posture
Creates, updates, deletes, gets or lists a posture resource.
Overview
| Name | posture |
| Type | Resource |
| Id | cloudflare.zero_trust.posture |
Fields
The following fields are returned by SELECT queries:
- get
- list
Get device posture rule details response.
| Name | Datatype | Description |
|---|---|---|
id | string | API UUID. (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415) |
name | string | The name of the device posture rule. (example: Admin Serial Numbers) |
description | string | The description of the device posture rule. (example: The rule for admin serial numbers) |
expiration | string | Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. (example: 1h) |
input | object | The value to be checked against. (title: File Check) |
match | array | The conditions that the client must match to run the rule. |
schedule | string | Polling frequency for the WARP client posture check. Default: 5m (poll every five minutes). Minimum: 1m. (example: 1h) |
type | string | The type of device posture rule. (file, application, tanium, gateway, warp, disk_encryption, serial_number, sentinelone, carbonblack, firewall, os_version, domain_joined, client_certificate, client_certificate_v2, antivirus, unique_client_id, kolide, tanium_s2s, crowdstrike_s2s, intune, workspace_one, sentinelone_s2s, custom_s2s) (example: file) |
List device posture rules response.
| Name | Datatype | Description |
|---|---|---|
id | string | API UUID. (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415) |
name | string | The name of the device posture rule. (example: Admin Serial Numbers) |
description | string | The description of the device posture rule. (example: The rule for admin serial numbers) |
expiration | string | Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. (example: 1h) |
input | object | The value to be checked against. (title: File Check) |
match | array | The conditions that the client must match to run the rule. |
schedule | string | Polling frequency for the WARP client posture check. Default: 5m (poll every five minutes). Minimum: 1m. (example: 1h) |
type | string | The type of device posture rule. (file, application, tanium, gateway, warp, disk_encryption, serial_number, sentinelone, carbonblack, firewall, os_version, domain_joined, client_certificate, client_certificate_v2, antivirus, unique_client_id, kolide, tanium_s2s, crowdstrike_s2s, intune, workspace_one, sentinelone_s2s, custom_s2s) (example: file) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | rule_id, account_id | Fetches a single device posture rule. | |
list | select | account_id | Fetches device posture rules for a Zero Trust account. | |
create | insert | account_id, name, type | Creates a new device posture rule. | |
update | replace | rule_id, account_id, name, type | Updates a device posture rule. | |
delete | delete | rule_id, account_id | Deletes a device posture rule. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
rule_id | string | The rule ID. |
SELECT examples
- get
- list
Fetches a single device posture rule.
SELECT
id,
name,
description,
expiration,
input,
match,
schedule,
type
FROM cloudflare.zero_trust.posture
WHERE rule_id = '{{ rule_id }}' -- required
AND account_id = '{{ account_id }}' -- required
;
Fetches device posture rules for a Zero Trust account.
SELECT
id,
name,
description,
expiration,
input,
match,
schedule,
type
FROM cloudflare.zero_trust.posture
WHERE account_id = '{{ account_id }}' -- required
;
INSERT examples
- create
- Manifest
Creates a new device posture rule.
INSERT INTO cloudflare.zero_trust.posture (
description,
expiration,
input,
match,
name,
schedule,
type,
account_id
)
SELECT
'{{ description }}',
'{{ expiration }}',
'{{ input }}',
'{{ match }}',
'{{ name }}' /* required */,
'{{ schedule }}',
'{{ type }}' /* required */,
'{{ account_id }}'
RETURNING
errors,
messages,
result,
success
;
# Description fields are for documentation purposes
- name: posture
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the posture resource.
- name: description
value: "{{ description }}"
description: |
The description of the device posture rule.
- name: expiration
value: "{{ expiration }}"
description: |
Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client.
- name: input
description: |
The value to be checked against.
value:
exists: {{ exists }}
operating_system: "{{ operating_system }}"
path: "{{ path }}"
sha256: "{{ sha256 }}"
thumbprint: "{{ thumbprint }}"
id: "{{ id }}"
domain: "{{ domain }}"
operator: "{{ operator }}"
os_distro_name: "{{ os_distro_name }}"
os_distro_revision: "{{ os_distro_revision }}"
os_version_extra: "{{ os_version_extra }}"
version: "{{ version }}"
enabled: {{ enabled }}
checkDisks:
- "{{ checkDisks }}"
requireAll: {{ requireAll }}
certificate_id: "{{ certificate_id }}"
cn: "{{ cn }}"
check_private_key: {{ check_private_key }}
extended_key_usage:
- "{{ extended_key_usage }}"
locations:
paths:
- "{{ paths }}"
trust_stores:
- "{{ trust_stores }}"
subject_alternative_names:
- "{{ subject_alternative_names }}"
update_window_days: {{ update_window_days }}
compliance_status: "{{ compliance_status }}"
connection_id: "{{ connection_id }}"
last_seen: "{{ last_seen }}"
os: "{{ os }}"
overall: "{{ overall }}"
sensor_config: "{{ sensor_config }}"
state: "{{ state }}"
versionOperator: "{{ versionOperator }}"
countOperator: "{{ countOperator }}"
issue_count: "{{ issue_count }}"
eid_last_seen: "{{ eid_last_seen }}"
risk_level: "{{ risk_level }}"
scoreOperator: "{{ scoreOperator }}"
total_score: {{ total_score }}
active_threats: {{ active_threats }}
infected: {{ infected }}
is_active: {{ is_active }}
network_status: "{{ network_status }}"
operational_state: "{{ operational_state }}"
score: {{ score }}
- name: match
description: |
The conditions that the client must match to run the rule.
value:
- platform: "{{ platform }}"
- name: name
value: "{{ name }}"
description: |
The name of the device posture rule.
- name: schedule
value: "{{ schedule }}"
description: |
Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`.
- name: type
value: "{{ type }}"
description: |
The type of device posture rule.
valid_values: ['file', 'application', 'tanium', 'gateway', 'warp', 'disk_encryption', 'serial_number', 'sentinelone', 'carbonblack', 'firewall', 'os_version', 'domain_joined', 'client_certificate', 'client_certificate_v2', 'antivirus', 'unique_client_id', 'kolide', 'tanium_s2s', 'crowdstrike_s2s', 'intune', 'workspace_one', 'sentinelone_s2s', 'custom_s2s']
REPLACE examples
- update
Updates a device posture rule.
REPLACE cloudflare.zero_trust.posture
SET
description = '{{ description }}',
expiration = '{{ expiration }}',
input = '{{ input }}',
match = '{{ match }}',
name = '{{ name }}',
schedule = '{{ schedule }}',
type = '{{ type }}'
WHERE
rule_id = '{{ rule_id }}' --required
AND account_id = '{{ account_id }}' --required
AND name = '{{ name }}' --required
AND type = '{{ type }}' --required
RETURNING
errors,
messages,
result,
success;
DELETE examples
- delete
Deletes a device posture rule.
DELETE FROM cloudflare.zero_trust.posture
WHERE rule_id = '{{ rule_id }}' --required
AND account_id = '{{ account_id }}' --required
;