Skip to main content

WALLIX Bastion

This Integration is part of the WALLIX Bastion Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Centralized Control and Monitoring of Privileged Access to Sensitive Assets. This integration was integrated and tested with version 12 of WALLIX Bastion.

Configure WALLIX Bastion in Cortex#

ParameterRequired
Server URL (e.g. localhost)True
API Auth UserTrue
API Auth Key or user passwordFalse
Password authentication mode (set false if you provided an API key)False
Trust any certificate (not secure)False
Use system proxy settingsFalse
API version to use. Leave the field empty to use the latest API version available.False
API requests timeout in seconds. The default value is 60 seconds.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

wab-add-session-target-to-target-group#


Add a target account to a target group

Base Command#

wab-add-session-target-to-target-group

Input#

Argument NameDescriptionRequired
group_idThe group id or name to edit.Required
accountThe account name.Required
domainThe domain name (for an account or scenario account).Optional
domain_typeThe domain type: local or global (for an account or scenario account).Optional
deviceThe device name (null for an application).Optional
serviceThe service name (null for an application).Optional
applicationThe application name (null for a device).Optional
session_account_type'account', 'account_mapping', 'interactive_login' or 'scenario_account'.Required

Context Output#

There is no context output for this command.

wab-add-password-target-to-target-group#


Add a password checkout account to a target group

Base Command#

wab-add-password-target-to-target-group

Input#

Argument NameDescriptionRequired
group_idThe group id or name to edit.Required
accountThe account name.Required
domainThe domain name.Required
domain_typeThe domain type: local or global.Required
deviceThe device name (null for an application).Optional
applicationThe application name (null for a device).Optional

Context Output#

There is no context output for this command.

wab-add-restriction-to-target-group#


Add a restriction in a targetgroup category: Target Group Restrictions.

Base Command#

wab-add-restriction-to-target-group

Input#

Argument NameDescriptionRequired
group_idA target group id or name.Required
actionThe restriction type. Possible values are: kill, notify.Required
rulesthe restriction rules.Required
subprotocolThe restriction subprotocol. Possible values are: SSH_SHELL_SESSION, SSH_REMOTE_COMMAND, SSH_SCP_UP, SSH_SCP_DOWN, SFTP_SESSION, RLOGIN, TELNET, RDP.Required

Context Output#

PathTypeDescription
WAB.add_restriction_in_targetgroup.idStringid of the created object.

wab-add-timeframe-period#


Add a period to a timeframe category: Timeframes.

Base Command#

wab-add-timeframe-period

Input#

Argument NameDescriptionRequired
timeframe_idThe timeframe id or name to edit.Required
start_dateThe period start date. Must respect the format "yyyy-mm-dd".Required
end_dateThe period end date. Must respect the format "yyyy-mm-dd".Required
start_timeThe period start time. Must respect the format "hh:mm".Required
end_timeThe period end time. Must respect the format "hh:mm".Required
week_daysThe period week days.
Comma-separated list (use [] for an empty list).
Possible values: monday,tuesday,wednesday,thursday,friday,saturday,sunday.
Required

Context Output#

There is no context output for this command.

wab-get-account-references#


Get account references category: Account References

Base Command#

wab-get-account-references

Input#

Argument NameDescriptionRequired
account_idThe referenced account id or name.Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'key'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.account_reference_get.idStringThe account reference id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_reference_get.reference_nameStringThe reference name. \ /:*?"<>
WAB.account_reference_get.descriptionStringThe account reference description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_reference_get.accountStringThe referenced account name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_reference_get.admin_accountStringThe administrator account used to change password references Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_reference_get.domainStringThe name of the domain defining the password change. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_reference_get.devices.device_nameStringThe device name. \ /:*?"<>
WAB.account_reference_get.devices.statusStringThe status of the last password change on this device, or null it has never been changed.
WAB.account_reference_get.devices.error_dateStringThe date/time since which the status is "error", or null if the status is not "error".
WAB.account_reference_get.devices.error_descriptionStringThe description of the error, of null if the status is not "error".

wab-get-account-reference#


Get account reference category: Account References

Base Command#

wab-get-account-reference

Input#

Argument NameDescriptionRequired
account_idThe referenced account id or name.Required
reference_idAn account reference id or name. If specified, only this account reference is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.account_reference_get.idStringThe account reference id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_reference_get.reference_nameStringThe reference name. \ /:*?"<>
WAB.account_reference_get.descriptionStringThe account reference description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_reference_get.accountStringThe referenced account name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_reference_get.admin_accountStringThe administrator account used to change password references Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_reference_get.domainStringThe name of the domain defining the password change. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_reference_get.devices.device_nameStringThe device name. \ /:*?"<>
WAB.account_reference_get.devices.statusStringThe status of the last password change on this device, or null it has never been changed.
WAB.account_reference_get.devices.error_dateStringThe date/time since which the status is "error", or null if the status is not "error".
WAB.account_reference_get.devices.error_descriptionStringThe description of the error, of null if the status is not "error".

wab-change-password-or-ssh-key-of-account#


Change password or SSH key of an account and propagate changes on the target host. If the body is empty, an automatic password change is performed: the password or the SSH key are changed to a newly generated value, according to the password change policy on the domain. Note: the password change must be enabled on the domain, with a plugin that will be used to change the password on the target host category: Account Change Password

Base Command#

wab-change-password-or-ssh-key-of-account

Input#

Argument NameDescriptionRequired
account_idThe account id.Required
credential_type'password' to change the password or 'ssh_key' to change the SSH key. Possible values are: password, ssh_key.Required
changePasswordOrSshKeyOfAccount_passwordThe new password.Optional
changePasswordOrSshKeyOfAccount_private_keyThe new SSH private key.Optional
changePasswordOrSshKeyOfAccount_passphraseThe passphrase for the SSH private key (only for an encrypted private key). If provided, it must be between 4 and 1024 characters long.Optional

Context Output#

There is no context output for this command.

wab-get-all-accounts#


Get all accounts category: Accounts

Base Command#

wab-get-all-accounts

Input#

Argument NameDescriptionRequired
account_typeThe account type: "global" for only global domain accounts, "device" for only device accounts, "application" for only application accounts. By default accounts of any type are returned. Cannot be used if an account_name and/or device/application is specified.Optional
applicationThe name of the application whose accounts must be returned. Cannot be used if an account_name and/or an account_type/device is specified.Optional
deviceThe name of the device whose accounts must be returned. Cannot be used if an account_name and/or an application is specified.Optional
passwordsReturn credentials (passwords and SSH keys) as-is without replacing content by stars. Note: this requires the Password Manager license, the flag "Credential recovery" in the profile of the user logged on the API and the "Credential recovery" option must be enabled in REST API configuration. Possible values are: true, false.Optional
key_formatFormat of the returned SSH public key of the account. Accepted values are 'openssh' (default value) and 'ssh.com'.Optional
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'account_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.account_get.idStringThe account id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.account_nameStringThe account name. /:*?"<>
WAB.account_get.domainStringThe domain name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.deviceStringThe device name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.applicationStringThe application name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.account_loginStringThe account login. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.descriptionStringThe account description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.credentials.idStringThe credential id.
WAB.account_get.credentials.typeStringThe credential type.
WAB.account_get.credentials.passwordStringThe account password.
WAB.account_get.credentials.private_keyStringThe account private key. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.account_get.credentials.passphraseStringThe passphrase for the private key (only for an encrypted private key). If provided, it must be between 4 and 1024 characters long.
WAB.account_get.credentials.public_keyStringThe account public key.
WAB.account_get.credentials.key_typeStringThe key type.
WAB.account_get.credentials.key_lenNumberThe key length.
WAB.account_get.credentials.key_idStringThe key identity: random value used for revocation.
WAB.account_get.credentials.certificateStringThe certificate.
WAB.account_get.domain_password_changeBooleanTrue if the password change is configured on the domain (change policy and plugin are set).
WAB.account_get.auto_change_passwordBooleanAutomatically change the password. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.auto_change_ssh_keyBooleanAutomatically change the ssh key. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.checkout_policyStringThe account checkout policy. Usable in the "q" parameter.
WAB.account_get.certificate_validityStringThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.can_edit_certificate_validityBooleanTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.onboard_statusStringOnboarding status of the account Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.first_seen.idStringThe scan job id.
WAB.account_get.first_seen.typeStringScan type.
WAB.account_get.first_seen.errorStringError message.
WAB.account_get.first_seen.statusStringScan job status.
WAB.account_get.first_seen.startStringScan job start timestamp.
WAB.account_get.first_seen.endStringScan job end timestamp.
WAB.account_get.last_seen.idStringThe scan job id.
WAB.account_get.last_seen.typeStringScan type.
WAB.account_get.last_seen.errorStringError message.
WAB.account_get.last_seen.statusStringScan job status.
WAB.account_get.last_seen.startStringScan job start timestamp.
WAB.account_get.last_seen.endStringScan job end timestamp.
WAB.account_get.resourcesStringThe account resources.
WAB.account_get.servicesStringThe account services.
WAB.account_get.urlStringThe API URL to the resource.

wab-get-one-account#


Get one account category: Accounts

Base Command#

wab-get-one-account

Input#

Argument NameDescriptionRequired
account_idAn account id or complete name with account name, domain name and device/application name, for example: "Administrator@local@win10".Required
account_typeThe account type: "global" for only global domain accounts, "device" for only device accounts, "application" for only application accounts. By default accounts of any type are returned. Cannot be used if an account_name and/or device/application is specified.Optional
applicationThe name of the application whose accounts must be returned. Cannot be used if an account_name and/or an account_type/device is specified.Optional
deviceThe name of the device whose accounts must be returned. Cannot be used if an account_name and/or an application is specified.Optional
passwordsReturn credentials (passwords and SSH keys) as-is without replacing content by stars. Note: this requires the Password Manager license, the flag "Credential recovery" in the profile of the user logged on the API and the "Credential recovery" option must be enabled in REST API configuration. Possible values are: true, false.Optional
key_formatFormat of the returned SSH public key of the account. Accepted values are 'openssh' (default value) and 'ssh.com'.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.account_get.idStringThe account id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.account_nameStringThe account name. /:*?"<>
WAB.account_get.domainStringThe domain name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.deviceStringThe device name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.applicationStringThe application name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.account_loginStringThe account login. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.descriptionStringThe account description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.credentials.idStringThe credential id.
WAB.account_get.credentials.typeStringThe credential type.
WAB.account_get.credentials.passwordStringThe account password.
WAB.account_get.credentials.private_keyStringThe account private key. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.account_get.credentials.passphraseStringThe passphrase for the private key (only for an encrypted private key). If provided, it must be between 4 and 1024 characters long.
WAB.account_get.credentials.public_keyStringThe account public key.
WAB.account_get.credentials.key_typeStringThe key type.
WAB.account_get.credentials.key_lenNumberThe key length.
WAB.account_get.credentials.key_idStringThe key identity: random value used for revocation.
WAB.account_get.credentials.certificateStringThe certificate.
WAB.account_get.domain_password_changeBooleanTrue if the password change is configured on the domain (change policy and plugin are set).
WAB.account_get.auto_change_passwordBooleanAutomatically change the password. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.auto_change_ssh_keyBooleanAutomatically change the ssh key. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.checkout_policyStringThe account checkout policy. Usable in the "q" parameter.
WAB.account_get.certificate_validityStringThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.can_edit_certificate_validityBooleanTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.onboard_statusStringOnboarding status of the account Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.account_get.first_seen.idStringThe scan job id.
WAB.account_get.first_seen.typeStringScan type.
WAB.account_get.first_seen.errorStringError message.
WAB.account_get.first_seen.statusStringScan job status.
WAB.account_get.first_seen.startStringScan job start timestamp.
WAB.account_get.first_seen.endStringScan job end timestamp.
WAB.account_get.last_seen.idStringThe scan job id.
WAB.account_get.last_seen.typeStringScan type.
WAB.account_get.last_seen.errorStringError message.
WAB.account_get.last_seen.statusStringScan job status.
WAB.account_get.last_seen.startStringScan job start timestamp.
WAB.account_get.last_seen.endStringScan job end timestamp.
WAB.account_get.resourcesStringThe account resources.
WAB.account_get.servicesStringThe account services.
WAB.account_get.urlStringThe API URL to the resource.

wab-delete-account#


Delete an account category: Accounts

Base Command#

wab-delete-account

Input#

Argument NameDescriptionRequired
account_idAn account id or complete name with account name, domain name and device/application name, for example: "Administrator@local@win10".Required

Context Output#

There is no context output for this command.

wab-get-application-accounts#


Get the application accounts category: Application Accounts

Base Command#

wab-get-application-accounts

Input#

Argument NameDescriptionRequired
application_idThe application id or name.Required
domain_idThe local domain id or name.Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'account_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.app_account_get.idStringThe account id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.account_nameStringThe account name. /:*?"<>
WAB.app_account_get.account_loginStringThe account login. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.descriptionStringThe account description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.credentials.idStringThe credential id.
WAB.app_account_get.credentials.typeStringThe credential type.
WAB.app_account_get.credentials.passwordStringThe account password.
WAB.app_account_get.domain_password_changeBooleanTrue if the password change is configured on the domain (change policy and plugin are set).
WAB.app_account_get.auto_change_passwordBooleanAutomatically change the password. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.checkout_policyStringThe account checkout policy. Usable in the "q" parameter.
WAB.app_account_get.certificate_validityStringThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.can_edit_certificate_validityBooleanTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.onboard_statusStringOnboarding status of the account Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.first_seen.idStringThe scan job id.
WAB.app_account_get.first_seen.typeStringScan type.
WAB.app_account_get.first_seen.errorStringError message.
WAB.app_account_get.first_seen.statusStringScan job status.
WAB.app_account_get.first_seen.startStringScan job start timestamp.
WAB.app_account_get.first_seen.endStringScan job end timestamp.
WAB.app_account_get.last_seen.idStringThe scan job id.
WAB.app_account_get.last_seen.typeStringScan type.
WAB.app_account_get.last_seen.errorStringError message.
WAB.app_account_get.last_seen.statusStringScan job status.
WAB.app_account_get.last_seen.startStringScan job start timestamp.
WAB.app_account_get.last_seen.endStringScan job end timestamp.
WAB.app_account_get.urlStringThe API URL to the resource.

wab-add-account-to-local-domain-of-application#


Add an account to a local domain of an application category: Application Accounts

Base Command#

wab-add-account-to-local-domain-of-application

Input#

Argument NameDescriptionRequired
application_idThe application id or name.Required
domain_idThe local domain id or name.Required
app_account_post_account_nameThe account name. /:*?"<>|@ and space are forbidden.Required
app_account_post_account_loginThe account login.Required
app_account_post_descriptionThe account description.Optional
app_account_post_auto_change_passwordAutomatically change the password. It is enabled by default on a new account. Possible values are: true, false.Optional
app_account_post_checkout_policyThe account checkout policy.Required
app_account_post_certificate_validityThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain.Optional
app_account_post_can_edit_certificate_validityTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise. Possible values are: true, false.Optional

Context Output#

PathTypeDescription
WAB.add_account_to_local_domain_of_application.idStringid of the created object.

wab-get-application-account#


Get the application account category: Application Accounts

Base Command#

wab-get-application-account

Input#

Argument NameDescriptionRequired
application_idThe application id or name.Required
domain_idThe local domain id or name.Required
account_idThe account id or name.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.app_account_get.idStringThe account id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.account_nameStringThe account name. /:*?"<>
WAB.app_account_get.account_loginStringThe account login. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.descriptionStringThe account description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.credentials.idStringThe credential id.
WAB.app_account_get.credentials.typeStringThe credential type.
WAB.app_account_get.credentials.passwordStringThe account password.
WAB.app_account_get.domain_password_changeBooleanTrue if the password change is configured on the domain (change policy and plugin are set).
WAB.app_account_get.auto_change_passwordBooleanAutomatically change the password. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.checkout_policyStringThe account checkout policy. Usable in the "q" parameter.
WAB.app_account_get.certificate_validityStringThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.can_edit_certificate_validityBooleanTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.onboard_statusStringOnboarding status of the account Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.app_account_get.first_seen.idStringThe scan job id.
WAB.app_account_get.first_seen.typeStringScan type.
WAB.app_account_get.first_seen.errorStringError message.
WAB.app_account_get.first_seen.statusStringScan job status.
WAB.app_account_get.first_seen.startStringScan job start timestamp.
WAB.app_account_get.first_seen.endStringScan job end timestamp.
WAB.app_account_get.last_seen.idStringThe scan job id.
WAB.app_account_get.last_seen.typeStringScan type.
WAB.app_account_get.last_seen.errorStringError message.
WAB.app_account_get.last_seen.statusStringScan job status.
WAB.app_account_get.last_seen.startStringScan job start timestamp.
WAB.app_account_get.last_seen.endStringScan job end timestamp.
WAB.app_account_get.urlStringThe API URL to the resource.

wab-edit-account-on-local-domain-of-application#


Edit an account on a local domain of an application category: Application Accounts

Base Command#

wab-edit-account-on-local-domain-of-application

Input#

Argument NameDescriptionRequired
application_idThe application id or name.Required
domain_idThe local domain id or name.Required
account_idThe account id or name to edit.Required
forceThe default value is false. When it is set to true the values of the credentials and services, if they are supplied, are replaced, otherwise the values are added to the existing ones. Possible values are: true, false.Optional
app_account_put_account_nameThe account name. /:*?"<>|@ and space are forbidden.Optional
app_account_put_account_loginThe account login.Optional
app_account_put_descriptionThe account description.Optional
app_account_put_auto_change_passwordAutomatically change the password. It is enabled by default on a new account. Possible values are: true, false.Optional
app_account_put_checkout_policyThe account checkout policy.Optional
app_account_put_certificate_validityThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain.Optional
app_account_put_can_edit_certificate_validityTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise. Possible values are: true, false.Optional
app_account_put_onboard_statusOnboarding status of the account. Possible values are: onboarded, to_onboard, hide, manual.Optional

Context Output#

There is no context output for this command.

wab-delete-account-from-local-domain-of-application#


Delete an account from a local domain of an application category: Application Accounts

Base Command#

wab-delete-account-from-local-domain-of-application

Input#

Argument NameDescriptionRequired
application_idThe application id or name.Required
domain_idThe local domain id or name.Required
account_idThe account id or name to delete.Required

Context Output#

There is no context output for this command.

wab-get-local-domains-data-for-application#


Get local domains data for a given application category: Application Local Domains

Base Command#

wab-get-local-domains-data-for-application

Input#

Argument NameDescriptionRequired
application_idThe application id or name.Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'domain_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.localdomain_app_get.idStringThe domain id. Usable in the "q" parameter.
WAB.localdomain_app_get.domain_nameStringThe domain name. /:*?"<>
WAB.localdomain_app_get.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.localdomain_app_get.enable_password_changeBooleanEnable the change of password on this domain.
WAB.localdomain_app_get.admin_accountStringThe administrator account used to change passwords on this domain (format: "account_name").
WAB.localdomain_app_get.password_change_policyStringThe name of password change policy for this domain.
WAB.localdomain_app_get.password_change_pluginStringThe name of plugin used to change passwords on this domain.
WAB.localdomain_app_get.ca_private_keyStringThe ssh private key of the signing authority for the ssh keys for accounts in the domain. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.localdomain_app_get.ca_public_keyStringThe ssh public key of the signing authority for the ssh keys for accounts in the domain.
WAB.localdomain_app_get.urlStringThe API URL to the resource.

wab-get-local-domain-data-for-application#


Get local domain data for a given application category: Application Local Domains

Base Command#

wab-get-local-domain-data-for-application

Input#

Argument NameDescriptionRequired
application_idThe application id or name.Required
domain_idThe local domain id or name.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.localdomain_app_get.idStringThe domain id. Usable in the "q" parameter.
WAB.localdomain_app_get.domain_nameStringThe domain name. /:*?"<>
WAB.localdomain_app_get.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.localdomain_app_get.enable_password_changeBooleanEnable the change of password on this domain.
WAB.localdomain_app_get.admin_accountStringThe administrator account used to change passwords on this domain (format: "account_name").
WAB.localdomain_app_get.password_change_policyStringThe name of password change policy for this domain.
WAB.localdomain_app_get.password_change_pluginStringThe name of plugin used to change passwords on this domain.
WAB.localdomain_app_get.ca_private_keyStringThe ssh private key of the signing authority for the ssh keys for accounts in the domain. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.localdomain_app_get.ca_public_keyStringThe ssh public key of the signing authority for the ssh keys for accounts in the domain.
WAB.localdomain_app_get.urlStringThe API URL to the resource.

wab-get-applications#


Get the applications category: Applications

Base Command#

wab-get-applications

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'application_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.application_get.idStringThe application id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.application_nameStringThe application name. \/:*?"<>
WAB.application_get.descriptionStringThe application description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.categoryStringThe application category. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.last_connectionStringThe last connection on this application (format: "yyyy-mm-dd hh:mm:ss"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.parametersStringThe application parameters. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.local_domains.idStringThe domain id. Usable in the "q" parameter.
WAB.application_get.local_domains.domain_nameStringThe domain name. /:*?"<>
WAB.application_get.local_domains.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.local_domains.enable_password_changeBooleanEnable the change of password on this domain.
WAB.application_get.local_domains.admin_accountStringThe administrator account used to change passwords on this domain (format: "account_name").
WAB.application_get.local_domains.password_change_policyStringThe name of password change policy for this domain.
WAB.application_get.local_domains.password_change_pluginStringThe name of plugin used to change passwords on this domain.
WAB.application_get.local_domains.ca_private_keyStringThe ssh private key of the signing authority for the ssh keys for accounts in the domain. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.application_get.local_domains.ca_public_keyStringThe ssh public key of the signing authority for the ssh keys for accounts in the domain.
WAB.application_get.local_domains.urlStringThe API URL to the resource.
WAB.application_get.tags.keyStringThe tag key. Must not start or end with a space.
WAB.application_get.tags.valueStringThe tag value. Must not start or end with a space.
WAB.application_get.connection_policyStringThe connection policy name. Usable in the "q" parameter.
WAB.application_get.urlStringThe API URL to the resource.

wab-get-application#


Get the application category: Applications

Base Command#

wab-get-application

Input#

Argument NameDescriptionRequired
application_idAn application id or name. If specified, only this application is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.application_get.idStringThe application id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.application_nameStringThe application name. \/:*?"<>
WAB.application_get.descriptionStringThe application description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.categoryStringThe application category. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.last_connectionStringThe last connection on this application (format: "yyyy-mm-dd hh:mm:ss"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.parametersStringThe application parameters. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.local_domains.idStringThe domain id. Usable in the "q" parameter.
WAB.application_get.local_domains.domain_nameStringThe domain name. /:*?"<>
WAB.application_get.local_domains.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.application_get.local_domains.enable_password_changeBooleanEnable the change of password on this domain.
WAB.application_get.local_domains.admin_accountStringThe administrator account used to change passwords on this domain (format: "account_name").
WAB.application_get.local_domains.password_change_policyStringThe name of password change policy for this domain.
WAB.application_get.local_domains.password_change_pluginStringThe name of plugin used to change passwords on this domain.
WAB.application_get.local_domains.ca_private_keyStringThe ssh private key of the signing authority for the ssh keys for accounts in the domain. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.application_get.local_domains.ca_public_keyStringThe ssh public key of the signing authority for the ssh keys for accounts in the domain.
WAB.application_get.local_domains.urlStringThe API URL to the resource.
WAB.application_get.tags.keyStringThe tag key. Must not start or end with a space.
WAB.application_get.tags.valueStringThe tag value. Must not start or end with a space.
WAB.application_get.connection_policyStringThe connection policy name. Usable in the "q" parameter.
WAB.application_get.urlStringThe API URL to the resource.

wab-edit-application#


Edit an application category: Applications

Base Command#

wab-edit-application

Input#

Argument NameDescriptionRequired
application_idThe application id or name to edit.Required
forceThe default value is false. When it is set to true the values of the global_domains and tags are replaced, otherwise the values are added to the existing ones. Possible values are: true, false.Optional
application_put_application_nameThe application name. \/:*?"<>| and space are forbidden.Optional
application_put_descriptionThe application description.Optional
application_put_parametersThe application parameters.Optional
application_put_global_domainsThe global domains names.
Comma-separated list (use [] for an empty list).
Optional
application_put_connection_policyThe connection policy name.Optional

Context Output#

There is no context output for this command.

wab-delete-application#


Delete an application category: Applications

Base Command#

wab-delete-application

Input#

Argument NameDescriptionRequired
application_idThe application id or name to delete.Required

Context Output#

There is no context output for this command.

wab-get-approvals#


Get the approvals category: Approvals

Base Command#

wab-get-approvals

Input#

Argument NameDescriptionRequired
approval_idAn approval id. If specified, only this approval is returned.Optional
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: '-begin'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.approval_get.idStringThe approval id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.user_nameStringThe user name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.target_nameStringThe target name.(example: account@domain@device:service). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.creationStringThe creation date.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.beginStringThe start date/time for connection.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.endStringThe end date/time for connection.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.durationNumberThe allowed connection time, in minutes. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.ticketStringThe ticket reference. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.commentStringThe request description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.emailStringThe user email. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.languageStringThe user language code (en, fr, ...). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.statusStringThe approval status. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.quorumNumberThe quorum to reach. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.answers.approver_nameStringThe user name of approver.
WAB.approval_get.answers.dateStringThe answer date (format: "yyyy-mm-dd hh:mm").
WAB.approval_get.answers.commentStringThe answer comment.
WAB.approval_get.answers.approvedBooleanRequest approval (true = accepted, false = rejected).
WAB.approval_get.timeoutNumberTimeout to initiate the first connection (in minutes). After that, the approval will be automatically closed. 0: no timeout. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.authorization_nameStringThe authorization name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.is_activeBooleanThe approval is active.
WAB.approval_get.accountStringThe account name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.domainStringThe domain name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.deviceStringThe device name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.applicationStringThe application name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.serviceStringThe service name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.urlStringThe API URL to the resource.

wab-get-approvals-for-all-approvers#


Get the approvals for a given approver category: Approvals Assignments

Base Command#

wab-get-approvals-for-all-approvers

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: '-begin'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.approval_get.idStringThe approval id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.user_nameStringThe user name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.target_nameStringThe target name.(example: account@domain@device:service). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.creationStringThe creation date.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.beginStringThe start date/time for connection.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.endStringThe end date/time for connection.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.durationNumberThe allowed connection time, in minutes. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.ticketStringThe ticket reference. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.commentStringThe request description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.emailStringThe user email. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.languageStringThe user language code (en, fr, ...). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.statusStringThe approval status. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.quorumNumberThe quorum to reach. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.answers.approver_nameStringThe user name of approver.
WAB.approval_get.answers.dateStringThe answer date (format: "yyyy-mm-dd hh:mm").
WAB.approval_get.answers.commentStringThe answer comment.
WAB.approval_get.answers.approvedBooleanRequest approval (true = accepted, false = rejected).
WAB.approval_get.timeoutNumberTimeout to initiate the first connection (in minutes). After that, the approval will be automatically closed. 0: no timeout. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.authorization_nameStringThe authorization name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.is_activeBooleanThe approval is active.
WAB.approval_get.accountStringThe account name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.domainStringThe domain name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.deviceStringThe device name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.applicationStringThe application name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.serviceStringThe service name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.urlStringThe API URL to the resource.

wab-reply-to-approval-request#


Reply to an approval request (approve/reject it). Note: you can answer to an approval request only if you are in approvers groups of authorization category: Approvals Assignments

Base Command#

wab-reply-to-approval-request

Input#

Argument NameDescriptionRequired
approval_assignment_post_idThe approval id.Required
approval_assignment_post_commentThe approval comment.Required
approval_assignment_post_durationThe allowed time range to connect (in minutes).Optional
approval_assignment_post_timeoutTimeout to initiate the first connection (in minutes). After that, the approval will be automatically closed. 0: no timeout.Optional
approval_assignment_post_approvedApprove/reject the request. Possible values are: true, false.Required
approval_assignment_post_is_activeThe approval is active. Possible values are: true, false.Optional
approval_assignment_post_statusThe approval status. Possible values are: accepted, cancelled, closed, none, pending, rejected.Optional

Context Output#

PathTypeDescription
WAB.reply_to_approval_request.idStringid of the created object.

wab-get-approvals-for-approver#


Get the approvals for a given approver category: Approvals Assignments

Base Command#

wab-get-approvals-for-approver

Input#

Argument NameDescriptionRequired
user_nameThe name of a user (approver).Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: '-begin'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.approval_get.idStringThe approval id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.user_nameStringThe user name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.target_nameStringThe target name.(example: account@domain@device:service). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.creationStringThe creation date.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.beginStringThe start date/time for connection.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.endStringThe end date/time for connection.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.durationNumberThe allowed connection time, in minutes. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.ticketStringThe ticket reference. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.commentStringThe request description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.emailStringThe user email. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.languageStringThe user language code (en, fr, ...). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.statusStringThe approval status. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.quorumNumberThe quorum to reach. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.answers.approver_nameStringThe user name of approver.
WAB.approval_get.answers.dateStringThe answer date (format: "yyyy-mm-dd hh:mm").
WAB.approval_get.answers.commentStringThe answer comment.
WAB.approval_get.answers.approvedBooleanRequest approval (true = accepted, false = rejected).
WAB.approval_get.timeoutNumberTimeout to initiate the first connection (in minutes). After that, the approval will be automatically closed. 0: no timeout. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.authorization_nameStringThe authorization name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.is_activeBooleanThe approval is active.
WAB.approval_get.accountStringThe account name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.domainStringThe domain name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.deviceStringThe device name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.applicationStringThe application name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.serviceStringThe service name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.urlStringThe API URL to the resource.

wab-cancel-accepted-approval#


Cancel an accepted approval. Note: you can cancel an approval only if you are in approvers groups of authorization and the end date is still not reached category: Approvals Assignments

Base Command#

wab-cancel-accepted-approval

Input#

Argument NameDescriptionRequired
approval_assignment_cancel_post_idThe approval id.Required
approval_assignment_cancel_post_commentThe cancel comment.Required

Context Output#

PathTypeDescription
WAB.cancel_accepted_approval.idStringid of the created object.

wab-notify-approvers-linked-to-approval-assignment#


Notify approvers linked to an approval request by sending them an email category: Approvals Assignments

Base Command#

wab-notify-approvers-linked-to-approval-assignment

Input#

Argument NameDescriptionRequired
approval_assignment_notify_post_idThe approval id.Required

Context Output#

PathTypeDescription
WAB.approval_assignment_notify_post_response.emails_countNumberNumber of e-mails sent to approvers.
WAB.approval_assignment_notify_post_response.approval_assignment_notify_post_idStringthe approval_assignment_notify_post_id.

wab-get-approval-request-pending-for-user#


Get the approval request pending for this user (by default the user logged on the REST API), or the approval request with the given id category: Approvals Requests

Base Command#

wab-get-approval-request-pending-for-user

Input#

Argument NameDescriptionRequired
user(1st option) The name of a user (by default the user logged on the REST API).Optional
q(1st option) Searches for a resource matching parameters.Optional
sort(1st option) Comma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: '-begin'.Optional
offset(1st option) The index of first item to retrieve (starts and defaults to 0).Optional
limit(1st option) The number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional
approval_id(2nd option) The approval request id (the 'id' returned when the approval was created).Optional

Context Output#

PathTypeDescription
WAB.approval_get.idStringThe approval id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.user_nameStringThe user name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.target_nameStringThe target name.(example: account@domain@device:service). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.creationStringThe creation date.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.beginStringThe start date/time for connection.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.endStringThe end date/time for connection.(format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.durationNumberThe allowed connection time, in minutes. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.ticketStringThe ticket reference. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.commentStringThe request description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.emailStringThe user email. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.languageStringThe user language code (en, fr, ...). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.statusStringThe approval status. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.quorumNumberThe quorum to reach. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.answers.approver_nameStringThe user name of approver.
WAB.approval_get.answers.dateStringThe answer date (format: "yyyy-mm-dd hh:mm").
WAB.approval_get.answers.commentStringThe answer comment.
WAB.approval_get.answers.approvedBooleanRequest approval (true = accepted, false = rejected).
WAB.approval_get.timeoutNumberTimeout to initiate the first connection (in minutes). After that, the approval will be automatically closed. 0: no timeout. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.authorization_nameStringThe authorization name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.is_activeBooleanThe approval is active.
WAB.approval_get.accountStringThe account name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.domainStringThe domain name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.deviceStringThe device name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.applicationStringThe application name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.serviceStringThe service name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.approval_get.urlStringThe API URL to the resource.

wab-make-new-approval-request-to-access-target#


Make a new approval request to access a target. Note: depending on the authorization settings, the fields "ticket" and "comment" may be required category: Approvals Requests

Base Command#

wab-make-new-approval-request-to-access-target

Input#

Argument NameDescriptionRequired
approval_request_post_target_nameThe target name (example: account@domain@device:service).Required
approval_request_post_authorizationThe authorization name.Optional
approval_request_post_accountThe account name.Optional
approval_request_post_domainThe domain name.Optional
approval_request_post_deviceThe device name.Optional
approval_request_post_applicationThe application name.Optional
approval_request_post_serviceThe service name.Optional
approval_request_post_ticketThe ticket reference.Optional
approval_request_post_commentThe request comment.Optional
approval_request_post_beginThe date/time for connection (format: "yyyy-mm-dd hh:mm"), default is now.Optional
approval_request_post_durationThe allowed time range to connect (in minutes).Required

Context Output#

PathTypeDescription
WAB.approval_request_post_response_ok.idStringThe new approval id.

wab-cancel-approval-request#


Cancel an approval request category: Approvals Requests

Base Command#

wab-cancel-approval-request

Input#

Argument NameDescriptionRequired
approval_request_cancel_post_idThe approval id.Required

Context Output#

PathTypeDescription
WAB.cancel_approval_request.idStringid of the created object.

wab-notify-approvers-linked-to-approval-request#


Notify approvers linked to an approval request by sending them an email category: Approvals Requests

Base Command#

wab-notify-approvers-linked-to-approval-request

Input#

Argument NameDescriptionRequired
approval_request_notify_post_idThe approval id.Required

Context Output#

PathTypeDescription
WAB.approval_request_notify_post_response.emails_countNumberNumber of e-mails sent to approvers.
WAB.approval_request_notify_post_response.approval_request_notify_post_idStringthe approval_request_notify_post_id.

wab-check-if-approval-is-required-for-target#


Check if an approval is required for this target (optionally for a given date in future) category: Approvals Requests Target

Base Command#

wab-check-if-approval-is-required-for-target

Input#

Argument NameDescriptionRequired
target_nameThe target name (for example 'account@domain@device:service').Required
authorizationThe name of the authorization (in case of multiple authorizations to access the target).Optional
beginThe date/time (in future) for the check, current date/time is used by default (format is 'yyyy-mm-dd hh:mm').Optional

Context Output#

PathTypeDescription
WAB.approval_request_target_get.approvalStringTells whether an approval request is needed to access the target or not: not_authorized = connection is not authorized at all, not_required = connection is allowed without approval request, required = an approval request is required, pending = an approval request is pending, error = internal error.
WAB.approval_request_target_get.messageStringA message with detail about the access to the target.
WAB.approval_request_target_get.idStringThe approval id if an approval request is already pending for this target.

wab-get-mappings-of-domain#


Get the mappings of a domain category: Auth Domain Mappings

Base Command#

wab-get-mappings-of-domain

Input#

Argument NameDescriptionRequired
domain_idA domain id or name to retrieve.Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'user_group'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.authdomain_mapping_get.idStringThe mapping id. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.domainStringThe name of the domain for which the mapping is defined. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.user_groupStringThe name of the Bastion users group. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.external_groupStringThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.urlStringThe API URL to the resource.

wab-add-mapping-in-domain#


Add a mapping in a domain and set mapping fallback. If the field "external_group" is set to "*", it is used as the fallback mapping, which allows mapping of users in the domain that do not belong to the external_group to be mapped to the user_group by default category: Auth Domain Mappings

Base Command#

wab-add-mapping-in-domain

Input#

Argument NameDescriptionRequired
domain_idA domain id or name.Required
authdomain_mapping_post_domainThe name of the domain for which the mapping is defined.Optional
authdomain_mapping_post_user_groupThe name of the Bastion users group.Required
authdomain_mapping_post_external_groupThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping.Required

Context Output#

PathTypeDescription
WAB.add_mapping_in_domain.idStringid of the created object.

wab-edit-mappings-of-domain#


Edit mappings of a domain category: Auth Domain Mappings

Base Command#

wab-edit-mappings-of-domain

Input#

Argument NameDescriptionRequired
domain_idA domain id or name.Required
authdomain_mapping_put_domainThe name of the domain for which the mapping is defined.Optional
authdomain_mapping_put_user_groupThe name of the Bastion users group.Required
authdomain_mapping_put_external_groupThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping.Required

Context Output#

There is no context output for this command.

wab-get-mapping-of-domain#


Get the mapping of a domain category: Auth Domain Mappings

Base Command#

wab-get-mapping-of-domain

Input#

Argument NameDescriptionRequired
domain_idA domain id or name to retrieve.Required
mapping_idA mapping id to retrieve. If specified, only this mapping information will be retrieved.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.authdomain_mapping_get.idStringThe mapping id. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.domainStringThe name of the domain for which the mapping is defined. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.user_groupStringThe name of the Bastion users group. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.external_groupStringThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.urlStringThe API URL to the resource.

wab-edit-mapping-of-domain#


Edit a mapping of a domain category: Auth Domain Mappings

Base Command#

wab-edit-mapping-of-domain

Input#

Argument NameDescriptionRequired
domain_idA domain id or name.Required
mapping_idA mapping id to edit.Required
authdomain_mapping_put_domainThe name of the domain for which the mapping is defined.Optional
authdomain_mapping_put_user_groupThe name of the Bastion users group.Required
authdomain_mapping_put_external_groupThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping.Required

Context Output#

There is no context output for this command.

wab-delete-mapping-of-domain#


Delete the mapping of the given domain category: Auth Domain Mappings

Base Command#

wab-delete-mapping-of-domain

Input#

Argument NameDescriptionRequired
domain_idA domain id or name.Required
mapping_idA mapping id.Required

Context Output#

There is no context output for this command.

wab-get-auth-domains#


Get the auth domains category: Auth Domains

Base Command#

wab-get-auth-domains

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'domain_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.auth_domain_get.idStringThe domain id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.domain_nameStringThe domain name.\ Only alphanumeric characters, dots (.) and hyphens (-) are allowed \ Length ranges between 3 and 63. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.typeStringThe domain type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.is_defaultBooleanThe domain is used by default. Usable in the "sort" parameter.
WAB.auth_domain_get.auth_domain_nameStringThe auth domain name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.external_authsStringThe external authentications.
WAB.auth_domain_get.secondary_authStringThe secondary authentications methods for the auth domain.
WAB.auth_domain_get.default_languageStringThe default language. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.default_email_domainStringThe default email domain. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.mappings.idStringThe mapping id.
WAB.auth_domain_get.mappings.domainStringThe name of the domain for which the mapping is defined.
WAB.auth_domain_get.mappings.user_groupStringThe name of the Bastion users group.
WAB.auth_domain_get.mappings.external_groupStringThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping.
WAB.auth_domain_get.urlStringThe API URL to the resource.

wab-get-auth-domain#


Get the auth domain category: Auth Domains

Base Command#

wab-get-auth-domain

Input#

Argument NameDescriptionRequired
domain_idAn auth domain id or name to retrieve. If specified, only this auth domain information will be retrieved.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.auth_domain_get.idStringThe domain id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.domain_nameStringThe domain name.\ Only alphanumeric characters, dots (.) and hyphens (-) are allowed \ Length ranges between 3 and 63. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.typeStringThe domain type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.is_defaultBooleanThe domain is used by default. Usable in the "sort" parameter.
WAB.auth_domain_get.auth_domain_nameStringThe auth domain name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.external_authsStringThe external authentications.
WAB.auth_domain_get.secondary_authStringThe secondary authentications methods for the auth domain.
WAB.auth_domain_get.default_languageStringThe default language. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.default_email_domainStringThe default email domain. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.auth_domain_get.mappings.idStringThe mapping id.
WAB.auth_domain_get.mappings.domainStringThe name of the domain for which the mapping is defined.
WAB.auth_domain_get.mappings.user_groupStringThe name of the Bastion users group.
WAB.auth_domain_get.mappings.external_groupStringThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping.
WAB.auth_domain_get.urlStringThe API URL to the resource.

wab-get-authentications#


Get the authentications category: Authentications

Base Command#

wab-get-authentications

Input#

Argument NameDescriptionRequired
from_dateReturn authentications from this date/time (format: "yyyy-mm-dd" or "yyyy-mm-dd hh:mm:ss").Optional
to_dateReturn authentications until this date/time (format: "yyyy-mm-dd" or "yyyy-mm-dd hh:mm:ss").Optional
date_fieldThe field used for date comparison: "login" for the login time, "logout" for the logout time.Optional
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.authentication_get.idStringThe authentication id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.loginStringThe user connection date/time (format: "yyyy-mm-dd hh:mm:ss"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.logoutStringThe user deconnection date/time (format: "yyyy-mm-dd hh:mm:ss"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.usernameStringThe primary user name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.domainStringThe user domain. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.source_ipStringThe source IP. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.diagnosticStringThe diagnostic message. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.resultBooleanThe authentication is successful. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.urlStringThe API URL to the resource.

wab-get-authentication#


Get the authentication category: Authentications

Base Command#

wab-get-authentication

Input#

Argument NameDescriptionRequired
auth_idAn authentication id. If specified, only this authentication is returned.Required
from_dateReturn authentications from this date/time (format: "yyyy-mm-dd" or "yyyy-mm-dd hh:mm:ss").Optional
to_dateReturn authentications until this date/time (format: "yyyy-mm-dd" or "yyyy-mm-dd hh:mm:ss").Optional
date_fieldThe field used for date comparison: "login" for the login time, "logout" for the logout time.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.authentication_get.idStringThe authentication id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.loginStringThe user connection date/time (format: "yyyy-mm-dd hh:mm:ss"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.logoutStringThe user deconnection date/time (format: "yyyy-mm-dd hh:mm:ss"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.usernameStringThe primary user name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.domainStringThe user domain. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.source_ipStringThe source IP. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.diagnosticStringThe diagnostic message. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.resultBooleanThe authentication is successful. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authentication_get.urlStringThe API URL to the resource.

wab-get-authorizations#


Get the authorizations category: Authorizations

Base Command#

wab-get-authorizations

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.authorization_get.idStringThe authorization id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.user_groupStringThe user group. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.target_groupStringThe target group. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.authorization_nameStringThe authorization name. \ /:*?"<>
WAB.authorization_get.descriptionStringThe authorization description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.subprotocolsStringThe authorization subprotocols. It is mandatory if "authorize_sessions" is enabled (default).
WAB.authorization_get.is_criticalBooleanDefine if it's critical. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.is_recordedBooleanDefine if it's recorded. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.authorize_password_retrievalBooleanAuthorize password retrieval. Enabled by default. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.authorize_sessionsBooleanAuthorize sessions via proxies. Enabled by default. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.approval_requiredBooleanApproval is required to connect to targets. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.has_commentBooleanComment is allowed in approval. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.mandatory_commentBooleanComment is mandatory in approval. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.has_ticketBooleanTicket is allowed in approval. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.mandatory_ticketBooleanTicket is mandatory in approval. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.approversStringThe approvers user groups.
WAB.authorization_get.active_quorumNumberThe quorum for active periods (-1: approval workflow with automatic approval, 0: no approval workflow (direct connection), > 0: quorum to reach). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.inactive_quorumNumberThe quorum for inactive periods (-1: approval workflow with automatic approval, 0: no connection allowed, > 0: quorum to reach). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.single_connectionBooleanLimit to one single connection during the approval period (i.e. if the user disconnects, he will not be allowed to start a new session during the original requested time). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.approval_timeoutNumberSet a timeout in minutes after which the approval will be automatically closed if no connection has been initiated (i.e. the user won't be able to connect). 0: no timeout. Usable in the "q" parameter.
WAB.authorization_get.authorize_session_sharingBooleanEnable Session Sharing. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.session_sharing_modeStringThe Session Sharing Mode. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.urlStringThe API URL to the resource.

wab-add-authorization#


Add an authorization category: Authorizations

Base Command#

wab-add-authorization

Input#

Argument NameDescriptionRequired
authorization_post_user_groupThe user group.Required
authorization_post_target_groupThe target group.Required
authorization_post_authorization_nameThe authorization name. \ /:*?"<>|@& and space are forbidden.Required
authorization_post_descriptionThe authorization description.Optional
authorization_post_subprotocolsThe authorization subprotocols. It is mandatory if "authorize_sessions" is enabled (default).
Comma-separated list (use [] for an empty list).
Optional
authorization_post_is_criticalDefine if it's critical. Possible values are: true, false.Optional
authorization_post_is_recordedDefine if it's recorded. Possible values are: true, false.Optional
authorization_post_authorize_password_retrievalAuthorize password retrieval. Enabled by default. Possible values are: true, false.Optional
authorization_post_authorize_sessionsAuthorize sessions via proxies. Enabled by default. Possible values are: true, false.Optional
authorization_post_approval_requiredApproval is required to connect to targets. Possible values are: true, false.Optional
authorization_post_has_commentComment is allowed in approval. Possible values are: true, false.Optional
authorization_post_mandatory_commentComment is mandatory in approval. Possible values are: true, false.Optional
authorization_post_has_ticketTicket is allowed in approval. Possible values are: true, false.Optional
authorization_post_mandatory_ticketTicket is mandatory in approval. Possible values are: true, false.Optional
authorization_post_approversThe approvers user groups.
Comma-separated list (use [] for an empty list).
Optional
authorization_post_active_quorumThe quorum for active periods (-1: approval workflow with automatic approval, 0: no approval workflow (direct connection), > 0: quorum to reach).Optional
authorization_post_inactive_quorumThe quorum for inactive periods (-1: approval workflow with automatic approval, 0: no connection allowed, > 0: quorum to reach).Optional
authorization_post_single_connectionLimit to one single connection during the approval period (i.e. if the user disconnects, he will not be allowed to start a new session during the original requested time). Possible values are: true, false.Optional
authorization_post_approval_timeoutSet a timeout in minutes after which the approval will be automatically closed if no connection has been initiated (i.e. the user won't be able to connect). 0: no timeout.Optional
authorization_post_authorize_session_sharingEnable Session Sharing. Possible values are: true, false.Optional
authorization_post_session_sharing_modeThe Session Sharing Mode. Possible values are: view_only, view_control.Optional

Context Output#

PathTypeDescription
WAB.add_authorization.idStringid of the created object.

wab-get-authorization#


Get the authorization category: Authorizations

Base Command#

wab-get-authorization

Input#

Argument NameDescriptionRequired
authorization_idAn authorization id or name. If specified, only this authorization is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.authorization_get.idStringThe authorization id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.user_groupStringThe user group. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.target_groupStringThe target group. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.authorization_nameStringThe authorization name. \ /:*?"<>
WAB.authorization_get.descriptionStringThe authorization description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.subprotocolsStringThe authorization subprotocols. It is mandatory if "authorize_sessions" is enabled (default).
WAB.authorization_get.is_criticalBooleanDefine if it's critical. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.is_recordedBooleanDefine if it's recorded. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.authorize_password_retrievalBooleanAuthorize password retrieval. Enabled by default. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.authorize_sessionsBooleanAuthorize sessions via proxies. Enabled by default. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.approval_requiredBooleanApproval is required to connect to targets. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.has_commentBooleanComment is allowed in approval. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.mandatory_commentBooleanComment is mandatory in approval. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.has_ticketBooleanTicket is allowed in approval. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.mandatory_ticketBooleanTicket is mandatory in approval. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.approversStringThe approvers user groups.
WAB.authorization_get.active_quorumNumberThe quorum for active periods (-1: approval workflow with automatic approval, 0: no approval workflow (direct connection), > 0: quorum to reach). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.inactive_quorumNumberThe quorum for inactive periods (-1: approval workflow with automatic approval, 0: no connection allowed, > 0: quorum to reach). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.single_connectionBooleanLimit to one single connection during the approval period (i.e. if the user disconnects, he will not be allowed to start a new session during the original requested time). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.approval_timeoutNumberSet a timeout in minutes after which the approval will be automatically closed if no connection has been initiated (i.e. the user won't be able to connect). 0: no timeout. Usable in the "q" parameter.
WAB.authorization_get.authorize_session_sharingBooleanEnable Session Sharing. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.session_sharing_modeStringThe Session Sharing Mode. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authorization_get.urlStringThe API URL to the resource.

wab-edit-authorization#


Edit an authorization category: Authorizations

Base Command#

wab-edit-authorization

Input#

Argument NameDescriptionRequired
authorization_idThe authorization id or name to edit.Required
forceThe default value is false. When it is set to true the values of subprotocols and approvers are replaced otherwise the values are added to the existing ones. Possible values are: true, false.Optional
authorization_put_authorization_nameThe authorization name. \ /:*?"<>|@& and space are forbidden.Optional
authorization_put_descriptionThe authorization description.Optional
authorization_put_subprotocolsThe authorization subprotocols. It is mandatory if "authorize_sessions" is enabled (default).
Comma-separated list (use [] for an empty list).
Optional
authorization_put_is_criticalDefine if it's critical. Possible values are: true, false.Optional
authorization_put_is_recordedDefine if it's recorded. Possible values are: true, false.Optional
authorization_put_authorize_password_retrievalAuthorize password retrieval. Enabled by default. Possible values are: true, false.Optional
authorization_put_authorize_sessionsAuthorize sessions via proxies. Enabled by default. Possible values are: true, false.Optional
authorization_put_approval_requiredApproval is required to connect to targets. Possible values are: true, false.Optional
authorization_put_has_commentComment is allowed in approval. Possible values are: true, false.Optional
authorization_put_mandatory_commentComment is mandatory in approval. Possible values are: true, false.Optional
authorization_put_has_ticketTicket is allowed in approval. Possible values are: true, false.Optional
authorization_put_mandatory_ticketTicket is mandatory in approval. Possible values are: true, false.Optional
authorization_put_approversThe approvers user groups.
Comma-separated list (use [] for an empty list).
Optional
authorization_put_active_quorumThe quorum for active periods (-1: approval workflow with automatic approval, 0: no approval workflow (direct connection), > 0: quorum to reach).Optional
authorization_put_inactive_quorumThe quorum for inactive periods (-1: approval workflow with automatic approval, 0: no connection allowed, > 0: quorum to reach).Optional
authorization_put_single_connectionLimit to one single connection during the approval period (i.e. if the user disconnects, he will not be allowed to start a new session during the original requested time). Possible values are: true, false.Optional
authorization_put_approval_timeoutSet a timeout in minutes after which the approval will be automatically closed if no connection has been initiated (i.e. the user won't be able to connect). 0: no timeout.Optional
authorization_put_authorize_session_sharingEnable Session Sharing. Possible values are: true, false.Optional
authorization_put_session_sharing_modeThe Session Sharing Mode. Possible values are: view_only, view_control.Optional

Context Output#

There is no context output for this command.

wab-delete-authorization#


Delete an authorization category: Authorizations

Base Command#

wab-delete-authorization

Input#

Argument NameDescriptionRequired
authorization_idThe authorization id or name to delete.Required

Context Output#

There is no context output for this command.

wab-get-checkout-policies#


Get the checkout policies category: Checkout Policies

Base Command#

wab-get-checkout-policies

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'checkout_policy_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.checkoutpolicy_get.idStringThe checkout policy id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.checkout_policy_nameStringThe checkout policy name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.descriptionStringThe checkout policy description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.enable_lockBooleanLock on checkout. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.durationNumberThe checkout duration (in seconds). It is mandatory if lock on checkout is enabled. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.extensionNumberThe extension duration (in seconds). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.max_durationNumberThe max duration (in seconds). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.change_credentials_at_checkinBooleanChange credentials at check-in. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.urlStringThe API URL to the resource.

wab-get-checkout-policy#


Get the checkout policy category: Checkout Policies

Base Command#

wab-get-checkout-policy

Input#

Argument NameDescriptionRequired
checkout_policy_idA checkout policy id or name. If specified, only this checkout policy is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.checkoutpolicy_get.idStringThe checkout policy id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.checkout_policy_nameStringThe checkout policy name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.descriptionStringThe checkout policy description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.enable_lockBooleanLock on checkout. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.durationNumberThe checkout duration (in seconds). It is mandatory if lock on checkout is enabled. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.extensionNumberThe extension duration (in seconds). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.max_durationNumberThe max duration (in seconds). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.change_credentials_at_checkinBooleanChange credentials at check-in. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.checkoutpolicy_get.urlStringThe API URL to the resource.

wab-get-clusters#


Get the clusters category: Clusters

Base Command#

wab-get-clusters

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'cluster_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.cluster_get.idStringThe cluster id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.cluster_get.cluster_nameStringThe cluster name. \/:*?"<>
WAB.cluster_get.descriptionStringThe cluster description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.cluster_get.accountsStringThe cluster targets. The targets must exist in the Bastion.
WAB.cluster_get.account_mappingsStringThe cluster targets with account mapping. The targets must exist in the Bastion.
WAB.cluster_get.interactive_loginsStringThe cluster targets with interactive login. The targets must exist in the Bastion.
WAB.cluster_get.urlStringThe API URL to the resource.

wab-get-cluster#


Get the cluster category: Clusters

Base Command#

wab-get-cluster

Input#

Argument NameDescriptionRequired
cluster_idA cluster id or name. If specified, only this cluster is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.cluster_get.idStringThe cluster id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.cluster_get.cluster_nameStringThe cluster name. \/:*?"<>
WAB.cluster_get.descriptionStringThe cluster description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.cluster_get.accountsStringThe cluster targets. The targets must exist in the Bastion.
WAB.cluster_get.account_mappingsStringThe cluster targets with account mapping. The targets must exist in the Bastion.
WAB.cluster_get.interactive_loginsStringThe cluster targets with interactive login. The targets must exist in the Bastion.
WAB.cluster_get.urlStringThe API URL to the resource.

wab-getx509-configuration-infos#


Get the X509 configuration infos category: Config X509

Base Command#

wab-getx509-configuration-infos

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
WAB.config_x509_get.ca_certificateStringCertificate Authority's certificate (*.cert file in PEM format).If there's several certificate to be added, they've to be concatenated and supplied to this field, as one string.
WAB.config_x509_get.server_public_keyStringServer public key (*.cert file in PEM format).
WAB.config_x509_get.server_private_keyStringServer private key (*.key file in PEM format).
WAB.config_x509_get.enableBooleanEnable X509 or not (true = enabled, false = disabled).
WAB.config_x509_get.defaultBooleanDefault X509 configuration or not (true = default, false = set by user).

wab-uploadx509-configuration#


Upload X509 configuration category: Config X509

Base Command#

wab-uploadx509-configuration

Input#

Argument NameDescriptionRequired
config_x509_post_ca_certificateCertificate Authority's certificate (*.cert file in PEM format).If there's several certificate to be added, they've to be concatenated and supplied to this field, as one string.Optional
config_x509_post_server_public_keyServer public key (*.cert file in PEM format).Optional
config_x509_post_server_private_keyServer private key (*.key file in PEM format).Optional
config_x509_post_enableEnable X509 or not (true = enabled, false = disabled). Possible values are: true, false.Optional

Context Output#

PathTypeDescription
WAB.uploadx509_configuration.idStringid of the created object.

wab-updatex509-configuration#


Update X509 Configuration category: Config X509

Base Command#

wab-updatex509-configuration

Input#

Argument NameDescriptionRequired
config_x509_put_ca_certificateCertificate Authority's certificate (*.cert file in PEM format).If there's several certificate to be added, they've to be concatenated and supplied to this field, as one string.Optional
config_x509_put_server_public_keyServer public key (*.cert file in PEM format).Optional
config_x509_put_server_private_keyServer private key (*.key file in PEM format).Optional
config_x509_put_enableEnable X509 or not (true = enabled, false = disabled). Possible values are: true, false.Optional

Context Output#

There is no context output for this command.

wab-resetx509-configuration#


Reset X509 configuration category: Config X509

Base Command#

wab-resetx509-configuration

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

wab-get-current-serial-configuration-number-of-bastion#


Get current serial configuration number of the Bastion. This number can be used to know if the Bastion configuration was changed category: Configuration Number

Base Command#

wab-get-current-serial-configuration-number-of-bastion

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
WAB.confignumber_get.configuration_numberNumberThe current serial configuration number of the WALLIX Bastion.

wab-get-connection-policies#


Get the connection policies category: Connection Policies

Base Command#

wab-get-connection-policies

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'connection_policy_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.connectionpolicy_get.idStringThe connection policy id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.connectionpolicy_get.connection_policy_nameStringThe connection policy name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.connectionpolicy_get.typeStringThe connection policy type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.connectionpolicy_get.descriptionStringThe connection policy description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.connectionpolicy_get.protocolStringThe connection policy protocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.connectionpolicy_get.is_defaultBooleanTrue if the connection policy is a default one.
WAB.connectionpolicy_get.urlStringThe API URL to the resource.

wab-add-connection-policy#


Add a connection policy category: Connection Policies

Base Command#

wab-add-connection-policy

Input#

Argument NameDescriptionRequired
connectionpolicy_post_connection_policy_nameThe connection policy name.Required
connectionpolicy_post_typeThe connection policy type. Possible values are: RAWTCPIP, RDP, RLOGIN, SSH, TELNET, VNC.Required
connectionpolicy_post_descriptionThe connection policy description.Optional
connectionpolicy_post_protocolThe connection policy protocol. Possible values are: RAWTCPIP, RDP, RLOGIN, SSH, TELNET, VNC.Required
connectionpolicy_post_authentication_methodsThe allowed authentication methods.
Comma-separated list (use [] for an empty list).
Possible values: KERBEROS_FORWARDING,PASSWORD_INTERACTIVE,PASSWORD_MAPPING,PASSWORD_VAULT,PUBKEY_AGENT_FORWARDING,PUBKEY_VAULT.
Optional
optionsOptions for the connection policy, formatted in json.Optional

Context Output#

PathTypeDescription
WAB.add_connection_policy.idStringid of the created object.

wab-get-connection-policy#


Get the connection policy category: Connection Policies

Base Command#

wab-get-connection-policy

Input#

Argument NameDescriptionRequired
connection_policy_idA connection policy id or name. If specified, only this connection policy is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.connectionpolicy_get.idStringThe connection policy id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.connectionpolicy_get.connection_policy_nameStringThe connection policy name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.connectionpolicy_get.typeStringThe connection policy type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.connectionpolicy_get.descriptionStringThe connection policy description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.connectionpolicy_get.protocolStringThe connection policy protocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.connectionpolicy_get.is_defaultBooleanTrue if the connection policy is a default one.
WAB.connectionpolicy_get.urlStringThe API URL to the resource.

wab-edit-connection-policy#


Edit a connection policy category: Connection Policies

Base Command#

wab-edit-connection-policy

Input#

Argument NameDescriptionRequired
connection_policy_idA connection policy id or name to edit.Required
forceThe default value is false. When it is set to true the values of the authentication_methods are replaced, otherwise the values are added to the existing ones. Possible values are: true, false.Optional
connectionpolicy_put_connection_policy_nameThe connection policy name.Optional
connectionpolicy_put_descriptionThe connection policy description.Optional
connectionpolicy_put_authentication_methodsThe allowed authentication methods.
Comma-separated list (use [] for an empty list).
Possible values: KERBEROS_FORWARDING,PASSWORD_INTERACTIVE,PASSWORD_MAPPING,PASSWORD_VAULT,PUBKEY_AGENT_FORWARDING,PUBKEY_VAULT.
Optional
optionsOptions for the connection policy, formatted in json.Optional

Context Output#

There is no context output for this command.

wab-delete-connection-policy#


Delete a connection policy. Note: it is not possible to delete the default Bastion connection policies category: Connection Policies

Base Command#

wab-delete-connection-policy

Input#

Argument NameDescriptionRequired
connection_policy_idThe connection policy id or name to delete.Required

Context Output#

There is no context output for this command.

wab-get-all-accounts-on-device-local-domain#


Get all accounts on a device local domain category: Device Accounts

Base Command#

wab-get-all-accounts-on-device-local-domain

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
domain_idThe local domain id or name.Required
key_formatFormat of the returned SSH public key of the account. Accepted values are 'openssh' (default value) and 'ssh.com'.Optional
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'account_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.device_account_get.idStringThe account id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.account_nameStringThe account name. /:*?"<>
WAB.device_account_get.account_loginStringThe account login. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.descriptionStringThe account description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.credentials.idStringThe credential id.
WAB.device_account_get.credentials.typeStringThe credential type.
WAB.device_account_get.credentials.passwordStringThe account password.
WAB.device_account_get.credentials.private_keyStringThe account private key. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.device_account_get.credentials.passphraseStringThe passphrase for the private key (only for an encrypted private key). If provided, it must be between 4 and 1024 characters long.
WAB.device_account_get.credentials.public_keyStringThe account public key.
WAB.device_account_get.credentials.key_typeStringThe key type.
WAB.device_account_get.credentials.key_lenNumberThe key length.
WAB.device_account_get.credentials.key_idStringThe key identity: random value used for revocation.
WAB.device_account_get.credentials.certificateStringThe certificate.
WAB.device_account_get.domain_password_changeBooleanTrue if the password change is configured on the domain (change policy and plugin are set).
WAB.device_account_get.auto_change_passwordBooleanAutomatically change the password. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.auto_change_ssh_keyBooleanAutomatically change the ssh key. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.checkout_policyStringThe account checkout policy. Usable in the "q" parameter.
WAB.device_account_get.certificate_validityStringThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.can_edit_certificate_validityBooleanTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.onboard_statusStringOnboarding status of the account Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.first_seen.idStringThe scan job id.
WAB.device_account_get.first_seen.typeStringScan type.
WAB.device_account_get.first_seen.errorStringError message.
WAB.device_account_get.first_seen.statusStringScan job status.
WAB.device_account_get.first_seen.startStringScan job start timestamp.
WAB.device_account_get.first_seen.endStringScan job end timestamp.
WAB.device_account_get.last_seen.idStringThe scan job id.
WAB.device_account_get.last_seen.typeStringScan type.
WAB.device_account_get.last_seen.errorStringError message.
WAB.device_account_get.last_seen.statusStringScan job status.
WAB.device_account_get.last_seen.startStringScan job start timestamp.
WAB.device_account_get.last_seen.endStringScan job end timestamp.
WAB.device_account_get.urlStringThe API URL to the resource.
WAB.device_account_get.servicesStringThe account services.

wab-add-account-to-local-domain-on-device#


Add an account to a local domain on a device category: Device Accounts

Base Command#

wab-add-account-to-local-domain-on-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
domain_idThe local domain id or name.Required
device_account_post_account_nameThe account name. /:*?"<>|@ and space are forbidden.Required
device_account_post_account_loginThe account login.Required
device_account_post_descriptionThe account description.Optional
device_account_post_auto_change_passwordAutomatically change the password. It is enabled by default on a new account. Possible values are: true, false.Optional
device_account_post_auto_change_ssh_keyAutomatically change the ssh key. It is enabled by default on a new account. Possible values are: true, false.Optional
device_account_post_checkout_policyThe account checkout policy.Required
device_account_post_certificate_validityThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain.Optional
device_account_post_can_edit_certificate_validityTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise. Possible values are: true, false.Optional
device_account_post_servicesThe account services.
Comma-separated list (use [] for an empty list).
Optional

Context Output#

PathTypeDescription
WAB.add_account_to_local_domain_on_device.idStringid of the created object.

wab-get-one-account-on-device-local-domain#


Get one account on a device local domain category: Device Accounts

Base Command#

wab-get-one-account-on-device-local-domain

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
domain_idThe local domain id or name.Required
account_idThe account id or name.Required
key_formatFormat of the returned SSH public key of the account. Accepted values are 'openssh' (default value) and 'ssh.com'.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.device_account_get.idStringThe account id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.account_nameStringThe account name. /:*?"<>
WAB.device_account_get.account_loginStringThe account login. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.descriptionStringThe account description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.credentials.idStringThe credential id.
WAB.device_account_get.credentials.typeStringThe credential type.
WAB.device_account_get.credentials.passwordStringThe account password.
WAB.device_account_get.credentials.private_keyStringThe account private key. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.device_account_get.credentials.passphraseStringThe passphrase for the private key (only for an encrypted private key). If provided, it must be between 4 and 1024 characters long.
WAB.device_account_get.credentials.public_keyStringThe account public key.
WAB.device_account_get.credentials.key_typeStringThe key type.
WAB.device_account_get.credentials.key_lenNumberThe key length.
WAB.device_account_get.credentials.key_idStringThe key identity: random value used for revocation.
WAB.device_account_get.credentials.certificateStringThe certificate.
WAB.device_account_get.domain_password_changeBooleanTrue if the password change is configured on the domain (change policy and plugin are set).
WAB.device_account_get.auto_change_passwordBooleanAutomatically change the password. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.auto_change_ssh_keyBooleanAutomatically change the ssh key. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.checkout_policyStringThe account checkout policy. Usable in the "q" parameter.
WAB.device_account_get.certificate_validityStringThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.can_edit_certificate_validityBooleanTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.onboard_statusStringOnboarding status of the account Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_account_get.first_seen.idStringThe scan job id.
WAB.device_account_get.first_seen.typeStringScan type.
WAB.device_account_get.first_seen.errorStringError message.
WAB.device_account_get.first_seen.statusStringScan job status.
WAB.device_account_get.first_seen.startStringScan job start timestamp.
WAB.device_account_get.first_seen.endStringScan job end timestamp.
WAB.device_account_get.last_seen.idStringThe scan job id.
WAB.device_account_get.last_seen.typeStringScan type.
WAB.device_account_get.last_seen.errorStringError message.
WAB.device_account_get.last_seen.statusStringScan job status.
WAB.device_account_get.last_seen.startStringScan job start timestamp.
WAB.device_account_get.last_seen.endStringScan job end timestamp.
WAB.device_account_get.urlStringThe API URL to the resource.
WAB.device_account_get.servicesStringThe account services.

wab-edit-account-on-local-domain-of-device#


Edit an account on a local domain of a device category: Device Accounts

Base Command#

wab-edit-account-on-local-domain-of-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
domain_idThe local domain id or name.Required
account_idThe account id or name to edit.Required
forceThe default value is false. When it is set to true the values of the credentials and services, if they are supplied, are replaced, otherwise the values are added to the existing ones. Possible values are: true, false.Optional
device_account_put_account_nameThe account name. /:*?"<>|@ and space are forbidden.Optional
device_account_put_account_loginThe account login.Optional
device_account_put_descriptionThe account description.Optional
device_account_put_auto_change_passwordAutomatically change the password. It is enabled by default on a new account. Possible values are: true, false.Optional
device_account_put_auto_change_ssh_keyAutomatically change the ssh key. It is enabled by default on a new account. Possible values are: true, false.Optional
device_account_put_checkout_policyThe account checkout policy.Optional
device_account_put_certificate_validityThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain.Optional
device_account_put_can_edit_certificate_validityTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise. Possible values are: true, false.Optional
device_account_put_onboard_statusOnboarding status of the account. Possible values are: onboarded, to_onboard, hide, manual.Optional
device_account_put_servicesThe account services.
Comma-separated list (use [] for an empty list).
Optional

Context Output#

There is no context output for this command.

wab-delete-account-from-local-domain-of-device#


Delete an account from a local domain of a device category: Device Accounts

Base Command#

wab-delete-account-from-local-domain-of-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
domain_idThe local domain id or name.Required
account_idThe account id or name to delete.Required

Context Output#

There is no context output for this command.

wab-get-certificates-on-device#


Get the certificates on a device category: Device Certificates

Base Command#

wab-get-certificates-on-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
qSearch and return only certificates matching these words.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'type,address'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.device_certificates_get.typeStringThe certificate type. Usable in the "sort" parameter.
WAB.device_certificates_get.addressStringThe certificate address. Usable in the "sort" parameter.
WAB.device_certificates_get.portNumberThe certificate port. Usable in the "sort" parameter.
WAB.device_certificates_get.key_typeStringThe certificate key type. Usable in the "sort" parameter.
WAB.device_certificates_get.fingerprintStringThe fingerprint of the certificate. Usable in the "sort" parameter.
WAB.device_certificates_get.last_modification_dateStringThe last time the certificate was modified. Usable in the "sort" parameter.
WAB.device_certificates_get.urlStringThe API URL to the resource.

wab-get-certificate-on-device#


Get the certificate on a device category: Device Certificates

Base Command#

wab-get-certificate-on-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
cert_typeThe certificate type (SSH, RDP).Required
addressThe certificate address/ip.Required
portThe certificate port.Required
qSearch and return only certificates matching these words.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'type,address'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.device_certificates_get.typeStringThe certificate type. Usable in the "sort" parameter.
WAB.device_certificates_get.addressStringThe certificate address. Usable in the "sort" parameter.
WAB.device_certificates_get.portNumberThe certificate port. Usable in the "sort" parameter.
WAB.device_certificates_get.key_typeStringThe certificate key type. Usable in the "sort" parameter.
WAB.device_certificates_get.fingerprintStringThe fingerprint of the certificate. Usable in the "sort" parameter.
WAB.device_certificates_get.last_modification_dateStringThe last time the certificate was modified. Usable in the "sort" parameter.
WAB.device_certificates_get.urlStringThe API URL to the resource.

wab-revoke-certificate-of-device#


Revoke a certificate of a device category: Device Certificates

Base Command#

wab-revoke-certificate-of-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
cert_typeThe certificate type (SSH, RDP).Required
addressThe certificate address/ip.Required
portThe certificate port.Required

Context Output#

There is no context output for this command.

wab-get-local-domains-of-device#


Get the local domains of a device category: Device Local Domains

Base Command#

wab-get-local-domains-of-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'domain_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.localdomain_get.idStringThe domain id. Usable in the "q" parameter.
WAB.localdomain_get.domain_nameStringThe domain name. /:*?"<>
WAB.localdomain_get.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.localdomain_get.enable_password_changeBooleanEnable the change of password on this domain.
WAB.localdomain_get.admin_accountStringThe administrator account used to change passwords on this domain (format: "account_name").
WAB.localdomain_get.password_change_policyStringThe name of password change policy for this domain.
WAB.localdomain_get.password_change_pluginStringThe name of plugin used to change passwords on this domain.
WAB.localdomain_get.ca_private_keyStringThe ssh private key of the signing authority for the ssh keys for accounts in the domain. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.localdomain_get.ca_public_keyStringThe ssh public key of the signing authority for the ssh keys for accounts in the domain.
WAB.localdomain_get.urlStringThe API URL to the resource.

wab-get-local-domain-of-device#


Get the local domain of a device category: Device Local Domains

Base Command#

wab-get-local-domain-of-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
domain_idThe local domain id or name.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.localdomain_get.idStringThe domain id. Usable in the "q" parameter.
WAB.localdomain_get.domain_nameStringThe domain name. /:*?"<>
WAB.localdomain_get.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.localdomain_get.enable_password_changeBooleanEnable the change of password on this domain.
WAB.localdomain_get.admin_accountStringThe administrator account used to change passwords on this domain (format: "account_name").
WAB.localdomain_get.password_change_policyStringThe name of password change policy for this domain.
WAB.localdomain_get.password_change_pluginStringThe name of plugin used to change passwords on this domain.
WAB.localdomain_get.ca_private_keyStringThe ssh private key of the signing authority for the ssh keys for accounts in the domain. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.localdomain_get.ca_public_keyStringThe ssh public key of the signing authority for the ssh keys for accounts in the domain.
WAB.localdomain_get.urlStringThe API URL to the resource.

wab-get-services-of-device#


Get the services of a device category: Device Services

Base Command#

wab-get-services-of-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'service_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.service_get.idStringThe service id. Usable in the "sort" parameter.
WAB.service_get.service_nameStringThe service name. Must start with a letter; only letters, digits and - are allowed. Usable in the "sort" parameter. / The service name. Must start with a letter; only letters, digits and - are allowed. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.service_get.protocolStringThe protocol. Usable in the "sort" parameter. / The protocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.service_get.portNumberThe port number. Usable in the "sort" parameter. / The port number. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.service_get.connection_policyStringThe connection policy name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.service_get.global_domainsStringThe global domains names.
WAB.service_get.urlStringThe API URL to the resource.

wab-add-service-in-device#


Add a service in a device category: Device Services

Base Command#

wab-add-service-in-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
service_post_idThe service id. Usable in the "sort" parameter.Optional
service_post_service_nameThe service name. Must start with a letter; only letters, digits and - are allowed. Usable in the "sort" parameter. / The service name. Must start with a letter; only letters, digits and - are allowed. Usable in the "q" parameter. Usable in the "sort" parameter.Required
service_post_protocolThe protocol. Usable in the "sort" parameter. / The protocol. Usable in the "q" parameter. Usable in the "sort" parameter. Possible values are: RAWTCPIP, RDP, RLOGIN, SSH, TELNET, VNC.Required
service_post_portThe port number. Usable in the "sort" parameter. / The port number. Usable in the "q" parameter. Usable in the "sort" parameter.Required
service_post_subprotocolsThe sub protocols.
Comma-separated list (use [] for an empty list).
Possible values: RDP_AUDIO_INPUT,RDP_AUDIO_OUTPUT,RDP_CLIPBOARD_DOWN,RDP_CLIPBOARD_FILE,RDP_CLIPBOARD_UP,RDP_COM_PORT,RDP_DRIVE,RDP_PRINTER,RDP_SMARTCARD,SFTP_SESSION,SSH_AUTH_AGENT,SSH_DIRECT_TCPIP,SSH_DIRECT_UNIXSOCK,SSH_REMOTE_COMMAND,SSH_REVERSE_TCPIP,SSH_REVERSE_UNIXSOCK,SSH_SCP_DOWN,SSH_SCP_UP,SSH_SHELL_SESSION,SSH_X11.
Optional
service_post_connection_policyThe connection policy name. Usable in the "q" parameter. Usable in the "sort" parameter.Required
service_post_global_domainsThe global domains names.
Comma-separated list (use [] for an empty list).
Optional
service_post_seamless_connectionThe seamless connection. Possible values are: true, false.Optional

Context Output#

PathTypeDescription
WAB.add_service_in_device.idStringid of the created object.

wab-get-service-of-device#


Get the service of a device category: Device Services

Base Command#

wab-get-service-of-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
service_idThe service id or name.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.service_get.idStringThe service id. Usable in the "sort" parameter.
WAB.service_get.service_nameStringThe service name. Must start with a letter; only letters, digits and - are allowed. Usable in the "sort" parameter. / The service name. Must start with a letter; only letters, digits and - are allowed. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.service_get.protocolStringThe protocol. Usable in the "sort" parameter. / The protocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.service_get.portNumberThe port number. Usable in the "sort" parameter. / The port number. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.service_get.connection_policyStringThe connection policy name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.service_get.global_domainsStringThe global domains names.
WAB.service_get.urlStringThe API URL to the resource.

wab-edit-service-of-device#


Edit a service of a device category: Device Services

Base Command#

wab-edit-service-of-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
service_idThe service id or name to edit.Required
forceThe default value is false. When it is set to true the values of the subprotocols, global_domains and additional_interfaces are replaced, otherwise the values are added to the existing ones. Possible values are: true, false.Optional
service_put_portThe port number.Optional
service_put_subprotocolsThe sub protocols.
Comma-separated list (use [] for an empty list).
Possible values: RDP_AUDIO_INPUT,RDP_AUDIO_OUTPUT,RDP_CLIPBOARD_DOWN,RDP_CLIPBOARD_FILE,RDP_CLIPBOARD_UP,RDP_COM_PORT,RDP_DRIVE,RDP_PRINTER,RDP_SMARTCARD,SFTP_SESSION,SSH_AUTH_AGENT,SSH_DIRECT_TCPIP,SSH_DIRECT_UNIXSOCK,SSH_REMOTE_COMMAND,SSH_REVERSE_TCPIP,SSH_REVERSE_UNIXSOCK,SSH_SCP_DOWN,SSH_SCP_UP,SSH_SHELL_SESSION,SSH_X11.
Optional
service_put_connection_policyThe connection policy name.Optional
service_put_global_domainsThe global domains names.
Comma-separated list (use [] for an empty list).
Optional
service_put_seamless_connectionThe seamless connection. Possible values are: true, false.Optional

Context Output#

There is no context output for this command.

wab-delete-service-from-device#


Delete a service from a device category: Device Services

Base Command#

wab-delete-service-from-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name.Required
service_idThe service id or name.Required

Context Output#

There is no context output for this command.

wab-get-devices#


Get the devices category: Devices

Base Command#

wab-get-devices

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'device_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.device_get.idStringThe device id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.device_nameStringThe device name. \ /:*?"<>
WAB.device_get.descriptionStringThe device description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.aliasStringThe device alias. \ /:*?"<>
WAB.device_get.hostStringThe device host address. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.last_connectionStringThe last connection on this device.(format: "yyyy-mm-dd hh:mm:ss"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.local_domains.idStringThe domain id. Usable in the "q" parameter.
WAB.device_get.local_domains.domain_nameStringThe domain name. /:*?"<>
WAB.device_get.local_domains.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.local_domains.enable_password_changeBooleanEnable the change of password on this domain.
WAB.device_get.local_domains.admin_accountStringThe administrator account used to change passwords on this domain (format: "account_name").
WAB.device_get.local_domains.password_change_policyStringThe name of password change policy for this domain.
WAB.device_get.local_domains.password_change_pluginStringThe name of plugin used to change passwords on this domain.
WAB.device_get.local_domains.ca_private_keyStringThe ssh private key of the signing authority for the ssh keys for accounts in the domain. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.device_get.local_domains.ca_public_keyStringThe ssh public key of the signing authority for the ssh keys for accounts in the domain.
WAB.device_get.local_domains.urlStringThe API URL to the resource.
WAB.device_get.services.idStringThe service id. Usable in the "sort" parameter.
WAB.device_get.services.service_nameStringThe service name. Must start with a letter; only letters, digits and - are allowed. Usable in the "sort" parameter. / The service name. Must start with a letter; only letters, digits and - are allowed. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.services.protocolStringThe protocol. Usable in the "sort" parameter. / The protocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.services.portNumberThe port number. Usable in the "sort" parameter. / The port number. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.services.connection_policyStringThe connection policy name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.services.global_domainsStringThe global domains names.
WAB.device_get.services.urlStringThe API URL to the resource.
WAB.device_get.tags.keyStringThe tag key. Must not start or end with a space.
WAB.device_get.tags.valueStringThe tag value. Must not start or end with a space.
WAB.device_get.onboard_statusStringOnboarding status of the device Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.first_seen.idStringThe scan job id.
WAB.device_get.first_seen.typeStringScan type.
WAB.device_get.first_seen.errorStringError message.
WAB.device_get.first_seen.statusStringScan job status.
WAB.device_get.first_seen.startStringScan job start timestamp.
WAB.device_get.first_seen.endStringScan job end timestamp.
WAB.device_get.last_seen.idStringThe scan job id.
WAB.device_get.last_seen.typeStringScan type.
WAB.device_get.last_seen.errorStringError message.
WAB.device_get.last_seen.statusStringScan job status.
WAB.device_get.last_seen.startStringScan job start timestamp.
WAB.device_get.last_seen.endStringScan job end timestamp.
WAB.device_get.urlStringThe API URL to the resource.

wab-add-device#


Add a device category: Devices

Base Command#

wab-add-device

Input#

Argument NameDescriptionRequired
device_post_device_nameThe device name. \ /:*?"<>|@ and space are forbidden.Required
device_post_descriptionThe device description.Optional
device_post_aliasThe device alias. \ /:*?"<>|@ and space are forbidden.Optional
device_post_hostThe device host address.Required

Context Output#

PathTypeDescription
WAB.add_device.idStringid of the created object.

wab-get-device#


Get the device category: Devices

Base Command#

wab-get-device

Input#

Argument NameDescriptionRequired
device_idA device id or name. If specified, only this device is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.device_get.idStringThe device id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.device_nameStringThe device name. \ /:*?"<>
WAB.device_get.descriptionStringThe device description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.aliasStringThe device alias. \ /:*?"<>
WAB.device_get.hostStringThe device host address. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.last_connectionStringThe last connection on this device.(format: "yyyy-mm-dd hh:mm:ss"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.local_domains.idStringThe domain id. Usable in the "q" parameter.
WAB.device_get.local_domains.domain_nameStringThe domain name. /:*?"<>
WAB.device_get.local_domains.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.local_domains.enable_password_changeBooleanEnable the change of password on this domain.
WAB.device_get.local_domains.admin_accountStringThe administrator account used to change passwords on this domain (format: "account_name").
WAB.device_get.local_domains.password_change_policyStringThe name of password change policy for this domain.
WAB.device_get.local_domains.password_change_pluginStringThe name of plugin used to change passwords on this domain.
WAB.device_get.local_domains.ca_private_keyStringThe ssh private key of the signing authority for the ssh keys for accounts in the domain. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.device_get.local_domains.ca_public_keyStringThe ssh public key of the signing authority for the ssh keys for accounts in the domain.
WAB.device_get.local_domains.urlStringThe API URL to the resource.
WAB.device_get.services.idStringThe service id. Usable in the "sort" parameter.
WAB.device_get.services.service_nameStringThe service name. Must start with a letter; only letters, digits and - are allowed. Usable in the "sort" parameter. / The service name. Must start with a letter; only letters, digits and - are allowed. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.services.protocolStringThe protocol. Usable in the "sort" parameter. / The protocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.services.portNumberThe port number. Usable in the "sort" parameter. / The port number. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.services.connection_policyStringThe connection policy name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.services.global_domainsStringThe global domains names.
WAB.device_get.services.urlStringThe API URL to the resource.
WAB.device_get.tags.keyStringThe tag key. Must not start or end with a space.
WAB.device_get.tags.valueStringThe tag value. Must not start or end with a space.
WAB.device_get.onboard_statusStringOnboarding status of the device Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.device_get.first_seen.idStringThe scan job id.
WAB.device_get.first_seen.typeStringScan type.
WAB.device_get.first_seen.errorStringError message.
WAB.device_get.first_seen.statusStringScan job status.
WAB.device_get.first_seen.startStringScan job start timestamp.
WAB.device_get.first_seen.endStringScan job end timestamp.
WAB.device_get.last_seen.idStringThe scan job id.
WAB.device_get.last_seen.typeStringScan type.
WAB.device_get.last_seen.errorStringError message.
WAB.device_get.last_seen.statusStringScan job status.
WAB.device_get.last_seen.startStringScan job start timestamp.
WAB.device_get.last_seen.endStringScan job end timestamp.
WAB.device_get.urlStringThe API URL to the resource.

wab-edit-device#


Edit a device category: Devices

Base Command#

wab-edit-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name to edit.Required
forceThe default value is false. When it is set to true the values of the tags are replaced, otherwise the values are added to the existing ones. Possible values are: true, false.Optional
device_put_device_nameThe device name. \ /:*?"<>|@ and space are forbidden.Optional
device_put_descriptionThe device description.Optional
device_put_aliasThe device alias. \ /:*?"<>|@ and space are forbidden.Optional
device_put_hostThe device host address.Optional
device_put_onboard_statusOnboarding status of the device. Possible values are: onboarded, to_onboard, hide, manual.Optional

Context Output#

There is no context output for this command.

wab-delete-device#


Delete a device category: Devices

Base Command#

wab-delete-device

Input#

Argument NameDescriptionRequired
device_idThe device id or name to delete.Required

Context Output#

There is no context output for this command.

wab-get-accounts-of-global-domain#


Get the accounts of a global domain category: Domain Accounts

Base Command#

wab-get-accounts-of-global-domain

Input#

Argument NameDescriptionRequired
domain_idThe global domain id or name.Required
qSearches for a resource matching parameters.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.domain_account_get.idStringThe account id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.account_nameStringThe account name. /:*?"<>
WAB.domain_account_get.account_loginStringThe account login. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.descriptionStringThe account description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.credentials.idStringThe credential id.
WAB.domain_account_get.credentials.typeStringThe credential type.
WAB.domain_account_get.credentials.passwordStringThe account password.
WAB.domain_account_get.credentials.private_keyStringThe account private key. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.domain_account_get.credentials.passphraseStringThe passphrase for the private key (only for an encrypted private key). If provided, it must be between 4 and 1024 characters long.
WAB.domain_account_get.credentials.public_keyStringThe account public key.
WAB.domain_account_get.credentials.key_typeStringThe key type.
WAB.domain_account_get.credentials.key_lenNumberThe key length.
WAB.domain_account_get.credentials.key_idStringThe key identity: random value used for revocation.
WAB.domain_account_get.credentials.certificateStringThe certificate.
WAB.domain_account_get.domain_password_changeBooleanTrue if the password change is configured on the domain (change policy and plugin are set).
WAB.domain_account_get.auto_change_passwordBooleanAutomatically change the password. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.auto_change_ssh_keyBooleanAutomatically change the ssh key. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.checkout_policyStringThe account checkout policy. Usable in the "q" parameter.
WAB.domain_account_get.certificate_validityStringThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.can_edit_certificate_validityBooleanTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.onboard_statusStringOnboarding status of the account Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.first_seen.idStringThe scan job id.
WAB.domain_account_get.first_seen.typeStringScan type.
WAB.domain_account_get.first_seen.errorStringError message.
WAB.domain_account_get.first_seen.statusStringScan job status.
WAB.domain_account_get.first_seen.startStringScan job start timestamp.
WAB.domain_account_get.first_seen.endStringScan job end timestamp.
WAB.domain_account_get.last_seen.idStringThe scan job id.
WAB.domain_account_get.last_seen.typeStringScan type.
WAB.domain_account_get.last_seen.errorStringError message.
WAB.domain_account_get.last_seen.statusStringScan job status.
WAB.domain_account_get.last_seen.startStringScan job start timestamp.
WAB.domain_account_get.last_seen.endStringScan job end timestamp.
WAB.domain_account_get.urlStringThe API URL to the resource.
WAB.domain_account_get.resourcesStringThe account resources.

wab-add-account-in-global-domain#


Add an account in a global domain category: Domain Accounts

Base Command#

wab-add-account-in-global-domain

Input#

Argument NameDescriptionRequired
domain_idThe global domain id or name.Required
domain_account_post_account_nameThe account name. /:*?"<>|@ and space are forbidden.Required
domain_account_post_account_loginThe account login.Required
domain_account_post_descriptionThe account description.Optional
domain_account_post_auto_change_passwordAutomatically change the password. It is enabled by default on a new account. Possible values are: true, false.Optional
domain_account_post_auto_change_ssh_keyAutomatically change the ssh key. It is enabled by default on a new account. Possible values are: true, false.Optional
domain_account_post_checkout_policyThe account checkout policy.Required
domain_account_post_certificate_validityThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain.Optional
domain_account_post_can_edit_certificate_validityTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise. Possible values are: true, false.Optional
domain_account_post_resourcesThe account resources.
Comma-separated list (use [] for an empty list).
Optional

Context Output#

PathTypeDescription
WAB.add_account_in_global_domain.idStringid of the created object.

wab-get-account-of-global-domain#


Get the account of a global domain category: Domain Accounts

Base Command#

wab-get-account-of-global-domain

Input#

Argument NameDescriptionRequired
domain_idThe global domain id or name.Required
account_idThe account id or name.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.domain_account_get.idStringThe account id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.account_nameStringThe account name. /:*?"<>
WAB.domain_account_get.account_loginStringThe account login. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.descriptionStringThe account description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.credentials.idStringThe credential id.
WAB.domain_account_get.credentials.typeStringThe credential type.
WAB.domain_account_get.credentials.passwordStringThe account password.
WAB.domain_account_get.credentials.private_keyStringThe account private key. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.domain_account_get.credentials.passphraseStringThe passphrase for the private key (only for an encrypted private key). If provided, it must be between 4 and 1024 characters long.
WAB.domain_account_get.credentials.public_keyStringThe account public key.
WAB.domain_account_get.credentials.key_typeStringThe key type.
WAB.domain_account_get.credentials.key_lenNumberThe key length.
WAB.domain_account_get.credentials.key_idStringThe key identity: random value used for revocation.
WAB.domain_account_get.credentials.certificateStringThe certificate.
WAB.domain_account_get.domain_password_changeBooleanTrue if the password change is configured on the domain (change policy and plugin are set).
WAB.domain_account_get.auto_change_passwordBooleanAutomatically change the password. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.auto_change_ssh_keyBooleanAutomatically change the ssh key. It is enabled by default on a new account. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.checkout_policyStringThe account checkout policy. Usable in the "q" parameter.
WAB.domain_account_get.certificate_validityStringThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.can_edit_certificate_validityBooleanTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.onboard_statusStringOnboarding status of the account Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_account_get.first_seen.idStringThe scan job id.
WAB.domain_account_get.first_seen.typeStringScan type.
WAB.domain_account_get.first_seen.errorStringError message.
WAB.domain_account_get.first_seen.statusStringScan job status.
WAB.domain_account_get.first_seen.startStringScan job start timestamp.
WAB.domain_account_get.first_seen.endStringScan job end timestamp.
WAB.domain_account_get.last_seen.idStringThe scan job id.
WAB.domain_account_get.last_seen.typeStringScan type.
WAB.domain_account_get.last_seen.errorStringError message.
WAB.domain_account_get.last_seen.statusStringScan job status.
WAB.domain_account_get.last_seen.startStringScan job start timestamp.
WAB.domain_account_get.last_seen.endStringScan job end timestamp.
WAB.domain_account_get.urlStringThe API URL to the resource.
WAB.domain_account_get.resourcesStringThe account resources.

wab-edit-account-in-global-domain#


Edit an account in a global domain category: Domain Accounts

Base Command#

wab-edit-account-in-global-domain

Input#

Argument NameDescriptionRequired
domain_idThe global domain id or name.Required
account_idThe account id or name to edit.Required
forceThe default value is false. When it is set to true the values of the credentials and services, if they are supplied, are replaced, otherwise the values are added to the existing ones. Possible values are: true, false.Optional
domain_account_put_account_nameThe account name. /:*?"<>|@ and space are forbidden.Optional
domain_account_put_account_loginThe account login.Optional
domain_account_put_descriptionThe account description.Optional
domain_account_put_auto_change_passwordAutomatically change the password. It is enabled by default on a new account. Possible values are: true, false.Optional
domain_account_put_auto_change_ssh_keyAutomatically change the ssh key. It is enabled by default on a new account. Possible values are: true, false.Optional
domain_account_put_checkout_policyThe account checkout policy.Optional
domain_account_put_certificate_validityThe validity duration of the signed ssh public key in the case a Certificate Authority is defined for the account's domain.Optional
domain_account_put_can_edit_certificate_validityTrue if the field 'certificate_validity' can be edited based the availibility of CA certificate on the account's domain, false otherwise. Possible values are: true, false.Optional
domain_account_put_onboard_statusOnboarding status of the account. Possible values are: onboarded, to_onboard, hide, manual.Optional
domain_account_put_resourcesThe account resources.
Comma-separated list (use [] for an empty list).
Optional

Context Output#

There is no context output for this command.

wab-delete-account-from-global-domain#


Delete an account from a global domain category: Domain Accounts

Base Command#

wab-delete-account-from-global-domain

Input#

Argument NameDescriptionRequired
domain_idThe global domain id or name.Required
account_idThe account id or name to delete.Required

Context Output#

There is no context output for this command.

wab-delete-resource-from-global-domain-account#


delete a resource from the global domain account category: Domain Accounts

Base Command#

wab-delete-resource-from-global-domain-account

Input#

Argument NameDescriptionRequired
domain_idThe global domain id or name.Required
account_idThe account id or name.Required
resource_nameThe name of the resource to remove from the account.Required

Context Output#

There is no context output for this command.

wab-get-global-domains#


Get the global domains category: Domains

Base Command#

wab-get-global-domains

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'domain_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.domain_get.idStringThe domain id. Usable in the "q" parameter.
WAB.domain_get.domain_nameStringThe domain name. /:*?"<>
WAB.domain_get.domain_real_nameStringThe domain name used for connection to a target. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_get.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_get.enable_password_changeBooleanEnable the change of password on this domain.
WAB.domain_get.admin_accountStringThe administrator account used to change passwords on this domain (format: "account_name").
WAB.domain_get.kerberos.kdcStringIP address or hostname the KDC.
WAB.domain_get.kerberos.realmStringThe Kerberos realm.
WAB.domain_get.kerberos.portNumberThe Kerberos port (88 by default).
WAB.domain_get.password_change_policyStringThe name of password change policy for this domain.
WAB.domain_get.password_change_pluginStringThe name of plugin used to change passwords on this domain.
WAB.domain_get.ca_private_keyStringThe ssh private key of the signing authority for the ssh keys for accounts in the domain. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.domain_get.ca_public_keyStringThe ssh public key of the signing authority for the ssh keys for accounts in the domain.
WAB.domain_get.vault_pluginStringThe name of vault plugin used to manage all accounts defined on this domain.
WAB.domain_get.is_editableBooleanTrue if the domain is editable by the user who made the query. This might be slow to compute for a domain with many accounts if the user has limitations.
WAB.domain_get.urlStringThe API URL to the resource.

wab-get-global-domain#


Get the global domain category: Domains

Base Command#

wab-get-global-domain

Input#

Argument NameDescriptionRequired
domain_idA global domain id or name. If specified, only this domain is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.domain_get.idStringThe domain id. Usable in the "q" parameter.
WAB.domain_get.domain_nameStringThe domain name. /:*?"<>
WAB.domain_get.domain_real_nameStringThe domain name used for connection to a target. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_get.descriptionStringThe domain description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.domain_get.enable_password_changeBooleanEnable the change of password on this domain.
WAB.domain_get.admin_accountStringThe administrator account used to change passwords on this domain (format: "account_name").
WAB.domain_get.kerberos.kdcStringIP address or hostname the KDC.
WAB.domain_get.kerberos.realmStringThe Kerberos realm.
WAB.domain_get.kerberos.portNumberThe Kerberos port (88 by default).
WAB.domain_get.password_change_policyStringThe name of password change policy for this domain.
WAB.domain_get.password_change_pluginStringThe name of plugin used to change passwords on this domain.
WAB.domain_get.ca_private_keyStringThe ssh private key of the signing authority for the ssh keys for accounts in the domain. Special values are allowed to automatically generate SSH key: "generate:RSA_1024", "generate:RSA_2048", "generate:RSA_4096", "generate:RSA_8192", "generate:DSA_1024", "generate:ECDSA_256", "generate:ECDSA_384", "generate:ECDSA_521", "generate:ED25519".
WAB.domain_get.ca_public_keyStringThe ssh public key of the signing authority for the ssh keys for accounts in the domain.
WAB.domain_get.vault_pluginStringThe name of vault plugin used to manage all accounts defined on this domain.
WAB.domain_get.is_editableBooleanTrue if the domain is editable by the user who made the query. This might be slow to compute for a domain with many accounts if the user has limitations.
WAB.domain_get.urlStringThe API URL to the resource.

wab-get-external-authentication-group-mappings#


Get the external authentication group mappings category: Ldap Mappings

Base Command#

wab-get-external-authentication-group-mappings

Input#

Argument NameDescriptionRequired
group_byGroup the result-set by one property. Can take one of the values 'user_group' or 'domain'.Optional
qSearches for a resource matching parameters. Used only if "group_by" is not set.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'domain,user_group'. Used only if "group_by" is not set.Optional
offsetThe index of first item to retrieve (starts and defaults to 0). Used only if "group_by" is not set.Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option. Used only if "group_by" is not set.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.authmappings_get.domainStringThe name of the domain for which the mapping is defined. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authmappings_get.user_groupStringThe name of the Bastion users group. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authmappings_get.external_groupStringThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping. Usable in the "q" parameter. Usable in the "sort" parameter.

wab-get-ldap-users-of-domain#


Get the LDAP users of a given domain category: Ldap Users

Base Command#

wab-get-ldap-users-of-domain

Input#

Argument NameDescriptionRequired
domainA LDAP domain name. All users in this domain are returned.Required
last_connectionIf set to true, the date of last connection is returned for each user returned. Be careful: this can slow down the request if a lot of users are returned. Possible values are: true, false.Optional
qSearches for a resource matching parameters.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.ldapuser_get.user_nameStringThe user name.
WAB.ldapuser_get.loginStringThe user login.
WAB.ldapuser_get.display_nameStringThe displayed name. Usable in the "sort" parameter.
WAB.ldapuser_get.emailStringThe email address.
WAB.ldapuser_get.preferred_languageStringThe preferred language.
WAB.ldapuser_get.groupsStringThe groups containing this user.
WAB.ldapuser_get.domainStringThe domain name.
WAB.ldapuser_get.passwordStringThe password (hidden with stars or empty).
WAB.ldapuser_get.ssh_public_keyStringThe SSH public key.
WAB.ldapuser_get.last_connectionStringThe last connection of this user (format: "yyyy-mm-dd hh:mm:ss", returned only if query string parameter "last_connection" is set to true).
WAB.ldapuser_get.urlStringThe API URL to the resource.

wab-get-ldap-user-of-domain#


Get the LDAP user of a given domain category: Ldap Users

Base Command#

wab-get-ldap-user-of-domain

Input#

Argument NameDescriptionRequired
domainA LDAP domain name. All users in this domain are returned.Required
user_nameA user name. If specified, only this user is returned.Required
last_connectionIf set to true, the date of last connection is returned for each user returned. Be careful: this can slow down the request if a lot of users are returned. Possible values are: true, false.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.ldapuser_get.user_nameStringThe user name.
WAB.ldapuser_get.loginStringThe user login.
WAB.ldapuser_get.display_nameStringThe displayed name. Usable in the "sort" parameter.
WAB.ldapuser_get.emailStringThe email address.
WAB.ldapuser_get.preferred_languageStringThe preferred language.
WAB.ldapuser_get.groupsStringThe groups containing this user.
WAB.ldapuser_get.domainStringThe domain name.
WAB.ldapuser_get.passwordStringThe password (hidden with stars or empty).
WAB.ldapuser_get.ssh_public_keyStringThe SSH public key.
WAB.ldapuser_get.last_connectionStringThe last connection of this user (format: "yyyy-mm-dd hh:mm:ss", returned only if query string parameter "last_connection" is set to true).
WAB.ldapuser_get.urlStringThe API URL to the resource.

wab-get-information-about-wallix-bastion-license#


Get information about the WALLIX Bastion license category: License Info

Base Command#

wab-get-information-about-wallix-bastion-license

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
WAB.licenseinfo_get.evaluationBooleanLicense is the default evaluation license.
WAB.licenseinfo_get.revokedBooleanLicenses are revoked.
WAB.licenseinfo_get.legacyBooleanLicense is of legacy type.
WAB.licenseinfo_get.product_nameStringLicensed product name.
WAB.licenseinfo_get.functional_packStringName of the license type.
WAB.licenseinfo_get.add_onsStringList of Add-ons.
WAB.licenseinfo_get.universal_tunnelingBooleanRAWTCP protocol usage is enabled.
WAB.licenseinfo_get.haBooleanHigh Availibility (2 nodes) option is enabled.
WAB.licenseinfo_get.clusteringBooleanClustering 3+ nodes option is enabled.
WAB.licenseinfo_get.data_leak_preventionBooleanData leak prevention option is enabled.
WAB.licenseinfo_get.itsmBooleanInformation technology service management option is enabled.
WAB.licenseinfo_get.enterpriseBooleanEnterprise license.
WAB.licenseinfo_get.password_managerBooleanPassword manager is enabled.
WAB.licenseinfo_get.session_managerBooleanSession manager is enabled.
WAB.licenseinfo_get.siem_enabledBooleanSIEM / Remote Syslog option is enabled.
WAB.licenseinfo_get.externvault_enabledBooleanExternal Vaults option is enabled.
WAB.licenseinfo_get.expiration_dateStringThe license expiration date.
WAB.licenseinfo_get.is_validBooleanLicense is valid.
WAB.licenseinfo_get.primaryNumberThe current number of primary connections.
WAB.licenseinfo_get.primary_maxNumberThe max number of primary connections allowed by the license.
WAB.licenseinfo_get.secondaryNumberThe current number of secondary connections.
WAB.licenseinfo_get.secondary_maxNumberThe max number of secondary connections allowed by the license.
WAB.licenseinfo_get.named_userNumberThe current number of named users.
WAB.licenseinfo_get.named_user_maxNumberThe maximum number of named users allowed by the license.
WAB.licenseinfo_get.resourceNumberThe current number of resources defined.
WAB.licenseinfo_get.resource_maxNumberThe max number of resources allowed by the license.
WAB.licenseinfo_get.web_jumphost_concurrent_usersNumberThe current number of concurrent jumphost users.
WAB.licenseinfo_get.web_jumphost_concurrent_users_maxNumberThe max number of concurrent jumphost users allowed by the license.
WAB.licenseinfo_get.waapmNumberThe current number of WAAPM license used on the last 30 days.
WAB.licenseinfo_get.waapm_maxNumberThe max number of WAAPM license useable on one month.
WAB.licenseinfo_get.pm_targetNumberThe current number of PM targets.
WAB.licenseinfo_get.pm_target_maxNumberThe max number of PM targets allowed by the license.
WAB.licenseinfo_get.sm_targetNumberThe current number of SM targets.
WAB.licenseinfo_get.sm_target_maxNumberThe max number of SM targets allowed by the license.

wab-post-logsiem#


Write a message in /var/log/wabaudit.log and send it to the SIEM (if configured) category: Log Siem

Base Command#

wab-post-logsiem

Input#

Argument NameDescriptionRequired
logsiem_post_applicationThe application name.Required
logsiem_post_messageThe message to write.Required

Context Output#

PathTypeDescription
WAB.post_logsiem.idStringid of the created object.

wab-get-notifications#


Get the notifications category: Notifications

Base Command#

wab-get-notifications

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'notification_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional

Context Output#

PathTypeDescription
WAB.notification_get.idStringThe notification id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.notification_nameStringThe notification name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.descriptionStringThe notification description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.enabledBooleanNotification is enabled. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.typeStringNotification type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.destinationStringDestination for notification; for the type "email", this is a list of recipient emails separated by ";". Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.languageStringThe notification language (in email). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.eventsStringThe list of events that will trigger a notification.
WAB.notification_get.urlStringThe API URL to the resource.

wab-add-notification#


Add a notification category: Notifications

Base Command#

wab-add-notification

Input#

Argument NameDescriptionRequired
notification_post_notification_nameThe notification name.Required
notification_post_descriptionThe notification description.Optional
notification_post_enabledNotification is enabled. Possible values are: true, false.Required
notification_post_typeNotification type. Possible values are: email.Required
notification_post_destinationDestination for notification; for the type "email", this is a list of recipient emails separated by ";".Required
notification_post_languageThe notification language (in email). Possible values are: de, en, es, fr, ru.Required
notification_post_eventsThe list of events that will trigger a notification.
Comma-separated list (use [] for an empty list).
Possible values: cx_equipment,daily_reporting,external_storage_full,filesystem_full,integrity_error,licence_notifications,new_fingerprint,password_expired,pattern_found,primary_cx_failed,raid_error,rdp_outcxn_found,rdp_pattern_found,rdp_process_found,secondary_cx_failed,sessionlog_purge,watchdog_notifications,wrong_fingerprint.
Optional

Context Output#

PathTypeDescription
WAB.add_notification.idStringid of the created object.

wab-get-notification#


Get the notification category: Notifications

Base Command#

wab-get-notification

Input#

Argument NameDescriptionRequired
notification_idA notification id or name. If specified, only this notification is returned.Required

Context Output#

PathTypeDescription
WAB.notification_get.idStringThe notification id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.notification_nameStringThe notification name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.descriptionStringThe notification description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.enabledBooleanNotification is enabled. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.typeStringNotification type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.destinationStringDestination for notification; for the type "email", this is a list of recipient emails separated by ";". Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.languageStringThe notification language (in email). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.notification_get.eventsStringThe list of events that will trigger a notification.
WAB.notification_get.urlStringThe API URL to the resource.

wab-edit-notification#


Edit a notification category: Notifications

Base Command#

wab-edit-notification

Input#

Argument NameDescriptionRequired
notification_idThe notification id or name to edit.Required
forceThe default value is false. When it is set to true the values of the events are replaced, otherwise the values are added to the existing ones. Possible values are: true, false.Optional
notification_put_notification_nameThe notification name.Optional
notification_put_descriptionThe notification description.Optional
notification_put_enabledNotification is enabled. Possible values are: true, false.Optional
notification_put_typeNotification type. Possible values are: email.Optional
notification_put_destinationDestination for notification; for the type "email", this is a list of recipient emails separated by ";".Optional
notification_put_languageThe notification language (in email). Possible values are: de, en, es, fr, ru.Optional
notification_put_eventsThe list of events that will trigger a notification.
Comma-separated list (use [] for an empty list).
Possible values: cx_equipment,daily_reporting,external_storage_full,filesystem_full,integrity_error,licence_notifications,new_fingerprint,password_expired,pattern_found,primary_cx_failed,raid_error,rdp_outcxn_found,rdp_pattern_found,rdp_process_found,secondary_cx_failed,sessionlog_purge,watchdog_notifications,wrong_fingerprint.
Optional

Context Output#

There is no context output for this command.

wab-delete-notification#


Delete a notification category: Notifications

Base Command#

wab-delete-notification

Input#

Argument NameDescriptionRequired
notification_idThe notification id or name to delete.Required

Context Output#

There is no context output for this command.

wab-get-object-to-onboard#


Get object to onboard, by type (either devices with their linked accounts or global accounts alone) category: Onboarding Objects

Base Command#

wab-get-object-to-onboard

Input#

Argument NameDescriptionRequired
object_typeThe type of object, one of : 'devices', 'global_accounts'.Required
object_statusThe desired object status, one of: 'to_onboard', 'hide'.Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'object name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.onboarding_objects_get.idStringThe device id. Usable in the "q" parameter. Usable in the "sort" parameter. / The account id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.onboarding_objects_get.descriptionStringThe device description. Usable in the "q" parameter. Usable in the "sort" parameter. / The account description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.onboarding_objects_get.onboard_statusStringOnboarding status of the device Usable in the "q" parameter. Usable in the "sort" parameter. / Onboarding status of the account Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.onboarding_objects_get.first_seen.idStringThe scan job id.
WAB.onboarding_objects_get.first_seen.typeStringScan type.
WAB.onboarding_objects_get.first_seen.errorStringError message.
WAB.onboarding_objects_get.first_seen.statusStringScan job status.
WAB.onboarding_objects_get.first_seen.startStringScan job start timestamp.
WAB.onboarding_objects_get.first_seen.endStringScan job end timestamp.
WAB.onboarding_objects_get.last_seen.idStringThe scan job id.
WAB.onboarding_objects_get.last_seen.typeStringScan type.
WAB.onboarding_objects_get.last_seen.errorStringError message.
WAB.onboarding_objects_get.last_seen.statusStringScan job status.
WAB.onboarding_objects_get.last_seen.startStringScan job start timestamp.
WAB.onboarding_objects_get.last_seen.endStringScan job end timestamp.
WAB.onboarding_objects_get.urlStringThe API URL to the resource.

wab-get-password-change-policies#


Get the password change policies category: Password Change Policies

Base Command#

wab-get-password-change-policies

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'password_change_policy_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional

Context Output#

PathTypeDescription
WAB.passwordchangepolicy_get.idStringThe password change policy id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.password_change_policy_nameStringThe password change policy name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.descriptionStringThe password change policy description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.password_lengthNumberNumber of chars in password. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.special_charsNumberThe minimum number of special chars in password (0 = no minimum, null = no special chars at all). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.lower_charsNumberThe minimum number of lower case chars in password (0 = no minimum, null = no lower case chars at all). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.upper_charsNumberThe minimum number of upper case chars in password (0 = no minimum, null = no upper case chars at all). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.digit_charsNumberThe minimum number of digit chars in password (0 = no minimum, null = no digit chars at all). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.exclude_charsStringCharacters to exclude in password. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.ssh_key_typeStringThe SSH key type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.ssh_key_sizeNumberThe SSH key size (in bits). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.change_periodString

The period to change password.

String value must be a valid cron syntax (e.g. '\* \* \* \* \*').

Aliases are allowed:

@hourly → 0 \* \* \* \* @daily → 0 0 \* \* \* @weekly → 0 0 \* \* 0 @monthly → 0 0 1 \* \* @yearly → 0 0 1 1 \*

Note: An empty string (or null) will deactivate the change password schedule. Moreover, @reboot is not allowed. Usable in the "q" parameter. Usable in the "sort" parameter. | | WAB.passwordchangepolicy_get.url | String | The API URL to the resource. |

wab-add-password-change-policy#


Add a password change policy. Note: at least password or SSH options must be given in the policy (and both can be used at same time) category: Password Change Policies

Base Command#

wab-add-password-change-policy

Input#

Argument NameDescriptionRequired
passwordchangepolicy_post_password_change_policy_nameThe password change policy name.Required
passwordchangepolicy_post_descriptionThe password change policy description.Optional
passwordchangepolicy_post_password_lengthNumber of chars in password. (enter null for null value).Optional
passwordchangepolicy_post_special_charsThe minimum number of special chars in password (0 = no minimum, null = no special chars at all). (enter null for null value).Optional
passwordchangepolicy_post_lower_charsThe minimum number of lower case chars in password (0 = no minimum, null = no lower case chars at all). (enter null for null value).Optional
passwordchangepolicy_post_upper_charsThe minimum number of upper case chars in password (0 = no minimum, null = no upper case chars at all). (enter null for null value).Optional
passwordchangepolicy_post_digit_charsThe minimum number of digit chars in password (0 = no minimum, null = no digit chars at all). (enter null for null value).Optional
passwordchangepolicy_post_exclude_charsCharacters to exclude in password. (enter null for null value).Optional
passwordchangepolicy_post_ssh_key_typeThe SSH key type. (enter null for null value).Optional
passwordchangepolicy_post_ssh_key_sizeThe SSH key size (in bits). (enter null for null value).Optional
passwordchangepolicy_post_change_period
The period to change password.

String value must be a valid cron syntax (e.g. '* * * * *').

Aliases are allowed:

@hourly → 0 * * * *
@daily → 0 0 * * *
@weekly → 0 0 * * 0
@monthly → 0 0 1 * *
@yearly → 0 0 1 1 *

Note: An empty string (or null) will deactivate the change password schedule.
Moreover, @reboot is not allowed.
(enter null for null value).
Optional

Context Output#

PathTypeDescription
WAB.add_password_change_policy.idStringid of the created object.

wab-get-password-change-policy#


Get the password change policy category: Password Change Policies

Base Command#

wab-get-password-change-policy

Input#

Argument NameDescriptionRequired
policy_idA password change policy id or name. If specified, only this password change policy is returned.Required

Context Output#

PathTypeDescription
WAB.passwordchangepolicy_get.idStringThe password change policy id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.password_change_policy_nameStringThe password change policy name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.descriptionStringThe password change policy description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.password_lengthNumberNumber of chars in password. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.special_charsNumberThe minimum number of special chars in password (0 = no minimum, null = no special chars at all). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.lower_charsNumberThe minimum number of lower case chars in password (0 = no minimum, null = no lower case chars at all). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.upper_charsNumberThe minimum number of upper case chars in password (0 = no minimum, null = no upper case chars at all). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.digit_charsNumberThe minimum number of digit chars in password (0 = no minimum, null = no digit chars at all). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.exclude_charsStringCharacters to exclude in password. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.ssh_key_typeStringThe SSH key type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.ssh_key_sizeNumberThe SSH key size (in bits). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.passwordchangepolicy_get.change_periodString

The period to change password.

String value must be a valid cron syntax (e.g. '\* \* \* \* \*').

Aliases are allowed:

@hourly → 0 \* \* \* \* @daily → 0 0 \* \* \* @weekly → 0 0 \* \* 0 @monthly → 0 0 1 \* \* @yearly → 0 0 1 1 \*

Note: An empty string (or null) will deactivate the change password schedule. Moreover, @reboot is not allowed. Usable in the "q" parameter. Usable in the "sort" parameter. | | WAB.passwordchangepolicy_get.url | String | The API URL to the resource. |

wab-edit-password-change-policy#


Edit a password change policy category: Password Change Policies

Base Command#

wab-edit-password-change-policy

Input#

Argument NameDescriptionRequired
policy_idThe password change policy id or name to edit.Required
passwordchangepolicy_put_password_change_policy_nameThe password change policy name.Optional
passwordchangepolicy_put_descriptionThe password change policy description.Optional
passwordchangepolicy_put_password_lengthNumber of chars in password. (enter null for null value).Optional
passwordchangepolicy_put_special_charsThe minimum number of special chars in password (0 = no minimum, null = no special chars at all). (enter null for null value).Optional
passwordchangepolicy_put_lower_charsThe minimum number of lower case chars in password (0 = no minimum, null = no lower case chars at all). (enter null for null value).Optional
passwordchangepolicy_put_upper_charsThe minimum number of upper case chars in password (0 = no minimum, null = no upper case chars at all). (enter null for null value).Optional
passwordchangepolicy_put_digit_charsThe minimum number of digit chars in password (0 = no minimum, null = no digit chars at all). (enter null for null value).Optional
passwordchangepolicy_put_exclude_charsCharacters to exclude in password. (enter null for null value).Optional
passwordchangepolicy_put_ssh_key_typeThe SSH key type. (enter null for null value).Optional
passwordchangepolicy_put_ssh_key_sizeThe SSH key size (in bits). (enter null for null value).Optional
passwordchangepolicy_put_change_period
The period to change password.

String value must be a valid cron syntax (e.g. '* * * * *').

Aliases are allowed:

@hourly → 0 * * * *
@daily → 0 0 * * *
@weekly → 0 0 * * 0
@monthly → 0 0 1 * *
@yearly → 0 0 1 1 *

Note: An empty string (or null) will deactivate the change password schedule.
Moreover, @reboot is not allowed.
(enter null for null value).
Optional

Context Output#

There is no context output for this command.

wab-delete-password-change-policy#


Delete a password change policy category: Password Change Policies

Base Command#

wab-delete-password-change-policy

Input#

Argument NameDescriptionRequired
policy_idThe password change policy id or name to delete.Required

Context Output#

There is no context output for this command.

wab-get-passwordrights#


Get current user's or the user 'user_name' password rights on accounts (for checkout/checkin) category: Password Rights

Base Command#

wab-get-passwordrights

Input#

Argument NameDescriptionRequired
countThe default value is false. When it is set to true, the headers x-total-count and x-filtered-count are returned. Possible values are: true, false.Optional
qOnly a simple string to search is allowed in this resource (for example: 'q=windows'). The search is performed on the following fields only: account, account_description, device, device_alias, device_description, application, application_description, domain, domain_description, authorization, authorization_description.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'account,domain,device,application'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.passwordrights_get.typeStringThe account type.
WAB.passwordrights_get.targetStringThe complete target identifier which can be used in resource /targetpasswords (format: "account_name@global_domain_name"). / The complete target identifier which can be used in resource /targetpasswords (example: "account@domain@device"). / The complete target identifier which can be used in resource /targetpasswords (format: "account_name@local_domain_name@application_name").
WAB.passwordrights_get.accountStringThe account name. Usable in the "sort" parameter.
WAB.passwordrights_get.account_descriptionStringThe account description. Usable in the "sort" parameter.
WAB.passwordrights_get.domainStringThe global domain name. Usable in the "sort" parameter. / The local domain name on device. Usable in the "sort" parameter. / The local domain name on application. Usable in the "sort" parameter.
WAB.passwordrights_get.domain_descriptionStringThe domain description. Usable in the "sort" parameter.
WAB.passwordrights_get.domain_vaultBooleanThe domain accounts are stored on an external vault. Usable in the "sort" parameter.
WAB.passwordrights_get.authorization_approvalBooleanTrue if an approval workflow is defined in the authorization, otherwise False. Usable in the "sort" parameter.
WAB.passwordrights_get.authorizationStringThe authorization name. Usable in the "sort" parameter.
WAB.passwordrights_get.authorization_descriptionStringThe authorization description. Usable in the "sort" parameter.
WAB.passwordrights_get.right_fingerprintStringThe fingerprint of the right (hash of authorization and target uid).

wab-get-passwordrights-user-name#


Get current user's or the user 'user_name' password rights on accounts (for checkout/checkin) category: Password Rights

Base Command#

wab-get-passwordrights-user-name

Input#

Argument NameDescriptionRequired
user_nameIf specified, the user_name password rights is returned.Required
countThe default value is false. When it is set to true, the headers x-total-count and x-filtered-count are returned. Possible values are: true, false.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.passwordrights_get.typeStringThe account type.
WAB.passwordrights_get.targetStringThe complete target identifier which can be used in resource /targetpasswords (format: "account_name@global_domain_name"). / The complete target identifier which can be used in resource /targetpasswords (example: "account@domain@device"). / The complete target identifier which can be used in resource /targetpasswords (format: "account_name@local_domain_name@application_name").
WAB.passwordrights_get.accountStringThe account name. Usable in the "sort" parameter.
WAB.passwordrights_get.account_descriptionStringThe account description. Usable in the "sort" parameter.
WAB.passwordrights_get.domainStringThe global domain name. Usable in the "sort" parameter. / The local domain name on device. Usable in the "sort" parameter. / The local domain name on application. Usable in the "sort" parameter.
WAB.passwordrights_get.domain_descriptionStringThe domain description. Usable in the "sort" parameter.
WAB.passwordrights_get.domain_vaultBooleanThe domain accounts are stored on an external vault. Usable in the "sort" parameter.
WAB.passwordrights_get.authorization_approvalBooleanTrue if an approval workflow is defined in the authorization, otherwise False. Usable in the "sort" parameter.
WAB.passwordrights_get.authorizationStringThe authorization name. Usable in the "sort" parameter.
WAB.passwordrights_get.authorization_descriptionStringThe authorization description. Usable in the "sort" parameter.
WAB.passwordrights_get.right_fingerprintStringThe fingerprint of the right (hash of authorization and target uid).
WAB.passwordrights_get.user_nameStringthe user_name.

wab-get-profiles#


Get the profiles category: Profiles

Base Command#

wab-get-profiles

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'profile_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.profile_get.idStringThe profile id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.profile_get.profile_nameStringThe profile name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.profile_get.editableBooleanProfile is editable. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.profile_get.descriptionStringThe target group description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.profile_get.gui_features.wab_auditStringwab audit.
WAB.profile_get.gui_features.system_auditStringsystem audit.
WAB.profile_get.gui_features.usersStringusers.
WAB.profile_get.gui_features.user_groupsStringuser groups.
WAB.profile_get.gui_features.devicesStringdevices.
WAB.profile_get.gui_features.target_groupsStringtarget groups.
WAB.profile_get.gui_features.authorizationsStringauthorizations.
WAB.profile_get.gui_features.profilesStringprofiles.
WAB.profile_get.gui_features.wab_settingsStringwab settings.
WAB.profile_get.gui_features.system_settingsStringsystem settings.
WAB.profile_get.gui_features.backupStringbackup.
WAB.profile_get.gui_features.approvalStringapproval.
WAB.profile_get.gui_features.credential_recoveryStringcredential recovery.
WAB.profile_get.gui_transmission.system_auditStringsystem audit.
WAB.profile_get.gui_transmission.usersStringusers.
WAB.profile_get.gui_transmission.user_groupsStringuser groups.
WAB.profile_get.gui_transmission.devicesStringdevices.
WAB.profile_get.gui_transmission.target_groupsStringtarget groups.
WAB.profile_get.gui_transmission.authorizationsStringauthorizations.
WAB.profile_get.gui_transmission.profilesStringprofiles.
WAB.profile_get.gui_transmission.wab_settingsStringwab settings.
WAB.profile_get.gui_transmission.system_settingsStringsystem settings.
WAB.profile_get.gui_transmission.backupStringbackup.
WAB.profile_get.gui_transmission.approvalStringapproval.
WAB.profile_get.gui_transmission.credential_recoveryStringcredential recovery.
WAB.profile_get.ip_limitationStringThe profile ip limitation. Format is an IPv4 address, subnet or host name, for example: 192.168.1.10/24 Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.profile_get.target_accessBooleanTarget access.
WAB.profile_get.dashboardsStringOrdered list of dashboards names. Usable in the "q" parameter.
WAB.profile_get.urlStringThe API URL to the resource.

wab-get-profile#


Get the profile category: Profiles

Base Command#

wab-get-profile

Input#

Argument NameDescriptionRequired
profile_idA profile id or name. If specified, only this profile is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.profile_get.idStringThe profile id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.profile_get.profile_nameStringThe profile name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.profile_get.editableBooleanProfile is editable. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.profile_get.descriptionStringThe target group description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.profile_get.gui_features.wab_auditStringwab audit.
WAB.profile_get.gui_features.system_auditStringsystem audit.
WAB.profile_get.gui_features.usersStringusers.
WAB.profile_get.gui_features.user_groupsStringuser groups.
WAB.profile_get.gui_features.devicesStringdevices.
WAB.profile_get.gui_features.target_groupsStringtarget groups.
WAB.profile_get.gui_features.authorizationsStringauthorizations.
WAB.profile_get.gui_features.profilesStringprofiles.
WAB.profile_get.gui_features.wab_settingsStringwab settings.
WAB.profile_get.gui_features.system_settingsStringsystem settings.
WAB.profile_get.gui_features.backupStringbackup.
WAB.profile_get.gui_features.approvalStringapproval.
WAB.profile_get.gui_features.credential_recoveryStringcredential recovery.
WAB.profile_get.gui_transmission.system_auditStringsystem audit.
WAB.profile_get.gui_transmission.usersStringusers.
WAB.profile_get.gui_transmission.user_groupsStringuser groups.
WAB.profile_get.gui_transmission.devicesStringdevices.
WAB.profile_get.gui_transmission.target_groupsStringtarget groups.
WAB.profile_get.gui_transmission.authorizationsStringauthorizations.
WAB.profile_get.gui_transmission.profilesStringprofiles.
WAB.profile_get.gui_transmission.wab_settingsStringwab settings.
WAB.profile_get.gui_transmission.system_settingsStringsystem settings.
WAB.profile_get.gui_transmission.backupStringbackup.
WAB.profile_get.gui_transmission.approvalStringapproval.
WAB.profile_get.gui_transmission.credential_recoveryStringcredential recovery.
WAB.profile_get.ip_limitationStringThe profile ip limitation. Format is an IPv4 address, subnet or host name, for example: 192.168.1.10/24 Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.profile_get.target_accessBooleanTarget access.
WAB.profile_get.dashboardsStringOrdered list of dashboards names. Usable in the "q" parameter.
WAB.profile_get.urlStringThe API URL to the resource.

wab-get-scanjobs#


Get the scanjobs category: Scan Jobs

Base Command#

wab-get-scanjobs

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'scan_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.scanjob_get.idStringThe scan job id. Usable in the "sort" parameter.
WAB.scanjob_get.typeStringScan type Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scanjob_get.errorStringError message.
WAB.scanjob_get.statusStringScan job status Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scanjob_get.startStringScan job start timestamp. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scanjob_get.endStringScan job end timestamp Usable in the "q" parameter. Usable in the "sort" parameter.

wab-start-scan-job-manually#


Start a scan job manually category: Scan Jobs

Base Command#

wab-start-scan-job-manually

Input#

Argument NameDescriptionRequired
scanjob_post_scan_idScan definition id.Required

Context Output#

PathTypeDescription
WAB.start_scan_job_manually.idStringid of the created object.

wab-get-scanjob#


Get the scanjob category: Scan Jobs

Base Command#

wab-get-scanjob

Input#

Argument NameDescriptionRequired
scanjob_idA scan job id or name. If specified, only this scan job is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.scanjob_get.idStringThe scan job id. Usable in the "sort" parameter.
WAB.scanjob_get.typeStringScan type Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scanjob_get.errorStringError message.
WAB.scanjob_get.statusStringScan job status Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scanjob_get.startStringScan job start timestamp. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scanjob_get.endStringScan job end timestamp Usable in the "q" parameter. Usable in the "sort" parameter.

wab-cancel-scan-job#


Cancel a scan job category: Scan Jobs

Base Command#

wab-cancel-scan-job

Input#

Argument NameDescriptionRequired
scanjob_idThe scan id or name to edit.Required

Context Output#

There is no context output for this command.

wab-get-scans#


Get the scans category: Scans

Base Command#

wab-get-scans

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'scan_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.scan_get.idStringThe scan id. Usable in the "sort" parameter.
WAB.scan_get.nameStringScan name Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scan_get.activeBooleanState of the job schedule. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scan_get.periodicityStringPeriodicity of the scan, in cron notation. Usable in the "q" parameter.
WAB.scan_get.descriptionStringDescription of the scan. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scan_get.emailsStringEmails to notify when a job is finished.
WAB.scan_get.last_job.idStringUID of the job.
WAB.scan_get.last_job.statusStringstatus.
WAB.scan_get.last_job.startStringTimestamp of the job start.
WAB.scan_get.last_job.endStringTimestamp of the job end.
WAB.scan_get.typeStringScan type Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scan_get.urlStringThe API URL to the resource.

wab-get-scan#


Get the scan category: Scans

Base Command#

wab-get-scan

Input#

Argument NameDescriptionRequired
scan_idA scan id or name. If specified, only this scan is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.scan_get.idStringThe scan id. Usable in the "sort" parameter.
WAB.scan_get.nameStringScan name Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scan_get.activeBooleanState of the job schedule. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scan_get.periodicityStringPeriodicity of the scan, in cron notation. Usable in the "q" parameter.
WAB.scan_get.descriptionStringDescription of the scan. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scan_get.emailsStringEmails to notify when a job is finished.
WAB.scan_get.last_job.idStringUID of the job.
WAB.scan_get.last_job.statusStringstatus.
WAB.scan_get.last_job.startStringTimestamp of the job start.
WAB.scan_get.last_job.endStringTimestamp of the job end.
WAB.scan_get.typeStringScan type Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.scan_get.urlStringThe API URL to the resource.

wab-edit-scan#


Edit a scan category: Scans

Base Command#

wab-edit-scan

Input#

Argument NameDescriptionRequired
scan_idThe scan id or name to edit.Required
scan_put_nameScan name.Optional
scan_put_activeState of the job schedule. Possible values are: true, false.Optional
scan_put_periodicityPeriodicity of the scan, in cron notation.Optional
scan_put_descriptionDescription of the scan.Optional
scan_put_emailsEmails to notify when a job is finished.
Comma-separated list (use [] for an empty list).
Optional
scan_put_subnetsList of subnets to scan.
Comma-separated list (use [] for an empty list).
Optional
scan_put_banner_regexRegexes to mach on SSH banner.
Comma-separated list (use [] for an empty list).
Optional
scan_put_scan_for_accountsScan for accounts on discovered devices. Possible values are: true, false.Optional
scan_put_master_accountsThe master accounts used to log and the devices empty if scan_for_accounts is false.
Comma-separated list (use [] for an empty list).
Optional
scan_put_search_filterActive Directory search filter.Optional
scan_put_dn_listList of Distinguished Names to search.
Comma-separated list (use [] for an empty list).
Optional
scan_put_devicesThe devices to scan.
Comma-separated list (use [] for an empty list).
Optional

Context Output#

There is no context output for this command.

wab-delete-scan#


Delete a scan category: Scans

Base Command#

wab-delete-scan

Input#

Argument NameDescriptionRequired
scan_idThe scan id or name to delete.Required

Context Output#

There is no context output for this command.

wab-get-sessionrights#


Get current user's or the user 'user_name' session rights (connections via proxies) category: Session Rights

Base Command#

wab-get-sessionrights

Input#

Argument NameDescriptionRequired
countThe default value is false. When set to true, the headers x-total-count and x-filtered-count are returned. Possible values are: true, false.Optional
last_connectionThe default value is false. When set to true, the last connection date is returned for each authorizations. Possible values are: true, false.Optional
qOnly a simple string to search is allowed in this resource (for exemple: 'q=windows'). The search is performed on the following fields only: account, account_description, device, device_alias, device_description, application, application_description, service_protocol, domain, domain_description, authorization, authorization_description.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'account,domain,device, ' 'application'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.sessionrights_get.typeStringThe resource type.
WAB.sessionrights_get.accountStringThe account name. Usable in the "sort" parameter.
WAB.sessionrights_get.account_descriptionStringThe account description. Usable in the "sort" parameter.
WAB.sessionrights_get.domainStringThe domain name. Usable in the "sort" parameter.
WAB.sessionrights_get.domain_descriptionStringThe domain description. Usable in the "sort" parameter.
WAB.sessionrights_get.serviceStringThe service name. Usable in the "sort" parameter.
WAB.sessionrights_get.service_protocolStringThe protocol name. Usable in the "sort" parameter.
WAB.sessionrights_get.authorization_approvalBooleanTrue if an approval workflow is defined in the authorization, otherwise False. Usable in the "sort" parameter.
WAB.sessionrights_get.authorizationStringThe authorization name. Usable in the "sort" parameter.
WAB.sessionrights_get.authorization_descriptionStringThe authorization description. Usable in the "sort" parameter.
WAB.sessionrights_get.account_mappingBooleanAccount mapping.
WAB.sessionrights_get.account_mapping_vaultBooleanAccount mapping with a vault account.
WAB.sessionrights_get.interactive_loginBooleanInteractive login.
WAB.sessionrights_get.right_fingerprintStringThe fingerprint of the right (hash of authorization and target uid).
WAB.sessionrights_get.timeframesStringThe timeframes during which the user can access the target.
WAB.sessionrights_get.last_connectionStringThe date of the last connection (format: "yyyy-mm-dd hh:mm:ss"). Usable in the "sort" parameter.

wab-get-sessionrights-user-name#


Get current user's or the user 'user_name' session rights (connections via proxies) category: Session Rights

Base Command#

wab-get-sessionrights-user-name

Input#

Argument NameDescriptionRequired
user_nameIf specified, the user_name session rights is returned.Required
countThe default value is false. When set to true, the headers x-total-count and x-filtered-count are returned. Possible values are: true, false.Optional
last_connectionThe default value is false. When set to true, the last connection date is returned for each authorizations. Possible values are: true, false.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.sessionrights_get.typeStringThe resource type.
WAB.sessionrights_get.accountStringThe account name. Usable in the "sort" parameter.
WAB.sessionrights_get.account_descriptionStringThe account description. Usable in the "sort" parameter.
WAB.sessionrights_get.domainStringThe domain name. Usable in the "sort" parameter.
WAB.sessionrights_get.domain_descriptionStringThe domain description. Usable in the "sort" parameter.
WAB.sessionrights_get.serviceStringThe service name. Usable in the "sort" parameter.
WAB.sessionrights_get.service_protocolStringThe protocol name. Usable in the "sort" parameter.
WAB.sessionrights_get.authorization_approvalBooleanTrue if an approval workflow is defined in the authorization, otherwise False. Usable in the "sort" parameter.
WAB.sessionrights_get.authorizationStringThe authorization name. Usable in the "sort" parameter.
WAB.sessionrights_get.authorization_descriptionStringThe authorization description. Usable in the "sort" parameter.
WAB.sessionrights_get.account_mappingBooleanAccount mapping.
WAB.sessionrights_get.account_mapping_vaultBooleanAccount mapping with a vault account.
WAB.sessionrights_get.interactive_loginBooleanInteractive login.
WAB.sessionrights_get.right_fingerprintStringThe fingerprint of the right (hash of authorization and target uid).
WAB.sessionrights_get.timeframesStringThe timeframes during which the user can access the target.
WAB.sessionrights_get.last_connectionStringThe date of the last connection (format: "yyyy-mm-dd hh:mm:ss"). Usable in the "sort" parameter.
WAB.sessionrights_get.user_nameStringthe user_name.

wab-get-sessions#


Get the sessions category: Sessions

Base Command#

wab-get-sessions

Input#

Argument NameDescriptionRequired
session_idA session id. If specified, only this session is returned.Optional
otpUser's OTP (One Time Password) If specified, only the session initiated with the provided OTP is returned.Optional
statusStatus of sessions to return: "closed" for closed sessions (default) or "current" for current sessions.Optional
from_dateReturn sessions from this date/time (format: "yyyy-mm-dd" or "yyyy-mm-dd hh:mm:ss").Optional
to_dateReturn sessions until this date/time (format: "yyyy-mm-dd" or "yyyy-mm-dd hh:mm:ss").Optional
date_fieldThe field used for date comparison: "begin" for the start of session, "end" for the end of session.Optional
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'end,id' when status is 'closed', 'begin,id' when status is 'current'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.session_get.idStringThe session id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.beginStringThe beginning date/time of the session (format: "yyyy-mm-dd hh:mm:ss"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.endStringThe end date/time of the session (format: "yyyy-mm-dd hh:mm:ss"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.usernameStringThe primary user name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.source_ipStringThe source IP. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.source_protocolStringThe source protocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.target_accountStringThe target account name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.target_effective_loginStringThe effective login.
WAB.session_get.target_account_domainStringThe target account domain name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.target_deviceStringThe target device name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.target_portNumberThe target port number Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.target_hostStringThe target hostname or IP. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.target_effective_hostStringThe effective target IP.
WAB.session_get.target_serviceStringThe target service name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.target_protocolStringThe target protocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.target_sub_protocolStringThe target sub-protocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.is_applicationBooleanThe session is on an application.
WAB.session_get.resultBooleanThe session is successful. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.killedBooleanThe session has been killed.
WAB.session_get.diagnosticStringThe diagnostic message. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.descriptionStringThe session description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.titleStringThe session title. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.is_recordedBooleanThe session is recorded. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.is_criticalBooleanThe session is critical. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.session_trace_sizeNumberSize of the session trace file, in bytes (if -1, there is no trace file).
WAB.session_get.session_log_sizeNumberSize of the session log file (metadata), in bytes (if -1, there is no metadata file).
WAB.session_get.approval.idStringThe approval id.
WAB.session_get.approval.user_nameStringThe user name.
WAB.session_get.approval.target_nameStringThe target name.(example: account@domain@device:service).
WAB.session_get.approval.creationStringThe creation date.(format: "yyyy-mm-dd hh:mm").
WAB.session_get.approval.beginStringThe start date/time for connection.(format: "yyyy-mm-dd hh:mm").
WAB.session_get.approval.endStringThe end date/time for connection.(format: "yyyy-mm-dd hh:mm").
WAB.session_get.approval.durationNumberThe allowed connection time, in minutes.
WAB.session_get.approval.ticketStringThe ticket reference.
WAB.session_get.approval.commentStringThe request description.
WAB.session_get.approval.emailStringThe user email.
WAB.session_get.approval.languageStringThe user language code (en, fr, ...).
WAB.session_get.approval.statusStringThe approval status.
WAB.session_get.approval.quorumNumberThe quorum to reach.
WAB.session_get.approval.answers.approver_nameStringThe user name of approver.
WAB.session_get.approval.answers.dateStringThe answer date (format: "yyyy-mm-dd hh:mm").
WAB.session_get.approval.answers.commentStringThe answer comment.
WAB.session_get.approval.answers.approvedBooleanRequest approval (true = accepted, false = rejected).
WAB.session_get.approval.timeoutNumberTimeout to initiate the first connection (in minutes). After that, the approval will be automatically closed. 0: no timeout.
WAB.session_get.approval.authorization_nameStringThe authorization name.
WAB.session_get.approval.is_activeBooleanThe approval is active.
WAB.session_get.approval.accountStringThe account name.
WAB.session_get.approval.domainStringThe domain name.
WAB.session_get.approval.deviceStringThe device name.
WAB.session_get.approval.applicationStringThe application name.
WAB.session_get.approval.serviceStringThe service name.
WAB.session_get.approval.urlStringThe API URL to the resource.
WAB.session_get.user_groupStringName of the user group in authorization used to make the session. Usable in the "sort" parameter.
WAB.session_get.target_groupStringName of the target group in authorization used to make the session. Usable in the "sort" parameter.
WAB.session_get.ownerStringThe node id which own this session. Usable in the "sort" parameter.
WAB.session_get.target_session_idStringThe RDP target session id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.session_get.shared_session.idStringThe session id.
WAB.session_get.shared_session.urlStringThe API URL to the resource.
WAB.session_get.auditor_sessions.idStringThe session id.
WAB.session_get.auditor_sessions.urlStringThe API URL to the resource.
WAB.session_get.urlStringThe API URL to the resource.

wab-edit-session#


Edit a session category: Sessions

Base Command#

wab-edit-session

Input#

Argument NameDescriptionRequired
session_idThe session id to edit.Required
actionThe action on the session: 'edit' to edit the session (default), 'kill' to kill the session.Optional
session_put_edit_descriptionThe new session description.Required

Context Output#

There is no context output for this command.

wab-get-session-metadata#


Get the metadata of one or multiple sessions category: Sessions Metadata

Base Command#

wab-get-session-metadata

Input#

Argument NameDescriptionRequired
session_idsThe session id, multiple IDs can be separated by commas.Required
downloadThe default value is false. When it is set to true, the session metadata is sent as a file instead of JSON (recommended for large metadata). The download is possible only with a single session id. Possible values are: true, false.Optional

Context Output#

PathTypeDescription
WAB.session_metadata_get.session_idStringThe session id.
WAB.session_metadata_get.metadataStringThe session metadata content.

wab-get-session-sharing-requests#


Get session sharing requests category: Sessions Requests

Base Command#

wab-get-session-sharing-requests

Input#

Argument NameDescriptionRequired
request_idA request id. If specified, only this request is returned.Optional
session_idA session id. If specified, only the request linked to this session is returned.Optional

Context Output#

PathTypeDescription
WAB.session_request_get.idStringThe request id. Usable in the "sort" parameter.
WAB.session_request_get.session_idStringThe session id. Usable in the "sort" parameter.
WAB.session_request_get.modeStringThe session sharing mode.
WAB.session_request_get.contextStringThe request context.
WAB.session_request_get.statusStringThe request status.
WAB.session_request_get.creation_dateStringThe request creation date/time (format: "yyyy-mm-dd hh:mm:ss").
WAB.session_request_get.expiration_dateStringThe request expiration date/time (format: "yyyy-mm-dd hh:mm:ss").
WAB.session_request_get.guest_session_idStringThe guest session id. Usable in the "sort" parameter.
WAB.session_request_get.guest_idStringA Guest ID (random if unknown invited guest) or a username (if known Bastion user). Usable in the "sort" parameter.

wab-create-session-request#


Create a session request category: Sessions Requests

Base Command#

wab-create-session-request

Input#

Argument NameDescriptionRequired
session_request_post_session_idThe session id.Required
session_request_post_modeThe session sharing mode. Possible values are: view_only, view_control.Required

Context Output#

There is no context output for this command.

wab-delete-pending-or-live-session-request#


Delete a pending or a live session request category: Sessions Requests

Base Command#

wab-delete-pending-or-live-session-request

Input#

Argument NameDescriptionRequired
request_idThe session sharing request to delete.Required

Context Output#

There is no context output for this command.

wab-get-latest-snapshot-of-running-session#


Get the latest snapshot of a running session category: Sessions Snapshots

Base Command#

wab-get-latest-snapshot-of-running-session

Input#

Argument NameDescriptionRequired
session_idThe session id.Required

Context Output#

There is no context output for this command.

wab-get-status-of-trace-generation#


Get the status of a trace generation category: Sessions Traces

Base Command#

wab-get-status-of-trace-generation

Input#

Argument NameDescriptionRequired
session_idThe session id.Required
dateGenerate the trace from this date/time (format: "yyyy-mm-dd hh:mm:ss").Optional
durationDuration of the trace to generate (in seconds).Optional
downloadThe default value is false. When it is set to true, the session trace is sent as a file instead of JSON output with the generation status. Possible values are: true, false.Optional

Context Output#

PathTypeDescription
WAB.session_trace_get.session_idStringThe session id.
WAB.session_trace_get.dateStringThe starting date/time (format: "yyyy-mm-dd hh:mm:ss").
WAB.session_trace_get.durationNumberThe duration (in seconds).
WAB.session_trace_get.statusStringThe generation status.
WAB.session_trace_get.reasonStringThe error description (only in case of error).
WAB.session_trace_get.progress_pctNumberProgress (percent).
WAB.session_trace_get.etaNumberEstimated time before end of generation (in seconds).

wab-generate-trace-for-session#


Generate a trace for a session category: Sessions Traces

Base Command#

wab-generate-trace-for-session

Input#

Argument NameDescriptionRequired
session_trace_post_session_idThe session id.Required
session_trace_post_dateThe starting date/time (format: "yyyy-mm-dd hh:mm:ss").Optional
session_trace_post_durationThe duration (in seconds).Optional

Context Output#

PathTypeDescription
WAB.generate_trace_for_session.idStringid of the created object.

wab-get-wallix-bastion-usage-statistics#


Get the WALLIX Bastion usage statistics. If no from_date or to_date are supplied it will return the statistics for the last full calendar month category: Statistics

Base Command#

wab-get-wallix-bastion-usage-statistics

Input#

Argument NameDescriptionRequired
from_dateGet statistics from this date at midnight (format: "yyyy-mm-dd").Optional
to_dateGet statistics until this date at 23:59:59 (format: "yyyy-mm-dd").Optional

Context Output#

PathTypeDescription
WAB.statistics_get.from_dateStringBeginning of the interval (format: "yyyy-mm-dd").
WAB.statistics_get.to_dateStringEnd of the interval (format: "yyyy-mm-dd").
WAB.statistics_get.primary_connections.minNumberLowest simultaneous objects.
WAB.statistics_get.primary_connections.averageNumberAverage simultaneous objects.
WAB.statistics_get.primary_connections.maxNumberMaximum simultaneous objects.
WAB.statistics_get.secondary_connections.minNumberLowest simultaneous objects.
WAB.statistics_get.secondary_connections.averageNumberAverage simultaneous objects.
WAB.statistics_get.secondary_connections.maxNumberMaximum simultaneous objects.
WAB.statistics_get.device_count.minNumberLowest simultaneous objects.
WAB.statistics_get.device_count.averageNumberAverage simultaneous objects.
WAB.statistics_get.device_count.maxNumberMaximum simultaneous objects.
WAB.statistics_get.application_count.minNumberLowest simultaneous objects.
WAB.statistics_get.application_count.averageNumberAverage simultaneous objects.
WAB.statistics_get.application_count.maxNumberMaximum simultaneous objects.

wab-get-target-groups#


Get the target groups category: Target Groups

Base Command#

wab-get-target-groups

Input#

Argument NameDescriptionRequired
deviceReturn only the targetgroups this device belongs to.Optional
applicationReturn only the targetgroups this application belongs to.Optional
domainReturn only the targetgroups this domain belongs to.Optional
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'group_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.targetgroups_get.idStringThe target group id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.targetgroups_get.group_nameStringThe target group name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.targetgroups_get.descriptionStringThe target group description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.targetgroups_get.session.accounts.idStringThe target id.
WAB.targetgroups_get.session.accounts.accountStringThe account name.
WAB.targetgroups_get.session.accounts.domainStringThe domain name.
WAB.targetgroups_get.session.accounts.domain_typeStringThe domain type: local or global.
WAB.targetgroups_get.session.accounts.deviceStringThe device name (null for an application or a global domain).
WAB.targetgroups_get.session.accounts.serviceStringThe service name (null for an application or a global domain).
WAB.targetgroups_get.session.accounts.applicationStringThe application name (null for a device or a global domain).
WAB.targetgroups_get.session.account_mappings.idStringThe target id.
WAB.targetgroups_get.session.account_mappings.deviceStringThe device name (null for an application).
WAB.targetgroups_get.session.account_mappings.serviceStringThe service name (null for an application).
WAB.targetgroups_get.session.account_mappings.applicationStringThe application name (null for a device).
WAB.targetgroups_get.session.interactive_logins.idStringThe target id.
WAB.targetgroups_get.session.interactive_logins.deviceStringThe device name (null for an application).
WAB.targetgroups_get.session.interactive_logins.serviceStringThe service name (null for an application).
WAB.targetgroups_get.session.interactive_logins.applicationStringThe application name (null for a device).
WAB.targetgroups_get.session.scenario_accounts.idStringThe target id.
WAB.targetgroups_get.session.scenario_accounts.accountStringThe account name.
WAB.targetgroups_get.session.scenario_accounts.domainStringThe domain name.
WAB.targetgroups_get.session.scenario_accounts.domain_typeStringThe domain type: local or global.
WAB.targetgroups_get.session.scenario_accounts.deviceStringThe device name (null for an application or a global domain).
WAB.targetgroups_get.session.scenario_accounts.applicationStringThe application name (null for a device or a global domain).
WAB.targetgroups_get.password_retrieval.accounts.idStringThe target id.
WAB.targetgroups_get.password_retrieval.accounts.accountStringThe account name.
WAB.targetgroups_get.password_retrieval.accounts.domainStringThe domain name.
WAB.targetgroups_get.password_retrieval.accounts.domain_typeStringThe domain type: local or global.
WAB.targetgroups_get.password_retrieval.accounts.deviceStringThe device name (null for an application or a global domain).
WAB.targetgroups_get.password_retrieval.accounts.applicationStringThe application name (null for a device or a global domain).
WAB.targetgroups_get.restrictions.idStringThe restriction id.
WAB.targetgroups_get.restrictions.actionStringThe restriction type.
WAB.targetgroups_get.restrictions.rulesStringThe restriction rules.
WAB.targetgroups_get.restrictions.subprotocolStringThe restriction subprotocol.
WAB.targetgroups_get.urlStringThe API URL to the resource.

wab-add-target-group#


Add a target group category: Target Groups

Base Command#

wab-add-target-group

Input#

Argument NameDescriptionRequired
targetgroups_post_group_nameThe target group name.Required
targetgroups_post_descriptionThe target group description.Optional

Context Output#

PathTypeDescription
WAB.add_target_group.idStringid of the created object.

wab-get-target-group#


Get the target group category: Target Groups

Base Command#

wab-get-target-group

Input#

Argument NameDescriptionRequired
group_idA target group id or name. If specified, only this target group is returned.Required
deviceReturn only the targetgroups this device belongs to.Optional
applicationReturn only the targetgroups this application belongs to.Optional
domainReturn only the targetgroups this domain belongs to.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.targetgroups_get.idStringThe target group id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.targetgroups_get.group_nameStringThe target group name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.targetgroups_get.descriptionStringThe target group description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.targetgroups_get.session.accounts.idStringThe target id.
WAB.targetgroups_get.session.accounts.accountStringThe account name.
WAB.targetgroups_get.session.accounts.domainStringThe domain name.
WAB.targetgroups_get.session.accounts.domain_typeStringThe domain type: local or global.
WAB.targetgroups_get.session.accounts.deviceStringThe device name (null for an application or a global domain).
WAB.targetgroups_get.session.accounts.serviceStringThe service name (null for an application or a global domain).
WAB.targetgroups_get.session.accounts.applicationStringThe application name (null for a device or a global domain).
WAB.targetgroups_get.session.account_mappings.idStringThe target id.
WAB.targetgroups_get.session.account_mappings.deviceStringThe device name (null for an application).
WAB.targetgroups_get.session.account_mappings.serviceStringThe service name (null for an application).
WAB.targetgroups_get.session.account_mappings.applicationStringThe application name (null for a device).
WAB.targetgroups_get.session.interactive_logins.idStringThe target id.
WAB.targetgroups_get.session.interactive_logins.deviceStringThe device name (null for an application).
WAB.targetgroups_get.session.interactive_logins.serviceStringThe service name (null for an application).
WAB.targetgroups_get.session.interactive_logins.applicationStringThe application name (null for a device).
WAB.targetgroups_get.session.scenario_accounts.idStringThe target id.
WAB.targetgroups_get.session.scenario_accounts.accountStringThe account name.
WAB.targetgroups_get.session.scenario_accounts.domainStringThe domain name.
WAB.targetgroups_get.session.scenario_accounts.domain_typeStringThe domain type: local or global.
WAB.targetgroups_get.session.scenario_accounts.deviceStringThe device name (null for an application or a global domain).
WAB.targetgroups_get.session.scenario_accounts.applicationStringThe application name (null for a device or a global domain).
WAB.targetgroups_get.password_retrieval.accounts.idStringThe target id.
WAB.targetgroups_get.password_retrieval.accounts.accountStringThe account name.
WAB.targetgroups_get.password_retrieval.accounts.domainStringThe domain name.
WAB.targetgroups_get.password_retrieval.accounts.domain_typeStringThe domain type: local or global.
WAB.targetgroups_get.password_retrieval.accounts.deviceStringThe device name (null for an application or a global domain).
WAB.targetgroups_get.password_retrieval.accounts.applicationStringThe application name (null for a device or a global domain).
WAB.targetgroups_get.restrictions.idStringThe restriction id.
WAB.targetgroups_get.restrictions.actionStringThe restriction type.
WAB.targetgroups_get.restrictions.rulesStringThe restriction rules.
WAB.targetgroups_get.restrictions.subprotocolStringThe restriction subprotocol.
WAB.targetgroups_get.urlStringThe API URL to the resource.

wab-edit-target-group#


Edit a target group category: Target Groups

Base Command#

wab-edit-target-group

Input#

Argument NameDescriptionRequired
group_idThe group id or name to edit.Required
forceThe default value is false. When it is set to true the values of the targets are replaced, otherwise the values are added to the existing ones. Possible values are: true, false.Optional
targetgroups_put_group_nameThe target group name.Optional
targetgroups_put_descriptionThe target group description.Optional

Context Output#

There is no context output for this command.

wab-delete-target-group#


Delete a target group category: Target Groups

Base Command#

wab-delete-target-group

Input#

Argument NameDescriptionRequired
group_idThe group id or name to delete.Required

Context Output#

There is no context output for this command.

wab-delete-target-from-group#


Delete a target from a group category: Target Groups

Base Command#

wab-delete-target-from-group

Input#

Argument NameDescriptionRequired
group_idThe group id or name to delete.Required
target_typeThe type of target group, one of: 'session_accounts', 'session_account_mappings', 'session_interactive_logins', 'session_scenario_accounts', 'password_retrieval_accounts'.Required
target_idThe target id or name to remove from the group.Required

Context Output#

There is no context output for this command.

wab-get-timeframes#


Get the timeframes category: Timeframes

Base Command#

wab-get-timeframes

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'timeframe_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.timeframe_get.idStringThe timeframe id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.timeframe_get.timeframe_nameStringThe timeframe name. No space is permitted at first or end. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.timeframe_get.descriptionStringThe timeframe description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.timeframe_get.is_overtimableBooleanDo not close sessions at the end of the time period.
WAB.timeframe_get.periods.start_dateStringThe period start date. Must respect the format "yyyy-mm-dd".
WAB.timeframe_get.periods.end_dateStringThe period end date. Must respect the format "yyyy-mm-dd".
WAB.timeframe_get.periods.start_timeStringThe period start time. Must respect the format "hh:mm".
WAB.timeframe_get.periods.end_timeStringThe period end time. Must respect the format "hh:mm".
WAB.timeframe_get.periods.week_daysStringThe period week days.
WAB.timeframe_get.urlStringThe API URL to the resource.

wab-add-timeframe#


Add a timeframe category: Timeframes

Base Command#

wab-add-timeframe

Input#

Argument NameDescriptionRequired
timeframe_post_timeframe_nameThe timeframe name. No space is permitted at first or end.Required
timeframe_post_descriptionThe timeframe description.Optional
timeframe_post_is_overtimableDo not close sessions at the end of the time period. Possible values are: true, false.Optional

Context Output#

PathTypeDescription
WAB.add_timeframe.idStringid of the created object.

wab-get-timeframe#


Get the timeframe category: Timeframes

Base Command#

wab-get-timeframe

Input#

Argument NameDescriptionRequired
timeframe_idA timeframe id or name. If specified, only this timeframe is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.timeframe_get.idStringThe timeframe id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.timeframe_get.timeframe_nameStringThe timeframe name. No space is permitted at first or end. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.timeframe_get.descriptionStringThe timeframe description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.timeframe_get.is_overtimableBooleanDo not close sessions at the end of the time period.
WAB.timeframe_get.periods.start_dateStringThe period start date. Must respect the format "yyyy-mm-dd".
WAB.timeframe_get.periods.end_dateStringThe period end date. Must respect the format "yyyy-mm-dd".
WAB.timeframe_get.periods.start_timeStringThe period start time. Must respect the format "hh:mm".
WAB.timeframe_get.periods.end_timeStringThe period end time. Must respect the format "hh:mm".
WAB.timeframe_get.periods.week_daysStringThe period week days.
WAB.timeframe_get.urlStringThe API URL to the resource.

wab-edit-timeframe#


Edit a timeframe category: Timeframes

Base Command#

wab-edit-timeframe

Input#

Argument NameDescriptionRequired
timeframe_idThe timeframe id or name to edit.Required
timeframe_put_timeframe_nameThe timeframe name. No space is permitted at first or end.Optional
timeframe_put_descriptionThe timeframe description.Optional
timeframe_put_is_overtimableDo not close sessions at the end of the time period. Possible values are: true, false.Optional

Context Output#

There is no context output for this command.

wab-delete-timeframe#


Delete a timeframe category: Timeframes

Base Command#

wab-delete-timeframe

Input#

Argument NameDescriptionRequired
timeframe_idThe timeframe id or name to delete.Required

Context Output#

There is no context output for this command.

wab-get-user-groups#


Get the user groups category: User Groups

Base Command#

wab-get-user-groups

Input#

Argument NameDescriptionRequired
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'group_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.usergroups_get.idStringThe group id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.usergroups_get.group_nameStringThe group name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.usergroups_get.profileStringThe group profile.
WAB.usergroups_get.descriptionStringThe group description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.usergroups_get.timeframesStringThe group timeframe(s).
WAB.usergroups_get.usersStringThe users in the group.
WAB.usergroups_get.languageStringLanguage of the notifications. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.usergroups_get.email_listStringApprovers' email addresses, separated by semicolons ";". Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.usergroups_get.restrictions.idStringThe restriction id.
WAB.usergroups_get.restrictions.actionStringThe restriction type.
WAB.usergroups_get.restrictions.rulesStringThe restriction rules.
WAB.usergroups_get.restrictions.subprotocolStringThe restriction subprotocol.
WAB.usergroups_get.urlStringThe API URL to the resource.

wab-get-user-group#


Get the user group category: User Groups

Base Command#

wab-get-user-group

Input#

Argument NameDescriptionRequired
group_idA user group id or name. If specified, only this user group is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.usergroups_get.idStringThe group id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.usergroups_get.group_nameStringThe group name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.usergroups_get.profileStringThe group profile.
WAB.usergroups_get.descriptionStringThe group description. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.usergroups_get.timeframesStringThe group timeframe(s).
WAB.usergroups_get.usersStringThe users in the group.
WAB.usergroups_get.languageStringLanguage of the notifications. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.usergroups_get.email_listStringApprovers' email addresses, separated by semicolons ";". Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.usergroups_get.restrictions.idStringThe restriction id.
WAB.usergroups_get.restrictions.actionStringThe restriction type.
WAB.usergroups_get.restrictions.rulesStringThe restriction rules.
WAB.usergroups_get.restrictions.subprotocolStringThe restriction subprotocol.
WAB.usergroups_get.urlStringThe API URL to the resource.

wab-get-users#


Get the users category: Users

Base Command#

wab-get-users

Input#

Argument NameDescriptionRequired
password_hashExport password hash if true. In Configuration Options menu > REST API then Advanced options, you should set User password hash and change the default Data encryption key. Possible values are: true, false.Optional
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'user_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.user_get.user_nameStringThe user name. /:*?"<>
WAB.user_get.display_nameStringThe displayed name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.emailStringThe email address. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.ip_sourceStringThe source IP to limit access. Format is a comma-separated list of IPv4 or IPV6 addresses, subnets, ranges or domain, for example: 1.2.3.4,2001:db8:🔢5678,192.168.1.10/24,10.11.12.13-14.15.16.17,example.com Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.preferred_languageStringThe preferred language. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.profileStringThe user profile. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.groupsStringThe groups containing this user.
WAB.user_get.user_authsStringThe authentication procedures(s).
WAB.user_get.passwordStringThe password (hidden with stars or empty).
WAB.user_get.force_change_pwdBooleanForce password change. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.ssh_public_keyStringThe SSH public key.
WAB.user_get.certificate_dnStringThe certificate DN (for X509 authentication). Usable in the "sort" parameter.
WAB.user_get.last_connectionStringThe last connection of this user. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.is_lockedBooleanAccount is locked.
WAB.user_get.expiration_dateStringAccount expiration date/time (format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.is_disabledBooleanAccount is disabled. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.urlStringThe API URL to the resource.
WAB.user_get.gpg_public_keyStringThe GPG public key fingerprint.

wab-add-user#


Add a user category: Users

Base Command#

wab-add-user

Input#

Argument NameDescriptionRequired
password_hashSet password hash if true. In Configuration Options menu > REST API then Advanced options, you should set User password hash and change the default Data encryption key. Possible values are: true, false.Optional
user_post_user_nameThe user name. /:*?"<>| are forbidden.Required
user_post_display_nameThe displayed name.Optional
user_post_emailThe email address.Required
user_post_ip_sourceThe source IP to limit access. Format is a comma-separated list of IPv4 or IPV6 addresses, subnets, ranges or domain, for example: 1.2.3.4,2001:db8:🔢5678,192.168.1.10/24,10.11.12.13-14.15.16.17,example.com.Optional
user_post_preferred_languageThe preferred language. Possible values are: de, en, es, fr, ru.Optional
user_post_profileThe user profile.Required
user_post_groupsThe groups containing this user.
Comma-separated list (use [] for an empty list).
Optional
user_post_user_authsThe authentication procedures(s).
Comma-separated list (use [] for an empty list).
Required
user_post_passwordThe password.Optional
user_post_force_change_pwdForce password change. Possible values are: true, false.Optional
user_post_ssh_public_keyThe SSH public key.Optional
user_post_certificate_dnThe certificate DN (for X509 authentication).Optional
user_post_last_connectionThe last connection of this user. (enter null for null value).Optional
user_post_expiration_dateAccount expiration date/time (format: "yyyy-mm-dd hh:mm").Optional
user_post_is_disabledAccount is disabled. Possible values are: true, false.Optional
user_post_gpg_public_keyThe GPG public key (ascii output from the command: 'gpg --armor --export [USER_ID]').Optional

Context Output#

PathTypeDescription
WAB.add_user.idStringid of the created object.

wab-get-user#


Get the user category: Users

Base Command#

wab-get-user

Input#

Argument NameDescriptionRequired
nameA user name. If specified, only this user is returned.Required
password_hashExport password hash if true. In Configuration Options menu > REST API then Advanced options, you should set User password hash and change the default Data encryption key. Possible values are: true, false.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.user_get.user_nameStringThe user name. /:*?"<>
WAB.user_get.display_nameStringThe displayed name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.emailStringThe email address. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.ip_sourceStringThe source IP to limit access. Format is a comma-separated list of IPv4 or IPV6 addresses, subnets, ranges or domain, for example: 1.2.3.4,2001:db8:🔢5678,192.168.1.10/24,10.11.12.13-14.15.16.17,example.com Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.preferred_languageStringThe preferred language. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.profileStringThe user profile. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.groupsStringThe groups containing this user.
WAB.user_get.user_authsStringThe authentication procedures(s).
WAB.user_get.passwordStringThe password (hidden with stars or empty).
WAB.user_get.force_change_pwdBooleanForce password change. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.ssh_public_keyStringThe SSH public key.
WAB.user_get.certificate_dnStringThe certificate DN (for X509 authentication). Usable in the "sort" parameter.
WAB.user_get.last_connectionStringThe last connection of this user. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.is_lockedBooleanAccount is locked.
WAB.user_get.expiration_dateStringAccount expiration date/time (format: "yyyy-mm-dd hh:mm"). Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.is_disabledBooleanAccount is disabled. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.user_get.urlStringThe API URL to the resource.
WAB.user_get.gpg_public_keyStringThe GPG public key fingerprint.

wab-edit-user#


Edit a user category: Users

Base Command#

wab-edit-user

Input#

Argument NameDescriptionRequired
nameThe user name to edit.Required
forceThe default value is false. When set to true, the values of the groups and user_auths are replaced, otherwise the values are added to the existing ones. Possible values are: true, false.Optional
password_hashUpdate password hash if true. In Configuration Options menu > REST API then Advanced options, you should set User password hash and change the default Data encryption key. Possible values are: true, false.Optional
user_put_user_nameThe user name. /:*?"<>| are forbidden.Optional
user_put_display_nameThe displayed name.Optional
user_put_emailThe email address.Optional
user_put_ip_sourceThe source IP to limit access. Format is a comma-separated list of IPv4 or IPV6 addresses, subnets, ranges or domain, for example: 1.2.3.4,2001:db8:🔢5678,192.168.1.10/24,10.11.12.13-14.15.16.17,example.com.Optional
user_put_preferred_languageThe preferred language. Possible values are: de, en, es, fr, ru.Optional
user_put_profileThe user profile.Optional
user_put_groupsThe groups containing this user.
Comma-separated list (use [] for an empty list).
Optional
user_put_user_authsThe authentication procedures(s).
Comma-separated list (use [] for an empty list).
Optional
user_put_passwordThe password.Optional
user_put_force_change_pwdForce password change. Possible values are: true, false.Optional
user_put_ssh_public_keyThe SSH public key.Optional
user_put_certificate_dnThe certificate DN (for X509 authentication).Optional
user_put_last_connectionThe last connection of this user. (enter null for null value).Optional
user_put_expiration_dateAccount expiration date/time (format: "yyyy-mm-dd hh:mm").Optional
user_put_is_disabledAccount is disabled. Possible values are: true, false.Optional
user_put_gpg_public_keyThe GPG public key (ascii output from the command: 'gpg --armor --export [USER_ID]').Optional

Context Output#

There is no context output for this command.

wab-get-target-group-restrictions#


Get target group restrictions category: Target Group Restrictions

Base Command#

wab-get-target-group-restrictions

Input#

Argument NameDescriptionRequired
group_idA target group id or name.Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'group_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.restriction_get.idStringThe restriction id. Usable in the "q" parameter.
WAB.restriction_get.actionStringThe restriction type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.restriction_get.rulesStringThe restriction rules. Usable in the "sort" parameter.
WAB.restriction_get.subprotocolStringThe restriction subprotocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.restriction_get.urlStringThe API URL to the resource.

wab-get-target-group-restriction#


Get one target group restriction category: Target Group Restrictions

Base Command#

wab-get-target-group-restriction

Input#

Argument NameDescriptionRequired
group_idA target group id or name.Required
restriction_idThe identifier of the desired restriction. If specified, only this restriction is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.restriction_get.idStringThe restriction id. Usable in the "q" parameter.
WAB.restriction_get.actionStringThe restriction type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.restriction_get.rulesStringThe restriction rules. Usable in the "sort" parameter.
WAB.restriction_get.subprotocolStringThe restriction subprotocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.restriction_get.urlStringThe API URL to the resource.

wab-edit-restriction-from-targetgroup#


Edit a restriction from a targetgroup category: Target Group Restrictions

Base Command#

wab-edit-restriction-from-targetgroup

Input#

Argument NameDescriptionRequired
group_idA target group id or name.Required
restriction_idThe identifier of the desired restriction.Required
restriction_put_actionThe restriction type. Possible values are: kill, notify.Optional
restriction_put_rulesThe restriction rules.Optional
restriction_put_subprotocolThe restriction subprotocol. Possible values are: SSH_SHELL_SESSION, SSH_REMOTE_COMMAND, SSH_SCP_UP, SSH_SCP_DOWN, SFTP_SESSION, RLOGIN, TELNET, RDP.Optional

Context Output#

There is no context output for this command.

wab-delete-restriction-from-targetgroup#


Delete a restriction from a targetgroup category: Target Group Restrictions

Base Command#

wab-delete-restriction-from-targetgroup

Input#

Argument NameDescriptionRequired
group_idA target group id or name.Required
restriction_idThe identifier of the desired restriction.Required

Context Output#

There is no context output for this command.

wab-get-password-for-target#


Get the password for a given target category: Target Passwords

Base Command#

wab-get-password-for-target

Input#

Argument NameDescriptionRequired
account_nameA target name: 'account@domain@device' for an account on a device, 'account@domain@application' for an account on an application or 'account@domain' for an account on a global domain.Required
key_formatThe format of the SSH private key returned: 'openssh' (by default), 'pkcs1','pkcs8' or 'putty'.Optional
cert_formatThe format of the returned certificate: 'openssh' (by default) or 'ssh.com'.Optional
authorizationThe name of the authorization (in case of multiple authorizations to access the target).Optional
durationOptional duration for the checkout (in seconds). It is used only in case of lock in the checkout policy, and it must be less than the checkout policy duration.Optional

Context Output#

PathTypeDescription
WAB.targetpasswords_get_checkout.checkin_timeStringThe date/time of automatic checkin on the account (if no manual checkin is made until this date/time).
WAB.targetpasswords_get_checkout.remaining_timeStringRemaining checkout time in seconds.
WAB.targetpasswords_get_checkout.lockedBooleanTrue if the account has been locked (a manual or automatic checkin is required), False if the account is not locked (checkin is then forbidden on this account).
WAB.targetpasswords_get_checkout.checkin_change_passwordBooleanTrue if the password will be automatically changed on checkin, False if the password is unchanged.
WAB.targetpasswords_get_checkout.loginStringThe account login.
WAB.targetpasswords_get_checkout.domainStringThe account domain real name.
WAB.targetpasswords_get_checkout.passwordStringThe account password.
WAB.targetpasswords_get_checkout.ssh_keyStringThe account SSH private key.
WAB.targetpasswords_get_checkout.ssh_key_typeStringThe type of the SSH private key (either rsa, dsa, ecdsa or ed25519).
WAB.targetpasswords_get_checkout.ssh_certificateStringThe account SSH signed certificate.
WAB.targetpasswords_get_checkout.deconnection_timeStringThe date/time of automatic deconnection when the account is used in a proxy session.
WAB.targetpasswords_get_checkout.account_nameStringthe account_name.

wab-extend-duration-time-to-get-passwords-for-target#


Extend the duration time to get the passwords for a given target category: Target Passwords

Base Command#

wab-extend-duration-time-to-get-passwords-for-target

Input#

Argument NameDescriptionRequired
account_nameA target name: 'account@domain@device' for an account on a device, 'account@domain@application' for an account on an application or 'account@domain' for an account on a global domain.Required
authorizationThe name of the authorization (in case of multiple authorizations to access the target).Optional

Context Output#

There is no context output for this command.

wab-release-passwords-for-target#


Release the passwords for a given target category: Target Passwords

Base Command#

wab-release-passwords-for-target

Input#

Argument NameDescriptionRequired
account_nameA target name: 'account@domain@device' for an account on a device, 'account@domain@application' for an account on an application or 'account@domain' for an account on a global domain.Required
authorizationThe name of the authorization (in case of multiple authorizations to access the target).Optional
forceThe default value is false. When it is set to true, the checkin is forced. The user connected on the REST API must have an auditor profile and the configured limitations don't prohibit access to the account. Possible values are: true, false.Optional
commentA comment that is input by the auditor when an account checkin is forced. This argument is mandatory if the checkin is forced, and is ignored for a standard checkin.Optional

Context Output#

There is no context output for this command.

wab-get-target-by-type#


Get the target by type category: Targets

Base Command#

wab-get-target-by-type

Input#

Argument NameDescriptionRequired
target_typeThe type of target, one of: 'session_accounts', 'session_account_mappings', 'session_interactive_logins', 'session_scenario_accounts', 'password_retrieval_accounts'.Required
groupReturn only the targets in the group with this name.Optional
group_idReturn only the targets in the group with this id.Optional
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'account,domain'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.getTargetByType.idStringThe target id. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.getTargetByType.accountStringThe device or application account name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.getTargetByType.domainStringThe domain name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.getTargetByType.domain_typeStringThe domain type.
WAB.getTargetByType.deviceStringThe device name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.getTargetByType.serviceStringThe service name. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.getTargetByType.applicationStringThe application name. Usable in the "q" parameter. Usable in the "sort" parameter.

wab-get-mappings-of-user-group#


Get the mappings of a user group category: User Group Mappings

Base Command#

wab-get-mappings-of-user-group

Input#

Argument NameDescriptionRequired
group_idA user group id or name to retrieve.Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'user_group'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.authdomain_mapping_get.idStringThe mapping id. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.domainStringThe name of the domain for which the mapping is defined. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.user_groupStringThe name of the Bastion users group. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.external_groupStringThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.urlStringThe API URL to the resource.

wab-add-mapping-in-group#


Add a mapping in a group and set mapping fallback. If the field "external_group" is set to "*", it is used as the fallback mapping, which allows mapping of users in the domain that do not belong to the external_group to be mapped to the user group by default category: User Group Mappings

Base Command#

wab-add-mapping-in-group

Input#

Argument NameDescriptionRequired
group_idA group id or name.Required
usergroup_mapping_post_domainThe name of the domain for which the mapping is defined.Required
usergroup_mapping_post_external_groupThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping.Required
usergroup_mapping_post_profileThe name of the profile for which the mapping is defined.Required

Context Output#

PathTypeDescription
WAB.add_mapping_in_group.idStringid of the created object.

wab-get-mapping-of-user-group#


Get the mapping of a user group category: User Group Mappings

Base Command#

wab-get-mapping-of-user-group

Input#

Argument NameDescriptionRequired
group_idA user group id or name to retrieve.Required
mapping_idA mapping id to retrieve. If specified, only this mapping information will be retrieved.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.authdomain_mapping_get.idStringThe mapping id. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.domainStringThe name of the domain for which the mapping is defined. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.user_groupStringThe name of the Bastion users group. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.external_groupStringThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping. Usable in the "q" parameter. Usable in the "sort" parameter. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.authdomain_mapping_get.urlStringThe API URL to the resource.

wab-edit-mapping-of-user-group#


Edit a mapping of a user group category: User Group Mappings

Base Command#

wab-edit-mapping-of-user-group

Input#

Argument NameDescriptionRequired
group_idA group id or name.Required
mapping_idA mapping id to edit.Required
usergroup_mapping_post_domainThe name of the domain for which the mapping is defined.Required
usergroup_mapping_post_external_groupThe name of the external group (LDAP/AD: Distinguished Name, Azure AD: name or ID), "*" means fallback mapping.Required
usergroup_mapping_post_profileThe name of the profile for which the mapping is defined.Required

Context Output#

There is no context output for this command.

wab-delete-mapping-of-user-group#


Delete the mapping of the given user group category: User Group Mappings

Base Command#

wab-delete-mapping-of-user-group

Input#

Argument NameDescriptionRequired
group_idA group id or name.Required
mapping_idA mapping id.Required

Context Output#

There is no context output for this command.

wab-get-user-group-restrictions#


Get user group restrictions category: User Group Restrictions

Base Command#

wab-get-user-group-restrictions

Input#

Argument NameDescriptionRequired
group_idA user group id or name.Required
qSearches for a resource matching parameters.Optional
sortComma-separated list of fields used to sort results; a field starting "-" reverses the order. The default sort for this resource is: 'group_name'.Optional
offsetThe index of first item to retrieve (starts and defaults to 0).Optional
limitThe number of items to retrieve (100 by default, -1 = no limit). Note: this default value of 100 can be changed in the REST API configuration option.Optional
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.restriction_get.idStringThe restriction id. Usable in the "q" parameter.
WAB.restriction_get.actionStringThe restriction type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.restriction_get.rulesStringThe restriction rules. Usable in the "sort" parameter.
WAB.restriction_get.subprotocolStringThe restriction subprotocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.restriction_get.urlStringThe API URL to the resource.

wab-add-restriction-to-usergroup#


Add a restriction to a usergroup category: User Group Restrictions

Base Command#

wab-add-restriction-to-usergroup

Input#

Argument NameDescriptionRequired
group_idA user group id or name.Required
restriction_post_actionThe restriction type. Possible values are: kill, notify.Required
restriction_post_rulesThe restriction rules.Required
restriction_post_subprotocolThe restriction subprotocol. Possible values are: SSH_SHELL_SESSION, SSH_REMOTE_COMMAND, SSH_SCP_UP, SSH_SCP_DOWN, SFTP_SESSION, RLOGIN, TELNET, RDP.Required

Context Output#

PathTypeDescription
WAB.add_restriction_to_usergroup.idStringid of the created object.

wab-get-user-group-restriction#


Get one user group restriction category: User Group Restrictions

Base Command#

wab-get-user-group-restriction

Input#

Argument NameDescriptionRequired
group_idA user group id or name.Required
restriction_idThe identifier of the desired restriction. If specified, only this restriction is returned.Required
fieldsThe list of fields to return (separated by commas). By default all fields are returned.Optional

Context Output#

PathTypeDescription
WAB.restriction_get.idStringThe restriction id. Usable in the "q" parameter.
WAB.restriction_get.actionStringThe restriction type. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.restriction_get.rulesStringThe restriction rules. Usable in the "sort" parameter.
WAB.restriction_get.subprotocolStringThe restriction subprotocol. Usable in the "q" parameter. Usable in the "sort" parameter.
WAB.restriction_get.urlStringThe API URL to the resource.

wab-edit-restriction-from-usergroup#


Edit a restriction from a usergroup category: User Group Restrictions

Base Command#

wab-edit-restriction-from-usergroup

Input#

Argument NameDescriptionRequired
group_idA user group id or name.Required
restriction_idThe identifier of the desired restriction.Required
restriction_put_actionThe restriction type. Possible values are: kill, notify.Optional
restriction_put_rulesThe restriction rules.Optional
restriction_put_subprotocolThe restriction subprotocol. Possible values are: SSH_SHELL_SESSION, SSH_REMOTE_COMMAND, SSH_SCP_UP, SSH_SCP_DOWN, SFTP_SESSION, RLOGIN, TELNET, RDP.Optional

Context Output#

There is no context output for this command.

wab-delete-restriction-from-usergroup#


Delete a restriction from a usergroup category: User Group Restrictions

Base Command#

wab-delete-restriction-from-usergroup

Input#

Argument NameDescriptionRequired
group_idA user group id or name.Required
restriction_idThe identifier of the desired restriction.Required

Context Output#

There is no context output for this command.

wab-get-version#


Get the REST API and WALLIX Bastion version numbers category: Version

Base Command#

wab-get-version

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
WAB.version_get.versionStringThe REST API version.
WAB.version_get.version_decimalNumberThe REST API version as decimal number.
WAB.version_get.wab_versionStringThe WALLIX Bastion version (format: X.Y).
WAB.version_get.wab_form_factorStringThe WALLIX Bastion form factor (appliance, cloud). .
WAB.version_get.wab_version_decimalNumberThe WALLIX Bastion version as decimal number.
WAB.version_get.wab_version_hotfixStringThe WALLIX Bastion version with hotfix level (format: X.Y.Z, Z being the hotfix level).
WAB.version_get.wab_version_hotfix_decimalNumberThe WALLIX Bastion version with hotfix level as decimal.
WAB.version_get.wab_complete_versionStringThe WALLIX Bastion complete version, with hotfix level and build date.