description of the profile |
| assign_labels | container_clusters_container_workload_profiles_get/properties/assign_labels | false | none | Assigned labels |
| mode | string | false | none | none |
| log_traffic | boolean | false | none | True if we want to log traffic events from this workload |
Enumerated Values
| Property | Value |
|---|---|
| mode | unmanaged |
| mode | illuminated |
| mode | enforced |
container_clusters_get
{
"href": "string",
"name": "string",
"description": "string",
"nodes": [
{
"pod_subnet": "string"
}
],
"manager_type": "string",
"network_type": "string",
"last_connected": "2020-08-19T21:34:26Z",
"online": true,
"errors": [
{
"audit_event": {
"href": "string"
},
"duplicate_ids": [],
"error_type": "string"
}
],
"kubelink_version": "string",
"pce_fqdn": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of container cluster |
| name | string | false | none | User assigned name of the cluster |
| description | string | false | none | User assigned description of the cluster |
| nodes | [object] | false | none | none |
| » pod_subnet | string | false | none | Pod Subnet |
| manager_type | string | false | none | Manager for this cluster (and version) |
| network_type | string | false | none | none |
| last_connected | string(date-time) | false | none | none |
| online | boolean | false | none | none |
| errors | [object] | false | none | none |
| » audit_event | object | false | none | none |
| » href | string | false | none | none |
| » duplicate_ids | array | false | none | none |
| » error_type | string | true* | none | none |
| kubelink_version | string | false | none | Kubelink software version string |
| pce_fqdn | string | false | none | PCE FQDN for this container cluster. Used in Supercluster only |
container_clusters_post
{
"name": "string",
"description": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | User assigned name of the cluster |
| description | string | false | none | User assigned description of the cluster |
container_clusters_put
{
"name": "string",
"description": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | User assigned name of the cluster |
| description | string | false | none | User assigned description of the cluster |
container_clusters_service_backends_get
[
{
"name": "string",
"kind": "string",
"namespace": "string",
"updated_at": "string",
"created_at": "string",
"virtual_services": {
"href": "string",
"name": "string"
}
}
]
The Backend Services associated with Container Clusters
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | The name of the Container Cluster Backend |
| kind | string | true* | none | The type (or kind) of Container Cluster Backend |
| namespace | string | false | none | The namespace of the Container Cluster Backend |
| updated_at | string | true* | none | The time (rfc339 timestamp) at which the Container Cluster Backend was last updated |
| created_at | string | true* | none | The time (rfc339 timestamp) in which the Container Cluster Backend was created |
| virtual_services | object | true* | none | none |
| » href | string | true* | none | The URI to the associated virtual service |
| » name | string | true* | none | The name of virtual service |
events_get
{
"href": "string",
"org_id": 0,
"version": "string",
"event_id": "string",
"event_type": "string",
"status": "string",
"severity": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"action": {
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"event_type": "string",
"status": "string",
"severity": "string",
"task_name": "string",
"api_endpoint": "string",
"api_method": "string",
"http_status_code": 0,
"src_ip": "string",
"errors": [
{
"token": "string",
"message": "string"
}
],
"info": {}
},
"resource_changes": [
{
"href": "string",
"version": "string",
"org_id": 0,
"uuid": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"resource": null,
"changes": {},
"change_type": "string"
}
],
"notifications": [
{
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:26Z",
"pce_fqdn": "string",
"created_by": null,
"notification_type": "string",
"severity": "err",
"info": {}
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | Unique href for this event, which can be used for event lookup via the events API |
| org_id | integer | false | none | org_id for this event. |
| version | string | false | none | The event version of this event for the category it falls under |
| event_id | string | false | none | Unique request/transaction identifier of the API request / context from which this event was generated |
| event_type | string | true* | none | Event name that clearly describes the event |
| status | string | true* | none | Status of the event; usually a mapping of api_status_code to a generic result string; nil if no action. For presentation purposes only. |
| severity | string | true* | none | This event's level of importance |
| timestamp | string(date-time) | true* | none | RFC 3339 timestamp at which this event was originally created |
| pce_fqdn | string | true* | none | Fully qualified domain name of the PCE, where this event originated |
| created_by | object | true* | none | The entity responsible for the creation of this event |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | object | false | none | none |
| » href | string | false | none | Unique href for this action log event, which can be used for event lookup via the events API |
| » event | string | false | none | Correlation href identifying the API request / context from which events originated |
| » timestamp | string(date-time) | false | none | RFC 3339 timestamp at which this event was originally created |
| » pce_fqdn | string | false | none | Fully qualified domain name of the PCE, where this event originated |
| » created_by | object | false | none | The entity responsible for the creation of this event |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » event_type | string | false | none | Event name that clearly describes the action log event |
| » status | string | false | none | Status of the event; usually a mapping of api_status_code to a generic result string. For presentation purposes only. |
| » severity | string | false | none | This event's level of importance |
| » task_name | string | false | none | The name of the timed worker job from which this event originated |
| » api_endpoint | string | false | none | URI of the API invoked |
| » api_method | string | false | none | Name of API method invoked on some target resource(s) |
| » http_status_code | integer | false | none | HTTP status code returned from the API call. |
| » src_ip | string | false | none | Source IP of the request for which the event was generated. If the request is coming from the PCE itself, then we should log the IP of the PCE. |
| » errors | [object] | false | none | Extra information regarding the reason for failure. This property is only for failure events and will not appear in successful events |
| » token | string | false | none | Machine readable error message |
| » message | string | false | none | Human readable error message |
| » info | object | false | none | Extra information about the action log event in json format |
| resource_changes | [object] | false | none | Array of resource log events that were generated during this event |
| » href | string | false | none | Unique href for this resource log event, which can be used for event lookup via the events API |
| » version | string | false | none | The event version of this event for the category it falls under |
| » org_id | integer | false | none | org_id for this event. |
| » uuid | string | false | none | Unique identifier for this event. |
| » event | string | false | none | Correlation href identifying the API request / context from which events originated |
| » timestamp | string(date-time) | false | none | RFC 3339 timestamp at which this event was originally created |
| » pce_fqdn | string | false | none | Fully qualified domain name of the PCE, where this event originated |
| » created_by | object | false | none | The entity responsible for the creation of this event |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » resource | object | true* | none | Canonical representations of a resource |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » changes | object | false | none | Properties of the resource that were changed as a result of the event, with their updated values |
| » change_type | string | true* | none | Type of change, which occurred for this resource(s) |
| notifications | [object] | false | none | Array of notification log events that were generated during this event |
| » href | string | false | none | Unique href for this notification log event, which can be used for event lookup via the events API |
| » event | string | false | none | Correlation href identifying the API request / context from which events originated |
| » timestamp | string(date-time) | false | none | RFC 3339 timestamp at which this event was originally created |
| » pce_fqdn | string | false | none | Fully qualified domain name of the PCE, where this event originated |
| » created_by | object | false | none | The entity responsible for the creation of this event |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » notification_type | string | false | none | Notification name that clearly describes the notification log event |
| » severity | string | false | none | This event's level of importance |
| » info | object | false | none | Extra information about the notification in json format |
Enumerated Values
| Property | Value |
|---|---|
| severity | err |
| severity | warning |
| severity | info |
health_get
{
"status": "string",
"type": "string",
"fqdn": "string",
"available_seconds": 0,
"notifications": [
{
"status": "string",
"token": "string",
"message": "string"
}
],
"listen_only_mode_enabled_at": null,
"nodes": [
{
"hostname": null,
"ip_address": null,
"runlevel": null,
"uptime_seconds": null,
"cpu": {
"status": "normal",
"percent": 0
},
"disk": [
{
"location": "string",
"value": {
"status": "normal",
"percent": 0
}
}
],
"memory": {
"status": "normal",
"percent": 0
},
"services": {
"status": "string",
"running": [
"string"
],
"not_running": [
"string"
],
"partial": [
"string"
],
"optional": [
"string"
],
"unknown": [
"string"
]
},
"generated_at": null
}
],
"network": {
"replication": [
{
"type": "string",
"details": {
"database_name": "string",
"master_fqdn": "string",
"slave_fqdn": "string"
},
"value": {
"status": "string",
"lag_seconds": 0
}
}
]
},
"generated_at": null
}
Health information of PCE Cluster and its nodes
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| status | string | false | none | Overall health status of the PCE |
| type | string | false | none | Type of the PCE |
| fqdn | string | false | none | FQDN of the PCE |
| available_seconds | number | false | none | Seconds since this PCE has been available |
| notifications | [object] | false | none | Notifications for the PCE |
| » status | string | true* | none | Severity status of this notification |
| » token | string | true* | none | Description token of this notification |
| » message | string | false | none | Description string of this notification |
| listen_only_mode_enabled_at | string,null(date-time) | false | none | Timestamp at which PCE Listen Only Mode was enabled |
| nodes | [object] | false | none | Nodes in the PCE |
| » hostname | string,null | true* | none | Hostname of the node |
| » ip_address | string,null | true* | none | IP address of the node |
| » runlevel | number,null | false | none | Runlevel of the node |
| » uptime_seconds | number,null | false | none | Seconds since this node cluster has been rebooted |
| » cpu | object | false | none | none |
| » status | string | true* | none | none |
| » percent | number | true* | none | none |
| » disk | [object] | false | none | Disk usage of this node per individual location |
| » location | string | true* | none | none |
| » value | health_get/properties/nodes/items/properties/cpu | true* | none | none |
| » memory | health_get/properties/nodes/items/properties/cpu | false | none | none |
| » services | object | true* | none | Status of all the PCE Services of this node |
| » status | string | false | none | Overall Service status of the PCE |
| » running | [string] | false | none | none |
| » not_running | [string] | false | none | none |
| » partial | [string] | false | none | none |
| » optional | [string] | false | none | none |
| » unknown | [string] | false | none | none |
| » generated_at | string,null(date-time) | true* | none | Timestamp of when this node information was generated |
| network | object | false | none | Network information of the PCE |
| » replication | [object] | true* | none | Replication information for databases |
| » type | string | true* | none | Type of replication |
| » details | object | true* | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » database_name | string | true* | none | Name of the Database being replicated |
| » master_fqdn | string | true* | none | FQDN of the master database node |
| » slave_fqdn | string | true* | none | FQDN of the slave database node |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » fqdn | string | true* | none | FQDN of the PCE for replication |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » value | object | true* | none | none |
| » status | string | true* | none | Lag status |
| » lag_seconds | number | true* | none | The number of lag seconds |
| » generated_at | string,null(date-time) | false | none | Timestamp of when this PCE information was generated |
Enumerated Values
| Property | Value |
|---|---|
| status | normal |
| status | warning |
| status | critical |
jobs_get
{
"href": "string",
"job_type": "string",
"description": "string",
"status": "string",
"requested_at": "2020-08-19T21:34:26Z",
"requested_by": {
"href": "string"
},
"terminated_at": "2020-08-19T21:34:26Z",
"result": {
"href": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | The job URI. |
| job_type | string | false | none | An arbitrary designator for the job type or kind, typically supplied by the job requestor. |
| description | string | false | none | An arbitrary free-form description of the job, as supplied by the job requestor. |
| status | string | true* | none | The current state of the job, to the effect of its success, failure, etc. |
| requested_at | string(date-time) | false | none | The time (rfc3339 timestamp) at which this job was requested or submitted. |
| requested_by | object | false | none | none |
| » href | string | true* | none | The URI of the user who requested this job. |
| terminated_at | string(date-time) | false | none | The time (rfc3339 timestamp) at which this job terminated, either successfully or failingly. |
| result | object | false | none | The result produced by the job, typically a URI (with 'href' sub-property), or an error in case of failure. |
| » href | string | false | none | The href to collect the response body |
[
{
"href": "string",
"deleted": true,
"key": "string",
"value": "string",
"external_data_set": null,
"external_data_reference": null,
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
}
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of this label |
| deleted | boolean | false | none | This label has been deleted |
| key | string | true* | none | Key in key-value pair |
| value | string | true* | none | Value in key-value pair |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| created_at | string(date-time) | true* | none | Timestamp when this label was first created |
| updated_at | string(date-time) | true* | none | Timestamp when this label was last updated |
| created_by | object | false | none | none |
| » href | string | true* | none | User who originally created this label |
| updated_by | object | false | none | none |
| » href | string | true* | none | User who last updated this label |
{
"key": "role",
"value": "string",
"external_data_set": null,
"external_data_reference": null
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| key | string | true* | none | Key in key-value pair |
| value | string | true* | none | Value in key-value pair |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
Enumerated Values
| Property | Value |
|---|---|
| key | role |
| key | loc |
| key | env |
| key | app |
{
"value": "string",
"external_data_set": null,
"external_data_reference": null
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | false | none | Value in key-value pair |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
login_users_authenticate_post
{}
Properties
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | null | false | none | none |
login_users_password_put
{
"password": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| password | string | true* | none | New password |
network_devices_enforcement_instructions_applied_post
{}
Properties
None
network_devices_enforcement_instructions_request_post
{}
Properties
None
network_devices_get
[
{
"href": "string",
"config": {
"name": "string",
"description": "string",
"device_type": "string",
"manufacturer": "string",
"model": "string",
"ip_address": "string",
"credentials": {
"type": "cli",
"port": 0,
"username": "string",
"password": "string"
}
},
"configure": true,
"enforcement_instructions_generation_in_progress": true,
"enforcement_instructions_data_href": "string",
"enforcement_instructions_data_timestamp": "2020-08-19T21:34:26Z",
"enforcement_instructions_ack_href": "string",
"enforcement_instructions_ack_timestamp": "2020-08-19T21:34:26Z",
"supported_endpoint_type": "string",
"endpoints": [
{
"href": "string"
}
],
"network_enforcement_node": {
"href": "string"
},
"status": "string"
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | URI of network device |
| config | network_devices_put | true* | none | none |
| configure | boolean | false | none | Enable configuration of the device by the network enforcement platform |
| enforcement_instructions_generation_in_progress | boolean | false | none | Flag to indicate if an enforceement instructions generation is in progress for this network_device |
| enforcement_instructions_data_href | string | false | none | href to download the enforcement instructions data (this expires 7 days after data uploaded from network enforcement node) |
| enforcement_instructions_data_timestamp | string(date-time) | false | none | Timestamp indicating when enforcement instructions data were received from network enforcement node |
| enforcement_instructions_ack_href | string | false | none | href to download the enforcement instructions ack log (this expires 7 days after data uploaded from network enforcement node) |
| enforcement_instructions_ack_timestamp | string(date-time) | false | none | Timestamp indicating when enforcement instructions ack log was received from network enforcement node |
| supported_endpoint_type | string | true* | none | Type of endpoint supported by this device |
| endpoints | [object] | false | none | none |
| » href | string | false | none | URI of endpoint |
| network_enforcement_node | object | true* | none | none |
| » href | string | false | none | URI of owning network_enforcement_agent |
| status | string | false | none | Status of device |
network_devices_multi_enforcement_instructions_applied_post
{}
Supply one of the following properties
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| all_devices | boolean | false | none | Flag to indicate that enforcement instructions are required for all network devices |
| network_devices | [object] | false | none | none |
| » href | string | false | none | href of network device |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| all_devices | true* |
network_devices_multi_enforcement_instructions_request_post
{}
Supply one of the following properties
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| all_devices | boolean | false | none | Flag to indicate that enforcement instructions are required for all network devices |
| network_devices | [object] | false | none | none |
| » href | string | false | none | href of network device |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| all_devices | true* |
network_devices_network_endpoints_get
[
{
"href": "string",
"config": {
"endpoint_type": "string",
"name": "string",
"traffic_flow_id": "string",
"workload_discovery": true
},
"workload_discovery": true,
"network_device": {
"href": "string"
},
"workloads": [
{
"href": "string"
}
],
"status": "string"
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URL of device endpoint |
| config | network_devices_network_endpoints_post/properties/config | false | none | none |
| workload_discovery | boolean | false | none | Flag to indicate if workload discovery is enabled |
| network_device | object | false | none | Associated network device |
| » href | string | false | none | URI of network device |
| workloads | [object] | false | none | List of managed workloads |
| » href | string | false | none | URI of workload |
| status | string | false | none | Endpoint status |
network_devices_network_endpoints_post
{
"config": {
"endpoint_type": "string",
"name": "string",
"traffic_flow_id": "string",
"workload_discovery": true
},
"workloads": [
{
"href": "string"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| config | object | true* | none | none |
| » endpoint_type | string | false | none | The type of endpoint |
| » name | string | false | none | The name of the endpoint e.g. interface name |
| » traffic_flow_id | string | false | none | A traffic flow identifier for this endpoint e.g. switch port IfIndex |
| » workload_discovery | boolean | false | none | Flag to indicate if workload discovery is enabled |
| workloads | [object] | false | none | List of managed workloads |
| » href | string | true* | none | URI of workload |
network_devices_network_endpoints_put
{
"config": {
"endpoint_type": "string",
"name": "string",
"traffic_flow_id": "string",
"workload_discovery": true
},
"workloads": [
{
"href": "string"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| config | network_devices_network_endpoints_post/properties/config | false | none | none |
| workloads | [object] | false | none | List of managed workloads |
| » href | string | true* | none | URI of workload |
network_devices_put
{
"name": "string",
"description": "string",
"device_type": "string",
"manufacturer": "string",
"model": "string",
"ip_address": "string",
"credentials": {
"type": "cli",
"port": 0,
"username": "string",
"password": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | The name of the device |
| description | string | false | none | Description of the device |
| device_type | string | false | none | Type of device |
| manufacturer | string | false | none | The manufacturer of the device |
| model | string | false | none | The model of the device |
| ip_address | string | false | none | The IP address of the device |
| credentials | object | false | none | none |
| » type | string | false | none | The type of credential used to access the device |
| » port | integer | false | none | The device port, if non-standard for credential type |
| » username | string | false | none | The username used to access the device |
| » password | string | false | none | The password used to access the device |
Enumerated Values
| Property | Value |
|---|---|
| type | cli |
| type | api |
network_enforcement_nodes_get
[
{
"uuid": "string",
"org_id": 0,
"hostname": "string",
"name": "string",
"public_ip": "string",
"software_version": "string",
"last_status_at": null,
"uptime_seconds": null,
"network_devices": [],
"supported_devices": [
{
"device_type": "string",
"manufacturers": [
{
"manufacturer": "string",
"models": [
{
"model": "string",
"endpoint_type": "string"
}
]
}
]
}
]
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| uuid | string | false | none | The uuid for this network enforcement node |
| org_id | integer | false | none | The org id for this network enforcement node |
| hostname | string | false | none | The hostname for this network enforcement node |
| name | string | false | none | User friendly name for this network enforcement node |
| public_ip | string | false | none | Public ip of this network enforcement node |
| software_version | string | false | none | Network enforcement node software version string |
| last_status_at | string,null(date-time) | false | none | The last time (rfc3339 timestamp) a status was received from this node |
| uptime_seconds | integer,null | false | none | How long since the last restart of this service. |
| network_devices | array | false | none | Managed network devices |
| supported_devices | [object] | false | none | none |
| » device_type | string | false | none | Type of network device |
| » manufacturers | [object] | false | none | none |
| » manufacturer | string | false | none | Device manufacturer |
| » models | [object] | false | none | none |
| » model | string | true* | none | Device model |
| » endpoint_type | string | false | none | Type of supported endpoint |
network_enforcement_nodes_network_devices_post
{
"name": "string",
"description": "string",
"device_type": "string",
"manufacturer": "string",
"model": "string",
"ip_address": "string",
"credentials": {
"type": "cli",
"port": 0,
"username": "string",
"password": "string"
}
}
Properties
None
noop_get
{}
Properties
None
orgs_auth_security_principals_get
[
{
"type": "user",
"name": "string",
"display_name": "string",
"href": "string"
}
]
The list of the auth_security_principals in this org
Properties
allOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | orgs_auth_security_principals_post/allOf/0 | false | none | none |
and
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | orgs_permissions_put/properties/auth_security_principal | false | none | none |
orgs_auth_security_principals_post
{
"type": "user",
"name": "string",
"display_name": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| type | string | true* | none | type of the auth_security_principal |
| name | string | true* | none | name of auth_security_principal |
| display_name | string | false | none | name of auth_security_principal |
Enumerated Values
| Property | Value |
|---|---|
| type | user |
| type | group |
orgs_auth_security_principals_put
{}
The details of security principal to edit
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| type | string | false | none | type of the auth_security_principal |
| name | string | false | none | name of the auth_security_principal |
| display_name | string | false | none | display name of the auth_security_principal |
anyOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| type | user |
| type | group |
orgs_permissions_get
[
{
"role": {
"href": "string"
},
"scope": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"auth_security_principal": {
"href": "string"
},
"href": "string"
}
]
The list of the auth_security_principals in this org
Properties
allOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | orgs_permissions_post/allOf/0 | false | none | Permission granted |
and
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
| » href | string | true* | none | URI of permission |
orgs_permissions_post
{
"role": {
"href": "string"
},
"scope": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"auth_security_principal": {
"href": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| role | orgs_permissions_put/properties/role | true* | none | none |
| scope | [object] | true* | none | Assigned labels summary |
| » href | string | true* | none | Label URI |
| » key | string | false | none | Key in key-value pair |
| » value | string | false | none | Value in key-value pair |
| auth_security_principal | orgs_permissions_put/properties/auth_security_principal | true* | none | none |
orgs_permissions_put
{}
The details of the permission to edit
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| role | object | false | none | none |
| » href | string | true* | none | URI of Role |
| scope | agents_get/properties/labels | false | none | Assigned labels |
| auth_security_principal | object | false | none | none |
| » href | string | true* | none | URI of auth_security_principal |
anyOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
pairing_profiles_get
{
"href": "string",
"name": "string",
"description": "string",
"mode": "idle",
"enabled": true,
"total_use_count": 0,
"allowed_uses_per_key": 1,
"key_lifespan": 1,
"last_pairing_at": "string",
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"is_default": true,
"labels": [
{
"href": "string"
}
],
"env_label_lock": true,
"loc_label_lock": true,
"role_label_lock": true,
"app_label_lock": true,
"mode_lock": true,
"log_traffic": true,
"log_traffic_lock": true,
"visibility_level": "string",
"visibility_level_lock": true,
"external_data_set": null,
"external_data_reference": null,
"agent_software_release": null
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of the pairing profile |
| name | string | true* | none | The short friendly name of the pairing profile |
| description | string | true* | none | The long description of the pairing profile |
| mode | agents_get/properties/mode | true* | none | Agent management mode |
| enabled | boolean | true* | none | The enabled flag of the pairing profile |
| total_use_count | integer | true* | none | The number of times the pairing profile has been used |
| allowed_uses_per_key | any | true* | none | The number of times the pairing profile can be used |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | integer | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | string | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| key_lifespan | any | true* | none | Number of seconds pairing profile keys will be valid for |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | integer | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | string | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| last_pairing_at | string | true* | none | Timestamp when this pairing profile was last used for pairing a workload |
| created_at | string(date-time) | true* | none | Timestamp when this pairing profile was first created |
| updated_at | string(date-time) | true* | none | Timestamp when this pairing profile was last updated |
| created_by | object | false | none | none |
| » href | string | true* | none | User who originally created this pairing profile |
| updated_by | object | false | none | none |
| » href | string | true* | none | User who last updated this pairing_profile |
| is_default | boolean | true* | none | Flag indicating this is default auto-created pairing profile |
| labels | agents_get/properties/labels | true* | none | Assigned labels |
| env_label_lock | boolean | true* | none | Flag that controls whether env label can be overridden from pairing script |
| loc_label_lock | boolean | true* | none | Flag that controls whether loc label can be overridden from pairing script |
| role_label_lock | boolean | true* | none | Flag that controls whether role label can be overridden from pairing script |
| app_label_lock | boolean | true* | none | Flag that controls whether app label can be overridden from pairing script |
| mode_lock | boolean | true* | none | Flag that controls whether mode can be overridden from pairing script |
| log_traffic | boolean | true* | none | Alerting status |
| log_traffic_lock | boolean | true* | none | Flag that controls whether log_traffic can be overridden from pairing script |
| visibility_level | string | true* | none | Visibility level of the agent |
| visibility_level_lock | boolean | true* | none | Flag that controls whether visibility_level can be overridden from pairing script |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| agent_software_release | string,null | false | none | Agent software release associated with this paring profile |
pairing_profiles_pairing_key_post
{}
Properties
None
pairing_profiles_post
{
"name": "string",
"description": "string",
"mode": "idle",
"enabled": true,
"allowed_uses_per_key": 1,
"key_lifespan": 1,
"labels": [
{
"href": "string"
}
],
"env_label_lock": true,
"loc_label_lock": true,
"role_label_lock": true,
"app_label_lock": true,
"mode_lock": true,
"log_traffic": true,
"log_traffic_lock": true,
"visibility_level": "flow_full_detail",
"visibility_level_lock": true,
"external_data_set": null,
"external_data_reference": null,
"agent_software_release": null
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | The short friendly name of the pairing profile |
| description | string | false | none | The long description of the pairing profile |
| mode | agents_get/properties/mode | false | none | Agent management mode |
| enabled | boolean | true* | none | The enabled flag of the pairing profile |
| allowed_uses_per_key | any | false | none | The number of times pairing profile keys can be used |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | integer | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | string | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| key_lifespan | any | false | none | Number of seconds pairing profile keys will be valid for |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | integer | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | string | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| labels | agents_get/properties/labels | false | none | Assigned labels |
| env_label_lock | boolean | false | none | Flag that controls whether env label can be overridden from pairing script |
| loc_label_lock | boolean | false | none | Flag that controls whether loc label can be overridden from pairing script |
| role_label_lock | boolean | false | none | Flag that controls whether role label can be overridden from pairing script |
| app_label_lock | boolean | false | none | Flag that controls whether app label can be overridden from pairing script |
| mode_lock | boolean | false | none | Flag that controls whether mode can be overridden from pairing script |
| log_traffic | boolean | false | none | Alerting status |
| log_traffic_lock | boolean | false | none | Flag that controls whether log_traffic can be overridden from pairing script |
| visibility_level | string | false | none | Visibility level of the agent |
| visibility_level_lock | boolean | false | none | Flag that controls whether visibility_level can be overridden from pairing script |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| agent_software_release | string,null | false | none | Agent software release associated with this paring profile |
Enumerated Values
| Property | Value |
|---|---|
| anonymous | unlimited |
| anonymous | unlimited |
| visibility_level | flow_full_detail |
| visibility_level | flow_summary |
| visibility_level | flow_drops |
| visibility_level | flow_off |
pairing_profiles_put
{
"name": "string",
"description": "string",
"mode": "idle",
"enabled": true,
"allowed_uses_per_key": 1,
"key_lifespan": 1,
"labels": [
{
"href": "string"
}
],
"env_label_lock": true,
"loc_label_lock": true,
"role_label_lock": true,
"app_label_lock": true,
"mode_lock": true,
"log_traffic": true,
"log_traffic_lock": true,
"visibility_level": "flow_full_detail",
"visibility_level_lock": true,
"external_data_set": null,
"external_data_reference": null,
"agent_software_release": null
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | The short friendly name of the pairing profile |
| description | string | false | none | The long description of the pairing profile |
| mode | agents_get/properties/mode | false | none | Agent management mode |
| enabled | boolean | false | none | The enabled flag of the pairing profile |
| allowed_uses_per_key | any | false | none | The number of times pairing profile keys can be used |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | integer | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | string | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| key_lifespan | any | false | none | Number of seconds pairing profile keys will be valid for |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | integer | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | string | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| labels | agents_get/properties/labels | false | none | Assigned labels |
| env_label_lock | boolean | false | none | Flag that controls whether env label can be overridden from pairing script |
| loc_label_lock | boolean | false | none | Flag that controls whether loc label can be overridden from pairing script |
| role_label_lock | boolean | false | none | Flag that controls whether role label can be overridden from pairing script |
| app_label_lock | boolean | false | none | Flag that controls whether app label can be overridden from pairing script |
| mode_lock | boolean | false | none | Flag that controls whether mode can be overridden from pairing script |
| log_traffic | boolean | false | none | Alerting status |
| log_traffic_lock | boolean | false | none | Flag that controls whether log_traffic can be overridden from pairing script |
| visibility_level | string | false | none | Visibility level of the agent |
| visibility_level_lock | boolean | false | none | Flag that controls whether visibility_level can be overridden from pairing script |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| agent_software_release | string,null | false | none | Agent software release associated with this paring profile |
Enumerated Values
| Property | Value |
|---|---|
| anonymous | unlimited |
| anonymous | unlimited |
| visibility_level | flow_full_detail |
| visibility_level | flow_summary |
| visibility_level | flow_drops |
| visibility_level | flow_off |
product_version_get
{
"product_version": {
"version": "string",
"build": 0,
"release_info": "string",
"engineering_info": "string",
"long_display": "string",
"short_display": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| product_version | object | true* | none | The product version object |
| » version | string | true* | none | The product version major.minor.patch |
| » build | integer | true* | none | The build number |
| » release_info | string | false | none | A extra string designator for the release |
| » engineering_info | string | false | none | A extra string designator used for engineering only |
| » long_display | string | false | none | A version string for human consumption |
| » short_display | string | false | none | A version string for human consumption |
sec_policy_allow_get
[
{
"href": "string",
"enabled": true,
"description": "string",
"service": {
"href": "string"
},
"ub_service": null,
"sec_connect": true,
"providers": [
{
"actors": "string",
"label": {
"href": "string"
},
"agent": {
"href": "string"
},
"workload": {
"href": "string"
},
"bound_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "string",
"label": {
"href": "string"
},
"agent": {
"href": "string"
},
"workload": {
"href": "string"
},
"bound_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
]
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of object |
| enabled | boolean | true* | none | Enabled flag |
| description | string | false | none | Description |
| service | object | false | none | URI of associated service |
| » href | string | true* | none | Service URI |
| ub_service | object,null | true* | none | URI of UB side service |
| sec_connect | boolean | false | none | Whether a secure connection is established |
| providers | [object] | true* | none | Providers |
| » actors | string | false | none | Rule actors are all workloads ('ams') |
| » label | object | false | none | none |
| » href | string | true* | none | Label URI |
| » agent | object | false | none | none |
| » href | string | true* | none | Agent URI |
| » workload | object | false | none | none |
| » href | string | true* | none | Workload URI |
| » bound_service | object | false | none | none |
| » href | string | true* | none | Bound service URI |
| » virtual_server | object | false | none | none |
| » href | string | true* | none | Virtual server URI |
| » ip_list | object | false | none | URI of associated IP List |
| » href | string | true* | none | IP List URI |
| » consumers | [object] | true* | none | Users |
| » actors | string | false | none | Rule actors are all workloads ('ams') |
| » label | object | false | none | none |
| » href | string | true* | none | Label URI |
| » agent | object | false | none | none |
| » href | string | true* | none | Agent URI |
| » workload | object | false | none | none |
| » href | string | true* | none | Workload URI |
| » bound_service | object | false | none | none |
| » href | string | true* | none | Bound service URI |
| » ip_list | object | false | none | URI of associated IP List |
| » href | string | true* | none | IP List URI |
sec_policy_delete_put
{
"change_subset": {
"label_groups": [
{
"href": "string"
}
],
"services": [
{
"href": "string"
}
],
"rule_sets": [
{
"href": "string"
}
],
"ip_lists": [
{
"href": "string"
}
],
"virtual_services": [
{
"href": "string"
}
],
"firewall_settings": [
{
"href": "string"
}
],
"secure_connect_gateways": [
{
"href": "string"
}
],
"virtual_servers": [
{
"href": "string"
}
]
}
}
Properties
sec_policy_dependencies_post
{
"operation": "commit",
"change_subset": {
"label_groups": [
{
"href": "string"
}
],
"services": [
{
"href": "string"
}
],
"rule_sets": [
{
"href": "string"
}
],
"ip_lists": [
{
"href": "string"
}
],
"virtual_services": [
{
"href": "string"
}
],
"firewall_settings": [
{
"href": "string"
}
],
"secure_connect_gateways": [
{
"href": "string"
}
],
"virtual_servers": [
{
"href": "string"
}
]
}
}
Properties
Enumerated Values
| Property | Value |
|---|---|
| operation | commit |
| operation | revert |
sec_policy_firewall_settings_get
{
"static_policy_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"firewall_coexistence": null,
"containers_inherit_host_policy_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"blocked_connection_reject_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"update_type": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| static_policy_scopes | [sec_policy_firewall_settings_get/properties/blocked_connection_reject_scopes/items] | false | none | Rule set scopes |
| firewall_coexistence | array,null | false | none | none |
| » scope | agents_get/properties/labels | true* | none | Assigned labels |
| » workload_mode | string | false | none | Additional match criteria to select workload(s) |
| » illumio_primary | boolean | true* | none | Configure Illumio to be the primary firewall |
| containers_inherit_host_policy_scopes | sec_policy_firewall_settings_get/properties/static_policy_scopes | false | none | Rule set scopes |
| blocked_connection_reject_scopes | [array] | false | none | Scopes whose blocked connection action will be reject |
| » label | object | false | none | none |
| » href | string | true* | none | Label URI |
| » label_group | object | false | none | none |
| » href | string | true* | none | Label group URI |
| » created_at | string(date-time) | false | none | Time stamp when these firewall settings were first created |
| » updated_at | string(date-time) | false | none | Time stamp when these firewall settings were last updated |
| » deleted_at | string(date-time) | false | none | Time stamp when these firewall settings were deleted |
| » created_by | object | false | none | none |
| » href | string | true* | none | User who originally created these firewall settings |
| » updated_by | object | false | none | none |
| » href | string | true* | none | User who last updated these firewall settings |
| » deleted_by | object | false | none | none |
| » href | string | true* | none | User who deleted these firewall settings |
| » update_type | string | true* | none | Type of update |
sec_policy_firewall_settings_put
{
"update_type": "create",
"static_policy_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"firewall_coexistence": null,
"containers_inherit_host_policy_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"blocked_connection_reject_scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| update_type | string | false | none | Type of update |
| static_policy_scopes | sec_policy_firewall_settings_get/properties/static_policy_scopes | false | none | Rule set scopes |
| firewall_coexistence | array,null | false | none | none |
| » scope | agents_get/properties/labels | true* | none | Assigned labels |
| » workload_mode | string | false | none | Additional match criteria to select workload(s) |
| » illumio_primary | boolean | true* | none | Configure Illumio to be the primary firewall |
| containers_inherit_host_policy_scopes | sec_policy_firewall_settings_get/properties/static_policy_scopes | false | none | Rule set scopes |
| blocked_connection_reject_scopes | [sec_policy_firewall_settings_get/properties/blocked_connection_reject_scopes/items] | false | none | Scopes whose blocked connection action will be reject |
Enumerated Values
| Property | Value |
|---|---|
| update_type | create |
| update_type | update |
| update_type | delete |
| workload_mode | enforced |
| workload_mode | illuminated |
sec_policy_get
{
"href": "string",
"version": "string",
"workloads_affected": 0,
"commit_message": "string",
"object_counts": {
"rule_sets": 0,
"ip_lists": 0,
"services": 0,
"virtual_services": 0,
"label_groups": 0,
"virtual_servers": 0,
"firewall_settings": 0,
"secure_connect_gateways": 0
},
"created_at": "string",
"created_by": {
"href": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | URI of the policy |
| version | string | true* | none | Policy version |
| workloads_affected | integer | true* | none | Number of workloads affected by the policy |
| commit_message | string | true* | none | Commit message for the policy |
| object_counts | object | false | none | Number of objects present in the given version of policy |
| » rule_sets | integer | false | none | none |
| » ip_lists | integer | false | none | none |
| » services | integer | false | none | none |
| » virtual_services | integer | false | none | none |
| » label_groups | integer | false | none | none |
| » virtual_servers | integer | false | none | none |
| » firewall_settings | integer | false | none | none |
| » secure_connect_gateways | integer | false | none | none |
| created_at | string | true* | none | Timestamp when this label was first created |
| created_by | object | false | none | none |
| » href | string | true* | none | User who originally created this label |
sec_policy_ip_lists_get
{
"href": "string",
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ip_ranges": [
{
"description": "string",
"from_ip": "string",
"to_ip": "string",
"exclusion": true
}
],
"fqdns": [
{
"fqdn": "string",
"description": "string"
}
],
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of the ip list |
| name | string | true* | none | Name (must be unique) |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| ip_ranges | [object] | false | none | IP addresses or ranges |
| » description | string | false | none | Description |
| » from_ip | string | true* | none | IP address or a low end of IP range. Might be specified with CIDR notation |
| » to_ip | string | false | none | High end of an IP range |
| » exclusion | boolean | false | none | Whether this IP address is an exclusion. Exclusions must be a strict subset of inclusive IP addresses. |
| fqdns | [object] | false | none | Collection of FQDN |
| » fqdn | string | true* | none | none |
| » description | string | false | none | none |
| created_at | string(date-time) | false | none | Time stamp when this IP List was first created |
| updated_at | string(date-time) | false | none | Time stamp when this IP List was last updated |
| deleted_at | string(date-time) | false | none | Time stamp when this IP List was deleted |
| created_by | object | false | none | none |
| » href | string | true* | none | User who originally created this IP List |
| updated_by | object | false | none | none |
| » href | string | true* | none | User who last updated this IP List |
| deleted_by | object | false | none | none |
| » href | string | true* | none | User who deleted this IP List |
sec_policy_ip_lists_post
{
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ip_ranges": [
{
"description": "string",
"from_ip": "string",
"to_ip": "string",
"exclusion": true
}
],
"fqdns": [
{
"fqdn": "string",
"description": "string"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | Name (must be unique) |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| ip_ranges | sec_policy_ip_lists_get/properties/ip_ranges | false | none | IP addresses or ranges |
| fqdns | [object] | false | none | Collection of FQDN |
| » fqdn | string | true* | none | none |
| » description | string | false | none | none |
sec_policy_ip_lists_put
{
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ip_ranges": [
{
"description": "string",
"from_ip": "string",
"to_ip": "string",
"exclusion": true
}
],
"fqdns": [
{
"fqdn": "string",
"description": "string"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | Name (must be unique) |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| ip_ranges | sec_policy_ip_lists_get/properties/ip_ranges | false | none | IP addresses or ranges |
| fqdns | [object] | false | none | Collection of FQDN |
| » fqdn | string | true* | none | none |
| » description | string | false | none | none |
sec_policy_label_groups_get
{
"name": "string",
"description": "string",
"key": "string",
"labels": [
{
"href": "string",
"value": "string"
}
],
"sub_groups": [
{
"href": "string",
"name": "string"
}
],
"usage": {
"label_group": true,
"ruleset": true,
"rule": true,
"static_policy_scopes": true,
"containers_inherit_host_policy_scopes": true,
"blocked_connection_reject_scope": true
},
"external_data_set": null,
"external_data_reference": null
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | Name of the label group |
| description | string | false | none | The long description of the label group |
| key | string | false | none | Key in key-value pair of contained labels or label groups |
| labels | [object] | false | none | Contained labels |
| » href | string | true* | none | Label URI |
| » value | string | false | none | Label value in key-value pair |
| sub_groups | [object] | false | none | Contained label groups |
| » href | string | true* | none | Contained label group URI |
| » name | string | false | none | Name of sub label group |
| usage | object | false | none | none |
| » label_group | boolean | true* | none | Label group is referenced by another label group |
| » ruleset | boolean | true* | none | Label is referenced by at least one ruleset |
| » rule | boolean | true* | none | Label is referenced by at least one rule |
| » static_policy_scopes | boolean | false | none | Label is referenced by static policy scopes |
| » containers_inherit_host_policy_scopes | boolean | false | none | Label is referenced by containers inherit host policy scopes |
| » blocked_connection_reject_scope | boolean | false | none | Label Group is referenced by blocked connection reject scope |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
sec_policy_label_groups_member_of_get
[
{
"href": "string",
"name": "string"
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | Parent label group URI |
| name | string | false | none | Name of parent label group |
sec_policy_label_groups_post
{
"name": "string",
"description": "string",
"key": "string",
"labels": [
{
"href": "string"
}
],
"sub_groups": [
{
"href": "string"
}
],
"external_data_set": null,
"external_data_reference": null
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | Name of the label group |
| description | string | false | none | The long description of the label group |
| key | string | true* | none | Key in key-value pair of contained labels or label groups |
| labels | [object] | false | none | Contained labels |
| » href | string | true* | none | Label URI |
| sub_groups | [object] | false | none | Contained label groups |
| » href | string | true* | none | Sub label group URI |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
sec_policy_label_groups_put
{
"name": "string",
"description": "string",
"labels": [
{
"href": "string"
}
],
"sub_groups": [
{
"href": "string"
}
],
"external_data_set": null,
"external_data_reference": null
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | Name of the label group |
| description | string | false | none | The long description of the label group |
| labels | [object] | false | none | Contained labels |
| » href | string | true* | none | Label URI |
| sub_groups | [object] | false | none | Contained label groups |
| » href | string | true* | none | Sub label group URI |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
sec_policy_modified_objects_get
{
"update_type": null,
"object_type": null,
"href": null,
"name": "string",
"modified_at": "string",
"modified_by": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| update_type | any | true* | none | Type of update |
| object_type | any | true* | none | Object Type |
| href | any | true* | none | Href of modified object |
| name | string | true* | none | Name |
| modified_at | string | true* | none | Time stamp of when this object was last modified |
| modified_by | string | true* | none | User who modified the object (href) |
sec_policy_pending_get
{
"rule_sets": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "string",
"related_ip_lists": [
{
"href": "string"
}
],
"related_services": [
{
"href": "string"
}
]
}
],
"firewall_settings": {
"href": "string",
"update_type": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z"
},
"ip_lists": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
],
"services": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
],
"virtual_servers": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
],
"label_groups": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
],
"secure_connect_gateways": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
],
"virtual_services": [
{
"name": "string",
"href": "string",
"updated_by": null,
"updated_at": "2020-08-19T21:34:26Z",
"update_type": "create",
"caps": [
"write"
]
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| rule_sets | [object] | false | none | Array of modified rulesets in the current policy draft |
| » name | string | true* | none | Ruleset name |
| » href | string | false | none | URI of the Ruleset |
| » updated_by | any | true* | none | none |
| » updated_at | string(date-time) | true* | none | Time stamp when this resource was last updated |
| » update_type | string | true* | none | Type of update |
| » related_ip_lists | [any] | false | none | Related IP Lists |
| » href | string | true* | none | URI of IP List |
| » related_services | [any] | false | none | Related Services |
| » href | string | true* | none | URI of Service |
| » firewall_settings | object | false | none | Firewall settings updated by the current policy draft |
| » href | string | false | none | URI of the resource |
| » update_type | string | false | none | Type of update |
| » updated_by | any | true* | none | none |
| » updated_at | string(date-time) | true* | none | Time stamp when this resource was last updated |
| » ip_lists | [object] | false | none | Array of modified resources for a given type in the current policy draft |
| » name | string | true* | none | Resource name |
| » href | string | false | none | URI of the resource |
| » updated_by | any | true* | none | none |
| » updated_at | string(date-time) | true* | none | Time stamp when this resource was last updated |
| » update_type | string | true* | none | Type of update |
| » caps | [string] | false | none | Array of permissions for the entity for the current user - an empty array implies read only access |
| » services | sec_policy_pending_get/properties/ip_lists | false | none | Array of modified resources for a given type in the current policy draft |
| » virtual_servers | sec_policy_pending_get/properties/ip_lists | false | none | Array of modified resources for a given type in the current policy draft |
| » label_groups | sec_policy_pending_get/properties/ip_lists | false | none | Array of modified resources for a given type in the current policy draft |
| » secure_connect_gateways | sec_policy_pending_get/properties/ip_lists | false | none | Array of modified resources for a given type in the current policy draft |
| » virtual_services | sec_policy_pending_get/properties/ip_lists | false | none | Array of modified resources for a given type in the current policy draft |
Enumerated Values
| Property | Value |
|---|---|
| update_type | create |
| update_type | update |
| update_type | delete |
sec_policy_post
{
"update_description": "string",
"change_subset": {
"label_groups": [
{
"href": "string"
}
],
"services": [
{
"href": "string"
}
],
"rule_sets": [
{
"href": "string"
}
],
"ip_lists": [
{
"href": "string"
}
],
"virtual_services": [
{
"href": "string"
}
],
"firewall_settings": [
{
"href": "string"
}
],
"secure_connect_gateways": [
{
"href": "string"
}
],
"virtual_servers": [
{
"href": "string"
}
]
}
}
Properties
sec_policy_restore_post
{}
Properties
None
sec_policy_rule_search_post
{
"enabled": true,
"description": "string",
"ingress_services": [
{
"href": "string"
}
],
"sec_connect": true,
"machine_auth": true,
"stateless": true,
"providers": [
{
"actors": "string",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "string",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true,
"update_type": "create"
}
Filters for Rule Search
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| enabled | boolean | false | none | Enabled flag of the Rule |
| description | string | false | none | Description of the Rule |
| ingress_services | [oneOf] | false | none | Services and ports used in the Rule |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » href | string | true* | none | URI of the service |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » service_name | string | false | none | Name of Windows Service |
| » process_name | string | false | none | Name of running process |
| » port | integer | false | none | Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range. |
| » to_port | integer | false | none | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | workloads_get/properties/services/properties/open_service_ports/items/properties/protocol | false | none | Transport protocol |
| » icmp_type | integer | false | none | ICMP Type (integer 0-255 for icmp protocol) |
| » icmp_code | integer | false | none | ICMP Code (integer 0-15 for icmp protocol) |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » sec_connect | boolean | false | none | Whether a secure connection is established in the Rule |
| » machine_auth | boolean | false | none | Whether machine authentication is enabled in the Rule |
| » stateless | boolean | false | none | Whether stateless is enabled in the Rule |
| » providers | [object] | false | none | Providers for Rule Search |
| » actors | string | false | none | Rule actors are all workloads ('ams') |
| » label | object | false | none | none |
| » href | string | true* | none | Label URI |
| » label_group | object | false | none | none |
| » href | string | true* | none | Label group URI |
| » workload | object | false | none | none |
| » href | string | true* | none | Workload URI |
| » virtual_service | object | false | none | none |
| » href | string | true* | none | Virtual service URI |
| » virtual_server | object | false | none | none |
| » href | string | true* | none | Virtual server URI |
| » ip_list | object | false | none | URI of associated IP List |
| » href | string | true* | none | IP List URI |
| » consumers | [object] | false | none | Providers for Rule Search |
| » actors | string | false | none | Rule actors are all workloads ('ams') |
| » label | object | false | none | none |
| » href | string | true* | none | Label URI |
| » label_group | object | false | none | none |
| » href | string | true* | none | Label group URI |
| » workload | object | false | none | none |
| » href | string | true* | none | Workload URI |
| » virtual_service | object | false | none | none |
| » href | string | true* | none | Virtual service URI |
| » ip_list | object | false | none | URI of associated IP List |
| » href | string | true* | none | IP List URI |
| » consuming_security_principals | [object] | false | none | Hrefs of consuming security principals |
| » href | string | false | none | none |
| » unscoped_consumers | boolean | false | none | UB scope set to All in the Rule |
| » update_type | string | false | none | Type of update for the Rule |
Enumerated Values
| Property | Value |
|---|---|
| update_type | create |
| update_type | update |
| update_type | delete |
sec_policy_rule_sets_get
{
"href": "string",
"created_at": "2020-08-19T21:34:26Z",
"updated_at": "2020-08-19T21:34:26Z",
"deleted_at": "2020-08-19T21:34:26Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"update_type": "string",
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"enabled": true,
"scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"rules": [
{
"href": "string",
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true,
"update_type": "string"
}
],
"ip_tables_rules": [
{
"href": "string",
"enabled": true,
"description": "string",
"statements": [
{
"table_name": "nat",
"chain_name": "PREROUTING",
"parameters": "string"
}
],
"actors": [
{
"actors": "string",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
}
}
],
"ip_version": "4"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of the rule set |
| created_at | string(date-time) | true* | none | Timestamp when this rule set was first created |
| updated_at | string(date-time) | true* | none | Timestamp when this rule set was last updated |
| deleted_at | string(date-time) | true* | none | Timestamp when this rule set was deleted |
| created_by | object | false | none | none |
| » href | string | true* | none | User who originally created this rule set |
| updated_by | object | false | none | none |
| » href | string | true* | none | User who last updated this rule set |
| deleted_by | object | false | none | none |
| » href | string | true* | none | User who deleted this rule set |
| update_type | string | false | none | Type of update |
| name | string | true* | none | Name (must be unique) |
| description | string | true* | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| enabled | boolean | true* | none | Enabled flag |
| scopes | sec_policy_firewall_settings_get/properties/static_policy_scopes | true* | none | Rule set scopes |
| rules | [object] | true* | none | Array of rules in this rule set |
| » href | string | false | none | URI of object |
| » enabled | boolean | true* | none | Enabled flag |
| » description | string | false | none | Description |
| » external_data_set | string,null | false | none | External data set identifier |
| » external_data_reference | string,null | false | none | External data reference identifier |
| » ingress_services | sec_policy_rule_sets_put/properties/rules/items/properties/ingress_services | true* | none | Array of service URI and port/protocol combinations |
| » resolve_labels_as | sec_policy_rule_sets_put/properties/rules/items/properties/resolve_labels_as | true* | none | none |
| » sec_connect | boolean | false | none | Whether a secure connection is established |
| » stateless | boolean | false | none | Whether packet filtering is stateless for the rule |
| » machine_auth | boolean | false | none | Whether machine authentication is enabled |
| » providers | sec_policy_rule_sets_put/properties/rules/items/properties/providers | true* | none | Providers |
| » consumers | sec_policy_rule_sets_put/properties/rules/items/properties/consumers | true* | none | Consumers |
| » consuming_security_principals | sec_policy_rule_search_post/properties/consuming_security_principals | false | none | Hrefs of consuming security principals |
| » unscoped_consumers | boolean | false | none | Set the scope for rule consumers to All |
| » update_type | string | false | none | Type of update |
| ip_tables_rules | [object] | false | none | Array of iptables rules in this rule set |
| » href | string | true* | none | URI of object |
| » enabled | boolean | true* | none | Enabled flag |
| » description | string | false | none | Description |
| » statements | [sec_policy_rule_sets_put/properties/ip_tables_rules/items/properties/statements/items] | true* | none | list of the iptables statements in this rule |
| » actors | sec_policy_rule_sets_put/properties/ip_tables_rules/items/properties/actors | true* | none | none |
| » ip_version | string | true* | none | IP version for the rules to be applied to |
Enumerated Values
| Property | Value |
|---|---|
| ip_version | 4 |
| ip_version | 6 |
sec_policy_rule_sets_post
{
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"enabled": true,
"scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"rules": [
{
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true
}
],
"ip_tables_rules": [
{
"enabled": true,
"description": "string",
"statements": [
{
"table_name": "nat",
"chain_name": "PREROUTING",
"parameters": "string"
}
],
"actors": [
{
"actors": "string",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
}
}
],
"ip_version": "4"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | Name (must be unique) |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| enabled | boolean | false | none | Enabled flag |
| scopes | sec_policy_firewall_settings_get/properties/static_policy_scopes | true* | none | Rule set scopes |
| rules | [object] | false | none | Array of sec rules (access rules) in this rule set |
| » enabled | boolean | true* | none | Enabled flag |
| » description | string | false | none | Description |
| » external_data_set | string,null | false | none | External data set identifier |
| » external_data_reference | string,null | false | none | External data reference identifier |
| » ingress_services | sec_policy_rule_sets_put/properties/rules/items/properties/ingress_services | true* | none | Array of service URI and port/protocol combinations |
| » resolve_labels_as | sec_policy_rule_sets_put/properties/rules/items/properties/resolve_labels_as | true* | none | none |
| » sec_connect | boolean | false | none | Whether a secure connection is established |
| » stateless | boolean | false | none | Whether packet filtering is stateless for the rule |
| » machine_auth | boolean | false | none | Whether machine authentication is enabled |
| » providers | sec_policy_rule_sets_put/properties/rules/items/properties/providers | true* | none | Providers |
| » consumers | sec_policy_rule_sets_put/properties/rules/items/properties/consumers | true* | none | Consumers |
| » consuming_security_principals | sec_policy_rule_search_post/properties/consuming_security_principals | false | none | Hrefs of consuming security principals |
| » unscoped_consumers | boolean | false | none | Set the scope for rule consumers to All |
| ip_tables_rules | [object] | false | none | Array of custom iptables rules in this rule set |
| » enabled | boolean | true* | none | Enabled flag |
| » description | string | false | none | Description |
| » statements | [sec_policy_rule_sets_put/properties/ip_tables_rules/items/properties/statements/items] | true* | none | list of the iptables statements in this rule |
| » actors | sec_policy_rule_sets_put/properties/ip_tables_rules/items/properties/actors | true* | none | none |
| » ip_version | string | true* | none | IP version for the rules to be applied to |
Enumerated Values
| Property | Value |
|---|---|
| ip_version | 4 |
| ip_version | 6 |
sec_policy_rule_sets_put
{
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"enabled": true,
"update_type": "create",
"scopes": [
[
{
"label": {
"href": "string"
},
"label_group": {
"href": "string"
}
}
]
],
"rules": [
{}
],
"ip_tables_rules": [
{}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | Name (must be unique) |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| enabled | boolean | false | none | Enabled flag |
| update_type | string | false | none | Type of update |
| scopes | sec_policy_firewall_settings_get/properties/static_policy_scopes | false | none | Rule set scopes |
| rules | [anyOf] | false | none | Array of rules in this rule set |
| » href | string | false | none | URI of Rule |
| » enabled | boolean | false | none | Enabled flag |
| » description | string | false | none | Description |
| » external_data_set | string,null | false | none | External data set identifier |
| » external_data_reference | string | false | none | External data reference identifier |
| » ingress_services | [oneOf] | false | none | Array of service URI and port/protocol combinations |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | sec_policy_dependencies_post/properties/change_subset/properties/virtual_services/items | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » port | integer | false | none | Port number, or the starting port of a range. If unspecified, this will apply to all ports for the given protocol. |
| » to_port | integer | false | none | Upper end of port range; this field should not be included if specifying an individual port. |
| » proto | integer | true* | none | Transport protocol (numeric) |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » resolve_labels_as | object | false | none | none |
| » providers | [string] | true* | none | none |
| » consumers | [string] | true* | none | none |
| » sec_connect | boolean | false | none | Whether a secure connection is established |
| » stateless | boolean | false | none | Whether packet filtering is stateless for the rule |
| » machine_auth | boolean | false | none | Whether machine authentication is enabled |
| » providers | [object] | false | none | Providers |
| » actors | string | false | none | Rule actors are all workloads ('ams') |
| » label | object | false | none | none |
| » href | string | true* | none | Label URI |
| » label_group | object | false | none | none |
| » href | string | true* | none | Label group URI |
| » workload | object | false | none | none |
| » href | string | true* | none | Workload URI |
| » virtual_service | object | false | none | none |
| » href | string | true* | none | Virtual service URI |
| » virtual_server | object | false | none | none |
| » href | string | true* | none | Virtual server URI |
| » ip_list | object | false | none | URI of associated IP List |
| » href | string | true* | none | IP List URI |
| » consumers | [object] | false | none | Consumers |
| » actors | string | false | none | Rule actors are all workloads or container host |
| » label | object | false | none | none |
| » href | string | true* | none | Label URI |
| » label_group | object | false | none | none |
| » href | string | true* | none | Label group URI |
| » workload | object | false | none | none |
| » href | string | true* | none | Workload URI |
| » virtual_service | object | false | none | none |
| » href | string | true* | none | Virtual service URI |
| » ip_list | object | false | none | URI of associated IP List |
| » href | string | true* | none | IP List URI |
| » consuming_security_principals | sec_policy_rule_search_post/properties/consuming_security_principals | false | none | Hrefs of consuming security principals |
| » update_type | string | false | none | Type of update |
| » unscoped_consumers | boolean | false | none | Set the scope for rule consumers to All |
anyOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » ip_tables_rules | [anyOf] | false | none | Array of iptables rules in this ruleset |
| » href | string | false | none | URI of Rule |
| » enabled | boolean | false | none | Enabled flag |
| » description | string | false | none | Description |
| » statements | [object] | false | none | list of the iptables statements in this rule |
| » table_name | string | true* | none | name of the iptables table for this rule |
| » chain_name | string | true* | none | name of the iptables chain for this rule |
| » parameters | string | true* | none | the remainder of the iptables rules (excluding table/chain) |
| » actors | [object] | false | none | none |
| » actors | string | false | none | Rule Actors are all workloads ('ams') |
| » label | object | false | none | none |
| » href | string | true* | none | Label URI |
| » label_group | object | false | none | none |
| » href | string | true* | none | Label group URI |
| » workload | object | false | none | none |
| » href | string | true* | none | Workload URI |
| » ip_version | string | false | none | IP version for the rules to be applied to |
| » update_type | string | false | none | Type of update |
anyOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| update_type | create |
| update_type | update |
| update_type | delete |
| proto | 6 |
| proto | 17 |
| actors | ams |
| actors | ams |
| actors | container_host |
| update_type | create |
| update_type | update |
| update_type | delete |
| table_name | nat |
| table_name | mangle |
| table_name | filter |
| chain_name | PREROUTING |
| chain_name | INPUT |
| chain_name | OUTPUT |
| chain_name | FORWARD |
| chain_name | POSTROUTING |
| ip_version | 4 |
| ip_version | 6 |
| update_type | create |
| update_type | update |
| update_type | delete |
sec_policy_rule_sets_sec_rules_get
{
"href": "string",
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true,
"update_type": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of object |
| enabled | boolean | true* | none | Enabled flag |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| ingress_services | sec_policy_rule_sets_put/properties/rules/items/properties/ingress_services | true* | none | Array of service URI and port/protocol combinations |
| resolve_labels_as | sec_policy_rule_sets_put/properties/rules/items/properties/resolve_labels_as | true* | none | none |
| sec_connect | boolean | false | none | Whether a secure connection is established |
| stateless | boolean | false | none | Whether packet filtering is stateless for the rule |
| machine_auth | boolean | false | none | Whether machine authentication is enabled |
| providers | sec_policy_rule_sets_put/properties/rules/items/properties/providers | true* | none | Providers |
| consumers | sec_policy_rule_sets_put/properties/rules/items/properties/consumers | true* | none | Consumers |
| consuming_security_principals | sec_policy_rule_search_post/properties/consuming_security_principals | false | none | Hrefs of consuming security principals |
| unscoped_consumers | boolean | false | none | Set the scope for rule consumers to All |
| update_type | string | false | none | Type of update |
sec_policy_rule_sets_sec_rules_post
{
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"unscoped_consumers": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| enabled | boolean | true* | none | Enabled flag |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| ingress_services | sec_policy_rule_sets_put/properties/rules/items/properties/ingress_services | true* | none | Array of service URI and port/protocol combinations |
| resolve_labels_as | sec_policy_rule_sets_put/properties/rules/items/properties/resolve_labels_as | true* | none | none |
| sec_connect | boolean | false | none | Whether a secure connection is established |
| stateless | boolean | false | none | Whether packet filtering is stateless for the rule |
| machine_auth | boolean | false | none | Whether machine authentication is enabled |
| providers | sec_policy_rule_sets_put/properties/rules/items/properties/providers | true* | none | Providers |
| consumers | sec_policy_rule_sets_put/properties/rules/items/properties/consumers | true* | none | Consumers |
| consuming_security_principals | sec_policy_rule_search_post/properties/consuming_security_principals | false | none | Hrefs of consuming security principals |
| unscoped_consumers | boolean | false | none | Set the scope for rule consumers to All |
sec_policy_rule_sets_sec_rules_put
{
"enabled": true,
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"ingress_services": [
{
"href": "string"
}
],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
},
"sec_connect": true,
"stateless": true,
"machine_auth": true,
"providers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"virtual_server": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consumers": [
{
"actors": "ams",
"label": {
"href": "string"
},
"label_group": {
"href": "string"
},
"workload": {
"href": "string"
},
"virtual_service": {
"href": "string"
},
"ip_list": {
"href": "string"
}
}
],
"consuming_security_principals": [
{
"href": "string"
}
],
"update_type": "create",
"unscoped_consumers": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| enabled | boolean | false | none | Enabled flag |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| ingress_services | sec_policy_rule_sets_put/properties/rules/items/properties/ingress_services | false | none | Array of service URI and port/protocol combinations |
| resolve_labels_as | sec_policy_rule_sets_put/properties/rules/items/properties/resolve_labels_as | false | none | none |
| sec_connect | boolean | false | none | Whether a secure connection is established |
| stateless | boolean | false | none | Whether packet filtering is stateless for the rule |
| machine_auth | boolean | false | none | Whether machine authentication is enabled |
| providers | sec_policy_rule_sets_put/properties/rules/items/properties/providers | false | none | Providers |
| consumers | sec_policy_rule_sets_put/properties/rules/items/properties/consumers | false | none | Consumers |
| consuming_security_principals | sec_policy_rule_search_post/properties/consuming_security_principals | false | none | Hrefs of consuming security principals |
| update_type | string | false | none | Type of update |
| unscoped_consumers | boolean | false | none | Set the scope for rule consumers to All |
Enumerated Values
| Property | Value |
|---|---|
| update_type | create |
| update_type | update |
| update_type | delete |
sec_policy_services_get
{
"href": "string",
"name": "string",
"description": "string",
"description_url": "string",
"process_name": "string",
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"windows_services": [
{
"service_name": "string",
"process_name": "string",
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"external_data_set": null,
"external_data_reference": null,
"created_at": "2020-08-19T21:34:27Z",
"updated_at": "2020-08-19T21:34:27Z",
"deleted_at": "2020-08-19T21:34:27Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"update_type": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of the service |
| name | string | true* | none | Name (does not need to be unique) |
| description | string | false | none | Description |
| description_url | string | false | none | Description URL Read-only to prevent XSS attacks |
| process_name | string | false | none | The process name |
| service_ports | [object] | false | none | Service ports |
| » port | integer | false | none | Port Number (integer 1-65535). If not provided and proto needs ports it defaults to any.Also the starting port when specifying a range. |
| » to_port | integer | false | none | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | workloads_get/properties/services/properties/open_service_ports/items/properties/protocol | true* | none | Transport protocol |
| » icmp_type | integer | false | none | ICMP Type (integer 0-255 for icmp protocol) |
| » icmp_code | integer | false | none | ICMP Code (integer 0-15 for icmp protocol) |
| windows_services | [sec_policy_rule_search_post/properties/ingress_services/items/oneOf/1] | false | none | Windows services |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| created_at | string(date-time) | false | none | Time stamp when this Service was first created |
| updated_at | string(date-time) | false | none | Time stamp when this Service was last updated |
| deleted_at | string(date-time) | false | none | Time stamp when this Service was deleted |
| created_by | object | false | none | none |
| » href | string | true* | none | User who originally created this Service |
| updated_by | object | false | none | none |
| » href | string | true* | none | User who last updated this Service |
| deleted_by | object | false | none | none |
| » href | string | true* | none | User who deleted this Service |
| update_type | string | true* | none | Type of update |
sec_policy_services_post
{
"name": "string",
"description": "string",
"process_name": "string",
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"windows_services": [
{
"service_name": "string",
"process_name": "string",
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"external_data_set": null,
"external_data_reference": null
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | Name (does not need to be unique) |
| description | string | false | none | Description |
| process_name | string | false | none | The process name |
| service_ports | sec_policy_services_get/properties/service_ports | false | none | Service ports |
| windows_services | sec_policy_services_get/properties/windows_services | false | none | Windows services |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
sec_policy_services_put
{
"name": "string",
"description": "string",
"process_name": "string",
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"windows_services": [
{
"service_name": "string",
"process_name": "string",
"port": 0,
"to_port": 0,
"proto": 0,
"icmp_type": 0,
"icmp_code": 0
}
],
"external_data_set": null,
"external_data_reference": null
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | Name (does not need to be unique) |
| description | string | false | none | Description |
| process_name | string | false | none | The process name |
| service_ports | sec_policy_services_get/properties/service_ports | false | none | Service ports |
| windows_services | sec_policy_services_get/properties/windows_services | false | none | Windows services |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
sec_policy_virtual_services_bulk_create_put
[
{}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | Name |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| labels | container_clusters_container_workload_profiles_get/properties/assign_labels | false | none | Assigned labels |
| service_ports | sec_policy_virtual_services_bulk_update_put/items/properties/service_ports | false | none | Service ports |
| service | object | false | none | URI of associated service |
| apply_to | string | false | none | Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network |
| ip_overrides | [string] | false | none | Array of IPs or CIDRs as IP overrides |
| service_addresses | sec_policy_virtual_services_bulk_update_put/items/properties/service_addresses | false | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| apply_to | host_only |
| apply_to | internal_bridge_network |
sec_policy_virtual_services_bulk_update_put
[
{
"href": "string",
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"labels": [
{
"href": "string"
}
],
"service": {},
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0
}
],
"apply_to": "host_only",
"ip_overrides": [
"string"
],
"service_addresses": [
{}
]
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | Virtual Service URI |
| name | string | false | none | Name |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| labels | container_clusters_container_workload_profiles_get/properties/assign_labels | false | none | Assigned labels |
| service | object | false | none | URI of associated service |
| service_ports | [object] | false | none | Service ports |
| » port | integer | false | none | Port Number (integer 0-65535 or -1 for any port). Also the startng port when specifying a range. |
| » to_port | integer | false | none | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | workloads_get/properties/services/properties/open_service_ports/items/properties/protocol | true* | none | Transport protocol |
| apply_to | string | false | none | Firewall rule target for workloads bound to this bound service: host_only or internal_bridge_network |
| ip_overrides | [string] | false | none | Array of IPs or CIDRs as IP overrides |
| service_addresses | [oneOf] | false | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » ip | string | true* | none | IP address to assign to the virtual service |
| » network | object | false | none | none |
| » href | string | true* | none | Network URI for this IP address |
| » port | integer | false | none | Port associated with the IP address for the service (1-65535 integer) |
anyOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » fqdn | string | true* | none | FQDN to assign to the virtual service |
| » description | string | false | none | none |
| » port | integer | false | none | Port associated with the FQDN for the service |
Enumerated Values
| Property | Value |
|---|---|
| apply_to | host_only |
| apply_to | internal_bridge_network |
sec_policy_virtual_services_get
{}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | URI of the virtual service |
| created_at | string(date-time) | true* | none | Timestamp when this virtual service was first created |
| updated_at | string(date-time) | true* | none | Timestamp when this virtual service was last updated |
| deleted_at | string,null(date-time) | true* | none | Timestamp when this virtual service was deleted |
| created_by | object | false | none | none |
| » href | string | true* | none | User who originally created this virtual service |
| updated_by | object | false | none | none |
| » href | string | true* | none | User who last updated this virtual service |
| deleted_by | object,null | false | none | none |
| » href | string | true* | none | User who deleted this virtual service |
| update_type | string | false | none | Type of update |
| name | string | true* | none | Name |
| description | string,null | true* | none | Description |
| pce_fqdn | string | false | none | PCE FQDN for this container cluster. Used in Supercluster only |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| labels | container_clusters_container_workload_profiles_get/properties/assign_labels | true* | none | Assigned labels |
| service_ports | sec_policy_virtual_services_bulk_update_put/items/properties/service_ports | false | none | Service ports |
| service | object | false | none | URI of associated service |
| apply_to | string | false | none | Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network |
| ip_overrides | [string] | false | none | Array of IPs or CIDRs as IP overrides |
| service_addresses | sec_policy_virtual_services_bulk_update_put/items/properties/service_addresses | false | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
sec_policy_virtual_services_post
{}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | Name |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| labels | container_clusters_container_workload_profiles_get/properties/assign_labels | false | none | Assigned labels |
| service_ports | sec_policy_virtual_services_bulk_update_put/items/properties/service_ports | false | none | Service ports |
| service | object | false | none | URI of associated service |
| apply_to | string | false | none | Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network |
| ip_overrides | [string] | false | none | Array of IPs or CIDRs as IP overrides |
| service_addresses | sec_policy_virtual_services_bulk_update_put/items/properties/service_addresses | false | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| apply_to | host_only |
| apply_to | internal_bridge_network |
sec_policy_virtual_services_put
{
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"labels": [
{
"href": "string"
}
],
"service_ports": [
{
"port": 0,
"to_port": 0,
"proto": 0
}
],
"service": {},
"apply_to": "host_only",
"ip_overrides": [
"string"
],
"service_addresses": [
{}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | Name |
| description | string | false | none | Description |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| labels | container_clusters_container_workload_profiles_get/properties/assign_labels | false | none | Assigned labels |
| service_ports | sec_policy_virtual_services_bulk_update_put/items/properties/service_ports | false | none | Service ports |
| service | object | false | none | URI of associated service |
| apply_to | string | false | none | Firewall rule target for workloads bound to this virtual service: host_only or internal_bridge_network |
| ip_overrides | [string] | false | none | Array of IPs or CIDRs as IP overrides |
| service_addresses | sec_policy_virtual_services_bulk_update_put/items/properties/service_addresses | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| apply_to | host_only |
| apply_to | internal_bridge_network |
security_principals_bulk_create_put
[
{
"sid": "string",
"name": "string",
"description": "string"
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| sid | string | true* | none | Active Directory SID (or any other unique identifier) |
| name | string | true* | none | Name of the security principal |
| description | string | false | none | A longer description of the security principal |
security_principals_get
{
"sid": "string",
"name": "string",
"description": "string"
}
Properties
None
security_principals_post
{
"sid": "string",
"name": "string",
"description": "string"
}
Properties
None
security_principals_put
{
"name": "string",
"description": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | Name of the security principal |
| description | string | false | none | A longer description of the security principal |
settings_events_get
{
"audit_event_retention_seconds": 0,
"audit_event_min_severity": "error",
"format": "string"
}
Org-based event setting
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| audit_event_retention_seconds | integer | true* | none | The time in seconds an audit event is stored in the database |
| audit_event_min_severity | string | true* | none | Minimum severity level of audit event messages. |
| format | string | true* | none | The log format (JSON, CEF, LEEF), which applies to all remote syslog destinations |
Enumerated Values
| Property | Value |
|---|---|
| audit_event_min_severity | error |
| audit_event_min_severity | warning |
| audit_event_min_severity | informational |
settings_events_put
{
"audit_event_retention_seconds": 86400,
"audit_event_min_severity": "error",
"format": "JSON"
}
Org-based event setting
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| audit_event_retention_seconds | integer | false | none | The time in seconds an audit event is stored in the database |
| audit_event_min_severity | settings_events_get/properties/audit_event_min_severity | false | none | Minimum severity level of audit event messages. |
| format | string | false | none | The log format (JSON, CEF, LEEF), which applies to all syslog destinations |
Enumerated Values
| Property | Value |
|---|---|
| format | JSON |
| format | CEF |
| format | LEEF |
settings_syslog_destinations_get
[
{
"href": "string",
"pce_scope": [
"string"
],
"type": "string",
"description": "string",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": true,
"min_severity": "error"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address": "string",
"port": 0,
"protocol": 0,
"tls_enabled": true,
"tls_ca_bundle": "string",
"tls_verify_cert": true
}
}
]
List of destinations
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | URI of the destination |
| pce_scope | [string] | true* | none | none |
| type | string | true* | none | Destination type |
| description | string | true* | none | Description of the destination |
| audit_event_logger | object | true* | none | none |
| » configuration_event_included | boolean | true* | none | Configuration (Northbound) auditable events |
| » system_event_included | boolean | true* | none | System (PCE) auditable events |
| » min_severity | settings_events_get/properties/audit_event_min_severity | true* | none | Minimum severity level of audit event messages. |
| traffic_event_logger | object | true* | none | none |
| » traffic_flow_allowed_event_included | boolean | true* | none | Set to enable traffic flow events |
| » traffic_flow_potentially_blocked_event_included | boolean | true* | none | Set to enable traffic flow events |
| » traffic_flow_blocked_event_included | boolean | true* | none | Set to enable traffic flow events |
| node_status_logger | object | true* | none | none |
| » node_status_included | boolean | true* | none | Syslog messages regarding status of the nodes |
| remote_syslog | object | false | none | none |
| » address | string | true* | none | The remote syslog IP or DNS address |
| » port | integer | true* | none | The remote syslog port |
| » protocol | integer | true* | none | The protocol for streaming syslog messages |
| » tls_enabled | boolean | true* | none | To enable TLS |
| » tls_ca_bundle | string | false | none | Trustee CA bundle |
| » tls_verify_cert | boolean | true* | none | Perform TLS verification |
settings_syslog_destinations_post
{
"pce_scope": [
"string"
],
"type": "local_syslog",
"description": "string",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": true,
"min_severity": "error"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address": "string",
"port": 0,
"protocol": 0,
"tls_enabled": true,
"tls_ca_bundle": "string",
"tls_verify_cert": true
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| pce_scope | [string] | true* | none | none |
| type | string | true* | none | Destination type |
| description | string | true* | none | Description of the destination |
| audit_event_logger | object | true* | none | none |
| » configuration_event_included | boolean | true* | none | Configuration (Northbound) auditable events |
| » system_event_included | boolean | true* | none | System (PCE) auditable events |
| » min_severity | settings_events_get/properties/audit_event_min_severity | true* | none | Minimum severity level of audit event messages. |
| traffic_event_logger | object | true* | none | none |
| » traffic_flow_allowed_event_included | boolean | true* | none | Set to enable traffic flow events |
| » traffic_flow_potentially_blocked_event_included | boolean | true* | none | Set to enable traffic flow events |
| » traffic_flow_blocked_event_included | boolean | true* | none | Set to enable traffic flow events |
| node_status_logger | object | true* | none | none |
| » node_status_included | boolean | true* | none | Syslog messages regarding status of the nodes |
| remote_syslog | object | false | none | none |
| » address | string | true* | none | The remote syslog IP or DNS address |
| » port | integer | true* | none | The remote syslog port |
| » protocol | integer | true* | none | The protocol for streaming syslog messages |
| » tls_enabled | boolean | true* | none | To enable TLS |
| » tls_ca_bundle | string | false | none | Trustee CA bundle |
| » tls_verify_cert | boolean | true* | none | Perform TLS verification |
Enumerated Values
| Property | Value |
|---|---|
| type | local_syslog |
| type | remote_syslog |
settings_syslog_destinations_put
{
"href": "string",
"pce_scope": [
"string"
],
"type": "local_syslog",
"description": "string",
"audit_event_logger": {
"configuration_event_included": true,
"system_event_included": true,
"min_severity": "error"
},
"traffic_event_logger": {
"traffic_flow_allowed_event_included": true,
"traffic_flow_potentially_blocked_event_included": true,
"traffic_flow_blocked_event_included": true
},
"node_status_logger": {
"node_status_included": true
},
"remote_syslog": {
"address": "string",
"port": 0,
"protocol": 0,
"tls_enabled": true,
"tls_ca_bundle": "string",
"tls_verify_cert": true
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of the destination |
| pce_scope | [string] | false | none | none |
| type | string | false | none | Destination type |
| description | string | false | none | Description of the destination |
| audit_event_logger | object | false | none | none |
| » configuration_event_included | boolean | false | none | Configuration (Northbound) auditable events |
| » system_event_included | boolean | false | none | System (PCE) auditable events |
| » min_severity | settings_events_get/properties/audit_event_min_severity | false | none | Minimum severity level of audit event messages. |
| traffic_event_logger | object | false | none | none |
| » traffic_flow_allowed_event_included | boolean | false | none | Set to enable traffic flow events |
| » traffic_flow_potentially_blocked_event_included | boolean | false | none | Set to enable traffic flow events |
| » traffic_flow_blocked_event_included | boolean | false | none | Set to enable traffic flow events |
| node_status_logger | object | false | none | none |
| » node_status_included | boolean | false | none | Syslog messages regarding status of the nodes |
| remote_syslog | object | false | none | none |
| » address | string | false | none | The remote syslog IP or DNS address |
| » port | integer | false | none | The remote syslog port |
| » protocol | integer | false | none | The protocol for streaming syslog messages |
| » tls_enabled | boolean | false | none | To enable TLS |
| » tls_ca_bundle | string | false | none | Trustee CA bundle |
| » tls_verify_cert | boolean | false | none | Perform TLS verification |
Enumerated Values
| Property | Value |
|---|---|
| type | local_syslog |
| type | remote_syslog |
settings_traffic_collector_get
{
"href": "string",
"transmission": "string",
"target": {
"dst_port": 0,
"proto": 0,
"dst_ip": "string"
},
"action": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | URI of the destination |
| transmission | string | true* | none | transmission type: broadcast/multicast |
| target | object | false | none | none |
| » dst_port | integer | false | none | none |
| » proto | integer | true* | none | none |
| » dst_ip | string | false | none | single ip address or CIDR |
| action | string | true* | none | drop or aggregate the target traffic |
settings_traffic_collector_post
{
"transmission": "broadcast",
"target": {
"dst_port": 0,
"proto": 0,
"dst_ip": "string"
},
"action": "drop"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| transmission | string | true* | none | transmission type: broadcast/multicast |
| target | object | false | none | none |
| » dst_port | integer | false | none | none |
| » proto | integer | true* | none | none |
| » dst_ip | string | false | none | single ip address or CIDR |
| action | string | true* | none | drop or aggregate the target traffic |
Enumerated Values
| Property | Value |
|---|---|
| transmission | broadcast |
| transmission | multicast |
| action | drop |
| action | aggregate |
settings_traffic_collector_put
{
"transmission": "broadcast",
"target": {
"dst_port": null,
"proto": 0,
"dst_ip": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| transmission | string | false | none | transmission type: broadcast/multicast |
| target | object | false | none | none |
| » dst_port | integer,null | false | none | none |
| » proto | integer | false | none | none |
| » dst_ip | string | false | none | single ip address or CIDR |
Enumerated Values
| Property | Value |
|---|---|
| transmission | broadcast |
| transmission | multicast |
settings_workloads_get
{
"workload_disconnected_timeout_seconds": [
{
"scope": [
{
"href": "string"
}
],
"value": -1
}
],
"workload_goodbye_timeout_seconds": [
{
"scope": [
{
"href": "string"
}
],
"value": -1
}
]
}
Workload setting properties
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| workload_disconnected_timeout_seconds | [object] | true* | none | none |
| » scope | agents_get/properties/labels | true* | none | Assigned labels |
| » value | integer | true* | none | Property value associated with the scope |
| workload_goodbye_timeout_seconds | settings_workloads_get/properties/workload_disconnected_timeout_seconds | true* | none | none |
settings_workloads_put
{
"workload_disconnected_timeout_seconds": [
{
"scope": [
{
"href": "string"
}
],
"value": -1
}
],
"workload_goodbye_timeout_seconds": [
{
"scope": [
{
"href": "string"
}
],
"value": -1
}
]
}
Workload setting properties
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| workload_disconnected_timeout_seconds | settings_workloads_get/properties/workload_disconnected_timeout_seconds | false | none | none |
| workload_goodbye_timeout_seconds | settings_workloads_get/properties/workload_disconnected_timeout_seconds | false | none | none |
system_events_get
{
"href": "string",
"org_id": 0,
"version": "string",
"event_id": "string",
"event_type": "string",
"status": "string",
"severity": "string",
"timestamp": "2020-08-19T21:34:27Z",
"pce_fqdn": "string",
"created_by": null,
"action": {
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:27Z",
"pce_fqdn": "string",
"created_by": null,
"event_type": "string",
"status": "string",
"severity": "string",
"task_name": "string",
"api_endpoint": "string",
"api_method": "string",
"http_status_code": 0,
"src_ip": "string",
"errors": [
{
"token": "string",
"message": "string"
}
],
"info": {}
},
"resource_changes": [
{
"href": "string",
"version": "string",
"org_id": 0,
"uuid": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:27Z",
"pce_fqdn": "string",
"created_by": null,
"resource": null,
"changes": {},
"change_type": "string"
}
],
"notifications": [
{
"href": "string",
"event": "string",
"timestamp": "2020-08-19T21:34:27Z",
"pce_fqdn": "string",
"created_by": null,
"notification_type": "string",
"severity": "err",
"info": {}
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | Unique href for this event, which can be used for event lookup via the events API |
| org_id | integer | false | none | org_id for this event. |
| version | string | false | none | The event version of this event for the category it falls under |
| event_id | string | false | none | Unique request/transaction identifier of the API request / context from which this event was generated |
| event_type | string | true* | none | Event name that clearly describes the event |
| status | string | true* | none | Status of the event; usually a mapping of api_status_code to a generic result string; nil if no action. For presentation purposes only. |
| severity | string | true* | none | This event's level of importance |
| timestamp | string(date-time) | true* | none | RFC 3339 timestamp at which this event was originally created |
| pce_fqdn | string | true* | none | Fully qualified domain name of the PCE, where this event originated |
| created_by | object | true* | none | The entity responsible for the creation of this event |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | any | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| action | events_get/properties/action | false | none | none |
| resource_changes | [events_get/properties/resource_changes/items] | false | none | Array of resource log events that were generated during this event |
| notifications | [events_get/properties/notifications/items] | false | none | Array of notification log events that were generated during this event |
traffic_flows_traffic_analysis_queries_post
{
"start_date": "2020-08-19",
"end_date": "2020-08-19",
"sources_destinations_query_op": "and",
"sources": {
"include": [
[
{
"label": {
"href": "string"
}
}
]
],
"exclude": [
{
"label": {
"href": "string"
}
}
]
},
"destinations": {
"include": [
[
{
"label": {
"href": "string"
}
}
]
],
"exclude": [
{
"label": {
"href": "string"
}
}
]
},
"services": {
"include": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"process_name": "string",
"windows_service_name": "string"
}
],
"exclude": [
{
"port": 0,
"to_port": 0,
"proto": 0,
"process_name": "string",
"windows_service_name": "string"
}
]
},
"policy_decisions": [
"allowed"
],
"max_results": 0,
"exclude_workloads_from_ip_list_query": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| start_date | string(date) | false | none | Starting date for query |
| end_date | string(date) | false | none | Ending date for query |
| sources_destinations_query_op | string | false | none | Query logical operator between sources and destinations |
| sources | object | true* | none | Source labels, workloads, IP addresses to include or exclude |
| » include | [array] | true* | none | List of included sources or targets |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | A label parameter for a traffic query |
| » label | object | true* | none | none |
| » href | string | true* | none | Label URI |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | A workload parameter for a traffic query |
| » workload | object | true* | none | none |
| » href | string | true* | none | Workload URI |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | An IP address parameter for a traffic query |
| » ip_address | string | true* | none | IP address value |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | An IP List parameter for a traffic query |
| » ip_list | object | true* | none | none |
| » href | string | true* | none | IP List draft URI |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » exclude | [anyOf] | true* | none | List of excluded sources or targets |
anyOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/0 | false | none | A label parameter for a traffic query |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/1 | false | none | A workload parameter for a traffic query |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/2 | false | none | An IP address parameter for a traffic query |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/3 | false | none | An IP List parameter for a traffic query |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » destinations | object | true* | none | Target labels, workloads, IP addresses, domain names, transmission to include or exclude |
| » include | [array] | true* | none | List of included sources or targets |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/0 | false | none | A label parameter for a traffic query |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/1 | false | none | A workload parameter for a traffic query |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/2 | false | none | An IP address parameter for a traffic query |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | An DNS parameter for a traffic query |
| » fqdn | string | true* | none | parameter for querying the matched fqdn |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/3 | false | none | An IP List parameter for a traffic query |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » exclude | [anyOf] | true* | none | List of excluded sources or targets |
anyOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/0 | false | none | A label parameter for a traffic query |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/1 | false | none | A workload parameter for a traffic query |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/2 | false | none | An IP address parameter for a traffic query |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/destinations/properties/include/items/items/oneOf/3 | false | none | An DNS parameter for a traffic query |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | Parameter representing broadcast/multiccast |
| » transmission | string | true* | none | transmission type |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | traffic_flows_traffic_analysis_queries_post/properties/sources/properties/include/items/items/oneOf/3 | false | none | An IP List parameter for a traffic query |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » services | object | true* | none | Services (5-tuple of port/to_port/proto/process/service) to include or exclude |
| » include | [object] | true* | none | List of included services (5-tuple of port/to_port/proto/process/service) |
| » port | integer | false | none | Port Number (integer 0-65535). Also the starting port when specifying a range. |
| » to_port | integer | false | none | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | integer | false | none | protocol number |
| » process_name | string | false | none | Process Name |
| » windows_service_name | string | false | none | Windows Service Name |
| » exclude | [object] | true* | none | List of excluded services (5-tuple of port/to_port/proto/process/service) |
| » port | integer | false | none | Port Number (integer 0-65535). Also the starting port when specifying a range. |
| » to_port | integer | false | none | High end of port range inclusive if specifying a range. If not specifying a range then don't send this. |
| » proto | integer | false | none | protocol number |
| » process_name | string | false | none | Process Name |
| » windows_service_name | string | false | none | Windows Service Name |
| » policy_decisions | [string] | true* | none | List of policy decisions |
| » max_results | integer | false | none | maximum number of flows to return |
| » exclude_workloads_from_ip_list_query | boolean | false | none | exclude workload traffic when IP List is provided either in consumer or provider part of traffic query |
Enumerated Values
| Property | Value |
|---|---|
| sources_destinations_query_op | and |
| sources_destinations_query_op | or |
| transmission | broadcast |
| transmission | multicast |
| transmission | unicast |
users_api_keys_get
{
"key_id": "string",
"auth_username": "string",
"created_at": "2020-08-19T21:34:27Z",
"name": "string",
"description": "string",
"href": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| key_id | string | true* | none | The key ID |
| auth_username | string | true* | none | Username required for authentication |
| created_at | string(date-time) | true* | none | Timestamp when this key was first created (RFC 3339) |
| name | string | true* | none | The key name - just a label to be used |
| description | string | false | none | The description of the key |
| href | string | true* | none | URI of the key |
users_api_keys_post
{
"name": "string",
"description": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | The key name - just a label to be used |
| description | string | false | none | The description of the key |
users_api_keys_put
{
"name": "string",
"description": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | The key name - just a label to be used |
| description | string | false | none | The description of the key |
users_get
{
"href": "string",
"username": "string",
"last_login_on": "string",
"last_login_ip_address": "string",
"login_count": 0,
"full_name": "string",
"time_zone": "string",
"locked": true,
"effective_groups": [
"string"
],
"local_profile": {},
"updated_at": "2020-08-19T21:34:27Z",
"created_at": "2020-08-19T21:34:27Z",
"type": "string",
"presence_status": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | URI of the user |
| username | string | true* | none | The User name as an email address |
| last_login_on | string | true* | none | This is populated automatically after a login |
| last_login_ip_address | string | true* | none | This is populated automatically after a login |
| login_count | integer | true* | none | Number of times this user logged in |
| full_name | string | true* | none | User's full name |
| time_zone | string | true* | none | Time Zone IANA Region Name |
| locked | boolean | false | none | Flag to indicate whether account is locked |
| effective_groups | [string] | false | none | List of group names the user is a member of |
| local_profile | object | false | none | Local user profile |
| updated_at | string(date-time) | true* | none | Timestamp when this user was last updated |
| created_at | string(date-time) | true* | none | Timestamp when this user was first created |
| type | string | true* | none | User's type, i.e. user authenticated local or remotely via SAML |
| presence_status | string | false | none | Status of the user |
users_local_profile_password_put
{
"current_password": "string",
"new_password": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| current_password | string | true* | none | current password |
| new_password | string | true* | none | new password |
users_local_profile_post
{
"locked": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| locked | boolean | false | none | Flag to indicate if account is locked |
users_local_profile_reinvite_put
{}
Reinvite a local user
Properties
None
users_login_get
{
"href": "string",
"auth_username": "string",
"session_token": "string",
"inactivity_expiration_minutes": 0,
"last_login_on": "2020-08-19T21:34:27Z",
"last_login_ip_address": "string",
"full_name": "string",
"type": "string",
"time_zone": "string",
"product_version": {
"product_version": {
"version": "string",
"build": 0,
"release_info": "string",
"engineering_info": "string",
"long_display": "string",
"short_display": "string"
}
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | User URI |
| auth_username | string | true* | none | Username required for authentication |
| session_token | string | true* | none | A token used in place of a password for all REST API calls for this user - it is only valid for the IP the login was called from |
| inactivity_expiration_minutes | integer | true* | none | How long this token will remain active if not used. It will last for at least this long. |
| last_login_on | string(date-time) | false | none | Last time the user logged in |
| last_login_ip_address | string | false | none | Last IP the user logged in from |
| full_name | string | true* | none | User's full name |
| type | string | true* | none | User's type, i.e. user authenticated local or remotely via SAML |
| time_zone | string | false | none | The time zone setting for this user |
| product_version | product_version_get | true* | none | none |
users_logout_put
{}
Properties
None
users_post
{
"username": "user@example.com",
"full_name": "string",
"time_zone": "string",
"type": "local"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| username | string(email) | true* | none | username is an email address e.g. user@example.com |
| full_name | string | false | none | User's full name |
| time_zone | string | false | none | Time Zone IANA Region Name |
| type | string | true* | none | User's type, i.e. user authenticated local or remotely via SAML |
Enumerated Values
| Property | Value |
|---|---|
| type | local |
users_put
{
"full_name": "string",
"time_zone": "string",
"locked": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| full_name | string | false | none | User's full name |
| time_zone | string | false | none | Time Zone IANA Region Name |
| locked | boolean | false | none | Flag to indicate whether account is locked |
vens_get
{
"href": "string",
"name": "string",
"description": "string",
"hostname": "string",
"uid": "string",
"os_id": "string",
"os_detail": "string",
"version": "string",
"status": "string",
"activation_type": "string",
"active_pce_fqdn": "string",
"target_pce_fqdn": "string",
"labels": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"interfaces": [
{
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
}
],
"workloads": [
{
"href": "string",
"name": "string",
"hostname": "string",
"os_id": "string",
"os_detail": "string",
"labels": [
{
"href": "string",
"key": "string",
"value": "string"
}
],
"public_ip": "string",
"interfaces": [
{
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
}
],
"security_policy_applied_at": "2020-08-19T21:34:27Z",
"security_policy_received_at": "2020-08-19T21:34:27Z",
"log_traffic": true,
"mode": "idle",
"visibility_level": "string",
"online": true
}
],
"container_cluster": {
"href": "string",
"name": "string"
},
"secure_connect": {
"matching_issuer_name": "string"
},
"last_heartbeat_at": null,
"last_goodbye_at": "2020-08-19T21:34:27Z",
"created_at": "2020-08-19T21:34:27Z",
"created_by": {
"href": "string"
},
"updated_at": "2020-08-19T21:34:27Z",
"updated_by": {
"href": "string"
},
"conditions": [
{
"first_reported_timestamp": "2020-08-19T21:34:27Z",
"latest_event": {
"notification_type": "string",
"severity": "error",
"href": "string",
"info": {},
"timestamp": "2020-08-19T21:34:27Z"
}
}
],
"caps": [
"string"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of VEN |
| name | string | false | none | Friendly name for the VEN |
| description | string | false | none | The description of the VEN |
| hostname | string | false | none | The hostname of the host managed by the VEN |
| uid | string | false | none | The unique ID of the host managed by the VEN |
| os_id | string | false | none | OS identifier of the host managed by the VEN |
| os_detail | string | false | none | Additional OS details from the host managed by the VEN |
| version | string | false | none | Software version of the VEN |
| status | string | false | none | Status of the VEN |
| activation_type | string | false | none | The method by which the VEN was activated |
| active_pce_fqdn | string | false | none | The FQDN of the PCE that the VEN last connected to |
| target_pce_fqdn | string | false | none | The FQDN of the PCE that the VEN will use for future connections |
| labels | [object] | false | none | Labels assigned to the host managed by the VEN. |
| » href | string | true* | none | Label URI |
| » key | string | false | none | Key of the label, only present in expanded representations. |
| » value | string | false | none | Value of the label, only present in expanded representations. |
| interfaces | [object] | false | none | Network interfaces of the host managed by the VEN. |
| » name | string | true* | none | Interface name |
| » link_state | string | true* | none | Link State |
| » address | string | true* | none | The IP Address to assign to this interface |
| » cidr_block | integer | true* | none | The number of bits in the subnet /24 is 255.255.255.0 |
| » default_gateway_address | string | true* | none | The IP Address of the default gateway |
| » network | workloads_interfaces_get/properties/network | false | none | Network that the interface belongs to |
| » network_detection_mode | string | true* | none | Network Detection Mode |
| » friendly_name | string | true* | none | User-friendly name for interface |
| workloads | [object] | false | none | none |
| » href | string | true* | none | Workload URI |
| » name | string | false | none | The short friendly name of the workload, only present in expanded representations. |
| » hostname | string | false | none | The hostname of the workload, only present in expanded representations. |
| » os_id | string | false | none | OS identifier for the workload, only present in expanded representations. |
| » os_detail | string | false | none | Additional OS details, only present in expanded representations. |
| » labels | [object] | false | none | Labels assigned to the workload., only present in expanded representations. |
| » href | string | false | none | Label URI |
| » key | string | false | none | Key of the label |
| » value | string | false | none | Value of the label |
| » public_ip | string | false | none | The public IP of the server, only present in expanded representations. |
| » interfaces | [vens_get/properties/interfaces/items] | false | none | Network interfaces of the workload, only present in expanded representations. |
| » security_policy_applied_at | string(date-time) | false | none | Last reported time when policy was applied to the workload (UTC), only present in expanded representations. |
| » security_policy_received_at | string(date-time) | false | none | Last reported time when policy was received by the workload (UTC), only present in expanded representations. |
| » log_traffic | boolean | false | none | True if we want to log traffic events from this workload, only present in expanded representations. |
| » mode | agents_get/properties/mode | false | none | Agent management mode |
| » visibility_level | string | false | none | Visibility level of the workload, only present in expanded representations. |
| » online | boolean | false | none | If this workload is online and present in policy, only present in expanded representations. |
| container_cluster | object | false | none | none |
| » href | string | true* | none | The URI of the container cluster managed by this VEN |
| » name | string | false | none | The name of the container cluster managed by this VEN, only present in expanded representations. |
| secure_connect | object | false | none | none |
| » matching_issuer_name | string | false | none | Issuer name match criteria for certificate used during establishing secure connections. |
| last_heartbeat_at | string,null(date-time) | false | none | The last time (rfc3339 timestamp) a heartbeat was received from this VEN |
| last_goodbye_at | string(date-time) | false | none | The time (rfc3339 timestamp) of the last goodbye from the VEN |
| created_at | string(date-time) | false | none | The time (rfc3339 timestamp) at which this VEN was created |
| created_by | object | false | none | none |
| » href | string | true* | none | The URI of the user who created this VEN |
| updated_at | string(date-time) | false | none | The time (rfc3339 timestamp) at which this VEN was last updated |
| updated_by | object | false | none | none |
| » href | string | true* | none | The URI of the user who last updated this VEN |
| conditions | [object] | false | none | Resource errors. If there are no errors or warnings, then the array value will be empty. |
| » first_reported_timestamp | string(date-time) | false | none | The timestamp of the first event that reported this condition. |
| » latest_event | object | false | none | The latest notification event that was generated for the corresponding condition |
| » notification_type | string | false | none | The notification_type of the event |
| » severity | string | false | none | Severity of the condition, same as the event |
| » href | string | false | none | The href of the event |
| » info | object | false | none | The information from the notification event that was generated by the condition. |
| » timestamp | string(date-time) | false | none | RFC 3339 timestamp at which this event was originally created |
| » caps | [string] | false | none | Permission types |
Enumerated Values
| Property | Value |
|---|---|
| severity | error |
| severity | warning |
vens_put
{
"target_pce_fqdn": "string",
"name": "string",
"description": "string",
"status": "active"
}
Update a VEN's name, description, or target PCE.
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| target_pce_fqdn | string | false | none | cluster FQDN for target PCE |
| name | string | false | none | Friendly name of the VEN |
| description | string | false | none | Description of the VEN |
| status | string | false | none | VEN Status |
Enumerated Values
| Property | Value |
|---|---|
| status | active |
| status | suspended |
vens_unpair_put
{
"vens": [
{
"href": "string"
}
],
"firewall_restore": "default"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| vens | [object] | true* | none | VENs to unpair |
| » href | string | true* | none | URI of VEN to unpair |
| firewall_restore | string | false | none | The strategy to use to restore the firewall state after the VEN is uninstalled. |
Enumerated Values
| Property | Value |
|---|---|
| firewall_restore | saved |
| firewall_restore | default |
| firewall_restore | disable |
vulnerabilities_get
[
{
"href": "string",
"score": 0,
"cve_ids": [
"string"
],
"description": "string",
"name": "string",
"created_at": "2020-08-19T21:34:27Z",
"updated_at": "2020-08-19T21:34:27Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
}
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | The href of the vulnerability |
| score | integer | true* | none | The normalized score of the vulnerability within the range of 0 to 100. CVSS Score can be used here with a 10x multiplier. |
| cve_ids | [string] | false | none | The cve_ids for the vulnerability |
| description | string | false | none | An arbitrary field to store some details of the vulnerability class |
| name | string | true* | none | The title/name of the vulnerability |
| created_at | string(date-time) | false | none | The time (rfc3339 timestamp) at which this report was created |
| updated_at | string(date-time) | false | none | The time (rfc3339 timestamp) at which this report was last updated |
| created_by | object | false | none | none |
| » href | string | true* | none | The URI of the user who created this report |
| updated_by | object | false | none | none |
| » href | string | true* | none | The URI of the user who last updated this report |
vulnerabilities_post
[
{
"reference_id": "string",
"score": 0,
"cve_ids": [
"string"
],
"description": "string",
"name": "string"
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| reference_id | string | true* | none | The reference id of the vulnerability |
| score | integer | true* | none | The normalized score of the vulnerability within the range of 0 to 100. CVSS Score can be used here with a 10x multiplier. |
| cve_ids | [string] | false | none | The cve_ids for the vulnerability |
| description | string | false | none | An arbitrary field to store some details of the vulnerability class |
| name | string | true* | none | The title/name of the vulnerability |
vulnerabilities_put
{
"score": 0,
"cve_ids": [
"string"
],
"description": "string",
"name": "string"
}
Vulnerability
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| score | integer | true* | none | The normalized score of the vulnerability within the range of 0 to 100. CVSS Score can be used here with a 10x multiplier. |
| cve_ids | [string] | false | none | The cve_ids for the vulnerability |
| description | string | false | none | An arbitrary field to store some details of the vulnerability class |
| name | string | true* | none | The title/name of the vulnerability |
vulnerability_reports_get
{
"href": "string",
"name": "string",
"report_type": "string",
"num_vulnerabilities": 0,
"authoritative": true,
"scanned_ips": [
"string"
],
"created_at": "2020-08-19T21:34:27Z",
"updated_at": "2020-08-19T21:34:27Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
}
}
Vulnerability report
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | The resource(URI) representation of the vulnerability report |
| name | string | true* | none | User generated name of the vulnerability report |
| report_type | string | true* | none | A string representing the type of the report |
| num_vulnerabilities | integer | true* | none | Number of vulnerabilities that belong to this report |
| authoritative | boolean | false | none | Boolean value specifies whether a report is authoritative (or) not |
| scanned_ips | [string] | false | none | The ips on which the scan was performed |
| created_at | string(date-time) | true* | none | The time (rfc3339 timestamp) at which this report was created |
| updated_at | string(date-time) | true* | none | The time (rfc3339 timestamp) at which this report was last updated |
| created_by | object | true* | none | none |
| » href | string | true* | none | The URI of the user who created this report |
| updated_by | object | true* | none | none |
| » href | string | true* | none | The URI of the user who last updated this report |
vulnerability_reports_put
{
"name": "string",
"report_type": "string",
"authoritative": true,
"scanned_ips": [
"string"
],
"detected_vulnerabilities": [
{
"ip_address": "string",
"port": 0,
"proto": 0,
"workload": {
"href": "string"
},
"vulnerability": {
"href": "string"
}
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | User generated name of the vulnerability report |
| report_type | string | true* | none | A string representing the type of the report |
| authoritative | boolean | false | none | Boolean value specifies whether a report is authoritative (or) not |
| scanned_ips | [string] | false | none | The ips on which the scan was performed |
| detected_vulnerabilities | [object] | false | none | none |
| » ip_address | string | true* | none | The ip address of the host where the vulnerability is found |
| » port | integer | false | none | The port which is associated with the vulnerability |
| » proto | integer | false | none | The protocol which is associated with the vulnerability |
| » workload | object | true* | none | none |
| » href | string | true* | none | The URI of the workload to which this vulnerability belongs |
| » vulnerability | object | true* | none | none |
| » href | string | true* | none | The URI of the vulnerability class to which this vulnerability belongs |
[
{}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | The short friendly name of the workload |
| description | string | false | none | The long description of the workload |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| hostname | string | false | none | The hostname reported from the host itself |
| service_principal_name | string,null | false | none | The Kerberos Service Principal Name (SPN) |
| agent_to_pce_certificate_authentication_id | string,null | false | none | PKI Certificate identifier to be used by the PCE for authenticating the VEN |
| distinguished_name | string | false | none | X.509 Subject distinguished name |
| public_ip | string | false | none | The public IP address of the server |
| interfaces | workloads_post/properties/interfaces | false | none | Workload network interfaces |
| service_provider | string | false | none | Service provider |
| data_center | string | false | none | Data center |
| data_center_zone | string | false | none | Data center zone |
| os_id | string | false | none | Our OS identifier |
| os_detail | string | false | none | Additional OS details - just displayed to end user |
| online | boolean | false | none | If this workload is online |
| labels | agents_get/properties/labels | false | none | Assigned labels |
| agent | object | false | none | Agent info |
| » config | workloads_post/properties/agent/properties/config | false | none | none |
anyOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
[
{
"href": "string"
}
]
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | true* | none | URI of a specific workload or workload collection URI with query parameters external_data_set and external_data_reference |
[]
Workload bulk_update: Input must conform to one of: workloads_with_ven_put.schema.json, workloads_with_ven_interfaces_put.schema.json, workloads_without_ven_put.schema.json
Properties
None
{
"href": "string",
"deleted": true,
"delete_type": "string",
"name": "string",
"description": "string",
"hostname": "string",
"service_principal_name": "string",
"agent_to_pce_certificate_authentication_id": null,
"distinguished_name": "string",
"public_ip": "string",
"external_data_set": null,
"external_data_reference": null,
"interfaces": {
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
},
"service_provider": "string",
"data_center": "string",
"data_center_zone": "string",
"os_id": "string",
"os_detail": "string",
"online": true,
"firewall_coexistence": null,
"containers_inherit_host_policy": true,
"blocked_connection_action": "drop",
"labels": [
{
"href": "string"
}
],
"services": {
"uptime_seconds": 0,
"created_at": "2020-08-19T21:34:27Z",
"open_service_ports": [
{
"protocol": 0,
"address": "string",
"port": 0,
"process_name": "string",
"user": "string",
"package": "string",
"win_service_name": "string"
}
]
},
"vulnerabilities_summary": {
"num_vulnerabilities": 0,
"vulnerable_port_exposure": null,
"vulnerable_port_wide_exposure": {
"any": null,
"ip_list": null
},
"vulnerability_exposure_score": null,
"vulnerability_score": 0,
"max_vulnerability_score": 0
},
"detected_vulnerabilities": [
{
"ip_address": "string",
"port": 0,
"proto": 0,
"port_exposure": null,
"port_wide_exposure": {
"any": null,
"ip_list": null
},
"workload": {
"href": "string"
},
"vulnerability": {
"href": "string",
"score": 0,
"name": "string"
},
"vulnerability_report": {
"href": "string"
}
}
],
"agent": {
"config": {
"mode": "idle",
"log_traffic": true,
"security_policy_update_mode": "string"
},
"href": "string",
"secure_connect": {
"matching_issuer_name": "string"
},
"status": {
"uid": "string",
"last_heartbeat_on": null,
"uptime_seconds": null,
"agent_version": "string",
"managed_since": "2020-08-19T21:34:27Z",
"fw_config_current": true,
"firewall_rule_count": 0,
"security_policy_refresh_at": "2020-08-19T21:34:27Z",
"security_policy_applied_at": "2020-08-19T21:34:27Z",
"security_policy_received_at": "2020-08-19T21:34:27Z",
"agent_health_errors": {
"errors": [
"string"
],
"warnings": [
"string"
]
},
"agent_health": [
{
"type": "string",
"severity": "string",
"audit_event": "string"
}
],
"security_policy_sync_state": "string"
},
"active_pce_fqdn": "string",
"target_pce_fqdn": "string",
"type": "string"
},
"ven": {
"href": "string",
"hostname": "string",
"name": "string",
"status": "string"
},
"created_at": "2020-08-19T21:34:27Z",
"updated_at": "2020-08-19T21:34:27Z",
"deleted_at": "2020-08-19T21:34:27Z",
"created_by": {
"href": "string"
},
"updated_by": {
"href": "string"
},
"deleted_by": {
"href": "string"
},
"container_cluster": {
"href": "string",
"name": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| href | string | false | none | URI of workload |
| deleted | boolean | true* | none | This workload has been deleted |
| delete_type | string | false | none | DEPRECATED WITH NO REPLACEMENT: Workload deletion type |
| name | string | true* | none | Interface name |
| description | string | true* | none | The description of this workload |
| hostname | string | true* | none | The hostname of this workload |
| service_principal_name | string | true* | none | The Kerberos Service Principal Name (SPN) |
| agent_to_pce_certificate_authentication_id | string,null | false | none | PKI Certificate identifier to be used by the PCE for authenticating the VEN |
| distinguished_name | string | false | none | X.509 Subject distinguished name |
| public_ip | string | true* | none | The public IP address of the server |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| interfaces | vens_get/properties/interfaces/items | true* | none | Workload network interfaces |
| service_provider | string | true* | none | Service provider |
| data_center | string | true* | none | Data center |
| data_center_zone | string | true* | none | Data center zone |
| os_id | string | true* | none | Our OS identifier |
| os_detail | string | true* | none | Additional OS details - just displayed to end user |
| online | boolean | true* | none | If this workload is online |
| firewall_coexistence | object,null | false | none | Firewall coexistence mode |
| » illumio_primary | boolean | false | none | Illumio is the primary firewall if set to true |
| containers_inherit_host_policy | boolean | false | none | This workload will apply the policy it receives both to itself and the containers hosted by it |
| blocked_connection_action | string | false | none | firewall action for blocked connections |
| labels | agents_get/properties/labels | true* | none | Assigned labels |
| services | object | true* | none | Service report |
| » uptime_seconds | integer | false | none | How long since the last reboot of this box - used as a timestamp for this |
| » created_at | string(date-time) | false | none | Timestamp when this service was first created |
| » open_service_ports | [object] | false | none | A list of open ports |
| » protocol | integer | true* | none | Transport protocol |
| » address | string | true* | none | The local address this service is bound to |
| » port | integer | true* | none | The local port this service is bound to |
| » process_name | string | true* | none | The process name (including the full path) |
| » user | string | true* | none | The user account that the process is running under |
| » package | string | false | none | The RPM/DEB pacakge that the program is part of |
| » win_service_name | string | false | none | Name of the Windows service |
| » vulnerabilities_summary | object | false | none | Vulnerabilities summary associated with the workload |
| » num_vulnerabilities | integer | true* | none | Number of vulnerabilities associated with the workload |
| » vulnerable_port_exposure | integer,null | false | none | The aggregated vulnerability port exposure score of the workload across all the vulnerable ports |
| » vulnerable_port_wide_exposure | object | false | none | none |
| » any | boolean,null | false | none | The boolean value representing if at least one port is exposed to internet (any rule) on the workload |
| » ip_list | boolean,null | false | none | The boolean value representing if at least one port is exposed to ip_list(s) on the workload |
| » vulnerability_exposure_score | integer,null | false | none | The aggregated vulnerability exposure score of the workload across all the vulnerable ports. |
| » vulnerability_score | integer | false | none | The aggregated vulnerability score of the workload across all the vulnerable ports. |
| » max_vulnerability_score | integer | true* | none | The maximum of all the vulnerability scores associated with the detected_vulnerabilities on the workload. |
| » detected_vulnerabilities | [object] | false | none | none |
| » ip_address | string | true* | none | The ip address of the host where the vulnerability is found |
| » port | integer | false | none | The port which is associated with the vulnerability |
| » proto | integer | false | none | The protocol which is associated with the vulnerability |
| » port_exposure | integer,null | false | none | The exposure of the port based on the current policy |
| » port_wide_exposure | object | false | none | none |
| » any | boolean,null | false | none | The boolean value representing if the port is exposed to internet (any rule). |
| » ip_list | boolean,null | false | none | The boolean value representing if the port is exposed to ip_list(s) |
| » workload | object | false | none | none |
| » href | string | true* | none | The URI of the workload to which this vulnerability belongs to |
| » vulnerability | object | true* | none | none |
| » href | string | true* | none | The URI of the vulnerability class to which this vulnerability belongs to |
| » score | integer | false | none | The normalized score of the vulnerability within the range of 0 to 100 |
| » name | string | false | none | The title/name of the vulnerability |
| » vulnerability_report | object | false | none | none |
| » href | string | true* | none | The URI of the report to which this vulnerability belongs to |
| » agent | object | true* | none | DEPRECATED AND REPLACED (USE 'ven' INSTEAD). Information about the agent that manages this workload. |
| » config | object | false | none | none |
| » mode | agents_get/properties/mode | false | none | Agent management mode |
| » log_traffic | boolean | false | none | True if we want to log traffic events from this workload |
| » security_policy_update_mode | string | false | none | Defines the current policy update mode which can be either adaptive or static based on static policy scopes |
| » href | string | false | none | URI of agent |
| » secure_connect | object | false | none | none |
| » matching_issuer_name | string | false | none | Issuer name match criteria for certificate used during establishing secure connections. |
| » status | object | false | none | none |
| » uid | string | true* | none | The unique ID reported by the server |
| » last_heartbeat_on | string,null(date-time) | true* | none | The last time (rfc3339 timestamp) a heartbeat was received from this workload |
| » uptime_seconds | integer,null | true* | none | How long since the last reboot of this server. Recorded in DB at the time of the last heartbeat |
| » agent_version | string | false | none | Agent software version string |
| » managed_since | string(date-time) | true* | none | The time (rfc3339 timestamp) at which this workload became managed by a VEN |
| » fw_config_current | boolean | true* | none | If this workload's firewall config is up to date' |
| » firewall_rule_count | integer | true* | none | DEPRECATED WITH NO REPLACEMENT: Number of firewall rules currently installed |
| » security_policy_refresh_at | string(date-time) | true* | none | DEPRECATED AND REPLACED (USE security_policy_applied_at and security_policy_received_at INSTEAD) |
| » security_policy_applied_at | string(date-time) | false | none | Last reported time when policy was applied (UTC) |
| » security_policy_received_at | string(date-time) | false | none | Last reported time when policy was received (UTC) |
| » agent_health_errors | object | true* | none | DEPRECATED AND REPLACED (USE agent_health property INSTEAD) |
| » errors | [string] | false | none | Errors associated with the security policy |
| » warnings | [string] | false | none | Warnings associated with the security policy |
| » agent_health | [object] | true* | none | VEN Health. If there are no errors or warnings, then the array value will be empty. |
| » type | string | true* | none | This field describes the error or the warning type |
| » severity | string | true* | none | severity of the error type |
| » audit_event | string | false | none | The URI of the audit event that was generated for the corresponding error or warning |
| » security_policy_sync_state | string | false | none | Current state of security policy |
| » active_pce_fqdn | string | false | none | The FQDN of the PCE that received the agent's last heartbeat |
| » target_pce_fqdn | string | false | none | The FQDN of the PCE the agent will use for future connections |
| » type | string | false | none | Agent type |
| » ven | object | false | none | none |
| » href | string | true* | none | The URI of the VEN that manages this workload. This replaces the 'agent' field of this object. |
| » hostname | string | false | none | The hostname of the host managed by the VEN, only displayed in expanded representations. |
| » name | string | false | none | The friendly name of the VEN, only displayed in expanded representations. |
| » status | string | false | none | Status of the VEN, only displayed in expanded representations. |
| » created_at | string(date-time) | true* | none | The time (rfc3339 timestamp) at which this workload was created |
| » updated_at | string(date-time) | true* | none | The time (rfc3339 timestamp) at which this workload was last updated |
| » deleted_at | string(date-time) | false | none | The time (rfc3339 timestamp) at which this workload was deleted |
| » created_by | object | false | none | none |
| » href | string | true* | none | The URI of the user who created this workload |
| » updated_by | object | false | none | none |
| » href | string | true* | none | The URI of the user who last updated this workload |
| » deleted_by | object | false | none | none |
| » href | string | true* | none | The URI of the user who deleted this workload |
| » container_cluster | object | false | none | Container Cluster |
| » href | string | true* | none | URI |
| » name | string | true* | none | Name |
workloads_interfaces_get
{
"name": "string",
"link_state": "string",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"network": {
"href": "string"
},
"network_detection_mode": "string",
"friendly_name": "string"
}
Workload network interfaces
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | Interface name |
| link_state | string | true* | none | Link State |
| address | string | true* | none | The IP Address to assign to this interface |
| cidr_block | integer | true* | none | The number of bits in the subnet /24 is 255.255.255.0 |
| default_gateway_address | string | true* | none | The IP Address of the default gateway |
| network | object | false | none | Network object used in workloads and workload interfaces |
| » href | string | true* | none | URI of the network |
| network_detection_mode | string | true* | none | Network Detection Mode |
| friendly_name | string | true* | none | User-friendly name for interface |
workloads_interfaces_post
{
"name": "string",
"link_state": "up",
"address": "string",
"cidr_block": 0,
"default_gateway_address": "string",
"friendly_name": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true* | none | Interface name |
| link_state | string | true* | none | Link State |
| address | any | false | none | none |
oneOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | number | false | none | none |
xor
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | number | false | none | none |
continued
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| cidr_block | integer | false | none | The number of bits in the subnet /24 is 255.255.255.0 |
| default_gateway_address | workloads_interfaces_post/properties/address | false | none | none |
| friendly_name | string | false | none | User-friendly name for interface |
Enumerated Values
| Property | Value |
|---|---|
| link_state | up |
| link_state | down |
| link_state | unknown |
{}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | The short friendly name of the workload |
| description | string | false | none | The long description of the workload |
| external_data_set | string,null | false | none | External data set identifier |
| external_data_reference | string,null | false | none | External data reference identifier |
| hostname | string | false | none | The hostname reported from the host itself |
| service_principal_name | string,null | false | none | The Kerberos Service Principal Name (SPN) |
| agent_to_pce_certificate_authentication_id | string,null | false | none | PKI Certificate identifier to be used by the PCE for authenticating the VEN |
| distinguished_name | string | false | none | X.509 Subject distinguished name |
| public_ip | string | false | none | The public IP address of the server |
| interfaces | [object] | false | none | Workload network interfaces |
| » name | string | true* | none | Interface name |
| » link_state | string | false | none | Link State |
| » address | workloads_interfaces_post/properties/address | true* | none | The IP Address to assign to this interface |
| » cidr_block | integer | false | none | The number of bits in the subnet /24 is 255.255.255.0 |
| » default_gateway_address | workloads_interfaces_post/properties/address | false | none | The IP Address of the default gateway |
| » friendly_name | string | false | none | User-friendly name for interface |
| service_provider | string | false | none | Service provider |
| data_center | string | false | none | Data center |
| data_center_zone | string | false | none | Data center zone |
| os_id | string | false | none | Our OS identifier |
| os_detail | string | false | none | Additional OS details - just displayed to end user |
| online | boolean | false | none | If this workload is online |
| labels | agents_get/properties/labels | false | none | Assigned labels |
| agent | object | false | none | Agent info |
| » config | object | false | none | none |
| » mode | agents_get/properties/mode | false | none | Agent management mode |
| » log_traffic | boolean | false | none | True if we want to log traffic events from this workload |
anyOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| link_state | up |
| link_state | down |
| link_state | unknown |
{
"href": "string",
"name": "string",
"description": "string",
"external_data_set": null,
"external_data_reference": null,
"service_principal_name": null,
"agent_to_pce_certificate_authentication_id": null,
"service_provider": "string",
"data_center": "string",
"data_center_zone": "string",
"labels": [
{
"href": "string"
}
],
"agent": {
"href": "string",
"config": {
"mode": "idle",
"log_traffic": true
},
"status": {
"status": "active"
}
}
}
Properties
anyOf
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | object | false | none | none |
| » href | string | false | none | Workload URI (bulk_update only) |
| » name | string | false | none | The short friendly name of the workload |
| » description | string | false | none | The long description of the workload |
| » external_data_set | string,null | false | none | External data set identifier |
| » external_data_reference | string,null | false | none | External data reference identifier |
| » service_principal_name | string,null | false | none | The Kerberos Service Principal Name (SPN) |
| » agent_to_pce_certificate_authentication_id | string,null | false | none | PKI Certificate identifier to be used by the PCE for authenticating the VEN |
| » service_provider | string | false | none | Service provider |
| » data_center | string | false | none | Data center |
| » data_center_zone | string | false | none | Data center zone |
| » labels | agents_get/properties/labels | false | none | Assigned labels |
| » agent | object | false | none | Agent info |
| » href | string | false | none | URI of agent; will be ignored by the server |
| » config | workloads_post/properties/agent/properties/config | false | none | none |
| » status | object | false | none | none |
| » status | string | false | none | Updated agent status |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » href | string | false | none | Workload URI (bulk_update only) |
| » name | string | false | none | The short friendly name of the workload |
| » description | string | false | none | The long description of the workload |
| » external_data_set | string,null | false | none | External data set identifier |
| » external_data_reference | string,null | false | none | External data reference identifier |
| » service_principal_name | string,null | false | none | The Kerberos Service Principal Name (SPN) |
| » public_ip | string | false | none | The public IP address of the server |
| » interfaces | workloads_post/properties/interfaces | false | none | Workload network interfaces |
| » service_provider | string | false | none | Service provider |
| » data_center | string | false | none | Data center |
| » data_center_zone | string | false | none | Data center zone |
| » labels | agents_get/properties/labels | false | none | Assigned labels |
| » agent | object | false | none | Agent info |
| » href | string | false | none | URI of agent; will be ignored by the server |
| » config | workloads_post/properties/agent/properties/config | false | none | none |
| » status | workloads_put/anyOf/0/properties/agent/properties/status | false | none | none |
or
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| » anonymous | object | false | none | none |
| » href | string | false | none | Workload URI (bulk_update only) |
| » name | string | false | none | The short friendly name of the workload |
| » description | string | false | none | The long description of the workload |
| » external_data_set | string,null | false | none | External data set identifier |
| » external_data_reference | string,null | false | none | External data reference identifier |
| » hostname | string | false | none | The hostname reported from the host itself |
| » service_principal_name | string,null | false | none | The Kerberos Service Principal Name (SPN) |
| » agent_to_pce_certificate_authentication_id | string,null | false | none | PKI Certificate identifier to be used by the PCE for authenticating the VEN |
| » distinguished_name | string | false | none | X.509 Subject distinguished name |
| » public_ip | string | false | none | The public IP address of the server |
| » interfaces | workloads_post/properties/interfaces | false | none | Workload network interfaces |
| » service_provider | string | false | none | Service provider |
| » data_center | string | false | none | Data center |
| » data_center_zone | string | false | none | Data center zone |
| » os_id | string | false | none | Our OS identifier |
| » os_detail | string | false | none | Additional OS details - just displayed to end user |
| » online | boolean | false | none | If this workload is online |
| » labels | agents_get/properties/labels | false | none | Assigned labels |
| » agent | object | false | none | Agent info |
| » href | string | false | none | URI of agent; will be ignored by the server |
| » config | workloads_post/properties/agent/properties/config | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| status | active |
| status | suspended |
{
"workloads": [
{
"href": "string"
}
],
"ip_table_restore": "default"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| workloads | [object] | true* | none | Workloads to update |
| » href | string | true* | none | URI of workload to update |
| ip_table_restore | string | false | none | The desired state of IP tables after the agent is uninstalled. |
Enumerated Values
| Property | Value |
|---|---|
| ip_table_restore | saved |
| ip_table_restore | default |
| ip_table_restore | disable |
--
Copyright 2018-2020 Illumio, Inc. All rights reserved.