From 033931f79373ecfe82bfa1121d9b5b09859557f0 Mon Sep 17 00:00:00 2001 From: sra Date: Mon, 17 Nov 2025 16:07:32 +0530 Subject: [PATCH] Added device groups endpoints --- .../PrismaAccess-Browser-Management.yaml | 1839 ++++++++++++++++- 1 file changed, 1731 insertions(+), 108 deletions(-) diff --git a/openapi-specs/access/browser-mgmt/PrismaAccess-Browser-Management.yaml b/openapi-specs/access/browser-mgmt/PrismaAccess-Browser-Management.yaml index 8aec3437c..a94f1d4e3 100644 --- a/openapi-specs/access/browser-mgmt/PrismaAccess-Browser-Management.yaml +++ b/openapi-specs/access/browser-mgmt/PrismaAccess-Browser-Management.yaml @@ -9,7 +9,7 @@ info: \ the [Prisma Access Browser User Interface](https://docs.paloaltonetworks.com/prisma-access-browser).\n\ These APIs use the common SASE authentication mechanism and base URL. See the\ \ [Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted/) guide for\ - \ more information. This Open API spec file was created on November 06, 2025.\ + \ more information. This Open API spec file was created on November 17, 2025.\ \ \xA9 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ \ of Palo Alto Networks. A list of our trademarks can be found at [https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html).\ \ All other marks mentioned herein may be trademarks of their respective companies." @@ -413,6 +413,277 @@ components: - Norman AS - PC Tools Software - Apple Inc. + EppVendorName: + type: string + description: EPP vendor name + enum: + - 360.CN + - 3R COMPANY + - Acronis + - adaware + - Agnitum Ltd. + - AhnLab, Inc. + - ALLIT Service, LLC. + - Amelia Dybala + - Amzkomp + - Antiy Labs + - Anvisoft Inc. + - Apple Inc. + - Arcabit + - Arovax Software + - Ashampoo GmbH & Co. KG + - AsiaInfo, Inc. + - Atanium Software. + - Auslogics + - Avanquest Software + - AVANSI Soft. + - AVAST Software a.s. + - Avetix S.r.l + - AVG Technologies CZ, s.r.o. + - Avira GmbH + - AxBx + - Baidu Inc. + - Beijing Huorong Network Technology Co., Ltd. + - Beijing Jiangmin New Sci. & Tech. Co., Ltd + - Beijing Rising Information Technology Co., Ltd. + - BeyondTrust, Inc. + - Bit9, Inc. + - Bitdefender + - BitSecure Labs + - Biz Secure Labs, Pvt. Ltd. + - Bkav Corporation + - BlazingTools Software + - BrightFort LLC + - Broadcom + - BullGuard Ltd. + - BUSY BEE COMPANY LIMITED + - Byte Technologies LLC + - CA, Inc. + - Carbon Black, Inc. + - Check Point Software Technologies + - Chili Security + - CHOMAR + - Cisco Systems, Inc. + - CJSC Returnil Software + - CK Technologies Ltd + - ClamWin Pty Ltd + - Clearsight Technologies Ltd. + - CMC InfoSec + - Comodo Group + - COMODO Security Solutions + - Coranti, Inc. + - Coro Cybersecurity + - Crawler Group + - CreaSoftware + - CrowdStrike, Inc. + - CurioLab S.M.B.A. + - Cyber Intelligence Solution, LLC + - CyberByte SRL + - Cybereason + - Cylance Inc. + - Cynet Security LTD + - CYSEC + - Datalink Industrial Corporation + - Deep Instinct Ltd + - Defender Pro + - Digital Guardian + - digital-defender + - DIY Software Inc + - Doctor Web, Ltd. + - DWS Technology + - Dynamikode Software Ltd. + - EarthLink, Inc. + - EAV Software + - EDELWEISS SRL + - eEye Digital Security + - EgoSecure + - EGSoftWeb + - Elasticsearch B.V. + - "Elex do Brasil Participa\xC3\xA7\xC3\xB5es Ltda" + - EMCO Software + - Emsisoft Ltd + - Endgame, Inc. + - Enigma Software Group USA, LLC. + - enSilo + - ePCheal Antivirus + - ESET + - eShieldAV LLC + - Essentware S.A. + - ESTsoft Corp. + - Evonsoft + - F-Secure Corporation + - Faronics Corporation + - Filseclab Corporation + - FireEye, Inc. + - Fortinet Inc. + - Francesco Bucci + - FRISK Software International + - Fujitsu Services Ltd. + - G Data Software AG + - GEN-X Technologies + - GFI Software Ltd. + - Glarysoft Ltd + - GoTo, Inc. + - Greatis Software, LLC. + - GridinSoft LLC. + - Hauri, Inc. + - HDD Labs. Inc + - Heimdal Security + - HP Development Company, L.P. + - iBoostUp Pty Ltd + - idoosoft + - IKARUS Security Software GmbH + - INCA Internet Co., Ltd. + - INCA Internet Co.,Ltd. + - InCode Solutions + - Intego + - IObit + - iolo technologies, LLC + - iS3, Inc. + - iSheriff + - Ivanti, Inc. + - J2 Global, Inc + - JAMF Software + - K7 Computing Pvt Ltd + - Kapha Anti-Malware, Inc. + - Kardo Kristal + - Kaspersky Lab + - Kenoxis + - Kephyr + - Kingsoft Corporation + - Komal Technologies. + - Kromtech + - LANDESK Software, Inc. + - Lavasoft + - Le Minh Thanh + - LMT Technology Solutions + - Loaris, Inc. + - LogicNow, Inc + - LogMeIn, Inc. + - Lumension Security, Inc. + - MacPaw Inc. + - Malwarebytes Corporation + - Max Secure Software + - Maya Software Technologies + - McAfee, Inc. + - Mega HighTech S.L. + - Microminder + - Microsoft Corporation + - MicroWorld Technologies Inc. + - MINUSOFT INDIA PRIVATE LIMITED + - Morphisec Ltd. + - MSecure Data Labs + - Musarubra US LLC. + - Mysecuritywin + - N-able Technologies Inc + - NANO Security + - Nerdy Nynjas + - NETGATE Technologies s.r.o. + - Netpia.com, Inc. + - New Technology Wave Inc. + - NictaTech Software + - NIFTY Corporation + - NinjaRMM LLC + - Noralabs + - Norman AS + - Symantec Corporation + - nProtect, Inc. + - Old McDonald's Farm + - OPSWAT, Inc. + - Orbasoft ApS. + - OSHI LIMITED + - Palo Alto Networks, Inc. + - Panda Security, S.L. + - ParetoLogic, Inc. + - PC Cleaners Inc. + - PC Matic, Inc. + - PC Security Shield + - PC Tools Software + - Pika Software (Pty) Ltd. + - Pitiko + - Pocket Bits LLC + - Proland Software + - ProtectWorks Limited + - Qi An Xin Group + - Qihu 360 Software Co., Ltd. + - Qualys, Inc. + - Quick Guard Technologies + - Quick Heal Technologies (P) Ltd. + - Radialpoint Inc. + - ReaQta BV + - Reason Labs Ltd. + - Reason Software Company Inc. + - REVE Systems + - Reza Restu , Inc + - Roboscan Inc + - Rogers + - Safer-Networking Ltd. + - Sangfor Technologies Inc. + - Scandium Security Inc. + - SecuraShield India Pvt. Ltd. + - SecureAge Technology + - SecureHunter, LLC. + - SecureMac.com, Inc. + - Security Software Limited + - Security Stronghold + - SentinelOne + - SGA SOLUTIONS + - SHADOWDEFENDER.COM + - ShieldApps + - Smadsoft + - Smart Heal + - Sniper Corporation + - Sniper Guard LTD + - SolarWinds Worldwide, LLC. + - SonicWALL L.L.C. + - Sophos Limited + - Sourcefire, Inc + - SOURCENEXT CORPORATION + - SPAMfighter ApS + - SparkTrust + - Stormshield + - Sunrise Antivirus + - SUPERAntiSpyware + - SurfRight B.V. + - Swiss security laboratory. + - Systweak Inc. + - Team Cymru, Inc. + - TeamViewer GmbH + - Tech Guard Technologies + - TEHTRI-Security + - TEHTRIS + - "Telef\xC3\xB3nica S.A." + - TELUS + - Tencent + - TG Soft S.a.s. + - Thirtyseven4 + - ThreatTrack Security, Inc. + - Total Defense, Inc. + - TotalAV + - Trend Micro, Inc. + - Trusteer Ltd. + - TrustPort, a.s. + - UAB RCS LT + - Unistal Systems Pvt. Ltd. + - Virus Chaser Information Technology co., LTD + - VirusBlokAda Ltd. + - VMware, Inc. + - VoodooSoft LLC + - Voros Innovation + - VXPRO INC + - WARDWIZ + - WatchGuard Technologies Inc + - Webroot Software, Inc. + - WinMend + - WinZip Computing, S.L. + - WithSecure Corporation + - XANALab + - Xvirus + - Xyvos Technologies + - Zbshareware Lab + - Zemana Ltd. + - ZookaWare + - Zugara Media FirewallProduct: type: object description: Firewall product information @@ -903,99 +1174,1005 @@ components: required: - elementType - selectors - UserRequest: + DeviceGroupPlatform: + type: string + description: Device group platform + enum: + - Desktop Browser + - Mobile Browser + - Browser Extension + - Chromebook + DeviceType: + type: string + description: Device type + enum: + - chromebook + - desktop + - laptop + - smartphone + - tablet + - unknown + - vm + DeviceManufacturer: + type: string + description: Device manufacturer + enum: + - Acer + - Apple + - Asus + - Dell + - HP + - Lenovo + - Microsoft + - Toshiba + SelectedDeviceVendor: type: object + description: Device manufacturer with optional specific models properties: - id: - type: string - format: string - description: Unique identifier - userId: - type: string - format: string - description: Request unique identifier - type: - type: string - format: string - description: Request type - status: - type: string - format: string - description: Request status - url: - type: string - format: string - description: bypassing url - reason: + manufacturer: + $ref: '#/components/schemas/DeviceManufacturer' + models: + type: array + items: + type: string + description: Optional list of specific device models from this manufacturer + required: + - manufacturer + MobileManufacturer: + type: string + description: Mobile device manufacturer + enum: + - Asus + - Coolpad + - Google + - HTC + - Huawei + - Infinix + - Lenovo + - LG + - Meizu + - Motorola + - Nokia + - OnePlus + - Oppo + - Realme + - Samsung + - Sony + - TCL + - Vivo + - Xiaomi + - ZTE + MobileDeviceType: + type: string + description: Mobile device type + enum: + - smartphone + - tablet + WindowsEdition: + type: string + description: Windows edition + enum: + - Pro + - Enterprise + - Home + - Server + - Education + ManagementSystemType: + type: string + description: Device management system type + enum: + - Microsoft Intune + - Jamf + - Active Directory + - Azure AD + DefinitionUpdateTimeframe: + type: string + description: Definition update timeframe + enum: + - 1 week + - 2 weeks + - 3 weeks + - 1 month + RegistryValueType: + type: string + description: Registry value type + enum: + - String + - Binary + - DWORD + - QWORD + - MultiString + - ExpandableString + BrowserBrand: + type: string + description: Browser brand + enum: + - Arc + - Brave + - Chrome + - Edge + - Opera + - Dia + - Comet + - Unknown + LinuxDistro: + type: string + description: Linux distribution + enum: + - Ubuntu + - Fedora + - Igel + LinuxVersion: + type: object + properties: + enabled: + type: boolean + distro: + $ref: '#/components/schemas/LinuxDistro' + minVersion: type: string - format: string - description: reason for request - deviceId: + description: Minimum Linux version (e.g., "20.04" for Ubuntu, "33" for Fedora) + required: + - enabled + LinuxVersionAttribute: + type: object + properties: + any: + type: boolean + description: Accept any Linux version + default: false + versions: + type: array + items: + $ref: '#/components/schemas/LinuxVersion' + description: List of specific Linux distributions and versions to check + for + IssuerCertificate: + type: object + properties: + DN: + $ref: '#/components/schemas/CertificateDN' + serialNumber: type: string - format: string - description: Device unique identifier - ruleId: + raw: type: string - format: string - description: Blocking rule unique identifier - adminComment: + required: + - DN + - serialNumber + - raw + CertificateDN: + type: object + properties: + CN: type: string - format: string - description: Admin comment - createdAt: + O: type: string - format: date-time - description: Request created at - userAcceptedAt: + OU: type: string - format: date-time - description: User accepted response at - responseTime: + L: type: string - format: date-time - description: Admin response time - adminBypassTimeframe: + CsZtaScore: + type: object + properties: + min: + type: integer + max: type: integer - format: string - description: The timeframe for which the approval is valid - respondedBy: - type: string - format: string - description: Response by - revokedBy: - type: string - format: string - description: Revoked by - revokedAt: - type: string - format: date-time - description: Admin revoke time - revokerComment: - type: string - format: string - description: Revoke comment required: - - id - - userId - - status - - type - - url - - reason - - ruleId - - createdAt - - deviceId - RequestError: + - min + - max + CsZtaBasicScoreLevel: + type: string + enum: + - Any + - Low + - Medium + - Strict + - VeryStrict + description: Predefined basic ZTA score levels + MobileOsVersion: type: object properties: - error_message: + any: + type: boolean + os: + type: array + items: + $ref: '#/components/schemas/MobileOs' + required: + - any + - os + MobileOs: + type: object + properties: + enabled: + type: boolean + version: type: string - RequestAction: + minSecurityPatch: + type: string + latest: + type: boolean + required: + - enabled + - version + MobileDeviceManagementSystem: type: object properties: - action: + name: type: string enum: - - approve + - Jamf + - Microsoft Intune + - Other + configurationValue: + type: string + required: + - name + OsPasswordComplexity: + type: object + properties: + enabled: + type: boolean + required: + - enabled + DeviceManagementSystemInput: + type: object + properties: + name: + $ref: '#/components/schemas/ManagementSystemType' + domains: + type: array + items: + type: string + required: + - name + BrowserBrandDetails: + type: object + properties: + brand: + $ref: '#/components/schemas/BrowserBrand' + minVersion: + type: string + required: + - brand + RegKey: + type: object + properties: + path: + type: string + values: + type: array + items: + $ref: '#/components/schemas/RegValue' + required: + - path + RegValue: + type: object + properties: + name: + type: string + data: + type: string + type: + $ref: '#/components/schemas/RegistryValueType' + required: + - name + WinRunningProcessMetadata: + type: object + properties: + name: + type: string + description: Process name or path on Windows + certificateThumbprint: + type: string + description: Certificate thumbprint to validate the process signature + required: + - name + MacOSRunningProcessMetadata: + type: object + properties: + name: + type: string + description: Process name or path on macOS + teamIdentifier: + type: string + description: Apple Team Identifier to validate the process signature + required: + - name + WinFileExistenceMetadata: + type: object + properties: + path: + type: string + description: Full path to the file on Windows + certificateThumbprint: + type: string + description: Certificate thumbprint to validate the file signature + required: + - path + MacOSFileExistenceMetadata: + type: object + properties: + path: + type: string + description: Full path to the file on macOS + teamIdentifier: + type: string + description: Apple Team Identifier to validate the file signature + required: + - path + DeviceGroup: + type: object + properties: + id: + type: string + format: string + description: Unique identifier + name: + type: string + description: Device group name + platform: + $ref: '#/components/schemas/DeviceGroupPlatform' + createdBy: + type: string + description: Created by user + updatedBy: + type: string + description: Updated by user + createdAt: + type: string + format: date-time + description: Created at timestamp + updatedAt: + type: string + format: date-time + description: Updated at timestamp + attributes: + $ref: '#/components/schemas/AttributeObject' + devices: + type: array + description: Device IDs in this group + items: + type: string + required: + - id + - name + - platform + - createdAt + - updatedAt + DeviceGroupRequest: + type: object + properties: + name: + type: string + description: Device group name + minLength: 1 + maxLength: 255 + platform: + $ref: '#/components/schemas/DeviceGroupPlatform' + attributes: + $ref: '#/components/schemas/AttributeObject' + required: + - name + - platform + DeviceGroupPatchRequest: + type: object + properties: + name: + type: string + description: Device group name + minLength: 1 + maxLength: 255 + attributes: + $ref: '#/components/schemas/AttributeObject' + AttributeObject: + type: object + properties: + screenLock: + type: object + description: Check if the device has automatic screen lock enabled + properties: + negate: + type: boolean + default: false + description: Whether to negate this attribute + enabled: + type: boolean + description: Whether this attribute is enabled + required: + - enabled + endpointProtection: + type: object + description: Check if the device has endpoint protection software installed + and running + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + selectedVendors: + type: array + items: + $ref: '#/components/schemas/EppVendorName' + description: Selected endpoint protection vendors to check for + lastDefinitionUpdate: + $ref: '#/components/schemas/LastDefinitionUpdateAttribute' + required: + - enabled + firewall: + type: object + description: Check if the device has firewall protection installed and running + properties: + negate: + type: boolean + default: false + description: Whether to negate this attribute + enabled: + type: boolean + description: Whether this attribute is enabled + anyVendor: + type: boolean + description: Whether to accept any firewall vendor + specificVendors: + type: array + items: + $ref: '#/components/schemas/FirewallVendorName' + description: Selected firewall vendors to check for + required: + - enabled + diskEncryption: + type: object + description: Check if the device has disk encryption software installed + and running + properties: + negate: + type: boolean + default: false + description: Whether to negate this attribute + enabled: + type: boolean + description: Whether this attribute is enabled + anyVendor: + type: boolean + description: Whether to accept any disk encryption vendor + specificVendors: + type: array + items: + $ref: '#/components/schemas/DiskEncryptionVendorName' + description: Selected disk encryption vendors to check for + required: + - enabled + osVersion: + type: object + description: Check if the device is running a specific operating system + version + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + windows: + $ref: '#/components/schemas/WindowsVersionAttribute' + macOS: + $ref: '#/components/schemas/MacOSVersionAttribute' + linux: + $ref: '#/components/schemas/LinuxVersionAttribute' + required: + - enabled + serialNumber: + type: object + description: Check if the device's serial number is included in the provided + list + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + serials: + type: array + items: + type: string + description: List of device serial numbers to check for + required: + - enabled + clientCertificate: + type: object + description: Check if the device's client certificate is signed by the provided + issuer certificate + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + issuerCertificates: + type: array + items: + $ref: '#/components/schemas/IssuerCertificate' + description: List of trusted issuer certificates to validate against + required: + - enabled + deviceType: + type: object + description: Check if the device matches specific device types (e.g., desktop, + laptop, virtual machine) + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + types: + type: array + items: + $ref: '#/components/schemas/DeviceType' + description: List of device types to check for + required: + - enabled + csZtaScore: + type: object + description: "Check if the device meets minimum CrowdStrike Zero Trust Assessment\ + \ score requirements. \nIf multiple score types are provided (basicScore,\ + \ overallScore, breakdownScores), the latest one will be used.\n" + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + basicScore: + $ref: '#/components/schemas/CsZtaBasicScoreLevel' + overallScore: + $ref: '#/components/schemas/CsZtaScore' + breakdownScores: + type: object + description: Breakdown scores with separate OS and sensor score ranges + for granular validation. + properties: + osScore: + $ref: '#/components/schemas/CsZtaScore' + sensorScore: + $ref: '#/components/schemas/CsZtaScore' + required: + - osScore + - sensorScore + customerIds: + type: array + items: + type: string + description: CrowdStrike customer IDs to validate + required: + - enabled + mobileRootJailBreakStatus: + type: object + description: Check if the mobile device has been rooted (Android) or jailbroken + (iOS) + properties: + enabled: + type: boolean + required: + - enabled + mobileScreenLock: + type: object + description: Check if the mobile device has screen lock protection enabled + properties: + enabled: + type: boolean + required: + - enabled + mobileDeviceManufacturers: + type: object + description: Check if the mobile device is from specific manufacturers (e.g., + Apple, Samsung) + properties: + enabled: + type: boolean + vendors: + type: array + items: + $ref: '#/components/schemas/MobileManufacturer' + description: List of mobile device manufacturers to check for + required: + - enabled + mobileOsVersion: + type: object + description: Check if the mobile device is running a specific iOS or Android + version + properties: + enabled: + type: boolean + ios: + $ref: '#/components/schemas/MobileOsVersion' + android: + $ref: '#/components/schemas/MobileOsVersion' + required: + - enabled + mobileDeviceType: + type: object + description: Check if the mobile device matches specific types (e.g., phone, + tablet) + properties: + enabled: + type: boolean + types: + type: array + items: + $ref: '#/components/schemas/MobileDeviceType' + description: List of mobile device types to check for + required: + - enabled + mobileDeviceManagement: + type: object + description: Check if the mobile device is managed by specific mobile device + management systems + properties: + enabled: + type: boolean + systems: + type: array + items: + $ref: '#/components/schemas/MobileDeviceManagementSystem' + description: Mobile device management system configurations + required: + - enabled + osPassword: + type: object + description: Check if the device has an OS authentication password configured + with specific requirements + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + complexity: + $ref: '#/components/schemas/OsPasswordComplexity' + maxAge: + type: integer + description: Maximum password age in days + minLength: + type: integer + description: Minimum password length in characters + required: + - enabled + normalOSBootMode: + type: object + description: Check if a device is running in OS normal boot mode (not safe + mode, recovery mode or a pre-installation environment) + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + required: + - enabled + privilegedProcess: + type: object + description: Include only devices on which Prisma Access Browser is running + with elevated/root permissions + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + required: + - enabled + deviceManufacturer: + type: object + description: Check if the device is from specific manufacturers (e.g., Dell, + HP, Lenovo) + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + selectedVendors: + type: array + items: + $ref: '#/components/schemas/SelectedDeviceVendor' + description: List of device manufacturers with optional specific models + to check for + required: + - enabled + deviceManagement: + type: object + description: Check if the device is managed by specific device management + systems (e.g., Microsoft Intune, Jamf, Active Directory) + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + systems: + type: array + items: + $ref: '#/components/schemas/DeviceManagementSystemInput' + description: Device management system configurations + required: + - enabled + systemIntegrity: + type: object + description: Check if the device has advanced system integrity protection + enabled + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + required: + - enabled + browserBrand: + type: object + description: Check if the device has specific browser brands and versions + installed + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + brands: + type: array + items: + $ref: '#/components/schemas/BrowserBrandDetails' + description: Browser brand and version requirements + required: + - enabled + remoteConnection: + type: object + description: Check if the device has an active remote connection (RDP, Citrix + ICA, etc.) + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + required: + - enabled + registry: + type: object + description: Check if the device has all of the specified registry key configurations + (Windows only) + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + regKeys: + type: array + items: + $ref: '#/components/schemas/RegKey' + description: Registry key configurations to validate + required: + - enabled + locationServices: + type: object + description: Check if the device's location services can be accessed by + Prisma Access Browser + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + required: + - enabled + runningProcesses: + type: object + description: Check if the device has all of the specified processes running + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + win: + type: array + items: + $ref: '#/components/schemas/WinRunningProcessMetadata' + description: Windows process requirements to check for + macOS: + type: array + items: + $ref: '#/components/schemas/MacOSRunningProcessMetadata' + description: macOS process requirements to check for + required: + - enabled + fileExistence: + type: object + description: Check if the device has all of the specified files present + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + win: + type: array + items: + $ref: '#/components/schemas/WinFileExistenceMetadata' + description: Windows file paths to check for existence + macOS: + type: array + items: + $ref: '#/components/schemas/MacOSFileExistenceMetadata' + description: macOS file paths to check for existence + required: + - enabled + browserEol: + type: object + description: Check if the device has browser versions that are end-of-life + properties: + negate: + type: boolean + default: false + enabled: + type: boolean + required: + - enabled + additionalProperties: false + LastDefinitionUpdateAttribute: + type: object + properties: + enabled: + type: boolean + timeframe: + $ref: '#/components/schemas/DefinitionUpdateTimeframe' + required: + - enabled + - timeframe + WindowsVersionAttribute: + type: object + properties: + any: + type: boolean + default: false + versions: + type: array + items: + $ref: '#/components/schemas/WindowsVersion' + MacOSVersionAttribute: + type: object + properties: + any: + type: boolean + default: false + versions: + type: array + items: + $ref: '#/components/schemas/MacOSVersion' + WindowsVersion: + type: object + properties: + enabled: + type: boolean + major: + type: string + minBuildNumber: + type: string + editions: + type: array + items: + $ref: '#/components/schemas/WindowsEdition' + required: + - enabled + - major + MacOSVersion: + type: object + properties: + enabled: + type: boolean + major: + type: string + minMinorVersion: + type: string + required: + - enabled + - major + UserRequest: + type: object + properties: + id: + type: string + format: string + description: Unique identifier + userId: + type: string + format: string + description: Request unique identifier + type: + type: string + format: string + description: Request type + status: + type: string + format: string + description: Request status + url: + type: string + format: string + description: bypassing url + reason: + type: string + format: string + description: reason for request + deviceId: + type: string + format: string + description: Device unique identifier + ruleId: + type: string + format: string + description: Blocking rule unique identifier + adminComment: + type: string + format: string + description: Admin comment + createdAt: + type: string + format: date-time + description: Request created at + userAcceptedAt: + type: string + format: date-time + description: User accepted response at + responseTime: + type: string + format: date-time + description: Admin response time + adminBypassTimeframe: + type: integer + format: string + description: The timeframe for which the approval is valid + respondedBy: + type: string + format: string + description: Response by + revokedBy: + type: string + format: string + description: Revoked by + revokedAt: + type: string + format: date-time + description: Admin revoke time + revokerComment: + type: string + format: string + description: Revoke comment + required: + - id + - userId + - status + - type + - url + - reason + - ruleId + - createdAt + - deviceId + RequestError: + type: object + properties: + error_message: + type: string + RequestAction: + type: object + properties: + action: + type: string + enum: + - approve - decline description: Action to perform on the request adminComment: @@ -1194,42 +2371,174 @@ paths: type: string - name: device.first_seen_gte in: query - description: Filter by first seen time or after + description: Filter by first seen time or after + required: false + schema: + type: string + format: date-time + - name: device.last_seen_lte + in: query + description: Filter by last seen time or before + required: false + schema: + type: string + format: date-time + - name: device.type + in: query + description: Filter by device type + required: false + schema: + type: string + - name: device.firewall_status + in: query + description: Filter by firewall status + required: false + schema: + type: string + - name: device.screen_lock_status + in: query + description: Filter by screen lock status + required: false + schema: + type: string + - name: device.disk_encryption_status + in: query + description: Filter by disk encryption status + required: false + schema: + type: string + - name: cursor + in: query + description: An optional opaque string that defines from where to start listing + required: false + schema: + type: string + - name: sort + in: query + description: The field to sort by + required: false + schema: + type: string + enum: + - device.hostname + - device.os_type + - device.browser_version + - device.first_seen + - device.last_seen + - user.name + - name: order + in: query + description: The sort order + required: false + schema: + $ref: '#/components/schemas/Order' + tags: + - Devices + /seb-api/v1/devices/{id}: + get: + summary: Devices by ID + description: Retrieve devices by [ID](https://docs.paloaltonetworks.com/prisma-access-browser/administration/manage-prisma-access-browser-devices). + operationId: GetSeb-apiV1Devicesbyid + responses: + '200': + description: A device + content: + application/json: + schema: + $ref: '#/components/schemas/Device' + '404': + description: Device not found + parameters: + - name: id + in: path + description: Device ID + required: true + schema: + type: string + tags: + - Devices + /seb-api/v1/device-groups: + get: + summary: List Device Groups + description: Retrieve the device groups details through this Application Programming + Interface endpoint. + operationId: GetSeb-apiV1Device-groups + responses: + '200': + description: A list of device groups with pagination info + content: + application/json: + schema: + type: object + properties: + pageInfo: + $ref: '#/components/schemas/PageInfo' + data: + type: array + items: + $ref: '#/components/schemas/DeviceGroup' + '400': + description: Bad request + content: + application/json: + schema: + type: object + properties: + errorResponse: + $ref: '#/components/schemas/ErrorResponse' + '403': + description: Forbidden + '500': + description: Internal server error + parameters: + - name: limit + in: query + description: Number of device groups to return + required: false + schema: + type: integer + format: int32 + - name: deviceGroup.name + in: query + description: Filter by device group name required: false schema: type: string - format: date-time - - name: device.last_seen_lte + - name: deviceGroup.platform in: query - description: Filter by last seen time or before + description: Filter by device group platform required: false schema: - type: string - format: date-time - - name: device.type + $ref: '#/components/schemas/DeviceGroupPlatform' + - name: deviceGroup.created_at_gte in: query - description: Filter by device type + description: Filter by created at time or after required: false schema: type: string - - name: device.firewall_status + format: date-time + - name: deviceGroup.created_at_lte in: query - description: Filter by firewall status + description: Filter by created at time or before required: false schema: type: string - - name: device.screen_lock_status + format: date-time + - name: deviceGroup.updated_at_gte in: query - description: Filter by screen lock status + description: 'Filter by updated at time or after. Format: RFC3339 (e.g., "2023-03-29T00:00:00Z")' required: false schema: type: string - - name: device.disk_encryption_status + format: date-time + - name: deviceGroup.updated_at_lte in: query - description: Filter by disk encryption status + description: 'Filter by updated at time or before. Format: RFC3339 (e.g., + "2023-03-29T23:59:59Z")' required: false schema: type: string + format: date-time - name: cursor in: query description: An optional opaque string that defines from where to start listing @@ -1243,12 +2552,10 @@ paths: schema: type: string enum: - - device.hostname - - device.os_type - - device.browser_version - - device.first_seen - - device.last_seen - - user.name + - deviceGroup.name + - deviceGroup.platform + - deviceGroup.created_at + - deviceGroup.updated_at - name: order in: query description: The sort order @@ -1256,30 +2563,346 @@ paths: schema: $ref: '#/components/schemas/Order' tags: - - Devices - /seb-api/v1/devices/{id}: + - DeviceGroups + descriptions: Retrieve a list of device groups. + post: + summary: New Device Group + description: Creates a new device group. + operationId: PostSeb-apiV1Device-groups + responses: + '201': + description: Device group created successfully + content: + application/json: + schema: + type: object + properties: + deviceGroupId: + type: string + description: The ID of the newly created device group + '400': + description: Bad request - invalid input + content: + application/json: + schema: + type: object + properties: + errorResponse: + $ref: '#/components/schemas/ErrorResponse' + '403': + description: Forbidden + '409': + description: Conflict - device group already exists + content: + application/json: + schema: + type: object + properties: + errorResponse: + $ref: '#/components/schemas/ErrorResponse' + '500': + description: Internal server error + parameters: [] + tags: + - DeviceGroups + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeviceGroupRequest' + /seb-api/v1/device-groups/{device-group-id}: get: - summary: Devices by ID - description: Retrieve devices by [ID](https://docs.paloaltonetworks.com/prisma-access-browser/administration/manage-prisma-access-browser-devices). - operationId: GetSeb-apiV1Devicesbyid + summary: Device Group By ID + description: Get details on group devices by ID. + operationId: GetSeb-apiV1Device-groupsbydevice-group-id responses: '200': - description: A device + description: A device group content: application/json: schema: - $ref: '#/components/schemas/Device' + $ref: '#/components/schemas/DeviceGroup' + '400': + description: Bad request + content: + application/json: + schema: + type: object + properties: + errorResponse: + $ref: '#/components/schemas/ErrorResponse' + '403': + description: Forbidden '404': - description: Device not found + description: Device group not found + '500': + description: Internal server error parameters: - - name: id + - name: device-group-id in: path - description: Device ID + description: Device Group ID required: true schema: type: string tags: - - Devices + - DeviceGroups + put: + summary: Replace Device Group + description: "Replaces the entire configuration of the specified device group.\ + \ \nThis operation disables any attributes omitted from the request and sets\ + \ the provided attributes to the specified values." + operationId: PutSeb-apiV1Device-groupsbydevice-group-id + responses: + '200': + description: Device group updated successfully + content: + application/json: + schema: + type: object + properties: + deviceGroupId: + type: string + description: The ID of the updated device group + '400': + description: Bad request - invalid input + content: + application/json: + schema: + type: object + properties: + errorResponse: + $ref: '#/components/schemas/ErrorResponse' + '403': + description: Forbidden + '404': + description: Device group not found + '500': + description: Internal server error + parameters: + - name: device-group-id + in: path + required: true + description: The ID of the device group to update + schema: + type: string + tags: + - DeviceGroups + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeviceGroupRequest' + patch: + summary: Update Device Group + description: "Modifies specific attributes of an existing device group. \nThis\ + \ operation updates only the fields provided in the request body and leaves\ + \ all other attributes unchanged." + operationId: PatchSeb-apiV1Device-groupsbydevice-group-id + responses: + '200': + description: Device group updated successfully + content: + application/json: + schema: + type: object + properties: + deviceGroupId: + type: string + description: The ID of the updated device group + '400': + description: Bad request - invalid input + content: + application/json: + schema: + type: object + properties: + errorResponse: + $ref: '#/components/schemas/ErrorResponse' + '403': + description: Forbidden + '404': + description: Device group not found + '500': + description: Internal server error + parameters: + - name: device-group-id + in: path + required: true + description: The ID of the device group to update + schema: + type: string + tags: + - DeviceGroups + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DeviceGroupPatchRequest' + delete: + summary: Delete Device Group + description: Permanently removes the specified device group from the system. + operationId: DeleteSeb-apiV1Device-groupsbydevice-group-id + responses: + '204': + description: Device group deleted successfully + '400': + description: Bad request + content: + application/json: + schema: + type: object + properties: + errorResponse: + $ref: '#/components/schemas/ErrorResponse' + '403': + description: Forbidden + '404': + description: Device group not found + '500': + description: Internal server error + parameters: + - name: device-group-id + in: path + required: true + description: The ID of the device group to delete + schema: + type: string + tags: + - DeviceGroups + /seb-api/v1/device-groups/{device-group-id}/serials/add: + post: + summary: Add Serial Numbers + description: "Appends a list of serial numbers to the specified device group.\ + \ \nThis operation is idempotent and ignores any serial numbers that the group\ + \ already contains." + operationId: PostSeb-apiV1Device-groupsBy_device-group-idSerialsAdd + responses: + '200': + description: Serials added successfully + content: + application/json: + schema: + type: object + properties: + addedSerials: + type: array + items: + type: string + description: Serials that were actually added (excludes duplicates) + message: + type: string + description: Success message + example: 3 serials added successfully + '400': + description: Bad request - invalid input + content: + application/json: + schema: + type: object + properties: + errorResponse: + $ref: '#/components/schemas/ErrorResponse' + '403': + description: Forbidden + '404': + description: Device group not found + '500': + description: Internal server error + parameters: + - name: device-group-id + in: path + required: true + description: The ID of the device group to add serials to + schema: + type: string + tags: + - DeviceGroups + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + serials: + type: array + items: + type: string + description: Serial numbers to add to the device group + example: + - LAPTOP001 + - LAPTOP002 + - DESKTOP001 + required: + - serials + /seb-api/v1/device-groups/{device-group-id}/serials/remove: + post: + summary: Remove Serial Numbers + description: "Detaches a list of serial numbers from the specified device group.\ + \ \nThis operation is idempotent and takes no action on serial numbers that\ + \ are not currently members of the group." + operationId: PostSeb-apiV1Device-groupsBy_device-group-idSerialsRemove + responses: + '200': + description: Serials removed successfully + content: + application/json: + schema: + type: object + properties: + removedSerials: + type: array + items: + type: string + description: Serials that were actually removed + message: + type: string + description: Success message + example: 2 serials removed successfully + '400': + description: Bad request - invalid input + content: + application/json: + schema: + type: object + properties: + errorResponse: + $ref: '#/components/schemas/ErrorResponse' + '403': + description: Forbidden + '404': + description: Device group not found + '500': + description: Internal server error + parameters: + - name: device-group-id + in: path + required: true + description: The ID of the device group to remove serials from + schema: + type: string + tags: + - DeviceGroups + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + serials: + type: array + items: + type: string + description: Serial numbers to remove from the device group + example: + - LAPTOP001 + - DESKTOP001 + required: + - serials /seb-api/v1/user-groups: get: summary: List User Groups @@ -1379,7 +3002,7 @@ paths: - userIds /seb-api/v1/user-groups/{id}: get: - summary: Single User group by ID + summary: Single User Group By ID description: Get a single user group by ID. operationId: GetSeb-apiV1User-groupsbyid responses: