feat(bitdefender): expand GravityZone control surface + correct policy docs
Re-verified the live tenant's full API scope and wrapped the modules the key allows but the skill didn't expose. New CLI subcommands: - assign-policy (gated) — apply an existing policy to endpoints/groups (param shape policyId+targetIds verified live) - reports, accounts, notif-settings, scan-tasks — read - push-settings / push-stats / push-set (gated) — push event service (status param verified; needs a receiver URL to enable) Corrections from live probing: - policies are NOT shallow: getPolicyDetails returns the FULL granular config. Removed the false "shallow" warning; documented read+assign, console-only authoring. - raw now gates assignPolicy + setPushEventSettings. - documented dead modules (patchmanagement/phasr/maintenancewindows/integrations, incidents.getIncidentsList) and unconfigured-push handled cleanly (rc0, no errorlog). selftest 29/29 -> 42/42, all green against the live tenant. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -96,20 +96,50 @@ In `getNetworkInventoryItems` results, `type == 1` denotes a company node.
|
||||
| `getInstallationLinks` | `packageName, companyId?` | VERIFIED | Returns Windows / Mac / Linux installer download URLs for a package. |
|
||||
| `deletePackage` | `packageName, companyId?` | VERIFIED (destructive) | Delete a package. CLI-gated behind `--confirm`. |
|
||||
|
||||
## policies (`/policies`) — READ ONLY, SHALLOW
|
||||
## policies (`/policies`) — FULL READ + ASSIGN (authoring is console-only)
|
||||
|
||||
> **Important limitation:** The Public API exposes policies only at a shallow
|
||||
> level. `getPolicyDetails` returns id / name / a limited subset of settings —
|
||||
> **NOT** the granular module configuration shown in the console. There is **no
|
||||
> create / edit / clone** policy method in the Public API. You can: list
|
||||
> policies, read their names/ids, and (via the UNVERIFIED `assignPolicy`) assign
|
||||
> an existing policy to endpoints. You CANNOT author or modify policy bodies
|
||||
> programmatically.
|
||||
> **Corrected 2026-06-21:** the earlier "shallow only" claim was WRONG.
|
||||
> `getPolicyDetails` returns the COMPLETE granular module configuration
|
||||
> (general/antimalware/firewall/content-control/etc.), confirmed live on a real
|
||||
> policy. You CAN: list policies, read the full config, and assign an existing
|
||||
> policy to endpoints/groups (`network.assignPolicy`, param shape now verified).
|
||||
> You still CANNOT **create / edit / clone** a policy body via the Public API —
|
||||
> authoring stays in the GravityZone console.
|
||||
|
||||
| Method | Params | Status | Notes |
|
||||
|---|---|---|---|
|
||||
| `getPoliciesList` | `page?, perPage?` | VERIFIED | List policies (id, name). |
|
||||
| `getPolicyDetails` | `policyId` | VERIFIED | Shallow detail only. Not the full config. |
|
||||
| `getPolicyDetails` | `policyId` | VERIFIED | **Full** granular config (not shallow). |
|
||||
| `assignPolicy` (`/network`) | `policyId, targetIds[], forcePolicyInheritance?` | VERIFIED LIVE (param shape) | Assign existing policy to endpoints/groups. Param shape confirmed via validation probe 2026-06-21. CLI `assign-policy`, gated. STATE-CHANGING. |
|
||||
|
||||
## reports (`/reports`) — VERIFIED LIVE
|
||||
|
||||
| Method | Params | Status | Notes |
|
||||
|---|---|---|---|
|
||||
| `getReportsList` | `page?, perPage?` | VERIFIED LIVE | List saved reports. CLI `reports`. |
|
||||
| `createReport` | `name, type, targetIds, ...` | param `name` required (probed) | Not yet a dedicated CLI command — `raw` only. |
|
||||
| `getDownloadLinks` | `reportId` *(candidate)* | UNVERIFIED param | Report download links. Client helper `get_report_links`. |
|
||||
|
||||
## accounts (`/accounts`) — VERIFIED LIVE (read)
|
||||
|
||||
| Method | Params | Status | Notes |
|
||||
|---|---|---|---|
|
||||
| `getAccountsList` | `page?, perPage?` | VERIFIED LIVE | List console accounts/users. CLI `accounts`. |
|
||||
| `getNotificationsSettings` | `{}` | VERIFIED LIVE | Notification config. CLI `notif-settings`. |
|
||||
| `createAccount` / `updateAccount` / `deleteAccount` | uncertain | UNVERIFIED (state-changing) | Not exposed; `raw` only after confirming shape. |
|
||||
|
||||
## push (`/push`) — event push service (VERIFIED reachable)
|
||||
|
||||
> Powers event-driven alerting (GravityZone POSTs security events to a receiver
|
||||
> you specify) instead of polling `sweep`. `get`/`stats` error with "…were not
|
||||
> set" until configured — that is an EXPECTED unconfigured state, handled cleanly
|
||||
> by the CLI (rc0 + INFO), NOT a failure.
|
||||
|
||||
| Method | Params | Status | Notes |
|
||||
|---|---|---|---|
|
||||
| `getPushEventSettings` | `{}` | VERIFIED LIVE | Current settings. CLI `push-settings`. |
|
||||
| `getPushEventStats` | `{}` | VERIFIED LIVE | Delivery stats. CLI `push-stats`. |
|
||||
| `setPushEventSettings` | `status (req), serviceType, serviceSettings{url,requireValidSslCertificate,authorization}, subscribeToEventTypes?` | `status` VERIFIED (probe); nested shape UNVERIFIED | Configure the service. CLI `push-set`, gated. STATE-CHANGING. Needs a receiver URL.
|
||||
|
||||
## quarantine (`/quarantine`)
|
||||
|
||||
@@ -142,15 +172,18 @@ In `getNetworkInventoryItems` results, `type == 1` denotes a company node.
|
||||
| `getCustomRulesList` | uncertain | UNVERIFIED | Not implemented. `raw` only. |
|
||||
| `deleteCustomRule` | uncertain | UNVERIFIED (destructive) | Not implemented. `raw` only. |
|
||||
|
||||
## Other modules — raw-reachable only
|
||||
## Dead / unavailable modules on this tenant (probed 2026-06-21)
|
||||
|
||||
The following modules are reachable via `raw --module <name>` but have no
|
||||
dedicated CLI methods and no verified signatures here:
|
||||
In the API-key scope but NOT usable — calls return "not available" / "method
|
||||
not found". Do not build against these without a license/feature change:
|
||||
|
||||
- `patchmanagement` — raw only. NOTE: the patchmanagement / PHASR license
|
||||
features are OFF on this tenant, so these calls will not return useful data.
|
||||
- `integrations` — raw only, UNVERIFIED.
|
||||
- `maintenancewindows` — raw only, UNVERIFIED.
|
||||
- `patchmanagement` — license OFF (`managePatchManagement: false`). "not available".
|
||||
- `phasr` — license/feature OFF. `getStatus` → method not found.
|
||||
- `maintenancewindows` — `getMaintenanceWindows(List)` → "not available".
|
||||
- `integrations` — `getPSAIntegrationList` → method not found (correct method
|
||||
name unconfirmed).
|
||||
- `incidents.getIncidentsList` — "Method not found" (yet `getBlocklistItems` and
|
||||
the isolate tasks on the SAME module work — likely an EDR sub-feature gate).
|
||||
|
||||
---
|
||||
|
||||
@@ -169,7 +202,11 @@ quarantine.getQuarantineItemsList, incidents.getBlocklistItems,
|
||||
incidents.createIsolateEndpointTask (gated),
|
||||
incidents.createRestoreEndpointFromIsolationTask (gated),
|
||||
incidents.addToBlocklist (gated), incidents.removeFromBlocklist (gated;
|
||||
param name UNVERIFIED).
|
||||
param name UNVERIFIED), network.getScanTasksList, network.assignPolicy (gated;
|
||||
param shape verified 2026-06-21), reports.getReportsList, accounts.getAccountsList,
|
||||
accounts.getNotificationsSettings, push.getPushEventSettings,
|
||||
push.getPushEventStats, push.setPushEventSettings (gated; `status` verified,
|
||||
nested shape UNVERIFIED).
|
||||
|
||||
> NOTE: `incidents.getIncidentsList` is wired into the CLI (`incidents`
|
||||
> subcommand) but returned `Method not found` on live re-test (2026-05-30) —
|
||||
|
||||
Reference in New Issue
Block a user