| |
|---|
AbbreviatedRuleDTO |
Click here to expand...
{
id: string
The rule's unique database key
name: string
The rule's display name
activationDate: date-time
When the rule starts to be active
Example: 2017-01-31T13:45:00.000+0000
annotation: string
Notes, comments, description, explanation
applicableSecurityContextTypeId: integer
The types of security contexts this rule applies to
applicableSecurityContextTypeName: string
The meaning of the numeric applicableSecurityContextTypeId
canCopyFlag: boolean
{{Whether or not the user is allowed to copy this rule }}
canDeleteFlag: boolean
{{Whether or not the user is allowed to delete this rule }}
canEditFlag: boolean
{{Whether or not the user is allowed to edit this rule }}
correctableFlag: boolean
Whether or not this rule is correctable
cveIDs: [
Associated security vulnerability CVE ID(s)
string
]
deactivationDate: date-time
When the rule stops being active
Example: 2017-01-31T13:45:00.000+0000
deviceTypeId: ComponentId
Which device type and vendor this rule applies to; null means it applies to all device types
releases: string
The operating system image versions this rule applies to
ruleSetId: ComponentId
Identifies the owning rule set
ruleSetEnabledFlag: boolean
Whether or not the owning rule set is enabled
severityId: integer
The violation severity
severityName: string
The meaning of the numeric severityId
dynamicFields: [
The dynamic fields
DynamicFieldValueDTO
]
} |
AdhocTemplateDTO |
Click here to expand...
{
contents: string *
The text contents
injectionFlag: boolean
Whether or not the contents contain device type interaction XML code
substitutionParameterCheckFlag: boolean
Whether or not the contents should be validated for correct substitution parameter syntax
} |
ComboGroupFilterDTO |
Click here to expand...
{
dynamicFieldFilters: [
Any filters on dynamic fields
DynamicFieldFilterDTO
]
containsUnresolvableDynamicFieldFiltersFlag: boolean
Indicates that one or more of the dynamic fields being filtered on no longer exists and thus re-using this filter may not result in the same outcome (read-only)
nameMatch: string
Search for combo groups whose name matches this wildcard-enabled string
realmName: string
Search for combo groups that belong to this exact realm
} |
ComparisonCriteriaDTO | |
ComponentFilterDTO | |
ComponentId |
Click here to expand...
{
id: string
The database key of the component; an incoming component can be identified either by its database key, or by its unique name, or by its name with qualifiers which are unique when combined; when this database key is present, it takes precedence and componentName and qualifiers(when present) are used to verify the retrieved component
componentName: string
The name of the component; an incoming component can be identified either by its database key, or by its unique name, or by its name with qualifiers which are unique when combined; this name is used to verify any component retrieved by database key, and is used if there is no database key or if the database key fails to resolve; for componentType Configuration and HardwareInventory, componentName is the created timestamp (in milliseconds); for componentType SecurityVulnerability, componentName is the securityVulnerabilityID; for componentType SnmpManagerStation, componentName is the address
componentType: string *
The type of the component, used to verify what is retrieved by key/name; valid values are: Combogroup, Condition, Configuration, Device, DeviceAdapter, DeviceAgent, DeviceSecurityProfile DynamicField, EmailDistributionList, Group, HardwareInventory, JobApprovalType, Keyword, Model, OsImage, PredefinedJob, Realm, RemoteFileServer, Role, Rule, RuleSet, SecurityVulnerability, SnmpManagerStation, Template, and User
qualifiers: {
Any additional single qualifier needed to identify the component uniquely, when the name alone is not sufficient; the map key is the extra attribute name string; the map value string completes the identification of the component; for componentType Configuration and HardwareInventory: key=deviceKey, value=database key of the device the item belongs to, key=deviceName, value=name of the device the item belongs to, key=timestamp, value=creation date/time in server display format; for componentType DeviceAdapter: key=adapterType, value=type of the device adapter, key=parent, value=parent or owner used for organizing certain types of adapters, key=vendorName, value=name of the vendor that owns a device type; for componentType DynamicField: key=type, value=base class name of the component associated with the dynamic field; for componentType Group, ComboGroup: key=realmName, value=name of the realm the group belongs to; for componentType Model: key=vendorGuid, value=the vendor GUID; for componentType OsImage: key=filename, value=name of the file(s) making up the image; for componentType SecurityVulnerability: key=vendorGuid, value=the vendor GUID
}
} |
CorrectiveCustomActionDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$CorrectiveCustomActionDTO" {
commitFlag: boolean
Whether or not to commit changes after running the commands in the custom action
guid: string *
The GUID that identifies the type of action
markAsTrustedFlag: boolean
Whether or not any changed configurations resulting from running this action should be marked as trusted
name: string
The type of action referred to by the GUID (read-only)
rebootFlag: boolean
Whether or not the device should be rebooted after running the commands in the custom action
runtimeProperties: {
Name/value pairs for any runtime parameters, for substitution into device commands; this is a map where the key is the property name string and the value is the property value string
}
runtimePropertiesMasked: {
Name/value pairs for any runtime parameters, with passwords masked for display; this is a map where the key is the property name string and the value is the property value string (masked if it is a password; read-only)
}
} |
CorrectiveDeployOsImageActionDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$CorrectiveDeployOsImageActionDTO" {
activationKey: string
When image source is from remote file server, license key to activate features in the binary image on the device
deleteCurrentImageId: integer *
How to handle the current image file, when the device supports file management of its binary files
files: [
When image source is from remote file server, which file (or files, for devices with multi-file images) are to be deployed
OsFileDTO
]
footprintKbytes: integer
When image source is from remote file server, the memory footprint, in kilobytes, for the remote image, to verify the new image can run in the device (for those devices that support memory size discovery)
imageFromLibraryId: ComponentId
When image source is image from library, identifies the OS image in the library
imageSourceId: integer *
Which OS image is to be deployed; as a rule corrective action, this is limited to an image from the library or an image from a remote file server
markAsTrustedFlag: boolean
Whether or not any changed configurations resulting from running this action should be marked as trusted
parallelExecutionFlag: boolean
When true, runs this action on multiple devices concurrently; when false, runs this action on multiple devices one by one sequentially (to reduce memory overhead due to large or identical images)
rebootTypeId: integer *
Whether or not to reboot after the image is deployed, and how to handle unsaved changes prior to rebooting
restoreAssociatedStartupFlag: boolean
Whether or not to restore the startup configuration active when an image from the library was active, or active at the selected date/time
targetImageFilesystem: string *
Where the binary file is to be placed on the device's file systems
transferModeId: integer
When image source is from remote file server, which file transfer mode is to be used to copy files from the remote server to the device
} |
CorrectiveDeployToActiveActionDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$CorrectiveDeployToActiveActionDTO" {
commitFlag: boolean
Whether or not to commit changes after deploying the script or configuration
forceTunneledTransferFlag: boolean
Whether or not to deploy the script in tunneled mode, overriding the transfer mode set in the device
markAsTrustedFlag: boolean
Whether or not any changed configurations resulting from running this action should be marked as trusted
scriptParams: CorrectiveScriptParamsDTO*
Which script or configuration is to be deployed to the device
smartMergeModeId: integer
Selects to build an incremental merge script or a full merge script
stopOnSyntaxErrorFlag: boolean
When deploying in tunneled mode, whether or not to stop pushing commands from the script once a syntax error is detected
syntaxScanFlag: boolean
Whether or not to validate the command line syntax in the script prior to deploying it
} |
CorrectiveDeployToStoredActionDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$CorrectiveDeployToStoredActionDTO" {
markAsTrustedFlag: boolean
Whether or not any changed configurations resulting from running this action should be marked as trusted
rebootFlag: boolean
Whether or not the device should be rebooted after deploying the script or configuration
scriptParams: CorrectiveScriptParamsDTO*
Which script or configuration is to be deployed to the device
} |
CorrectiveScriptParamsDTO |
Click here to expand...
{
adhocTemplate: AdhocTemplateDTO
When the selected script type is ad-hoc template, this is the template
templateId: ComponentId
When the selected script type is template, this identifies the template
runtimeProperties: {
When the selected script type is template, and the template contains runtime substitution parameters, this contains the name/value pairs for those parameters; this is a map where the key is the property name string and the value is the property value string
}
scriptTypeId: integer *
The selected script or configuration type; for a rule corrective action, this is limited to complying with this rule, template, and ad-hoc template
} |
CorrectiveSpanActionDTO | |
DeviceFilterDTO |
Click here to expand...
{
dynamicFieldFilters: [
Any filters on dynamic fields
DynamicFieldFilterDTO
]
containsUnresolvableDynamicFieldFiltersFlag: boolean
Indicates that one or more of the dynamic fields being filtered on no longer exists and thus re-using this filter may not result in the same outcome (read-only)
accessModeId: integer
Search for devices with this access mode
addressMatch: string
Search for devices matching this wildcard-enabled IP address or host name
autoDspFlag: boolean
Search for devices set for device security profile auto-discovery (true) or set to an explicit profile (false); null means do no auto-discovery mode filtering
categoryId: integer
Search for devices in this category
createdTimePeriod: TimePeriodDTO
Search for devices created within this time period
defaultDeviceAgentNICFlag: boolean
Whether or not to search for devices whose interface is set to use the default NIC of its selected device agent; when true, the deviceAgentNICName field is ignored
deviceAgentName: string
Search for devices whose device agent equals this name
deviceAgentNICName: string
Search for devices whose NIC equals this name, within the device agent specified by the deviceAgentName field; to search for devices using the "(Default)" NIC, use the defaultDeviceAgentNICFlag field instead
deviceSecurityProfileName: string
Search for devices whose device security profile equals this name
deviceTypeId: ComponentId
Search for devices whose device type equals this device type
filterAuxiliaryInterfaceFlag: boolean
Whether or not to examine the auxiliary interface settings when matching on the interface-related fields (access mode, transfer mode, address, NAT address, device agent, NIC, and device security profile)
filterPrimaryInterfaceFlag: boolean
Whether or not to examine the primary interface settings when matching on the interface-related fields (access mode, transfer mode, address, NAT address, device agent, NIC, and device security profile)
groupName: string
Search for devices that belong to this group in the realm specified by realmName
managerDeviceName: string
Search for devices whose manager name equals this name
modelNameMatch: string
Search for devices whose model name matches this wildcard-enabled string
nameMatch: string
Search for devices whose name matches this wildcard-enabled string
natAddressMatch: string
Search for devices whose NAT address or secondary NAT address matches this wildcard-enabled string
onlineFlag: boolean
Search for either online devices (true) or offline devices (false); null means do not filter on the online/offline state
osImageNameMatch: string
Search for devices whose OS image name matches this wildcard-enabled string
realmName: string
Search for devices that belong to this exact realm
securityContextTypeId: integer
Search for devices set to this type of security context
transferModeId: integer
Search for devices with this file transfer mode
vendorId: ComponentId
Search for devices whose device type belongs to this vendor
noDiscrepanciesFlag: boolean
Search for devices that have no discrepancies at all
noDiscrepanciesIncludeFlag: boolean
Whether to include (true) or exclude (false) devices that have no discrepancies
osImageDiscrepancyFlag: boolean
Search for devices that have an OS image discrepancy
osImageDiscrepancyIncludeFlag: boolean
Whether to include (true) or exclude (false) devices that have an OS image discrepancy
runningStartupDiscrepancyFlag: boolean
Search for devices that have a Running vs Startup discrepancy
runningStartupDiscrepancyIncludeFlag: boolean
Whether to include (true) or exclude (false) devices that have a Running vs Startup discrepancy
runningTrustedDiscrepancyFlag: boolean
Search for devices that have a Running vs Trusted Running discrepancy
runningTrustedDiscrepancyIncludeFlag: boolean
Whether to include (true) or exclude (false) devices that have a Running vs trusted Running discrepancy
startupTrustedDiscrepancyFlag: boolean
Search for devices that have a Startup vs Trusted Startup discrepancy
startupTrustedDiscrepancyIncludeFlag: boolean
Whether to include (true) or exclude (false) devices that have a Startup vs trusted Startup discrepancy
noViolationsFlag: boolean
Search for devices that have no compliance violations
noViolationsIncludeFlag: boolean
Whether to include (true) or exclude (false) devices that have no compliance violations
includedViolationTrailIds: [
Include devices in the results that have a compliance violation in one of these trails
ComponentId
]
excludedViolationTrailIds: [
Exclude devices from the results that have a compliance violation in one of these trails
ComponentId
]
lastAttemptedSpanActionFlag: boolean
Search for devices whose last attempted span action matches a particular completion status
lastAttemptedSpanActionGuid: string
When lastAttemptedSpanActionFlag is true, specifies which span action to examine
lastAttemptedSpanActionStatusId: integer
When lastAttemptedSpanActionFlag is true, specifies which completion status to search for
lastAttemptedSpanActionErrorMatch: string
When lastAttemptedSpanActionFlag is true, specifies which completion error message to search for, wildcards allowed
lastSuccessfulSpanActionFlag: boolean
Search for devices whose last successful span action occurred within a selected time period
lastSuccessfulSpanActionGuid: string
When lastSuccessfulSpanActionFlag is true, specifies which span action to examine
lastSuccessfulSpanActionTimePeriod: TimePeriodDTO
When lastSuccessfulSpanActionFlag is true, specifies when the action is to have succeeded
noAttemptedSpanActionFlag: boolean
Searches for devices that have not attempted a span action within a specified number of days
noAttemptedSpanActionGuid: string
When noAttemptedSpanActionFlag is true, specifies which span action to examine
noAttemptedSpanActionDays: integer
When noAttemptedSpanActionFlag is true, specifies when the action is to have been attempted
noSuccessfulSpanActionFlag: boolean
Searches for devices that have not succeeded executing a span action within a specified number of days
noSuccessfulSpanActionGuid: string
When noSuccessfulSpanActionFlag is true, specifies which span action to examine
noSuccessfulSpanActionDays: integer
When noSuccessfulSpanActionFlag is true, specifies when the action is to have succeeded
iosHwFilter: IOSHardwareInventoryFilterDTO
Options for filtering on hardware inventory information obtained from Cisco IOS or IOS-like devices
} |
DomainAnywhereDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$DomainAnywhereDTO" {
excludeTriggerFlag: boolean
Whether or not lines that match the trigger are removed from the lines in the domain
ignoreCommentsFlag: boolean
Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
noOtherLinesContainingPattern: string
Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
DomainBlocksDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$DomainBlocksDTO" {
begin: SearchStringDTO*
The configuration line that starts a block of contiguous lines; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
beginInclusiveFlag: boolean
Whether or not the line that matches the 'begin' value is part of the block and thus included in validation against the subject; note the end line is always excluded from subject matching
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
deleteEmptyBlocksFlag: boolean
When computing the compliant configuration during remediation, if removing lines such that the enclosing block becomes completely empty, this flag determines whether or not the empty enclosing block is also removed
distinctEndLinesFlag: boolean
Whether or not each begin line has a distinct matching end line, such that the removal of an empty block during remediation can safely remove the end line; some configurations use a closing brace or an exit to delimit every block (in which case this flag should be true to prevent stray end lines being left behind); some configurations end a block with the start of a different block (in which case this flag should be false to prevent improper removal of unrelated lines)
end: SearchStringDTO*
The configuration line that ends a block of lines; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
excludeTriggerFlag: boolean
Whether or not lines that match the trigger are removed from the lines in the domain
frequency: string *
How many times the blocks can appear in the configuration: notAtAll: the block should never appear and the rule is violated if it does; atMostOnce: the block should appear zero or one times and the rule is violated if it appears more; exactlyOnce: the block should appear once and the rule is violated if it appears more; atLeastOnce: the block should appear one or more times and the rule is violated if it is missing; anyNumberOfTimes: the block can appear any number of times
ignoreCommentsFlag: boolean
Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
ignoreEOLFlag: boolean
Whether or not line breaks are ignored when matching the subject against the lines in this domain; when true, all eligible lines within the block are concatenated together into a single line before being tested against the subject
ignoreBlocksContainingPattern: string
Regular expression to select blocks to be removed from the domain; when this pattern is matched by at least one line within a block, then that block is ignored; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
includeBlocksContainingPattern: string
Regular expression to select blocks to be included in the domain; when this pattern is matched by at least one line within a block, then that block is included in the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
noOtherLinesContainingPattern: string
Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
DomainDTO | |
DomainImageDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$DomainImageDTO" |
DomainLinesDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$DomainLinesDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
excludePattern: string
Regular expression for lines removed from the lines in the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
excludeTriggerFlag: boolean
Whether or not lines that match the trigger are removed from the lines in the domain
ignoreCommentsFlag: boolean
Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
includePattern: string *
Regular expression for lines included in the domain, selecting the lines that are validated against the subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
noOtherLinesContainingPattern: string
Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
DomainNestedBlocksDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$DomainNestedBlocksDTO" {
blocks: [
The begin and end lines for the nested levels of blocks that enclose the lines of interest; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
NestedBlockDTO
] *
beginRegexFlag: boolean
Whether or not the begin strings represent regex patterns (true) or exact complete lines (false)
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
deleteEmptyBlocksFlag: boolean
When computing the compliant configuration during remediation, if removing lines such that the enclosing block becomes completely empty, this flag determines whether or not the empty enclosing block is also removed
distinctEndLinesFlag: boolean
Whether or not each begin line has a distinct matching end line, such that the removal of an empty block during remediation can safely remove the end line; some configurations use a closing brace or an exit to delimit every block (in which case this flag should be true to prevent stray end lines being left behind); some configurations end a block with the start of a different block (in which case this flag should be false to prevent improper removal of unrelated lines)
endRegexFlag: boolean
Whether or not the end strings represent regex patterns (true) or exact complete lines (false)
excludeTriggerFlag: boolean
Whether or not lines that match the trigger are removed from the lines in the domain
frequency: string *
How many times the innermost blocks can appear in the configuration: notAtAll: the block should never appear and the rule is violated if it does; atMostOnce: the block should appear zero or one times and the rule is violated if it appears more; exactlyOnce: the block should appear once and the rule is violated if it appears more; atLeastOnce: the block should appear one or more times and the rule is violated if it is missing; anyNumberOfTimes: the block can appear any number of times
ignoreCommentsFlag: boolean
Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
ignoreEOLFlag: boolean
Whether or not line breaks are ignored when matching the subject against the lines in this domain; when true, all eligible lines within the innermost block are concatenated together into a single line before being tested against the subject
ignoreBlocksContainingPattern: string
Regular expression to select blocks to be removed from the domain; when this pattern is matched by at least one line within an innermost block, then that block is ignored; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
includeBlocksContainingPattern: string
Regular expression to select blocks to be included in the domain; when this pattern is matched by at least one line within an innermost block, then that block is included in the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
innermostBeginInclusiveFlag: boolean
Whether or not the line that matches the 'begin' value of the innermost block is part of that block and thus included in validation against the subject; note the end line is always excluded from subject matching
noOtherLinesContainingPattern: string
Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
DynamicFieldFilterDTO |
Click here to expand...
{
dynamicField: ComponentId*
The dynamic field whose value is being searched for
value: string *
The filter string (the value to be matched); if this value is null or empty, no filtering is done on the specified dynamic field; menu-type dynamic fields support only exact matching; the filter string must be formatted properly when the dynamic field is a Date or Integer type
} |
DynamicFieldValueDTO |
Click here to expand...
{
id: string
The database key of the dynamic field whose value this is (read-only)
name: string
The name of the dynamic field (read-only)
values: [
The value(s) for the dynamic field; for a single-value field, only the first entry is relevant; read-only for Auto Derived and Configuration Profiled types
string
]
dynamicFieldDetailsLink: string
Link to get more detailed information about the dynamic field (read-only)
} |
GroupFilterDTO |
Click here to expand...
{
dynamicFieldFilters: [
Any filters on dynamic fields
DynamicFieldFilterDTO
]
containsUnresolvableDynamicFieldFiltersFlag: boolean
Indicates that one or more of the dynamic fields being filtered on no longer exists and thus re-using this filter may not result in the same outcome (read-only)
nameMatch: string
Search for groups whose name matches this wildcard-enabled string
realmName: string
Search for groups that belong to this exact realm
showAutoGroupsFlag: boolean
Whether or not to include auto-groups in the results
showSimpleGroupsFlag: boolean
Whether or not to include manually-created groups in the results
showEmptyAutoGroupsFlag: boolean
Whether or not to include empty auto-groups in the results
} |
IOSHardwareInventoryFilterDTO |
Click here to expand...
{
entityNameMatch: string
Search for devices matching this wildcard-enabled hardware entity name
entityDescrMatch: string
Search for devices matching this wildcard-enabled hardware entity descr
entityPidMatch: string
Search for devices matching this wildcard-enabled hardware entity PID
entityVidMatch: string
Search for devices matching this wildcard-enabled hardware entity VID
entitySnMatch: string
Search for devices matching this wildcard-enabled hardware entity SN
fileSystemFreeSizeIntegerRange: string
Search for devices with a file system free size matching this range specification
fileSystemNameMatch: string
Search for devices matching this wildcard-enabled file system name
fileSystemTotalSizeIntegerRange: string
Search for devices with a file system total size matching this range specification
memoryNameMatch: string
Search for devices matching this wildcard-enabled memory name
memorySizeIntegerRange: string
Search for devices with a memory size matching this range specification
} |
JobFilterDTO |
Click here to expand...
{
dynamicFieldFilters: [
Any filters on dynamic fields
DynamicFieldFilterDTO
]
containsUnresolvableDynamicFieldFiltersFlag: boolean
Indicates that one or more of the dynamic fields being filtered on no longer exists and thus re-using this filter may not result in the same outcome (read-only)
actionGuids: [
Search for jobs that include one of these actions
string
]
changeIdMatch: string
Search for jobs whose change ID matches this wildcard-enabled string
creationTime: TimePeriodDTO
Search for jobs whose creation date/time falls within this date/time range
editorNameMatch: string
Search for jobs with a creator or an editor matching this wildcard-enabled string
jobIdMatch: string
Search for jobs whose job ID matches this wildcard-enabled string
jobApprovalModeId: integer
Search for jobs with this job approval mode
jobApprovalTypeName: string
Search for jobs whose job approval type matches this exact name
networkSpanNameMatch: string
Search for jobs that have actions acting on a network span whose name matches this wildcard-enabled string
originatorMatch: string
Search for jobs whose originator matches this wildcard-enabled string
originatorTypeId: integer
Search for jobs with this type of originator
preparedFromPredefinedJobNameMatch: string
Search for jobs which were prepared from a predefined job whose name matches this wildcard-enabled string
reconciliationStatusId: integer
Search for jobs with this reconciliation status
showOnlyJobsICanApproveFlag: boolean
When searching for jobs with status "waiting for approval", whether or not to only include jobs that the user for this session can approve
statusIds: [
Search for jobs whose current status matches one of these statuses
integer
]
taskIdMatch: string
Search for jobs whose task ID matches this wildcard-enabled string
} |
JsonPatch | |
JsonPatch.OneOperation | |
JsonPatch.Pointer |
Click here to expand...
string
Pointer or path to an element or property |
JsonPatch.Add | |
JsonPatch.Remove | |
JsonPatch.Replace | |
JsonPatch.Move | |
JsonPatch.Copy | |
JsonPatch.Test | |
NestedBlockDTO |
Click here to expand...
{
begin: string *
The line that a block begins with
end: string *
The line that a block, beginning with the 'begin' line, ends with
} |
NumericCriteriaDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$NumericCriteriaDTO" {
max: string
Number at the upper bound of valid values; string to allow use of substitution parameters
min: string
Number at the lower bound of valid values; string to allow use of substitution parameters
notFlag: boolean
For the "is" vs "is not" selection; true for "is not"
operatorId: integer *
How numbers are compared; valid values are the integer operators (except not "Not Equal To")
} |
OsFileDTO |
Click here to expand...
{
imageTypeName: string
What type of binary file this is, when a device supports multi-file images; required on update when referring to an existing file within an existing DeployOsImageActionDTO
name: string
The name of the file; required on update when referring to an existing file within an existing DeployOsImageActionDTO
sizeBytes: integer
The size of the file in bytes; required on update when referring to an existing file within an existing DeployOsImageActionDTO
messageDigest: string
The MD5 checksum or digest; required on update when referring to an existing file within an existing DeployOsImageActionDTO
} |
OsImageFilterDTO |
Click here to expand...
{
dynamicFieldFilters: [
Any filters on dynamic fields
DynamicFieldFilterDTO ]
containsUnresolvableDynamicFieldFiltersFlag: boolean
Indicates that one or more of the dynamic fields being filtered on no longer exists and thus re-using this filter may not result in the same outcome (read-only)
deviceTypeId: ComponentId
Search for OS images associated with this device type
fileNameMatch: string
Search for OS images with filenames that match this wildcard-enabled string
modelNameMatch: string
Search for OS images associated with a model whose name matches this wildcard-enabled string
nameMatch: string
Search for OS images whose name matches this wildcard-enabled string
vendorId: ComponentId
Search for OS images whose device type belongs to this vendor
} |
OsImageReleaseDTO |
Click here to expand...
{
major: string *
The first element of a version number; asterisk wildcard is allowed
minor: string *
The second element of a version number; asterisk wildcard is allowed
build: string *
The rest of a version number; asterisk wildcard is allowed
} |
OsVersionRangeDTO |
Click here to expand...
{
displayString: string
Displayable version of this range of versions (read-only)
maxVersion: string
The maximum OS version for this range
maxVersionExclusive: boolean
Whether or not the range is exclusive of the maxVersion; when true the rule is not compatible with the maxVersion
minVersion: string
The minimum OS version for this range
minVersionExclusive: boolean
Whether or not the range is exclusive of the minVersion; when true the rule is not compatible with the minVersion
osImageNamePrefix: string *
Name of the operating system for which this range is applicable
} |
PredefinedJobFilterDTO |
Click here to expand...
{
dynamicFieldFilters: [
Any filters on dynamic fields
DynamicFieldFilterDTO
]
containsUnresolvableDynamicFieldFiltersFlag: boolean
Indicates that one or more of the dynamic fields being filtered on no longer exists and thus re-using this filter may not result in the same outcome (read-only)
actionGuids: [
Search for predefined jobs that include one of these actions
string
]
nameMatch: string
Search for predefined jobs whose name matches this wildcard-enabled string
networkSpanNameMatch: string
Search for predefined jobs that have actions acting on a network span whose name matches this wildcard-enabled string
} |
RuleDTO |
Click here to expand...
{
id: string
The rule's unique database key (read-only)
name: string *
The rule's display name
activationDate: date-time
When the rule starts to be active; when the timestamp is missing the timezone, the server local timezone is assumed
Example: 2017-01-31T13:45:00.000+0000
annotation: string
Notes, comments, description, explanation
applicableModelIds: [
Which models this rule is applied to; when null or empty, the rule applies to all models
ComponentId
]
applicableSecurityContextTypeId: integer
The types of security contexts this rule applies to
applicableTrailIds: [
The configuration trails this rule applies to
ComponentId
] *
canCopyFlag: boolean
Whether or not the user is allowed to copy this rule (read-only)
canDeleteFlag: boolean
Whether or not the user is allowed to delete this rule (read-only)
canEditFlag: boolean
Whether or not the user is allowed to edit this rule (read-only)
correctableFlag: boolean
Whether or not this rule is correctable (read-only)
correctiveActions: {
How a rule violation can be corrected; map key is the configuration trail GUID; map value is a CorrectiveSpanActionDTO that applies a correction to the configuration that is in violation, resulting in the violation being cleared
}
cveIDs: [
Associated security vulnerability CVE ID(s): when the rule is associated with a security vulnerability, this is read-only
string
]
deactivationDate: date-time
When the rule stops being active; when the timestamp is missing the timezone, the server local timezone is assumed
Example: 2017-01-31T13:45:00.000+0000
deviceTypeId: ComponentId
Which device type and vendor this rule applies to; null means it applies to all device types
domain: DomainDTO*
What part of the configuration is to be examined
excludedGroupFilters: {
The names of any groups whose member devices are excluded from being checked against this rule; map key is the name of the group (asterisk wildcards allowed); map value is a list of ComponentId containing the realm(s) that own the groups of interest (where a null value means all realms)
}
excludedSpanIds: [
Any network spans whose member devices are excluded from being checked against this rule
ComponentId
]
excludedSpans: string
String version of the excludedSpanIds and excludedGroupFilters fields, listing the names of the excluded network spans (read-only)
maximumOSVersion: OsImageReleaseDTO
The maximum OS version, for when this rule applies to a min/max range of operating system versions
maximumOSVersionName: string
Displayable version of the maximumOSVersion, in major.minor.build format (read-only)
minimumOSVersion: OsImageReleaseDTO
The minimum OS version, for when this rule applies to a min/max range of operating system versions
minimumOSVersionName: string
Displayable version of the minimumOSVersion, in major.minor.build format (read-only)
osImageNamePatterns: [
The regular expressions for matching on OS version names, when this rule applies to a discrete set of images
string
]
osVersionRanges: [
The OS version ranges, for when this rule applies to a varied range of operating system versions
OsVersionRangeDTO
]
ruleSetId: ComponentId*
Identifies the owning rule set
ruleSetDetailsLink: string
Link to get complete details about the owning rule set (read-only)
ruleSetEnabledFlag: boolean
Whether or not the owning rule set is enabled
securityVulnerabilityId: ComponentId
Identifies any security vulnerability associated with this rule
severityId: integer *
The violation severity
subject: SubjectDTO*
What content is to be verified in the configuration, that determines the presence of a violation
substitutionParameterCheckFlag: boolean
Whether or not the trigger, domain and subject are to be validated for proper substitution parameter syntax
trigger: TriggerDTO
Content that must appear in the configuration in order for this rule to be applied
dynamicFields: [
The dynamic fields
DynamicFieldValueDTO
]
} |
RuleFilterDTO |
Click here to expand...
{
dynamicFieldFilters: [
Any filters on dynamic fields
DynamicFieldFilterDTO
]
containsUnresolvableDynamicFieldFiltersFlag: boolean
Indicates that one or more of the dynamic fields being filtered on no longer exists and thus re-using this filter may not result in the same outcome (read-only)
activationTimePeriod: TimePeriodDTO
Search for rules whose activation date/time falls within this date/time range
contentsMatch: string
Search for rules whose trigger, subject, or domain contains text that matches this wildcard-enabled string
cveIDs: [
Search for rules whose associated CVE IDs include one of these CVE IDs
string
]
deactivationTimePeriod: TimePeriodDTO
Search for rules whose deactivation date/time falls within this date/time range
deviceTypeId: ComponentId
Search for rules associated with this device type
excludeRulesWithAllDeviceTypesFlag: boolean
When searching for rules of a particular device type, whether or not rules associated with all device types are included in what matches or are excluded
includeNonCorrectableRulesFlag: boolean
Search for rules that cannot be corrected (that is, a rule that has no corrective actions, is in a disabled rule set, is not currently activated, or has a grammar whose violation cannot be automatically corrected); when all include*Flag values are false, then filtering based on correctability is skipped; note using the include*Flags is not allowed in jobs or predefined jobs
includeRulesCorrectableViaDeployToActiveFlag: boolean
Search for rules that can be corrected by running a Deploy to Active action; when all include*Flag values are false, then filtering based on correctability is skipped; note using the include*Flags is not allowed in jobs or predefined jobs
includeRulesCorrectableViaDeployToStoredFlag: boolean
Search for rules that can be corrected by running a Deploy to Stored action; when all include*Flag values are false, then filtering based on correctability is skipped; note using the include*Flags is not allowed in jobs or predefined jobs
includeRulesCorrectableViaRemediateFlag: boolean
Search for rules that can be corrected by running a Remediate action; when all include*Flag values are false, then filtering based on correctability is skipped; note using the include*Flags is not allowed in jobs or predefined jobs
isNullSecurityVulnerabilityFlag: boolean
Whether or not to search for rules that have no associated security vulnerability; when true, search only for such rules; when false or null, do not filter on associated security vulnerability; this flag cannot be used and must be null when this filter is used in a job, predefined job, policy, or view
ruleNameMatch: string
Search for rules whose name matches this wildcard-enabled string
ruleSetNameMatch: string
Search for rules whose parent rule set name matches this wildcard-enabled string
severityIds: [
Search for rules whose severity matches one of these severities
integer
]
vendorId: ComponentId
Search for rules whose device type belongs to this vendor
} |
RuleSetFilterDTO |
Click here to expand...
{
dynamicFieldFilters: [
Any filters on dynamic fields
DynamicFieldFilterDTO
]
containsUnresolvableDynamicFieldFiltersFlag: boolean
Indicates that one or more of the dynamic fields being filtered on no longer exists and thus re-using this filter may not result in the same outcome (read-only)
nameMatch: string
Search for rule sets whose name matches this wildcard-enabled string
enabledFlag: boolean
Search for rule sets that are enabled (true) or disabled (false); null means do not filter on the enabled/disabled state
} |
SearchStringDTO |
Click here to expand...
{
regexFlag: boolean
Whether or not the 'string' represents a regex pattern (true) or an exact complete line (false)
string: string *
Text for matching against a configuration line
} |
SubjectDTO |
Click here to expand...
Subclasses:
SubjectPatternsDTO
SubjectPatternDTO
SubjectLinesDTO
SubjectLineDTO {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
} |
SubjectLineDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$SubjectLineDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
line: string *
Literal line to look for within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
SubjectLinesDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$SubjectLinesDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
combinedWithAndFlag: boolean
Whether or not the lines are combined with the AND operation (true; line one AND line two AND line three, and so on) or with the OR operation (false; line one OR line two OR line three, and so on)
contiguousFlag: boolean
Whether or not any other non-matching lines from the configuration are allowed to appear interspersed within the matched subject lines
lines: [
The literal lines to look for within the configuration (in the order the lines are to appear, when the orderedFlag is set); any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
string
] *
orderedFlag: boolean
Whether or not the lines are matched in order
} |
SubjectOrderedVersionDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$SubjectOrderedVersionDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
correction: string
A literal line to apply as a correction when the subject pattern is not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
pattern: string *
The regular expression for matching a line within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
max: string
Version at the upper bound of valid values
min: string
Version at the lower bound of valid values
operatorId: integer *
How versions are to be compared; valid values are the integer operators (except not "Equal To" and "Not Equal To")
} |
SubjectParsedLineDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$SubjectParsedLineDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
correction: string
A literal line to apply as a correction when the subject pattern is not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
pattern: string *
The regular expression for matching a line within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
comparisonCriteria: [
How the values within a line are compared
ComparisonCriteriaDTO
] *
} |
SubjectPatternDTO |
Click here to expand...
Subclasses:
SubjectParsedLineDTO
SubjectOrderedVersionDTO {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
correction: string
A literal line to apply as a correction when the subject pattern is not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
pattern: string *
The regular expression for matching a line within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
SubjectPatternsDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$SubjectPatternsDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
combinedWithAndFlag: boolean
Whether or not the patterns are combined with the AND operation (true; pattern one AND pattern two AND pattern three, and so on) or with the OR operation (false; pattern one OR pattern two OR pattern three, and so on)
contiguousFlag: boolean
Whether or not any other non-matching lines from the configuration are allowed to appear interspersed within the matched subject lines
corrections: [
The literal lines to apply as corrections when the subject patterns are not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
string
]
forceAllCorrectionsFlag: boolean
When true, every correction line is applied if any of the patterns is violated; when false, only the correction line that corresponds positionally to the failed pattern is applied
orderedFlag: boolean
Whether or not the patterns are matched in order
patterns: [
The regular expressions to match within the configuration; (in the order the lines are to appear, when the orderedFlag is set); any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
string
] *
} |
TemplateFilterDTO |
Click here to expand...
{
dynamicFieldFilters: [
Any filters on dynamic fields
DynamicFieldFilterDTO
]
containsUnresolvableDynamicFieldFiltersFlag: boolean
Indicates that one or more of the dynamic fields being filtered on no longer exists and thus re-using this filter may not result in the same outcome (read-only)
containerBlueprintName: string
Search for templates referenced by this exact container blueprint
contentsMatch: string
Search for templates whose content matches this wildcard-enabled string
deviceTypeId: ComponentId
Search for templates associated with this device type
nameMatch: string
Search for templates whose name matches this wildcard-enabled string
vendorId: ComponentId
Search for templates whose device type belongs to this vendor
} |
TextCriteriaDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$TextCriteriaDTO" {
caseSensitiveFlag: boolean
Whether or not string comparisons are case sensitive
compareTo: [
One or more values that the parsed value will be compared against; the strings are treated as literal text or as regular expressions, depending on the operator
string
] *
operatorId: integer *
How text values are compared; a positive value matches literal text strings; a negative value matches using regular expressions; 4 = Equals; 5 = Does Not Equal; -4 = Matches; -5 = Does Not Match
} |
TimePeriodDTO |
Click here to expand...
{
timePeriodTypeId: integer *
What sort of time period this is
timePeriodTypeName: string
The meaning of the numeric timePeriodTypeId (read-only)
startTimestamp: date-time
The start date/time. Required only for certain user-defined time period types of After and Range; when the timestamp is missing the timezone, the server local timezone is assumed
Example: 2017-01-31T13:45:00.000+0000
endTimestamp: date-time
The end date/time. Required only for certain user-defined time period types of Before and Range; when the timestamp is missing the timezone, the server local timezone is assumed
Example: 2017-01-31T13:45:00.000+0000
} |
TriggerDTO |
Click here to expand...
{
caseSensitiveFlag: boolean
Whether or not pattern matching is case sensitive
pattern: string *
Regular expression for matching lines in the configuration, to trigger application of this rule; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
scope: integer
Specifies where to search for the triggering data in the configuration; values are: 0 for within the entire configuration, or 1 for within the domain(s)
} |
