host_request
A standard equipment definition
Defines host's access group
Whether the host is writable through /deploy end point with deployment credentials
Whether the host key should be accepted and stored on first connection
Indicates it is a standalone host - bound to local host directory
The equipment ID from the originating equipment store
The instance ID from the originating cloud service (searchable by keyword)
Wheter the host is set to be audited.
session_recording_options object
Flags to disable trail auditing for certain features when auditing is enabled
Disable clipboard trail auditing when auditing is enabled
Disable file transfer trail auditing when auditing is enabled
ssh_host_public_keys object[]
Host public key, used to verify the identity of the accessed host
Host certificate, used to verify that the target host is the correct one.
The host public address scanning script instructs the host store to use in service address-field.
services object[]
Allowed protocol - SSH, RDP, VNC, WEB, DB (searchable)
Possible values: [SSH, RDP, VNC, WEB, DB]
Service address, IPv4, IPv6 or FQDN
Service port
if service SSH, informs whether this service is used to rotate password
falsedb object
Database protocol
Possible values: [postgres, mysql, passthrough, tls]
Possible values: [ENABLED, DISABLED]
Database server TLS certificate trust anchors in PEM
Session recording of the protocol stream will start only when this amount of bytes have been transferred from client to server. Set to zero to start session recording from start of protocol stream.
Identifies the source of the services object "UI", "SCIM" or "SCAN". Deploy is also treated as "UI".
principals object[]
What principals (target server user names/ accounts) the host has
The account name
target_domain object
Optional target domain in which principal exists
Rotate password of this account
marks account to be used as the account through which password rotation takes place, when flag use_main_account set in rotation_metadata
Use user account as host principal name
The account static passphrase or the initial rotating password value. If rotate selected, active in create, disabled/hidden in edit
Identifies the source of the principals object "UI" or "SCAN". Deploy is also treated as "UI".
roles object[]
An array of roles entitled to access this principal on the host
Role UUID
applications object[]
An array of application the principal may launch on the target host
service_options object
Object for service options
ssh object
SSH service options
Shell channel
File transfer channel
exec channel
tunnels
x11
other options
rdp object
RDP service options
file transfer
audio
clipboard
web object
WEB service options
file transfer
audio
clipboard
vnc object
VNC service options
file transfer
clipboard
db object
DB service options
Maximum number of bytes allowed in download direction per connection. Set to zero to disable byte count limiting.
Maximum number of bytes allowed in upload direction per connection. Set to zero to disable byte count limiting.
command_restrictions object
SSH shell/exec command restrictions for the principal
Are command restrictions enabled
default_whitelist object
Default whitelist handle, required if command restrictions are enabled
Whitelist ID
Whitelist name
Has whitelist been deleted, ignored in requests
Restricted shell variant, required if command restrictions are enabled
Possible values: [bash, posix]
Optional banner displayed in SSH terminal
If true then commands that do not match any whitelist pattern are allowed to execute
If true then an audit event is generated for every allowed command
If true then an audit event is generated for every disallowed command
whitelists object[]
whitelist object
Whitelist ID
Whitelist name
Has whitelist been deleted, ignored in requests
roles object[]
List of roles granting access to the whitelist
Role ID
Role name
set, if there are accounts, in which passwords need to be rotated
password_rotation object
password rotation settings for host
Specify ID of access group, default access group will be used if ID is not specified. Access group will be checked for WinRM trust anchors if certificate validation option is set to enabled.
rotate passwords of all accounts in host through one account
Bash for Linux, Powershell for windows for shell access
Possible values: [LINUX, WINDOWS]
IPv4 address or FQDN to use for winrm connections
port to use for password rotation with winrm, zero for winrm default
Possible values: [SSH, WINRM]
Disable or enable password rotation certificate validation
Possible values: [DISABLED, ENABLED]
WinRM host certificate trust anchors in PEM format
password policy to be applied
script template to be run in host
rotation_status object[]
Filled by backend. Rotation status per account to be shown in UI
When last successful rotation. Added by backend
2017-01-01T15:05:05ZLast rotation error. Cleared when rotation successful, updated by backend
2017-01-01T15:05:05Zinformation of rotation error, updated by backend
When the object was created. Added by backend
2017-01-01T15:05:05ZWhen the object was updated. Added by backend
2017-01-01T15:05:05Zadded by backend
added by backend
A unique import-source identifier for the host entry, for example a hash for AWS account ID. (searchable by keyword)
The cloud provider this host resides in
The cloud provider region the host resides in
LDAPv3 Disinguished name (searchable by keyword)
X.500 Common name (searchable by keyword)
X.500 Organization (searchable by keyword)
X.500 Organizational unit (searchable by keyword)
Equipment zone (development, production, user acceptance testing, ..) (searchable by keyword)
Under what compliance scopes the listed equipment falls under (searchable by keyword)
Equipment type (virtual, physical) (searchable by keyword)
Classification (Windows desktop, Windows server, AIX, Linux RH, ..) (searchable by keyword)
A comment describing the host
Possible values: [BY_ADMIN, BY_LICENSE, false]
Name of the certificate template used for certificate authentication for this host
{
"access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"deployable": true,
"tofu": true,
"stand_alone_host": true,
"external_id": "string",
"instance_id": "string",
"audit_enabled": true,
"session_recording_options": {
"disable_clipboard_recording": true,
"disable_file_transfer_recording": true
},
"ssh_host_public_keys": [
{
"key": "string"
}
],
"host_certificate_raw": "string",
"contact_address": "string",
"services": [
{
"service": "SSH",
"address": "string",
"port": 0,
"use_for_password_rotation": false,
"db": {
"protocol": "postgres",
"tls_certificate_validation": "ENABLED",
"tls_certificate_trust_anchors": "string",
"audit_skip_bytes": 0
},
"source": "string"
}
],
"principals": [
{
"principal": "string",
"target_domain": {
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "string",
"deleted": true
},
"rotate": true,
"use_for_password_rotation": true,
"use_user_account": true,
"passphrase": "string",
"source": "string",
"roles": [
{
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}
],
"applications": [
{
"name": "string",
"application": "string",
"arguments": "string",
"working_directory": "string"
}
],
"service_options": {
"ssh": {
"shell": true,
"file_transfer": true,
"exec": true,
"tunnels": true,
"x11": true,
"other": true
},
"rdp": {
"file_transfer": true,
"audio": true,
"clipboard": true
},
"web": {
"file_transfer": true,
"audio": true,
"clipboard": true
},
"vnc": {
"file_transfer": true,
"clipboard": true
},
"db": {
"max_bytes_download": 0,
"max_bytes_upload": 0
}
},
"command_restrictions": {
"enabled": true,
"default_whitelist": {
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "string",
"deleted": true
},
"rshell_variant": "bash",
"banner": "string",
"allow_no_match": true,
"audit_match": true,
"audit_no_match": true,
"whitelists": [
{
"whitelist": {
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "string",
"deleted": true
},
"roles": [
{
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"name": "string"
}
]
}
]
}
}
],
"password_rotation_enabled": true,
"password_rotation": {
"access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"use_main_account": true,
"operating_system": "LINUX",
"winrm_address": "string",
"winrm_port": 0,
"protocol": "SSH",
"certificate_validation_options": "DISABLED",
"winrm_host_certificate_trust_anchors": "string",
"password_policy_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"script_template_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"rotation_status": [
{
"principal": "string",
"last_rotated": "2017-01-01T15:05:05Z",
"last_error": "2017-01-01T15:05:05Z",
"last_error_details": "string"
}
],
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"created_by": "string",
"updated_by": "string"
},
"source_id": "string",
"cloud_provider": "string",
"cloud_provider_region": "string",
"distinguished_name": "string",
"common_name": "string",
"organization": "string",
"organizational_unit": "string",
"zone": "string",
"scope": [
"string"
],
"host_type": "string",
"host_classification": "string",
"comment": "string",
"addresses": [
"string"
],
"tags": [
"string"
],
"disabled": "BY_ADMIN",
"certificate_template": "string"
}