diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/_category_.json b/docs/accessanalyzer/12.0/admin/schema/fsaadc/_category_.json new file mode 100644 index 0000000000..53a2e95a33 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "File System Access Analyzer DC Schema", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/_category_.json b/docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/_category_.json new file mode 100644 index 0000000000..e390b2c64a --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Core Data Collection Tables", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md b/docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md new file mode 100644 index 0000000000..44567564a8 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/coretables/overview.md @@ -0,0 +1,966 @@ +# Core Data Collection Tables + +The FSAA DC schema contains 47 core tables populated by four collector modules: the File System Access Analyzer (`SA_FSAA_`), the File System Activity Collector (`SA_FSAC_`), the Sensitive Data / DLP collector (`SA_FSDLP_`), and the DFS Namespace collector (`SA_FSDFS_`). All `SA_FSAA_*` tables are partitioned by `HOST INT` (FK → `SA_FSAA_Hosts.ID`) with `ON DELETE CASCADE` so that removing a host purges its entire data set. + +## FSAA Tables + +### SA_FSAA_SchemaVer {#sa_fsaa_schemaver} + +Single-row table holding the FSAA schema version string. The CREATE-Schema job clears and re-inserts the version on every run. Used by upgrades to decide whether to apply migrations. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| SchemaVer | varchar | 64 | No | | | | Schema version (current value `8.0.17`) | + +**Primary Key:** None +**Foreign Keys:** None +**Indexes:** None + +### SA_FSAA_Hosts {#sa_fsaa_hosts} + +Registry of every host scanned by FSAA. One row per host. The integer `ID` is the FK target for every other FSAA table's `HOST` column. `USN`/`AccessUSN`/`ActivityUSN`/`DLPUSN` are per-scan-type Update Sequence Numbers used by the C# importer to detect deltas; the matching `*GUID` columns identify the SQLite cache that produced the last upload. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| ID | int | | No | PK | | IDENTITY(1,1) | Surrogate host ID — referenced by every FSAA table | +| HOST | nvarchar | 64 | No | | | | Host name (NetBIOS/FQDN). Has unique constraint | +| SAConsole | nvarchar | 64 | No | | | | Console host that initiated the scan | +| ScanTime | datetime | | No | | | | Time of most recent scan | +| GUID | varchar | 38 | No | | | `''` | Top-level scan correlation GUID | +| USN | int | | No | | | `-1` | Top-level Update Sequence Number for the structural scan | +| AccessUSN | int | | No | | | `-1` | USN tracking the latest Access (FSAA) data import | +| AccessGUID | varchar | 38 | No | | | `''` | Correlation GUID for the latest Access scan | +| ActivityUSN | int | | No | | | `-1` | USN tracking the latest Activity (FSAC) data import | +| ActivityGUID | varchar | 38 | No | | | `''` | Correlation GUID for the latest Activity scan | +| DLPUSN | int | | No | | | `-1` | USN tracking the latest DLP scan | +| DLPGUID | varchar | 38 | No | | | `''` | Correlation GUID for the latest DLP scan | +| LastScanHost | nvarchar | 64 | Yes | | | | Hostname of machine that performed the last scan | + +**Primary Key:** `PK_SA_FSAA_Hosts` — clustered on `(ID)` +**Foreign Keys:** None +**Indexes:** `UQ_SA_FSAA_Hosts_HOST` — unique nonclustered on `(HOST)` + +### SA_FSAA_ImportHistory {#sa_fsaa_importhistory} + +Append-only history of every successful data import for each host. One row per host per import per scan type. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host that the import covered | +| GUID | varchar | 38 | No | | | | Correlation GUID for the imported scan | +| USN | int | | No | | | | USN observed at import time | +| ScanType | varchar | 32 | No | | | | One of `Access`, `Activity`, `DLP` | +| ImportTime | datetime | | No | PK | | `CURRENT_TIMESTAMP` | When the import ran | + +**Primary Key:** `PK_SA_FSAA_ImportHistory` — clustered on `(HOST, ImportTime)` +**Foreign Keys:** `FK_SA_FSAA_ImportHistory_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_Trustees {#sa_fsaa_trustees} + +Every distinct security principal observed in ACLs on a host, identified by `(HOST, ID)`. Holds only the SID and `TrusteeType` enumeration; human-readable name fields live in `SA_FSAA_LocalTrustees` for local accounts, or are looked up from the AD inventory at view time. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ID | int | | No | PK | | | Per-host trustee ID | +| SID | varchar | 184 | No | | | | Security identifier (string form, e.g. `S-1-5-21-...`) | +| TrusteeType | smallint | | No | | | | See [TrusteeType enumeration](../enumeration/overview.md#trusteetype) | + +**Primary Key:** `PK_SA_FSAA_Trustees` — clustered on `(HOST, ID)` +**Foreign Keys:** `FK_SA_FSAA_Trustees_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_LocalTrustees {#sa_fsaa_localtrustees} + +Subset of `SA_FSAA_Trustees`: the local accounts and groups that exist on the scanned host. Adds NT-style domain/name and display name. `(HOST, ID)` is a foreign key into `SA_FSAA_Trustees`. `IsDisabled` is stored as `'Y'`/`'N'`. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Trustees.HOST | | Host partition | +| ID | int | | No | PK | FK → SA_FSAA_Trustees.ID | | Trustee ID — must exist in `SA_FSAA_Trustees` | +| NTDomain | nvarchar | 128 | Yes | | | | Domain portion of NT-style name | +| NTName | nvarchar | 256 | Yes | | | | SAM account name | +| DisplayName | nvarchar | 256 | Yes | | | | Display name | +| SID | varchar | 184 | No | | | | SID (denormalized copy from `SA_FSAA_Trustees`) | +| TrusteeType | smallint | | No | | | | See [TrusteeType enumeration](../enumeration/overview.md#trusteetype) | +| IsDisabled | varchar | 2 | No | | | | `'Y'` / `'N'` | +| USN | int | | No | | | `-1` | USN at last sighting | +| DeletedUSN | int | | Yes | | | | USN when the principal was removed (NULL = still present) | + +**Primary Key:** `PK_SA_FSAA_LocalTrustees` — clustered on `(HOST, ID)` +**Foreign Keys:** `FK_SA_FSAA_LocalTrustees_ID` — `(HOST, ID) → SA_FSAA_Trustees(HOST, ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_TrusteeEquivalence {#sa_fsaa_trusteeequivalence} + +Group-membership edges between local trustees on the host. Each row is a `(group → member)` pair, where `EquivalentTrusteeID` is the group and `TrusteeID` is the member. Used to expand local-group memberships during effective-access calculations. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| TrusteeID | int | | No | PK | FK → SA_FSAA_Trustees.ID | | Member trustee | +| EquivalentTrusteeID | int | | No | PK | FK → SA_FSAA_LocalTrustees.ID | | Group (local trustee) the member belongs to | + +**Primary Key:** `PK_SA_FSAA_TrusteeEquivalence` — clustered on `(HOST, TrusteeID, EquivalentTrusteeID)` +**Foreign Keys:** +- `FK_SA_FSAA_TrusteeEquivalence_TrusteeID` — `(HOST, TrusteeID) → SA_FSAA_Trustees(HOST, ID)` +- `FK_SA_FSAA_TrusteeEquivalence_EquivalentTrusteeID` — `(HOST, EquivalentTrusteeID) → SA_FSAA_LocalTrustees(HOST, ID) ON DELETE CASCADE` + +**Indexes:** `SA_FSAA_TrusteeEquivalence_Group_IDX` — nonclustered on `(HOST, EquivalentTrusteeID)` INCLUDE `(TrusteeID)` + +### SA_FSAA_Rights {#sa_fsaa_rights} + +Permission-entry table. Every distinct ACL is given a `RightsProxyID`; resources sharing an identical ACL share one `RightsProxyID`, deduplicating storage dramatically. Each row is one access-control entry: a `TrusteeID` plus its allow/deny rights broken down by direct/inherited and by simplified bitmask vs. full Windows mask. Created with `WITH (DATA_COMPRESSION = ROW)` on Enterprise editions. + +The `AllowRights`/`DenyRights` columns use the simplified six-bit FSAA representation — see the [Rights Bitmask enumeration](../enumeration/overview.md#rights-bitmask). The `*Mask` columns hold the full Windows access mask. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| RightsProxyID | int | | No | PK | | | Deduplication key — multiple resources may share one proxy | +| TrusteeID | int | | No | PK | FK → SA_FSAA_Trustees.ID | | The principal this ACE applies to | +| AllowRights | smallint | | No | | | | Combined direct+inherited allow bits | +| DenyRights | smallint | | No | | | | Combined direct+inherited deny bits | +| DirectAllowRights | smallint | | No | | | | Direct (non-inherited) allow bits | +| DirectDenyRights | smallint | | No | | | | Direct deny bits | +| InheritedAllowRights | smallint | | No | | | | Inherited allow bits | +| InheritedDenyRights | smallint | | No | | | | Inherited deny bits | +| AllowMask | int | | No | | | | Full Windows allow access mask | +| DenyMask | int | | No | | | | Full Windows deny access mask | +| DirectAllowMask | int | | No | | | | Direct allow mask | +| DirectDenyMask | int | | No | | | | Direct deny mask | +| InheritedAllowMask | int | | No | | | | Inherited allow mask | +| InheritedDenyMask | int | | No | | | | Inherited deny mask | + +**Primary Key:** `PK_SA_FSAA_Rights` — clustered on `(HOST, RightsProxyID, TrusteeID)` +**Foreign Keys:** `FK_SA_FSAA_Rights_TrusteeID` — `(HOST, TrusteeID) → SA_FSAA_Trustees(HOST, ID)` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_Tags {#sa_fsaa_tags} + +Distinct file tag values per host. Used in a two-level dedup pattern: `Tags` holds the unique tag string, `TagKeys`/`TagProxies` define a multi-tag set, and `Resources.TagProxyID` references a particular set. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| TagID | int | | No | PK | | | Per-host tag ID | +| Tag | nvarchar | MAX | No | | | | Tag string (e.g. an Azure Information Protection label or custom tag) | +| Source | tinyint | | No | | | `0` | Tag source | + +**Primary Key:** `PK_SA_FSAA_Tags` — clustered on `(HOST, TagID)` +**Foreign Keys:** `FK_SA_FSAA_Tags_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_TagKeys {#sa_fsaa_tagkeys} + +Defines a "tag set" identity. Each `TagProxyID` represents a unique combination of tag values shared by one or more resources. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| TagProxyID | int | | No | PK | | | Identifier for the tag set | + +**Primary Key:** `PK_SA_FSAA_TagKeys` — clustered on `(HOST, TagProxyID)` +**Foreign Keys:** `FK_SA_FSAA_TagKeys_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_TagProxies {#sa_fsaa_tagproxies} + +Membership of `Tags` in a `TagKeys` set: each row links one tag to one tag-proxy. A resource's `TagProxyID` points at a row in `TagKeys`; joining through `TagProxies` yields the list of tags applied. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| TagProxyID | int | | No | PK | FK → SA_FSAA_TagKeys.TagProxyID | | Tag set | +| TagID | int | | No | PK | FK → SA_FSAA_Tags.TagID | | Tag in the set | + +**Primary Key:** `PK_SA_FSAA_TagProxies` — clustered on `(HOST, TagProxyID, TagID)` +**Foreign Keys:** +- `FK_SA_FSAA_TagProxies_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +- `FK_SA_FSAA_TagProxies_TagProxyID` — `(HOST, TagProxyID) → SA_FSAA_TagKeys(HOST, TagProxyID)` +- `FK_SA_FSAA_TagProxies_TagID` — `(HOST, TagID) → SA_FSAA_Tags(HOST, TagID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSAA_Resources {#sa_fsaa_resources} + +The central resource inventory — every share, folder, and file the DC has seen on the host, plus its parent linkage, owner, ACL pointer, gate pointer, tag pointer, sizing, and timestamps. This is the largest table in the schema by row count and is created `WITH (DATA_COMPRESSION = ROW)` on Enterprise editions. + +`RightsProxyID`, `GatesProxyID`, and `TagProxyID` are logical (un-enforced) denormalized pointers; no FK constraints exist on them so that bulk imports can stage rows in any order. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ID | bigint | | No | PK | | | Per-host resource ID (bigint to support very large file systems) | +| ParentResourceID | bigint | | Yes | | FK → SA_FSAA_Resources.ID | | Parent folder/share. NULL = root | +| Name | nvarchar | 2000 | No | | | | Leaf name (folder/file name; share name for shares) | +| ResourceType | tinyint | | No | | | | See [ResourceType enumeration](../enumeration/overview.md#resourcetype) | +| OwnerID | int | | Yes | | FK → SA_FSAA_Trustees.ID | | Resource owner trustee | +| RightsProxyID | int | | Yes | | | | Logical pointer into `SA_FSAA_Rights` (no enforced FK; NULL = inherited from parent) | +| GatesProxyID | bigint | | Yes | | | | Logical pointer into `SA_FSAA_GatesProxy` (no enforced FK) | +| NestedLevel | int | | No | | | | Depth in the resource tree (0 = root) | +| Size | bigint | | Yes | | | | Aggregated file-content size | +| LastModified | datetime | | Yes | | | | NTFS last-modified timestamp | +| LastAccessed | datetime | | Yes | | | | NTFS last-accessed timestamp | +| Created | datetime | | Yes | | | | NTFS creation timestamp | +| TagProxyID | int | | Yes | | | | Logical pointer into `SA_FSAA_TagKeys` (no enforced FK) | +| USN | int | | No | | | `-1` | Structural USN — last seen in this scan | +| DeletedUSN | int | | Yes | | | | USN when the resource was deleted (NULL = still present) | + +**Primary Key:** `PK_SA_FSAA_Resources` — clustered on `(HOST, ID)` +**Foreign Keys:** +- `FK_SA_FSAA_Resources_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +- `FK_SA_FSAA_Resources_ParentResourceID` — `(HOST, ParentResourceID) → SA_FSAA_Resources(HOST, ID)` +- `FK_SA_FSAA_Resources_OwnerID` — `(HOST, OwnerID) → SA_FSAA_Trustees(HOST, ID)` + +**Indexes:** +- `SA_FSAA_Resources_Enum_IDX` — nonclustered on `(HOST, ParentResourceID)` INCLUDE `(ID, ResourceType, DeletedUSN)` +- `SA_FSAA_Resources_RightsProxyID_IDX` — nonclustered on `(HOST, RightsProxyID)` INCLUDE `(ID, GatesProxyID, DeletedUSN, ResourceType)` +- `SA_FSAA_Resources_GatesProxyID_IDX` — nonclustered on `(HOST, GatesProxyID)` INCLUDE `(ID)` +- `SA_FSAA_Resources_USN_IDX` — nonclustered on `(HOST, USN)` INCLUDE `(ID)` +- `SA_FSAA_Resources_ParentResourceID_Name_IDX` — nonclustered on `(HOST, ParentResourceID, Name)` + +### SA_FSAA_UnixRights {#sa_fsaa_unixrights} + +POSIX permission triplet (`Mask`, owner, group) for Unix/NFS resources. One row per resource that has Unix rights. The `Mask` column stores the standard POSIX mode bits. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ResourceID | bigint | | No | PK | FK → SA_FSAA_Resources.ID | | Resource these rights apply to | +| OwnerID | int | | No | | FK → SA_FSAA_Trustees.ID | | POSIX owner trustee | +| GroupID | int | | No | | FK → SA_FSAA_Trustees.ID | | POSIX group trustee | +| Mask | int | | No | | | | POSIX mode mask | +| USN | int | | No | | | | Update Sequence Number | + +**Primary Key:** `PK_SA_FSAA_UnixRights` — clustered on `(HOST, ResourceID)` +**Foreign Keys:** +- `FK_SA_FSAA_UnixRights_ResourceID` — `(HOST, ResourceID) → SA_FSAA_Resources(HOST, ID) ON DELETE CASCADE` +- `FK_SA_FSAA_UnixRights_OwnerID` — `(HOST, OwnerID) → SA_FSAA_Trustees(HOST, ID)` +- `FK_SA_FSAA_UnixRights_GroupID` — `(HOST, GroupID) → SA_FSAA_Trustees(HOST, ID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSAA_Gates {#sa_fsaa_gates} + +A "gate" is the entry point through which clients reach a resource: an SMB share, an NFS export, an NFS export policy, or an Azure Files share. Gates have their own ACLs (share permissions) separate from resource ACLs. A gate references the underlying `ShareID` and the `FolderID` it grants access to. NFS share-level ACLs are modeled as a separate "policy" gate referenced by the `PolicyID` self-FK. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ID | int | | No | PK | | | Per-host gate ID | +| ShareID | bigint | | Yes | | FK → SA_FSAA_Resources.ID | | Resource that represents the share root | +| FolderID | bigint | | Yes | | FK → SA_FSAA_Resources.ID | | Folder the gate grants access to | +| PolicyID | int | | Yes | | FK → SA_FSAA_Gates.ID | | Self-FK — points at the export-policy gate when this is an NFS export | +| DisplayName | nvarchar | 256 | No | | | | Share name (e.g. `Public$`) | +| Path | nvarchar | 512 | Yes | | | | Local path of the share (e.g. `C:\Shares\Public`) | +| NestedLevel | int | | Yes | | | | Depth from the host root | +| GateType | int | | No | | | `0` | See [GateType enumeration](../enumeration/overview.md#gatetype) | +| USN | int | | No | | | `-1` | Update Sequence Number | +| DeletedUSN | int | | Yes | | | | USN at deletion (NULL = still present) | + +**Primary Key:** `PK_SA_FSAA_Gates` — clustered on `(HOST, ID)` +**Foreign Keys:** +- `FK_SA_FSAA_Gates_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +- `FK_SA_FSAA_Gates_ShareID` — `(HOST, ShareID) → SA_FSAA_Resources(HOST, ID)` +- `FK_SA_FSAA_Gates_FolderID` — `(HOST, FolderID) → SA_FSAA_Resources(HOST, ID)` +- `FK_SA_FSAA_Gates_PolicyID` — `(HOST, PolicyID) → SA_FSAA_Gates(HOST, ID)` (self-FK for NFS export policies) + +**Indexes:** None beyond the clustered PK + +### SA_FSAA_GatesProxy {#sa_fsaa_gatesproxy} + +Many-to-many bridge from a resource to gates. A resource may be reachable through multiple shares (or no share at all). The proxy `ID` is denormalized onto `SA_FSAA_Resources.GatesProxyID`. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ID | bigint | | No | PK | | | Proxy ID — referenced by `Resources.GatesProxyID` | +| GateID | int | | No | PK | FK → SA_FSAA_Gates.ID | | Gate that grants reach to this resource | + +**Primary Key:** `PK_SA_FSAA_GatesProxy` — clustered on `(HOST, ID, GateID)` +**Foreign Keys:** `FK_SA_FSAA_GatesProxy_GateID` — `(HOST, GateID) → SA_FSAA_Gates(HOST, ID) ON DELETE CASCADE` +**Indexes:** `SA_FSAA_GatesProxy_GateID_IDX` — nonclustered on `(HOST, GateID)` INCLUDE `(ID)` + +### SA_FSAA_Policies {#sa_fsaa_policies} + +Local Security Authority (LSA) policies attached to a host's policy gates (e.g. *Logon as a service*, *Allow log on locally*). Used by the `SA_FSAA_GetPolicyMembership` UDF to expand pseudo-trustees such as `NT AUTHORITY\INTERACTIVE` and `NT AUTHORITY\SERVICE` into underlying user accounts. `PolicyID` is a FK into `SA_FSAA_Gates` because policies are modelled as a special gate type. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| PolicyID | int | | No | PK | FK → SA_FSAA_Gates.ID | | Policy gate (1 = INTERACTIVE, 3 = BATCH, 4 = SERVICE, 5 = TERMINAL SERVER USER) | +| TrusteeID | int | | No | PK | FK → SA_FSAA_Trustees.ID | | Trustee assigned to the policy | +| Allow | smallint | | No | | | | Allow flag (1 = granted, 0 = denied) | + +**Primary Key:** `PK_SA_FSAA_Policies` — clustered on `(HOST, PolicyID, TrusteeID)` +**Foreign Keys:** +- `FK_SA_FSAA_Policies_PolicyID` — `(HOST, PolicyID) → SA_FSAA_Gates(HOST, ID) ON DELETE CASCADE` +- `FK_SA_FSAA_Policies_TrusteeID` — `(HOST, TrusteeID) → SA_FSAA_Trustees(HOST, ID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSAA_Exceptions {#sa_fsaa_exceptions} + +One row per detected access-control anomaly (e.g. *Open Access*, *Broken Inheritance*, *Direct User Permissions*). The kind of anomaly is identified by `ExceptionType` joining `SA_FSAA_ExceptionTypes`. Either `ResourceID`, `GateID`, `TrusteeID`, or `SourceTrusteeID` may be NULL depending on the exception class. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ID | int | | No | PK | | | Per-host exception ID | +| ExceptionType | int | | No | | FK → SA_FSAA_ExceptionTypes.ExceptionType | | Class of exception | +| GateID | int | | Yes | | FK → SA_FSAA_Gates.ID | | Gate involved (if any) | +| ResourceID | bigint | | Yes | | FK → SA_FSAA_Resources.ID | | Resource involved (if any) | +| TrusteeID | int | | Yes | | FK → SA_FSAA_Trustees.ID | | Subject trustee (if any) | +| SourceTrusteeID | int | | Yes | | FK → SA_FSAA_Trustees.ID | | Source trustee — for SID-History exceptions, the historical SID's owner | + +**Primary Key:** `PK_SA_FSAA_Exceptions` — clustered on `(HOST, ID)` +**Foreign Keys:** +- `FK_SA_FSAA_Exceptions_HOST` — `(HOST) → SA_FSAA_Hosts(ID)` +- `FK_SA_FSAA_Exceptions_GateID` — `(HOST, GateID) → SA_FSAA_Gates(HOST, ID) ON DELETE CASCADE` +- `FK_SA_FSAA_Exceptions_ResourceID` — `(HOST, ResourceID) → SA_FSAA_Resources(HOST, ID)` +- `FK_SA_FSAA_Exceptions_TrusteeID` — `(HOST, TrusteeID) → SA_FSAA_Trustees(HOST, ID)` +- `FK_SA_FSAA_Exceptions_SourceTrusteeID` — `(HOST, SourceTrusteeID) → SA_FSAA_Trustees(HOST, ID)` + +**Indexes:** `SA_FSAA_Exceptions_Resource_IDX` — nonclustered on `(HOST, ResourceID)` INCLUDE `(ExceptionType, GateID)` + +### SA_FSAA_ExceptionTypes {#sa_fsaa_exceptiontypes} + +Per-host catalog of every exception class FSAA can detect. `ParentType` allows hierarchical grouping of related exceptions. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ExceptionType | int | | No | PK | | | Type code (referenced by `Exceptions.ExceptionType`) | +| GUID | varchar | 38 | No | | | | Stable GUID identifying this exception kind | +| USN | int | | No | | | | Update Sequence Number | +| Name | varchar | 128 | No | | | | Short name (e.g. `OpenAccess`) | +| Description | varchar | 256 | No | | | | Human-readable description | +| Count | int | | No | | | | Cached count of `SA_FSAA_Exceptions` rows of this type | +| ParentType | int | | Yes | | | | Optional parent exception type (self-reference within the host) | + +**Primary Key:** `PK_SA_FSAA_ExceptionTypes` — clustered on `(HOST, ExceptionType)` +**Foreign Keys:** `FK_SA_FSAA_ExceptionTypes_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_ProbableOwners {#sa_fsaa_probableowners} + +Probable-owner heuristic results — one row per `(resource, candidate-owner)` pair, scored by file count and aggregated size of files the candidate owns within the resource subtree. Populated by the *Probable Owner* analysis job. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ResourceID | bigint | | No | PK | FK → SA_FSAA_Resources.ID | | Resource (folder/share) being scored | +| OwnerID | int | | No | PK | FK → SA_FSAA_Trustees.ID | | Candidate owner | +| FileSize | bigint | | Yes | | | | Total bytes owned by this candidate within the subtree | +| FileCount | int | | Yes | | | | Number of files owned by this candidate within the subtree | + +**Primary Key:** `PK_SA_FSAA_ProbableOwners` — clustered on `(HOST, ResourceID, OwnerID)` +**Foreign Keys:** +- `FK_SA_FSAA_ProbableOwners_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +- `FK_SA_FSAA_ProbableOwners_ResourceID` — `(HOST, ResourceID) → SA_FSAA_Resources(HOST, ID)` +- `FK_SA_FSAA_ProbableOwners_OwnerID` — `(HOST, OwnerID) → SA_FSAA_Trustees(HOST, ID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSAA_FileSizes {#sa_fsaa_filesizes} + +Aggregated size and count of all files within each resource subtree. Populated by the bulk-import pipeline when the *Sizing* option is enabled. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ResourceID | bigint | | No | PK | FK → SA_FSAA_Resources.ID | | Resource (folder/share) | +| FileSize | bigint | | Yes | | | | Total file bytes within the subtree | +| FileCount | int | | Yes | | | | Total number of files within the subtree | + +**Primary Key:** `PK_SA_FSAA_FileSizes` — clustered on `(HOST, ResourceID)` +**Foreign Keys:** `FK_SA_FSAA_FileSizes_ResourceID` — `(HOST, ResourceID) → SA_FSAA_Resources(HOST, ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_FileTypes {#sa_fsaa_filetypes} + +Per-extension breakdown of files within each resource subtree. One row per `(resource, extension)`. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ResourceID | bigint | | No | PK | FK → SA_FSAA_Resources.ID | | Resource (folder/share) | +| Extension | nvarchar | 255 | No | PK | | | File extension (e.g. `.docx`) | +| FileSize | bigint | | Yes | | | | Total bytes of files with this extension | +| FileCount | int | | Yes | | | | Number of files with this extension | + +**Primary Key:** `PK_SA_FSAA_FileTypes` — clustered on `(HOST, ResourceID, Extension)` +**Foreign Keys:** `FK_SA_FSAA_FileTypes_ResourceID` — `(HOST, ResourceID) → SA_FSAA_Resources(HOST, ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_FileAges {#sa_fsaa_fileages} + +Histogram of file age buckets within each resource subtree. The eleven `FileCount0`–`FileCount10` columns hold counts in successively older buckets; bucket boundaries are determined at scan configuration time. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ResourceID | bigint | | No | PK | FK → SA_FSAA_Resources.ID | | Resource (folder/share) | +| LastModified | datetime | | Yes | | | | Most recent file modification within the subtree | +| FileCount0 | int | | Yes | | | | Files in age bucket 0 (newest) | +| FileCount1 | int | | Yes | | | | Files in age bucket 1 | +| FileCount2 | int | | Yes | | | | Files in age bucket 2 | +| FileCount3 | int | | Yes | | | | Files in age bucket 3 | +| FileCount4 | int | | Yes | | | | Files in age bucket 4 | +| FileCount5 | int | | Yes | | | | Files in age bucket 5 | +| FileCount6 | int | | Yes | | | | Files in age bucket 6 | +| FileCount7 | int | | Yes | | | | Files in age bucket 7 | +| FileCount8 | int | | Yes | | | | Files in age bucket 8 | +| FileCount9 | int | | Yes | | | | Files in age bucket 9 | +| FileCount10 | int | | Yes | | | | Files in age bucket 10 (oldest) | + +**Primary Key:** `PK_SA_FSAA_FileAges` — clustered on `(HOST, ResourceID)` +**Foreign Keys:** `FK_SA_FSAA_FileAges_ResourceID` — `(HOST, ResourceID) → SA_FSAA_Resources(HOST, ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_FileTags {#sa_fsaa_filetags} + +Aggregated file count and size per `(resource, tag-set)`. Populated when Azure Information Protection (AIP) or sensitive-data tags are collected. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ResourceID | bigint | | No | PK | FK → SA_FSAA_Resources.ID | | Resource (folder/share) | +| TagProxyID | int | | No | PK | FK → SA_FSAA_TagKeys.TagProxyID | | Tag set | +| FileSize | bigint | | No | | | | Total bytes of files with this tag set | +| FileCount | int | | No | | | | Number of files with this tag set | + +**Primary Key:** `PK_SA_FSAA_FileTags` — clustered on `(HOST, ResourceID, TagProxyID)` +**Foreign Keys:** +- `FK_SA_FSAA_FileTags_ResourceID` — `(HOST, ResourceID) → SA_FSAA_Resources(HOST, ID) ON DELETE CASCADE` +- `FK_SA_FSAA_FileTags_TagProxyID` — `(HOST, TagProxyID) → SA_FSAA_TagKeys(HOST, TagProxyID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSAA_ScanHistory {#sa_fsaa_scanhistory} + +Append-only audit log of every scan run, including the FSAA configuration XML used. Useful for forensic and configuration-tracking purposes. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| ConsoleHost | nvarchar | 64 | Yes | | | | NAA console that initiated the scan | +| ScanHost | nvarchar | 64 | Yes | | | | Host machine that performed the scan | +| ScanType | nvarchar | 64 | Yes | | | | Scan type (Access / Activity / DLP) | +| JobGUID | varchar | 38 | Yes | | | | Job correlation GUID | +| RunTime | datetime2 | | Yes | | | | When the scan ran | +| FSAAConfigXml | xml | | Yes | | | | Snapshot of the FSAA XML configuration | + +**Primary Key:** None +**Foreign Keys:** None +**Indexes:** None + +### SA_FSAA_AzureFilesShares {#sa_fsaa_azurefilesshares} + +Catalog of Azure Files shares discovered on a host. Each share links back to a `SA_FSAA_Resources` row (the share root) and a `SA_FSAA_Gates` row (the share gate). `StorageAccount` carries the FQDN of the storage account. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ID | int | | No | PK | | | Per-host Azure share ID | +| ResourceID | bigint | | No | | FK → SA_FSAA_Resources.ID | | Share-root resource | +| GateID | int | | No | | FK → SA_FSAA_Gates.ID | | Share gate | +| Name | nvarchar | 2000 | Yes | | | | Share name | +| StorageAccount | varchar | 256 | Yes | | | | Storage-account FQDN (e.g. `acct.file.core.windows.net`) | + +**Primary Key:** `PK_SA_FSAA_AzureFilesShares` — clustered on `(HOST, ID)` +**Foreign Keys:** +- `FK_SA_FSAA_AzureFilesShares_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +- `FK_SA_FSAA_AzureFilesShares_ResourceID` — `(HOST, ResourceID) → SA_FSAA_Resources(HOST, ID)` +- `FK_SA_FSAA_AzureFilesShares_GateID` — `(HOST, GateID) → SA_FSAA_Gates(HOST, ID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSAA_AzureFilesShareProperties {#sa_fsaa_azurefilesshareproperties} + +Azure-Files-specific metadata that doesn't fit the generic resource model: tier, lease, retention, quota, and soft-delete state. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| AzureShareID | int | | No | PK | FK → SA_FSAA_AzureFilesShares.ID | | Azure share | +| AccessTier | varchar | 50 | Yes | | | | `Hot` / `Cool` / `Premium` / `TransactionOptimized` | +| AccessChangeTime | datetime2 | 7 | Yes | | | | When tier was last changed | +| AccessTierTransitionState | varchar | 50 | Yes | | | | In-progress tier transition state | +| DeletedOn | datetime2 | 7 | Yes | | | | Soft-delete timestamp (NULL if not deleted) | +| LastModified | datetime2 | 7 | Yes | | | | Last modified timestamp | +| LeaseDuration | varchar | 50 | Yes | | | | Lease duration (`Fixed` / `Infinite`) | +| LeaseStatus | varchar | 50 | Yes | | | | Lease status (`Locked` / `Unlocked`) | +| LeaseState | varchar | 50 | Yes | | | | Lease state (`Available` / `Leased` / `Expired` / `Breaking` / `Broken`) | +| EnabledProtocols | varchar | 50 | Yes | | | | Enabled protocols (`SMB`, `NFS`) | +| RemainingRetentionDays | int | | Yes | | | | Soft-delete retention days remaining | +| QuotaInGB | float | | Yes | | | | Configured share quota (GiB) | + +**Primary Key:** `PK_SA_FSAA_AzureFilesShareProperties` — clustered on `(HOST, AzureShareID)` +**Foreign Keys:** `FK_SA_FSAA_AzureFilesShareProperties_AzureShareID` — `(HOST, AzureShareID) → SA_FSAA_AzureFilesShares(HOST, ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_AzureStorageAccounts {#sa_fsaa_azurestorageaccounts} + +Single-column lookup of every Azure Storage Account hostname known to FSAA. Used by the data-collection job to expand a configured storage account into its discoverable file shares. + +:::note +The unusual single-column shape exists because the `HOST` column name is required for NAA's dynamic host-list generation. This table carries no foreign keys and no indexes. +::: + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | nvarchar | 46 | No | | | | Storage-account FQDN (max 24 chars + `.file.core.windows.net` suffix) | + +**Primary Key:** None +**Foreign Keys:** None +**Indexes:** None + +### SA_FSAA_TrusteeMap {#sa_fsaa_trusteemap} + +Cross-module identity map. Each FSAA trustee may correspond to a distinct trustee row in the FSAC (Activity) and FSDLP (DLP) tables. This table holds those mappings so the three sub-collectors can present unified results. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ID | int | | No | PK | FK → SA_FSAA_Trustees.ID | | FSAA trustee ID | +| AccessID | int | | Yes | | | | Corresponding ID in Access (FSAA) data — typically same as `ID` | +| ActivityID | int | | Yes | | | | Corresponding ID in Activity (FSAC) trustee table | +| DLPID | int | | Yes | | | | Corresponding ID in DLP (FSDLP) trustee table | + +**Primary Key:** `PK_SA_FSAA_TrusteeMap` — clustered on `(HOST, ID)` +**Foreign Keys:** `FK_SA_FSAA_TrusteeMap_ID` — `(HOST, ID) → SA_FSAA_Trustees(HOST, ID)` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_ResourceMap {#sa_fsaa_resourcemap} + +Cross-module resource identity map. Same role as `SA_FSAA_TrusteeMap` but for resources. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ID | bigint | | No | PK | FK → SA_FSAA_Resources.ID | | FSAA resource ID | +| AccessID | bigint | | Yes | | | | Corresponding Access (FSAA) ID | +| ActivityID | bigint | | Yes | | | | Corresponding Activity (FSAC) ID | +| DLPID | bigint | | Yes | | | | Corresponding DLP (FSDLP) ID | + +**Primary Key:** `PK_SA_FSAA_ResourceMap` — clustered on `(HOST, ID)` +**Foreign Keys:** `FK_SA_FSAA_ResourceMap_ID` — `(HOST, ID) → SA_FSAA_Resources(HOST, ID)` +**Indexes:** +- `SA_FSAA_ResourceMap_AccessID_IDX` — nonclustered on `(HOST, AccessID)` +- `SA_FSAA_ResourceMap_ActivityID_IDX` — nonclustered on `(HOST, ActivityID)` +- `SA_FSAA_ResourceMap_DLPID_IDX` — nonclustered on `(HOST, DLPID)` + +### SA_FSAA_GateMap {#sa_fsaa_gatemap} + +Cross-module gate identity map. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ID | int | | No | PK | FK → SA_FSAA_Gates.ID | | FSAA gate ID | +| AccessID | int | | Yes | | | | Corresponding Access ID | +| ActivityID | int | | Yes | | | | Corresponding Activity ID | +| DLPID | int | | Yes | | | | Corresponding DLP ID | + +**Primary Key:** `PK_SA_FSAA_GateMap` — clustered on `(HOST, ID)` +**Foreign Keys:** `FK_SA_FSAA_GateMap_ID` — `(HOST, ID) → SA_FSAA_Gates(HOST, ID)` +**Indexes:** None beyond the clustered PK + +### SA_FSAA_ResourcesScanTypeDetails {#sa_fsaa_resourcesscantypedetails} + +Per-resource USN tracking columns split out of `SA_FSAA_Resources` in schema version 8.0. One row per resource, holding per-scan-type "last seen" / "last deleted" timestamps and USNs for Access, Activity, and DLP. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ID | bigint | | No | PK | FK → SA_FSAA_Resources.ID | | Resource ID | +| AccessUSN | int | | Yes | | | | USN at last Access sighting | +| AccessLastSeen | datetime2 | | Yes | | | | Last time Access scan saw this resource | +| AccessLastDeleted | datetime2 | | Yes | | | | Time the resource was last marked deleted by Access | +| ActivityUSN | int | | Yes | | | | USN at last Activity sighting | +| ActivityLastSeen | datetime2 | | Yes | | | | Last time Activity scan saw this resource | +| ActivityLastDeleted | datetime2 | | Yes | | | | Time the resource was last marked deleted by Activity | +| DLPUSN | int | | Yes | | | | USN at last DLP sighting | +| DLPLastSeen | datetime2 | | Yes | | | | Last time DLP saw this resource | +| DLPLastDeleted | datetime2 | | Yes | | | | Time the resource was last marked deleted by DLP | + +**Primary Key:** `PK_SA_FSAA_ResourcesScanTypeDetails` — clustered on `(HOST, ID)` +**Foreign Keys:** `FK_SA_FSAA_ResourcesScanTypeDetails_ID` — `(HOST, ID) → SA_FSAA_Resources(HOST, ID)` +**Indexes:** None beyond the clustered PK + +## Activity Collector Tables (SA_FSAC_*) + +### SA_FSAC_ProcessNames {#sa_fsac_processnames} + +Per-host lookup of process names observed in audit events. Activity events reference process names by `ID` to avoid storing the same long path string repeatedly. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ID | int | | No | PK | | | Per-host process-name ID | +| Name | nvarchar | 255 | No | | | | Process name (e.g. `EXPLORER.EXE`) | + +**Primary Key:** `PK_SA_FSAC_ProcessNames` — clustered on `(HOST, ID)` +**Foreign Keys:** `FK_SA_FSAC_ProcessNames_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSAC_ActivityEvents {#sa_fsac_activityevents} + +The high-volume activity-event stream. One row per audited file-system operation captured by an FSAC agent. `Operation` is a coded enumeration covering Read / Add / Update / Delete / PermissionChange / Rename. `Allow` is `1` for successful operations and `0` for denied operations. + +:::note +The `AccessTime` column type differs by environment: fresh-install DDL uses `datetime2`; the Task-15 migration recreates the table with `datetime`. Post-migration environments have `datetime`. +::: + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ID | bigint | | No | PK | | | Per-host event ID | +| AccessTime | datetime / datetime2 | | No | | | | Time the operation occurred | +| PathID | bigint | | No | | FK → SA_FSAA_Resources.ID | | Resource (file or folder) the operation acted on | +| TrusteeID | int | | No | | FK → SA_FSAA_Trustees.ID | | The user / principal that performed the operation | +| ProcessID | int | | Yes | | FK → SA_FSAC_ProcessNames.ID | | Process executing the operation (NULL if unknown) | +| Operation | tinyint | | No | | | | `0`=Read, `1`=Add, `2`=Update, `3`=Delete, `4`=PermissionChange, `5`=Rename | +| Allow | bit | | No | | | `1` | `1` = operation allowed, `0` = operation denied | +| USN | int | | No | | | | Update Sequence Number | + +**Primary Key:** `PK_SA_FSAC_ActivityEvents` — clustered on `(HOST, ID)` +**Foreign Keys:** +- `FK_SA_FSAC_ActivityEvents_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +- `FK_SA_FSAC_ActivityEvents_PathID` — `(HOST, PathID) → SA_FSAA_Resources(HOST, ID)` +- `FK_SA_FSAC_ActivityEvents_ProcessID` — `(HOST, ProcessID) → SA_FSAC_ProcessNames(HOST, ID)` +- `FK_SA_FSAC_ActivityEvents_TrusteeID` — `(HOST, TrusteeID) → SA_FSAA_Trustees(HOST, ID)` + +**Indexes:** +- `SA_FSAC_ActivityEvents_PathID_IDX` — nonclustered on `(HOST, PathID)` INCLUDE `(ID, AccessTime, TrusteeID, Operation, Allow)` +- `SA_FSAC_ActivityEvents_TrusteeID_IDX` — nonclustered on `(TrusteeID, AccessTime)` INCLUDE `(PathID, ProcessID, Operation, Allow)` + +### SA_FSAC_PermissionChanges {#sa_fsac_permissionchanges} + +Detail rows for activity events where `Operation = 4` (PermissionChange). Each event may have multiple change rows — one per ACE that was added, removed, or modified. `AccessRights` is the bitmask before the change; `NewAccessRights` is the bitmask after (NULL on removal). + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ActivityID | bigint | | No | PK | FK → SA_FSAC_ActivityEvents.ID | | Owning activity event | +| ChangeID | smallint | | No | PK | | | Per-event change index | +| AclType | tinyint | | No | | | | ACL type (DACL / SACL distinction) | +| TrusteeID | int | | No | | FK → SA_FSAA_Trustees.ID | | Trustee whose ACE changed | +| ChangeType | tinyint | | No | | | | Change kind: added / removed / modified | +| AceType | tinyint | | No | | | | ACE type (Allow / Deny) | +| InheritanceFlags | tinyint | | No | | | | NTFS inheritance flags | +| AceFlags | tinyint | | No | | | | NTFS ACE flags | +| AccessRights | bigint | | No | | | | Pre-change Windows access mask | +| NewAccessRights | bigint | | Yes | | | | Post-change access mask (NULL when ACE was removed) | + +**Primary Key:** `PK_SA_FSAC_PermissionChanges` — clustered on `(HOST, ActivityID, ChangeID)` +**Foreign Keys:** +- `FK_SA_FSAC_PermissionChanges_HOST` — `(HOST) → SA_FSAA_Hosts(ID)` +- `FK_SA_FSAC_PermissionChanges_ActivityID` — `(HOST, ActivityID) → SA_FSAC_ActivityEvents(HOST, ID)` +- `FK_SA_FSAC_PermissionChanges_TrusteeID` — `(HOST, TrusteeID) → SA_FSAA_Trustees(HOST, ID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSAC_OwnerChanges {#sa_fsac_ownerchanges} + +Detail rows for activity events that changed a resource's owner (Take Ownership / chown). One row per qualifying activity event. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ActivityID | bigint | | No | PK | FK → SA_FSAC_ActivityEvents.ID | | Owning activity event | +| PreviousOwnerID | int | | No | | FK → SA_FSAA_Trustees.ID | | Owner before the change | +| NewOwnerID | int | | No | | FK → SA_FSAA_Trustees.ID | | Owner after the change | + +**Primary Key:** `PK_SA_FSAC_OwnerChanges` — clustered on `(HOST, ActivityID)` +**Foreign Keys:** +- `FK_SA_FSAC_OwnerChanges_HOST` — `(HOST) → SA_FSAA_Hosts(ID)` +- `FK_SA_FSAC_OwnerChanges_ActivityID` — `(HOST, ActivityID) → SA_FSAC_ActivityEvents(HOST, ID)` +- `FK_SA_FSAC_OwnerChanges_PreviousOwnerID` — `(HOST, PreviousOwnerID) → SA_FSAA_Trustees(HOST, ID)` +- `FK_SA_FSAC_OwnerChanges_NewOwnerID` — `(HOST, NewOwnerID) → SA_FSAA_Trustees(HOST, ID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSAC_DailyActivity {#sa_fsac_dailyactivity} + +Daily aggregation of activity-event counts, partitioned by `(host, date, folder, trustee, operation, allow)`. Feeds the daily-activity views and the *Most Active Users* / *Most Active Servers* reports. + +:::note +The PK was added by a migration block; fresh CREATE TABLE has no PK — the migration adds it if absent. +::: + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ActivityDate | date | | No | PK | | | Date the activity occurred | +| FolderID | bigint | | No | PK | FK → SA_FSAA_Resources.ID | | Containing folder | +| TrusteeID | int | | No | PK | FK → SA_FSAA_Trustees.ID | | Acting trustee | +| Operation | tinyint | | No | PK | | | Operation code (0–5) | +| Allow | bit | | No | PK | | `1` | Allow / Deny flag | +| Count | int | | No | | | | Number of operations | + +**Primary Key:** `PK_SA_FSAC_DailyActivity` — clustered on `(HOST, FolderID, ActivityDate, TrusteeID, Operation, Allow)` +**Foreign Keys:** +- `FK_SA_FSAC_DailyActivity_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +- `FK_SA_FSAC_DailyActivity_FolderID` — `(HOST, FolderID) → SA_FSAA_Resources(HOST, ID)` +- `FK_SA_FSAC_DailyActivity_TrusteeID` — `(HOST, TrusteeID) → SA_FSAA_Trustees(HOST, ID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSAC_RenameTargets {#sa_fsac_renametargets} + +Detail rows for `Operation = 5` (Rename) activity events: stores the *target* path-ID of the rename. The activity event itself records the *source* path; this table records the destination. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ActivityID | bigint | | No | PK | FK → SA_FSAC_ActivityEvents.ID | | Owning rename event | +| TargetPathID | bigint | | No | | FK → SA_FSAA_Resources.ID | | Resource the source was renamed to | + +**Primary Key:** `PK_SA_FSAC_RenameTargets` — clustered on `(HOST, ActivityID)` +**Foreign Keys:** +- `FK_SA_FSAC_RenameTargets_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +- `FK_SA_FSAC_RenameTargets_ActivityID` — `(HOST, ActivityID) → SA_FSAC_ActivityEvents(HOST, ID)` +- `FK_SA_FSAC_RenameTargets_TargetPathID` — `(HOST, TargetPathID) → SA_FSAA_Resources(HOST, ID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSAC_ExceptionTypes {#sa_fsac_exceptiontypes} + +Catalog of activity-exception classes (e.g. *Unusual hourly activity*, *Mass deletion*, *Ransomware artifact*). One row per `(host, exception type)`. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ExceptionType | int | | No | PK | | | Exception type code | +| Name | varchar | 128 | No | | | | Short name | +| Description | varchar | 256 | No | | | | Human-readable description | +| Count | int | | No | | | | Cached count of `SA_FSAC_Exceptions` rows of this type | +| ParentType | int | | Yes | | | | Optional parent exception type for hierarchical grouping | + +**Primary Key:** `PK_SA_FSAC_ExceptionTypes` — clustered on `(HOST, ExceptionType)` +**Foreign Keys:** None +**Indexes:** None beyond the clustered PK + +### SA_FSAC_Exceptions {#sa_fsac_exceptions} + +One row per detected activity anomaly. The `Value` / `Average` / `StandardDeviations` columns capture the statistical model output that triggered the exception. + +:::note +`ExceptionType` is a logical (un-enforced) reference to `SA_FSAC_ExceptionTypes.ExceptionType` — no FK constraint is created. +::: + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| ID | int | | No | PK | | | Per-host exception ID | +| ExceptionType | int | | No | | | | Class of exception (logical reference to `SA_FSAC_ExceptionTypes`) | +| ActivityDate | date | | No | | | | Date the anomaly occurred | +| ActivityHour | tinyint | | Yes | | | | Hour-of-day (0–23) for hourly-bucketed anomalies | +| GateID | int | | No | | | | Gate (share) where the anomaly was observed | +| TrusteeID | int | | Yes | | | | User involved (if applicable) | +| ResourceID | bigint | | Yes | | | | Resource involved (if applicable) | +| Value | int | | Yes | | | | Observed value (e.g. operation count) | +| Average | float | | Yes | | | | Baseline average for comparison | +| StandardDeviations | float | | Yes | | | | How many σ the observed value is from the average | + +**Primary Key:** `PK_SA_FSAC_Exceptions` — clustered on `(HOST, ID)` +**Foreign Keys:** None +**Indexes:** `SA_FSAC_Exceptions_ResourceID_IDX` — nonclustered on `(HOST, ResourceID)` INCLUDE `(GateID)` + +### SA_FSAC_UserExceptionTypes {#sa_fsac_userexceptiontypes} + +User-centric variant of `SA_FSAC_ExceptionTypes` — partitioned by user `SID` instead of by host. Used when an exception is associated with a particular user across multiple hosts. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| SID | varchar | 184 | No | PK | | | User SID | +| ExceptionType | int | | No | PK | | | Exception type code | +| Name | varchar | 128 | No | | | | Short name | +| Description | varchar | 256 | No | | | | Description | +| Count | int | | No | | | | Cached count | +| ParentType | int | | Yes | | | | Optional parent exception type | + +**Primary Key:** `PK_SA_FSAC_UserExceptionTypes` — clustered on `(SID, ExceptionType)` +**Foreign Keys:** None +**Indexes:** None beyond the clustered PK + +### SA_FSAC_UserExceptions {#sa_fsac_userexceptions} + +One row per detected per-user activity anomaly (e.g. unusual login pattern attributed to a specific SID). + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| SID | varchar | 184 | No | | | | User SID | +| ID | int | | No | PK | | | Surrogate exception ID | +| ExceptionType | int | | No | | | | Exception type | +| ActivityDate | date | | No | | | | Date the anomaly occurred | +| ActivityStartTime | tinyint | | Yes | | | | Start hour of the activity window (0–23) | +| ActivityPeriod | tinyint | | Yes | | | | Length of the activity window in hours | +| Value | int | | Yes | | | | Observed value | +| Average | float | | Yes | | | | Baseline average | +| StandardDeviations | float | | Yes | | | | σ from baseline | + +**Primary Key:** `PK_SA_FSAC_UserExceptions` — clustered on `(ID)` +**Foreign Keys:** None +**Indexes:** None beyond the clustered PK + +## Sensitive Data Tables (SA_FSDLP_*) + +### SA_FSDLP_ImportHistory {#sa_fsdlp_importhistory} + +Append-only history of DLP scan imports per host. One row per imported scan run. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| GUID | varchar | 38 | No | | | | Scan correlation GUID | +| USN | int | | No | PK | | | USN at import time | + +**Primary Key:** `PK_SA_FSDLP_ImportHistory` — clustered on `(HOST, USN)` +**Foreign Keys:** `FK_SA_FSDLP_ImportHistory_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSDLP_Criteria {#sa_fsdlp_criteria} + +Per-host catalog of the DLP criteria (patterns / classifiers) that produced matches. The `pattern_guid` is the global identifier linking back to centrally managed criteria definitions. `Risk` is a numeric severity score. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | FK → SA_FSAA_Hosts.ID | | Host partition | +| ID | int | | No | PK | | | Per-host criterion ID | +| Name | nvarchar | 256 | No | | | | Criterion name (e.g. "United States Social Security Number") | +| Risk | int | | No | | | `0` | Risk score | +| pattern_guid | uniqueidentifier | | Yes | | | | Global criterion GUID | + +**Primary Key:** `PK_SA_FSDLP_Criteria` — clustered on `(HOST, ID)` +**Foreign Keys:** `FK_SA_FSDLP_Criteria_HOST` — `(HOST) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSDLP_Matches {#sa_fsdlp_matches} + +One row per `(file, criterion)` pair where the criterion produced at least one hit. `MatchCount` is the total number of hits. `DataSource` is a bitmask: `1` = Content, `2` = Metadata, `4` = Filename; combinations are summed (e.g. `5` = Content + Filename). + +:::note +`FileId` is a logical (un-enforced) reference to `SA_FSAA_Resources.ID`. The DLP collector populates `FileId` to match the FSAA resource ID but no SQL FK constraint is created, so DLP imports can run independently of structural scans. +::: + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| FileId | bigint | | No | PK | | | Resource ID of the matched file (logical FK to `SA_FSAA_Resources.ID`) | +| CriteriaId | int | | No | PK | FK → SA_FSDLP_Criteria.ID | | Criterion that matched | +| MatchCount | int | | Yes | | | | Number of hits within this file for this criterion | +| DataSource | int | | No | | | `0` | Bitmask: 1=Content, 2=Metadata, 4=Filename | + +**Primary Key:** `PK_SA_FSDLP_Matches` — clustered on `(HOST, FileId, CriteriaId)` +**Foreign Keys:** `FK_SA_FSDLP_Matches_CriteriaId` — `(HOST, CriteriaId) → SA_FSDLP_Criteria(HOST, ID) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSDLP_MatchHits {#sa_fsdlp_matchhits} + +Per-hit detail rows. For every match in `SA_FSDLP_Matches`, this table holds the prefix/data/suffix excerpt around each hit, plus a confidence score. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| FileId | bigint | | No | PK | | | Resource ID of the matched file | +| CriteriaId | int | | No | PK | | | Criterion that produced the hit | +| ID | bigint | | No | PK | | | Per-`(File, Criterion)` hit ID | +| SubFileName | nvarchar | 1024 | Yes | | | | Sub-file name (for archives such as ZIP / RAR) | +| MatchPrefix | nvarchar | 1024 | Yes | | | | Text immediately before the matched data | +| MatchData | nvarchar | 1024 | Yes | | | | The matched data itself | +| MatchSuffix | nvarchar | 1024 | Yes | | | | Text immediately after the matched data | +| Confidence | int | | No | | | `0` | Confidence score (0–100) | +| DataSource | int | | No | | | `0` | Where the hit was found (see `SA_FSDLP_Matches.DataSource`) | + +**Primary Key:** `PK_SA_FSDLP_MatchHits` — clustered on `(HOST, FileId, CriteriaId, ID)` +**Foreign Keys:** `FK_SA_FSDLP_MatchHits_Match` — `(HOST, FileId, CriteriaId) → SA_FSDLP_Matches(HOST, FileId, CriteriaId) ON DELETE CASCADE` +**Indexes:** None beyond the clustered PK + +### SA_FSDLP_MatchHits_SubjectProfile {#sa_fsdlp_matchhits_subjectprofile} + +Links a DLP match hit to the subject-profile system, identifying which person or entity the hit is about. Populated when subject-profile correlation is enabled. + +:::note +The `SA_SubjectProfile_*` tables referenced by this table's foreign keys are owned by the central Subject Profile module and are documented separately. +::: + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| HOST | int | | No | PK | | | Host partition | +| FileId | bigint | | No | PK | | | Resource ID of the matched file | +| CriteriaId | int | | No | PK | | | Criterion that produced the hit | +| ID | bigint | | No | PK | FK → SA_FSDLP_MatchHits.ID | | Hit ID | +| SourceId | int | | No | FK → SA_SubjectProfile_Sources.Id | | | Subject-profile source | +| IdentityId | bigint | | No | FK → SA_SubjectProfile_Identities.Id | | | Resolved identity | +| AttributeId | int | | No | | | | Attribute on the identity that the hit aligns with | +| Order | int | | No | | | | Position within multi-valued attributes | + +**Primary Key:** `PK_SA_FSDLP_MatchHits_SubjectProfile` — clustered on `(HOST, FileId, CriteriaId, ID)` +**Foreign Keys:** +- `FK_SA_FSDLP_MatchHits_SubjectProfile` — `(HOST, FileId, CriteriaId, ID) → SA_FSDLP_MatchHits(HOST, FileId, CriteriaId, ID) ON DELETE CASCADE` +- `FK_SA_FSDLP_MatchHits_SubjectProfile_Source` — `(SourceId) → SA_SubjectProfile_Sources(Id)` +- `FK_SA_FSDLP_MatchHits_SubjectProfile_Identity` — `(IdentityId) → SA_SubjectProfile_Identities(Id)` +- `FK_SA_FSDLP_MatchHits_SubjectProfile_Attribute` — `(IdentityId, AttributeId, Order) → SA_SubjectProfile_AttributeValues(IdentityId, AttributeId, Order) ON DELETE CASCADE` + +**Indexes:** None beyond the clustered PK + +## DFS Namespace Tables (SA_FSDFS_*) + +### SA_FSDFS_Namespaces {#sa_fsdfs_namespaces} + +One row per discovered DFS namespace (e.g. `\\contoso.com\public`). Each namespace anchors zero or more DFS links. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| ID | int | | No | PK | | IDENTITY(1,1) | Surrogate namespace ID | +| HOST | int | | No | | | | Host that owns the namespace record | +| Name | nvarchar | 450 | No | | | | DFS namespace name | +| RootHostID | int | | Yes | | FK → SA_FSAA_Hosts.ID | | The FSAA host that hosts the namespace root | +| RootGateID | int | | Yes | | | | The gate (share) that backs the namespace root | +| Host | int | | Yes | | | | Alternate nullable host column added by schema migration | + +**Primary Key:** `PK_SA_FSDFS_Namespaces` — clustered on `(ID)` +**Foreign Keys:** +- `FK_SA_FSDFS_Namespaces_Hosts` — `(RootHostID) → SA_FSAA_Hosts(ID) ON DELETE CASCADE` +- `FK_SA_FSDFS_Namespaces_GateID` — `(RootHostID, RootGateID) → SA_FSAA_Gates(HOST, ID)` + +**Indexes:** None beyond the clustered PK + +### SA_FSDFS_Links {#sa_fsdfs_links} + +Each DFS link maps a logical DFS path (e.g. `\\contoso.com\public\sales`) to a physical target path on a specific server. Multiple links may exist per namespace. + +| Column | Type | Size | Nullable | PK | FK | Default | Description | +|---|---|---|---|---|---|---|---| +| ID | int | | No | PK | | IDENTITY(1,1) | Surrogate link ID | +| HOST | int | | No | PK | | | Host partition (the DFS host) | +| NamespaceID | int | | Yes | | FK → SA_FSDFS_Namespaces.ID | | Owning namespace | +| NamespaceName | nvarchar | 512 | No | | | | Cached namespace name | +| DfsPath | nvarchar | 400 | No | | | | DFS-side logical path (e.g. `sales\reports`) | +| DfsResourceID | bigint | | Yes | | FK → SA_FSAA_Resources.ID | | Resource representing the DFS-side path (when available) | +| DfsHostID | int | | Yes | | | | Host on the DFS side | +| TargetPath | nvarchar | 450 | No | | | | UNC path of the physical target (e.g. `\\fileserver\sales`) | +| TargetHostID | int | | Yes | | FK → SA_FSAA_Hosts.ID | | FSAA host that holds the physical target | +| TargetGateID | int | | Yes | | FK → SA_FSAA_Gates.ID | | Gate (share) that holds the physical target | +| TargetResourceID | bigint | | Yes | | FK → SA_FSAA_Resources.ID | | Resource on the target host | +| State | int | | Yes | | | | DFS link state (online / offline) | +| Timeout | int | | Yes | | | | DFS-link cache timeout | +| DfsGuid | uniqueidentifier | | Yes | | | | DFS link's unique identifier | +| Comment | nvarchar | 1024 | Yes | | | | Free-text comment | +| IsRoot | bit | | No | | | | True if the DFS link represents the namespace root rather than a sub-link | + +**Primary Key:** `PK_SA_FSDFS_Links` — clustered on `(HOST, ID)` +**Foreign Keys:** +- `FK_SA_FSDFS_Links_NamespaceID` — `(NamespaceID) → SA_FSDFS_Namespaces(ID) ON DELETE CASCADE` +- `FK_SA_FSDFS_Links_TargetHostID` — `(TargetHostID) → SA_FSAA_Hosts(ID)` +- `FK_SA_FSDFS_Links_TargetGateID` — `(TargetHostID, TargetGateID) → SA_FSAA_Gates(HOST, ID)` +- `FK_SA_FSDFS_Links_TargetResourceID` — `(TargetHostID, TargetResourceID) → SA_FSAA_Resources(HOST, ID)` +- `FK_SA_FSDFS_Links_DfsResourceID` — `(DfsHostID, DfsResourceID) → SA_FSAA_Resources(HOST, ID)` + +**Indexes:** +- `UQ_FSDFS_Links_DfsPath` — unique nonclustered on `(DfsPath, NamespaceID)` +- `SA_FSDFS_Links_GateID_IDX` — nonclustered on `(TargetHostID, TargetGateID)` diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/enumeration/_category_.json b/docs/accessanalyzer/12.0/admin/schema/fsaadc/enumeration/_category_.json new file mode 100644 index 0000000000..ef7d5a7c74 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/enumeration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Enumeration & Lookup Values", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/enumeration/overview.md b/docs/accessanalyzer/12.0/admin/schema/fsaadc/enumeration/overview.md new file mode 100644 index 0000000000..52d43c4e28 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/enumeration/overview.md @@ -0,0 +1,96 @@ +# Enumeration & Lookup Values + +This page documents all coded column values and lookup tables used in the File System Access Analyzer (FSAA) DC schema. Views surface most of these codes as human-readable description columns, but the raw values appear in the underlying tables and are useful for writing direct queries or custom reports. + +## TrusteeType {#trusteetype} + +Used in `SA_FSAA_Trustees.TrusteeType` and `SA_FSAA_LocalTrustees.TrusteeType`. Identifies the class of security principal that a trustee row represents. + +| Value | Name | Description | +|---|---|---| +| 0 | Unknown | Type couldn't be determined | +| 1 | SecurityPrincipal | Built-in / well-known security principal (e.g. `Everyone`) | +| 2 | LocalUser | Local user account | +| 3 | LocalGroup | Local group account | +| 4 | GlobalUser | Domain user account (shown as `Domain User` in views) | +| 5 | GlobalGroup | Domain group account (shown as `Domain Group` in views) | +| 6 | SharepointUser | SharePoint user | +| 7 | SharepointGroup | SharePoint group | +| 8 | Unsupported | Trustee type not supported | +| 9 | ServiceAccount | Service account | +| 10 | Computer | Computer account | +| 11 | GlobalTrustee | Cross-domain trustee | +| 20 | UnixUser | POSIX user | +| 21 | UnixGroup | POSIX group | + +The `TrusteeTypeDescription` column in views covers values 0, 1, 2, 3, 4, 5, 8, 9, and 10. Values 6, 7, 11, 20, and 21 don't have a dedicated description string in the current view CASE expressions. + +## ResourceType {#resourcetype} + +Used in `SA_FSAA_Resources.ResourceType`. Identifies the kind of file-system object the resource row represents. + +| Value | Name | View label | Description | +|---|---|---|---| +| 0 | Share | Share | SMB / Windows share root | +| 1 | NFSExport | Share | NFS export root | +| 2 | NetAppVolume | Folder | NetApp volume root | +| 3 | WinDir | Folder | Windows directory | +| 4 | WinFile | File | Windows file | +| 5 | UnixDir | Folder | Unix directory | +| 6 | UnixFile | File | Unix file | + +Views map these values to three labels using the following logic: + +``` +CASE + WHEN ResourceType IN (0, 1) THEN 'Share' + WHEN ResourceType IN (2, 3, 5) THEN 'Folder' + WHEN ResourceType IN (4, 6) THEN 'File' +END +``` + +## GateType {#gatetype} + +Used in `SA_FSAA_Gates.GateType`. Identifies the protocol or mechanism the gate represents. + +| Value | Description | +|---|---| +| 0 | SMB / Windows share gate | +| 1 | Windows Security Policy gate | +| 2 | NFS v3 export gate | + +All five LSA policy types (Interactive, Batch, Service, Remote Interactive, Network logon) are stored under `GateType = 1`. The specific privilege type is tracked separately in `SA_FSAA_Policies`. These policy gates carry the LSA pseudo-trustee memberships used by `SA_FSAA_GetPolicyMembership` to expand principals such as `NT AUTHORITY\INTERACTIVE` and `NT AUTHORITY\SERVICE`. + +## Rights Bitmask — AllowRights / DenyRights {#rights-bitmask} + +The simplified six-bit FSAA rights model. Used in `SA_FSAA_Rights.AllowRights`, `DenyRights`, `DirectAllowRights`, `InheritedAllowRights`, `DirectDenyRights`, and `InheritedDenyRights`. Views surface these as the `AllowRightsDescription` / `DenyRightsDescription` text columns (e.g. `LRWDMA`). + +| Bit | Hex / Decimal | Letter | Name | +|---|---|---|---| +| 0 | `0x01` (1) | R | Read | +| 1 | `0x02` (2) | W | Write | +| 2 | `0x04` (4) | D | Delete | +| 3 | `0x08` (8) | M | Manage | +| 4 | `0x10` (16) | A | Admin | +| 5 | `0x20` (32) | L | List | + +The `AllowRightsDescription` string is built by appending each letter whose bit is set. For example, a value of `35` (`0x23` = L + R + W) produces `LRW`. + +The full Windows access mask is stored separately in the `*Mask` columns. The following table shows the common mask values decoded by the `AllowMaskDescription` / `DenyMaskDescription` columns in `SA_FSAA_PermissionsView`, `SA_FSAA_DirectPermissionsView`, and `SA_FSAA_InheritedPermissionsView`: + +| Mask (decimal) | Description | +|---|---| +| 0 | None | +| 2032127 | Full Control (allow) | +| 1245631 | Modify | +| 1179817 | Read & Execute (or "List folder contents" when `AllowRights = 32`) | +| 1179785 | Read | +| 1179926 | Write | +| 983551 | Full Control (deny) | +| 197055 | Modify (deny) | +| 1310720 | Change Permissions | +| 1572864 | Take Ownership | +| 1114112 | Delete | +| 1179648 | Read Permissions | + +Additional special-permission decimal values are decoded by an extended `CASE` expression in the permission views; the listed values cover the most commonly encountered masks. diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/erd/_category_.json b/docs/accessanalyzer/12.0/admin/schema/fsaadc/erd/_category_.json new file mode 100644 index 0000000000..8e87e36269 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/erd/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Table Relationship Diagrams (ERD)", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/erd/overview.md b/docs/accessanalyzer/12.0/admin/schema/fsaadc/erd/overview.md new file mode 100644 index 0000000000..2322db08a5 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/erd/overview.md @@ -0,0 +1,178 @@ +# Table Relationship Diagrams (ERD) + +Relationship lines use standard crow's foot notation: a single vertical bar on the parent side and a crow's foot (fork) on the child side means "exactly one parent and zero or more children"; a single bar on each side with an open circle means one-to-zero-or-one (sidecar / extension table). + +:::note +Every core table includes a `HOST INT` column that is a foreign key to `SA_FSAA_Hosts.ID` with `ON DELETE CASCADE`. To keep the sub-diagrams readable, the host fan-out appears only in the following top-level diagrams; in the other diagrams `HOST` is implicit on every relationship. Three tables don't appear in any diagram because they carry no foreign keys: `SA_FSAA_SchemaVer` (single-row config), `SA_FSAA_ScanHistory` (audit log), and `SA_FSAA_AzureStorageAccounts` (single-column lookup). +::: + +## Top-level Partitioning {#top-level-partitioning} + +`SA_FSAA_Hosts` is the root of the schema. Every other table includes a `HOST` column whose foreign key cascades on delete, so removing a host atomically purges its entire data set. Because the host fan-out spans more than six child tables, it is split into the following two diagrams. + +**Core structural and permission tables:** + +```erDiagram + SA_FSAA_Hosts ||--o{ SA_FSAA_ImportHistory : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAA_Trustees : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAA_Resources : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAA_Gates : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAA_Tags : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAA_TagKeys : "HOST" +``` + +**Exception, ownership, and Azure tables:** + +```erDiagram + SA_FSAA_Hosts ||--o{ SA_FSAA_TagProxies : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAA_ExceptionTypes : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAA_Exceptions : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAA_ProbableOwners : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAA_AzureFilesShares : "HOST" +``` + +## Trustees {#trustees} + +`SA_FSAA_Trustees` is the canonical trustee table. `SA_FSAA_LocalTrustees` is a 1:0..1 extension that adds NT-style domain/name/display fields for principals local to the host. `SA_FSAA_TrusteeEquivalence` is the local-group-membership edge table — `TrusteeID` is the member, `EquivalentTrusteeID` is the local group it belongs to. `SA_FSAA_TrusteeMap` is the cross-module identity bridge to the Activity (FSAC) and DLP (FSDLP) trustee tables. + +```erDiagram + SA_FSAA_Trustees ||--o| SA_FSAA_LocalTrustees : "ID (extension)" + SA_FSAA_Trustees ||--o{ SA_FSAA_TrusteeEquivalence : "TrusteeID (member)" + SA_FSAA_LocalTrustees ||--o{ SA_FSAA_TrusteeEquivalence : "EquivalentTrusteeID (group)" + SA_FSAA_Trustees ||--o| SA_FSAA_TrusteeMap : "ID" +``` + +## Resources {#resources} + +`SA_FSAA_Resources` is the file/folder/share tree. Note the self-reference for parent-child folder hierarchy and the `OwnerID` FK back to `SA_FSAA_Trustees`. Five sidecar tables hold per-resource aggregations. `SA_FSAA_ResourceMap` and `SA_FSAA_ResourcesScanTypeDetails` are 1:0..1 extensions that hold cross-module IDs and per-scan-type USN tracking respectively. + +```erDiagram + SA_FSAA_Resources ||--o{ SA_FSAA_Resources : "ParentResourceID (self)" + SA_FSAA_Trustees ||--o{ SA_FSAA_Resources : "OwnerID" + + SA_FSAA_Resources ||--o{ SA_FSAA_FileSizes : "ResourceID" + SA_FSAA_Resources ||--o{ SA_FSAA_FileTypes : "ResourceID" + SA_FSAA_Resources ||--o{ SA_FSAA_FileAges : "ResourceID" + SA_FSAA_Resources ||--o{ SA_FSAA_UnixRights : "ResourceID" + SA_FSAA_Resources ||--o{ SA_FSAA_ProbableOwners : "ResourceID" + + SA_FSAA_Trustees ||--o{ SA_FSAA_UnixRights : "OwnerID + GroupID" + SA_FSAA_Trustees ||--o{ SA_FSAA_ProbableOwners : "OwnerID" + + SA_FSAA_Resources ||--o| SA_FSAA_ResourceMap : "ID (extension)" + SA_FSAA_Resources ||--o| SA_FSAA_ResourcesScanTypeDetails : "ID (extension)" +``` + +## Gates and Permissions {#gates-and-permissions} + +A "gate" is a way to reach a resource — an SMB share, NFS export, or LSA-policy container. `SA_FSAA_Gates` self-references through `PolicyID` (an NFS export gate points at its export-policy gate). `SA_FSAA_GatesProxy` is the dedup bridge between resources and gates. `SA_FSAA_Rights` holds the per-trustee allow/deny ACL entries. `SA_FSAA_GateMap` is the cross-module gate identity bridge. + +```erDiagram + SA_FSAA_Gates ||--o{ SA_FSAA_Gates : "PolicyID (self)" + SA_FSAA_Resources ||--o{ SA_FSAA_Gates : "ShareID + FolderID" + + SA_FSAA_Gates ||--o{ SA_FSAA_GatesProxy : "GateID" + SA_FSAA_Gates ||--o{ SA_FSAA_Policies : "PolicyID" + SA_FSAA_Trustees ||--o{ SA_FSAA_Policies : "TrusteeID" + + SA_FSAA_Trustees ||--o{ SA_FSAA_Rights : "TrusteeID" + + SA_FSAA_Gates ||--o| SA_FSAA_GateMap : "ID (extension)" +``` + +:::note +`SA_FSAA_Resources.RightsProxyID → SA_FSAA_Rights.RightsProxyID` and `SA_FSAA_Resources.GatesProxyID → SA_FSAA_GatesProxy.ID` are logical (un-enforced) references not shown in the diagram. These are denormalized pointers maintained by the import pipeline; no FK constraint is created so that bulk imports can stage rows in any order. +::: + +## Tags {#tags} + +Tags use a three-table dedup pattern. `SA_FSAA_Tags` holds each unique tag string. `SA_FSAA_TagKeys` defines a "tag set" identity. `SA_FSAA_TagProxies` is the membership table linking tag sets to their individual tags. `SA_FSAA_Resources.TagProxyID` and `SA_FSAA_FileTags.TagProxyID` reference the tag-set identity in `TagKeys`. + +```erDiagram + SA_FSAA_TagKeys ||--o{ SA_FSAA_TagProxies : "TagProxyID" + SA_FSAA_Tags ||--o{ SA_FSAA_TagProxies : "TagID" + SA_FSAA_TagKeys ||--o{ SA_FSAA_FileTags : "TagProxyID" + SA_FSAA_Resources ||--o{ SA_FSAA_FileTags : "ResourceID" +``` + +## Exceptions {#exceptions} + +`SA_FSAA_ExceptionTypes` is the per-host catalog of exception classes. `SA_FSAA_Exceptions` carries one row per detected anomaly and has FKs to all four foundational tables — Hosts, Gates, Resources, and Trustees (twice: `TrusteeID` and `SourceTrusteeID`). Most FK columns are nullable because different exception types use different combinations. + +```erDiagram + SA_FSAA_ExceptionTypes ||--o{ SA_FSAA_Exceptions : "ExceptionType" + SA_FSAA_Gates ||--o{ SA_FSAA_Exceptions : "GateID" + SA_FSAA_Resources ||--o{ SA_FSAA_Exceptions : "ResourceID" + SA_FSAA_Trustees ||--o{ SA_FSAA_Exceptions : "TrusteeID" + SA_FSAA_Trustees ||--o{ SA_FSAA_Exceptions : "SourceTrusteeID" +``` + +## Azure Files {#azure-files} + +`SA_FSAA_AzureFilesShares` ties an Azure Files share back to the resource tree (`ResourceID` = share root) and the gate model (`GateID`). `SA_FSAA_AzureFilesShareProperties` is a 1:0..1 extension carrying Azure-specific metadata (tier, lease, retention, quota). + +```erDiagram + SA_FSAA_Resources ||--o{ SA_FSAA_AzureFilesShares : "ResourceID" + SA_FSAA_Gates ||--o{ SA_FSAA_AzureFilesShares : "GateID" + SA_FSAA_AzureFilesShares ||--o| SA_FSAA_AzureFilesShareProperties : "AzureShareID (extension)" +``` + +## Activity Collection (SA_FSAC_*) {#activity-collection} + +`SA_FSAC_ActivityEvents` is the high-volume audit-event stream; each row is one observed file-system operation. Every event references the resource (`PathID`), the trustee that performed the operation, and the process (`ProcessID`) that ran it. Three detail tables reference `ActivityEvents`: `SA_FSAC_PermissionChanges`, `SA_FSAC_OwnerChanges`, and `SA_FSAC_RenameTargets`. `SA_FSAC_DailyActivity` is a daily aggregation rolled up by `(folder, trustee, operation)`. `SA_FSAC_Exceptions` records detected anomalies; `SA_FSAC_UserExceptions` is the per-user variant (partitioned by `SID` instead of by host). + +```erDiagram + SA_FSAA_Hosts ||--o{ SA_FSAC_ProcessNames : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAC_ActivityEvents : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSAC_DailyActivity : "HOST" + + SA_FSAA_Resources ||--o{ SA_FSAC_ActivityEvents : "PathID" + SA_FSAA_Trustees ||--o{ SA_FSAC_ActivityEvents : "TrusteeID" + SA_FSAC_ProcessNames ||--o{ SA_FSAC_ActivityEvents : "ProcessID" + + SA_FSAC_ActivityEvents ||--o{ SA_FSAC_PermissionChanges : "ActivityID" + SA_FSAC_ActivityEvents ||--o| SA_FSAC_OwnerChanges : "ActivityID" + SA_FSAC_ActivityEvents ||--o| SA_FSAC_RenameTargets : "ActivityID" + + SA_FSAA_Trustees ||--o{ SA_FSAC_PermissionChanges : "TrusteeID" + SA_FSAA_Trustees ||--o{ SA_FSAC_OwnerChanges : "PreviousOwnerID + NewOwnerID" + SA_FSAA_Resources ||--o{ SA_FSAC_RenameTargets : "TargetPathID" + + SA_FSAA_Resources ||--o{ SA_FSAC_DailyActivity : "FolderID" + SA_FSAA_Trustees ||--o{ SA_FSAC_DailyActivity : "TrusteeID" + + SA_FSAC_ExceptionTypes ||--o{ SA_FSAC_Exceptions : "ExceptionType" + SA_FSAC_UserExceptionTypes ||--o{ SA_FSAC_UserExceptions : "ExceptionType (by SID)" +``` + +## Sensitive Data — DLP (SA_FSDLP_*) {#sensitive-data} + +`SA_FSDLP_Criteria` lists the active DLP patterns. `SA_FSDLP_Matches` records, for each `(file, criterion)` pair, how many hits were found. `SA_FSDLP_MatchHits` carries the per-hit excerpt (prefix/data/suffix) and confidence score. `SA_FSDLP_MatchHits_SubjectProfile` links each hit to a subject in the central Subject Profile system. + +```erDiagram + SA_FSAA_Hosts ||--o{ SA_FSDLP_ImportHistory : "HOST" + SA_FSAA_Hosts ||--o{ SA_FSDLP_Criteria : "HOST" + + SA_FSDLP_Criteria ||--o{ SA_FSDLP_Matches : "CriteriaId" + SA_FSDLP_Matches ||--o{ SA_FSDLP_MatchHits : "FileId + CriteriaId" + SA_FSDLP_MatchHits ||--o{ SA_FSDLP_MatchHits_SubjectProfile : "FileId + CriteriaId + ID" +``` + +:::note +`SA_FSDLP_Matches.FileId → SA_FSAA_Resources.ID` is a logical (un-enforced) reference not shown in the diagram. The DLP collector populates `FileId` to match the FSAA resource ID but no SQL FK constraint is created, so DLP imports can run independently of structural scans. `SA_FSDLP_MatchHits_SubjectProfile` also has foreign keys into the central Subject Profile tables (`SA_SubjectProfile_Sources`, `SA_SubjectProfile_Identities`, `SA_SubjectProfile_AttributeValues`), which are owned by a separate module and not shown here. +::: + +## DFS Namespaces (SA_FSDFS_*) {#dfs-namespaces} + +`SA_FSDFS_Namespaces` lists the discovered DFS namespaces. `SA_FSDFS_Links` resolves each DFS-side path into the physical target (host/gate/resource) on a real file server. The link table has FKs into both the FSAA host and the FSAA structural tables on the target side. + +```erDiagram + SA_FSAA_Hosts ||--o{ SA_FSDFS_Namespaces : "RootHostID" + SA_FSAA_Gates ||--o{ SA_FSDFS_Namespaces : "(RootHostID, RootGateID) composite FK" + + SA_FSDFS_Namespaces ||--o{ SA_FSDFS_Links : "NamespaceID" + SA_FSAA_Hosts ||--o{ SA_FSDFS_Links : "TargetHostID" + SA_FSAA_Gates ||--o{ SA_FSDFS_Links : "TargetGateID" + SA_FSAA_Resources ||--o{ SA_FSDFS_Links : "TargetResourceID" + SA_FSAA_Resources ||--o{ SA_FSDFS_Links : "DfsResourceID" +``` diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/fkreference/_category_.json b/docs/accessanalyzer/12.0/admin/schema/fsaadc/fkreference/_category_.json new file mode 100644 index 0000000000..c990fe38d8 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/fkreference/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Foreign Key Reference", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/fkreference/overview.md b/docs/accessanalyzer/12.0/admin/schema/fsaadc/fkreference/overview.md new file mode 100644 index 0000000000..c8ae6d85ec --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/fkreference/overview.md @@ -0,0 +1,87 @@ +# Foreign Key Reference + +## Complete Foreign Key Listing {#complete-foreign-key-listing} + +All enforced FK constraints across the four FSAA DC collector modules, listed in the same order as the [Core Data Collection Tables](../coretables/overview.md) page. + +| FK Name | Parent Table | Parent Columns | Referenced Table | Referenced Columns | On Delete | +|---|---|---|---|---|---| +| FK_SA_FSAA_ImportHistory_HOST | SA_FSAA_ImportHistory | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAA_Trustees_HOST | SA_FSAA_Trustees | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAA_LocalTrustees_ID | SA_FSAA_LocalTrustees | HOST, ID | SA_FSAA_Trustees | HOST, ID | CASCADE | +| FK_SA_FSAA_TrusteeEquivalence_TrusteeID | SA_FSAA_TrusteeEquivalence | HOST, TrusteeID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAA_TrusteeEquivalence_EquivalentTrusteeID | SA_FSAA_TrusteeEquivalence | HOST, EquivalentTrusteeID | SA_FSAA_LocalTrustees | HOST, ID | CASCADE | +| FK_SA_FSAA_Rights_TrusteeID | SA_FSAA_Rights | HOST, TrusteeID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAA_Tags_HOST | SA_FSAA_Tags | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAA_TagKeys_HOST | SA_FSAA_TagKeys | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAA_TagProxies_HOST | SA_FSAA_TagProxies | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAA_TagProxies_TagProxyID | SA_FSAA_TagProxies | HOST, TagProxyID | SA_FSAA_TagKeys | HOST, TagProxyID | NO ACTION | +| FK_SA_FSAA_TagProxies_TagID | SA_FSAA_TagProxies | HOST, TagID | SA_FSAA_Tags | HOST, TagID | NO ACTION | +| FK_SA_FSAA_Resources_HOST | SA_FSAA_Resources | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAA_Resources_ParentResourceID | SA_FSAA_Resources | HOST, ParentResourceID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSAA_Resources_OwnerID | SA_FSAA_Resources | HOST, OwnerID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAA_UnixRights_ResourceID | SA_FSAA_UnixRights | HOST, ResourceID | SA_FSAA_Resources | HOST, ID | CASCADE | +| FK_SA_FSAA_UnixRights_OwnerID | SA_FSAA_UnixRights | HOST, OwnerID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAA_UnixRights_GroupID | SA_FSAA_UnixRights | HOST, GroupID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAA_Gates_HOST | SA_FSAA_Gates | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAA_Gates_ShareID | SA_FSAA_Gates | HOST, ShareID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSAA_Gates_FolderID | SA_FSAA_Gates | HOST, FolderID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSAA_Gates_PolicyID | SA_FSAA_Gates | HOST, PolicyID | SA_FSAA_Gates | HOST, ID | NO ACTION | +| FK_SA_FSAA_GatesProxy_GateID | SA_FSAA_GatesProxy | HOST, GateID | SA_FSAA_Gates | HOST, ID | CASCADE | +| FK_SA_FSAA_Policies_PolicyID | SA_FSAA_Policies | HOST, PolicyID | SA_FSAA_Gates | HOST, ID | CASCADE | +| FK_SA_FSAA_Policies_TrusteeID | SA_FSAA_Policies | HOST, TrusteeID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAA_Exceptions_HOST | SA_FSAA_Exceptions | HOST | SA_FSAA_Hosts | ID | NO ACTION | +| FK_SA_FSAA_Exceptions_GateID | SA_FSAA_Exceptions | HOST, GateID | SA_FSAA_Gates | HOST, ID | CASCADE | +| FK_SA_FSAA_Exceptions_ResourceID | SA_FSAA_Exceptions | HOST, ResourceID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSAA_Exceptions_TrusteeID | SA_FSAA_Exceptions | HOST, TrusteeID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAA_Exceptions_SourceTrusteeID | SA_FSAA_Exceptions | HOST, SourceTrusteeID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAA_ExceptionTypes_HOST | SA_FSAA_ExceptionTypes | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAA_ProbableOwners_HOST | SA_FSAA_ProbableOwners | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAA_ProbableOwners_ResourceID | SA_FSAA_ProbableOwners | HOST, ResourceID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSAA_ProbableOwners_OwnerID | SA_FSAA_ProbableOwners | HOST, OwnerID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAA_FileSizes_ResourceID | SA_FSAA_FileSizes | HOST, ResourceID | SA_FSAA_Resources | HOST, ID | CASCADE | +| FK_SA_FSAA_FileTypes_ResourceID | SA_FSAA_FileTypes | HOST, ResourceID | SA_FSAA_Resources | HOST, ID | CASCADE | +| FK_SA_FSAA_FileAges_ResourceID | SA_FSAA_FileAges | HOST, ResourceID | SA_FSAA_Resources | HOST, ID | CASCADE | +| FK_SA_FSAA_FileTags_ResourceID | SA_FSAA_FileTags | HOST, ResourceID | SA_FSAA_Resources | HOST, ID | CASCADE | +| FK_SA_FSAA_FileTags_TagProxyID | SA_FSAA_FileTags | HOST, TagProxyID | SA_FSAA_TagKeys | HOST, TagProxyID | NO ACTION | +| FK_SA_FSAA_AzureFilesShares_HOST | SA_FSAA_AzureFilesShares | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAA_AzureFilesShares_ResourceID | SA_FSAA_AzureFilesShares | HOST, ResourceID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSAA_AzureFilesShares_GateID | SA_FSAA_AzureFilesShares | HOST, GateID | SA_FSAA_Gates | HOST, ID | NO ACTION | +| FK_SA_FSAA_AzureFilesShareProperties_AzureShareID | SA_FSAA_AzureFilesShareProperties | HOST, AzureShareID | SA_FSAA_AzureFilesShares | HOST, ID | CASCADE | +| FK_SA_FSAA_TrusteeMap_ID | SA_FSAA_TrusteeMap | HOST, ID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAA_ResourceMap_ID | SA_FSAA_ResourceMap | HOST, ID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSAA_GateMap_ID | SA_FSAA_GateMap | HOST, ID | SA_FSAA_Gates | HOST, ID | NO ACTION | +| FK_SA_FSAA_ResourcesScanTypeDetails_ID | SA_FSAA_ResourcesScanTypeDetails | HOST, ID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSAC_ProcessNames_HOST | SA_FSAC_ProcessNames | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAC_ActivityEvents_HOST | SA_FSAC_ActivityEvents | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAC_ActivityEvents_PathID | SA_FSAC_ActivityEvents | HOST, PathID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSAC_ActivityEvents_ProcessID | SA_FSAC_ActivityEvents | HOST, ProcessID | SA_FSAC_ProcessNames | HOST, ID | NO ACTION | +| FK_SA_FSAC_ActivityEvents_TrusteeID | SA_FSAC_ActivityEvents | HOST, TrusteeID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAC_PermissionChanges_HOST | SA_FSAC_PermissionChanges | HOST | SA_FSAA_Hosts | ID | NO ACTION | +| FK_SA_FSAC_PermissionChanges_ActivityID | SA_FSAC_PermissionChanges | HOST, ActivityID | SA_FSAC_ActivityEvents | HOST, ID | NO ACTION | +| FK_SA_FSAC_PermissionChanges_TrusteeID | SA_FSAC_PermissionChanges | HOST, TrusteeID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAC_OwnerChanges_HOST | SA_FSAC_OwnerChanges | HOST | SA_FSAA_Hosts | ID | NO ACTION | +| FK_SA_FSAC_OwnerChanges_ActivityID | SA_FSAC_OwnerChanges | HOST, ActivityID | SA_FSAC_ActivityEvents | HOST, ID | NO ACTION | +| FK_SA_FSAC_OwnerChanges_PreviousOwnerID | SA_FSAC_OwnerChanges | HOST, PreviousOwnerID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAC_OwnerChanges_NewOwnerID | SA_FSAC_OwnerChanges | HOST, NewOwnerID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAC_DailyActivity_HOST | SA_FSAC_DailyActivity | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAC_DailyActivity_FolderID | SA_FSAC_DailyActivity | HOST, FolderID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSAC_DailyActivity_TrusteeID | SA_FSAC_DailyActivity | HOST, TrusteeID | SA_FSAA_Trustees | HOST, ID | NO ACTION | +| FK_SA_FSAC_RenameTargets_HOST | SA_FSAC_RenameTargets | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSAC_RenameTargets_ActivityID | SA_FSAC_RenameTargets | HOST, ActivityID | SA_FSAC_ActivityEvents | HOST, ID | NO ACTION | +| FK_SA_FSAC_RenameTargets_TargetPathID | SA_FSAC_RenameTargets | HOST, TargetPathID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSDLP_ImportHistory_HOST | SA_FSDLP_ImportHistory | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSDLP_Criteria_HOST | SA_FSDLP_Criteria | HOST | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSDLP_Matches_CriteriaId | SA_FSDLP_Matches | HOST, CriteriaId | SA_FSDLP_Criteria | HOST, ID | CASCADE | +| FK_SA_FSDLP_MatchHits_Match | SA_FSDLP_MatchHits | HOST, FileId, CriteriaId | SA_FSDLP_Matches | HOST, FileId, CriteriaId | CASCADE | +| FK_SA_FSDLP_MatchHits_SubjectProfile | SA_FSDLP_MatchHits_SubjectProfile | HOST, FileId, CriteriaId, ID | SA_FSDLP_MatchHits | HOST, FileId, CriteriaId, ID | CASCADE | +| FK_SA_FSDLP_MatchHits_SubjectProfile_Source | SA_FSDLP_MatchHits_SubjectProfile | SourceId | SA_SubjectProfile_Sources | Id | NO ACTION | +| FK_SA_FSDLP_MatchHits_SubjectProfile_Identity | SA_FSDLP_MatchHits_SubjectProfile | IdentityId | SA_SubjectProfile_Identities | Id | NO ACTION | +| FK_SA_FSDLP_MatchHits_SubjectProfile_Attribute | SA_FSDLP_MatchHits_SubjectProfile | IdentityId, AttributeId, Order | SA_SubjectProfile_AttributeValues | IdentityId, AttributeId, Order | CASCADE | +| FK_SA_FSDFS_Namespaces_Hosts | SA_FSDFS_Namespaces | RootHostID | SA_FSAA_Hosts | ID | CASCADE | +| FK_SA_FSDFS_Namespaces_GateID | SA_FSDFS_Namespaces | RootHostID, RootGateID | SA_FSAA_Gates | HOST, ID | NO ACTION | +| FK_SA_FSDFS_Links_NamespaceID | SA_FSDFS_Links | NamespaceID | SA_FSDFS_Namespaces | ID | CASCADE | +| FK_SA_FSDFS_Links_TargetHostID | SA_FSDFS_Links | TargetHostID | SA_FSAA_Hosts | ID | NO ACTION | +| FK_SA_FSDFS_Links_TargetGateID | SA_FSDFS_Links | TargetHostID, TargetGateID | SA_FSAA_Gates | HOST, ID | NO ACTION | +| FK_SA_FSDFS_Links_TargetResourceID | SA_FSDFS_Links | TargetHostID, TargetResourceID | SA_FSAA_Resources | HOST, ID | NO ACTION | +| FK_SA_FSDFS_Links_DfsResourceID | SA_FSDFS_Links | DfsHostID, DfsResourceID | SA_FSAA_Resources | HOST, ID | NO ACTION | diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/functions/_category_.json b/docs/accessanalyzer/12.0/admin/schema/fsaadc/functions/_category_.json new file mode 100644 index 0000000000..7b82af05dc --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/functions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Functions & Stored Procedures", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/functions/overview.md b/docs/accessanalyzer/12.0/admin/schema/fsaadc/functions/overview.md new file mode 100644 index 0000000000..e471922a42 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/functions/overview.md @@ -0,0 +1,216 @@ +# Functions & Stored Procedures + +All functions and stored procedures live in the `dbo` schema. Most table-valued functions are inline (iTVF) and are joined into views with `CROSS APPLY` or `OUTER APPLY`. Two cross-database UDF table types — `SA_CORE_GroupMemberPathTable` and `SA_CORE_GroupMembersTable` — are used as `READONLY` table-valued parameters; both come from the `SA_CORE_*` shared schema created elsewhere. + +## FSAA Functions {#fsaa-functions} + +### SA_FSAA_GetPath + +**Signature:** `(@serverID INT, @resourceID BIGINT) RETURNS NVARCHAR(4000)` +**Type:** Scalar function + +Walks the parent chain in `SA_FSAA_Resources` and concatenates names with the appropriate delimiter (`/` for Unix resources of type 5 or 6, `\` for everything else) to produce the full resource path. Returns NULL if the resource isn't found. + +### SA_FSAA_GetTrusteeMembership + +**Signature:** `(@serverID INT, @objectSID VARCHAR(184), @trusteeType INT, @groupPath SA_CORE_GroupMemberPathTable READONLY, @directlyApplied INT = 0, @membershipOverride SA_CORE_GroupMembersTable READONLY) RETURNS TABLE (NTDomain, NTName, DisplayName, ObjectSID, TrusteeType)` +**Type:** Multi-statement table-valued function + +Recursively expands a group or principal into its effective members. Handles well-known SIDs specially — `S-1-5-2 NETWORK`, `S-1-5-3 BATCH`, `S-1-5-4 INTERACTIVE`, `S-1-5-6 SERVICE`, `S-1-5-13 TERMINAL SERVER USER`, `S-1-5-14 REMOTE INTERACTIVE LOGON`, `S-1-2-0 LOCAL` — by routing through `SA_FSAA_GetPolicyMembership`. Domain groups are expanded via `SA_CORE_GetDomainGroupMembershipEx` or `SA_ADInventory_GroupMembersView`; local groups via `SA_FSAA_GetLocalGroupMembership`. The `@groupPath` parameter prevents infinite recursion. + +### SA_FSAA_IsTrusteeMember + +**Signature:** `(@serverID INT, @trusteeSID VARCHAR(184), @trusteeDomain NVARCHAR(256), @trusteeType INT, @groupSID VARCHAR(184), @groupDomain NVARCHAR(256), @groupType INT, @directlyApplied INT) RETURNS INT` +**Type:** Scalar function + +Returns `1` if the trustee is a recursive member of the group, else `0`. Encodes fast paths for `Everyone (S-1-1-0)`, `Authenticated Users (S-1-5-11)` (excluding Guest, Anonymous, and Domain Computers), and `Domain Users (S-1-5-21-...-513)`. Falls back to `SA_FSAA_GetTrusteeMembership` when no fast path can answer the relationship. + +### SA_FSAA_RecurseFolders + +**Signature:** `(@serverID INT, @resourceID BIGINT) RETURNS TABLE (ID, NestedLevel, ResourceType, DeletedUSN)` +**Type:** Inline table-valued function (recursive CTE) + +Returns every descendant of the given resource. Used for subtree aggregation queries. + +### SA_FSAA_WalkTrusteePath + +**Signature:** `(@serverID INT, @trusteeType INT, @trusteeSID VARCHAR(184), @trusteeDomain NVARCHAR(256), @trusteeDisplay NVARCHAR(256), @groupSID VARCHAR(184), @groupType INT, @groupDomain NVARCHAR(256), @groupName NVARCHAR(256), @pathString NVARCHAR(1024), ...) RETURNS TABLE` +**Type:** Inline table-valued function + +Helper that walks an effective-membership path and accumulates the membership chain into a textual breadcrumb (`group → subgroup → user`). + +### SA_FSAA_GetTrusteeInformationEx + +**Signature:** `(@serverID INT, @trusteeID INT, @objectSID VARCHAR(184), @trusteeType SMALLINT) RETURNS TABLE (NTDomain, NTName, DisplayName, SID, TrusteeType, IsHistoricalSID, PrincipalId)` +**Type:** Inline table-valued function + +Returns a single row of trustee identity. For local trustees the values come from `SA_FSAA_LocalTrustees`; for domain trustees they come from the AD inventory's `SA_ADInventory_*` tables matched by SID (handling SID History when `IsHistoricalSID = 1`). Two definitions exist in the script; the `#SA_ImportObject` helper chooses the current version at runtime. + +### SA_FSAA_GetTrusteeInformation + +**Signature:** `(@serverID INT, @trusteeID INT) RETURNS TABLE (NTDomain, NTName, DisplayName, SID, TrusteeType, IsHistoricalSID, PrincipalId)` +**Type:** Inline table-valued function + +Wrapper around `SA_FSAA_GetTrusteeInformationEx` that pulls the SID and `TrusteeType` from `SA_FSAA_Trustees` first. + +### SA_FSAA_GetResourcePermissions + +**Signature:** `(@serverID INT, @resourceID BIGINT) RETURNS TABLE (AllowRights, DenyRights, AllowMask, DenyMask, TrusteeID, NTDomain, NTName, DisplayName, SID, TrusteeType)` +**Type:** Inline table-valued function + +Joins `Resources → Rights → LocalTrustees` and returns the ACL of the resource as a flat table (one row per ACE). + +### SA_FSAA_GetGatePermissions + +**Signature:** `(@serverID INT, @gateID INT) RETURNS TABLE (AllowRights, DenyRights, TrusteeID, NTDomain, NTName, DisplayName, SID, TrusteeType)` +**Type:** Inline table-valued function + +Returns the share-level permissions for a gate. Computes the synthetic Allow/Deny bits by `b.Allow * -63` (turning the boolean into the full 6-bit `LRWDMA` mask). + +### SA_FSAA_GetExpandedPermissions + +**Signature:** `(@serverID INT, @resourceID BIGINT, @ispolicy BIT, @membershipOverride SA_CORE_GroupMembersTable READONLY) RETURNS @expandedRights TABLE (AllowRights, DenyRights, ...trustee columns...)` +**Type:** Multi-statement table-valued function + +Takes a resource's ACL and recursively expands every group ACE into per-leaf-trustee entries via `SA_FSAA_GetTrusteeMembership`. Used by `SA_FSAA_ExpandedPermissionsView`. + +### SA_FSAA_GetExpandedPermissionsEx + +**Signature:** `(@serverID INT, @resourceID BIGINT, @ispolicy INT, @trusteeFilter SA_CORE_TrusteeInformationTable READONLY, @membershipOverride SA_CORE_GroupMembersTable READONLY) RETURNS @expandedRights TABLE (...)` +**Type:** Multi-statement table-valued function + +Same as `SA_FSAA_GetExpandedPermissions` but pre-filtered to only the trustees in `@trusteeFilter`. Significantly faster when the caller cares about a specific user. + +### SA_FSAA_GetExpandedAzureSharePermissions + +**Signature:** `(@serverId INT, @azureShareId BIGINT) RETURNS @expandedRights TABLE (AllowRights, DenyRights, TrusteeDomain, TrusteeNTName, ...)` +**Type:** Multi-statement table-valued function + +Azure-Files-specific equivalent of `SA_FSAA_GetExpandedPermissions`. + +### SA_FSAA_GetPolicyMembership + +**Signature:** `(@serverID INT, @policyID INT, @groupPath SA_CORE_GroupMemberPathTable READONLY, @directlyApplied INT = 0, @membershipOverride SA_CORE_GroupMembersTable READONLY) RETURNS @effectiveMembers TABLE (...)` +**Type:** Multi-statement table-valued function + +Resolves the trustees of a local-policy gate (e.g. *Logon Interactively*). Reads `SA_FSAA_Policies` and recursively expands each policy member. + +### SA_FSAA_GetLocalGroupMembership + +**Signature:** `(@serverID INT, @objectSID VARCHAR(184), @groupPath SA_CORE_GroupMemberPathTable READONLY, @directlyApplied INT = 0, @membershipOverride SA_CORE_GroupMembersTable READONLY) RETURNS @effectiveMembers TABLE (...)` +**Type:** Multi-statement table-valued function + +Walks `SA_FSAA_TrusteeEquivalence` for the given local group and recursively expands each equivalent trustee. + +### SA_FSAA_GetEffectiveRights + +**Signature:** `(@serverID INT, @resourceID BIGINT, @gateID INT, @directlyApplied INT, @membershipOverride SA_CORE_GroupMembersTable READONLY) RETURNS @effectiveRights TABLE (AllowRights, DenyRights, ...trustee columns..., DirectTrustee BIT)` +**Type:** Multi-statement table-valued function + +Computes the effective allow/deny bits for every leaf trustee that can reach the resource through the gate. Composes share permissions, NTFS permissions, group membership expansion, and domain inventory data. The heaviest UDF in the schema. Used by `SA_FSAA_EffectiveAccessView`. + +### SA_FSAA_GetEffectiveRightsEx + +**Signature:** `(@serverID INT, @resourceID BIGINT, @gateID INT, @trusteeFilter SA_CORE_TrusteeInformationTable READONLY, @membershipOverride SA_CORE_GroupMembersTable READONLY) RETURNS @effectiveRights TABLE (...)` +**Type:** Multi-statement table-valued function + +Same as `SA_FSAA_GetEffectiveRights` but filtered to a specific set of trustees. + +### SA_FSAA_GetTrusteePermissionSource + +**Signature:** `(@serverID INT, @resourceID BIGINT, @gateID INT, @trusteeSID VARCHAR(184)) RETURNS @permissionSource TABLE (HOST VARCHAR(64) NOT NULL, AllowRights, DenyRights, AllowRightsDescription, ...)` +**Type:** Multi-statement table-valued function + +Given a resource, gate, and trustee SID, returns the source ACEs that contribute to that trustee's effective rights. Useful for "who granted this user access?" diagnostic UI. + +### SA_FSAA_LookupResourcePath + +**Signature:** `(@serverID INT, @path NVARCHAR(1024)) RETURNS BIGINT` +**Type:** Scalar function + +Resolves a backslash-delimited path string against the resource tree for a host and returns the matching `SA_FSAA_Resources.ID`, or NULL if no match. + +### SA_FSAA_LookupUncPath + +**Signature:** `(@path NVARCHAR(1024)) RETURNS @results TABLE (HostID INT NOT NULL, HostName NVARCHAR(256) NOT NULL, GateID INT NOT NULL, ResourceID BIGINT NULL, ...)` +**Type:** Multi-statement table-valued function + +Parses a UNC path (`\\server\share\path`) and returns the matching host, gate, and resource. Maps paths captured in DLP or Activity tables back into the FSAA structural keyspace. + +### SA_FSAA_UpdateStatistics + +**Signature:** `()` +**Type:** Stored procedure (no parameters) + +Runs `UPDATE STATISTICS` on the FSAA tables. The structural-import job invokes this procedure after a bulk import to keep the SQL Server query optimizer's row-count estimates current. Long-running on large data sets. + +## Activity Collector Functions {#activity-collector-functions} + +### SA_FSAC_GetActiveFolderPermissions + +**Signature:** `(@serverID INT, @resourceID BIGINT, @activityDays INT) RETURNS @results TABLE (AllowRights, ActiveRights, AllowRightsDescription, ActiveRightsDescription, TrusteeID, NTDomain, NTName, DisplayName, ObjectSID, TrusteeType)` +**Type:** Multi-statement table-valued function + +For a given resource and a recent activity window (`@activityDays`), returns each trustee's `AllowRights` (statically granted) alongside `ActiveRights` (the subset of those rights the trustee has actually exercised). The "active" mask is computed by walking the resource's subtree of recent daily activity through `SA_FSAC_GetFolderActivityMask`, then ANDing it with the granted rights. Drives the *Least Privileged Access* report. + +### SA_FSAC_GetFolderActivityMask + +**Signature:** `(@serverID INT, @resourceID BIGINT, @activityDays INT) RETURNS @results TABLE (ActiveRights, ActiveRightsDescription, TrusteeID, NTDomain, NTName, DisplayName, ObjectSID, TrusteeType)` +**Type:** Multi-statement table-valued function + +Translates a user's recent activity (within `@activityDays` days) on a folder subtree into the equivalent rights bitmask. Each operation type maps to a specific right: Read → R, Add/Update/Rename → W, Delete → D, PermissionChange → M; any activity at all also implies List (L). Returns one row per user with the consolidated `ActiveRights` mask and identity columns from `SA_FSAA_GetTrusteeInformation`. + +## DFS Functions {#dfs-functions} + +### SA_FSDFS_LookupDfsPath + +**Signature:** `(@path NVARCHAR(1024)) RETURNS @values TABLE (TargetHostID INT, TargetGateID INT, TargetResourceID BIGINT, TargetFolderPath NVARCHAR(1024) NOT NULL)` +**Type:** Multi-statement table-valued function + +Resolves a DFS-style path (e.g. `\\contoso.com\public\sales\reports`) by walking `SA_FSDFS_Links` to find the matching link and returning the underlying physical target — the host, gate, resource, and remaining sub-folder path beneath the link. Translates DFS-relative report rows back into FSAA structural identifiers. + +## Shared Core Functions {#shared-core-functions} + +The FSAA Create-Schema job (Task 26) creates these functions, but they live in the shared `dbo` schema used across multiple data collector modules. They handle domain group membership expansion and trustee-permission resolution by integrating with AD Inventory tables. + +### SA_CORE_GetDomainGroupMembershipEx + +**Signature:** `(@objectSID VARCHAR(184), @serverID INT, @groupPath SA_CORE_GroupMemberPathTable READONLY) RETURNS @members TABLE (NTDomain, NTName, DisplayName, ObjectSID, TrusteeType)` +**Type:** Multi-statement table-valued function + +Recursively expands a domain group into its members by querying `SA_ADInventory_GroupMembersView`. The `@groupPath` parameter prevents infinite recursion. Returns one row per effective leaf member. + +### SA_CORE_GetDomainGroupMembership + +**Signature:** `(@objectSID VARCHAR(184), @serverID INT, @groupPath SA_CORE_GroupMemberPathTable READONLY) RETURNS @members TABLE (NTDomain, NTName, DisplayName, ObjectSID, TrusteeType)` +**Type:** Multi-statement table-valued function + +Simplified variant of `SA_CORE_GetDomainGroupMembershipEx`. Expands a domain group via the AD Inventory view without the extended membership path handling. + +### SA_CORE_IsTrusteeMember + +**Signature:** `(@trusteeSID VARCHAR(184), @groupSID VARCHAR(184), @serverID INT) RETURNS INT` +**Type:** Scalar function + +Returns `1` if the trustee (identified by `@trusteeSID`) is a recursive member of the group (identified by `@groupSID`), otherwise `0`. Uses `SA_CORE_GetDomainGroupMembershipEx` for the expansion. + +### SA_CORE_GetTrusteePermissionEx + +**Signature:** `(@serverID INT, @resourceID BIGINT, @trusteeFilter SA_CORE_TrusteeInformationTable READONLY, @membershipOverride SA_CORE_GroupMembersTable READONLY) RETURNS @permissions TABLE (AllowRights, DenyRights, ...trustee columns...)` +**Type:** Multi-statement table-valued function + +Returns the effective permissions for a specific set of trustees on a resource, filtering the ACL expansion through `@trusteeFilter`. Designed as the cross-module equivalent of `SA_FSAA_GetExpandedPermissionsEx` for use in contexts where only selected trustees are required. + +### SA_CORE_GetTrusteePermission + +**Signature:** `(@serverID INT, @resourceID BIGINT, @membershipOverride SA_CORE_GroupMembersTable READONLY) RETURNS @permissions TABLE (AllowRights, DenyRights, ...trustee columns...)` +**Type:** Multi-statement table-valued function + +Unfiltered variant of `SA_CORE_GetTrusteePermissionEx` — returns effective permissions for all trustees on the resource. Used when the caller needs the full expanded ACL rather than a targeted subset. + +### SA_CORE_GetEntraTrusteePermissionEx + +**Signature:** `(@serverID INT, @azureShareId BIGINT, @trusteeFilter SA_CORE_TrusteeInformationTable READONLY) RETURNS @permissions TABLE (AllowRights, DenyRights, ...trustee columns...)` +**Type:** Multi-statement table-valued function + +Azure-Files / Entra ID variant of `SA_CORE_GetTrusteePermissionEx`. Resolves effective permissions on an Azure Files share (identified by `@azureShareId`) against the Entra role assignments in `SA_Entra_RmResources`. Only meaningful in Entra-integrated environments. diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/indexreference/_category_.json b/docs/accessanalyzer/12.0/admin/schema/fsaadc/indexreference/_category_.json new file mode 100644 index 0000000000..4e9158bae9 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/indexreference/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Index Reference", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/indexreference/overview.md b/docs/accessanalyzer/12.0/admin/schema/fsaadc/indexreference/overview.md new file mode 100644 index 0000000000..4e5bc912d5 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/indexreference/overview.md @@ -0,0 +1,75 @@ +# Index Reference + +## Complete Index Listing {#complete-index-listing} + +All indexes across the four FSAA DC collector modules. Clustered primary-key indexes are listed alongside nonclustered supporting indexes. Tables with no indexes beyond their clustered PK appear at the end of this page. + +| Table | Index Name | Type | Unique | Columns | +|---|---|---|---|---| +| SA_FSAA_Hosts | PK_SA_FSAA_Hosts | Clustered | Yes | ID | +| SA_FSAA_Hosts | UQ_SA_FSAA_Hosts_HOST | Nonclustered | Yes | HOST | +| SA_FSAA_ImportHistory | PK_SA_FSAA_ImportHistory | Clustered | Yes | HOST, ImportTime | +| SA_FSAA_Trustees | PK_SA_FSAA_Trustees | Clustered | Yes | HOST, ID | +| SA_FSAA_LocalTrustees | PK_SA_FSAA_LocalTrustees | Clustered | Yes | HOST, ID | +| SA_FSAA_TrusteeEquivalence | PK_SA_FSAA_TrusteeEquivalence | Clustered | Yes | HOST, TrusteeID, EquivalentTrusteeID | +| SA_FSAA_TrusteeEquivalence | SA_FSAA_TrusteeEquivalence_Group_IDX | Nonclustered | No | HOST, EquivalentTrusteeID; INCLUDE TrusteeID | +| SA_FSAA_Rights | PK_SA_FSAA_Rights | Clustered | Yes | HOST, RightsProxyID, TrusteeID | +| SA_FSAA_Tags | PK_SA_FSAA_Tags | Clustered | Yes | HOST, TagID | +| SA_FSAA_TagKeys | PK_SA_FSAA_TagKeys | Clustered | Yes | HOST, TagProxyID | +| SA_FSAA_TagProxies | PK_SA_FSAA_TagProxies | Clustered | Yes | HOST, TagProxyID, TagID | +| SA_FSAA_Resources | PK_SA_FSAA_Resources | Clustered | Yes | HOST, ID | +| SA_FSAA_Resources | SA_FSAA_Resources_Enum_IDX | Nonclustered | No | HOST, ParentResourceID; INCLUDE ID, ResourceType, DeletedUSN | +| SA_FSAA_Resources | SA_FSAA_Resources_RightsProxyID_IDX | Nonclustered | No | HOST, RightsProxyID; INCLUDE ID, GatesProxyID, DeletedUSN, ResourceType | +| SA_FSAA_Resources | SA_FSAA_Resources_GatesProxyID_IDX | Nonclustered | No | HOST, GatesProxyID; INCLUDE ID | +| SA_FSAA_Resources | SA_FSAA_Resources_USN_IDX | Nonclustered | No | HOST, USN; INCLUDE ID | +| SA_FSAA_Resources | SA_FSAA_Resources_ParentResourceID_Name_IDX | Nonclustered | No | HOST, ParentResourceID, Name | +| SA_FSAA_UnixRights | PK_SA_FSAA_UnixRights | Clustered | Yes | HOST, ResourceID | +| SA_FSAA_Gates | PK_SA_FSAA_Gates | Clustered | Yes | HOST, ID | +| SA_FSAA_GatesProxy | PK_SA_FSAA_GatesProxy | Clustered | Yes | HOST, ID, GateID | +| SA_FSAA_GatesProxy | SA_FSAA_GatesProxy_GateID_IDX | Nonclustered | No | HOST, GateID; INCLUDE ID | +| SA_FSAA_Policies | PK_SA_FSAA_Policies | Clustered | Yes | HOST, PolicyID, TrusteeID | +| SA_FSAA_Exceptions | PK_SA_FSAA_Exceptions | Clustered | Yes | HOST, ID | +| SA_FSAA_Exceptions | SA_FSAA_Exceptions_Resource_IDX | Nonclustered | No | HOST, ResourceID; INCLUDE ExceptionType, GateID | +| SA_FSAA_ExceptionTypes | PK_SA_FSAA_ExceptionTypes | Clustered | Yes | HOST, ExceptionType | +| SA_FSAA_ProbableOwners | PK_SA_FSAA_ProbableOwners | Clustered | Yes | HOST, ResourceID, OwnerID | +| SA_FSAA_FileSizes | PK_SA_FSAA_FileSizes | Clustered | Yes | HOST, ResourceID | +| SA_FSAA_FileTypes | PK_SA_FSAA_FileTypes | Clustered | Yes | HOST, ResourceID, Extension | +| SA_FSAA_FileAges | PK_SA_FSAA_FileAges | Clustered | Yes | HOST, ResourceID | +| SA_FSAA_FileTags | PK_SA_FSAA_FileTags | Clustered | Yes | HOST, ResourceID, TagProxyID | +| SA_FSAA_AzureFilesShares | PK_SA_FSAA_AzureFilesShares | Clustered | Yes | HOST, ID | +| SA_FSAA_AzureFilesShareProperties | PK_SA_FSAA_AzureFilesShareProperties | Clustered | Yes | HOST, AzureShareID | +| SA_FSAA_TrusteeMap | PK_SA_FSAA_TrusteeMap | Clustered | Yes | HOST, ID | +| SA_FSAA_ResourceMap | PK_SA_FSAA_ResourceMap | Clustered | Yes | HOST, ID | +| SA_FSAA_ResourceMap | SA_FSAA_ResourceMap_AccessID_IDX | Nonclustered | No | HOST, AccessID | +| SA_FSAA_ResourceMap | SA_FSAA_ResourceMap_ActivityID_IDX | Nonclustered | No | HOST, ActivityID | +| SA_FSAA_ResourceMap | SA_FSAA_ResourceMap_DLPID_IDX | Nonclustered | No | HOST, DLPID | +| SA_FSAA_GateMap | PK_SA_FSAA_GateMap | Clustered | Yes | HOST, ID | +| SA_FSAA_ResourcesScanTypeDetails | PK_SA_FSAA_ResourcesScanTypeDetails | Clustered | Yes | HOST, ID | +| SA_FSAC_ProcessNames | PK_SA_FSAC_ProcessNames | Clustered | Yes | HOST, ID | +| SA_FSAC_ActivityEvents | PK_SA_FSAC_ActivityEvents | Clustered | Yes | HOST, ID | +| SA_FSAC_ActivityEvents | SA_FSAC_ActivityEvents_PathID_IDX | Nonclustered | No | HOST, PathID; INCLUDE ID, AccessTime, TrusteeID, Operation, Allow | +| SA_FSAC_ActivityEvents | SA_FSAC_ActivityEvents_TrusteeID_IDX | Nonclustered | No | TrusteeID, AccessTime; INCLUDE PathID, ProcessID, Operation, Allow | +| SA_FSAC_PermissionChanges | PK_SA_FSAC_PermissionChanges | Clustered | Yes | HOST, ActivityID, ChangeID | +| SA_FSAC_DailyActivity | PK_SA_FSAC_DailyActivity | Clustered | Yes | HOST, FolderID, ActivityDate, TrusteeID, Operation, Allow | +| SA_FSAC_OwnerChanges | PK_SA_FSAC_OwnerChanges | Clustered | Yes | HOST, ActivityID | +| SA_FSAC_RenameTargets | PK_SA_FSAC_RenameTargets | Clustered | Yes | HOST, ActivityID | +| SA_FSAC_ExceptionTypes | PK_SA_FSAC_ExceptionTypes | Clustered | Yes | HOST, ExceptionType | +| SA_FSAC_Exceptions | PK_SA_FSAC_Exceptions | Clustered | Yes | HOST, ID | +| SA_FSAC_Exceptions | SA_FSAC_Exceptions_ResourceID_IDX | Nonclustered | No | HOST, ResourceID; INCLUDE GateID | +| SA_FSAC_UserExceptionTypes | PK_SA_FSAC_UserExceptionTypes | Clustered | Yes | SID, ExceptionType | +| SA_FSAC_UserExceptions | PK_SA_FSAC_UserExceptions | Clustered | Yes | ID | +| SA_FSDLP_ImportHistory | PK_SA_FSDLP_ImportHistory | Clustered | Yes | HOST, USN | +| SA_FSDLP_Criteria | PK_SA_FSDLP_Criteria | Clustered | Yes | HOST, ID | +| SA_FSDLP_Matches | PK_SA_FSDLP_Matches | Clustered | Yes | HOST, FileId, CriteriaId | +| SA_FSDLP_MatchHits | PK_SA_FSDLP_MatchHits | Clustered | Yes | HOST, FileId, CriteriaId, ID | +| SA_FSDLP_MatchHits_SubjectProfile | PK_SA_FSDLP_MatchHits_SubjectProfile | Clustered | Yes | HOST, FileId, CriteriaId, ID | +| SA_FSDFS_Namespaces | PK_SA_FSDFS_Namespaces | Clustered | Yes | ID | +| SA_FSDFS_Links | PK_SA_FSDFS_Links | Clustered | Yes | HOST, ID | +| SA_FSDFS_Links | UQ_FSDFS_Links_DfsPath | Nonclustered | Yes | DfsPath, NamespaceID | +| SA_FSDFS_Links | SA_FSDFS_Links_GateID_IDX | Nonclustered | No | TargetHostID, TargetGateID | + +The following tables carry no indexes at all (no clustered PK and no nonclustered indexes): + +- `SA_FSAA_SchemaVer` +- `SA_FSAA_ScanHistory` +- `SA_FSAA_AzureStorageAccounts` diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/overview.md b/docs/accessanalyzer/12.0/admin/schema/fsaadc/overview.md new file mode 100644 index 0000000000..fab2f0c81e --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/overview.md @@ -0,0 +1,111 @@ +# File System Access Analyzer Data Collector Schema + +The File System Access Analyzer (FSAA) data collector audits Windows, NFS, and Azure Files file systems for permissions, ownership, content, activity, and sensitive-data classification. FSAA scans Windows servers, NetApp/EMC/Dell filers, Linux/Unix hosts, and Azure Files shares; normalizes the security model into a unified per-host identity space; and writes the results to the central Access Analyzer database. Every core data table is partitioned by host, so removing a host atomically purges its entire collected data set across all four collector modules. + +### [Table Relationship Diagrams (ERD)](erd/overview.md) + +- [Top-level partitioning — every table references SA_FSAA_Hosts](erd/overview.md#top-level-partitioning) +- [Trustees — security-principal identity model](erd/overview.md#trustees) +- [Resources & content aggregations](erd/overview.md#resources) +- [Gates and permissions](erd/overview.md#gates-and-permissions) +- [Tags](erd/overview.md#tags) +- [Exceptions](erd/overview.md#exceptions) +- [Azure Files](erd/overview.md#azure-files) +- [Activity collection (SA_FSAC_*)](erd/overview.md#activity-collection) +- [Sensitive data — DLP (SA_FSDLP_*)](erd/overview.md#sensitive-data) +- [DFS namespaces (SA_FSDFS_*)](erd/overview.md#dfs-namespaces) + +### [Core Data Collection Tables](coretables/overview.md) + +- [SA_FSAA_SchemaVer](coretables/overview.md#sa_fsaa_schemaver) +- [SA_FSAA_Hosts](coretables/overview.md#sa_fsaa_hosts) +- [SA_FSAA_ImportHistory](coretables/overview.md#sa_fsaa_importhistory) +- [SA_FSAA_Trustees](coretables/overview.md#sa_fsaa_trustees) +- [SA_FSAA_LocalTrustees](coretables/overview.md#sa_fsaa_localtrustees) +- [SA_FSAA_TrusteeEquivalence](coretables/overview.md#sa_fsaa_trusteeequivalence) +- [SA_FSAA_Rights](coretables/overview.md#sa_fsaa_rights) +- [SA_FSAA_Tags](coretables/overview.md#sa_fsaa_tags) +- [SA_FSAA_TagKeys](coretables/overview.md#sa_fsaa_tagkeys) +- [SA_FSAA_TagProxies](coretables/overview.md#sa_fsaa_tagproxies) +- [SA_FSAA_Resources](coretables/overview.md#sa_fsaa_resources) +- [SA_FSAA_UnixRights](coretables/overview.md#sa_fsaa_unixrights) +- [SA_FSAA_Gates](coretables/overview.md#sa_fsaa_gates) +- [SA_FSAA_GatesProxy](coretables/overview.md#sa_fsaa_gatesproxy) +- [SA_FSAA_Policies](coretables/overview.md#sa_fsaa_policies) +- [SA_FSAA_Exceptions](coretables/overview.md#sa_fsaa_exceptions) +- [SA_FSAA_ExceptionTypes](coretables/overview.md#sa_fsaa_exceptiontypes) +- [SA_FSAA_ProbableOwners](coretables/overview.md#sa_fsaa_probableowners) +- [SA_FSAA_FileSizes](coretables/overview.md#sa_fsaa_filesizes) +- [SA_FSAA_FileTypes](coretables/overview.md#sa_fsaa_filetypes) +- [SA_FSAA_FileAges](coretables/overview.md#sa_fsaa_fileages) +- [SA_FSAA_FileTags](coretables/overview.md#sa_fsaa_filetags) +- [SA_FSAA_ScanHistory](coretables/overview.md#sa_fsaa_scanhistory) +- [SA_FSAA_AzureFilesShares](coretables/overview.md#sa_fsaa_azurefilesshares) +- [SA_FSAA_AzureFilesShareProperties](coretables/overview.md#sa_fsaa_azurefilesshareproperties) +- [SA_FSAA_AzureStorageAccounts](coretables/overview.md#sa_fsaa_azurestorageaccounts) +- [SA_FSAA_TrusteeMap](coretables/overview.md#sa_fsaa_trusteemap) +- [SA_FSAA_ResourceMap](coretables/overview.md#sa_fsaa_resourcemap) +- [SA_FSAA_GateMap](coretables/overview.md#sa_fsaa_gatemap) +- [SA_FSAA_ResourcesScanTypeDetails](coretables/overview.md#sa_fsaa_resourcesscantypedetails) +- [SA_FSAC_ProcessNames](coretables/overview.md#sa_fsac_processnames) +- [SA_FSAC_ActivityEvents](coretables/overview.md#sa_fsac_activityevents) +- [SA_FSAC_PermissionChanges](coretables/overview.md#sa_fsac_permissionchanges) +- [SA_FSAC_OwnerChanges](coretables/overview.md#sa_fsac_ownerchanges) +- [SA_FSAC_DailyActivity](coretables/overview.md#sa_fsac_dailyactivity) +- [SA_FSAC_RenameTargets](coretables/overview.md#sa_fsac_renametargets) +- [SA_FSAC_ExceptionTypes](coretables/overview.md#sa_fsac_exceptiontypes) +- [SA_FSAC_Exceptions](coretables/overview.md#sa_fsac_exceptions) +- [SA_FSAC_UserExceptionTypes](coretables/overview.md#sa_fsac_userexceptiontypes) +- [SA_FSAC_UserExceptions](coretables/overview.md#sa_fsac_userexceptions) +- [SA_FSDLP_ImportHistory](coretables/overview.md#sa_fsdlp_importhistory) +- [SA_FSDLP_Criteria](coretables/overview.md#sa_fsdlp_criteria) +- [SA_FSDLP_Matches](coretables/overview.md#sa_fsdlp_matches) +- [SA_FSDLP_MatchHits](coretables/overview.md#sa_fsdlp_matchhits) +- [SA_FSDLP_MatchHits_SubjectProfile](coretables/overview.md#sa_fsdlp_matchhits_subjectprofile) +- [SA_FSDFS_Namespaces](coretables/overview.md#sa_fsdfs_namespaces) +- [SA_FSDFS_Links](coretables/overview.md#sa_fsdfs_links) + +### [Views](views/overview.md) + +- [SA_FSAA_Paths](views/overview.md#sa_fsaa_paths) +- [SA_FSAA_ResourcesView](views/overview.md#sa_fsaa_resourcesview) +- [SA_FSAA_PermissionsView](views/overview.md#sa_fsaa_permissionsview) +- [SA_FSAA_ExpandedPermissionsView](views/overview.md#sa_fsaa_expandedpermissionsview) +- [SA_FSAA_DirectPermissionsView](views/overview.md#sa_fsaa_directpermissionsview) +- [SA_FSAA_InheritedPermissionsView](views/overview.md#sa_fsaa_inheritedpermissionsview) +- [SA_FSAA_SharesTraversalView](views/overview.md#sa_fsaa_sharestraversalview) +- [SA_FSAA_EffectiveAccessView](views/overview.md#sa_fsaa_effectiveaccessview) +- [SA_FSAA_LocalGroupMembersView](views/overview.md#sa_fsaa_localgroupmembersview) +- [SA_FSAA_ExceptionsView](views/overview.md#sa_fsaa_exceptionsview) +- [SA_FSAA_AzureFilesPermissionsView](views/overview.md#sa_fsaa_azurefilespermissionsview) +- [SA_FSAC_DailyActivityView](views/overview.md#sa_fsac_dailyactivityview) +- [SA_FSAC_DailyUserActivityView](views/overview.md#sa_fsac_dailyuseractivityview) +- [SA_FSAC_DailyResourceActivityView](views/overview.md#sa_fsac_dailyresourceactivityview) +- [SA_FSAC_ActivityEventsView](views/overview.md#sa_fsac_activityeventsview) +- [SA_FSAC_ExceptionsView](views/overview.md#sa_fsac_exceptionsview) +- [SA_FSAC_UserExceptionsView](views/overview.md#sa_fsac_userexceptionsview) +- [SA_FSAC_PermissionChangesView](views/overview.md#sa_fsac_permissionchangesview) +- [SA_FSDLP_MatchesView](views/overview.md#sa_fsdlp_matchesview) +- [SA_FSDLP_MatchHitsView](views/overview.md#sa_fsdlp_matchhitsview) + +### [Enumeration & Lookup Values](enumeration/overview.md) + +- [TrusteeType](enumeration/overview.md#trusteetype) +- [ResourceType](enumeration/overview.md#resourcetype) +- [GateType](enumeration/overview.md#gatetype) +- [Rights Bitmask — AllowRights / DenyRights](enumeration/overview.md#rights-bitmask) + +### [Functions & Stored Procedures](functions/overview.md) + +- [FSAA Functions (SA_FSAA_*)](functions/overview.md#fsaa-functions) +- [Activity Collector Functions (SA_FSAC_*)](functions/overview.md#activity-collector-functions) +- [DFS Functions (SA_FSDFS_*)](functions/overview.md#dfs-functions) +- [Shared Core Functions (SA_CORE_*)](functions/overview.md#shared-core-functions) + +### [Index Reference](indexreference/overview.md) + +- [Complete Index Listing](indexreference/overview.md#complete-index-listing) + +### [Foreign Key Reference](fkreference/overview.md) + +- [Complete Foreign Key Listing](fkreference/overview.md#complete-foreign-key-listing) diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/views/_category_.json b/docs/accessanalyzer/12.0/admin/schema/fsaadc/views/_category_.json new file mode 100644 index 0000000000..2c72e59702 --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/views/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Views", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} diff --git a/docs/accessanalyzer/12.0/admin/schema/fsaadc/views/overview.md b/docs/accessanalyzer/12.0/admin/schema/fsaadc/views/overview.md new file mode 100644 index 0000000000..730e4c32ec --- /dev/null +++ b/docs/accessanalyzer/12.0/admin/schema/fsaadc/views/overview.md @@ -0,0 +1,551 @@ +# Views + +The FSAA DC schema exposes 20 views that provide pre-joined, human-readable projections of the underlying tables. Reports and the Access Analyzer web UI consume these views rather than raw tables. + +:::note +Column sizes shown for views are derived from underlying source columns and SQL `CASE` expressions in the view definitions; on a populated database the actual `sys.columns.max_length` may differ slightly. Use `EXEC sp_help ''` to inspect a view's exact runtime shape. +::: + +## FSAA Views + +### SA_FSAA_Paths {#sa_fsaa_paths} + +Path map for every resource. Implemented as a VIEW (not a table) — the Create-Schema job explicitly drops any pre-existing table form before executing `CREATE VIEW`. The view delegates path construction to the `SA_FSAA_GetPath` scalar UDF, which walks the parent chain recursively. + +**Source:** `SA_FSAA_Resources` (via `SA_FSAA_GetPath` UDF — recursive parent-chain walk) + +| Column | Type | Source | Description | +|---|---|---|---| +| HOST | int | SA_FSAA_Resources.HOST | Host partition | +| ResourceID | bigint | SA_FSAA_Resources.ID | Resource | +| Path | nvarchar(4000) | Computed (recursive concat of `SA_FSAA_Resources.Name` up the parent chain) | Full path string | + +### SA_FSAA_ResourcesView {#sa_fsaa_resourcesview} + +Surface view of `SA_FSAA_Resources` enriched with computed full path, resource-type description, three boolean permission flags (`PermissionChange`, `InheritedPermission`, `DirectPermission`), and Azure Files metadata. Two definitions exist; the Entra-aware variant applies when `SA_Entra_RmResources` exists. + +**Source tables:** `SA_FSAA_Resources`, `SA_FSAA_Hosts`, `SA_FSAA_Rights`, `SA_FSAA_AzureFilesShares`, `SA_Entra_RmResources` (when present) + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAA_Resources.HOST | Host ID | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | Host name | +| ID | bigint | SA_FSAA_Resources.ID | Resource ID | +| ParentResourceID | bigint | SA_FSAA_Resources.ParentResourceID | Parent resource | +| Name | nvarchar(2000) | SA_FSAA_Resources.Name | Leaf name | +| Path | nvarchar(4000) | UDF: SA_FSAA_GetPath | Full path | +| ResourceType | tinyint | SA_FSAA_Resources.ResourceType | See [ResourceType](../enumeration/overview.md#resourcetype) | +| ResourceTypeDescription | varchar(6) | Computed (CASE) | `Share`, `Folder`, or `File` | +| OwnerID | int | SA_FSAA_Resources.OwnerID | | +| RightsProxyID | int | SA_FSAA_Resources.RightsProxyID | | +| GatesProxyID | bigint | SA_FSAA_Resources.GatesProxyID | | +| NestedLevel | int | SA_FSAA_Resources.NestedLevel | | +| Size | bigint | SA_FSAA_Resources.Size | | +| LastModified | datetime | SA_FSAA_Resources.LastModified | | +| LastAccessed | datetime | SA_FSAA_Resources.LastAccessed | | +| Created | datetime | SA_FSAA_Resources.Created | | +| USN | int | SA_FSAA_Resources.USN | | +| DeletedUSN | int | SA_FSAA_Resources.DeletedUSN | | +| PermissionChange | bit | Computed (CASE / EXISTS) | True if ACL differs from parent | +| InheritedPermission | bit | Computed (CASE / EXISTS) | True if any inherited rights exist | +| DirectPermission | bit | Computed (CASE / EXISTS) | True if any direct rights exist | +| Storage Account | varchar(256) | SA_FSAA_AzureFilesShares.StorageAccount | Entra-aware variant only | +| Azure File Share Name | nvarchar(2000) | SA_FSAA_AzureFilesShares.Name | Entra-aware variant only | +| Azure TenantID | varchar(38) | SA_Entra_RmResources.DomainId | Entra-aware variant only | + +### SA_FSAA_PermissionsView {#sa_fsaa_permissionsview} + +Resource × ACE flat view with effective allow/deny rights expanded into 12 boolean columns, textual `AllowRightsDescription`/`DenyRightsDescription` (e.g. `LRWDMA`), and a `RightsSource` column (`Direct` / `Inherited` / `Both` / `None`). + +**Source tables:** `SA_FSAA_Resources`, `SA_FSAA_Hosts`, `SA_FSAA_Rights`, `SA_FSAA_Trustees`, UDF `SA_FSAA_GetTrusteeInformationEx` +**Filter:** `r.RightsProxyID IS NOT NULL` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAA_Resources.HOST | Host partition | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | Host name | +| ResourceID | bigint | SA_FSAA_Resources.ID | Resource | +| ParentResourceID | bigint | SA_FSAA_Resources.ParentResourceID | Parent resource | +| ResourceDeletedUSN | int | SA_FSAA_Resources.DeletedUSN | NULL if not deleted | +| ResourcePath | nvarchar(4000) | UDF: SA_FSAA_GetPath | Full resource path | +| ResourceType | tinyint | SA_FSAA_Resources.ResourceType | | +| ResourceTypeDescription | varchar(6) | Computed (CASE) | `Share` / `Folder` / `File` | +| AllowRights | smallint | SA_FSAA_Rights.AllowRights | Combined bitmask | +| DenyRights | smallint | SA_FSAA_Rights.DenyRights | Combined bitmask | +| AllowList | bit | Computed (`AllowRights & 32`) | Has list right | +| AllowRead | bit | Computed (`AllowRights & 1`) | Has read right | +| AllowWrite | bit | Computed (`AllowRights & 2`) | Has write right | +| AllowDelete | bit | Computed (`AllowRights & 4`) | Has delete right | +| AllowManage | bit | Computed (`AllowRights & 8`) | Has manage right | +| AllowAdmin | bit | Computed (`AllowRights & 16`) | Has admin right | +| DenyList | bit | Computed (`DenyRights & 32`) | Deny list right | +| DenyRead | bit | Computed (`DenyRights & 1`) | Deny read right | +| DenyWrite | bit | Computed (`DenyRights & 2`) | Deny write right | +| DenyDelete | bit | Computed (`DenyRights & 4`) | Deny delete right | +| DenyManage | bit | Computed (`DenyRights & 8`) | Deny manage right | +| DenyAdmin | bit | Computed (`DenyRights & 16`) | Deny admin right | +| AllowRightsDescription | varchar(6) | Computed (concat letters L/R/W/D/M/A) | e.g. `LRW` | +| DenyRightsDescription | varchar(6) | Computed (concat letters L/R/W/D/M/A) | e.g. `D` | +| RightsSource | varchar(9) | Computed (CASE on Direct/Inherited columns) | `Both` / `Inherited` / `Direct` / `None` | +| AllowMask | int | SA_FSAA_Rights.AllowMask | Full Windows access mask | +| DenyMask | int | SA_FSAA_Rights.DenyMask | Full Windows deny mask | +| AllowMaskDescription | varchar(32) | Computed (CASE) | `Full Control` / `Modify` / `Read & Execute` / etc. | +| DenyMaskDescription | varchar(32) | Computed (CASE) | Same vocabulary as AllowMaskDescription | +| TrusteeID | int | SA_FSAA_Rights.TrusteeID | | +| TrusteeSID | varchar(184) | SA_FSAA_Trustees.SID | | +| TrusteeType | smallint | UDF column | See [TrusteeType](../enumeration/overview.md#trusteetype) | +| TrusteeIsHistoricalSID | bit | UDF column | True if SID came from SID History | +| TrusteePrincipalID | int | UDF column | AD-Inventory principal ID | +| TrusteeTypeDescription | varchar(18) | Computed (CASE) | e.g. `Domain User` | +| TrusteeDisplayName | nvarchar(256) | UDF column | | +| TrusteeDomain | nvarchar(128) | UDF column | NT domain | +| TrusteeNTName | nvarchar(256) | UDF column | SAM account name | +| TrusteeNTStyleName | nvarchar(385) | Computed (`Domain\Name`) | Concatenated NT-style name | + +### SA_FSAA_ExpandedPermissionsView {#sa_fsaa_expandedpermissionsview} + +Resource × *expanded* effective trustee — group memberships are recursively expanded and the view returns one row per `(resource, leaf trustee)` instead of one per `(resource, ACE)`. Uses `CROSS APPLY dbo.SA_FSAA_GetExpandedPermissions` to do the expansion. + +**Source tables:** `SA_FSAA_Resources`, `SA_FSAA_Hosts`, UDF `SA_FSAA_GetExpandedPermissions` +**Filter:** `r.RightsProxyID IS NOT NULL` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAA_Resources.HOST | Host partition | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | Host name | +| ResourceID | bigint | SA_FSAA_Resources.ID | Resource | +| ParentResourceID | bigint | SA_FSAA_Resources.ParentResourceID | Parent resource | +| ResourceDeletedUSN | int | SA_FSAA_Resources.DeletedUSN | | +| ResourcePath | nvarchar(4000) | UDF: SA_FSAA_GetPath | Full path | +| ResourceType | tinyint | SA_FSAA_Resources.ResourceType | | +| ResourceTypeDescription | varchar(6) | Computed (CASE) | `Share` / `Folder` / `File` | +| AllowRights | smallint | UDF column | Effective allow bitmask after group expansion | +| DenyRights | smallint | UDF column | Effective deny bitmask | +| AllowList / AllowRead / AllowWrite / AllowDelete / AllowManage / AllowAdmin | bit | Computed (`AllowRights & N`) | Six boolean columns (bits 32, 1, 2, 4, 8, 16) | +| DenyList / DenyRead / DenyWrite / DenyDelete / DenyManage / DenyAdmin | bit | Computed (`DenyRights & N`) | Six boolean columns | +| AllowRightsDescription | varchar(6) | Computed | Letter form `LRWDMA` | +| DenyRightsDescription | varchar(6) | Computed | | +| TrusteeSID | varchar(184) | UDF column | Leaf-trustee SID | +| TrusteeType | smallint | UDF column | See [TrusteeType](../enumeration/overview.md#trusteetype) | +| TrusteeTypeDescription | varchar(18) | Computed (CASE) | | +| TrusteeDisplayName | nvarchar(256) | UDF column | | +| TrusteeDomain | nvarchar(128) | UDF column | | +| TrusteeNTName | nvarchar(256) | UDF column | | +| TrusteeNTStyleName | nvarchar(385) | Computed (`Domain\Name`) | | + +### SA_FSAA_DirectPermissionsView {#sa_fsaa_directpermissionsview} + +Same shape as `SA_FSAA_PermissionsView` but filtered to direct (non-inherited) ACEs only. Uses `DirectAllowRights` / `DirectDenyRights` / `DirectAllowMask` / `DirectDenyMask` as the source columns; the output column names remain `AllowRights`, `DenyRights`, `AllowMask`, `DenyMask`. + +**Source tables:** `SA_FSAA_Resources`, `SA_FSAA_Hosts`, `SA_FSAA_Rights`, `SA_FSAA_Trustees`, UDF `SA_FSAA_GetTrusteeInformationEx` +**Filter:** `r.RightsProxyID IS NOT NULL AND ((p.DirectAllowRights <> 0) OR (p.DirectDenyRights <> 0) OR (p.DirectAllowMask <> 0) OR (p.DirectDenyMask <> 0))` + +Column shape is identical to `SA_FSAA_PermissionsView`. Source columns changed: `AllowRights` ← `DirectAllowRights`, `DenyRights` ← `DirectDenyRights`, `AllowMask` ← `DirectAllowMask`, `DenyMask` ← `DirectDenyMask`. + +### SA_FSAA_InheritedPermissionsView {#sa_fsaa_inheritedpermissionsview} + +Same shape as `SA_FSAA_DirectPermissionsView` but reads from the `Inherited*` rights/mask columns. + +**Source tables:** `SA_FSAA_Resources`, `SA_FSAA_Hosts`, `SA_FSAA_Rights`, `SA_FSAA_Trustees`, UDF `SA_FSAA_GetTrusteeInformationEx` +**Filter:** `r.RightsProxyID IS NOT NULL AND ((p.InheritedAllowRights <> 0) OR (p.InheritedDenyRights <> 0) OR (p.InheritedAllowMask <> 0) OR (p.InheritedDenyMask <> 0))` + +Column shape is identical to `SA_FSAA_PermissionsView`. Source columns changed: `AllowRights` ← `InheritedAllowRights`, `DenyRights` ← `InheritedDenyRights`, `AllowMask` ← `InheritedAllowMask`, `DenyMask` ← `InheritedDenyMask`. + +### SA_FSAA_SharesTraversalView {#sa_fsaa_sharestraversalview} + +For every resource reachable through a gate, returns the gate, the resource, the share-relative resource path, and the SMB/NFS/Azure UNC path. Two definitions exist; the Entra-aware variant adds storage-account/tenant/share-property columns when `SA_Entra_RmResources` is present. + +**Source tables:** `SA_FSAA_Hosts`, `SA_FSAA_Gates`, `SA_FSAA_GatesProxy`, `SA_FSAA_Resources`, `SA_FSAA_Paths`, plus (Entra-aware) `SA_FSAA_AzureFilesShares`, `SA_FSAA_AzureFilesShareProperties`, `SA_Entra_RmResources` +**Filter:** `r.GatesProxyID IS NOT NULL` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAA_Hosts.ID | | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | | +| GateID | int | SA_FSAA_Gates.ID | | +| GateType | int | SA_FSAA_Gates.GateType | See [GateType](../enumeration/overview.md#gatetype) | +| GateTypeDescription | varchar(3) | Computed (CASE) | `SMB` or `NFS` | +| GateDeletedUSN | int | SA_FSAA_Gates.DeletedUSN | | +| ShareID | bigint | SA_FSAA_Gates.ShareID | | +| ShareName | nvarchar(256) | SA_FSAA_Gates.DisplayName | | +| ResourceID | bigint | SA_FSAA_Resources.ID | | +| ParentResourceID | bigint | SA_FSAA_Resources.ParentResourceID | | +| ResourceType | tinyint | SA_FSAA_Resources.ResourceType | | +| ResourceTypeDescription | varchar(6) | Computed (CASE) | | +| ResourceDeletedUSN | int | SA_FSAA_Resources.DeletedUSN | | +| ResourcePath | nvarchar(4000) | SA_FSAA_Paths.Path | Local resource path | +| NetworkPath | nvarchar(4000) | Computed | UNC path or NFS-style path (`host:share//rel-path` for NFS; `\\host\share\rel-path` for SMB) | +| NestedLevel | int | Computed (`r.NestedLevel - g.NestedLevel`) | Depth from share root | +| Storage Account | varchar(256) | SA_FSAA_AzureFilesShares.StorageAccount | Entra-aware variant only | +| Azure File Share Name | nvarchar(2000) | SA_FSAA_AzureFilesShares.Name | Entra-aware variant only | +| Azure TenantID | varchar(38) | SA_Entra_RmResources.DomainId | Entra-aware variant only | +| AzureShareID | int | SA_FSAA_AzureFilesShareProperties.AzureShareID | Entra-aware variant only | +| AccessChangeTime | datetime2(7) | SA_FSAA_AzureFilesShareProperties.AccessChangeTime | Entra-aware variant only | +| DeletedOn | datetime2(7) | SA_FSAA_AzureFilesShareProperties.DeletedOn | Entra-aware variant only | +| LastModified | datetime2(7) | SA_FSAA_AzureFilesShareProperties.LastModified | Entra-aware variant only | +| LeaseDuration | varchar(50) | SA_FSAA_AzureFilesShareProperties.LeaseDuration | Entra-aware variant only | +| QuotaInGB | float | SA_FSAA_AzureFilesShareProperties.QuotaInGB | Entra-aware variant only | +| RemainingRetentionDays | int | SA_FSAA_AzureFilesShareProperties.RemainingRetentionDays | Entra-aware variant only | + +### SA_FSAA_EffectiveAccessView {#sa_fsaa_effectiveaccessview} + +Like `SA_FSAA_SharesTraversalView` but additionally resolves each row through `SA_FSAA_GetEffectiveRights` to attribute effective allow/deny rights to each leaf trustee. Used to answer "who can do what on this resource through this share?" + +**Source tables:** `SA_FSAA_SharesTraversalView`, UDF `SA_FSAA_GetEffectiveRights` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAA_SharesTraversalView.HostID | | +| HostName | nvarchar(64) | SA_FSAA_SharesTraversalView.HostName | | +| GateID | int | SA_FSAA_SharesTraversalView.GateID | | +| ShareID | bigint | SA_FSAA_SharesTraversalView.ShareID | | +| ResourceID | bigint | SA_FSAA_SharesTraversalView.ResourceID | | +| ShareName | nvarchar(256) | SA_FSAA_SharesTraversalView.ShareName | | +| NestedLevel | int | SA_FSAA_SharesTraversalView.NestedLevel | | +| ResourcePath | nvarchar(4000) | SA_FSAA_SharesTraversalView.ResourcePath | | +| NetworkPath | nvarchar(4000) | SA_FSAA_SharesTraversalView.NetworkPath | | +| ResourceType | tinyint | SA_FSAA_SharesTraversalView.ResourceType | | +| ResourceTypeDescription | varchar(6) | SA_FSAA_SharesTraversalView.ResourceTypeDescription | | +| ResourceDeletedUSN | int | SA_FSAA_SharesTraversalView.ResourceDeletedUSN | | +| GateDeletedUSN | int | SA_FSAA_SharesTraversalView.GateDeletedUSN | | +| AllowRights | smallint | UDF column | Effective allow bitmask | +| DenyRights | smallint | UDF column | Effective deny bitmask | +| DirectTrustee | bit | UDF column | True if rights come from a direct ACE rather than group expansion | +| AllowList / AllowRead / AllowWrite / AllowDelete / AllowManage / AllowAdmin | bit | Computed | Six boolean columns | +| DenyList / DenyRead / DenyWrite / DenyDelete / DenyManage / DenyAdmin | bit | Computed | Six boolean columns | +| AllowRightsDescription | varchar(6) | Computed | | +| DenyRightsDescription | varchar(6) | Computed | | +| TrusteeSID | varchar(184) | UDF column | | +| TrusteeType | smallint | UDF column | | +| TrusteeTypeDescription | varchar(18) | Computed (CASE) | | +| TrusteeDisplayName | nvarchar(256) | UDF column | | +| TrusteeDomain | nvarchar(128) | UDF column | | +| TrusteeNTName | nvarchar(256) | UDF column | | +| TrusteeNTStyleName | nvarchar(385) | Computed | | + +### SA_FSAA_LocalGroupMembersView {#sa_fsaa_localgroupmembersview} + +Flat view of local-group memberships derived from `SA_FSAA_TrusteeEquivalence`. One row per `(group, member)` pair on a host, with both group and member identity columns expanded via `SA_FSAA_GetTrusteeInformation`. + +**Source tables:** `SA_FSAA_TrusteeEquivalence`, `SA_FSAA_Hosts`, UDF `SA_FSAA_GetTrusteeInformation` (called twice — once for the group, once for the member) + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAA_TrusteeEquivalence.HOST | | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | | +| GroupTrusteeID | int | SA_FSAA_TrusteeEquivalence.EquivalentTrusteeID | | +| GroupSID | varchar(184) | UDF column (group) | | +| GroupDisplayName | nvarchar(256) | UDF column (group) | | +| GroupDomain | nvarchar(128) | UDF column (group) | | +| GroupNTName | nvarchar(256) | UDF column (group) | | +| GroupNTStyleName | nvarchar(385) | Computed (`Domain\Name`) | | +| MemberTrusteeID | int | SA_FSAA_TrusteeEquivalence.TrusteeID | | +| MemberSID | varchar(184) | UDF column (member) | | +| MemberDomain | nvarchar(128) | UDF column (member) | | +| MemberNTName | nvarchar(256) | UDF column (member) | | +| MemberDisplayName | nvarchar(256) | UDF column (member) | | +| MemberNTStyleName | nvarchar(385) | Computed (`Domain\Name`) | | +| MemberType | smallint | UDF column (member) | See [TrusteeType](../enumeration/overview.md#trusteetype) | +| MemberTypeDescription | varchar(18) | Computed (CASE) | | +| MemberPrincipalID | int | UDF column (member) | AD-Inventory principal ID | + +### SA_FSAA_ExceptionsView {#sa_fsaa_exceptionsview} + +`SA_FSAA_Exceptions` joined with the type catalog and with both `TrusteeID` and `SourceTrusteeID` resolved to display names. + +**Source tables:** `SA_FSAA_Exceptions`, `SA_FSAA_ExceptionTypes`, `SA_FSAA_Trustees` (twice), `SA_FSAA_Hosts`, `SA_FSAA_Resources`, `SA_FSAA_Gates`, UDF `SA_FSAA_GetTrusteeInformationEx` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAA_Exceptions.HOST | | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | | +| ExceptionType | int | SA_FSAA_Exceptions.ExceptionType | | +| ParentType | int | SA_FSAA_ExceptionTypes.ParentType | Hierarchical parent type | +| ExceptionName | varchar(128) | SA_FSAA_ExceptionTypes.Name | | +| GateID | int | SA_FSAA_Exceptions.GateID | | +| ResourceID | bigint | SA_FSAA_Exceptions.ResourceID | | +| Path | nvarchar(4000) | Computed | UNC path / resource path / NULL depending on which columns are populated | +| TrusteeID | int | SA_FSAA_Exceptions.TrusteeID | | +| TrusteeSID | varchar(184) | SA_FSAA_Trustees.SID | | +| TrusteeType | smallint | SA_FSAA_Trustees.TrusteeType | | +| TrusteeDisplayName | nvarchar(256) | UDF column | | +| TrusteeNTStyleName | nvarchar(385) | Computed | | +| TrusteePrincipalID | int | UDF column | | +| SourceTrusteeID | int | SA_FSAA_Exceptions.SourceTrusteeID | | +| SourceTrusteeSID | varchar(184) | SA_FSAA_Trustees.SID (second join) | | +| SourceTrusteeType | smallint | SA_FSAA_Trustees.TrusteeType (second join) | | +| SourceTrusteeDisplayName | nvarchar(256) | UDF column | | +| SourceTrusteeNTStyleName | nvarchar(385) | Computed | | +| SourceTrusteePrincipalID | int | UDF column | | + +### SA_FSAA_AzureFilesPermissionsView {#sa_fsaa_azurefilespermissionsview} + +Created only when `SA_Entra_RmResources` exists. Joins Azure Files shares to the Entra ID role assignments captured by the Entra inventory collector to surface RBAC on Azure Files. + +**Source tables:** `SA_FSAA_AzureFilesShares`, `SA_Entra_RmResources` (filtered to `Microsoft.Storage/storageAccounts`), `SA_Entra_RmResourcesPrincipalsRolesView` + +| Column | Type | Source | Description | +|---|---|---|---| +| TenantID | varchar(38) | SA_Entra_RmResources.DomainId | | +| HOST | int | SA_FSAA_AzureFilesShares.HOST | | +| StorageAccount | varchar(256) | SA_FSAA_AzureFilesShares.StorageAccount | | +| Scope | nvarchar(512) | SA_Entra_RmResourcesPrincipalsRolesView.Scope | RBAC assignment scope | +| AzureShareId | int | SA_FSAA_AzureFilesShares.ID | | +| ResourceAzureId | varchar(512) | SA_Entra_RmResourcesPrincipalsRolesView.ResourceAzureId | | +| ProviderName | varchar(128) | SA_Entra_RmResources.ProviderName | | +| Type | varchar(128) | SA_Entra_RmResources.Type | | +| Resource Name | nvarchar(2000) | SA_FSAA_AzureFilesShares.Name | Share name | +| RoleDomainId | varchar(38) | SA_Entra_RmResourcesPrincipalsRolesView.RoleDomainId | | +| RoleDomainName | nvarchar(256) | SA_Entra_RmResourcesPrincipalsRolesView.RoleDomainName | | +| RoleId | varchar(38) | SA_Entra_RmResourcesPrincipalsRolesView.RoleId | | +| RoleName | nvarchar(256) | SA_Entra_RmResourcesPrincipalsRolesView.RoleName | | +| CreatedBy | nvarchar(256) | SA_Entra_RmResourcesPrincipalsRolesView.CreatedByDisplayName | | +| CreatedDateTime | datetime2 | SA_Entra_RmResourcesPrincipalsRolesView.CreatedDateTime | | +| ModifiedBy | nvarchar(256) | SA_Entra_RmResourcesPrincipalsRolesView.ModifiedByDisplayName | | +| ModifiedDateTime | datetime2 | SA_Entra_RmResourcesPrincipalsRolesView.ModifiedDateTime | | +| RightsFlags | int | SA_Entra_RmResourcesPrincipalsRolesView.RightsFlags | Custom-role rights bitmask | +| DataRightsFlags | int | SA_Entra_RmResourcesPrincipalsRolesView.DataRightsFlags | Custom-role data-action bitmask | + +## Activity Views (SA_FSAC_*) + +### SA_FSAC_DailyActivityView {#sa_fsac_dailyactivityview} + +Per-`(host, date, folder, trustee, operation)` activity row with trustee identity expanded and operation code translated to a human-readable label. The most common entry point for activity reporting. + +**Source tables:** `SA_FSAC_DailyActivity`, `SA_FSAA_Hosts`, `SA_FSAA_Trustees`, UDF `SA_FSAA_GetTrusteeInformationEx`, UDF `SA_FSAA_GetPath` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAC_DailyActivity.HOST | | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | | +| ActivityDate | date | SA_FSAC_DailyActivity.ActivityDate | | +| FolderID | bigint | SA_FSAC_DailyActivity.FolderID | | +| Path | nvarchar(4000) | UDF: SA_FSAA_GetPath | Full folder path | +| UserID | int | SA_FSAC_DailyActivity.TrusteeID | | +| UserSID | varchar(184) | SA_FSAA_Trustees.SID | | +| UserType | smallint | UDF column | See [TrusteeType](../enumeration/overview.md#trusteetype) | +| UserPrincipalID | int | UDF column | AD-Inventory principal ID | +| UserTypeDescription | varchar(18) | Computed (CASE) | e.g. `Domain User` | +| UserDisplayName | nvarchar(256) | UDF column | | +| UserNTName | nvarchar(256) | UDF column | | +| UserNTDomain | nvarchar(128) | UDF column | | +| UserNTStyleName | nvarchar(385) | Computed (`Domain\Name`) | | +| Operation | tinyint | SA_FSAC_DailyActivity.Operation | | +| OperationDescription | varchar(18) | Computed (CASE) | `Read` / `Add` / `Update` / `Delete` / `Permission Change` / `Rename` | +| Allow | bit | SA_FSAC_DailyActivity.Allow | | +| AllowDescription | varchar(7) | Computed (CASE) | `Allowed` / `Denied` | +| OperationCount | int | SA_FSAC_DailyActivity.Count | | + +### SA_FSAC_DailyUserActivityView {#sa_fsac_dailyuseractivityview} + +Pivoted version of `SA_FSAC_DailyActivityView` — one row per `(host, date, folder, user)` with separate columns for each operation type's count. Filtered to `Allow = 1` (allowed operations only). + +**Source tables:** `SA_FSAC_DailyActivity` (pivoted on Operation), `SA_FSAA_Hosts`, `SA_FSAA_Trustees`, UDF `SA_FSAA_GetTrusteeInformationEx`, UDF `SA_FSAA_GetPath` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAC_DailyActivity.HOST | | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | | +| ActivityDate | date | SA_FSAC_DailyActivity.ActivityDate | | +| FolderID | bigint | SA_FSAC_DailyActivity.FolderID | | +| Path | nvarchar(4000) | UDF: SA_FSAA_GetPath | | +| UserID | int | SA_FSAC_DailyActivity.TrusteeID | | +| UserSID | varchar(184) | SA_FSAA_Trustees.SID | | +| UserType | smallint | UDF column | | +| UserPrincipalID | int | UDF column | | +| UserTypeDescription | varchar(18) | Computed (CASE) | | +| UserDisplayName | nvarchar(256) | UDF column | | +| UserNTName | nvarchar(256) | UDF column | | +| UserNTDomain | nvarchar(128) | UDF column | | +| UserNTStyleName | nvarchar(385) | Computed | | +| Reads | int | Pivot (Operation = 0) | Read-operation count | +| Adds | int | Pivot (Operation = 1) | Add-operation count | +| Updates | int | Pivot (Operation = 2) | Update-operation count | +| Deletes | int | Pivot (Operation = 3) | Delete-operation count | +| PermissionChanges | int | Pivot (Operation = 4) | Permission-change count | +| Renames | int | Pivot (Operation = 5) | Rename count | + +### SA_FSAC_DailyResourceActivityView {#sa_fsac_dailyresourceactivityview} + +Same shape as `SA_FSAC_DailyUserActivityView` but rolled up across users — one row per `(host, date, folder)` with operation counts and a count of distinct active users. + +**Source tables:** `SA_FSAC_DailyActivity` (pivoted on Operation, then aggregated), `SA_FSAA_Hosts`, UDF `SA_FSAA_GetPath` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAC_DailyActivity.HOST | | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | | +| ActivityDate | date | SA_FSAC_DailyActivity.ActivityDate | | +| FolderID | bigint | SA_FSAC_DailyActivity.FolderID | | +| Path | nvarchar(4000) | UDF: SA_FSAA_GetPath | | +| Reads | int | SUM (Operation = 0) | | +| Adds | int | SUM (Operation = 1) | | +| Updates | int | SUM (Operation = 2) | | +| Deletes | int | SUM (Operation = 3) | | +| PermissionChanges | int | SUM (Operation = 4) | | +| Renames | int | SUM (Operation = 5) | | +| ActiveUsers | int | COUNT(DISTINCT TrusteeID) | Distinct users with activity that day | + +### SA_FSAC_ActivityEventsView {#sa_fsac_activityeventsview} + +Detailed event view — one row per `SA_FSAC_ActivityEvents` row, joined to resource metadata, process name, trustee identity, and (for renames) the rename target. + +**Source tables:** `SA_FSAC_ActivityEvents`, `SA_FSAA_Hosts`, `SA_FSAC_ProcessNames`, `SA_FSAA_Resources`, `SA_FSAA_Trustees`, `SA_FSAC_RenameTargets`, UDF `SA_FSAA_GetTrusteeInformationEx`, UDF `SA_FSAA_GetPath` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAC_ActivityEvents.HOST | | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | | +| ID | bigint | SA_FSAC_ActivityEvents.ID | | +| AccessTime | datetime2 | SA_FSAC_ActivityEvents.AccessTime | | +| ResourceID | bigint | SA_FSAC_ActivityEvents.PathID | | +| ResourceType | tinyint | SA_FSAA_Resources.ResourceType | | +| ResourceTypeDescription | varchar(6) | Computed (CASE) | `Folder` / `File` | +| ParentResourceID | bigint | SA_FSAA_Resources.ParentResourceID | | +| ResourceName | nvarchar(2000) | SA_FSAA_Resources.Name | | +| Path | nvarchar(4000) | UDF: SA_FSAA_GetPath | | +| ProcessID | int | SA_FSAC_ActivityEvents.ProcessID | | +| ProcessName | nvarchar(255) | SA_FSAC_ProcessNames.Name | | +| Operation | tinyint | SA_FSAC_ActivityEvents.Operation | | +| OperationDescription | varchar(18) | Computed (CASE) | | +| Allow | bit | SA_FSAC_ActivityEvents.Allow | | +| AllowDescription | varchar(7) | Computed (CASE) | `Allowed` / `Denied` | +| TargetResourceID | bigint | SA_FSAC_RenameTargets.TargetPathID | Renames only | +| TargetResourceName | nvarchar(2000) | SA_FSAA_Resources.Name (target) | Renames only | +| TargetParentResourceID | bigint | SA_FSAA_Resources.ParentResourceID (target) | Renames only | +| TargetPath | nvarchar(4000) | UDF: SA_FSAA_GetPath (target) | Renames only | +| UserID | int | SA_FSAC_ActivityEvents.TrusteeID | | +| UserSID | varchar(184) | SA_FSAA_Trustees.SID | | +| UserDisplayName | nvarchar(256) | UDF column | | +| UserNTDomain | nvarchar(128) | UDF column | | +| UserNTName | nvarchar(256) | UDF column | | +| UserType | smallint | UDF column | | +| UserPrincipalID | int | UDF column | | +| UserTypeDescription | varchar(18) | Computed (CASE) | | +| UserNTStyleName | nvarchar(385) | Computed | | + +### SA_FSAC_ExceptionsView {#sa_fsac_exceptionsview} + +`SA_FSAC_Exceptions` joined to the type catalog and to the trustee/gate/resource references, with day-of-week and time-of-day translations. + +**Source tables:** `SA_FSAC_Exceptions`, `SA_FSAC_ExceptionTypes`, `SA_FSAA_Hosts`, `SA_FSAA_Gates`, `SA_FSAA_Resources`, UDF `SA_FSAA_GetPath`, UDF `SA_FSAA_GetTrusteeInformation` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAC_Exceptions.HOST | | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | | +| ID | int | SA_FSAC_Exceptions.ID | | +| ExceptionType | int | SA_FSAC_Exceptions.ExceptionType | | +| ParentType | int | SA_FSAC_ExceptionTypes.ParentType | | +| ExceptionName | varchar(128) | SA_FSAC_ExceptionTypes.Name | | +| ActivityDate | date | SA_FSAC_Exceptions.ActivityDate | | +| ActivityHour | tinyint | SA_FSAC_Exceptions.ActivityHour | | +| DayOfWeek | nvarchar(30) | Computed (`DATENAME(dw, ActivityDate)`) | e.g. `Monday` | +| TimeOfDay | varchar(8) | Computed (CASE on ActivityHour) | e.g. `3 PM`, `12 AM` | +| GateID | int | SA_FSAC_Exceptions.GateID | | +| ResourceID | bigint | SA_FSAC_Exceptions.ResourceID | | +| Path | nvarchar(4000) | Computed (`\\host\share`) | | +| TrusteeID | int | SA_FSAC_Exceptions.TrusteeID | | +| TrusteeDisplayName | nvarchar(256) | UDF: SA_FSAA_GetTrusteeInformation | | +| NTDomain | nvarchar(128) | UDF column | | +| NTName | nvarchar(256) | UDF column | | +| TrusteeNTStyleName | nvarchar(385) | Computed (`Domain\Name`) | | +| TrusteeType | smallint | UDF column | | +| TrusteeTypeDescription | varchar(18) | Computed (CASE) | | +| TrusteeSID | varchar(184) | UDF column | | +| TrusteePrincipalID | int | UDF column | | +| Value | int | SA_FSAC_Exceptions.Value | | +| Average | float | SA_FSAC_Exceptions.Average | | +| StandardDeviations | float | SA_FSAC_Exceptions.StandardDeviations | | + +### SA_FSAC_UserExceptionsView {#sa_fsac_userexceptionsview} + +Same shape as `SA_FSAC_ExceptionsView` but partitioned by user `SID` rather than `(HOST, ID)`. Used for cross-host user-behaviour anomalies. + +**Source tables:** `SA_FSAC_UserExceptions`, `SA_FSAC_UserExceptionTypes` + +Columns mirror `SA_FSAC_ExceptionsView` minus the per-host columns: `SID`, `ID`, `ExceptionType`, `ParentType`, `ExceptionName`, `ActivityDate`, `ActivityStartTime`, `ActivityPeriod`, `Value`, `Average`, `StandardDeviations`, plus computed `DayOfWeek` and `TimeOfDay`. + +### SA_FSAC_PermissionChangesView {#sa_fsac_permissionchangesview} + +Per-permission-change view that joins each `SA_FSAC_PermissionChanges` detail row to its host and resolves the affected trustee via `SA_FSAA_GetTrusteeInformation`. Doesn't join to `SA_FSAC_ActivityEvents` or `SA_FSAA_Resources`; use `SA_FSAC_ActivityEventsView` joined to `SA_FSAC_PermissionChanges` when you need `AccessTime`, `ResourcePath`, or `ResourceType`. + +**Source tables:** `SA_FSAC_PermissionChanges`, `SA_FSAA_Hosts`, CROSS APPLY `SA_FSAA_GetTrusteeInformation` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSAC_PermissionChanges.HOST | Host partition | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | Host name | +| ActivityID | bigint | SA_FSAC_PermissionChanges.ActivityID | Parent activity event ID | +| ChangeID | smallint | SA_FSAC_PermissionChanges.ChangeID | Per-event change index | +| AclType | tinyint | SA_FSAC_PermissionChanges.AclType | ACL type (DACL / SACL) | +| AclTypeDescription | varchar | Computed (CASE) | Decoded ACL type label | +| TrusteeID | int | SA_FSAC_PermissionChanges.TrusteeID | Trustee whose ACE changed | +| TrusteeSID | varchar(184) | UDF: SA_FSAA_GetTrusteeInformation | | +| TrusteeType | smallint | UDF column | See [TrusteeType](../enumeration/overview.md#trusteetype) | +| TrusteeTypeDescription | varchar | Computed (CASE) | e.g. `Domain User` | +| PrincipalId | int | UDF column | AD-Inventory principal ID | +| DisplayName | nvarchar(256) | UDF column | | +| NTDomain | nvarchar(128) | UDF column | | +| NTName | nvarchar(256) | UDF column | | +| TrusteeNTStyleName | nvarchar(385) | Computed (`Domain\Name`) | | +| ChangeType | tinyint | SA_FSAC_PermissionChanges.ChangeType | Added / Removed / Modified | +| ChangeTypeDescription | varchar | Computed (CASE) | Decoded change-type label | +| AceType | tinyint | SA_FSAC_PermissionChanges.AceType | Allow / Deny | +| AceTypeDescription | varchar | Computed (CASE) | Decoded ACE-type label | +| InheritanceFlags | tinyint | SA_FSAC_PermissionChanges.InheritanceFlags | NTFS inheritance flags | +| InheritanceFlagsDescription | varchar | Computed (CASE) | Decoded inheritance-flags label | +| AceFlags | tinyint | SA_FSAC_PermissionChanges.AceFlags | NTFS ACE flags | +| AceFlagsDescription | varchar | Computed (CASE) | Decoded ACE-flags label | +| AccessRights | bigint | SA_FSAC_PermissionChanges.AccessRights | Pre-change Windows access mask | +| NewAccessRights | bigint | SA_FSAC_PermissionChanges.NewAccessRights | Post-change access mask (NULL when ACE removed) | +| AccessRightsDescription | varchar | Computed (CASE) | Decoded pre-change rights label | +| NewAccessRightsDescription | varchar | Computed (CASE) | Decoded post-change rights label | + +## Sensitive Data Views (SA_FSDLP_*) + +### SA_FSDLP_MatchesView {#sa_fsdlp_matchesview} + +`SA_FSDLP_Matches` enriched with file path, criterion name and GUID, a human-readable `DataSource` description, and an `IsExcluded` flag computed from the SDD exclusion-filter table. + +**Source tables:** `SA_FSDLP_Matches`, `SA_FSAA_Hosts`, `SA_FSDLP_Criteria`, `SA_FSAA_Resources`, `SA_FSAA_SharesTraversalView`, `SA_SDDExclusionFilters`, UDF `SA_FSAA_GetPath` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSDLP_Matches.HOST | | +| HostName | nvarchar(64) | SA_FSAA_Hosts.HOST | | +| CriteriaId | int | SA_FSDLP_Matches.CriteriaId | | +| CriteriaName | nvarchar(256) | SA_FSDLP_Criteria.Name | | +| CriteriaGUID | uniqueidentifier | SA_FSDLP_Criteria.pattern_guid | | +| ResourceID | bigint | SA_FSDLP_Matches.FileId | | +| ParentResourceID | bigint | SA_FSAA_Resources.ParentResourceID | | +| FileName | nvarchar(2000) | SA_FSAA_Resources.Name | | +| FilePath | nvarchar(4000) | UDF: SA_FSAA_GetPath | | +| MatchCount | int | SA_FSDLP_Matches.MatchCount | | +| DataSource | varchar(30) | Computed (CASE) | `Content` / `Metadata` / `Filename` / combinations | +| IsExcluded | bit | Computed (EXISTS against `SA_SDDExclusionFilters`) | True if the file is covered by an exclusion filter | + +### SA_FSDLP_MatchHitsView {#sa_fsdlp_matchhitsview} + +`SA_FSDLP_MatchHits` joined to `SA_FSDLP_MatchesView` so each hit carries the parent file/criterion identity. Used by the Sensitive Data report's drill-down view. + +**Source tables:** `SA_FSDLP_MatchHits`, `SA_FSDLP_MatchesView` + +| Column | Type | Source | Description | +|---|---|---|---| +| HostID | int | SA_FSDLP_MatchesView.HostID | | +| HostName | nvarchar(64) | SA_FSDLP_MatchesView.HostName | | +| CriteriaID | int | SA_FSDLP_MatchesView.CriteriaId | | +| CriteriaName | nvarchar(256) | SA_FSDLP_MatchesView.CriteriaName | | +| CriteriaGUID | uniqueidentifier | SA_FSDLP_MatchesView.CriteriaGUID | | +| ResourceID | bigint | SA_FSDLP_MatchesView.ResourceID | | +| ParentResourceID | bigint | SA_FSDLP_MatchesView.ParentResourceID | | +| FileName | nvarchar(2000) | SA_FSDLP_MatchesView.FileName | | +| FilePath | nvarchar(4000) | SA_FSDLP_MatchesView.FilePath | | +| MatchCount | int | SA_FSDLP_MatchesView.MatchCount | | +| SubFileName | nvarchar(1024) | SA_FSDLP_MatchHits.SubFileName | | +| MatchPrefix | nvarchar(1024) | SA_FSDLP_MatchHits.MatchPrefix | | +| MatchData | nvarchar(1024) | SA_FSDLP_MatchHits.MatchData | | +| MatchSuffix | nvarchar(1024) | SA_FSDLP_MatchHits.MatchSuffix | | +| Confidence | int | SA_FSDLP_MatchHits.Confidence | | +| DataSource | varchar(30) | Computed (CASE on `SA_FSDLP_MatchHits.DataSource`) | Same vocabulary as `SA_FSDLP_MatchesView.DataSource` | diff --git a/docs/accessanalyzer/12.0/admin/schema/overview.md b/docs/accessanalyzer/12.0/admin/schema/overview.md index aac24ae38a..92b9957343 100644 --- a/docs/accessanalyzer/12.0/admin/schema/overview.md +++ b/docs/accessanalyzer/12.0/admin/schema/overview.md @@ -14,3 +14,14 @@ The SQL Data Collector discovers, audits, and reports on SQL Server instances, d - **[Index Reference](sqldc/indexreference/overview.md)** — Documentation of database indexes - **[Functions & Stored Procedures](sqldc/functions/overview.md)** — SQL scalar functions and stored procedures +## [File System Access Analyzer DC Schema](fsaadc/overview.md) + +The File System Access Analyzer data collector audits Windows, NFS, and Azure Files file systems for permissions, ownership, content, activity, and sensitive-data classification across four sub-modules (SA_FSAA_, SA_FSAC_, SA_FSDLP_, SA_FSDFS_). The schema documentation covers: + +- **[Table Relationship Diagrams (ERD)](fsaadc/erd/overview.md)** — Visual ERDs showing table relationships across all four collector modules +- **[Core Data Collection Tables](fsaadc/coretables/overview.md)** — 47 normalized tables populated directly by data collectors, partitioned by host with full foreign key relationships +- **[Views](fsaadc/views/overview.md)** — 20 SQL views that join and denormalize data for reporting +- **[Enumeration & Lookup Values](fsaadc/enumeration/overview.md)** — Reference for coded values including TrusteeType, ResourceType, GateType, and the six-bit rights bitmask +- **[Functions & Stored Procedures](fsaadc/functions/overview.md)** — 29 UDFs and stored procedures covering path resolution, effective-access computation, group membership expansion, and DFS path lookup +- **[Index Reference](fsaadc/indexreference/overview.md)** — Complete listing of database indexes across all FSAA DC tables +- **[Foreign Key Reference](fsaadc/fkreference/overview.md)** — Complete listing of foreign key constraints and cascade behaviors diff --git a/docs/identityrecovery/3.1/admin/forest/recover.md b/docs/identityrecovery/3.1/admin/forest/recover.md index 8c0c5552e0..1c762309a3 100644 --- a/docs/identityrecovery/3.1/admin/forest/recover.md +++ b/docs/identityrecovery/3.1/admin/forest/recover.md @@ -6,14 +6,14 @@ sidebar_position: 10 # Recover a Forest -You can recover a forest using the domain controller backups generated by Identity Recovery. A restore playbook, also called a recovery playbook, is used to restore a forest. Once the desired domain controllers have been added to the restore playbook, the forest recovery process can be initiated and the forest will be restored using the automated process provided by Identity Recovery. +You can recover a forest using the domain controller backups generated by Identity Recovery. You use a restore playbook, also called a recovery playbook, to restore a forest. After you add the domain controllers you want to the restore playbook, you can initiate the forest recovery process, and Identity Recovery restores the forest using its automated process. ## Use Cases for Restoring Domain Controller Backups Administrators may need to bring a forest backup created by Identity Recovery online in the following scenarios: -- Stand up a duplicate of a domain controller, for example, stand up a duplicate in a lab +- Create a duplicate of a domain controller, for example, deploy a duplicate in a lab environment for testing purposes - Restore a server or domain controller to a specific state-in-time image - Restore lost or deleted data @@ -29,13 +29,13 @@ See the [Forest Page](/docs/identityrecovery/3.1/admin/forest/forest.md) topic f ## Recover a Forest -Follow the steps to recover a forest. +To recover a forest: - **Step 1 –** Prepare an isolated environment to restore the forest to. See the [Target Server Considerations](/docs/identityrecovery/3.1/requirements/targetserver.md) topic to understand the requirements for a target environment and target servers for restoring domain controllers. -- **Step 2 –** Add the desired domain controllers to create a recovery playbook, also called a +- **Step 2 –** Add the domain controllers you want to create a recovery playbook, also called a restore playbook. For example, if you have a forest with one root domain and four child domains, you can add one @@ -59,16 +59,16 @@ restore to an isolated environment. Ideally it should be a physical environment environment can work too. For example, you can choose a Hyper-V or a VMware environment hosted in Azure or AWS, and isolated from the rest of the domain. -Once the desired domain controllers have at least one backup to choose from, you can start the -forest recovery playbook by adding the domain controllers to it. +After the domain controllers you want to restore have at least one backup to choose from, you can +start the forest recovery playbook by adding the domain controllers to it. :::note -You only need one backup of a domain controller for each domain in the forest. Any other -domains can then be added via the playbook or you should handle them manually using the "add DC to +You only need one backup of a domain controller for each domain in the forest. You can then add any other +domains via the playbook or handle them manually using the "add DC to the domain, let replication happen" model. ::: -Follow the steps to create a recovery playbook. +To create a recovery playbook: **Step 1 –** Click **Forest** in the left pane to open the Forest page. @@ -83,7 +83,7 @@ can specify the restore settings for the domain controller. ![Add to Recovery Playbook wizard - Domain Controller page](/images/identityrecovery/3.1/product/forest/recovery/forest_recovery_page1.png) **Step 4 –** On the Domain Controller page, the Source Domain Controller section displays -information for the domain controller that is being added to the playbook. It displays the domain it +information for the domain controller you're adding to the playbook. It displays the domain it is deployed to, its name, operating system, and the date and time of the most recent backup. In the Target Server section: @@ -101,31 +101,25 @@ topic for additional information. ![Add to Recovery Playbook wizard - Options page](/images/identityrecovery/3.1/product/forest/recovery/forest_recovery_page2.png) -**Step 6 –** From the **Backup** drop-down menu, select the backup to use for restoring the domain -controller. The drop-down menu lists the backups available for the domain controller. - -:::note -If you do not choose a backup for a domain controller, an attempt will be made to join the -domain controller to the existing domain that was restored previously in the playbook using a backup -of another domain controller. -::: +**Step 6 –** From the **Backup** dropdown menu, select the backup to use for restoring the domain +controller. The dropdown menu lists the backups available for the domain controller. **Step 7 –** If the backup is encrypted, provide the password used for encryption in the Encryption Password field. This would allow the recovery process to decrypt the backup. -**Step 8 –** From the **Roles** drop-down menu, select the FSMO role(s) the domain controller will -acquire when it is restored. You can: +**Step 8 –** From the **Roles** dropdown menu, select the FSMO roles the domain controller will +acquire when you restore it. You can: - Select the Acquire All Roles option to assign all FSMO roles to the domain controller. - Select one or more FSMO roles to assign to the domain controller. All five FSMO roles are listed. - Select Restore original roles to retain the previously assigned roles that are defined in the backup. -- Select Do not assign any roles if you do not want to assign any role to the domain controller. +- Select Don't assign any roles if you don't want to assign any role to the domain controller. This option is selected by default, because the first domain controller in your domain automatically acquires all the FSMO roles. **Step 9 –** In the DSRM Password field, set the Directory Services Restore Mode (DSRM) password for -the to-be-restored domain controller. +the domain controller you're restoring. **Step 10 –** Click **Next**. @@ -135,29 +129,29 @@ the to-be-restored domain controller. wizard. Use the Back button to return to a previous page and change any setting. Click **Complete** to finish the wizard. -The playbook has been created with the domain controller added to it. +The wizard creates the playbook with the domain controller added to it. -Repeat this process for all the domain controllers you wish to restore in the target environment. +Repeat this process for all the domain controllers you want to restore in the target environment. When you add another domain controller, it appears as a new tab added to the playbook. Click the tab representing a domain controller to view its details. ![Recovery Playbook created on the Forest Page](/images/identityrecovery/3.1/product/forest/recovery/forest_recovery_finished.png) -The following information is displayed for a domain controller in the playbook: +The playbook displays the following information for a domain controller: - Original Server – The name of the server that you added to the playbook for restore -- Target Server – The server where the domain should be restored +- Target Server – The server where Identity Recovery restores the domain - Domain – The domain the domain controller belongs to - Operating System – The operating system of the original server (the domain controller to be restored) - Version – The operating system of the original server (the domain controller to be restored) -- Roles – The FSMO role(s) the domain controller will acquire when restored -- Backup Time – the date and time of the backup that will be restored for the domain controller +- Roles – The FSMO roles the domain controller will acquire when restored +- Backup Time – the date and time of the backup that Identity Recovery restores for the domain controller ### Run the Recovery Playbook When your playbook is ready, click **Start** to initiate the forest recovery process. The machine -will reboot once the recovery process is complete +will reboot after the recovery process is complete Your new forest is ready for you to log in using any Administrator credentials from the forest. diff --git a/docs/kb/passwordreset/portal-access-and-authentication/password-reset-link-missing-duo-and-ppe-client.md b/docs/kb/passwordreset/portal-access-and-authentication/password-reset-link-missing-duo-and-ppe-client.md new file mode 100644 index 0000000000..bc53a6742f --- /dev/null +++ b/docs/kb/passwordreset/portal-access-and-authentication/password-reset-link-missing-duo-and-ppe-client.md @@ -0,0 +1,67 @@ +--- +description: >- + If the Password Reset link is missing in the Netwrix Password Reset client and Duo MFA and Password Policy Enforcer Client are both in the environment. This article explains the steps and registry settings needed to get Password Reset Client, Password Policy Enforcer Client, and Duo MFA working together. +keywords: + - password reset + - Password Reset client + - Duo + - ProvidersWhitelist + - registry + - Password Policy Enforcer Client + - GUID + - third-party credential provider +products: + - passwordreset +sidebar_label: Password Reset Link Missing with Duo and PPE Client +tags: + - kb +title: "Password Reset Link Is Missing with Duo and PPE Client Installed" +knowledge_article_id: "" +--- + +# Password Reset Link Is Missing with Duo and PPE Client Installed + +## Symptom + +The reset link is missing for Netwrix Password Reset when Duo MFA and Netwrix Password Policy Enforcer Client are installed. + +## Cause + +Multiple Credential Providers in the environment can conflict when you do not configure them correctly. Ensure that the credential stacks are in the correct order. + +The ProvidersWhitelist registry value must be added to the system to allow the Netwrix Password Reset Client and Netwrix Password Policy Enforcer Client to work together with Duo MFA. + +## Resolution + +1. Uninstall the following in this exact order: + - Duo MFA + - Netwrix Password Reset (NPR) Client + - Netwrix Password Policy Enforcer (PPE) Client + +2. Reboot the system. + +3. Reinstall the following in this exact order: + + > **IMPORTANT:** Restore any Duo settings that the uninstallation process may have removed before proceeding with the reinstall order below. + + - Duo MFA + - PPE Client + - NPR Client + +4. Add a ProvidersWhitelist multi-string value of `{407DAD37-1BA1-49BB-8401-45B22F5EF77C}` following the [Duo instructions ⸱ Duo 🡥](https://help.duo.com/s/article/4041?language=en_US). + +5. Press CTRL+ALT+DEL and select **Change Password**. + +6. Verify that PPE policies appear and that the Password Reset link appears on the Lock Screen. + +> **IMPORTANT:** If the Password Reset link is still missing or the PPE Client is not showing policies, confirm that the following registry values are not present on the machine: + > + > ``` + > [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ANIXIS\Password Reset Client] + > "PreferredProvider"="{44E2ED41-48C7-4712-A3C3-250C5E6D5D84}" + > "PreferredProviderUsernameField"=dword:00000001 + > "PreferredProviderFriendlyNameField"=dword:00000000 + > "PreferredProviderConfirmPasswordField"=dword:00000004 + > "PreferredProviderResetPasswordLinkField"=dword:00000006 + > "PreferredProviderLogOnToField"=dword:00000008 + > ``` \ No newline at end of file diff --git a/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/awsconfiguration.md b/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/awsconfiguration.md index c85240accc..46255ee2b7 100644 --- a/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/awsconfiguration.md +++ b/docs/privilegesecurediscovery/2.22/installation/containerbaseddeployment/awsconfiguration.md @@ -6,7 +6,7 @@ sidebar_position: 30 # AWS Configuration -Netwrix hosts NPS-D container images in a private Amazon Elastic Container Registry (ECR). You must +Netwrix hosts Netwrix Privilege Secure for Discovery (NPS-D) container images in a private Amazon Elastic Container Registry (ECR). You must authenticate each Ubuntu machine in the deployment with ECR before `secureone.sh` can pull images. Complete these steps on every node — primary and secondary — before running the deployment script. @@ -20,7 +20,7 @@ credentials. ## Configure AWS Credentials Run the following command and follow the prompts to enter the AWS Access Key ID, Secret Access Key, -and region. Use the credentials provided to you by Netwrix Support. +and region. Use the credentials Netwrix Support provides. ```bash # Configure AWS: @@ -43,7 +43,7 @@ After configuring credentials, authenticate Docker with the Netwrix ECR registry ```bash # Log in to ECR: aws ecr get-login-password --region us-west-2 | \ - sudo docker login --username AWS --password-stdin \ + docker login --username AWS --password-stdin \ 176947481038.dkr.ecr.us-west-2.amazonaws.com ``` diff --git a/static/openapi/changetracker-hub-8.1.yaml b/static/openapi/changetracker-hub-8.1.yaml index 5734bcbee5..313c709b45 100644 --- a/static/openapi/changetracker-hub-8.1.yaml +++ b/static/openapi/changetracker-hub-8.1.yaml @@ -9,8 +9,8 @@ paths: get: tags: - command - summary: 'Called by the agent, this returns a list of AgentTasks and latest tracking template definition dates for all the devices the agent manages.' - description: 'Called by the agent, this returns a list of AgentTasks and latest tracking template definition dates for all the devices the agent manages.' + summary: 'Poll agent tasks and template dates' + description: 'Returns a list of pending AgentTasks and the latest tracking template definition dates for all devices managed by the specified agent. Use this endpoint during the agent polling cycle to determine which tasks to execute and whether any template definitions have been updated since the last poll.' operationId: GetAgentPolltaskspollAgentId_Get parameters: - name: UniqueId @@ -118,8 +118,8 @@ paths: post: tags: - command - summary: 'Called by the agent, this returns a list of AgentTasks and latest tracking template definition dates for all the devices the agent manages.' - description: 'Called by the agent, this returns a list of AgentTasks and latest tracking template definition dates for all the devices the agent manages.' + summary: 'Poll agent tasks and template dates' + description: 'Returns a list of pending AgentTasks and the latest tracking template definition dates for all devices managed by the specified agent. Submit this request when the agent polls for new work, allowing the hub to communicate task assignments and template update notifications.' operationId: GetAgentPolltaskspollAgentId_Post requestBody: content: @@ -142,8 +142,8 @@ paths: get: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Returns task information for the specified agent, optionally filtered by AgentId, DeviceId, task status, task IDs, or policy run ID. Use the Concise flag to omit large text and result-data fields from the response, and use the pagination parameters to page through large result sets. operationId: GetAgentTaskstasksagentAgentId_Get parameters: - name: AgentId @@ -257,8 +257,8 @@ paths: post: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Submits a request for task information for the specified agent. Accepts the same filtering options as the GET variant, including task status, task type, and Concise mode, via the request body. operationId: GetAgentTaskstasksagentAgentId_Post requestBody: content: @@ -281,8 +281,8 @@ paths: post: tags: - submitAgentTaskResultStream - summary: Used to submit agent task result data to the hub as a stream. - description: Used to submit agent task result data to the hub as a stream. + summary: Stream agent task result data + description: Submits agent task result data to the hub as a streaming upload. Use this endpoint when the result payload is too large to send as a single request body, sending chunks incrementally until the task result is complete. operationId: SubmitAgentTaskResultStreamAgentIdDeviceIdTaskId_Post requestBody: content: @@ -305,8 +305,8 @@ paths: get: tags: - submitAgentTaskResultData - summary: 'Adds report result data for the given agent report, called by the agent. This is the new format used by the Gen 7 agent.' - description: 'Adds report result data for the given agent report, called by the agent. This is the new format used by the Gen 7 agent.' + summary: 'Submit Gen 7 agent task data' + description: Submits report result data to the hub for the specified agent report task using the Gen 7 format. Provide the TaskId, result DataValues, and final Status to indicate whether the task completed successfully or encountered an error. operationId: SubmitAgentTaskResultData_Get parameters: - name: AgentId @@ -364,8 +364,8 @@ paths: post: tags: - submitAgentTaskResultData - summary: 'Adds report result data for the given agent report, called by the agent. This is the new format used by the Gen 7 agent.' - description: 'Adds report result data for the given agent report, called by the agent. This is the new format used by the Gen 7 agent.' + summary: 'Submit Gen 7 agent task data' + description: Submits report result data to the hub for the specified agent report task using the Gen 7 format. Supply the TaskId, DataValues, and Status in the request body to record the outcome of the completed task. operationId: SubmitAgentTaskResultData_Post requestBody: content: @@ -386,8 +386,8 @@ paths: get: tags: - submitAgentTaskResult - summary: 'Adds task result data for the given agent task, called by the agent.' - description: 'Adds task result data for the given agent task, called by the agent.' + summary: 'Submit agent task result' + description: Submits task result data to the hub for the specified agent task. Supply the AgentId, DeviceId, and TaskId along with the result payload, which may be a single string in ResultData, a list of items in ResultDataItems, or rule evaluation results in RuleItemResults. operationId: SubmitAgentTaskResult_Get parameters: - name: AgentId @@ -474,8 +474,8 @@ paths: post: tags: - submitAgentTaskResult - summary: 'Adds task result data for the given agent task, called by the agent.' - description: 'Adds task result data for the given agent task, called by the agent.' + summary: 'Submit agent task result' + description: Submits task result data to the hub for the specified agent task. Supply the AgentId, DeviceId, TaskId, result payload, and final Status in the request body. operationId: SubmitAgentTaskResult_Post requestBody: content: @@ -496,8 +496,8 @@ paths: get: tags: - credential - summary: Get specific credentials for requested type and key (name). - description: Get specific credentials for requested type and key (name). + summary: Get credentials by type and key + description: Returns the stored credentials matching the specified type and key name. Supported credential types include Shell, Database, FTP, Cloud, ESX, ITSM, and Splunk. Use this endpoint to retrieve connection credentials for use by agents or proxy configurations. operationId: GetCredentials_Get parameters: - name: CredentialsType @@ -539,8 +539,8 @@ paths: post: tags: - credential - summary: Get specific credentials for requested type and key (name). - description: Get specific credentials for requested type and key (name). + summary: Get credentials by type and key + description: Returns the stored credentials matching the specified type and key name supplied in the request body. Supported credential types include Shell, Database, FTP, Cloud, ESX, ITSM, and Splunk. operationId: GetCredentials_Post requestBody: content: @@ -564,7 +564,7 @@ paths: tags: - policyTemplates summary: Gets matching config templates. - description: Gets matching config templates. + description: Returns configuration policy templates matching the specified filter criteria. Filter by name, name substring, template version, tracker type, usage tags, or trust status. Set ReturnXml to true to include the full template XML definition in the response. operationId: GetPolicyTemplates_Get parameters: - name: Name @@ -713,7 +713,7 @@ paths: tags: - policyTemplates summary: Gets matching config templates. - description: Gets matching config templates. + description: Returns configuration policy templates matching the filter criteria supplied in the request body. Supports the same filtering options as the GET variant, including name, tracker type, usage tags, and pagination. operationId: GetPolicyTemplates_Post requestBody: content: @@ -736,8 +736,8 @@ paths: get: tags: - policyTemplateVariables - summary: A request to get a list of variable definitions from a named report to be collected by the agent. - description: A request to get a list of variable definitions from a named report to be collected by the agent. + summary: Get report variable definitions + description: Returns a list of variable definitions from the specified report template that the agent must collect. Use the ReturnConfigAsXml flag to receive any required configuration as an XML string rather than a structured object. operationId: GetPolicyTemplateVariables_Get parameters: - name: PolicyTemplateName @@ -770,8 +770,8 @@ paths: post: tags: - policyTemplateVariables - summary: A request to get a list of variable definitions from a named report to be collected by the agent. - description: A request to get a list of variable definitions from a named report to be collected by the agent. + summary: Get report variable definitions + description: Returns a list of variable definitions from the specified report template that the agent must collect. Supply the template name and format preference in the request body. operationId: GetPolicyTemplateVariables_Post requestBody: content: @@ -794,8 +794,8 @@ paths: get: tags: - deviceCredentials - summary: A request to get the names of credentials associated with an agent. - description: A request to get the names of credentials associated with an agent. + summary: Get agent credential names + description: Returns the names of all credentials associated with the specified agent device. Use this endpoint to discover which credential sets are available before making targeted credential lookup calls. operationId: GetCredentialsForAgentDevice_Get parameters: - name: AgentDevice @@ -825,8 +825,8 @@ paths: post: tags: - deviceCredentials - summary: A request to get the names of credentials associated with an agent. - description: A request to get the names of credentials associated with an agent. + summary: Get agent credential names + description: Returns the names of all credentials associated with the specified agent device. Supply the agent device details in the request body. operationId: GetCredentialsForAgentDevice_Post requestBody: content: @@ -852,8 +852,8 @@ paths: get: tags: - deviceDbCredentials - summary: A request to get the database credentials associated with a database proxied agent. - description: A request to get the database credentials associated with a database proxied agent. + summary: Get proxied agent database credentials + description: Returns the database credentials associated with the specified database-proxied agent device. Use this endpoint when a proxy agent needs to retrieve connection credentials for the database device it manages. operationId: GetDbCredentialForDatabaseAgentDevice_Get parameters: - name: AgentDevice @@ -880,8 +880,8 @@ paths: post: tags: - deviceDbCredentials - summary: A request to get the database credentials associated with a database proxied agent. - description: A request to get the database credentials associated with a database proxied agent. + summary: Get proxied agent database credentials + description: Returns the database credentials associated with the specified database-proxied agent device. Supply the agent device details in the request body. operationId: GetDbCredentialForDatabaseAgentDevice_Post requestBody: content: @@ -904,8 +904,8 @@ paths: get: tags: - groupMemberships - summary: 'A request to return groups this agent or group is a member of, including parents of parents etc.' - description: 'A request to return groups this agent or group is a member of, including parents of parents etc.' + summary: 'Get agent or group memberships' + description: Returns all groups that the specified agent or group belongs to, including transitively inherited parent groups. For example, if a device belongs to a "Windows 7" group that is itself a member of a "Windows" group, both groups are returned unless ExcludeInherited is set to true. operationId: GroupMemberships_Get parameters: - name: MemberName @@ -951,8 +951,8 @@ paths: post: tags: - groupMemberships - summary: 'A request to return groups this agent or group is a member of, including parents of parents etc.' - description: 'A request to return groups this agent or group is a member of, including parents of parents etc.' + summary: 'Get agent or group memberships' + description: Returns all groups that the specified agent or group belongs to, including transitively inherited parent groups. Supply the member name, member type, and ExcludeInherited preference in the request body. operationId: GroupMemberships_Post requestBody: content: @@ -978,8 +978,8 @@ paths: get: tags: - agents - summary: A request to return agents matching the device filter. - description: A request to return agents matching the device filter. + summary: List agents by device filter + description: Returns a list of agents matching the specified device filter. Use the optional flags to include related data such as group details, credentials, planned changes, proxy agents, and applied templates. Supports pagination and sorting through the standard query parameters. operationId: GetAgents_Get parameters: - name: ExcludeTotalCount @@ -1088,8 +1088,8 @@ paths: post: tags: - agents - summary: A request to return agents matching the device filter. - description: A request to return agents matching the device filter. + summary: List agents by device filter + description: Returns a list of agents matching the specified device filter. Supply all filter and pagination options in the request body. Supports the same related-data flags as the GET variant. operationId: GetAgents_Post requestBody: content: @@ -1112,8 +1112,8 @@ paths: get: tags: - agents - summary: Registers the details of an Agent with the system. - description: Registers the details of an Agent with the system. + summary: Register agent details + description: Registers a new agent or proxied device with the hub and returns the resulting Agent record. Supply device properties such as host name, host type, group memberships, and credentials. The UniqueId parameter prevents duplicate registrations if the hub store is reset and agent IDs are reissued. operationId: RegisterAgentregister_Get parameters: - name: CanProxy @@ -1267,8 +1267,8 @@ paths: post: tags: - agents - summary: Registers the details of an Agent with the system. - description: Registers the details of an Agent with the system. + summary: Register agent details + description: Registers a new agent or proxied device with the hub and returns the resulting Agent record. Supply all device properties in the request body, including host name, host type, group memberships, and credentials. operationId: RegisterAgentregister_Post requestBody: content: @@ -1292,7 +1292,7 @@ paths: tags: - agents summary: Update an Agent's details. - description: Update an Agent's details. + description: Updates the specified agent's details and returns the refreshed agent list. Use the Update* boolean flags to control which fields are actually written, allowing partial updates without overwriting fields that were not supplied. operationId: UpdateAgentupdate_Get parameters: - name: Agent @@ -1416,7 +1416,7 @@ paths: tags: - agents summary: Update an Agent's details. - description: Update an Agent's details. + description: Updates the specified agent's details and returns the refreshed agent list. Supply the agent object and the Update* boolean flags in the request body to control which fields are written. operationId: UpdateAgentupdate_Post requestBody: content: @@ -1439,8 +1439,8 @@ paths: get: tags: - agents - summary: A request to find agents matching the device filter and search criteria. - description: A request to find agents matching the device filter and search criteria. + summary: Find agents by filter and criteria + description: Returns agents that match both the device filter and the specified text search criteria. Use this endpoint to perform free-text searches across agent fields, with the results scoped to the devices identified by the DeviceFilter. operationId: SearchAgentssearch_Get parameters: - name: DeviceFilter @@ -1512,8 +1512,8 @@ paths: post: tags: - agents - summary: A request to find agents matching the device filter and search criteria. - description: A request to find agents matching the device filter and search criteria. + summary: Find agents by filter and criteria + description: Returns agents that match both the device filter and text search criteria supplied in the request body. Accepts the same filter and pagination options as the GET variant. operationId: SearchAgentssearch_Post requestBody: content: @@ -1536,8 +1536,8 @@ paths: get: tags: - agents - summary: Registers the details of the specified Agents with the system. - description: Registers the details of the specified Agents with the system. + summary: Register specified agents + description: Pre-registers a batch of agents with the hub before they connect for the first time. Returns the pre-registration response for each supplied agent, allowing you to provision agent records in advance of deployment. operationId: PreRegisterAgentspreRegister_Get parameters: - name: Agents @@ -1567,8 +1567,8 @@ paths: post: tags: - agents - summary: Registers the details of the specified Agents with the system. - description: Registers the details of the specified Agents with the system. + summary: Register specified agents + description: Pre-registers a batch of agents with the hub before they connect for the first time. Supply the list of agent registration details in the request body. operationId: PreRegisterAgentspreRegister_Post requestBody: content: @@ -1591,8 +1591,8 @@ paths: get: tags: - deviceConfig - summary: Get the tracking configuration template from the merged result of the group configurations for the groups the device is in. - description: Get the tracking configuration template from the merged result of the group configurations for the groups the device is in. + summary: Get merged device tracking config + description: Returns the effective tracking configuration for the specified device by merging all group-level policy templates that apply to it. Use ReturnDocument to receive a structured template object, or set it to false to receive the raw XML string. operationId: GetDeviceConfig_Get parameters: - name: AgentDevice @@ -1636,8 +1636,8 @@ paths: post: tags: - deviceConfig - summary: Get the tracking configuration template from the merged result of the group configurations for the groups the device is in. - description: Get the tracking configuration template from the merged result of the group configurations for the groups the device is in. + summary: Get merged device tracking config + description: Returns the effective tracking configuration for the specified device by merging all group-level policy templates that apply to it. Supply the agent device identifier and response format preference in the request body. operationId: GetDeviceConfig_Post requestBody: content: @@ -1660,8 +1660,8 @@ paths: get: tags: - deviceSettings - summary: 'Gets the device settings for the device or group, based on the global device settings and any group specific overrides.' - description: 'Gets the device settings for the device or group, based on the global device settings and any group specific overrides.' + summary: 'Get device or group settings' + description: 'Returns the effective device settings for the specified device or group, combining the global defaults with any group-specific overrides. Provide either an AgentId and DeviceId pair or a GroupName to identify the target.' operationId: GetDeviceSettings_Get parameters: - name: AgentId @@ -1698,8 +1698,8 @@ paths: post: tags: - deviceSettings - summary: 'Gets the device settings for the device or group, based on the global device settings and any group specific overrides.' - description: 'Gets the device settings for the device or group, based on the global device settings and any group specific overrides.' + summary: 'Get device or group settings' + description: 'Returns the effective device settings for the specified device or group, combining the global defaults with any group-specific overrides. Supply the AgentId and DeviceId pair or GroupName in the request body.' operationId: GetDeviceSettings_Post requestBody: content: @@ -1722,8 +1722,8 @@ paths: get: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns a filtered list of events from the hub. Use the DeviceFilter and EventFilter to scope results by device and event type, the StartUtc and EndUtc parameters to define the time window, and the pagination parameters to control the result set size. Optionally include event history or populate the AllEvents list by setting the corresponding flags. operationId: GetEvents_Get parameters: - name: Comment @@ -1899,8 +1899,8 @@ paths: post: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns a filtered list of events from the hub. Supply device filter, event filter, time range, and pagination options in the request body. Supports the same filtering and response options as the GET variant. operationId: GetEvents_Post requestBody: content: @@ -1923,8 +1923,8 @@ paths: get: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns events from the hub starting at the specified UTC timestamp supplied in the path. Use the DeviceFilter, EventFilter, and pagination parameters to further narrow results. The StartUtc path parameter is combined with EndUtc and any offset values in the query string. operationId: GetEventsstartStartUtc_Get parameters: - name: Comment @@ -2100,8 +2100,8 @@ paths: post: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns events from the hub starting at the specified UTC timestamp in the path. Supply additional filters, pagination, and format options in the request body. operationId: GetEventsstartStartUtc_Post requestBody: content: @@ -2124,8 +2124,8 @@ paths: get: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns events from the hub up to the specified end timestamp supplied in the path. Use the DeviceFilter, EventFilter, and pagination parameters to further narrow results. operationId: GetEventsendEnd_Get parameters: - name: Comment @@ -2301,8 +2301,8 @@ paths: post: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns events from the hub up to the specified end timestamp in the path. Supply additional filters, pagination, and format options in the request body. operationId: GetEventsendEnd_Post requestBody: content: @@ -2325,8 +2325,8 @@ paths: get: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns events from the hub within the date range defined by the StartUtc and End path parameters. Use this endpoint for time-bounded queries without relying on query string date parameters, and combine it with device and event filters for more precise results. operationId: GetEventsstartStartUtcendEnd_Get parameters: - name: Comment @@ -2502,8 +2502,8 @@ paths: post: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns events from the hub within the date range defined by the StartUtc and End path parameters. Supply additional filters and pagination options in the request body. operationId: GetEventsstartStartUtcendEnd_Post requestBody: content: @@ -2526,8 +2526,8 @@ paths: get: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns a paginated list of events from the hub using the Skip and Take values specified in the path. Use this endpoint to retrieve specific result pages without relying on query string pagination parameters. operationId: GetEventsskipSkiptakeTake_Get parameters: - name: Comment @@ -2703,8 +2703,8 @@ paths: post: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns a paginated list of events from the hub using the Skip and Take values specified in the path. Supply additional filter options in the request body. operationId: GetEventsskipSkiptakeTake_Post requestBody: content: @@ -2727,8 +2727,8 @@ paths: get: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns a filtered list of events from the hub service. Use the query parameters to scope results by device, event type, time range, or status. Supply a TimeZoneId to receive times converted to the caller's local time zone. operationId: GetEventsEventId_Get parameters: - name: Comment @@ -2904,8 +2904,8 @@ paths: post: tags: - events - summary: Retrieves a list of events from the hub service. - description: Retrieves a list of events from the hub service. + summary: Retrieve events from hub + description: Returns a filtered list of events from the hub service using a POST body. Use this form when the query parameters would exceed URL length limits. Supply a TimeZoneId in the body to receive times converted to the caller's local time zone. operationId: GetEventsEventId_Post requestBody: content: @@ -2928,8 +2928,8 @@ paths: get: tags: - alertEvents - summary: Adds a list of alert events to the system. - description: Adds a list of alert events to the system. + summary: Submit alert events + description: Submits a list of alert events to the hub for processing. Use this endpoint to send alert notifications from agents or external sources. Returns 204 No Content on success. operationId: SubmitAlertEventsadd_Get parameters: - name: Events @@ -2957,8 +2957,8 @@ paths: post: tags: - alertEvents - summary: Adds a list of alert events to the system. - description: Adds a list of alert events to the system. + summary: Submit alert events + description: Submits a list of alert events to the hub for processing using a POST body. Use this form to send alert event payloads that are too large for a query string. Returns 204 No Content on success. operationId: SubmitAlertEventsadd_Post requestBody: content: @@ -2979,8 +2979,8 @@ paths: get: tags: - alertEvents - summary: Adds a list of alert events to the system. The response can indicate a rate-limiting back off time. - description: Adds a list of alert events to the system. The response can indicate a rate-limiting back off time. + summary: Submit alert events with rate limiting + description: Submits a list of alert events to the hub and applies rate limiting. If the hub is processing events faster than it can handle, the response includes a back-off time that the caller should wait before sending further events. operationId: SubmitAlertEventsLimitedlimitedAdd_Get parameters: - name: Events @@ -3010,8 +3010,8 @@ paths: post: tags: - alertEvents - summary: Adds a list of alert events to the system. The response can indicate a rate-limiting back off time. - description: Adds a list of alert events to the system. The response can indicate a rate-limiting back off time. + summary: Submit alert events with rate limiting + description: Submits a list of alert events to the hub using a POST body and applies rate limiting. The response includes a back-off interval when the hub signals that the caller should slow its submission rate. operationId: SubmitAlertEventsLimitedlimitedAdd_Post requestBody: content: @@ -3034,8 +3034,8 @@ paths: get: tags: - baselineEvents - summary: Adds a list of baseline events to the system. - description: Adds a list of baseline events to the system. + summary: Submit baseline events + description: Submits a list of baseline events to the hub for processing. Use this endpoint to record baseline snapshots captured by agents. Returns 204 No Content on success. operationId: SubmitBaselineEventsadd_Get parameters: - name: Events @@ -3063,8 +3063,8 @@ paths: post: tags: - baselineEvents - summary: Adds a list of baseline events to the system. - description: Adds a list of baseline events to the system. + summary: Submit baseline events + description: Submits a list of baseline events to the hub for processing using a POST body. Use this form when the event payload is too large for a query string. Returns 204 No Content on success. operationId: SubmitBaselineEventsadd_Post requestBody: content: @@ -3085,8 +3085,8 @@ paths: get: tags: - baselineEvents - summary: Adds a list of baseline events to the system. The response can indicate a rate-limiting back off time. - description: Adds a list of baseline events to the system. The response can indicate a rate-limiting back off time. + summary: Submit baseline events with rate limiting + description: Submits a list of baseline events to the hub and applies rate limiting. If the hub signals that the submission rate is too high, the response includes a back-off interval that the caller should respect before sending more events. operationId: SubmitBaselineEventsLimitedlimitedAdd_Get parameters: - name: Events @@ -3116,8 +3116,8 @@ paths: post: tags: - baselineEvents - summary: Adds a list of baseline events to the system. The response can indicate a rate-limiting back off time. - description: Adds a list of baseline events to the system. The response can indicate a rate-limiting back off time. + summary: Submit baseline events with rate limiting + description: Submits a list of baseline events to the hub using a POST body and applies rate limiting. The response includes a back-off interval when the hub signals that the caller should reduce its submission rate. operationId: SubmitBaselineEventsLimitedlimitedAdd_Post requestBody: content: @@ -3140,8 +3140,8 @@ paths: get: tags: - deviceEvents - summary: Adds a list of device change events to the system. - description: Adds a list of device change events to the system. + summary: Submit device change events + description: Submits a list of device change events to the hub for processing. Use this endpoint when agents report detected changes on monitored devices. Returns 204 No Content on success. operationId: SubmitDeviceEventsadd_Get parameters: - name: Events @@ -3169,8 +3169,8 @@ paths: post: tags: - deviceEvents - summary: Adds a list of device change events to the system. - description: Adds a list of device change events to the system. + summary: Submit device change events + description: Submits a list of device change events to the hub for processing using a POST body. Use this form when the event payload is too large for a query string. Returns 204 No Content on success. operationId: SubmitDeviceEventsadd_Post requestBody: content: @@ -3191,8 +3191,8 @@ paths: get: tags: - deviceEvents - summary: Adds a list of device change events to the system. The response can indicate a rate-limiting back off time. - description: Adds a list of device change events to the system. The response can indicate a rate-limiting back off time. + summary: Submit device change events with rate limiting + description: Submits a list of device change events to the hub and applies rate limiting. When the hub is under heavy load, the response includes a back-off interval that the caller should wait before submitting further events. operationId: SubmitDeviceEventsLimitedlimitedAdd_Get parameters: - name: Events @@ -3222,8 +3222,8 @@ paths: post: tags: - deviceEvents - summary: Adds a list of device change events to the system. The response can indicate a rate-limiting back off time. - description: Adds a list of device change events to the system. The response can indicate a rate-limiting back off time. + summary: Submit device change events with rate limiting + description: Submits a list of device change events to the hub using a POST body and applies rate limiting. The response includes a back-off interval when the hub signals that the caller should slow its event submission rate. operationId: SubmitDeviceEventsLimitedlimitedAdd_Post requestBody: content: @@ -3246,8 +3246,8 @@ paths: get: tags: - status - summary: Gets whether system is booted and ready for login. - description: Gets whether system is booted and ready for login. + summary: Get system boot status + description: Returns a value indicating whether the hub system has fully booted and is ready to accept login requests. Use this endpoint to poll hub availability before attempting authentication. operationId: SystemReadyready_Get parameters: - name: Version @@ -3267,8 +3267,8 @@ paths: post: tags: - status - summary: Gets whether system is booted and ready for login. - description: Gets whether system is booted and ready for login. + summary: Get system boot status + description: Returns a value indicating whether the hub system has fully booted and is ready to accept login requests. Use this POST form when a GET request is not appropriate for the calling environment. operationId: SystemReadyready_Post requestBody: content: @@ -3289,8 +3289,8 @@ paths: get: tags: - status - summary: Gets system version and config settings once logged in. - description: Gets system version and config settings once logged in. + summary: Get system version and config + description: Returns the hub system version and key configuration settings. Call this endpoint after authentication to verify the hub version and capabilities available to the current session. operationId: SystemDetailssystem_Get parameters: - name: Version @@ -3312,8 +3312,8 @@ paths: post: tags: - status - summary: Gets system version and config settings once logged in. - description: Gets system version and config settings once logged in. + summary: Get system version and config + description: Returns the hub system version and key configuration settings using a POST body. Use this form when a GET request is not appropriate for the calling environment. operationId: SystemDetailssystem_Post requestBody: content: @@ -3336,8 +3336,8 @@ paths: get: tags: - status - summary: 'Retrieves a list of background, potentially long-running, tasks the hub has performed and their associated status.' - description: 'Retrieves a list of background, potentially long-running, tasks the hub has performed and their associated status.' + summary: 'List background task statuses' + description: 'Returns a list of background tasks the hub has performed, along with their current status. Filter results by user, time range, task type, or specific task IDs. Admin users can retrieve tasks for other users or internal system operations.' operationId: GetBackgroundTaskStatusesbackgroundtasks_Get parameters: - name: UserName @@ -3410,8 +3410,8 @@ paths: post: tags: - status - summary: 'Retrieves a list of background, potentially long-running, tasks the hub has performed and their associated status.' - description: 'Retrieves a list of background, potentially long-running, tasks the hub has performed and their associated status.' + summary: 'List background task statuses' + description: 'Returns a list of background tasks the hub has performed, along with their current status, using a POST body. Filter results by user, time range, task type, or specific task IDs.' operationId: GetBackgroundTaskStatusesbackgroundtasks_Post requestBody: content: @@ -3437,8 +3437,8 @@ paths: get: tags: - status - summary: Gets the number of events currently in the processing queue. - description: Gets the number of events currently in the processing queue. + summary: Events in processing queue + description: Returns the count of events currently waiting in the hub's incoming processing queue. Use this value to monitor queue depth and assess processing backlog. operationId: EventsOnIncomingQueueeventsOnIncomingQueue_Get parameters: - name: Version @@ -3462,8 +3462,8 @@ paths: post: tags: - status - summary: Gets the number of events currently in the processing queue. - description: Gets the number of events currently in the processing queue. + summary: Events in processing queue + description: Returns the count of events currently waiting in the hub's incoming processing queue using a POST body. Use this value to monitor queue depth and assess processing backlog. operationId: EventsOnIncomingQueueeventsOnIncomingQueue_Post requestBody: content: @@ -3488,8 +3488,8 @@ paths: get: tags: - status - summary: 'Returns the number of internal event notification messages received, processed or failed.' - description: 'Returns the number of internal event notification messages received, processed or failed.' + summary: 'Count internal event notifications' + description: 'Returns a dictionary of internal event notification message counters, showing the number of messages received, successfully processed, and failed. Use this endpoint to diagnose event processing health.' operationId: EventMessageStatusmessageStatus_Get parameters: - name: Version @@ -3515,8 +3515,8 @@ paths: post: tags: - status - summary: 'Returns the number of internal event notification messages received, processed or failed.' - description: 'Returns the number of internal event notification messages received, processed or failed.' + summary: 'Count internal event notifications' + description: 'Returns a dictionary of internal event notification message counters, showing the number of messages received, successfully processed, and failed, using a POST body.' operationId: EventMessageStatusmessageStatus_Post requestBody: content: @@ -3543,8 +3543,8 @@ paths: get: tags: - status - summary: 'Gets the pipeline status, returning a dictionary of pipeline components and their current status.' - description: 'Gets the pipeline status, returning a dictionary of pipeline components and their current status.' + summary: 'Get pipeline component statuses' + description: 'Returns the current operational status of each pipeline component as a key-value map. Possible component statuses include Unknown, Starting, Up, Stopping, Down, Busy, Fault, and RequiresUpgrade.' operationId: GetPipelineStatuspipeline_Get parameters: - name: Version @@ -3579,8 +3579,8 @@ paths: post: tags: - status - summary: 'Gets the pipeline status, returning a dictionary of pipeline components and their current status.' - description: 'Gets the pipeline status, returning a dictionary of pipeline components and their current status.' + summary: 'Get pipeline component statuses' + description: 'Returns the current operational status of each pipeline component as a key-value map using a POST body. Possible component statuses include Unknown, Starting, Up, Stopping, Down, Busy, Fault, and RequiresUpgrade.' operationId: GetPipelineStatuspipeline_Post requestBody: content: @@ -3617,7 +3617,7 @@ paths: tags: - status summary: Gets system performance metrics. - description: Gets system performance metrics. + description: Returns a list of performance snapshots for the hub pipeline. Use this endpoint to monitor throughput, latency, and resource utilization over time. operationId: GetPipelineMetricspipelineMetrics_Get parameters: - name: Version @@ -3643,7 +3643,7 @@ paths: tags: - status summary: Gets system performance metrics. - description: Gets system performance metrics. + description: Returns a list of performance snapshots for the hub pipeline using a POST body. Use this endpoint to monitor throughput, latency, and resource utilization over time. operationId: GetPipelineMetricspipelineMetrics_Post requestBody: content: @@ -3670,7 +3670,7 @@ paths: tags: - status summary: Returns the pipeline workload. - description: Returns the pipeline workload. + description: Returns a dictionary of pipeline workload metrics, each expressed as a numeric value. Use this endpoint to assess the current processing load on individual pipeline stages. operationId: GetWorkloadStatsworkload_Get parameters: - name: Version @@ -3699,7 +3699,7 @@ paths: tags: - status summary: Returns the pipeline workload. - description: Returns the pipeline workload. + description: Returns a dictionary of pipeline workload metrics using a POST body. Use this endpoint to assess the current processing load on individual pipeline stages. operationId: GetWorkloadStatsworkload_Post requestBody: content: @@ -3729,7 +3729,7 @@ paths: tags: - status summary: Returns the cache statistics. - description: Returns the cache statistics. + description: Returns statistics for the hub's internal cache, including hit rates and entry counts. Use this endpoint to diagnose caching performance or confirm that cache invalidation has taken effect. operationId: GetCacheStatscache_Get parameters: - name: Version @@ -3752,7 +3752,7 @@ paths: tags: - status summary: Returns the cache statistics. - description: Returns the cache statistics. + description: Returns statistics for the hub's internal cache using a POST body, including hit rates and entry counts. Use this endpoint to diagnose caching performance or confirm that cache invalidation has taken effect. operationId: GetCacheStatscache_Post requestBody: content: @@ -3790,7 +3790,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns the list of report types available on this hub. Use the returned type identifiers when creating new scheduled reports with the AddScheduledReport endpoint. operationId: GetAvailableReportTypesavailableTypes_Get parameters: - name: Version @@ -3813,7 +3813,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns the list of report types available on this hub using a POST body. Use the returned type identifiers when creating new scheduled reports with the AddScheduledReport endpoint. operationId: GetAvailableReportTypesavailableTypes_Post requestBody: content: @@ -3837,7 +3837,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns the raw content of a report layout template. Use this endpoint to retrieve a template for inspection or as the basis for a customized version. operationId: GetReportTemplatetemplate_Get parameters: - name: Version @@ -3861,7 +3861,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns the raw content of a report layout template using a POST body. Use this endpoint to retrieve a template for inspection or as the basis for a customized version. operationId: GetReportTemplatetemplate_Post requestBody: content: @@ -3886,7 +3886,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns a list of all available report layout templates. Use the returned template names and versions when selecting a layout for report rendering or when managing custom templates. operationId: GetReportTemplatestemplates_Get parameters: - name: Version @@ -3909,7 +3909,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns a list of all available report layout templates using a POST body. Use the returned template names and versions when selecting a layout for report rendering or when managing custom templates. operationId: GetReportTemplatestemplates_Post requestBody: content: @@ -3933,7 +3933,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns the list of currently configured scheduled reports. The response lists each report's current state including its schedule, visibility settings, and last execution details. operationId: GetScheduledReportsscheduled_Get parameters: - name: Version @@ -3956,7 +3956,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns the list of currently configured scheduled reports using a POST body. The response lists each report's current state including its schedule, visibility settings, and last execution details. operationId: GetScheduledReportsscheduled_Post requestBody: content: @@ -3980,7 +3980,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Updates an existing report layout template on the hub. Use this endpoint to push a revised template definition and replace the current version. operationId: UpdateReportTemplateupdatetemplate_Get parameters: - name: Version @@ -4003,7 +4003,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Updates an existing report layout template on the hub using a POST body. Use this endpoint to push a revised template definition and replace the current version. operationId: UpdateReportTemplateupdatetemplate_Post requestBody: content: @@ -4027,7 +4027,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Uploads a new custom report layout template to the hub. Returns 204 No Content on success. Use this endpoint to deploy bespoke report templates that are then available for selection when rendering reports. operationId: UploadReportTemplateuploadreporttemplate_Post requestBody: content: @@ -4048,8 +4048,8 @@ paths: get: tags: - reports - summary: Deletes a report layout template of the specified type and name - description: Deletes a report layout template of the specified type and name + summary: Delete report layout template + description: Permanently removes a custom report layout template identified by its type, name, and version. This operation cannot be undone, so ensure the correct template is targeted before calling this endpoint. operationId: DeleteCustomReportTemplatedeletecustomreporttemplate_Get parameters: - name: ReportTemplateType @@ -4100,8 +4100,8 @@ paths: post: tags: - reports - summary: Deletes a report layout template of the specified type and name - description: Deletes a report layout template of the specified type and name + summary: Delete report layout template + description: Permanently removes a custom report layout template identified by its type, name, and version using a POST body. This operation cannot be undone, so ensure the correct template is targeted before calling this endpoint. operationId: DeleteCustomReportTemplatedeletecustomreporttemplate_Post requestBody: content: @@ -4122,8 +4122,8 @@ paths: get: tags: - reports - summary: A request to gets the data for a device monitoring report - description: A request to gets the data for a device monitoring report + summary: Get device monitoring report data + description: Returns the data required to populate a device monitoring report. Filter results by device group, online status, or a date range. Use the Groups parameter to limit results to specific device groups and their children. operationId: DataSpecDeviceMonitoringReportdevicemonitoring_Get parameters: - name: DateRange @@ -4201,8 +4201,8 @@ paths: post: tags: - reports - summary: A request to gets the data for a device monitoring report - description: A request to gets the data for a device monitoring report + summary: Get device monitoring report data + description: Returns the data required to populate a device monitoring report using a POST body. Filter results by device group, online status, or a date range. Use the Groups parameter to limit results to specific device groups and their children. operationId: DataSpecDeviceMonitoringReportdevicemonitoring_Post requestBody: content: @@ -4324,7 +4324,7 @@ paths: tags: - stats summary: Stats Service - description: Stats Service + description: Returns a paginated list of planned changes currently active on the hub. Use the sort and pagination parameters to control ordering and page size of the returned results. operationId: GetCurrentPlannedChangesplannedChanges_Get parameters: - name: CountOnly @@ -4387,7 +4387,7 @@ paths: tags: - stats summary: Stats Service - description: Stats Service + description: Returns a paginated list of currently active planned changes using a POST body. Use the sort and pagination parameters to control ordering and page size of the returned results. operationId: GetCurrentPlannedChangesplannedChanges_Post requestBody: content: @@ -4410,8 +4410,8 @@ paths: get: tags: - stats - summary: 'Get report summaries by report, for either individual devices, or as group average.' - description: 'Get report summaries by report, for either individual devices, or as group average.' + summary: 'Get device or group report summaries' + description: 'Returns compliance report summary data for a scheduled report item. Results include per-device scores or group-average scores depending on the report configuration. Use the pagination parameters to page through large result sets.' operationId: GetComplianceDatacompliancedata_Get parameters: - name: ReportItemId @@ -4479,8 +4479,8 @@ paths: post: tags: - stats - summary: 'Get report summaries by report, for either individual devices, or as group average.' - description: 'Get report summaries by report, for either individual devices, or as group average.' + summary: 'Get device or group report summaries' + description: 'Returns compliance report summary data for a scheduled report item using a POST body. Results include per-device scores or group-average scores depending on the report configuration.' operationId: GetComplianceDatacompliancedata_Post requestBody: content: @@ -4503,8 +4503,8 @@ paths: get: tags: - stats - summary: Get a list of groups or devices that have report data available for them - description: Get a list of groups or devices that have report data available for them + summary: List groups with available report data + description: Returns a list of groups and devices for which compliance report data is currently available. Use this endpoint to determine which entities can be queried before requesting compliance summary data. operationId: GetAvailableComplianceDatagetavailablecompliancedata_Get parameters: - name: Version @@ -4526,8 +4526,8 @@ paths: post: tags: - stats - summary: Get a list of groups or devices that have report data available for them - description: Get a list of groups or devices that have report data available for them + summary: List groups with available report data + description: Returns a list of groups and devices for which compliance report data is currently available using a POST body. Use this endpoint to determine which entities can be queried before requesting compliance summary data. operationId: GetAvailableComplianceDatagetavailablecompliancedata_Post requestBody: content: @@ -4550,8 +4550,8 @@ paths: get: tags: - stats - summary: Gets a list of inactive devices matching the filter. - description: Gets a list of inactive devices matching the filter. + summary: List inactive devices by filter + description: Returns a list of devices that have been inactive within the specified time period. The response identifies devices that have not reported activity and includes criteria matched by the filter provided in the request. operationId: GetDeviceActivitydeviceActivity_Get parameters: - name: Version @@ -4573,8 +4573,8 @@ paths: post: tags: - stats - summary: Gets a list of inactive devices matching the filter. - description: Gets a list of inactive devices matching the filter. + summary: List inactive devices by filter + description: Returns a list of devices that have been inactive within the specified time period using a POST body. The response identifies devices that have not reported activity and includes criteria matched by the filter. operationId: GetDeviceActivitydeviceActivity_Post requestBody: content: @@ -4597,8 +4597,8 @@ paths: get: tags: - stats - summary: 'Gets a summary of event counts for the devices or groups specified by the DeviceFilter, for the specified time period.' - description: 'Gets a summary of event counts for the devices or groups specified by the DeviceFilter, for the specified time period.' + summary: 'Get event counts by device filter' + description: 'Returns a summary of event counts for the devices or groups identified by the DeviceFilter over the specified time period. Use the pagination and sort parameters to page through results or order them by a specific field.' operationId: GetEventCountsevents_Get parameters: - name: CountOnly @@ -4660,8 +4660,8 @@ paths: post: tags: - stats - summary: 'Gets a summary of event counts for the devices or groups specified by the DeviceFilter, for the specified time period.' - description: 'Gets a summary of event counts for the devices or groups specified by the DeviceFilter, for the specified time period.' + summary: 'Get event counts by device filter' + description: 'Returns a summary of event counts for the devices or groups identified by the DeviceFilter over the specified time period, using a POST body. Use the pagination and sort parameters to page through results or order them by a specific field.' operationId: GetEventCountsevents_Post requestBody: content: @@ -4684,8 +4684,8 @@ paths: get: tags: - stats - summary: 'Gets a summary of event counts for top N noisiest devices in the specified group, for the specified time period.' - description: 'Gets a summary of event counts for top N noisiest devices in the specified group, for the specified time period.' + summary: 'Get noisy device event counts' + description: 'Returns event count summaries for the top N devices generating the most events in the specified group over the given time period. Use this endpoint to identify high-activity or problematic devices that may warrant investigation.' operationId: GetNoisyDevicesnoisydevices_Get parameters: - name: TopN @@ -4709,8 +4709,8 @@ paths: post: tags: - stats - summary: 'Gets a summary of event counts for top N noisiest devices in the specified group, for the specified time period.' - description: 'Gets a summary of event counts for top N noisiest devices in the specified group, for the specified time period.' + summary: 'Get noisy device event counts' + description: 'Returns event count summaries for the top N devices generating the most events in the specified group over the given time period, using a POST body. Use this endpoint to identify high-activity or problematic devices that may warrant investigation.' operationId: GetNoisyDevicesnoisydevices_Post parameters: - name: TopN @@ -4744,7 +4744,7 @@ paths: tags: - reportExecute summary: Report Service - description: Report Service + description: Triggers execution of the specified scheduled report and returns the result. Provide the ReportItemId to identify which report to run. The response includes the rendered output or a reference to the result depending on the report type. operationId: ExecuteReport_Get parameters: - name: ReportItemId @@ -4773,7 +4773,7 @@ paths: tags: - reportExecute summary: Report Service - description: Report Service + description: Triggers execution of the specified scheduled report using a POST body and returns the result. Provide the ReportItemId to identify which report to run. operationId: ExecuteReport_Post requestBody: content: @@ -4797,7 +4797,7 @@ paths: tags: - reportRenderIsCached summary: Report Service - description: Report Service + description: Returns a boolean indicating whether the rendered output for the specified report instance is already available in the cache. Use this check before calling the render endpoint to avoid unnecessary rendering when a cached result exists. operationId: RenderReportIsCached_Get parameters: - name: ReportItemId @@ -4836,7 +4836,7 @@ paths: tags: - reportRenderIsCached summary: Report Service - description: Report Service + description: Returns a boolean indicating whether the rendered output for the specified report instance is already available in the cache, using a POST body. Use this check before calling the render endpoint to avoid unnecessary processing. operationId: RenderReportIsCached_Post requestBody: content: @@ -4861,7 +4861,7 @@ paths: tags: - reportRender summary: Report Service - description: Report Service + description: Renders the specified report instance and returns the rendered output. Provide the ReportItemId and InstanceId to identify the exact instance to render. For compliance reports, you may supply a RuleSetResultEventId instead. operationId: RenderReport_Get parameters: - name: ReportItemId @@ -4902,7 +4902,7 @@ paths: tags: - reportRender summary: Report Service - description: Report Service + description: Renders the specified report instance and returns the rendered output using a POST body. Provide the ReportItemId and InstanceId to identify the exact instance to render. operationId: RenderReport_Post requestBody: content: @@ -4927,7 +4927,7 @@ paths: tags: - reportRenderStart summary: Report Service - description: Report Service + description: Initiates an asynchronous render of the specified report instance and returns a task reference. Use this endpoint when rendering may take a significant amount of time; poll the background task status endpoint to check for completion. operationId: RenderReportStart_Get parameters: - name: ReportItemId @@ -4968,7 +4968,7 @@ paths: tags: - reportRenderStart summary: Report Service - description: Report Service + description: Initiates an asynchronous render of the specified report instance using a POST body and returns a task reference. Poll the background task status endpoint to check for completion. operationId: RenderReportStart_Post requestBody: content: @@ -4992,8 +4992,8 @@ paths: get: tags: - reports - summary: Gets a previously generated report output file - description: Gets a previously generated report output file + summary: Get generated report output file + description: Downloads a previously generated report output file. Use this endpoint after a report has been rendered and the output saved to retrieve the file content for display or export. operationId: GetScheduledInstanceOutputscheduledinstancesrendereddownload_Get parameters: - name: Version @@ -5016,8 +5016,8 @@ paths: post: tags: - reports - summary: Gets a previously generated report output file - description: Gets a previously generated report output file + summary: Get generated report output file + description: Downloads a previously generated report output file using a POST body. Use this endpoint after a report has been rendered and saved to retrieve the file content for display or export. operationId: GetScheduledInstanceOutputscheduledinstancesrendereddownload_Post requestBody: content: @@ -5042,7 +5042,7 @@ paths: tags: - reports summary: Deletes previously generated report output files - description: Deletes previously generated report output files + description: Permanently removes previously generated report output files from the hub. Use this endpoint to free storage space or to clear stale rendered outputs before regenerating a report. operationId: DeleteScheduledInstanceOutputsscheduledinstancesrendereddelete_Get parameters: - name: Version @@ -5063,7 +5063,7 @@ paths: tags: - reports summary: Deletes previously generated report output files - description: Deletes previously generated report output files + description: Permanently removes previously generated report output files from the hub using a POST body. Use this endpoint to free storage space or to clear stale rendered outputs before regenerating a report. operationId: DeleteScheduledInstanceOutputsscheduledinstancesrendereddelete_Post requestBody: content: @@ -5085,7 +5085,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Permanently deletes a specific scheduled report instance identified by its ReportItemId and InstanceId. This removes the instance record and any associated output from the hub. operationId: DeleteScheduledInstancescheduledinstancesdelete_Get parameters: - name: ReportItemId @@ -5118,7 +5118,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Permanently deletes a specific scheduled report instance identified by its ReportItemId and InstanceId using a POST body. This removes the instance record and any associated output from the hub. operationId: DeleteScheduledInstancescheduledinstancesdelete_Post requestBody: content: @@ -5140,7 +5140,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Updates the retention lifetime of a specific scheduled report instance. Use this endpoint to extend or shorten how long a generated instance is kept before the hub automatically removes it. operationId: UpdateScheduledInstanceLifetimescheduledinstanceupdateLifetime_Get parameters: - name: ReportItemId @@ -5175,7 +5175,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Updates the retention lifetime of a specific scheduled report instance using a POST body. Use this endpoint to extend or shorten how long a generated instance is kept before the hub automatically removes it. operationId: UpdateScheduledInstanceLifetimescheduledinstanceupdateLifetime_Post requestBody: content: @@ -5199,7 +5199,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns information about rendered instances of scheduled reports, including their availability and output locations. Optionally filter by ReportItemId to limit results to a specific report. operationId: GetScheduledInstanceRenderedscheduledinstancesrendered_Get parameters: - name: ReportItemId @@ -5227,7 +5227,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns information about rendered instances of scheduled reports using a POST body, including their availability and output locations. Optionally filter by ReportItemId to limit results to a specific report. operationId: GetScheduledInstanceRenderedscheduledinstancesrendered_Post requestBody: content: @@ -5250,8 +5250,8 @@ paths: get: tags: - reports - summary: Adds a new schedulable report of the type specified by the Id parameter - description: Adds a new schedulable report of the type specified by the Id parameter + summary: Add scheduled report + description: Creates a new scheduled report of the type identified by the Id parameter. You can optionally create the report as a copy of an existing one using the AsCopyOf parameter. The response lists the updated state of all affected reports. operationId: AddScheduledReportscheduledadd_Get parameters: - name: Id @@ -5302,8 +5302,8 @@ paths: post: tags: - reports - summary: Adds a new schedulable report of the type specified by the Id parameter - description: Adds a new schedulable report of the type specified by the Id parameter + summary: Add scheduled report + description: Creates a new scheduled report of the type identified by the Id parameter using a POST body. You can optionally create the report as a copy of an existing one using the AsCopyOf parameter. The response lists the updated state of all affected reports. operationId: AddScheduledReportscheduledadd_Post requestBody: content: @@ -5327,7 +5327,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Updates the settings of an existing scheduled report, including its schedule, sub-reports, email delivery options, and visibility flags. The response lists the updated state of all affected reports. operationId: UpdateScheduledReportscheduledupdate_Get parameters: - name: ShowTableOfContents @@ -5428,7 +5428,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Updates the settings of an existing scheduled report using a POST body, including its schedule, sub-reports, email delivery options, and visibility flags. The response lists the updated state of all affected reports. operationId: UpdateScheduledReportscheduledupdate_Post requestBody: content: @@ -5452,7 +5452,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Permanently removes one or more scheduled reports from the hub. Returns a boolean indicating whether the deletion was successful. operationId: DeleteScheduledReportsscheduleddelete_Get parameters: - name: Version @@ -5476,7 +5476,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Permanently removes one or more scheduled reports from the hub using a POST body. Returns a boolean indicating whether the deletion was successful. operationId: DeleteScheduledReportsscheduleddelete_Post requestBody: content: @@ -5501,7 +5501,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns information about one or more scheduled report instances. Provide both a ReportItemId and an InstanceId to retrieve a specific instance. Use SummaryOnly to limit the response to summary fields for display in a reporting UI. operationId: GetScheduledInstancesscheduledinstances_Get parameters: - name: SummaryOnly @@ -5542,7 +5542,7 @@ paths: tags: - reports summary: Report Service - description: Report Service + description: Returns information about one or more scheduled report instances using a POST body. Provide both a ReportItemId and an InstanceId to retrieve a specific instance. Use SummaryOnly to limit the response to summary fields. operationId: GetScheduledInstancesscheduledinstances_Post requestBody: content: @@ -5566,7 +5566,7 @@ paths: tags: - uploadAgentUpdate summary: Upload an Agent Update - description: Upload an Agent Update + description: Uploads an agent software update package to the hub, making it available for distribution to agents. Returns 204 No Content on success. operationId: UploadAgentUpdate_Get parameters: - name: Version @@ -5587,7 +5587,7 @@ paths: tags: - uploadAgentUpdate summary: Upload an Agent Update - description: Upload an Agent Update + description: Uploads an agent software update package to the hub using a POST body, making it available for distribution to agents. Returns 204 No Content on success. operationId: UploadAgentUpdate_Post requestBody: content: @@ -5608,8 +5608,8 @@ paths: get: tags: - updatehubdetails - summary: Update the HUbDetails.xml file for the specified agents / groups - description: Update the HUbDetails.xml file for the specified agents / groups + summary: Update HubDetails.xml for agents/groups + description: Updates the HubDetails.xml configuration file for the specified agents or groups. This file contains hub connection information that agents use to communicate with the hub. operationId: UpdateHubDetails_Get parameters: - name: Version @@ -5629,8 +5629,8 @@ paths: post: tags: - updatehubdetails - summary: Update the HUbDetails.xml file for the specified agents / groups - description: Update the HUbDetails.xml file for the specified agents / groups + summary: Update HubDetails.xml for agents/groups + description: Updates the HubDetails.xml configuration file for the specified agents or groups using a POST body. This file contains hub connection information that agents use to communicate with the hub. operationId: UpdateHubDetails_Post requestBody: content: @@ -5651,8 +5651,8 @@ paths: get: tags: - downloadAgentUpdate - summary: Download an update package for the agent. - description: Download an update package for the agent. + summary: Download agent update package + description: Downloads an agent software update package for the requested version. Specify the VersionRequested path parameter and the UpdateType (for example, Windows, LinuxRPM, or UbuntuDEB) to receive the appropriate platform package. operationId: DownloadUpdateVersionRequested_Get parameters: - name: VersionRequested @@ -5702,8 +5702,8 @@ paths: post: tags: - downloadAgentUpdate - summary: Download an update package for the agent. - description: Download an update package for the agent. + summary: Download agent update package + description: Downloads an agent software update package for the requested version using a POST body. Specify the version and UpdateType to receive the appropriate platform package. operationId: DownloadUpdateVersionRequested_Post requestBody: content: @@ -5726,8 +5726,8 @@ paths: get: tags: - downloadAgentUpdate - summary: Download an update package for the agent. - description: Download an update package for the agent. + summary: Download agent update package + description: Downloads an agent software update package for the requested version and update type supplied as path parameters. The UpdateType value selects the platform-specific package, such as Windows, LinuxRPM, or UbuntuDEB. operationId: DownloadUpdateVersionRequestedUpdateType_Get parameters: - name: VersionRequested @@ -5777,8 +5777,8 @@ paths: post: tags: - downloadAgentUpdate - summary: Download an update package for the agent. - description: Download an update package for the agent. + summary: Download agent update package + description: Downloads an agent software update package for the requested version and update type supplied as path parameters, using a POST body. The UpdateType value selects the platform-specific package. operationId: DownloadUpdateVersionRequestedUpdateType_Post requestBody: content: @@ -5802,7 +5802,7 @@ paths: tags: - agentUpdates summary: Deletes the specified Agent update. - description: Deletes the specified Agent update. + description: Permanently removes the specified agent update package from the hub. Provide the Id of the agent update to delete. Returns 204 No Content on success. operationId: DeleteAgentUpdatedelete_Get parameters: - name: Id @@ -5828,7 +5828,7 @@ paths: tags: - agentUpdates summary: Deletes the specified Agent update. - description: Deletes the specified Agent update. + description: Permanently removes the specified agent update package from the hub using a POST body. Provide the Id of the agent update to delete. Returns 204 No Content on success. operationId: DeleteAgentUpdatedelete_Post requestBody: content: @@ -5849,8 +5849,8 @@ paths: get: tags: - agentUpdates - summary: 'Gets a list of Agent updates, by version or specific ID.' - description: 'Gets a list of Agent updates, by version or specific ID.' + summary: 'List agent updates' + description: 'Returns a list of agent software updates available on the hub, optionally filtered by version, specific ID, or update type (for example, deb, rpm, or Windows). Use this endpoint to discover which update packages are available before triggering a deployment.' operationId: GetAgentUpdates_Get parameters: - name: VersionRequested @@ -5908,8 +5908,8 @@ paths: post: tags: - agentUpdates - summary: 'Gets a list of Agent updates, by version or specific ID.' - description: 'Gets a list of Agent updates, by version or specific ID.' + summary: 'List agent updates' + description: 'Returns a list of agent software updates available on the hub using a POST body, optionally filtered by version, specific ID, or update type. Use this endpoint to discover which update packages are available before triggering a deployment.' operationId: GetAgentUpdates_Post requestBody: content: @@ -5935,8 +5935,8 @@ paths: get: tags: - agentSoftwareUpdateSchedules - summary: Gets the agent software update schedule for a group. - description: Gets the agent software update schedule for a group. + summary: Get group agent update schedule + description: Returns the agent software update schedule configured for the specified group. Use the GroupName parameter to identify the group whose schedule you want to retrieve. operationId: GetAgentSoftwareUpdateScheduleForGroup_Get parameters: - name: GroupName @@ -5966,8 +5966,8 @@ paths: post: tags: - agentSoftwareUpdateSchedules - summary: Gets the agent software update schedule for a group. - description: Gets the agent software update schedule for a group. + summary: Get group agent update schedule + description: Returns the agent software update schedule configured for the specified group using a POST body. Use the GroupName parameter to identify the group whose schedule you want to retrieve. operationId: GetAgentSoftwareUpdateScheduleForGroup_Post requestBody: content: @@ -5993,8 +5993,8 @@ paths: get: tags: - agentSoftwareUpdateSchedules - summary: Remove (delete) the agent software update schedule for a group. - description: Remove (delete) the agent software update schedule for a group. + summary: Remove group agent update schedule + description: Removes the agent software update schedule for the specified group. Use the GroupName parameter to identify the group whose schedule you want to delete. Returns 204 No Content on success. operationId: DeleteAgentSoftwareUpdateScheduleFromGroupdelete_Get parameters: - name: GroupName @@ -6019,8 +6019,8 @@ paths: post: tags: - agentSoftwareUpdateSchedules - summary: Remove (delete) the agent software update schedule for a group. - description: Remove (delete) the agent software update schedule for a group. + summary: Remove group agent update schedule + description: Removes the agent software update schedule for the specified group using a POST body. Use the GroupName parameter to identify the group whose schedule you want to delete. Returns 204 No Content on success. operationId: DeleteAgentSoftwareUpdateScheduleFromGroupdelete_Post requestBody: content: @@ -6041,8 +6041,8 @@ paths: get: tags: - agentSoftwareUpdateSchedules - summary: Update the agent software update schedule for a group. - description: Update the agent software update schedule for a group. + summary: Update group agent update schedule + description: Updates the agent software update schedule for the specified group. Provide both the GroupName and a new AgentUpdateSchedule definition to replace the existing schedule. Returns 204 No Content on success. operationId: UpdateAgentSoftwareUpdateScheduleForGroupupdate_Get parameters: - name: GroupName @@ -6072,8 +6072,8 @@ paths: post: tags: - agentSoftwareUpdateSchedules - summary: Update the agent software update schedule for a group. - description: Update the agent software update schedule for a group. + summary: Update group agent update schedule + description: Updates the agent software update schedule for the specified group using a POST body. Provide both the GroupName and a new AgentUpdateSchedule definition to replace the existing schedule. Returns 204 No Content on success. operationId: UpdateAgentSoftwareUpdateScheduleForGroupupdate_Post requestBody: content: @@ -6094,8 +6094,8 @@ paths: get: tags: - agentSoftwareUpdateSchedules - summary: Add (set) an agent update schedule for a specific group. Only one schedule is permitted per group at the current time. - description: Add (set) an agent update schedule for a specific group. Only one schedule is permitted per group at the current time. + summary: Set agent update schedule for group + description: Adds an agent software update schedule for the specified group. Only one schedule is permitted per group at a time, so use the update endpoint if a schedule already exists. Returns the full list of schedules for the group on success. operationId: SetAgentSoftwareUpdateScheduleForGroupadd_Get parameters: - name: GroupName @@ -6130,8 +6130,8 @@ paths: post: tags: - agentSoftwareUpdateSchedules - summary: Add (set) an agent update schedule for a specific group. Only one schedule is permitted per group at the current time. - description: Add (set) an agent update schedule for a specific group. Only one schedule is permitted per group at the current time. + summary: Set agent update schedule for group + description: Adds an agent software update schedule for the specified group using a POST body. Only one schedule is permitted per group at a time. Returns the full list of schedules for the group on success. operationId: SetAgentSoftwareUpdateScheduleForGroupadd_Post requestBody: content: @@ -6157,8 +6157,8 @@ paths: get: tags: - syncServiceConfigItems - summary: Retrieves a list of SyncService configuration items. - description: Retrieves a list of SyncService configuration items. + summary: List SyncService configuration items + description: Returns a paginated list of SyncService configuration items stored on the hub. Use the sort and pagination parameters to control ordering and page size, and GenericFilters to apply additional filtering criteria. operationId: GetSyncServiceConfigItems_Get parameters: - name: CountOnly @@ -6220,8 +6220,8 @@ paths: post: tags: - syncServiceConfigItems - summary: Retrieves a list of SyncService configuration items. - description: Retrieves a list of SyncService configuration items. + summary: List SyncService configuration items + description: Returns a paginated list of SyncService configuration items stored on the hub using a POST body. Use the sort and pagination parameters to control ordering and page size. operationId: GetSyncServiceConfigItems_Post requestBody: content: @@ -6245,7 +6245,7 @@ paths: tags: - syncServiceConfigItems summary: Adds a new SyncService configuration item. - description: Adds a new SyncService configuration item. + description: Creates a new SyncService configuration item on the hub. Returns the newly created item, including its assigned ID, in the response. operationId: AddSyncServiceConfigItemadd_Post requestBody: content: @@ -6269,7 +6269,7 @@ paths: tags: - syncServiceConfigItems summary: Updates an existing SyncService configuration item. - description: Updates an existing SyncService configuration item. + description: Updates an existing SyncService configuration item identified by its ID. Provide the updated field values in the request body. Returns the updated item on success. operationId: UpdateSyncServiceConfigItemupdate_Post requestBody: content: @@ -6293,7 +6293,7 @@ paths: tags: - syncServiceConfigItems summary: Deletes a SyncService configuration item. - description: Deletes a SyncService configuration item. + description: Permanently removes a SyncService configuration item from the hub. Provide the item ID in the request body to identify which item to delete. operationId: DeleteSyncServiceConfigItemdelete_Post requestBody: content: @@ -6316,8 +6316,8 @@ paths: get: tags: - configItems - summary: Retrieves a list of hub configuration parameters. - description: Retrieves a list of hub configuration parameters. + summary: List hub configuration parameters + description: Returns a list of hub configuration parameters, optionally filtered by ID, Key, or a list of Keys. Include hidden system parameters by setting IncludeHidden to true. Use the pagination and sort parameters to page through large result sets. operationId: GetConfigItems_Get parameters: - name: Id @@ -6403,8 +6403,8 @@ paths: post: tags: - configItems - summary: Retrieves a list of hub configuration parameters. - description: Retrieves a list of hub configuration parameters. + summary: List hub configuration parameters + description: Returns a list of hub configuration parameters using a POST body, optionally filtered by ID or Key. Use the pagination and sort parameters to page through large result sets. operationId: GetConfigItems_Post requestBody: content: @@ -6427,8 +6427,8 @@ paths: get: tags: - configItems - summary: Add a list of hub configuration parameters. - description: Add a list of hub configuration parameters. + summary: Add hub config parameters + description: Adds multiple hub configuration parameters in a single bulk operation. Supply the key-value pairs as a dictionary. Returns a map of keys to the assigned IDs for each newly created configuration item. operationId: AddConfigItemsadd_Get parameters: - name: ConfigItems @@ -6463,8 +6463,8 @@ paths: post: tags: - configItems - summary: Add a list of hub configuration parameters. - description: Add a list of hub configuration parameters. + summary: Add hub config parameters + description: Adds multiple hub configuration parameters in a single bulk operation using a POST body. Returns a map of keys to the assigned IDs for each newly created configuration item. operationId: AddConfigItemsadd_Post requestBody: content: @@ -6491,8 +6491,8 @@ paths: get: tags: - configItems - summary: Update a a list of hub configuration parameters. - description: Update a a list of hub configuration parameters. + summary: Update hub config parameters + description: Updates one or more hub configuration parameters in a single bulk operation. Provide a list of ConfigItem objects with the ID and new value for each parameter to update. Returns 204 No Content on success. operationId: UpdateConfigItemsupdate_Get parameters: - name: ConfigItems @@ -6520,8 +6520,8 @@ paths: post: tags: - configItems - summary: Update a a list of hub configuration parameters. - description: Update a a list of hub configuration parameters. + summary: Update hub config parameters + description: Updates one or more hub configuration parameters in a single bulk operation using a POST body. Provide a list of ConfigItem objects with the ID and new value for each parameter. Returns 204 No Content on success. operationId: UpdateConfigItemsupdate_Post requestBody: content: @@ -6542,8 +6542,8 @@ paths: get: tags: - configItems - summary: Remove a hub configuration parameter by either ID or Key. - description: Remove a hub configuration parameter by either ID or Key. + summary: Remove hub config by ID + description: Permanently removes a hub configuration parameter identified by its ID or Key. When removing by Key, all configuration items sharing that key are deleted. Returns 204 No Content on success. operationId: DeleteConfigItemdelete_Get parameters: - name: Id @@ -6573,8 +6573,8 @@ paths: post: tags: - configItems - summary: Remove a hub configuration parameter by either ID or Key. - description: Remove a hub configuration parameter by either ID or Key. + summary: Remove hub config by ID + description: Permanently removes a hub configuration parameter identified by its ID or Key using a POST body. When removing by Key, all configuration items sharing that key are deleted. Returns 204 No Content on success. operationId: DeleteConfigItemdelete_Post requestBody: content: @@ -6595,8 +6595,8 @@ paths: get: tags: - configItem - summary: Update a single hub configuration parameter by either ID or Key. - description: Update a single hub configuration parameter by either ID or Key. + summary: Update config by ID or key + description: Updates a single hub configuration parameter identified by either its ID or Key. You can change the Key name, the Value, or the hidden status in a single call. Returns 204 No Content on success. operationId: UpdateConfigItemupdate_Get parameters: - name: Id @@ -6636,8 +6636,8 @@ paths: post: tags: - configItem - summary: Update a single hub configuration parameter by either ID or Key. - description: Update a single hub configuration parameter by either ID or Key. + summary: Update config by ID or key + description: Updates a single hub configuration parameter identified by either its ID or Key using a POST body. You can change the Key name, the Value, or the hidden status in a single call. Returns 204 No Content on success. operationId: UpdateConfigItemupdate_Post requestBody: content: @@ -6658,8 +6658,8 @@ paths: get: tags: - configItem - summary: Add a hub configuration parameter by Key. - description: Add a hub configuration parameter by Key. + summary: Add hub config by Key + description: Adds a single hub configuration parameter with the specified Key and Value. Set Hidden to true to mark the parameter as an internal system setting not intended for end-user modification. Returns the newly assigned ID on success. operationId: AddConfigItemadd_Get parameters: - name: Key @@ -6697,8 +6697,8 @@ paths: post: tags: - configItem - summary: Add a hub configuration parameter by Key. - description: Add a hub configuration parameter by Key. + summary: Add hub config by Key + description: Adds a single hub configuration parameter with the specified Key and Value using a POST body. Set Hidden to true to mark the parameter as an internal system setting. Returns the newly assigned ID on success. operationId: AddConfigItemadd_Post requestBody: content: @@ -6721,8 +6721,8 @@ paths: get: tags: - misc - summary: Echos the specified date/time value to ensure that no serialization issues exist between hub and client. - description: Echos the specified date/time value to ensure that no serialization issues exist between hub and client. + summary: Echo date/time serialization test + description: Echoes the specified date/time value back to the caller without modification. Use this endpoint to verify that date and time values are serialized and deserialized correctly between the hub and your client, with no loss of precision. operationId: DateTransmissionTestdateTransmissionTest_Get parameters: - name: DateTime @@ -6753,8 +6753,8 @@ paths: post: tags: - misc - summary: Echos the specified date/time value to ensure that no serialization issues exist between hub and client. - description: Echos the specified date/time value to ensure that no serialization issues exist between hub and client. + summary: Echo date/time serialization test + description: Echoes the specified date/time value back to the caller using a POST body. Use this endpoint to verify that date and time values are serialized and deserialized correctly between the hub and your client, with no loss of precision. operationId: DateTransmissionTestdateTransmissionTest_Post requestBody: content: @@ -6779,8 +6779,8 @@ paths: get: tags: - credentials - summary: Add credentials for specified type and key. - description: Add credentials for specified type and key. + summary: Add credentials for type and key. + description: Adds a set of credentials for the specified type and key to the hub. Supported credential types include Shell, Database, FTP, Cloud, ESX, ITSM, and Splunk. Returns the created credentials object on success. operationId: AddCredentialsadd_Get parameters: - name: Credentials @@ -6807,8 +6807,8 @@ paths: post: tags: - credentials - summary: Add credentials for specified type and key. - description: Add credentials for specified type and key. + summary: Add credentials for type and key. + description: Adds a set of credentials for the specified type and key to the hub using a POST body. Returns the created credentials object on success. operationId: AddCredentialsadd_Post requestBody: content: @@ -6831,8 +6831,8 @@ paths: get: tags: - credentials - summary: Update credentials for specified type and key. - description: Update credentials for specified type and key. + summary: Update credentials by type and key. + description: Updates an existing set of credentials on the hub, identified by the original CredentialsType and Key. Supply the updated Credentials object to replace the stored values. Returns the updated credentials on success. operationId: UpdateCredentialsupdate_Get parameters: - name: CredentialsType @@ -6879,8 +6879,8 @@ paths: post: tags: - credentials - summary: Update credentials for specified type and key. - description: Update credentials for specified type and key. + summary: Update credentials by type and key. + description: Updates an existing set of credentials on the hub using a POST body, identified by the original CredentialsType and Key. Returns the updated credentials on success. operationId: UpdateCredentialsupdate_Post requestBody: content: @@ -6903,8 +6903,8 @@ paths: get: tags: - credentials - summary: Remove credentials for specified type and key. - description: Remove credentials for specified type and key. + summary: Remove credentials by type and key + description: Permanently removes the credentials for the specified CredentialsType and Key from the hub. Returns 204 No Content on success. This action cannot be undone. operationId: RemoveCredentialsdelete_Get parameters: - name: CredentialsType @@ -6944,8 +6944,8 @@ paths: post: tags: - credentials - summary: Remove credentials for specified type and key. - description: Remove credentials for specified type and key. + summary: Remove credentials by type and key + description: Permanently removes the credentials for the specified CredentialsType and Key from the hub using a POST body. Returns 204 No Content on success. This action cannot be undone. operationId: RemoveCredentialsdelete_Post requestBody: content: @@ -6966,8 +6966,8 @@ paths: get: tags: - credentialsKeyedByType - summary: 'Get a list of all the known credentials, keyed by the type.' - description: 'Get a list of all the known credentials, keyed by the type.' + summary: 'List credentials by type' + description: 'Returns a dictionary of all credentials stored on the hub, organized by credential type. Each key in the response is a credential type (such as Shell or Database), and the value is the list of credential keys of that type.' operationId: GetCredentialsKeyedByType_Get parameters: - name: Version @@ -6995,8 +6995,8 @@ paths: post: tags: - credentialsKeyedByType - summary: 'Get a list of all the known credentials, keyed by the type.' - description: 'Get a list of all the known credentials, keyed by the type.' + summary: 'List credentials by type' + description: 'Returns a dictionary of all credentials stored on the hub, organized by credential type, using a POST body. Each key in the response is a credential type, and the value is the list of credential keys of that type.' operationId: GetCredentialsKeyedByType_Post requestBody: content: @@ -7025,8 +7025,8 @@ paths: get: tags: - credentials - summary: Gets a list of all credentials of the specified type. - description: Gets a list of all credentials of the specified type. + summary: List credentials of specified type + description: Returns a list of all credentials of the specified CredentialType stored on the hub. Optionally filter by associated agent or group using the DeviceFilter parameter. operationId: GetCredentialsList_Get parameters: - name: CredentialType @@ -7071,8 +7071,8 @@ paths: post: tags: - credentials - summary: Gets a list of all credentials of the specified type. - description: Gets a list of all credentials of the specified type. + summary: List credentials of specified type + description: Returns a list of all credentials of the specified CredentialType stored on the hub, using a POST body. Optionally filter by associated agent or group using the DeviceFilter parameter. operationId: GetCredentialsList_Post requestBody: content: @@ -7098,8 +7098,8 @@ paths: get: tags: - command - summary: 'Requests information about the given tasks'' status. If a PolicyRunId is supplied, the tasks associated with it are returned.' - description: 'Requests information about the given tasks'' status. If a PolicyRunId is supplied, the tasks associated with it are returned.' + summary: 'Get task status' + description: 'Returns status information for the specified agent tasks. Provide a list of task IDs to query individual tasks, or supply a PolicyRunId to retrieve all tasks associated with a specific policy run.' operationId: GetAgentTaskStatusestasksstatus_Get parameters: - name: Ids @@ -7137,8 +7137,8 @@ paths: post: tags: - command - summary: 'Requests information about the given tasks'' status. If a PolicyRunId is supplied, the tasks associated with it are returned.' - description: 'Requests information about the given tasks'' status. If a PolicyRunId is supplied, the tasks associated with it are returned.' + summary: 'Get task status' + description: 'Returns status information for the specified agent tasks using a POST body. Provide a list of task IDs to query individual tasks, or supply a PolicyRunId to retrieve all tasks associated with a specific policy run.' operationId: GetAgentTaskStatusestasksstatus_Post requestBody: content: @@ -7161,8 +7161,8 @@ paths: get: tags: - command - summary: 'Requests information about the given tasks'' status. If a PolicyRunId is supplied, the tasks associated with it are returned.' - description: 'Requests information about the given tasks'' status. If a PolicyRunId is supplied, the tasks associated with it are returned.' + summary: 'Get task status' + description: 'Returns status information for the agent tasks whose IDs are provided in the path. If a PolicyRunId is supplied as a query parameter, all tasks associated with that policy run are also returned.' operationId: GetAgentTaskStatusestasksstatusidsIds_Get parameters: - name: Ids @@ -7200,8 +7200,8 @@ paths: post: tags: - command - summary: 'Requests information about the given tasks'' status. If a PolicyRunId is supplied, the tasks associated with it are returned.' - description: 'Requests information about the given tasks'' status. If a PolicyRunId is supplied, the tasks associated with it are returned.' + summary: 'Get task status' + description: 'Returns status information for the agent tasks whose IDs are provided using a POST body. If a PolicyRunId is supplied, all tasks associated with that policy run are also returned.' operationId: GetAgentTaskStatusestasksstatusidsIds_Post requestBody: content: @@ -7224,8 +7224,8 @@ paths: get: tags: - command - summary: Adds a list of tasks for the given agent. - description: Adds a list of tasks for the given agent. + summary: Add agent tasks + description: Submits a list of tasks to the queue for the specified agent. The AgentId path parameter identifies the target agent. Returns the assigned task IDs in the response, which you can use to monitor task status. operationId: SubmitAgentTaskstasksaddagentAgentId_Get parameters: - name: Tasks @@ -7255,8 +7255,8 @@ paths: post: tags: - command - summary: Adds a list of tasks for the given agent. - description: Adds a list of tasks for the given agent. + summary: Add agent tasks + description: Submits a list of tasks to the queue for the specified agent using a POST body. The AgentId path parameter identifies the target agent. Returns the assigned task IDs in the response. operationId: SubmitAgentTaskstasksaddagentAgentId_Post requestBody: content: @@ -7279,8 +7279,8 @@ paths: get: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Returns tasks for the specified agent, identified by its legacy ID. Filter results by task status, task type, policy run ID, or a list of specific task IDs. By default, only tasks currently within their active date range are returned; set IgnoreActiveDates to override this behavior. operationId: GetAgentTaskstasksagentlegacyLegacyId_Get parameters: - name: AgentId @@ -7394,8 +7394,8 @@ paths: post: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Returns tasks for the specified agent identified by its legacy ID, using a POST body. Filter results by task status, task type, policy run ID, or specific task IDs. Set IgnoreActiveDates to retrieve tasks outside their active date range. operationId: GetAgentTaskstasksagentlegacyLegacyId_Post requestBody: content: @@ -7418,8 +7418,8 @@ paths: get: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Returns tasks for the specified agent, with the AllTasks path parameter controlling whether all tasks or only active tasks are included. Filter results by task status, task type, policy run ID, or a list of specific task IDs. operationId: GetAgentTaskstasksagentAgentIdallAllTasks_Get parameters: - name: AgentId @@ -7533,8 +7533,8 @@ paths: post: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Returns tasks for the specified agent using a POST body, with the AllTasks path parameter controlling whether all tasks or only active tasks are included. Filter results by task status, task type, or policy run ID. operationId: GetAgentTaskstasksagentAgentIdallAllTasks_Post requestBody: content: @@ -7557,8 +7557,8 @@ paths: get: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Returns task information for the specified agent, identified by AgentId. Use the TaskStatuses, TaskType, and TaskIds parameters to filter results, and set Concise to true to omit large text and result-data fields from the response. operationId: GetAgentTaskstasksagentAgentIdsingleTaskId_Get parameters: - name: AgentId @@ -7672,8 +7672,8 @@ paths: post: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Submits a request for task information for the specified agent. Accepts the same filtering options as the GET variant, including TaskStatuses, TaskType, and Concise mode, via the request body. operationId: GetAgentTaskstasksagentAgentIdsingleTaskId_Post requestBody: content: @@ -7696,8 +7696,8 @@ paths: get: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Returns task information for a legacy agent identified by its LegacyId, optionally retrieving all tasks. Supports the same status, type, and pagination filtering as the standard agent task endpoints. operationId: GetAgentTaskstasksagentlegacyLegacyIdallAllTasks_Get parameters: - name: AgentId @@ -7811,8 +7811,8 @@ paths: post: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Submits a request for task information for a legacy agent identified by its LegacyId. Supply filtering and pagination options in the request body. operationId: GetAgentTaskstasksagentlegacyLegacyIdallAllTasks_Post requestBody: content: @@ -7835,8 +7835,8 @@ paths: get: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Returns task information for a single task associated with a legacy agent, identified by LegacyId and TaskId. Use TaskStatuses and TaskType to narrow the results. operationId: GetAgentTaskstasksagentlegacyLegacyIdsingleTaskId_Get parameters: - name: AgentId @@ -7950,8 +7950,8 @@ paths: post: tags: - command - summary: Requests information about tasks for the given agent. - description: Requests information about tasks for the given agent. + summary: Get tasks for given agent + description: Submits a request for a single task record associated with a legacy agent. Provide the LegacyId, TaskId, and any filtering options in the request body. operationId: GetAgentTaskstasksagentlegacyLegacyIdsingleTaskId_Post requestBody: content: @@ -7974,8 +7974,8 @@ paths: get: tags: - downloadFileHash - summary: Download the filehasing utility app for remote monitoring. - description: Download the filehasing utility app for remote monitoring. + summary: Download file hashing utility + description: Downloads the file-hashing utility binary for remote monitoring, targeting the specified host type, operating system, and architecture variant. Set ReturnUrl to true to receive a download URL instead of the file directly. operationId: DownloadFileHashBinaryHostTypeOperatingSystemVariant_Get parameters: - name: ReturnUrl @@ -8033,8 +8033,8 @@ paths: post: tags: - downloadFileHash - summary: Download the filehasing utility app for remote monitoring. - description: Download the filehasing utility app for remote monitoring. + summary: Download file hashing utility + description: Submits a request to download the file-hashing utility binary for remote monitoring. Supply the host type, operating system, variant, and ReturnUrl preference in the request body. operationId: DownloadFileHashBinaryHostTypeOperatingSystemVariant_Post requestBody: content: @@ -8057,8 +8057,8 @@ paths: get: tags: - downloadFileHashById - summary: Download the filehasing utility app for remote monitoring. - description: Download the filehasing utility app for remote monitoring. + summary: Download file hashing utility + description: Downloads the file-hashing utility binary identified by its unique FileId. Set ReturnUrl to true to receive a redirect URL instead of streaming the file directly in the response. operationId: DownloadFileHashBinaryFileId_Get parameters: - name: ReturnUrl @@ -8116,8 +8116,8 @@ paths: post: tags: - downloadFileHashById - summary: Download the filehasing utility app for remote monitoring. - description: Download the filehasing utility app for remote monitoring. + summary: Download file hashing utility + description: Submits a request to download a specific file-hashing utility binary by its FileId. Supply the FileId and ReturnUrl preference in the request body. operationId: DownloadFileHashBinaryFileId_Post requestBody: content: @@ -8140,8 +8140,8 @@ paths: get: tags: - getFileHashBinaries - summary: Retrieves the list of file hash binaries available to download from the hub. - description: Retrieves the list of file hash binaries available to download from the hub. + summary: List file hash binaries + description: Returns the complete list of file-hashing utility binaries available for download from the hub. Use this endpoint to discover which binaries are available before calling the download endpoints. operationId: GetFileHashBinaries_Get parameters: - name: Version @@ -8166,8 +8166,8 @@ paths: post: tags: - getFileHashBinaries - summary: Retrieves the list of file hash binaries available to download from the hub. - description: Retrieves the list of file hash binaries available to download from the hub. + summary: List file hash binaries + description: Submits a request to retrieve the list of file-hashing utility binaries available for download from the hub. Returns the same data as the GET variant. operationId: GetFileHashBinaries_Post requestBody: content: @@ -8193,8 +8193,8 @@ paths: get: tags: - plannedChangeInstances - summary: Gets the group and device members of the specified planned change instance. - description: Gets the group and device members of the specified planned change instance. + summary: Get planned change instance members + description: Returns the group and device members of the specified planned change instance, identified by InstanceId. Use this endpoint to inspect which devices and groups are in scope for a given planned change. operationId: GetPlannedChangeInstanceMembersmembers_Get parameters: - name: InstanceId @@ -8222,8 +8222,8 @@ paths: post: tags: - plannedChangeInstances - summary: Gets the group and device members of the specified planned change instance. - description: Gets the group and device members of the specified planned change instance. + summary: Get planned change instance members + description: Submits a request to retrieve the group and device members of the specified planned change instance. Provide the InstanceId in the request body. operationId: GetPlannedChangeInstanceMembersmembers_Post requestBody: content: @@ -8246,8 +8246,8 @@ paths: get: tags: - plannedChangeInstances - summary: Deletes an instance of a planned change from the system. - description: Deletes an instance of a planned change from the system. + summary: Delete a planned change instance + description: Deletes the specified planned change instance, identified by InstanceId. Optionally pass DeletePlannedChange as true to also remove the parent planned change definition from the system. operationId: DeletePlannedChangeInstancedelete_Get parameters: - name: InstanceId @@ -8279,8 +8279,8 @@ paths: post: tags: - plannedChangeInstances - summary: Deletes an instance of a planned change from the system. - description: Deletes an instance of a planned change from the system. + summary: Delete a planned change instance + description: Submits a request to delete a planned change instance. Supply the InstanceId and optionally set DeletePlannedChange to true in the request body to also remove the parent planned change definition. operationId: DeletePlannedChangeInstancedelete_Post requestBody: content: @@ -8301,8 +8301,8 @@ paths: get: tags: - plannedChangeInstances - summary: Removes a group or device from a planned change - description: Removes a group or device from a planned change + summary: Remove member from planned change + description: Removes a specific group or device member from the specified planned change instance, identified by InstanceId. Provide either a GroupName or an AgentDeviceId to identify the member to remove. operationId: DeletePlannedChangeInstanceMemberdeleteMember_Get parameters: - name: GroupName @@ -8338,8 +8338,8 @@ paths: post: tags: - plannedChangeInstances - summary: Removes a group or device from a planned change - description: Removes a group or device from a planned change + summary: Remove member from planned change + description: Submits a request to remove a group or device member from a planned change instance. Provide the InstanceId and either a GroupName or AgentDeviceId in the request body. operationId: DeletePlannedChangeInstanceMemberdeleteMember_Post requestBody: content: @@ -8361,7 +8361,7 @@ paths: tags: - plannedChangeInstances summary: Add a planned change instance. - description: Add a planned change instance. + description: Creates a new planned change instance, optionally associating it with an existing planned change definition by name. Specify member groups or individual devices, set start and end times, and configure periodicity for recurring windows. Returns the created instance details. operationId: AddPlannedChangeInstanceadd_Get parameters: - name: PlannedChangeName @@ -8495,7 +8495,7 @@ paths: tags: - plannedChangeInstances summary: Add a planned change instance. - description: Add a planned change instance. + description: Submits a request to create a new planned change instance. Provide the display name, description, member groups, device IDs, and scheduling options in the request body. operationId: AddPlannedChangeInstanceadd_Post requestBody: content: @@ -8519,7 +8519,7 @@ paths: tags: - plannedChangeInstances summary: Update a planned change instance - description: Update a planned change instance + description: Updates properties of an existing planned change instance, identified by InstanceId. You can modify the description, assigned ruleset, member groups, devices, scheduling, and enabled state. Returns the updated instance details. operationId: UpdatePlannedChangeInstanceupdate_Get parameters: - name: InstanceId @@ -8638,7 +8638,7 @@ paths: tags: - plannedChangeInstances summary: Update a planned change instance - description: Update a planned change instance + description: Submits a request to update an existing planned change instance. Provide the InstanceId and any fields to change in the request body. Returns the updated instance details. operationId: UpdatePlannedChangeInstanceupdate_Post requestBody: content: @@ -8662,7 +8662,7 @@ paths: tags: - plannedChangeInstances summary: Clone a planned change instance. - description: Clone a planned change instance. + description: Creates a copy of an existing planned change instance, identified by InstanceId. Set CloneDefinition to true to also duplicate the associated planned change ruleset definition. Returns the new cloned instance. operationId: ClonePlannedChangeInstanceclone_Get parameters: - name: InstanceId @@ -8697,7 +8697,7 @@ paths: tags: - plannedChangeInstances summary: Clone a planned change instance. - description: Clone a planned change instance. + description: Submits a request to clone an existing planned change instance. Provide the InstanceId and CloneDefinition flag in the request body. Returns the new cloned instance. operationId: ClonePlannedChangeInstanceclone_Post requestBody: content: @@ -8720,8 +8720,8 @@ paths: get: tags: - plannedChangeInstances - summary: 'Gets planned change instances name and id, filtering by name, id or groups that are members.' - description: 'Gets planned change instances name and id, filtering by name, id or groups that are members.' + summary: 'Get planned change instance names' + description: 'Returns a lightweight list of planned change instance names and IDs, filtered by name, ID, member groups, or schedule status. Use this endpoint to populate selection lists without fetching full instance details.' operationId: GetPlannedChangeInstancesNameValuenameValue_Get parameters: - name: InstanceIds @@ -8856,8 +8856,8 @@ paths: post: tags: - plannedChangeInstances - summary: 'Gets planned change instances name and id, filtering by name, id or groups that are members.' - description: 'Gets planned change instances name and id, filtering by name, id or groups that are members.' + summary: 'Get planned change instance names' + description: 'Submits a request to retrieve planned change instance names and IDs. Provide filter criteria such as member groups, display name, and schedule status in the request body.' operationId: GetPlannedChangeInstancesNameValuenameValue_Post requestBody: content: @@ -8880,8 +8880,8 @@ paths: get: tags: - plannedChangeInstances - summary: Add a list of groups to a planned change - description: Add a list of groups to a planned change + summary: Add groups to a planned change + description: Adds one or more groups or individual devices as members to the specified planned change instance, identified by InstanceId. Supply MemberGroups names and/or MemberAgentDeviceIds to assign scope. operationId: AddPlannedChangeInstanceMemberaddMembers_Get parameters: - name: MemberGroups @@ -8923,8 +8923,8 @@ paths: post: tags: - plannedChangeInstances - summary: Add a list of groups to a planned change - description: Add a list of groups to a planned change + summary: Add groups to a planned change + description: Submits a request to add groups or devices as members to a planned change instance. Provide the InstanceId, MemberGroups, and MemberAgentDeviceIds in the request body. operationId: AddPlannedChangeInstanceMemberaddMembers_Post requestBody: content: @@ -8945,8 +8945,8 @@ paths: get: tags: - plannedChangeInstances - summary: A request to add a new planned change and planned change instance based on the given events. - description: A request to add a new planned change and planned change instance based on the given events. + summary: Add planned change from events + description: Creates or updates a planned change and its associated instance using the specified events as the basis for generating filter rules. Set PreviewOnly to true to inspect the resulting configuration without persisting it. Returns the planned change instance details, including any inferred rules. operationId: AddOrUpdatePlannedChangeInstanceFromEventsaddOrUpdateFromEvents_Get parameters: - name: AllEventsSelected @@ -9049,8 +9049,8 @@ paths: post: tags: - plannedChangeInstances - summary: A request to add a new planned change and planned change instance based on the given events. - description: A request to add a new planned change and planned change instance based on the given events. + summary: Add planned change from events + description: Submits a request to create or update a planned change instance derived from the specified events. Provide event selection criteria, rule builder options, and instance configuration in the request body. operationId: AddOrUpdatePlannedChangeInstanceFromEventsaddOrUpdateFromEvents_Post requestBody: content: @@ -9073,8 +9073,8 @@ paths: get: tags: - plannedChangeInstances - summary: A request to re-evaluate the events associated with the specified planned change. - description: A request to re-evaluate the events associated with the specified planned change. + summary: Re-evaluate planned change instance events + description: Triggers re-evaluation of events associated with the specified planned change instance, retrospectively applying the instance's rules to events within the specified UTC time range. Use this endpoint after modifying rules to reclassify historical events. operationId: AddReEvaluationOfPlannedChangeInstanceEventsreevaluateEvents_Get parameters: - name: InstanceId @@ -9117,8 +9117,8 @@ paths: post: tags: - plannedChangeInstances - summary: A request to re-evaluate the events associated with the specified planned change. - description: A request to re-evaluate the events associated with the specified planned change. + summary: Re-evaluate planned change instance events + description: Submits a request to re-evaluate planned change events within a specified time range. Provide the InstanceId and the earliest and latest event timestamps in the request body. operationId: AddReEvaluationOfPlannedChangeInstanceEventsreevaluateEvents_Post requestBody: content: @@ -9139,8 +9139,8 @@ paths: get: tags: - plannedChangeInstances - summary: 'Gets planned change instances, filtering by name, id or groups that are members.' - description: 'Gets planned change instances, filtering by name, id or groups that are members.' + summary: 'Get planned change instances' + description: 'Returns a list of planned change instances, optionally filtered by name, ID, member groups, schedule status, and date range. Use OmitPlannedChangeDefinitions to return a lighter payload when full ruleset details are not needed.' operationId: GetPlannedChangeInstances_Get parameters: - name: InstanceIds @@ -9281,8 +9281,8 @@ paths: post: tags: - plannedChangeInstances - summary: 'Gets planned change instances, filtering by name, id or groups that are members.' - description: 'Gets planned change instances, filtering by name, id or groups that are members.' + summary: 'Get planned change instances' + description: 'Submits a request to retrieve planned change instances. Provide filter criteria such as member groups, display name, and date range in the request body.' operationId: GetPlannedChangeInstances_Post requestBody: content: @@ -9306,7 +9306,7 @@ paths: tags: - plannedChanges summary: Add a planned change definition. - description: Add a planned change definition. + description: Creates a new planned change ruleset definition with the specified name, display name, and filter rules. Optionally set DisallowRules to create a container for manually added events without automatic rule matching. Returns the created definition. operationId: AddPlannedChangeadd_Get parameters: - name: Version @@ -9388,7 +9388,7 @@ paths: tags: - plannedChanges summary: Add a planned change definition. - description: Add a planned change definition. + description: Submits a request to create a new planned change ruleset definition. Provide the name, display name, rules, and rule combination operator in the request body. operationId: AddPlannedChangeadd_Post requestBody: content: @@ -9412,7 +9412,7 @@ paths: tags: - plannedChanges summary: Upload a planned change ruleset json file - description: Upload a planned change ruleset json file + description: Uploads a planned change ruleset as a JSON file, creating or replacing the corresponding definition on the hub. Use this endpoint to import exported planned change configurations. operationId: UploadPlannedChangeupload_Post requestBody: content: @@ -9434,7 +9434,7 @@ paths: tags: - plannedChanges summary: Download a planned change ruleset json file - description: Download a planned change ruleset json file + description: Downloads the specified planned change ruleset as a JSON file. Use the IncludeAttributeRuleList and IncludeAttributeRuleText parameters to control whether list-based attribute rule data is included in the export. operationId: DownloadPlannedChangedownload_Get parameters: - name: Id @@ -9474,7 +9474,7 @@ paths: tags: - plannedChanges summary: Download a planned change ruleset json file - description: Download a planned change ruleset json file + description: Submits a request to download a planned change ruleset as a JSON file. Provide the ruleset ID and export options in the request body. operationId: DownloadPlannedChangedownload_Post requestBody: content: @@ -9498,7 +9498,7 @@ paths: tags: - plannedChanges summary: Update a planned change definition - description: Update a planned change definition + description: Updates the specified planned change ruleset definition, including its display name, description, rules, and rule combination operator. The internal Name cannot be changed. Returns the updated definition. operationId: UpdatePlannedChangeupdate_Get parameters: - name: Name @@ -9560,7 +9560,7 @@ paths: tags: - plannedChanges summary: Update a planned change definition - description: Update a planned change definition + description: Submits a request to update a planned change ruleset definition. Provide the Name identifying the ruleset and any fields to change in the request body. operationId: UpdatePlannedChangeupdate_Post requestBody: content: @@ -9584,7 +9584,7 @@ paths: tags: - plannedChanges summary: Clone a planned change definition. - description: Clone a planned change definition. + description: Creates a copy of the specified planned change ruleset definition, identified by its internal Name. Returns the new cloned definition with a system-generated name. operationId: ClonePlannedChangeclone_Get parameters: - name: Name @@ -9612,7 +9612,7 @@ paths: tags: - plannedChanges summary: Clone a planned change definition. - description: Clone a planned change definition. + description: Submits a request to clone a planned change ruleset definition. Provide the Name of the definition to copy in the request body. operationId: ClonePlannedChangeclone_Post requestBody: content: @@ -9635,8 +9635,8 @@ paths: get: tags: - plannedChanges - summary: 'Create rule reduction plans, which can be used to simplify rulesets associated with the specified planned change.' - description: 'Create rule reduction plans, which can be used to simplify rulesets associated with the specified planned change.' + summary: 'Create planned change rule reduction' + description: 'Analyzes the specified planned change ruleset and generates rule reduction plans that can simplify the associated rules. For example, two exact filename matches within the same directory may be combined into a single wildcard rule. Returns reduction plan suggestions without applying them.' operationId: AnalyzePlannedChangeanalyze_Get parameters: - name: Name @@ -9671,8 +9671,8 @@ paths: post: tags: - plannedChanges - summary: 'Create rule reduction plans, which can be used to simplify rulesets associated with the specified planned change.' - description: 'Create rule reduction plans, which can be used to simplify rulesets associated with the specified planned change.' + summary: 'Create planned change rule reduction' + description: 'Submits an analysis request to generate rule reduction plans for the specified planned change. Provide the planned change Name and the rule IDs to evaluate in the request body.' operationId: AnalyzePlannedChangeanalyze_Post requestBody: content: @@ -9695,8 +9695,8 @@ paths: get: tags: - plannedChanges - summary: 'Apply rule reduction plans to the specified planned change, simplifying the associated rulesets.' - description: 'Apply rule reduction plans to the specified planned change, simplifying the associated rulesets.' + summary: 'Apply planned change rule reduction' + description: 'Applies a previously generated rule reduction plan to the specified planned change, removing redundant rules and replacing them with the simplified alternatives. Returns no content on success.' operationId: ApplyPlannedChangePlanapplyPlan_Get parameters: - name: Name @@ -9734,8 +9734,8 @@ paths: post: tags: - plannedChanges - summary: 'Apply rule reduction plans to the specified planned change, simplifying the associated rulesets.' - description: 'Apply rule reduction plans to the specified planned change, simplifying the associated rulesets.' + summary: 'Apply planned change rule reduction' + description: 'Submits a request to apply a rule reduction plan to the specified planned change. Provide the planned change Name, rule IDs to remove, and the reduction plan details in the request body.' operationId: ApplyPlannedChangePlanapplyPlan_Post requestBody: content: @@ -9756,8 +9756,8 @@ paths: get: tags: - plannedChanges - summary: Updates a rule in a planned change - description: Updates a rule in a planned change + summary: Update planned change rule + description: Updates a single filter rule within an existing planned change definition. Use this endpoint to modify individual rule attributes without replacing the entire ruleset. operationId: UpdatePlannedChangeRuleupdateRule_Get parameters: - name: Version @@ -9777,8 +9777,8 @@ paths: post: tags: - plannedChanges - summary: Updates a rule in a planned change - description: Updates a rule in a planned change + summary: Update planned change rule + description: Submits a request to update a single filter rule in an existing planned change definition. Provide the rule update details in the request body. operationId: UpdatePlannedChangeRuleupdateRule_Post requestBody: content: @@ -9799,8 +9799,8 @@ paths: get: tags: - plannedChanges - summary: Updates the entire rule set in a planned change - description: Updates the entire rule set in a planned change + summary: Update planned change rule set + description: Replaces the entire rule set in the specified planned change definition with the provided rules. This endpoint is deprecated; use the individual rule update endpoints for new integrations. operationId: UpdatePlannedChangeRulesupdateRules_Get parameters: - name: PlannedChangeName @@ -9837,8 +9837,8 @@ paths: post: tags: - plannedChanges - summary: Updates the entire rule set in a planned change - description: Updates the entire rule set in a planned change + summary: Update planned change rule set + description: Submits a request to replace the entire rule set in the specified planned change definition. This endpoint is deprecated; use the individual rule update endpoints for new integrations. operationId: UpdatePlannedChangeRulesupdateRules_Post requestBody: content: @@ -9862,8 +9862,8 @@ paths: get: tags: - plannedChanges - summary: Removes a rule from a planned change - description: Removes a rule from a planned change + summary: Remove rule from planned change. + description: Removes a specific filter rule, identified by its ID, from the specified planned change definition. Returns no content on success. operationId: DeletePlannedChangeRuledeleteRule_Get parameters: - name: PlannedChangeName @@ -9893,8 +9893,8 @@ paths: post: tags: - plannedChanges - summary: Removes a rule from a planned change - description: Removes a rule from a planned change + summary: Remove rule from planned change. + description: Submits a request to remove a filter rule from a planned change definition. Provide the planned change name and the rule ID in the request body. operationId: DeletePlannedChangeRuledeleteRule_Post requestBody: content: @@ -9915,8 +9915,8 @@ paths: get: tags: - plannedChanges - summary: Delete a planned change ruleset definition from the system. - description: Delete a planned change ruleset definition from the system. + summary: Delete a planned change ruleset + description: Permanently deletes the specified planned change ruleset definition from the system, identified by Name. This action cannot be undone; consider cloning the definition before deleting if you may need it later. operationId: DeletePlannedChangedelete_Get parameters: - name: Name @@ -9941,8 +9941,8 @@ paths: post: tags: - plannedChanges - summary: Delete a planned change ruleset definition from the system. - description: Delete a planned change ruleset definition from the system. + summary: Delete a planned change ruleset + description: Submits a request to permanently delete a planned change ruleset definition. Provide the Name of the definition to remove in the request body. operationId: DeletePlannedChangedelete_Post requestBody: content: @@ -9963,8 +9963,8 @@ paths: get: tags: - plannedChangeRule - summary: Add a rule to a planned change - description: Add a rule to a planned change + summary: Add rule to a planned change. + description: Adds a new filter rule to the specified planned change definition, identified by PlannedChangeName. Returns the ID of the newly created rule. operationId: AddPlannedChangeRuleadd_Get parameters: - name: PlannedChangeName @@ -9996,8 +9996,8 @@ paths: post: tags: - plannedChangeRule - summary: Add a rule to a planned change - description: Add a rule to a planned change + summary: Add rule to a planned change. + description: Submits a request to add a filter rule to a planned change definition. Provide the planned change name and the new rule object in the request body. Returns the ID of the newly created rule. operationId: AddPlannedChangeRuleadd_Post requestBody: content: @@ -10020,8 +10020,8 @@ paths: get: tags: - plannedChanges - summary: 'Gets a list of planned change ruleset definitions, filtered by name or id.' - description: 'Gets a list of planned change ruleset definitions, filtered by name or id.' + summary: 'Get planned change ruleset definitions' + description: 'Returns a paged list of planned change ruleset definitions, optionally filtered by name or display name. Use the DisallowRules filter to find definitions that act as manual event containers only.' operationId: GetPlannedChanges_Get parameters: - name: Name @@ -10103,8 +10103,8 @@ paths: post: tags: - plannedChanges - summary: 'Gets a list of planned change ruleset definitions, filtered by name or id.' - description: 'Gets a list of planned change ruleset definitions, filtered by name or id.' + summary: 'Get planned change ruleset definitions' + description: 'Submits a request to retrieve planned change ruleset definitions. Provide name filters and pagination options in the request body.' operationId: GetPlannedChanges_Post requestBody: content: @@ -10127,8 +10127,8 @@ paths: get: tags: - commandParser - summary: 'Attempts to parse the supplied commandline, returning a list of disallowed command fragments on failure.' - description: 'Attempts to parse the supplied commandline, returning a list of disallowed command fragments on failure.' + summary: 'Parse command line' + description: 'Validates one or more command-line strings against the allowed command component list. Returns a list of disallowed fragments if validation fails, or an empty result if the commands are permitted.' operationId: ParseCommandsparse_Get parameters: - name: CommandLines @@ -10158,8 +10158,8 @@ paths: post: tags: - commandParser - summary: 'Attempts to parse the supplied commandline, returning a list of disallowed command fragments on failure.' - description: 'Attempts to parse the supplied commandline, returning a list of disallowed command fragments on failure.' + summary: 'Parse command line' + description: 'Submits one or more command-line strings for validation against the allowed command component list. Provide the CommandLines in the request body. Returns any disallowed fragments found.' operationId: ParseCommandsparse_Post requestBody: content: @@ -10183,7 +10183,7 @@ paths: tags: - commandParser summary: Gets the whitelisted command component. - description: Gets the whitelisted command component. + description: Returns the current set of whitelisted command components that are permitted when validating command-line strings. Use this endpoint to review the allowed list before adding or updating entries. operationId: GetWhitelistedCommandComponentwhitelist_Get parameters: - name: Version @@ -10205,8 +10205,8 @@ paths: post: tags: - commandParser - summary: Attempts to whitelist the supplied command component. - description: Attempts to whitelist the supplied command component. + summary: Whitelists a command component. + description: Adds a new command component to the allowlist so that it passes command-line validation. Provide the component details in the request body. Returns the updated allowlist. operationId: CreateWhitelistedCommandComponentwhitelist_Post requestBody: content: @@ -10229,8 +10229,8 @@ paths: get: tags: - commandParser - summary: Attempts to get all the whitelisted command components. - description: Attempts to get all the whitelisted command components. + summary: List whitelisted command components + description: Returns a paged list of all whitelisted command components. Use the Sort, Skip, Take, and GenericFilters parameters to control pagination and ordering of results. operationId: GetAllWhitelistedCommandComponentswhitelistall_Get parameters: - name: CountOnly @@ -10295,8 +10295,8 @@ paths: post: tags: - commandParser - summary: Attempts to update the supplied command component by id. - description: Attempts to update the supplied command component by id. + summary: Update command component by ID + description: Updates an existing whitelisted command component, identified by its ID. Provide the updated component details in the request body. Returns the updated allowlist. operationId: UpdateWhitelistedCommandComponentwhitelistupdate_Post requestBody: content: @@ -10319,8 +10319,8 @@ paths: post: tags: - commandParser - summary: Attempts to bulk update the whitelisted command component with the supplied ids. - description: Attempts to bulk update the whitelisted command component with the supplied ids. + summary: Bulk update command components + description: Performs a bulk update on multiple whitelisted command components identified by their IDs. Provide the list of IDs and the updated properties in the request body. Returns the updated allowlist. operationId: UpdateWhitelistedCommandComponentswhitelistupdateMany_Post requestBody: content: @@ -10343,8 +10343,8 @@ paths: post: tags: - commandParser - summary: Adds the given template(s) to a command component. - description: Adds the given template(s) to a command component. + summary: Add templates to command component + description: Associates one or more policy templates with the specified command component. Use this endpoint to extend the set of templates that govern command-line validation for a given component. operationId: AddTemplatesToCommandComponentcommandComponentaddTemplates_Post requestBody: content: @@ -10367,8 +10367,8 @@ paths: post: tags: - commandParser - summary: Attempts to remove the given template(s) from a command component. - description: Attempts to remove the given template(s) from a command component. + summary: Remove templates from command component + description: Removes one or more policy template associations from the specified command component. Templates that are not currently associated are silently ignored. operationId: RemoveTemplatesFromCommandComponentcommandComponentremoveTemplates_Post requestBody: content: @@ -10391,8 +10391,8 @@ paths: get: tags: - commandParser - summary: Gets all templates of a command component. - description: Gets all templates of a command component. + summary: Get templates for command component + description: Returns a paged list of all policy templates associated with the specified command component. Use the Sort, Skip, and Take parameters to control pagination. operationId: GetAllCommandComponentTemplatescommandComponenttemplates_Get parameters: - name: CountOnly @@ -10454,8 +10454,8 @@ paths: post: tags: - commandParser - summary: 'Attempts to set the given template(s) to a command component, clearing old templates if they exist.' - description: 'Attempts to set the given template(s) to a command component, clearing old templates if they exist.' + summary: 'Set command component templates' + description: 'Replaces all policy template associations for the specified command component with the provided list, removing any previously associated templates. Provide the component ID and the new template list in the request body.' operationId: SetAllTemplatesOfCommandComponentcommandComponenttemplates_Post requestBody: content: @@ -10478,8 +10478,8 @@ paths: post: tags: - commandParser - summary: Gets all templates of multiple command components. - description: Gets all templates of multiple command components. + summary: Get templates for command components + description: Returns the policy templates associated with multiple command components in a single request. Provide the component IDs in the request body. operationId: GetAllCommandComponentsTemplatescommandComponentManytemplates_Post requestBody: content: @@ -10502,8 +10502,8 @@ paths: get: tags: - cloudTemplate - summary: Provide a ProspectiveName for the Cloud System or a ReportSpecId to identify the associated cloud report but never both. Gets the state of progress in the creation of a new cloud report policy. For example it may be only partially configured and require the addition of credentials before it can be run. - description: Provide a ProspectiveName for the Cloud System or a ReportSpecId to identify the associated cloud report but never both. Gets the state of progress in the creation of a new cloud report policy. For example it may be only partially configured and require the addition of credentials before it can be run. + summary: Get cloud template creation status + description: Returns the creation progress status for a new cloud report policy. Provide either a ProspectiveName for the cloud system or a ReportSpecId to identify an existing cloud report, but not both. The response indicates whether the policy is fully configured or requires additional steps such as adding credentials. operationId: GetCloudTemplateCreationStatusstatus_Get parameters: - name: ProspectiveName @@ -10541,8 +10541,8 @@ paths: post: tags: - cloudTemplate - summary: Provide a ProspectiveName for the Cloud System or a ReportSpecId to identify the associated cloud report but never both. Gets the state of progress in the creation of a new cloud report policy. For example it may be only partially configured and require the addition of credentials before it can be run. - description: Provide a ProspectiveName for the Cloud System or a ReportSpecId to identify the associated cloud report but never both. Gets the state of progress in the creation of a new cloud report policy. For example it may be only partially configured and require the addition of credentials before it can be run. + summary: Get cloud template creation status + description: Submits a request to retrieve the creation progress status for a new cloud report policy. Provide either ProspectiveName or ReportSpecId in the request body, but not both. operationId: GetCloudTemplateCreationStatusstatus_Post requestBody: content: @@ -10565,8 +10565,8 @@ paths: get: tags: - policyTemplate - summary: Ensures that the specified baseline template has the required source and members groups and related scheduled compliance report configured. - description: Ensures that the specified baseline template has the required source and members groups and related scheduled compliance report configured. + summary: Set up baseline policy template + description: Sets up the specified baseline policy template by ensuring that the required source and member groups and associated scheduled compliance report are correctly configured. Use this endpoint to initialise a template before running compliance scans against it. operationId: SetupPolicyTemplatesetup_Get parameters: - name: PolicyTemplateName @@ -10593,8 +10593,8 @@ paths: post: tags: - policyTemplate - summary: Ensures that the specified baseline template has the required source and members groups and related scheduled compliance report configured. - description: Ensures that the specified baseline template has the required source and members groups and related scheduled compliance report configured. + summary: Set up baseline policy template + description: Submits a setup request for the specified baseline policy template. Provide the PolicyTemplateName in the request body to initialise the required groups and scheduled compliance report. operationId: SetupPolicyTemplatesetup_Post requestBody: content: @@ -10617,8 +10617,8 @@ paths: get: tags: - policyTemplate - summary: Gets the state of progress in the creation of a new policy. For example it may be only partially configured and require the addition of rules before it can be applied to devices. - description: Gets the state of progress in the creation of a new policy. For example it may be only partially configured and require the addition of rules before it can be applied to devices. + summary: Get policy creation status + description: Returns the creation progress status for the specified policy template. The response indicates whether the policy is fully configured or requires additional steps, such as adding rules, before it can be applied to devices. operationId: GetPolicyTemplateCreationStatusstatus_Get parameters: - name: PolicyTemplateName @@ -10645,8 +10645,8 @@ paths: post: tags: - policyTemplate - summary: Gets the state of progress in the creation of a new policy. For example it may be only partially configured and require the addition of rules before it can be applied to devices. - description: Gets the state of progress in the creation of a new policy. For example it may be only partially configured and require the addition of rules before it can be applied to devices. + summary: Get policy creation status + description: Submits a request to retrieve the creation progress status for the specified policy template. Provide the PolicyTemplateName in the request body. operationId: GetPolicyTemplateCreationStatusstatus_Post requestBody: content: @@ -10670,7 +10670,7 @@ paths: tags: - policyTemplate summary: Adds a device config template. - description: Adds a device config template. + description: Creates a new device configuration template using the provided PolicyTemplateRuleSet definition. Optionally specify UsageTags to categorize the template (for example, Baseline or Tracking) and a ChangeComment for audit purposes. operationId: AddPolicyTemplateadd_Get parameters: - name: Template @@ -10711,7 +10711,7 @@ paths: tags: - policyTemplate summary: Adds a device config template. - description: Adds a device config template. + description: Submits a request to create a new device configuration template. Provide the template definition, usage tags, and change comment in the request body. operationId: AddPolicyTemplateadd_Post requestBody: content: @@ -10734,8 +10734,8 @@ paths: get: tags: - policyRecent - summary: Gets the most recent policy run results for each matching policy in the time range. - description: Gets the most recent policy run results for each matching policy in the time range. + summary: Get most recent policy results + description: Returns the most recent policy run results for each matching policy within the specified time range, filterable by usage tag and group. Use ExcludePoliciesWithNoDevices, ExcludePoliciesNotSetup, and ExcludePoliciesWithNoResults to refine the result set. operationId: GetMostRecentPolicyResults_Get parameters: - name: UsageTag @@ -10839,8 +10839,8 @@ paths: post: tags: - policyRecent - summary: Gets the most recent policy run results for each matching policy in the time range. - description: Gets the most recent policy run results for each matching policy in the time range. + summary: Get most recent policy results + description: Submits a request to retrieve the most recent policy run results. Provide usage tag, group name, and exclusion flags in the request body. operationId: GetMostRecentPolicyResults_Post requestBody: content: @@ -10863,8 +10863,8 @@ paths: get: tags: - policyTemplate - summary: Add a rules to a baseline policy based on events - description: Add a rules to a baseline policy based on events + summary: Add rules to baseline policy + description: Adds one or more rules to a baseline policy template, derived from recent events. Set PreviewChanges to true to inspect the proposed rule additions without saving them. Returns the new rules and any affected report sections. operationId: AddPolicyTemplateRulesaddrules_Get parameters: - name: Name @@ -10922,8 +10922,8 @@ paths: post: tags: - policyTemplate - summary: Add a rules to a baseline policy based on events - description: Add a rules to a baseline policy based on events + summary: Add rules to baseline policy + description: Submits a request to add rules to a baseline policy template based on events. Provide the template name, event time range, and rule builder options in the request body. operationId: AddPolicyTemplateRulesaddrules_Post requestBody: content: @@ -10946,8 +10946,8 @@ paths: get: tags: - devicePolicyTemplate - summary: Adds a device policy template to the system. The specified template should be supplied as Xml. - description: Adds a device policy template to the system. The specified template should be supplied as Xml. + summary: Add device policy template + description: Adds a device policy template to the system using an XML definition. You can optionally copy an existing template's tracking configuration by specifying AsCopyOf. Set OverwriteIfExists to true to replace an existing template with the same name. operationId: AddPolicyTemplateXmladd_Get parameters: - name: Name @@ -11034,8 +11034,8 @@ paths: post: tags: - devicePolicyTemplate - summary: Adds a device policy template to the system. The specified template should be supplied as Xml. - description: Adds a device policy template to the system. The specified template should be supplied as Xml. + summary: Add device policy template + description: Submits a request to add a device policy template using an XML definition. Provide the template XML, name, and optional copy-from and overwrite settings in the request body. operationId: AddPolicyTemplateXmladd_Post requestBody: content: @@ -11058,8 +11058,8 @@ paths: get: tags: - devicePolicyTemplate - summary: Deletes a device policy template from the system. The specified template can be either config or a compliance report template. - description: Deletes a device policy template from the system. The specified template can be either config or a compliance report template. + summary: Delete device policy template + description: Deletes the specified device policy template from the system. The template can be either a configuration tracking template or a compliance report template. If TemplateVersion is not supplied, all versions of the template are removed. operationId: DeletePolicyTemplatedelete_Get parameters: - name: Name @@ -11089,8 +11089,8 @@ paths: post: tags: - devicePolicyTemplate - summary: Deletes a device policy template from the system. The specified template can be either config or a compliance report template. - description: Deletes a device policy template from the system. The specified template can be either config or a compliance report template. + summary: Delete device policy template + description: Submits a request to delete a device policy template. Provide the template Name and optionally a specific TemplateVersion to delete in the request body. If no version is supplied, all versions are removed. operationId: DeletePolicyTemplatedelete_Post requestBody: content: @@ -11112,7 +11112,7 @@ paths: tags: - uploadPolicyTemplate summary: Upload a policy template file - description: Upload a policy template file + description: Uploads a policy template file to the hub. Use this endpoint to import policy templates in bulk or to replace existing definitions from an exported file. operationId: UploadPolicyTemplate_Post requestBody: content: @@ -11135,8 +11135,8 @@ paths: get: tags: - policyTemplateAsFile - summary: Returns a policy template as an xml file in the Http Response stream. - description: Returns a policy template as an xml file in the Http Response stream. + summary: Download policy template as XML + description: Downloads the specified policy template as an XML file delivered in the HTTP response stream. Specify the template Name to retrieve a named template, or provide an AgentDeviceId to download the combined template currently applied to that device. operationId: GetPolicyTemplateAsFile_Get parameters: - name: Name @@ -11168,8 +11168,8 @@ paths: post: tags: - policyTemplateAsFile - summary: Returns a policy template as an xml file in the Http Response stream. - description: Returns a policy template as an xml file in the Http Response stream. + summary: Download policy template as XML + description: Submits a request to download a policy template as an XML file. Provide the template Name or AgentDeviceId in the request body. operationId: GetPolicyTemplateAsFile_Post requestBody: content: @@ -11192,8 +11192,8 @@ paths: get: tags: - agentProcesses - summary: Get the list of running processes from a specified agent / device.Used to enable 'white-listing' if existing processes from a running agent when building device config. - description: Get the list of running processes from a specified agent / device.Used to enable 'white-listing' if existing processes from a running agent when building device config. + summary: Get agent running processes + description: Returns the list of currently running processes on the specified agent or device. Use this data to build process allowlists when configuring device tracking templates. operationId: GetAgentProcesses_Get parameters: - name: AgentDevice @@ -11220,8 +11220,8 @@ paths: post: tags: - agentProcesses - summary: Get the list of running processes from a specified agent / device.Used to enable 'white-listing' if existing processes from a running agent when building device config. - description: Get the list of running processes from a specified agent / device.Used to enable 'white-listing' if existing processes from a running agent when building device config. + summary: Get agent running processes + description: Submits a request to retrieve the list of currently running processes from the specified agent or device. Provide the AgentDevice details in the request body. operationId: GetAgentProcesses_Post requestBody: content: @@ -11244,8 +11244,8 @@ paths: get: tags: - startAgentTracker - summary: Ask an agent to start a specified tracker. - description: Ask an agent to start a specified tracker. + summary: Start a tracker on an agent + description: Instructs the specified agent to start the named tracker. Use the AgentDevice or AgentDeviceId parameter to identify the target agent, and TrackerName to specify which tracker to start. operationId: StartAgentTracker_Get parameters: - name: AgentDevice @@ -11282,8 +11282,8 @@ paths: post: tags: - startAgentTracker - summary: Ask an agent to start a specified tracker. - description: Ask an agent to start a specified tracker. + summary: Start a tracker on an agent + description: Submits a request to start a named tracker on the specified agent. Provide the AgentDeviceId and TrackerName in the request body. operationId: StartAgentTracker_Post requestBody: content: @@ -11306,8 +11306,8 @@ paths: get: tags: - agentServices - summary: Get the list of running Services from a specified agent/device. Used to enable 'white - listing' if existing Service from a running agent when building device config. - description: Get the list of running Services from a specified agent/device. Used to enable 'white - listing' if existing Service from a running agent when building device config. + summary: Get agent running services + description: Returns the list of currently running services on the specified agent or device. Use this data to build service allowlists when configuring device tracking templates. operationId: GetAgentServices_Get parameters: - name: AgentDevice @@ -11334,8 +11334,8 @@ paths: post: tags: - agentServices - summary: Get the list of running Services from a specified agent/device. Used to enable 'white - listing' if existing Service from a running agent when building device config. - description: Get the list of running Services from a specified agent/device. Used to enable 'white - listing' if existing Service from a running agent when building device config. + summary: Get agent running services + description: Submits a request to retrieve the list of currently running services from the specified agent or device. Provide the AgentDevice details in the request body. operationId: GetAgentServices_Post requestBody: content: @@ -11358,8 +11358,8 @@ paths: get: tags: - policyTemplates - summary: Sets a specific version of a named policy template as the active one. - description: Sets a specific version of a named policy template as the active one. + summary: Set active policy template version + description: Marks the specified version of a named policy template as the active version. Only the active version is used when running compliance checks and tracking reports against devices. operationId: SetActivePolicyTemplateactiveVersion_Get parameters: - name: TemplateName @@ -11389,8 +11389,8 @@ paths: post: tags: - policyTemplates - summary: Sets a specific version of a named policy template as the active one. - description: Sets a specific version of a named policy template as the active one. + summary: Set active policy template version + description: Submits a request to set the active version of a named policy template. Provide the TemplateName and ActiveVersion in the request body. operationId: SetActivePolicyTemplateactiveVersion_Post requestBody: content: @@ -11412,7 +11412,7 @@ paths: tags: - policyTemplates summary: Update matching config templates. - description: Update matching config templates. + description: Updates properties across all config templates that match the specified criteria, such as name or usage tags. Use the filtering parameters to target specific templates or versions. operationId: UpdatePolicyTemplatesupdate_Get parameters: - name: Name @@ -11536,7 +11536,7 @@ paths: tags: - policyTemplates summary: Update matching config templates. - description: Update matching config templates. + description: Submits a request to update config templates matching the specified criteria. Provide the matching filters and updated properties in the request body. operationId: UpdatePolicyTemplatesupdate_Post requestBody: content: @@ -11558,7 +11558,7 @@ paths: tags: - deviceConfigTemplate summary: Gets a named device config template. - description: Gets a named device config template. + description: Returns the named device configuration template, including its tracking configuration and rule set. Set IncludeSystemFilters to true to include system-defined filters and path match definitions in the response. operationId: GetDeviceConfigTemplate_Get parameters: - name: Name @@ -11592,7 +11592,7 @@ paths: tags: - deviceConfigTemplate summary: Gets a named device config template. - description: Gets a named device config template. + description: Submits a request to retrieve the named device configuration template. Provide the template Name and IncludeSystemFilters preference in the request body. operationId: GetDeviceConfigTemplate_Post requestBody: content: @@ -11615,8 +11615,8 @@ paths: get: tags: - deviceConfigTemplateNames - summary: 'Gets a list of device tracking template names, optionally filtering by trackers contained (e.g. find templates with a process tracker).' - description: 'Gets a list of device tracking template names, optionally filtering by trackers contained (e.g. find templates with a process tracker).' + summary: 'List device tracking template names' + description: 'Returns a list of device tracking template names. Use TrackersContained to find only templates that include specific trackers (for example, processtracker), or AgentDeviceIds to find templates currently applied to a specific set of devices.' operationId: GetDeviceConfigTemplateNames_Get parameters: - name: TrackersContained @@ -11657,8 +11657,8 @@ paths: post: tags: - deviceConfigTemplateNames - summary: 'Gets a list of device tracking template names, optionally filtering by trackers contained (e.g. find templates with a process tracker).' - description: 'Gets a list of device tracking template names, optionally filtering by trackers contained (e.g. find templates with a process tracker).' + summary: 'List device tracking template names' + description: 'Submits a request to retrieve device tracking template names. Provide tracker and device filter criteria in the request body.' operationId: GetDeviceConfigTemplateNames_Post requestBody: content: @@ -11684,8 +11684,8 @@ paths: get: tags: - addDeviceConfigProcessRules - summary: Adds white/grey/black listing to process rules in the specified device tracking configuration template. - description: Adds white/grey/black listing to process rules in the specified device tracking configuration template. + summary: Add process rules to tracking template + description: Adds allowlist, greylist, or blocklist entries to the process tracking rules in the specified device tracking configuration template. Use this endpoint to configure which processes are permitted, monitored, or blocked on tracked devices. operationId: AddDeviceConfigProcessRules_Get parameters: - name: DeviceTemplateName @@ -11718,8 +11718,8 @@ paths: post: tags: - addDeviceConfigProcessRules - summary: Adds white/grey/black listing to process rules in the specified device tracking configuration template. - description: Adds white/grey/black listing to process rules in the specified device tracking configuration template. + summary: Add process rules to tracking template + description: Submits a request to add process listing rules to the specified device tracking configuration template. Provide the template name and the list of process rules in the request body. operationId: AddDeviceConfigProcessRules_Post requestBody: content: @@ -11740,8 +11740,8 @@ paths: get: tags: - groupPolicy - summary: Get the configured config policy template for the specified group or by individual template name. - description: Get the configured config policy template for the specified group or by individual template name. + summary: Get group policy template + description: Returns the configuration policy templates assigned to the specified group or matching the specified template name. Use GroupNames to query multiple groups in a single request. operationId: GetGroupPolicy_Get parameters: - name: GroupName @@ -11821,8 +11821,8 @@ paths: post: tags: - groupPolicy - summary: Get the configured config policy template for the specified group or by individual template name. - description: Get the configured config policy template for the specified group or by individual template name. + summary: Get group policy template + description: Submits a request to retrieve the configuration policy templates assigned to the specified group. Provide the group name or template name in the request body. operationId: GetGroupPolicy_Post requestBody: content: @@ -11845,8 +11845,8 @@ paths: get: tags: - groupPolicyNames - summary: Get the configured config policy template names for the specified groups. - description: Get the configured config policy template names for the specified groups. + summary: Get group config policy template names + description: Returns a mapping of group names to their assigned configuration policy template names. Provide one or more GroupNames to retrieve the template associations for each group. operationId: GetGroupPolicyConfigNames_Get parameters: - name: GroupNames @@ -11882,8 +11882,8 @@ paths: post: tags: - groupPolicyNames - summary: Get the configured config policy template names for the specified groups. - description: Get the configured config policy template names for the specified groups. + summary: Get group config policy template names + description: Submits a request to retrieve configuration policy template name mappings for the specified groups. Provide the GroupNames list in the request body. operationId: GetGroupPolicyConfigNames_Post requestBody: content: @@ -11912,8 +11912,8 @@ paths: get: tags: - groupPolicy - summary: Adds a config template to a group. - description: Adds a config template to a group. + summary: Adds config template to a group. + description: Associates a configuration policy template with the specified group, making the template active for all devices in that group. Set IsTrusted to true if the template contains trusted commands. operationId: AddGroupPolicyadd_Get parameters: - name: Version @@ -11960,8 +11960,8 @@ paths: post: tags: - groupPolicy - summary: Adds a config template to a group. - description: Adds a config template to a group. + summary: Adds config template to a group. + description: Submits a request to associate a configuration policy template with the specified group. Provide the group name, template name, and IsTrusted flag in the request body. operationId: AddGroupPolicyadd_Post requestBody: content: @@ -11984,8 +11984,8 @@ paths: get: tags: - groupPolicy - summary: Removes a config template from a group. - description: Removes a config template from a group. + summary: Remove template from group + description: Removes the association between the specified configuration policy template and the specified group. After removal, devices in the group are no longer governed by this template. operationId: DeleteGroupPolicydelete_Get parameters: - name: GroupName @@ -12015,8 +12015,8 @@ paths: post: tags: - groupPolicy - summary: Removes a config template from a group. - description: Removes a config template from a group. + summary: Remove template from group + description: Submits a request to remove a configuration policy template from the specified group. Provide the GroupName and PolicyTemplateName in the request body. operationId: DeleteGroupPolicydelete_Post requestBody: content: @@ -12038,7 +12038,7 @@ paths: tags: - reParentDevices summary: Re-parents the given devices to the specified Agent. - description: Re-parents the given devices to the specified Agent. + description: Reassigns the specified devices to a new parent agent. Set MigrateEvents to true to also migrate any existing event history from the old agent-device combination to the new one. operationId: ReParentDevices_Get parameters: - name: Devices @@ -12084,7 +12084,7 @@ paths: tags: - reParentDevices summary: Re-parents the given devices to the specified Agent. - description: Re-parents the given devices to the specified Agent. + description: Submits a request to reassign the specified devices to a new parent agent. Provide the device IDs, target AgentDeviceId, and MigrateEvents flag in the request body. operationId: ReParentDevices_Post requestBody: content: @@ -12112,7 +12112,7 @@ paths: tags: - exportAgents summary: Export a list of agent details. - description: Export a list of agent details. + description: Exports agent details matching the specified device filter to the chosen format, such as Excel, PDF, CSV, or JSON. Use the ReportTitle and TimeZoneId parameters to customise the exported output. operationId: ExportAgents_Get parameters: - name: DeviceFilter @@ -12164,7 +12164,7 @@ paths: tags: - exportAgents summary: Export a list of agent details. - description: Export a list of agent details. + description: Submits a request to export agent details in the specified format. Provide the device filter, export format, report title, and timezone in the request body. operationId: ExportAgents_Post requestBody: content: @@ -12187,8 +12187,8 @@ paths: get: tags: - agentsRanked - summary: A request to return agents matching the device filter. - description: A request to return agents matching the device filter. + summary: List agents by device filter + description: Returns a paged list of agents matching the specified device filter, ordered by a rank score. Use the optional flags to include related group details, credentials, planned changes, and applied templates in the response. operationId: GetAgentsRanked_Get parameters: - name: DeviceFilter @@ -12285,8 +12285,8 @@ paths: post: tags: - agentsRanked - summary: A request to return agents matching the device filter. - description: A request to return agents matching the device filter. + summary: List agents by device filter + description: Submits a request to retrieve agents matching the specified device filter. Provide the device filter, related-data flags, and pagination options in the request body. operationId: GetAgentsRanked_Post requestBody: content: @@ -12309,8 +12309,8 @@ paths: get: tags: - groupMembers - summary: A request to return group members matching the criteria. - description: A request to return group members matching the criteria. + summary: List group members by criteria + description: Returns a paged list of members (devices or child groups) belonging to the specified group. Use MemberType to restrict results to AgentDevice or Group members only. operationId: GroupMembers_Get parameters: - name: GroupName @@ -12387,8 +12387,8 @@ paths: post: tags: - groupMembers - summary: A request to return group members matching the criteria. - description: A request to return group members matching the criteria. + summary: List group members by criteria + description: Submits a request to retrieve group members matching the specified criteria. Provide the GroupName and MemberType filter in the request body. operationId: GroupMembers_Post requestBody: content: @@ -12412,7 +12412,7 @@ paths: tags: - groups summary: A request to return groups matching the criteria. - description: A request to return groups matching the criteria. + description: Returns a paged list of groups matching the specified criteria, such as internal name, display name, or parent group membership. Use UserName to retrieve groups visible to a specific user. operationId: GetGroups_Get parameters: - name: Name @@ -12509,7 +12509,7 @@ paths: tags: - groups summary: A request to return groups matching the criteria. - description: A request to return groups matching the criteria. + description: Submits a request to retrieve groups matching the specified criteria. Provide name filters, membership filters, and pagination options in the request body. operationId: GetGroups_Post requestBody: content: @@ -12532,8 +12532,8 @@ paths: get: tags: - groupsTree - summary: Gets a tree structure representing the groups hierarchy. - description: Gets a tree structure representing the groups hierarchy. + summary: Get groups hierarchy tree + description: Returns the complete groups hierarchy as a nested tree structure, showing parent-child relationships between all device groups. Use this endpoint to render group navigation trees in a user interface. operationId: GetGroupsTree_Get responses: '200': @@ -12547,8 +12547,8 @@ paths: post: tags: - groupsTree - summary: Gets a tree structure representing the groups hierarchy. - description: Gets a tree structure representing the groups hierarchy. + summary: Get groups hierarchy tree + description: Submits a request to retrieve the groups hierarchy tree. Returns the same nested structure as the GET variant. operationId: GetGroupsTree_Post requestBody: content: @@ -12571,8 +12571,8 @@ paths: get: tags: - groups - summary: Represents a request to delete a group matching the criteria. - description: Represents a request to delete a group matching the criteria. + summary: Delete matching group + description: Deletes the group matching the specified internal Name from the system. This action removes the group definition; ensure that no critical device assignments depend on this group before deleting. operationId: DeleteGroupdelete_Get parameters: - name: Name @@ -12597,8 +12597,8 @@ paths: post: tags: - groups - summary: Represents a request to delete a group matching the criteria. - description: Represents a request to delete a group matching the criteria. + summary: Delete matching group + description: Submits a request to delete the specified group. Provide the group's internal Name in the request body. operationId: DeleteGroupdelete_Post requestBody: content: @@ -12620,7 +12620,7 @@ paths: tags: - groups summary: Adds a new Group definition. - description: Adds a new Group definition. + description: Creates a new group of the specified GroupType, optionally placing it under a parent group. Set Members to specify child group members, and assign a RiskScore to weight the group in risk reporting. operationId: AddGroupadd_Get parameters: - name: ParentGroupName @@ -12692,7 +12692,7 @@ paths: tags: - groups summary: Adds a new Group definition. - description: Adds a new Group definition. + description: Submits a request to create a new group. Provide the display name, group type, parent group, members, and risk score in the request body. operationId: AddGroupadd_Post requestBody: content: @@ -12716,7 +12716,7 @@ paths: tags: - groups summary: Updates a Group definition. - description: Updates a Group definition. + description: Updates the display name, child group members, or risk score of the specified group, identified by its internal Name. Provide only the fields you want to change. operationId: UpdateGroupupdate_Get parameters: - name: Name @@ -12761,7 +12761,7 @@ paths: tags: - groups summary: Updates a Group definition. - description: Updates a Group definition. + description: Submits a request to update a group definition. Provide the group Name and the fields to change in the request body. operationId: UpdateGroupupdate_Post requestBody: content: @@ -12782,8 +12782,8 @@ paths: get: tags: - devices - summary: Represents a request to delete devices matching the criteria. Note that when a device is deleted it is moved to the Deleted group and is no longer included in the licensed device count. - description: Represents a request to delete devices matching the criteria. Note that when a device is deleted it is moved to the Deleted group and is no longer included in the licensed device count. + summary: Delete devices to Deleted group + description: Moves the specified devices to the Deleted group, effectively removing them from the active device inventory. Deleted devices are excluded from the licensed device count. Provide the AgentDeviceIds of the devices to remove. operationId: DeleteDevicesdelete_Get parameters: - name: AgentDeviceIds @@ -12811,8 +12811,8 @@ paths: post: tags: - devices - summary: Represents a request to delete devices matching the criteria. Note that when a device is deleted it is moved to the Deleted group and is no longer included in the licensed device count. - description: Represents a request to delete devices matching the criteria. Note that when a device is deleted it is moved to the Deleted group and is no longer included in the licensed device count. + summary: Delete devices to Deleted group + description: Submits a request to move the specified devices to the Deleted group. Provide the AgentDeviceIds in the request body. operationId: DeleteDevicesdelete_Post requestBody: content: @@ -12833,8 +12833,8 @@ paths: get: tags: - devices - summary: Gets devices that have not polled in for the specified amount of time. - description: Gets devices that have not polled in for the specified amount of time. + summary: List overdue devices + description: Returns a list of devices that have not checked in for at least the specified number of seconds. Use MemberOfGroups and NotMemberOfGroups to scope the query to specific parts of the device estate. operationId: GetOverdueDevicesoverdue_Get parameters: - name: OfflineSeconds @@ -12880,8 +12880,8 @@ paths: post: tags: - devices - summary: Gets devices that have not polled in for the specified amount of time. - description: Gets devices that have not polled in for the specified amount of time. + summary: List overdue devices + description: Submits a request to retrieve devices that have not polled in within the specified time threshold. Provide the OfflineSeconds and optional group filters in the request body. operationId: GetOverdueDevicesoverdue_Post requestBody: content: @@ -12904,8 +12904,8 @@ paths: get: tags: - device - summary: 'Delete the specified Agent from the system. On first call the system will issue a challenge which must be answered and the response supplied on a repetition of the initial request. Contact NNT Support, supplying the text of the challenge, in order be be issued with an authorising response code.' - description: 'Delete the specified Agent from the system. On first call the system will issue a challenge which must be answered and the response supplied on a repetition of the initial request. Contact NNT Support, supplying the text of the challenge, in order be be issued with an authorising response code.' + summary: 'Permanently delete agent (challenge required)' + description: 'Permanently removes the specified agent from the system. This endpoint uses a two-step challenge-response process: the first call returns a challenge string that must be answered with an authorization code (obtained from NNT Support) on a subsequent call. Once confirmed, the deletion is irreversible.' operationId: DeleteDevicePermanentlydeletePermanently_Get parameters: - name: AgentId @@ -12947,8 +12947,8 @@ paths: post: tags: - device - summary: 'Delete the specified Agent from the system. On first call the system will issue a challenge which must be answered and the response supplied on a repetition of the initial request. Contact NNT Support, supplying the text of the challenge, in order be be issued with an authorising response code.' - description: 'Delete the specified Agent from the system. On first call the system will issue a challenge which must be answered and the response supplied on a repetition of the initial request. Contact NNT Support, supplying the text of the challenge, in order be be issued with an authorising response code.' + summary: 'Permanently delete agent (challenge required)' + description: 'Submits a permanent deletion request for the specified agent. On the first call the system issues a challenge; supply the challenge response code from NNT Support in a second call to confirm. Provide the AgentId, DeviceId, and Response in the request body.' operationId: DeleteDevicePermanentlydeletePermanently_Post requestBody: content: @@ -12971,8 +12971,8 @@ paths: get: tags: - device - summary: Represents a request to re-register a list of previously deleted devices matching the criteria. - description: Represents a request to re-register a list of previously deleted devices matching the criteria. + summary: Re-register previously deleted devices + description: Re-registers one or more previously deleted devices, restoring them to the active device inventory. Provide the AgentDeviceIds of the devices to reinstate. operationId: ReRegisterDevicereRegister_Get parameters: - name: AgentDeviceIds @@ -13000,8 +13000,8 @@ paths: post: tags: - device - summary: Represents a request to re-register a list of previously deleted devices matching the criteria. - description: Represents a request to re-register a list of previously deleted devices matching the criteria. + summary: Re-register previously deleted devices + description: Submits a request to re-register previously deleted devices. Provide the AgentDeviceIds in the request body. operationId: ReRegisterDevicereRegister_Post requestBody: content: @@ -13022,8 +13022,8 @@ paths: get: tags: - group - summary: 'Delete all the specified group members from the system. On first call the system will issue a challenge which must be answered and the response supplied on a repetition of the initial request. Contact NNT Support, supplying the text of the challenge, in order be be issued with an authorising response code.' - description: 'Delete all the specified group members from the system. On first call the system will issue a challenge which must be answered and the response supplied on a repetition of the initial request. Contact NNT Support, supplying the text of the challenge, in order be be issued with an authorising response code.' + summary: 'Permanently delete group members' + description: 'Permanently removes all members of the specified group from the system using a two-step challenge-response process. The first call returns a challenge string; supply the authorization code from NNT Support on a subsequent call to confirm. This action is irreversible.' operationId: DeleteGroupMembersPermanentlydeleteMembersPermanently_Get parameters: - name: GroupName @@ -13055,8 +13055,8 @@ paths: post: tags: - group - summary: 'Delete all the specified group members from the system. On first call the system will issue a challenge which must be answered and the response supplied on a repetition of the initial request. Contact NNT Support, supplying the text of the challenge, in order be be issued with an authorising response code.' - description: 'Delete all the specified group members from the system. On first call the system will issue a challenge which must be answered and the response supplied on a repetition of the initial request. Contact NNT Support, supplying the text of the challenge, in order be be issued with an authorising response code.' + summary: 'Permanently delete group members' + description: 'Submits a request to permanently delete all members of the specified group. On the first call the system issues a challenge; supply the authorization code from NNT Support in a second call to confirm. Provide the GroupName and Response in the request body.' operationId: DeleteGroupMembersPermanentlydeleteMembersPermanently_Post requestBody: content: @@ -13079,8 +13079,8 @@ paths: get: tags: - deviceFilter - summary: Represents a request to add a DeviceFilter. - description: Represents a request to add a DeviceFilter. + summary: Add DeviceFilter + description: Creates a new DeviceFilter definition and adds it to the system. DeviceFilters are reusable device selection criteria that can be referenced by reports and other API calls. Returns the updated list of device filters. operationId: AddDeviceFilteradd_Get parameters: - name: DeviceFilter @@ -13107,8 +13107,8 @@ paths: post: tags: - deviceFilter - summary: Represents a request to add a DeviceFilter. - description: Represents a request to add a DeviceFilter. + summary: Add DeviceFilter + description: Submits a request to create a new DeviceFilter. Provide the DeviceFilter definition in the request body. Returns the updated list of device filters. operationId: AddDeviceFilteradd_Post requestBody: content: @@ -13131,8 +13131,8 @@ paths: get: tags: - deviceFilter - summary: Represents a request to update a DeviceFilter matching the given id. - description: Represents a request to update a DeviceFilter matching the given id. + summary: Update DeviceFilter by ID + description: Updates the DeviceFilter identified by the specified Name with a new filter definition. Returns the updated list of device filters. operationId: UpdateDeviceFilterupdate_Get parameters: - name: Name @@ -13164,8 +13164,8 @@ paths: post: tags: - deviceFilter - summary: Represents a request to update a DeviceFilter matching the given id. - description: Represents a request to update a DeviceFilter matching the given id. + summary: Update DeviceFilter by ID + description: Submits a request to update an existing DeviceFilter. Provide the filter Name and new DeviceFilter definition in the request body. operationId: UpdateDeviceFilterupdate_Post requestBody: content: @@ -13188,8 +13188,8 @@ paths: get: tags: - deviceFilter - summary: 'Represents a request to bring the named filter to the head of the list, or to create it at the head of the list if it doesn''t exist.' - description: 'Represents a request to bring the named filter to the head of the list, or to create it at the head of the list if it doesn''t exist.' + summary: 'Promote device filter to head' + description: Moves the specified DeviceFilter to the top of the filter list, or creates it at the top of the list if it does not already exist. Use this endpoint to retrieve the current promotion state of a filter. operationId: PromoteDeviceFilterpromote_Get parameters: - name: DeviceFilter @@ -13216,8 +13216,8 @@ paths: post: tags: - deviceFilter - summary: 'Represents a request to bring the named filter to the head of the list, or to create it at the head of the list if it doesn''t exist.' - description: 'Represents a request to bring the named filter to the head of the list, or to create it at the head of the list if it doesn''t exist.' + summary: 'Promote device filter to head' + description: Submits a request to promote the specified DeviceFilter to the head of the list, creating it if it does not already exist. Provide the DeviceFilter definition in the request body. operationId: PromoteDeviceFilterpromote_Post requestBody: content: @@ -13240,8 +13240,8 @@ paths: get: tags: - deviceFilter - summary: Represents a request to delete a DeviceFilter matching the criteria. - description: Represents a request to delete a DeviceFilter matching the criteria. + summary: Delete matching DeviceFilter + description: Deletes the DeviceFilter matching the specified Name from the system. Returns no content on success. operationId: DeleteDeviceFilterdelete_Get parameters: - name: Name @@ -13266,8 +13266,8 @@ paths: post: tags: - deviceFilter - summary: Represents a request to delete a DeviceFilter matching the criteria. - description: Represents a request to delete a DeviceFilter matching the criteria. + summary: Delete matching DeviceFilter + description: Submits a request to delete the DeviceFilter matching the specified Name. Provide the filter Name in the request body. operationId: DeleteDeviceFilterdelete_Post requestBody: content: @@ -13288,8 +13288,8 @@ paths: get: tags: - deviceFilters - summary: Returns a paged list of DeviceFilter definitions matching the optional name criteria. - description: Returns a paged list of DeviceFilter definitions matching the optional name criteria. + summary: List DeviceFilter definitions + description: Returns a paged list of DeviceFilter definitions, optionally filtered by an exact Name or a partial name match using NameContains. Use Skip and Take to paginate through large result sets. operationId: GetDeviceFilters_Get parameters: - name: NameContains @@ -13361,8 +13361,8 @@ paths: post: tags: - deviceFilters - summary: Returns a paged list of DeviceFilter definitions matching the optional name criteria. - description: Returns a paged list of DeviceFilter definitions matching the optional name criteria. + summary: List DeviceFilter definitions + description: Submits a request to retrieve DeviceFilter definitions. Provide optional name filters and pagination parameters in the request body. operationId: GetDeviceFilters_Post requestBody: content: @@ -13385,8 +13385,8 @@ paths: get: tags: - groupMembers - summary: A request to add the specified Groups and Agents group members to the named group. - description: A request to add the specified Groups and Agents group members to the named group. + summary: Add members to named group + description: Adds one or more child groups or agent devices as members of the specified parent group, identified by GroupName. Provide the Groups names and/or AgentDeviceIds to add. operationId: AddGroupMembersadd_Get parameters: - name: GroupName @@ -13435,8 +13435,8 @@ paths: post: tags: - groupMembers - summary: A request to add the specified Groups and Agents group members to the named group. - description: A request to add the specified Groups and Agents group members to the named group. + summary: Add members to named group + description: Submits a request to add groups or devices as members of the specified group. Provide the GroupName, Groups, and AgentDeviceIds in the request body. operationId: AddGroupMembersadd_Post requestBody: content: @@ -13457,8 +13457,8 @@ paths: get: tags: - groupMembers - summary: A request to remove group or device members from the named group. - description: A request to remove group or device members from the named group. + summary: Remove members from named group + description: Removes one or more child groups or agent devices from the specified parent group, identified by GroupName. Provide the Groups names and/or AgentDeviceIds to remove. operationId: DeleteGroupMembersdelete_Get parameters: - name: GroupName @@ -13499,8 +13499,8 @@ paths: post: tags: - groupMembers - summary: A request to remove group or device members from the named group. - description: A request to remove group or device members from the named group. + summary: Remove members from named group + description: Submits a request to remove groups or devices from the specified group. Provide the GroupName, Groups, and AgentDeviceIds in the request body. operationId: DeleteGroupMembersdelete_Post requestBody: content: @@ -13521,8 +13521,8 @@ paths: get: tags: - deviceOnlineStatus - summary: Gets an indication of the device's online/offline status - description: Gets an indication of the device's online/offline status + summary: Get device online/offline status + description: Returns the current online or offline status of the specified device, identified by AgentId and DeviceId. Use this endpoint to check whether an agent is actively communicating with the hub. operationId: GetDeviceOnlineStatus_Get parameters: - name: AgentId @@ -13555,8 +13555,8 @@ paths: post: tags: - deviceOnlineStatus - summary: Gets an indication of the device's online/offline status - description: Gets an indication of the device's online/offline status + summary: Get device online/offline status + description: Submits a request to retrieve the online or offline status of the specified device. Provide the AgentId and DeviceId in the request body. operationId: GetDeviceOnlineStatus_Post requestBody: content: @@ -13580,8 +13580,8 @@ paths: get: tags: - deviceSettings - summary: 'Gets the device settings for the device, based on the global device settings and any device specific overrides.' - description: 'Gets the device settings for the device, based on the global device settings and any device specific overrides.' + summary: 'Get device settings with overrides' + description: 'Returns the effective device settings for the specified device or group, combining the global default settings with any device-specific overrides. Provide either AgentId and DeviceId, or GroupName, to identify the target.' operationId: UpdateDeviceSettingsupdate_Get parameters: - name: AgentId @@ -13623,8 +13623,8 @@ paths: post: tags: - deviceSettings - summary: 'Gets the device settings for the device, based on the global device settings and any device specific overrides.' - description: 'Gets the device settings for the device, based on the global device settings and any device specific overrides.' + summary: 'Get device settings with overrides' + description: 'Submits a request to retrieve the effective device settings for the specified device or group. Provide the AgentId, DeviceId, or GroupName in the request body.' operationId: UpdateDeviceSettingsupdate_Post requestBody: content: @@ -13647,8 +13647,8 @@ paths: get: tags: - deviceCredentials - summary: A request to associate named credentials with an agent. - description: A request to associate named credentials with an agent. + summary: Associate credentials with agent + description: Associates the specified named credentials with an agent device, enabling the hub to use those credentials when polling or proxying the device. Provide the AgentDevice and CredentialsKey to link them. operationId: AddCredentialsToAgentDeviceadd_Get parameters: - name: AgentDevice @@ -13678,8 +13678,8 @@ paths: post: tags: - deviceCredentials - summary: A request to associate named credentials with an agent. - description: A request to associate named credentials with an agent. + summary: Associate credentials with agent + description: Submits a request to associate named credentials with an agent device. Provide the AgentDevice and CredentialsKey in the request body. operationId: AddCredentialsToAgentDeviceadd_Post requestBody: content: @@ -13700,8 +13700,8 @@ paths: get: tags: - deviceCredentials - summary: A request to remove named credentials from an agent. - description: A request to remove named credentials from an agent. + summary: Remove agent credentials + description: Removes the specified named credentials from the specified agent device, disassociating them so they are no longer used for polling or proxying. Provide the AgentDevice and CredentialKey to remove. operationId: RemoveCredentialsFromAgentDevicedelete_Get parameters: - name: AgentDevice @@ -13731,8 +13731,8 @@ paths: post: tags: - deviceCredentials - summary: A request to remove named credentials from an agent. - description: A request to remove named credentials from an agent. + summary: Remove agent credentials + description: Submits a request to remove named credentials from an agent device. Provide the AgentDevice and CredentialKey in the request body. operationId: RemoveCredentialsFromAgentDevicedelete_Post requestBody: content: @@ -13753,8 +13753,8 @@ paths: get: tags: - deviceName - summary: A request to update the display name of an agent. - description: A request to update the display name of an agent. + summary: Update agent display name + description: Updates the display name shown for the specified agent device in reports and the user interface. Provide the AgentDevice and the new DeviceName. operationId: SetAgentDeviceNameupdate_Get parameters: - name: AgentDevice @@ -13784,8 +13784,8 @@ paths: post: tags: - deviceName - summary: A request to update the display name of an agent. - description: A request to update the display name of an agent. + summary: Update agent display name + description: Submits a request to update the display name of an agent device. Provide the AgentDevice and new DeviceName in the request body. operationId: SetAgentDeviceNameupdate_Post requestBody: content: @@ -13806,8 +13806,8 @@ paths: get: tags: - deviceHostType - summary: A request to update the host type of an agent. - description: A request to update the host type of an agent. + summary: Update agent host type + description: Updates the host type classification of the specified agent device, such as Windows, Unix, Network, or Cloud. The host type determines which tracking and policy templates are applicable. operationId: SetAgentHostTypeupdate_Get parameters: - name: AgentDevice @@ -13840,8 +13840,8 @@ paths: post: tags: - deviceHostType - summary: A request to update the host type of an agent. - description: A request to update the host type of an agent. + summary: Update agent host type + description: Submits a request to update the host type of an agent device. Provide the AgentDevice and the new HostType in the request body. operationId: SetAgentHostTypeupdate_Post requestBody: content: @@ -13862,8 +13862,8 @@ paths: get: tags: - testAgentCredentials - summary: Ask an agent to test the credentials for a device it is proxying. - description: Ask an agent to test the credentials for a device it is proxying. + summary: Test proxied device credentials + description: Instructs the specified agent to test the credentials configured for one of the devices it proxies, confirming whether the credentials are valid and the device is reachable. Returns the test result. operationId: TestAgentCredentials_Get parameters: - name: AgentDeviceId @@ -13890,8 +13890,8 @@ paths: post: tags: - testAgentCredentials - summary: Ask an agent to test the credentials for a device it is proxying. - description: Ask an agent to test the credentials for a device it is proxying. + summary: Test proxied device credentials + description: Submits a request for an agent to test credentials for a proxied device. Provide the AgentDeviceId in the request body. operationId: TestAgentCredentials_Post requestBody: content: @@ -13914,8 +13914,8 @@ paths: get: tags: - ipBlocking - summary: Gets details of ip addresses that have been blocked. - description: Gets details of ip addresses that have been blocked. + summary: List blocked IP addresses + description: Returns the list of IP addresses that are currently blocked, together with their blocking status and expiry times. Use this endpoint to audit which addresses have been manually blocked. operationId: GetIpBlocking_Get parameters: - name: Version @@ -13940,8 +13940,8 @@ paths: post: tags: - ipBlocking - summary: Gets details of ip addresses that have been blocked. - description: Gets details of ip addresses that have been blocked. + summary: List blocked IP addresses + description: Submits a request to retrieve the list of currently blocked IP addresses and their blocking details. operationId: GetIpBlocking_Post requestBody: content: @@ -13967,8 +13967,8 @@ paths: get: tags: - ipBlocking - summary: Adds manual blocking of a specified ip address until a specified time. - description: Adds manual blocking of a specified ip address until a specified time. + summary: Block IP address until time + description: Manually blocks the specified IP address until the given UTC expiry time. After the expiry time the block is automatically lifted. Returns the updated list of blocked IP addresses. operationId: AddIpBlockingadd_Get parameters: - name: IpAddress @@ -14005,8 +14005,8 @@ paths: post: tags: - ipBlocking - summary: Adds manual blocking of a specified ip address until a specified time. - description: Adds manual blocking of a specified ip address until a specified time. + summary: Block IP address until time + description: Submits a request to manually block the specified IP address until the given expiry time. Provide the IpAddress and ExpiresUtc in the request body. operationId: AddIpBlockingadd_Post requestBody: content: @@ -14033,7 +14033,7 @@ paths: tags: - ipBlocking summary: Removes blocking of a specified ip address. - description: Removes blocking of a specified ip address. + description: Removes the block on the specified IP address, immediately allowing connections from that address. Returns the updated list of blocked IP addresses. operationId: DeleteIpBlockingdelete_Get parameters: - name: IpAddress @@ -14064,7 +14064,7 @@ paths: tags: - ipBlocking summary: Removes blocking of a specified ip address. - description: Removes blocking of a specified ip address. + description: Submits a request to remove the block on the specified IP address. Provide the IpAddress in the request body. operationId: DeleteIpBlockingdelete_Post requestBody: content: @@ -14090,8 +14090,8 @@ paths: get: tags: - discoverDevices - summary: Discovers devices to be added as proxied devices to a master device. - description: Discovers devices to be added as proxied devices to a master device. + summary: Discover proxied devices + description: Triggers device discovery to identify candidate devices that can be added as proxied devices under a master agent. Returns discovered device information for review before adding them to the inventory. operationId: DiscoverDevices_Get parameters: - name: Version @@ -14113,8 +14113,8 @@ paths: post: tags: - discoverDevices - summary: Discovers devices to be added as proxied devices to a master device. - description: Discovers devices to be added as proxied devices to a master device. + summary: Discover proxied devices + description: Submits a device discovery request to identify candidate proxied devices for a master agent. Provide the discovery criteria in the request body. operationId: DiscoverDevices_Post requestBody: content: @@ -14137,8 +14137,8 @@ paths: get: tags: - discoveredDevices - summary: Submits discovered devices as a response to a DiscoverDevices request. - description: Submits discovered devices as a response to a DiscoverDevices request. + summary: Submit discovered devices + description: Submits the list of discovered devices back to the hub as a response to a previous DiscoverDevices request, registering them as proxied devices under the master agent. operationId: SubmitDiscoveredDevices_Get parameters: - name: Version @@ -14158,8 +14158,8 @@ paths: post: tags: - discoveredDevices - summary: Submits discovered devices as a response to a DiscoverDevices request. - description: Submits discovered devices as a response to a DiscoverDevices request. + summary: Submit discovered devices + description: Submits the list of discovered devices to register them as proxied devices. Provide the discovered device details in the request body. operationId: SubmitDiscoveredDevices_Post requestBody: content: @@ -14180,8 +14180,8 @@ paths: get: tags: - acknowledgeEvents - summary: Acknowledge a list of events as 'planned'. - description: Acknowledge a list of events as 'planned'. + summary: Acknowledge events as planned + description: Updates the status of the specified events to the given NewStatus (for example, Planned or Acknowledged), optionally linking them to a planned change instance. Use the EventIds, DeviceFilter, and EventFilter parameters to target specific events. operationId: AcknowledgeEvents_Get parameters: - name: EventIds @@ -14254,8 +14254,8 @@ paths: post: tags: - acknowledgeEvents - summary: Acknowledge a list of events as 'planned'. - description: Acknowledge a list of events as 'planned'. + summary: Acknowledge events as planned + description: Submits a request to update the status of the specified events. Provide the EventIds or event filter criteria, the PlannedChangeId, and the NewStatus in the request body. operationId: AcknowledgeEvents_Post requestBody: content: @@ -14276,8 +14276,8 @@ paths: get: tags: - resubmitEvents - summary: 'Re-submit the specified events (i.e for re-consideration by the pipeline re: planned changes).' - description: 'Re-submit the specified events (i.e for re-consideration by the pipeline re: planned changes).' + summary: 'Resubmit events to pipeline' + description: 'Re-submits the specified events to the processing pipeline for re-evaluation against planned change rules. Use this endpoint after creating or modifying planned changes to update the status of previously processed events.' operationId: ResubmitEvents_Get parameters: - name: GetEvents @@ -14302,8 +14302,8 @@ paths: post: tags: - resubmitEvents - summary: 'Re-submit the specified events (i.e for re-consideration by the pipeline re: planned changes).' - description: 'Re-submit the specified events (i.e for re-consideration by the pipeline re: planned changes).' + summary: 'Resubmit events to pipeline' + description: 'Submits a request to re-process the specified events through the planned change pipeline. Provide the event selection criteria in the request body.' operationId: ResubmitEvents_Post requestBody: content: @@ -14324,8 +14324,8 @@ paths: get: tags: - event - summary: Get the event history for one specific event. - description: Get the event history for one specific event. + summary: Get event history + description: Returns the full history of a specific event, identified by EventId, including all status changes and acknowledgements over time. Use this endpoint to audit the lifecycle of an individual change event. operationId: GetEventHistoryhistoryEventId_Get parameters: - name: EventId @@ -14352,8 +14352,8 @@ paths: post: tags: - event - summary: Get the event history for one specific event. - description: Get the event history for one specific event. + summary: Get event history + description: Submits a request to retrieve the history of a specific event. Provide the EventId in the request body. operationId: GetEventHistoryhistoryEventId_Post requestBody: content: @@ -14376,8 +14376,8 @@ paths: get: tags: - eventDeviceGroups - summary: 'Gets the list of groups that the devices associated with the given events are members of. If Intersection is true, only the groups of which all devices are a member are returned. This function is used to determine the possible groups to associate a new planned change with, such that the events will be covered by it.' - description: 'Gets the list of groups that the devices associated with the given events are members of. If Intersection is true, only the groups of which all devices are a member are returned. This function is used to determine the possible groups to associate a new planned change with, such that the events will be covered by it.' + summary: 'Get device groups for events' + description: 'Returns the groups associated with the devices of the specified events, enabling you to determine which groups a new planned change must target to cover those events. Set Intersection to true to return only groups common to all event devices; set it to false to return the union of all groups.' operationId: GetEventDeviceGroups_Get parameters: - name: EventIds @@ -14449,8 +14449,8 @@ paths: post: tags: - eventDeviceGroups - summary: 'Gets the list of groups that the devices associated with the given events are members of. If Intersection is true, only the groups of which all devices are a member are returned. This function is used to determine the possible groups to associate a new planned change with, such that the events will be covered by it.' - description: 'Gets the list of groups that the devices associated with the given events are members of. If Intersection is true, only the groups of which all devices are a member are returned. This function is used to determine the possible groups to associate a new planned change with, such that the events will be covered by it.' + summary: 'Get device groups for events' + description: 'Submits a request to retrieve the groups associated with the devices of the specified events. Provide the EventIds, Intersection flag, and optional device and event filters in the request body.' operationId: GetEventDeviceGroups_Post requestBody: content: @@ -14474,7 +14474,7 @@ paths: tags: - setCommentsForEvents summary: Set comments for events - description: Set comments for events + description: Sets a comment on the events matching the specified filter criteria. Use the GetEvents filter to target specific events and provide the Comment text to attach. operationId: SetCommentForEvents_Get parameters: - name: GetEvents @@ -14505,7 +14505,7 @@ paths: tags: - setCommentsForEvents summary: Set comments for events - description: Set comments for events + description: Submits a request to set a comment on the events matching the specified criteria. Provide the event filter and comment text in the request body. operationId: SetCommentForEvents_Post requestBody: content: @@ -14526,8 +14526,8 @@ paths: get: tags: - inventory - summary: Retrieves a list of inventory items from the hub service. - description: Retrieves a list of inventory items from the hub service. + summary: List inventory items + description: Returns a paged list of inventory items from the hub. Use the Sort, Skip, Take, and GenericFilters parameters to control ordering and pagination of the results. operationId: GetInventory_Get parameters: - name: CountOnly @@ -14589,8 +14589,8 @@ paths: post: tags: - inventory - summary: Retrieves a list of inventory items from the hub service. - description: Retrieves a list of inventory items from the hub service. + summary: List inventory items + description: Submits a request to retrieve inventory items from the hub. Provide pagination and filtering options in the request body. operationId: GetInventory_Post requestBody: content: @@ -14613,8 +14613,8 @@ paths: get: tags: - agentInventoryGrouped - summary: Retrieves a list of agent inventory items grouped by their inventory item ids from the hub service. - description: Retrieves a list of agent inventory items grouped by their inventory item ids from the hub service. + summary: List grouped agent inventory items + description: Returns a paged list of agent inventory items grouped by inventory item ID, allowing you to see how many agents share each item. Use the DeviceFilter to restrict results to specific agents or groups. operationId: GetAgentInventoryItemsGrouped_Get parameters: - name: DeviceFilter @@ -14681,8 +14681,8 @@ paths: post: tags: - agentInventoryGrouped - summary: Retrieves a list of agent inventory items grouped by their inventory item ids from the hub service. - description: Retrieves a list of agent inventory items grouped by their inventory item ids from the hub service. + summary: List grouped agent inventory items + description: Submits a request to retrieve agent inventory items grouped by inventory item ID. Provide the DeviceFilter and pagination options in the request body. operationId: GetAgentInventoryItemsGrouped_Post requestBody: content: @@ -14705,8 +14705,8 @@ paths: get: tags: - agentInventoryAgentsDetail - summary: Retrieves a list of agents with a specific inventory item id from the hub service. - description: Retrieves a list of agents with a specific inventory item id from the hub service. + summary: List agents by inventory item ID + description: Returns a paged list of agents that have a specific inventory item, filtered by device filter criteria. Use this endpoint to find which agents have a particular software package or hardware component installed. operationId: GetAgentInventoryAgentsDetail_Get parameters: - name: DeviceFilter @@ -14773,8 +14773,8 @@ paths: post: tags: - agentInventoryAgentsDetail - summary: Retrieves a list of agents with a specific inventory item id from the hub service. - description: Retrieves a list of agents with a specific inventory item id from the hub service. + summary: List agents by inventory item ID + description: Submits a request to retrieve agents with a specific inventory item. Provide the DeviceFilter and inventory item criteria in the request body. operationId: GetAgentInventoryAgentsDetail_Post requestBody: content: @@ -14797,8 +14797,8 @@ paths: get: tags: - inventory - summary: A request to return the vulnerability overview matching the device filter. - description: A request to return the vulnerability overview matching the device filter. + summary: Get vulnerability overview by filter + description: Returns an aggregated vulnerability overview for devices matching the specified device filter, including severity counts and change trends since the given start date. Set ShowIgnored to true to include suppressed CVEs in the statistics. operationId: GetVulnerabilityOverviewvulnerabilityOverview_Get parameters: - name: DeviceFilter @@ -14884,8 +14884,8 @@ paths: post: tags: - inventory - summary: A request to return the vulnerability overview matching the device filter. - description: A request to return the vulnerability overview matching the device filter. + summary: Get vulnerability overview by filter + description: Submits a request to retrieve an aggregated vulnerability overview. Provide the DeviceFilter, start date, and ShowIgnored preference in the request body. operationId: GetVulnerabilityOverviewvulnerabilityOverview_Post requestBody: content: @@ -14908,8 +14908,8 @@ paths: get: tags: - inventory - summary: A request to return the vulnerabilities in an estate matching the device and vulnerability filters. - description: A request to return the vulnerabilities in an estate matching the device and vulnerability filters. + summary: Get estate vulnerabilities by filter + description: Returns a paged list of vulnerabilities affecting the devices in the estate that match the specified device and vulnerability filters. Use this endpoint to audit CVE exposure across your environment. operationId: GetVulnerabilityvulnerabilities_Get parameters: - name: DeviceFilter @@ -14976,8 +14976,8 @@ paths: post: tags: - inventory - summary: A request to return the vulnerabilities in an estate matching the device and vulnerability filters. - description: A request to return the vulnerabilities in an estate matching the device and vulnerability filters. + summary: Get estate vulnerabilities by filter + description: Submits a request to retrieve vulnerabilities matching the specified device and vulnerability filters. Provide the filter criteria and pagination options in the request body. operationId: GetVulnerabilityvulnerabilities_Post requestBody: content: @@ -15000,8 +15000,8 @@ paths: get: tags: - inventory - summary: A request to return the software vulnerability matching the device filter. - description: A request to return the software vulnerability matching the device filter. + summary: Get software vulnerabilities by filter + description: Returns software vulnerability information for devices matching the specified device filter, showing CVE exposure per software package since the given start date. Use this endpoint to identify vulnerable software across your estate. operationId: GetSoftwareVulnerabilitysoftwareVulnerability_Get parameters: - name: DeviceFilter @@ -15075,8 +15075,8 @@ paths: post: tags: - inventory - summary: A request to return the software vulnerability matching the device filter. - description: A request to return the software vulnerability matching the device filter. + summary: Get software vulnerabilities by filter + description: Submits a request to retrieve software vulnerability information for devices matching the specified filter. Provide the DeviceFilter and start date in the request body. operationId: GetSoftwareVulnerabilitysoftwareVulnerability_Post requestBody: content: @@ -15099,8 +15099,8 @@ paths: get: tags: - inventory - summary: Marks an inventory item a requiring an update / refresh. - description: Marks an inventory item a requiring an update / refresh. + summary: Mark inventory item for update + description: Marks one or more inventory items as requiring a refresh, prompting agents to re-collect the relevant inventory data on their next polling cycle. operationId: MarkInventoryItemsRequiringUpdateupdate_Get parameters: - name: Version @@ -15122,8 +15122,8 @@ paths: post: tags: - inventory - summary: Marks an inventory item a requiring an update / refresh. - description: Marks an inventory item a requiring an update / refresh. + summary: Mark inventory item for update + description: Submits a request to mark inventory items as requiring an update. Provide the item criteria in the request body. operationId: MarkInventoryItemsRequiringUpdateupdate_Post requestBody: content: @@ -15146,8 +15146,8 @@ paths: get: tags: - inventory - summary: A request to return the software vulnerability matching the device filter. - description: A request to return the software vulnerability matching the device filter. + summary: Get software vulnerabilities by filter + description: Returns detailed vulnerability information for the specified software item or CPE name, including associated CVE records and severity scores. Use SoftwareId or CpeName to identify the software package. operationId: GetSoftwareVulnerabilityDetailsoftwareVulnerabilityDetail_Get parameters: - name: SoftwareId @@ -15219,8 +15219,8 @@ paths: post: tags: - inventory - summary: A request to return the software vulnerability matching the device filter. - description: A request to return the software vulnerability matching the device filter. + summary: Get software vulnerabilities by filter + description: Submits a request to retrieve detailed vulnerability information for the specified software item or CPE name. Provide the SoftwareId or CpeName in the request body. operationId: GetSoftwareVulnerabilityDetailsoftwareVulnerabilityDetail_Post requestBody: content: @@ -15243,8 +15243,8 @@ paths: get: tags: - inventory - summary: A request to return the device vulnerability matching the device filter. - description: A request to return the device vulnerability matching the device filter. + summary: Get device vulnerabilities by filter + description: Returns vulnerability information for devices matching the specified device filter, showing the CVEs affecting each device since the given start date. Use this endpoint to assess the vulnerability posture of specific devices or groups. operationId: GetDeviceVulnerabilitydeviceVulnerability_Get parameters: - name: DeviceFilter @@ -15318,8 +15318,8 @@ paths: post: tags: - inventory - summary: A request to return the device vulnerability matching the device filter. - description: A request to return the device vulnerability matching the device filter. + summary: Get device vulnerabilities by filter + description: Submits a request to retrieve device vulnerability information. Provide the DeviceFilter and start date in the request body. operationId: GetDeviceVulnerabilitydeviceVulnerability_Post requestBody: content: @@ -15342,8 +15342,8 @@ paths: get: tags: - inventory - summary: A request to return the device vulnerability matching the device filter. - description: A request to return the device vulnerability matching the device filter. + summary: Get device vulnerabilities by filter + description: Returns a detailed list of vulnerabilities for the specified agent device, identified by AgentDeviceId. Use this endpoint to drill into the full CVE exposure for a single device. operationId: GetDeviceVulnerabilityDetaildeviceVulnerabilityDetail_Get parameters: - name: AgentDeviceId @@ -15410,8 +15410,8 @@ paths: post: tags: - inventory - summary: A request to return the device vulnerability matching the device filter. - description: A request to return the device vulnerability matching the device filter. + summary: Get device vulnerabilities by filter + description: Submits a request to retrieve detailed vulnerability information for the specified device. Provide the AgentDeviceId and pagination options in the request body. operationId: GetDeviceVulnerabilityDetaildeviceVulnerabilityDetail_Post requestBody: content: @@ -15434,8 +15434,8 @@ paths: get: tags: - inventory - summary: Get a list of CVEs that are related to the specified CPE but not directly (e.g previous versions etc) - description: Get a list of CVEs that are related to the specified CPE but not directly (e.g previous versions etc) + summary: Get related CVEs for CPE + description: Returns a list of CVEs that are indirectly related to the specified CPE, such as those affecting previous versions of the same software. Provide a CpeName or InventoryItemId to identify the software package. operationId: GetCvesForRelatedCpesrelatedSoftwareVulnerabilityDetail_Get parameters: - name: CpeName @@ -15473,8 +15473,8 @@ paths: post: tags: - inventory - summary: Get a list of CVEs that are related to the specified CPE but not directly (e.g previous versions etc) - description: Get a list of CVEs that are related to the specified CPE but not directly (e.g previous versions etc) + summary: Get related CVEs for CPE + description: Submits a request to retrieve CVEs indirectly related to the specified CPE. Provide the CpeName or InventoryItemId and result limit options in the request body. operationId: GetCvesForRelatedCpesrelatedSoftwareVulnerabilityDetail_Post parameters: - name: CpeName @@ -15521,8 +15521,8 @@ paths: get: tags: - inventory - summary: A request to return the vulnerable devices matching the CVE. - description: A request to return the vulnerable devices matching the CVE. + summary: Get vulnerable devices by CVE + description: Returns a paged list of devices that are vulnerable to the specified CVE, identified by CveId. Use this endpoint to identify which devices in your estate require remediation for a specific vulnerability. operationId: GetVulnerableDeviceDetailvulnerableDeviceDetail_Get parameters: - name: CveId @@ -15589,8 +15589,8 @@ paths: post: tags: - inventory - summary: A request to return the vulnerable devices matching the CVE. - description: A request to return the vulnerable devices matching the CVE. + summary: Get vulnerable devices by CVE + description: Submits a request to retrieve devices affected by the specified CVE. Provide the CveId and pagination options in the request body. operationId: GetVulnerableDeviceDetailvulnerableDeviceDetail_Post requestBody: content: @@ -15613,8 +15613,8 @@ paths: get: tags: - inventory - summary: A request to ignore one or more Cves until a given data. - description: A request to ignore one or more Cves until a given data. + summary: Ignore CVEs until given date + description: Suppresses one or more CVEs until the specified date, excluding them from vulnerability counts and reports. Use this endpoint to acknowledge accepted risks or temporarily dismiss false positives. operationId: IgnoreCveItemignoreCves_Get parameters: - name: Version @@ -15636,8 +15636,8 @@ paths: post: tags: - inventory - summary: A request to ignore one or more Cves until a given data. - description: A request to ignore one or more Cves until a given data. + summary: Ignore CVEs until given date + description: Submits a request to suppress one or more CVEs until the specified date. Provide the CVE IDs and suppression expiry date in the request body. operationId: IgnoreCveItemignoreCves_Post requestBody: content: @@ -15660,8 +15660,8 @@ paths: get: tags: - vulnerabilityscanstatus - summary: A request to return the software vulnerability scan status. - description: A request to return the software vulnerability scan status. + summary: Get vulnerability scan status + description: Returns the current status of the software vulnerability scanner, including when each device was last scanned and whether any scans are pending. Use this endpoint to monitor scan coverage across your estate. operationId: GetVulnerabilityScanStatus_Get parameters: - name: CountOnly @@ -15723,8 +15723,8 @@ paths: post: tags: - vulnerabilityscanstatus - summary: A request to return the software vulnerability scan status. - description: A request to return the software vulnerability scan status. + summary: Get vulnerability scan status + description: Submits a request to retrieve the software vulnerability scan status. Provide pagination and filter options in the request body. operationId: GetVulnerabilityScanStatus_Post requestBody: content: @@ -15747,8 +15747,8 @@ paths: get: tags: - log4netConfigs - summary: Retrieves a list of log4net logger configurations - description: Retrieves a list of log4net logger configurations + summary: List log4net logger configurations + description: Returns all log4net logger configurations currently active on the hub, including logger names and log levels. Use this endpoint to review diagnostic logging settings. operationId: GetAllLog4NetConfigItemsall_Get responses: '200': @@ -15762,8 +15762,8 @@ paths: post: tags: - log4netConfigs - summary: Retrieves a list of log4net logger configurations - description: Retrieves a list of log4net logger configurations + summary: List log4net logger configurations + description: Submits a request to retrieve all log4net logger configurations. Returns the same data as the GET variant. operationId: GetAllLog4NetConfigItemsall_Post requestBody: content: @@ -15879,8 +15879,8 @@ paths: get: tags: - log4netConfigs - summary: Retrieves a list of log4net logger configurations with pagination support. - description: Retrieves a list of log4net logger configurations with pagination support. + summary: List log4net logger configurations with pagination support. + description: Returns a paged list of log4net logger configurations with support for sorting and filtering. Use the Skip and Take parameters to paginate through the results. operationId: GetLog4NetConfigItems_Get parameters: - name: CountOnly @@ -15942,8 +15942,8 @@ paths: post: tags: - log4netConfigs - summary: Retrieves a list of log4net logger configurations with pagination support. - description: Retrieves a list of log4net logger configurations with pagination support. + summary: List log4net logger configurations with pagination support. + description: Submits a request to retrieve log4net logger configurations with pagination support. Provide pagination and filter options in the request body. operationId: GetLog4NetConfigItems_Post requestBody: content: @@ -15966,8 +15966,8 @@ paths: get: tags: - reportDescription - summary: Returns a description for the specified report. - description: Returns a description for the specified report. + summary: Get report description + description: Returns a human-readable description for the specified report, including its purpose and what it covers. Use this endpoint to display report metadata to users before they run or view a report. operationId: GetReportDescription_Get parameters: - name: Version @@ -15989,8 +15989,8 @@ paths: post: tags: - reportDescription - summary: Returns a description for the specified report. - description: Returns a description for the specified report. + summary: Get report description + description: Submits a request to retrieve the description for the specified report. Provide the report identifier in the request body. operationId: GetReportDescription_Post requestBody: content: @@ -16013,8 +16013,8 @@ paths: get: tags: - reportDifferences - summary: Get a list of differences between two reports runs. - description: Get a list of differences between two reports runs. + summary: Differences between two report runs + description: Returns the list of differences between two consecutive report runs, showing which items changed between the two executions. Use this endpoint to analyse what changed between compliance or baseline scans. operationId: GetReportChangeDetails_Get parameters: - name: Version @@ -16039,8 +16039,8 @@ paths: post: tags: - reportDifferences - summary: Get a list of differences between two reports runs. - description: Get a list of differences between two reports runs. + summary: Differences between two report runs + description: Submits a request to retrieve the differences between two report runs. Provide the report run identifiers in the request body. operationId: GetReportChangeDetails_Post requestBody: content: @@ -16066,8 +16066,8 @@ paths: get: tags: - reportData - summary: 'Gets report results for the specified agent, device or task id.' - description: 'Gets report results for the specified agent, device or task id.' + summary: 'Get report results' + description: 'Returns a paged list of report results for the specified report, identified by reportId. Use the Sort, Skip, Take, and GenericFilters parameters to control the order and scope of the returned results.' operationId: GetReportDatareportId_Get parameters: - name: CountOnly @@ -16129,8 +16129,8 @@ paths: post: tags: - reportData - summary: 'Gets report results for the specified agent, device or task id.' - description: 'Gets report results for the specified agent, device or task id.' + summary: 'Get report results' + description: 'Submits a request to retrieve report results for the specified report. Provide the reportId and pagination options in the request body.' operationId: GetReportDatareportId_Post requestBody: content: @@ -16153,8 +16153,8 @@ paths: get: tags: - availableReports - summary: ' Gets a list of available reports for a specified group or agent.' - description: ' Gets a list of available reports for a specified group or agent.' + summary: 'List available reports' + description: 'Returns a list of available reports for the specified group or agent, optionally filtered by date range. Use this endpoint to discover which reports have been run and are available to view.' operationId: GetAvailableReports_Get parameters: - name: DeviceFilter @@ -16193,8 +16193,8 @@ paths: post: tags: - availableReports - summary: ' Gets a list of available reports for a specified group or agent.' - description: ' Gets a list of available reports for a specified group or agent.' + summary: 'List available reports' + description: 'Submits a request to retrieve available reports for the specified group or agent. Provide the DeviceFilter and optional date range in the request body.' operationId: GetAvailableReports_Post requestBody: content: @@ -16218,7 +16218,7 @@ paths: tags: - userDashboard summary: Gets the user dashboard widget layout. - description: Gets the user dashboard widget layout. + description: Returns the saved dashboard widget layout for the authenticated user, identified by dashboard ID. Use this endpoint to restore a user's previously configured dashboard arrangement. operationId: GetUserDashboard_Get parameters: - name: Id @@ -16246,7 +16246,7 @@ paths: tags: - userDashboard summary: Gets the user dashboard widget layout. - description: Gets the user dashboard widget layout. + description: Submits a request to retrieve the user's dashboard widget layout by ID. Provide the dashboard Id in the request body. operationId: GetUserDashboard_Post requestBody: content: @@ -16269,8 +16269,8 @@ paths: get: tags: - userDashboard - summary: Gets the user dashboard widget layout by name. - description: Gets the user dashboard widget layout by name. + summary: Get dashboard widget layout by name + description: Returns the saved dashboard widget layout for the authenticated user, looked up by dashboard name. Use this endpoint when the dashboard name is known but the ID is not. operationId: GetUserDashboardByNamenamed_Get parameters: - name: Name @@ -16297,8 +16297,8 @@ paths: post: tags: - userDashboard - summary: Gets the user dashboard widget layout by name. - description: Gets the user dashboard widget layout by name. + summary: Get dashboard widget layout by name + description: Submits a request to retrieve the user's dashboard widget layout by name. Provide the dashboard Name in the request body. operationId: GetUserDashboardByNamenamed_Post requestBody: content: @@ -16322,7 +16322,7 @@ paths: tags: - userDashboard summary: Stores the user dashboard widget layout. - description: Stores the user dashboard widget layout. + description: Saves the user's dashboard widget layout, including the dashboard name and widget positions. If an ID is supplied the existing layout is updated; otherwise a new layout is created. Returns the saved layout details. operationId: SaveUserDashboardsave_Get parameters: - name: Id @@ -16363,7 +16363,7 @@ paths: tags: - userDashboard summary: Stores the user dashboard widget layout. - description: Stores the user dashboard widget layout. + description: Submits a request to save the user's dashboard widget layout. Provide the dashboard ID, name, and widget list in the request body. operationId: SaveUserDashboardsave_Post requestBody: content: @@ -16387,7 +16387,7 @@ paths: tags: - userDashboard summary: Deletes the user dashboard widget layout. - description: Deletes the user dashboard widget layout. + description: Deletes the saved dashboard widget layout identified by the given ID. This removes the layout permanently and cannot be undone. operationId: DeleteUserDashboarddelete_Get parameters: - name: Id @@ -16413,7 +16413,7 @@ paths: tags: - userDashboard summary: Deletes the user dashboard widget layout. - description: Deletes the user dashboard widget layout. + description: Submits a request to delete the specified dashboard widget layout. Provide the dashboard Id in the request body. operationId: DeleteUserDashboarddelete_Post requestBody: content: @@ -16435,7 +16435,7 @@ paths: tags: - userSettings summary: Gets the user settings and selections. - description: Gets the user settings and selections. + description: Returns the saved settings and preferences for the authenticated user, including default dashboard, theme, and welcome popup preferences. operationId: GetUserSettings_Get parameters: - name: Version @@ -16458,7 +16458,7 @@ paths: tags: - userSettings summary: Gets the user settings and selections. - description: Gets the user settings and selections. + description: Submits a request to retrieve the authenticated user's settings and preferences. operationId: GetUserSettings_Post requestBody: content: @@ -16482,7 +16482,7 @@ paths: tags: - userSettings summary: Stores the user settings and selections. - description: Stores the user settings and selections. + description: Saves the authenticated user's settings and preferences, including the default dashboard ID, theme, and whether to skip the welcome wizard on next login. operationId: SaveUserSettingssave_Get parameters: - name: DashboardId @@ -16520,7 +16520,7 @@ paths: tags: - userSettings summary: Stores the user settings and selections. - description: Stores the user settings and selections. + description: Submits a request to save the authenticated user's settings and preferences. Provide the DashboardId, ThemeId, and HideWelcomePopup flag in the request body. operationId: SaveUserSettingssave_Post requestBody: content: @@ -16544,7 +16544,7 @@ paths: tags: - dashboard summary: Gets the dashboard widgets. - description: Gets the dashboard widgets. + description: Returns the available dashboard widget templates that users can add to their dashboard layouts. Use this endpoint to populate the widget picker in the user interface. operationId: GetDashboardWidgetswidgetTemplates_Get parameters: - name: Version @@ -16567,7 +16567,7 @@ paths: tags: - dashboard summary: Gets the dashboard widgets. - description: Gets the dashboard widgets. + description: Submits a request to retrieve the available dashboard widget templates. Returns the same data as the GET variant. operationId: GetDashboardWidgetswidgetTemplates_Post requestBody: content: @@ -16591,7 +16591,7 @@ paths: tags: - stats summary: Stats Service - description: Stats Service + description: Returns planned change records for the specified time period in hours. Use the CountOnly, Skip, Take, Sort, and GenericFilters parameters to control pagination and filtering of results. operationId: GetCurrentPlannedChangesplannedChangeshoursPeriodHours_Get parameters: - name: CountOnly @@ -16654,7 +16654,7 @@ paths: tags: - stats summary: Stats Service - description: Stats Service + description: Submits a request to retrieve planned change records for the specified time period in hours. Use the request body to supply pagination, sorting, and filtering parameters. operationId: GetCurrentPlannedChangesplannedChangeshoursPeriodHours_Post requestBody: content: @@ -16677,8 +16677,8 @@ paths: get: tags: - stats - summary: 'Get report summaries by report, for either individual devices, or as group average.' - description: 'Get report summaries by report, for either individual devices, or as group average.' + summary: 'Get device or group report summaries' + description: 'Returns compliance data report summaries grouped by report, starting from the specified date. Results can represent either individual device data or a group average, depending on the ReportItemId supplied.' operationId: GetComplianceDatacompliancedatastartStart_Get parameters: - name: ReportItemId @@ -16746,8 +16746,8 @@ paths: post: tags: - stats - summary: 'Get report summaries by report, for either individual devices, or as group average.' - description: 'Get report summaries by report, for either individual devices, or as group average.' + summary: 'Get device or group report summaries' + description: 'Submits a request to retrieve compliance data report summaries starting from the specified date. Results can represent either individual device data or a group average, depending on the ReportItemId supplied in the request body.' operationId: GetComplianceDatacompliancedatastartStart_Post requestBody: content: @@ -16770,8 +16770,8 @@ paths: get: tags: - stats - summary: 'Get report summaries by report, for either individual devices, or as group average.' - description: 'Get report summaries by report, for either individual devices, or as group average.' + summary: 'Get device or group report summaries' + description: 'Returns compliance data report summaries grouped by report, up to the specified end date. Results can represent either individual device data or a group average, depending on the ReportItemId supplied.' operationId: GetComplianceDatacompliancedataendEnd_Get parameters: - name: ReportItemId @@ -16839,8 +16839,8 @@ paths: post: tags: - stats - summary: 'Get report summaries by report, for either individual devices, or as group average.' - description: 'Get report summaries by report, for either individual devices, or as group average.' + summary: 'Get device or group report summaries' + description: 'Submits a request to retrieve compliance data report summaries up to the specified end date. Results can represent either individual device data or a group average, depending on the ReportItemId supplied in the request body.' operationId: GetComplianceDatacompliancedataendEnd_Post requestBody: content: @@ -16863,8 +16863,8 @@ paths: get: tags: - stats - summary: 'Get report summaries by report, for either individual devices, or as group average.' - description: 'Get report summaries by report, for either individual devices, or as group average.' + summary: 'Get device or group report summaries' + description: 'Returns compliance data report summaries grouped by report for the specified date range. Results can represent either individual device data or a group average, depending on the ReportItemId supplied.' operationId: GetComplianceDatacompliancedatastartStartendEnd_Get parameters: - name: ReportItemId @@ -16932,8 +16932,8 @@ paths: post: tags: - stats - summary: 'Get report summaries by report, for either individual devices, or as group average.' - description: 'Get report summaries by report, for either individual devices, or as group average.' + summary: 'Get device or group report summaries' + description: 'Submits a request to retrieve compliance data report summaries for the specified date range. Results can represent either individual device data or a group average, depending on the ReportItemId supplied in the request body.' operationId: GetComplianceDatacompliancedatastartStartendEnd_Post requestBody: content: @@ -16956,8 +16956,8 @@ paths: get: tags: - stats - summary: Represents a request to invalidate the eventcount stats for a group for a specific set of periods. - description: Represents a request to invalidate the eventcount stats for a group for a specific set of periods. + summary: Invalidate group event count stats + description: Invalidates the cached event count statistics for a group for a specific set of time periods. Use this endpoint to force the hub to recalculate event count stats for the target group. operationId: InvalidateEventCountseventsinvalidate_Get parameters: - name: Version @@ -16977,8 +16977,8 @@ paths: post: tags: - stats - summary: Represents a request to invalidate the eventcount stats for a group for a specific set of periods. - description: Represents a request to invalidate the eventcount stats for a group for a specific set of periods. + summary: Invalidate group event count stats + description: Submits a request to invalidate the cached event count statistics for a group for a specific set of time periods. Supply the group and period details in the request body. operationId: InvalidateEventCountseventsinvalidate_Post requestBody: content: @@ -17000,7 +17000,7 @@ paths: tags: - testSmtpConnection summary: Tests the specified SMTP details. - description: Tests the specified SMTP details. + description: Tests the specified SMTP server connection details and returns a status indicating whether the connection was successful. Use this endpoint to validate SMTP configuration before saving. operationId: TestSmtpConnection_Get parameters: - name: Version @@ -17023,7 +17023,7 @@ paths: tags: - testSmtpConnection summary: Tests the specified SMTP details. - description: Tests the specified SMTP details. + description: Submits SMTP connection details in the request body and tests whether the server can be reached. Returns a status response indicating the result of the connection attempt. operationId: TestSmtpConnection_Post requestBody: content: @@ -17046,8 +17046,8 @@ paths: get: tags: - testFastConnection - summary: Tests the configured Fast service can be contacted. - description: Tests the configured Fast service can be contacted. + summary: Test Fast service connection + description: Tests whether the configured Fast service endpoint can be contacted and returns a status response. Use this endpoint to verify Fast service connectivity before relying on it for operations. operationId: TestFastConnection_Get parameters: - name: Version @@ -17069,8 +17069,8 @@ paths: post: tags: - testFastConnection - summary: Tests the configured Fast service can be contacted. - description: Tests the configured Fast service can be contacted. + summary: Test Fast service connection + description: Submits a request to test whether the configured Fast service endpoint can be contacted. Returns a status response indicating whether the connection attempt succeeded. operationId: TestFastConnection_Post requestBody: content: @@ -17093,8 +17093,8 @@ paths: get: tags: - testFastCustomerConnection - summary: Tests the configured Fast service can be contacted using customer credentials. - description: Tests the configured Fast service can be contacted using customer credentials. + summary: Test Fast service with credentials + description: Tests whether the configured Fast service can be contacted using customer-specific credentials. Returns a status response indicating whether the authenticated connection attempt succeeded. operationId: TestFastCustomerConnection_Get parameters: - name: Version @@ -17116,8 +17116,8 @@ paths: post: tags: - testFastCustomerConnection - summary: Tests the configured Fast service can be contacted using customer credentials. - description: Tests the configured Fast service can be contacted using customer credentials. + summary: Test Fast service with credentials + description: Submits a request to test whether the configured Fast service can be contacted using customer-specific credentials. Returns a status response indicating whether the authenticated connection attempt succeeded. operationId: TestFastCustomerConnection_Post requestBody: content: @@ -17141,7 +17141,7 @@ paths: tags: - testSyslogConnection summary: Tests the specified SysLog details. - description: Tests the specified SysLog details. + description: Tests the specified Syslog server connection details and returns a status indicating whether the connection was successful. Use this endpoint to validate Syslog configuration before saving. operationId: TestSyslogConnection_Get parameters: - name: Version @@ -17164,7 +17164,7 @@ paths: tags: - testSyslogConnection summary: Tests the specified SysLog details. - description: Tests the specified SysLog details. + description: Submits Syslog connection details in the request body and tests whether the server can be reached. Returns a status response indicating the result of the connection attempt. operationId: TestSyslogConnection_Post requestBody: content: @@ -17188,7 +17188,7 @@ paths: tags: - testServiceNowConnection summary: Tests the specified ServiceNow details. - description: Tests the specified ServiceNow details. + description: Tests the specified ServiceNow integration connection details and returns a status indicating whether the connection was successful. Use this endpoint to validate ServiceNow configuration before saving. operationId: TestServiceNowConnection_Get parameters: - name: Version @@ -17211,7 +17211,7 @@ paths: tags: - testServiceNowConnection summary: Tests the specified ServiceNow details. - description: Tests the specified ServiceNow details. + description: Submits ServiceNow integration connection details in the request body and tests whether the endpoint can be reached. Returns a status response indicating the result of the connection attempt. operationId: TestServiceNowConnection_Post requestBody: content: @@ -17235,7 +17235,7 @@ paths: tags: - testAuditorConnection summary: Tests the specified Auditor details. - description: Tests the specified Auditor details. + description: Tests the specified Auditor integration connection details and returns a status indicating whether the connection was successful. Use this endpoint to validate Auditor configuration before saving. operationId: TestAuditorConnection_Get parameters: - name: Version @@ -17258,7 +17258,7 @@ paths: tags: - testAuditorConnection summary: Tests the specified Auditor details. - description: Tests the specified Auditor details. + description: Submits Auditor integration connection details in the request body and tests whether the endpoint can be reached. Returns a status response indicating the result of the connection attempt. operationId: TestAuditorConnection_Post requestBody: content: @@ -17281,8 +17281,8 @@ paths: get: tags: - pipelineNodes - summary: Gets a list of pipeline node names. - description: Gets a list of pipeline node names. + summary: Lists pipeline node names. + description: Returns a list of all pipeline node names registered in the system. Use this endpoint to discover available pipeline nodes for configuration or routing purposes. operationId: GetPipelineNodeList_Get parameters: - name: Version @@ -17307,8 +17307,8 @@ paths: post: tags: - pipelineNodes - summary: Gets a list of pipeline node names. - description: Gets a list of pipeline node names. + summary: Lists pipeline node names. + description: Submits a request to retrieve all pipeline node names registered in the system. Returns a list of node name strings. operationId: GetPipelineNodeList_Post requestBody: content: @@ -17335,7 +17335,7 @@ paths: tags: - users summary: Add a user. - description: Add a user. + description: Creates a new user account in the system and returns the new user's details. Supply the required user properties as query parameters. operationId: AddUseradd_Get parameters: - name: Version @@ -17358,7 +17358,7 @@ paths: tags: - users summary: Add a user. - description: Add a user. + description: Creates a new user account in the system and returns the new user's details. Supply the required user properties in the request body. operationId: AddUseradd_Post requestBody: content: @@ -17381,8 +17381,8 @@ paths: post: tags: - users - summary: Represents a pre-authentication request to query the user's Two-factor authentication status. Counts as a sign-in attempt. - description: Represents a pre-authentication request to query the user's Two-factor authentication status. Counts as a sign-in attempt. + summary: Query user two-factor status + description: Queries the two-factor authentication (2FA) status for a user as a pre-authentication step. This call counts as a sign-in attempt, so repeated failures may trigger account lockout policies. operationId: GetUserTwoFactorStatustwoFactorStatus_Post requestBody: content: @@ -17403,8 +17403,8 @@ paths: post: tags: - users - summary: Represents a post-authentication request to elevate the user's Two-factor authentication status. Counts as a sign-in attempt. - description: Represents a post-authentication request to elevate the user's Two-factor authentication status. Counts as a sign-in attempt. + summary: Elevate user two-factor status + description: Elevates the two-factor authentication (2FA) status for a user after they have already authenticated. This post-authentication step counts as a sign-in attempt and returns an updated authentication response on success. operationId: ElevateUserTwoFactorStatuselevateTwoFactorStatus_Post requestBody: content: @@ -17428,7 +17428,7 @@ paths: tags: - users summary: Validates a user password. - description: Validates a user password. + description: Validates the supplied password for the specified user. Returns 204 No Content on success; use this endpoint to verify password correctness without performing a full authentication. operationId: ValidateUserPasswordvalidatePassword_Get parameters: - name: Version @@ -17447,7 +17447,7 @@ paths: tags: - users summary: Validates a user password. - description: Validates a user password. + description: Submits a user password in the request body for validation. Returns 204 No Content on success, indicating the password is correct for the specified user. operationId: ValidateUserPasswordvalidatePassword_Post requestBody: content: @@ -17467,7 +17467,7 @@ paths: tags: - users summary: Delete a user. - description: Delete a user. + description: Permanently deletes the specified user account from the system. Returns 204 No Content on success. This action cannot be undone. operationId: DeleteUserdelete_Get parameters: - name: Version @@ -17488,7 +17488,7 @@ paths: tags: - users summary: Delete a user. - description: Delete a user. + description: Submits a request to permanently delete the specified user account from the system. Returns 204 No Content on success. This action cannot be undone. operationId: DeleteUserdelete_Post requestBody: content: @@ -17510,7 +17510,7 @@ paths: tags: - users summary: Get a user's details. - description: Get a user's details. + description: Returns the full details for the specified user account. Use this endpoint to retrieve profile and configuration information for a given username. operationId: GetUserUserName_Get parameters: - name: Version @@ -17533,7 +17533,7 @@ paths: tags: - users summary: Get a user's details. - description: Get a user's details. + description: Submits a request to retrieve the full details for the specified user account. Returns profile and configuration information for the given username. operationId: GetUserUserName_Post requestBody: content: @@ -17556,8 +17556,8 @@ paths: get: tags: - users - summary: Updates stored user details. Note that UserManage permissions are required to manage any user other than the caller. - description: Updates stored user details. Note that UserManage permissions are required to manage any user other than the caller. + summary: Update stored user details + description: Updates the stored details for the specified user account. UserManage permissions are required to modify any user account other than the caller's own. operationId: UpdateUserupdate_Get parameters: - name: Version @@ -17577,8 +17577,8 @@ paths: post: tags: - users - summary: Updates stored user details. Note that UserManage permissions are required to manage any user other than the caller. - description: Updates stored user details. Note that UserManage permissions are required to manage any user other than the caller. + summary: Update stored user details + description: Submits updated details for the specified user account in the request body. UserManage permissions are required to modify any user account other than the caller's own. operationId: UpdateUserupdate_Post requestBody: content: @@ -17599,8 +17599,8 @@ paths: get: tags: - users - summary: Updates stored user password. CurrentPassword property should contain the password of the user attempting to make the change. Note that UserManage permissions are required to manage any user password other than caller's. - description: Updates stored user password. CurrentPassword property should contain the password of the user attempting to make the change. Note that UserManage permissions are required to manage any user password other than caller's. + summary: Update user password + description: Updates the stored password for the specified user. The CurrentPassword field must contain the password of the user making the request. UserManage permissions are required to change the password of any user other than the caller. operationId: UpdateUserPasswordupdatePassword_Get parameters: - name: Version @@ -17620,8 +17620,8 @@ paths: post: tags: - users - summary: Updates stored user password. CurrentPassword property should contain the password of the user attempting to make the change. Note that UserManage permissions are required to manage any user password other than caller's. - description: Updates stored user password. CurrentPassword property should contain the password of the user attempting to make the change. Note that UserManage permissions are required to manage any user password other than caller's. + summary: Update user password + description: Submits a password update request in the request body. The CurrentPassword field must contain the password of the user making the request. UserManage permissions are required to change the password of any user other than the caller. operationId: UpdateUserPasswordupdatePassword_Post requestBody: content: @@ -17642,8 +17642,8 @@ paths: get: tags: - users - summary: Resets a user. Note that UserManage permissions are required to manage any user other than the caller. - description: Resets a user. Note that UserManage permissions are required to manage any user other than the caller. + summary: Reset user + description: Resets the specified user account to a default state. UserManage permissions are required to reset any user account other than the caller's own. operationId: ResetUserreset_Get parameters: - name: Version @@ -17663,8 +17663,8 @@ paths: post: tags: - users - summary: Resets a user. Note that UserManage permissions are required to manage any user other than the caller. - description: Resets a user. Note that UserManage permissions are required to manage any user other than the caller. + summary: Reset user + description: Submits a request to reset the specified user account to a default state. UserManage permissions are required to reset any user account other than the caller's own. operationId: ResetUserreset_Post requestBody: content: @@ -17685,8 +17685,8 @@ paths: get: tags: - users - summary: Resets a user password. Note that this operation is intended to manage any user other than the caller. - description: Resets a user password. Note that this operation is intended to manage any user other than the caller. + summary: Reset user password + description: Resets the password for the specified user and returns the new temporary password in the response. This operation is intended for administrators managing other users and requires UserManage permissions. operationId: ResetUserPasswordresetPassword_Get parameters: - name: Version @@ -17708,8 +17708,8 @@ paths: post: tags: - users - summary: Resets a user password. Note that this operation is intended to manage any user other than the caller. - description: Resets a user password. Note that this operation is intended to manage any user other than the caller. + summary: Reset user password + description: Submits a request to reset the password for the specified user and returns the new temporary password in the response. This operation is intended for administrators managing other users and requires UserManage permissions. operationId: ResetUserPasswordresetPassword_Post requestBody: content: @@ -17732,8 +17732,8 @@ paths: post: tags: - users - summary: Generates a reset password for preview without applying it. Pass the returned PreviewToken to resetPassword to apply it. - description: Generates a reset password for preview without applying it. Pass the returned PreviewToken to resetPassword to apply it. + summary: Generate preview reset password + description: Generates a preview of the reset password without applying the change. Returns a PreviewToken that you can pass to the resetPassword endpoint to commit the password reset when ready. operationId: PreviewResetUserPasswordpreviewResetPassword_Post requestBody: content: @@ -17756,8 +17756,8 @@ paths: get: tags: - users - summary: Resets a user's 2FA . Note that UserManage permissions are required to manage any user other than the caller. - description: Resets a user's 2FA . Note that UserManage permissions are required to manage any user other than the caller. + summary: Reset user 2FA + description: Resets the two-factor authentication (2FA) configuration for the specified user, requiring them to re-enroll. UserManage permissions are required to reset 2FA for any user other than the caller. operationId: ResetUser2fareset2fa_Get parameters: - name: Version @@ -17777,8 +17777,8 @@ paths: post: tags: - users - summary: Resets a user's 2FA . Note that UserManage permissions are required to manage any user other than the caller. - description: Resets a user's 2FA . Note that UserManage permissions are required to manage any user other than the caller. + summary: Reset user 2FA + description: Submits a request to reset the two-factor authentication (2FA) configuration for the specified user. UserManage permissions are required to reset 2FA for any user other than the caller. operationId: ResetUser2fareset2fa_Post requestBody: content: @@ -17799,8 +17799,8 @@ paths: get: tags: - exportUserNotifications - summary: Export users and the notifications they are configured to receive - description: Export users and the notifications they are configured to receive + summary: Export user notifications + description: Exports a list of users along with the notification configurations assigned to each user. Use this endpoint to audit or back up notification settings across the system. operationId: ExportUserNotifications_Get parameters: - name: Version @@ -17822,8 +17822,8 @@ paths: post: tags: - exportUserNotifications - summary: Export users and the notifications they are configured to receive - description: Export users and the notifications they are configured to receive + summary: Export user notifications + description: Submits a request to export users and their configured notification settings. Returns the export data in the response body. operationId: ExportUserNotifications_Post requestBody: content: @@ -17846,8 +17846,8 @@ paths: get: tags: - timezones - summary: Gets a list of possible time zone names. - description: Gets a list of possible time zone names. + summary: List time zone names + description: Returns a list of all supported time zone names and their details. Use this endpoint to populate time zone selection options in your application. operationId: GetTimeZoneIds_Get parameters: - name: Version @@ -17872,8 +17872,8 @@ paths: post: tags: - timezones - summary: Gets a list of possible time zone names. - description: Gets a list of possible time zone names. + summary: List time zone names + description: Submits a request to retrieve all supported time zone names and their details. Returns a list of TimeZoneDetail objects. operationId: GetTimeZoneIds_Post requestBody: content: @@ -17899,8 +17899,8 @@ paths: get: tags: - userHasChangedPassword - summary: Has the current user changed their password from any system assigned one? - description: Has the current user changed their password from any system assigned one? + summary: Check if user changed password + description: Returns a boolean indicating whether the current user has changed their password from any system-assigned value. Use this endpoint to enforce first-login password change policies. operationId: UserHasChangedPassword_Get parameters: - name: Version @@ -17923,8 +17923,8 @@ paths: post: tags: - userHasChangedPassword - summary: Has the current user changed their password from any system assigned one? - description: Has the current user changed their password from any system assigned one? + summary: Check if user changed password + description: Submits a request to check whether the current user has changed their password from any system-assigned value. Returns a boolean result. operationId: UserHasChangedPassword_Post requestBody: content: @@ -17948,8 +17948,8 @@ paths: get: tags: - groupAlerts - summary: Add a group alert to a user. - description: Add a group alert to a user. + summary: Add group alert to user + description: Adds a group alert notification to the specified user and returns the updated user details. Use this endpoint to configure which group change events a user receives alerts for. operationId: AddGroupAlertToUseradd_Get parameters: - name: Version @@ -17971,8 +17971,8 @@ paths: post: tags: - groupAlerts - summary: Add a group alert to a user. - description: Add a group alert to a user. + summary: Add group alert to user + description: Submits a request to add a group alert notification to the specified user. Returns the updated user details on success. operationId: AddGroupAlertToUseradd_Post requestBody: content: @@ -17995,8 +17995,8 @@ paths: get: tags: - groupAlerts - summary: Remove a group notification from a user - description: Remove a group notification from a user + summary: Remove group notification from user + description: Removes the specified group alert notification from a user. Provide the UserName and the alert Id to identify which notification to remove. operationId: DeleteGroupAlertFromUserdelete_Get parameters: - name: UserName @@ -18026,8 +18026,8 @@ paths: post: tags: - groupAlerts - summary: Remove a group notification from a user - description: Remove a group notification from a user + summary: Remove group notification from user + description: Submits a request to remove the specified group alert notification from a user. Provide the UserName and alert Id in the request body to identify which notification to remove. operationId: DeleteGroupAlertFromUserdelete_Post requestBody: content: @@ -18048,8 +18048,8 @@ paths: get: tags: - groupAlerts - summary: Update a group notification from a user - description: Update a group notification from a user + summary: Update group notification for user + description: Updates the settings for an existing group alert notification assigned to a user. Returns 204 No Content on success. operationId: UpdateGroupAlertForUserupdate_Get parameters: - name: Version @@ -18069,8 +18069,8 @@ paths: post: tags: - groupAlerts - summary: Update a group notification from a user - description: Update a group notification from a user + summary: Update group notification for user + description: Submits updated settings for an existing group alert notification assigned to a user. Returns 204 No Content on success. operationId: UpdateGroupAlertForUserupdate_Post requestBody: content: @@ -18091,8 +18091,8 @@ paths: get: tags: - groupAlerts - summary: Get the configured notifications for the specified group. - description: Get the configured notifications for the specified group. + summary: Get notifications for group + description: Returns all configured alert notifications for the specified group. Use this endpoint to review which users and notification channels are set up for a group. operationId: GetGroupAlertsForGroup_Get parameters: - name: Version @@ -18117,8 +18117,8 @@ paths: post: tags: - groupAlerts - summary: Get the configured notifications for the specified group. - description: Get the configured notifications for the specified group. + summary: Get notifications for group + description: Submits a request to retrieve all configured alert notifications for the specified group. Returns a list of GroupAlert objects. operationId: GetGroupAlertsForGroup_Post requestBody: content: @@ -18145,7 +18145,7 @@ paths: tags: - users summary: Get a list of user names. - description: Get a list of user names. + description: Returns a list of all user accounts in the system, including their details. Use this endpoint to enumerate users for administrative or reporting purposes. operationId: GetUserList_Get parameters: - name: Version @@ -18171,7 +18171,7 @@ paths: tags: - users summary: Get a list of user names. - description: Get a list of user names. + description: Submits a request to retrieve all user accounts and their details. Returns a list of UserDetails objects. operationId: GetUserList_Post requestBody: content: @@ -18197,8 +18197,8 @@ paths: get: tags: - resetAdminPassword - summary: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' - description: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' + summary: 'Reset admin account password' + description: 'Resets the admin account password and returns a new temporary password in the response. This endpoint can only be called from the local hub console and is intended for emergency account recovery.' operationId: ResetAdminPassword_Get parameters: - name: Version @@ -18218,8 +18218,8 @@ paths: post: tags: - resetAdminPassword - summary: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' - description: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' + summary: 'Reset admin account password' + description: 'Submits a request to reset the admin account password and returns a new temporary password in the response. This endpoint can only be called from the local hub console and is intended for emergency account recovery.' operationId: ResetAdminPassword_Post requestBody: content: @@ -18240,8 +18240,8 @@ paths: get: tags: - resetAdminPassword - summary: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' - description: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' + summary: 'Reset admin account password' + description: 'Resets the password for the specified admin account by name and returns a new temporary password in the response. This endpoint can only be called from the local hub console.' operationId: ResetAdminPasswordAdminName_Get parameters: - name: Version @@ -18261,8 +18261,8 @@ paths: post: tags: - resetAdminPassword - summary: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' - description: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' + summary: 'Reset admin account password' + description: 'Submits a request to reset the password for the specified admin account by name. Returns a new temporary password in the response. This endpoint can only be called from the local hub console.' operationId: ResetAdminPasswordAdminName_Post requestBody: content: @@ -18283,8 +18283,8 @@ paths: get: tags: - resetAdminPassword - summary: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' - description: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' + summary: 'Reset admin account password' + description: 'Resets the password for the specified admin account within the given organization and returns a new temporary password in the response. This endpoint can only be called from the local hub console.' operationId: ResetAdminPasswordOrganizationIdAdminName_Get parameters: - name: Version @@ -18304,8 +18304,8 @@ paths: post: tags: - resetAdminPassword - summary: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' - description: 'Resets the admin (or named account) password, returning a new temporary password in the response. Can only be called from the local hub console.' + summary: 'Reset admin account password' + description: 'Submits a request to reset the password for the specified admin account within the given organization. Returns a new temporary password in the response. This endpoint can only be called from the local hub console.' operationId: ResetAdminPasswordOrganizationIdAdminName_Post requestBody: content: @@ -18326,8 +18326,8 @@ paths: get: tags: - userRoles - summary: Get a list of user roles defined in the system. - description: Get a list of user roles defined in the system. + summary: List user roles + description: Returns a list of all user roles defined in the system, including built-in and custom roles. Use this endpoint to enumerate available roles for assignment or display. operationId: GetUserRoles_Get parameters: - name: Version @@ -18349,8 +18349,8 @@ paths: post: tags: - userRoles - summary: Get a list of user roles defined in the system. - description: Get a list of user roles defined in the system. + summary: List user roles + description: Submits a request to retrieve all user roles defined in the system. Returns a GetUserRolesResponse containing the available roles. operationId: GetUserRoles_Post requestBody: content: @@ -18373,8 +18373,8 @@ paths: get: tags: - permissions - summary: Gets a list of permissions names defined in the system. - description: Gets a list of permissions names defined in the system. + summary: List permission names + description: Returns a list of all permission names defined in the system. Use this endpoint to discover available permissions when creating or updating user roles. operationId: GetPermissions_Get parameters: - name: Version @@ -18399,8 +18399,8 @@ paths: post: tags: - permissions - summary: Gets a list of permissions names defined in the system. - description: Gets a list of permissions names defined in the system. + summary: List permission names + description: Submits a request to retrieve all permission names defined in the system. Returns an array of permission name strings. operationId: GetPermissions_Post requestBody: content: @@ -18427,7 +18427,7 @@ paths: tags: - userRoles summary: Adds a custom user role - description: Adds a custom user role + description: Creates a new custom user role with the specified name, display name, permissions, and read-only flag. Returns the created role details. The Name defaults to DisplayName if not supplied. operationId: AddUserRoleadd_Get parameters: - name: Name @@ -18481,7 +18481,7 @@ paths: tags: - userRoles summary: Adds a custom user role - description: Adds a custom user role + description: Submits a request to create a new custom user role with the specified properties. Returns the created role details on success. operationId: AddUserRoleadd_Post requestBody: content: @@ -18505,7 +18505,7 @@ paths: tags: - userRoles summary: Update a user role - description: Update a user role + description: Updates the display name, external name, and associated permissions for the specified user role. Identify the role by its internal Name and supply the updated fields as query parameters. operationId: UpdateUserRoleupdate_Get parameters: - name: Name @@ -18554,7 +18554,7 @@ paths: tags: - userRoles summary: Update a user role - description: Update a user role + description: Submits updated properties for the specified user role in the request body. Returns the updated role details on success. operationId: UpdateUserRoleupdate_Post requestBody: content: @@ -18578,7 +18578,7 @@ paths: tags: - userRoles summary: Clone an existing user role. - description: Clone an existing user role. + description: Creates a copy of an existing user role with a new name, preserving all permissions from the source role. Returns the cloned role details on success. operationId: CloneUserRoleclone_Get parameters: - name: Version @@ -18601,7 +18601,7 @@ paths: tags: - userRoles summary: Clone an existing user role. - description: Clone an existing user role. + description: Submits a request to create a copy of an existing user role, preserving all permissions from the source role. Returns the cloned role details on success. operationId: CloneUserRoleclone_Post requestBody: content: @@ -18625,7 +18625,7 @@ paths: tags: - userRoles summary: Delete a user role. - description: Delete a user role. + description: Permanently deletes the user role identified by its internal name. Returns 204 No Content on success. Built-in roles cannot be deleted. operationId: DeleteUserRoledelete_Get parameters: - name: Name @@ -18652,7 +18652,7 @@ paths: tags: - userRoles summary: Delete a user role. - description: Delete a user role. + description: Submits a request to permanently delete the user role identified by its internal name. Returns 204 No Content on success. operationId: DeleteUserRoledelete_Post requestBody: content: @@ -18673,8 +18673,8 @@ paths: get: tags: - licenseInfo - summary: Represents a request to get an Organization's license info. - description: Represents a request to get an Organization's license info. + summary: Get organization license info + description: Returns the current license information for the organization, including license type, expiry, and entitlement details. Use this endpoint to check the active license status. operationId: GetLicenseInfo_Get parameters: - name: Version @@ -18696,8 +18696,8 @@ paths: post: tags: - licenseInfo - summary: Represents a request to get an Organization's license info. - description: Represents a request to get an Organization's license info. + summary: Get organization license info + description: Submits a request to retrieve the current license information for the organization. Returns a GetLicenseInfoResponse containing license type, expiry, and entitlement details. operationId: GetLicenseInfo_Post requestBody: content: @@ -18720,8 +18720,8 @@ paths: get: tags: - organization - summary: 'Represents a request to update an Organization, used to set the license.' - description: 'Represents a request to update an Organization, used to set the license.' + summary: 'Update organization license' + description: 'Updates the organization configuration, primarily used to apply a new license key. Optionally set AllowInvalidLicense to true to permit applying a license that would otherwise fail validation.' operationId: UpdateOrganizationupdate_Get parameters: - name: License @@ -18752,8 +18752,8 @@ paths: post: tags: - organization - summary: 'Represents a request to update an Organization, used to set the license.' - description: 'Represents a request to update an Organization, used to set the license.' + summary: 'Update organization license' + description: 'Submits a request to update the organization configuration, primarily used to apply a new license key. Supply the License and optional AllowInvalidLicense fields in the request body.' operationId: UpdateOrganizationupdate_Post requestBody: content: @@ -18774,8 +18774,8 @@ paths: get: tags: - userRolesPermisions - summary: 'Checks whether the caller, or the named user if supplied, has the specified roles and permissions.' - description: 'Checks whether the caller, or the named user if supplied, has the specified roles and permissions.' + summary: 'Check user roles and permissions' + description: 'Returns a boolean indicating whether the caller, or the named user if supplied, holds the specified roles and permissions. Use this endpoint to perform authorization checks before granting access to operations.' operationId: HasRoleOrPermissioncheck_Get parameters: - name: Version @@ -18798,8 +18798,8 @@ paths: post: tags: - userRolesPermisions - summary: 'Checks whether the caller, or the named user if supplied, has the specified roles and permissions.' - description: 'Checks whether the caller, or the named user if supplied, has the specified roles and permissions.' + summary: 'Check user roles and permissions' + description: 'Submits a request to check whether the caller, or the named user if supplied, holds the specified roles and permissions. Returns a boolean result.' operationId: HasRoleOrPermissioncheck_Post requestBody: content: @@ -18823,8 +18823,8 @@ paths: get: tags: - userRolesPermissions - summary: 'Checks whether the caller, or the named user if supplied, has the specified roles and permissions.' - description: 'Checks whether the caller, or the named user if supplied, has the specified roles and permissions.' + summary: 'Check user roles and permissions' + description: 'Returns a boolean indicating whether the caller, or the named user if supplied, holds the specified roles and permissions. Use this endpoint to perform authorization checks before granting access to operations.' operationId: HasRoleOrPermissioncheck2_Get parameters: - name: Version @@ -18847,8 +18847,8 @@ paths: post: tags: - userRolesPermissions - summary: 'Checks whether the caller, or the named user if supplied, has the specified roles and permissions.' - description: 'Checks whether the caller, or the named user if supplied, has the specified roles and permissions.' + summary: 'Check user roles and permissions' + description: 'Submits a request to check whether the caller, or the named user if supplied, holds the specified roles and permissions. Returns a boolean result.' operationId: HasRoleOrPermissioncheck2_Post requestBody: content: @@ -18872,8 +18872,8 @@ paths: get: tags: - userRolesPermisions - summary: 'Gets roles and permissions for the caller, or the named user if supplied.' - description: 'Gets roles and permissions for the caller, or the named user if supplied.' + summary: 'Get user roles and permissions' + description: 'Returns the full set of roles and permissions for the caller, or for the named user if supplied. Use this endpoint to retrieve authorization context for display or downstream access decisions.' operationId: GetRolesAndPermissions_Get parameters: - name: Version @@ -18895,8 +18895,8 @@ paths: post: tags: - userRolesPermisions - summary: 'Gets roles and permissions for the caller, or the named user if supplied.' - description: 'Gets roles and permissions for the caller, or the named user if supplied.' + summary: 'Get user roles and permissions' + description: 'Submits a request to retrieve the full set of roles and permissions for the caller, or the named user if supplied. Returns a GetRolesAndPermissionsResponse object.' operationId: GetRolesAndPermissions_Post requestBody: content: @@ -18919,8 +18919,8 @@ paths: get: tags: - userRolesPermissions - summary: 'Gets roles and permissions for the caller, or the named user if supplied.' - description: 'Gets roles and permissions for the caller, or the named user if supplied.' + summary: 'Get user roles and permissions' + description: 'Returns the full set of roles and permissions for the caller, or for the named user if supplied. Use this endpoint to retrieve authorization context for display or downstream access decisions.' operationId: GetRolesAndPermissions2_Get parameters: - name: Version @@ -18942,8 +18942,8 @@ paths: post: tags: - userRolesPermissions - summary: 'Gets roles and permissions for the caller, or the named user if supplied.' - description: 'Gets roles and permissions for the caller, or the named user if supplied.' + summary: 'Get user roles and permissions' + description: 'Submits a request to retrieve the full set of roles and permissions for the caller, or the named user if supplied. Returns a GetRolesAndPermissionsResponse object.' operationId: GetRolesAndPermissions2_Post requestBody: content: @@ -18967,7 +18967,7 @@ paths: tags: - auth summary: Sign In - description: Sign In + description: Authenticates a user against the specified identity provider and returns an authentication response including a bearer token. Supply credentials such as UserName and Password, or an AccessToken for OAuth-based providers. operationId: Authenticateprovider_Get parameters: - name: provider @@ -19018,7 +19018,7 @@ paths: tags: - auth summary: Sign In - description: Sign In + description: Submits authentication credentials to the specified identity provider and returns an authentication response including a bearer token. Supports username/password and OAuth token-based authentication. operationId: Authenticateprovider_Post parameters: - name: provider @@ -19078,7 +19078,7 @@ paths: tags: - auth summary: Sign In - description: Sign In + description: Authenticates a user using the default or specified identity provider and returns an authentication response including a bearer token. Supply credentials as query parameters, including provider, UserName, Password, or OAuth tokens as appropriate. operationId: Authenticate_Get parameters: - name: provider @@ -19128,7 +19128,7 @@ paths: tags: - auth summary: Sign In - description: Sign In + description: Submits authentication credentials via query parameters and request body to authenticate a user. Returns an authentication response including a bearer token on success. operationId: Authenticate_Post parameters: - name: provider