feat(bitdefender): expand GravityZone control surface + correct policy docs

Re-verified the live tenant's full API scope and wrapped the modules the key
allows but the skill didn't expose. New CLI subcommands:
- assign-policy (gated) — apply an existing policy to endpoints/groups
  (param shape policyId+targetIds verified live)
- reports, accounts, notif-settings, scan-tasks — read
- push-settings / push-stats / push-set (gated) — push event service
  (status param verified; needs a receiver URL to enable)

Corrections from live probing:
- policies are NOT shallow: getPolicyDetails returns the FULL granular config.
  Removed the false "shallow" warning; documented read+assign, console-only authoring.
- raw now gates assignPolicy + setPushEventSettings.
- documented dead modules (patchmanagement/phasr/maintenancewindows/integrations,
  incidents.getIncidentsList) and unconfigured-push handled cleanly (rc0, no errorlog).

selftest 29/29 -> 42/42, all green against the live tenant.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-21 10:02:25 -07:00
parent 1f65facb6f
commit d622a05b84
5 changed files with 417 additions and 41 deletions

View File

@@ -96,20 +96,50 @@ In `getNetworkInventoryItems` results, `type == 1` denotes a company node.
| `getInstallationLinks` | `packageName, companyId?` | VERIFIED | Returns Windows / Mac / Linux installer download URLs for a package. |
| `deletePackage` | `packageName, companyId?` | VERIFIED (destructive) | Delete a package. CLI-gated behind `--confirm`. |
## policies (`/policies`) — READ ONLY, SHALLOW
## policies (`/policies`) — FULL READ + ASSIGN (authoring is console-only)
> **Important limitation:** The Public API exposes policies only at a shallow
> level. `getPolicyDetails` returns id / name / a limited subset of settings —
> **NOT** the granular module configuration shown in the console. There is **no
> create / edit / clone** policy method in the Public API. You can: list
> policies, read their names/ids, and (via the UNVERIFIED `assignPolicy`) assign
> an existing policy to endpoints. You CANNOT author or modify policy bodies
> programmatically.
> **Corrected 2026-06-21:** the earlier "shallow only" claim was WRONG.
> `getPolicyDetails` returns the COMPLETE granular module configuration
> (general/antimalware/firewall/content-control/etc.), confirmed live on a real
> policy. You CAN: list policies, read the full config, and assign an existing
> policy to endpoints/groups (`network.assignPolicy`, param shape now verified).
> You still CANNOT **create / edit / clone** a policy body via the Public API —
> authoring stays in the GravityZone console.
| Method | Params | Status | Notes |
|---|---|---|---|
| `getPoliciesList` | `page?, perPage?` | VERIFIED | List policies (id, name). |
| `getPolicyDetails` | `policyId` | VERIFIED | Shallow detail only. Not the full config. |
| `getPolicyDetails` | `policyId` | VERIFIED | **Full** granular config (not shallow). |
| `assignPolicy` (`/network`) | `policyId, targetIds[], forcePolicyInheritance?` | VERIFIED LIVE (param shape) | Assign existing policy to endpoints/groups. Param shape confirmed via validation probe 2026-06-21. CLI `assign-policy`, gated. STATE-CHANGING. |
## reports (`/reports`) — VERIFIED LIVE
| Method | Params | Status | Notes |
|---|---|---|---|
| `getReportsList` | `page?, perPage?` | VERIFIED LIVE | List saved reports. CLI `reports`. |
| `createReport` | `name, type, targetIds, ...` | param `name` required (probed) | Not yet a dedicated CLI command — `raw` only. |
| `getDownloadLinks` | `reportId` *(candidate)* | UNVERIFIED param | Report download links. Client helper `get_report_links`. |
## accounts (`/accounts`) — VERIFIED LIVE (read)
| Method | Params | Status | Notes |
|---|---|---|---|
| `getAccountsList` | `page?, perPage?` | VERIFIED LIVE | List console accounts/users. CLI `accounts`. |
| `getNotificationsSettings` | `{}` | VERIFIED LIVE | Notification config. CLI `notif-settings`. |
| `createAccount` / `updateAccount` / `deleteAccount` | uncertain | UNVERIFIED (state-changing) | Not exposed; `raw` only after confirming shape. |
## push (`/push`) — event push service (VERIFIED reachable)
> Powers event-driven alerting (GravityZone POSTs security events to a receiver
> you specify) instead of polling `sweep`. `get`/`stats` error with "…were not
> set" until configured — that is an EXPECTED unconfigured state, handled cleanly
> by the CLI (rc0 + INFO), NOT a failure.
| Method | Params | Status | Notes |
|---|---|---|---|
| `getPushEventSettings` | `{}` | VERIFIED LIVE | Current settings. CLI `push-settings`. |
| `getPushEventStats` | `{}` | VERIFIED LIVE | Delivery stats. CLI `push-stats`. |
| `setPushEventSettings` | `status (req), serviceType, serviceSettings{url,requireValidSslCertificate,authorization}, subscribeToEventTypes?` | `status` VERIFIED (probe); nested shape UNVERIFIED | Configure the service. CLI `push-set`, gated. STATE-CHANGING. Needs a receiver URL.
## quarantine (`/quarantine`)
@@ -142,15 +172,18 @@ In `getNetworkInventoryItems` results, `type == 1` denotes a company node.
| `getCustomRulesList` | uncertain | UNVERIFIED | Not implemented. `raw` only. |
| `deleteCustomRule` | uncertain | UNVERIFIED (destructive) | Not implemented. `raw` only. |
## Other modules — raw-reachable only
## Dead / unavailable modules on this tenant (probed 2026-06-21)
The following modules are reachable via `raw --module <name>` but have no
dedicated CLI methods and no verified signatures here:
In the API-key scope but NOT usable — calls return "not available" / "method
not found". Do not build against these without a license/feature change:
- `patchmanagement`raw only. NOTE: the patchmanagement / PHASR license
features are OFF on this tenant, so these calls will not return useful data.
- `integrations` — raw only, UNVERIFIED.
- `maintenancewindows` — raw only, UNVERIFIED.
- `patchmanagement`license OFF (`managePatchManagement: false`). "not available".
- `phasr` — license/feature OFF. `getStatus` → method not found.
- `maintenancewindows``getMaintenanceWindows(List)` → "not available".
- `integrations``getPSAIntegrationList` → method not found (correct method
name unconfirmed).
- `incidents.getIncidentsList` — "Method not found" (yet `getBlocklistItems` and
the isolate tasks on the SAME module work — likely an EDR sub-feature gate).
---
@@ -169,7 +202,11 @@ quarantine.getQuarantineItemsList, incidents.getBlocklistItems,
incidents.createIsolateEndpointTask (gated),
incidents.createRestoreEndpointFromIsolationTask (gated),
incidents.addToBlocklist (gated), incidents.removeFromBlocklist (gated;
param name UNVERIFIED).
param name UNVERIFIED), network.getScanTasksList, network.assignPolicy (gated;
param shape verified 2026-06-21), reports.getReportsList, accounts.getAccountsList,
accounts.getNotificationsSettings, push.getPushEventSettings,
push.getPushEventStats, push.setPushEventSettings (gated; `status` verified,
nested shape UNVERIFIED).
> NOTE: `incidents.getIncidentsList` is wired into the CLI (`incidents`
> subcommand) but returned `Method not found` on live re-test (2026-05-30) —