Skip to main content
Version: v41

host

A standard equipment definition

idstring<uuid>
access_group_idstring<uuid>

Defines host's access group

deployableboolean

Whether the host is writable through /deploy end point with deployment credentials

tofuboolean

Whether the host key should be accepted and stored on first connection

stand_alone_hostboolean

Indicates it is a standalone host - bound to local host directory

external_idstring

The equipment ID from the originating equipment store

instance_idstring

The instance ID from the originating cloud service (searchable by keyword)

audit_enabledboolean

Wheter the host is set to be audited.

session_recording_options object

Flags to disable trail auditing for certain features when auditing is enabled

disable_clipboard_recordingboolean

Disable clipboard trail auditing when auditing is enabled

disable_file_transfer_recordingboolean

Disable file transfer trail auditing when auditing is enabled

ssh_host_public_keys object[]
  • Array [
    • keystring

    Host public key, used to verify the identity of the accessed host

    fingerprintstring

    The host-key fingerprint

  • ]
    • host_certificate_rawstring

    Host certificate, used to verify that the target host is the correct one.

    host_certificate object
    subjectstring

    Certificate subject name

    issuerstring

    Certificate issuer name

    serialstring

    Certificate serial number

    not_beforestring

    Certificate not before timestamp

    not_afterstring

    Certificate not after timestamp

    dns_namesstring[]
    email_addressesstring[]
    ip_addressesstring[]
    fingerprint_sha1string

    Certificate SHA1 fingerprint

    fingerprint_sha256string

    Certificate SHA256 fingerprint

    contact_addressstring

    The host public address scanning script instructs the host store to use in service address-field.

    services object[]
  • Array [
    • servicestring

    Allowed protocol - SSH, RDP, VNC, WEB, DB (searchable)

    Possible values: [SSH, RDP, VNC, WEB, DB]

    addressstring

    Service address, IPv4, IPv6 or FQDN

    portinteger

    Service port

    use_for_password_rotationboolean

    if service SSH, informs whether this service is used to rotate password

    Default value: false
    ssh_tunnel_portinteger

    ssh tunnel port

    sourcestring

    Identifies the source of the services object "UI", "SCIM" or "SCAN". Deploy is also treated as "UI".

    login_page_urlstring
    username_field_namestring
    password_field_namestring
    login_request_urlstring
    login_request_password_propertystring
    auth_typestring
    statusstring
    Example: OK
    status_updatedstring
    allowed_domainsstring[]

    List of allowed domains

    service_versionstring
    use_legacy_cipher_suitesboolean
    tls_min_versionstring
    tls_max_versionstring
    browserstring
    db object
    protocolstring

    Database protocol

    Possible values: [postgres, mysql, passthrough, tls]

    tls_certificate_validationstring

    Possible values: [ENABLED, DISABLED]

    tls_certificate_trust_anchorsstring

    Database server TLS certificate trust anchors in PEM

    audit_skip_bytesinteger

    Session recording of the protocol stream will start only when this amount of bytes have been transferred from client to server. Set to zero to start session recording from start of protocol stream.

    createdstring<date-time>

    When the object was created

    Example: 2017-01-01T15:05:05Z
    updatedstring<date-time>

    When the object was updated

    Example: 2017-01-01T15:05:05Z
    certificate_templatestring

    Name of the certificate template used for certificate authentication for this host

  • ]
    • principals object[]

    What principals (target server user names/ accounts) the host has

  • Array [
    • principalstring

    The account name

    target_domain object

    Optional target domain in which principal exists

    idstring<uuid>
    namestring
    deletedboolean
    rotateboolean

    Rotate password of this account

    use_for_password_rotationboolean

    marks account to be used as the account through which password rotation takes place, when flag use_main_account set in rotation_metadata

    use_user_accountboolean

    Use user account as host principal name

    passphrasestring

    The account static passphrase or the initial rotating password value

    username_attributestring

    Custom username attribute

    sourcestring

    Identifies the source of the principals object "UI" or "SCAN". Deploy is also treated as "UI".

    roles object[]

    An array of roles entitled to access this principal on the host

  • Array [
    • idstring<uuid>

    Role UUID

    namestring

    Role display_name

    deletedboolean

    Role is deleted

  • ]
    • applications object[]

    An array of application the principal may launch on the target host

  • Array [
    • namestring
    applicationstring
    argumentsstring
    working_directorystring
  • ]
    • service_options object

    Object for service options

    ssh object

    SSH service options

    shellboolean

    Shell channel

    file_transferboolean

    File transfer channel

    execboolean

    exec channel

    tunnelsboolean

    tunnels

    x11boolean

    x11

    otherboolean

    other options

    rdp object

    RDP service options

    file_transferboolean

    file transfer

    audioboolean

    audio

    clipboardboolean

    clipboard

    web object

    WEB service options

    file_transferboolean

    file transfer

    audioboolean

    audio

    clipboardboolean

    clipboard

    vnc object

    VNC service options

    file_transferboolean

    file transfer

    clipboardboolean

    clipboard

    db object

    DB service options

    max_bytes_downloadinteger

    Maximum number of bytes allowed in download direction per connection. Set to zero to disable byte count limiting.

    max_bytes_uploadinteger

    Maximum number of bytes allowed in upload direction per connection. Set to zero to disable byte count limiting.

    command_restrictions object

    SSH shell/exec command restrictions for the principal

    enabledboolean

    Are command restrictions enabled

    default_whitelist object

    Default whitelist handle, required if command restrictions are enabled

    idstring<uuid>required

    Whitelist ID

    namestring

    Whitelist name

    deletedboolean

    Has whitelist been deleted, ignored in requests

    rshell_variantstring

    Restricted shell variant, required if command restrictions are enabled

    Possible values: [bash, posix]

    bannerstring

    Optional banner displayed in SSH terminal

    allow_no_matchboolean

    If true then commands that do not match any whitelist pattern are allowed to execute

    audit_matchboolean

    If true then an audit event is generated for every allowed command

    audit_no_matchboolean

    If true then an audit event is generated for every disallowed command

    whitelists object[]
  • Array [
    • whitelist object
    idstring<uuid>required

    Whitelist ID

    namestring

    Whitelist name

    deletedboolean

    Has whitelist been deleted, ignored in requests

    roles object[]

    List of roles granting access to the whitelist

  • Array [
    • idstring<uuid>required

    Role ID

    namestring

    Role name

  • ]
  • ]
  • ]
    • password_rotation_enabledboolean

    set, if there are accounts, in which passwords need to be rotated

    password_rotation object

    password rotation settings for host

    access_group_idstring<uuid>

    Specify ID of access group, default access group will be used if ID is not specified. Access group will be checked for WinRM trust anchors if certificate validation option is set to enabled.

    use_main_accountbooleanrequired

    rotate passwords of all accounts in host through one account

    operating_systemstringrequired

    Bash for Linux, Powershell for windows for shell access

    Possible values: [LINUX, WINDOWS]

    winrm_addressstring

    IPv4 address or FQDN to use for winrm connections

    winrm_portinteger

    port to use for password rotation with winrm, zero for winrm default

    protocolstringrequired

    Possible values: [SSH, WINRM]

    certificate_validation_optionsstringrequired

    Disable or enable password rotation certificate validation

    Possible values: [DISABLED, ENABLED]

    winrm_host_certificate_trust_anchorsstring

    WinRM host certificate trust anchors in PEM format

    password_policy_idstring<uuid>required

    password policy to be applied

    script_template_idstring<uuid>required

    script template to be run in host

    rotation_status object[]

    Filled by backend. Rotation status per account to be shown in UI

  • Array [
    • principalstring
    last_rotatedstring<date-time>

    When last successful rotation. Added by backend

    Example: 2017-01-01T15:05:05Z
    last_errorstring<date-time>

    Last rotation error. Cleared when rotation successful, updated by backend

    Example: 2017-01-01T15:05:05Z
    last_error_detailsstring

    information of rotation error, updated by backend

  • ]
    • createdstring<date-time>

    When the object was created. Added by backend

    Example: 2017-01-01T15:05:05Z
    updatedstring<date-time>

    When the object was updated. Added by backend

    Example: 2017-01-01T15:05:05Z
    created_bystring

    added by backend

    updated_bystring

    added by backend

    source_idstring

    A unique import-source identifier for the host entry, for example a hash for AWS account ID. (searchable by keyword)

    cloud_providerstring

    The cloud provider this host resides in

    cloud_provider_regionstring

    The cloud provider region the host resides in

    status object[]
  • Array [
    • kstring
    vstring
  • ]
    • createdstring<date-time>

    When the object was created

    Example: 2017-01-01T15:05:05Z
    updatedstring<date-time>

    When the object was updated

    Example: 2017-01-01T15:05:05Z
    updated_bystring<uuid>

    Id of the user who updated the object

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
    distinguished_namestring

    LDAPv3 Disinguished name (searchable by keyword)

    common_namestring

    X.500 Common name (searchable by keyword)

    organizationstring

    X.500 Organization (searchable by keyword)

    organizational_unitstring

    X.500 Organizational unit (searchable by keyword)

    zonestring

    Equipment zone (development, production, user acceptance testing, ..) (searchable by keyword)

    scopestring[]

    Under what compliance scopes the listed equipment falls under (searchable by keyword)

    host_typestring

    Equipment type (virtual, physical) (searchable by keyword)

    host_classificationstring

    Classification (Windows desktop, Windows server, AIX, Linux RH, ..) (searchable by keyword)

    commentstring

    A comment describing the host

    addressesstring[]
    tagsstring[]
    disabledstring

    Possible values: [BY_ADMIN, BY_LICENSE, false]

    host
    {
      "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "deployable": true,
      "tofu": true,
      "stand_alone_host": true,
      "external_id": "string",
      "instance_id": "string",
      "audit_enabled": true,
      "session_recording_options": {
        "disable_clipboard_recording": true,
        "disable_file_transfer_recording": true
      },
      "ssh_host_public_keys": [
        {
          "key": "string",
          "fingerprint": "string"
        }
      ],
      "host_certificate_raw": "string",
      "host_certificate": {
        "subject": "string",
        "issuer": "string",
        "serial": "string",
        "not_before": "string",
        "not_after": "string",
        "dns_names": [
          "string"
        ],
        "email_addresses": [
          "string"
        ],
        "ip_addresses": [
          "string"
        ],
        "fingerprint_sha1": "string",
        "fingerprint_sha256": "string"
      },
      "contact_address": "string",
      "services": [
        {
          "service": "SSH",
          "address": "string",
          "port": 0,
          "use_for_password_rotation": false,
          "ssh_tunnel_port": 0,
          "source": "string",
          "login_page_url": "string",
          "username_field_name": "string",
          "password_field_name": "string",
          "login_request_url": "string",
          "login_request_password_property": "string",
          "auth_type": "string",
          "status": "OK",
          "status_updated": "string",
          "allowed_domains": [
            "string"
          ],
          "service_version": "string",
          "use_legacy_cipher_suites": true,
          "tls_min_version": "string",
          "tls_max_version": "string",
          "browser": "string",
          "db": {
            "protocol": "postgres",
            "tls_certificate_validation": "ENABLED",
            "tls_certificate_trust_anchors": "string",
            "audit_skip_bytes": 0
          },
          "created": "2017-01-01T15:05:05Z",
          "updated": "2017-01-01T15:05:05Z",
          "certificate_template": "string"
        }
      ],
      "principals": [
        {
          "principal": "string",
          "target_domain": {
            "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
            "name": "string",
            "deleted": true
          },
          "rotate": true,
          "use_for_password_rotation": true,
          "use_user_account": true,
          "passphrase": "string",
          "username_attribute": "string",
          "source": "string",
          "roles": [
            {
              "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
              "name": "string",
              "deleted": true
            }
          ],
          "applications": [
            {
              "name": "string",
              "application": "string",
              "arguments": "string",
              "working_directory": "string"
            }
          ],
          "service_options": {
            "ssh": {
              "shell": true,
              "file_transfer": true,
              "exec": true,
              "tunnels": true,
              "x11": true,
              "other": true
            },
            "rdp": {
              "file_transfer": true,
              "audio": true,
              "clipboard": true
            },
            "web": {
              "file_transfer": true,
              "audio": true,
              "clipboard": true
            },
            "vnc": {
              "file_transfer": true,
              "clipboard": true
            },
            "db": {
              "max_bytes_download": 0,
              "max_bytes_upload": 0
            }
          },
          "command_restrictions": {
            "enabled": true,
            "default_whitelist": {
              "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
              "name": "string",
              "deleted": true
            },
            "rshell_variant": "bash",
            "banner": "string",
            "allow_no_match": true,
            "audit_match": true,
            "audit_no_match": true,
            "whitelists": [
              {
                "whitelist": {
                  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
                  "name": "string",
                  "deleted": true
                },
                "roles": [
                  {
                    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
                    "name": "string"
                  }
                ]
              }
            ]
          }
        }
      ],
      "password_rotation_enabled": true,
      "password_rotation": {
        "access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "use_main_account": true,
        "operating_system": "LINUX",
        "winrm_address": "string",
        "winrm_port": 0,
        "protocol": "SSH",
        "certificate_validation_options": "DISABLED",
        "winrm_host_certificate_trust_anchors": "string",
        "password_policy_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "script_template_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "rotation_status": [
          {
            "principal": "string",
            "last_rotated": "2017-01-01T15:05:05Z",
            "last_error": "2017-01-01T15:05:05Z",
            "last_error_details": "string"
          }
        ],
        "created": "2017-01-01T15:05:05Z",
        "updated": "2017-01-01T15:05:05Z",
        "created_by": "string",
        "updated_by": "string"
      },
      "source_id": "string",
      "cloud_provider": "string",
      "cloud_provider_region": "string",
      "status": [
        {
          "k": "string",
          "v": "string"
        }
      ],
      "created": "2017-01-01T15:05:05Z",
      "updated": "2017-01-01T15:05:05Z",
      "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
      "distinguished_name": "string",
      "common_name": "string",
      "organization": "string",
      "organizational_unit": "string",
      "zone": "string",
      "scope": [
        "string"
      ],
      "host_type": "string",
      "host_classification": "string",
      "comment": "string",
      "addresses": [
        "string"
      ],
      "tags": [
        "string"
      ],
      "disabled": "BY_ADMIN"
    }