{"resources":{"proxmox":{"id":"proxmox","name":"proxmox","fields":{"about":{"name":"about","type":"\n","title":"Version and system information","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"acl":{"name":"acl","type":"\u0019\u001bproxmox.acl","title":"Access-control list entries assigning roles to users, groups, and tokens on cluster paths","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"backup":{"name":"backup","type":"\u001bproxmox.backup","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"backupJobs":{"name":"backupJobs","type":"\u0019\u001bproxmox.backup.job","title":"Scheduled cluster-wide vzdump backup jobs","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"certificate":{"name":"certificate","type":"\u001bproxmox.certificate","title":"Proxmox VE node TLS certificate","desc":"Examine a TLS/SSL certificate installed on a Proxmox node. Reports the certificate `subject`, `issuer`, `fingerprint`, validity window via `notBefore` and `notAfter`, Subject Alternative Names in `san`, and the public key details `publicKeyType` and `publicKeyBits`. The `filename` field identifies which certificate file this entry represents.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"cluster":{"name":"cluster","type":"\u001bproxmox.cluster","title":"Cluster-level information (HA, quorum, corosync)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"container":{"name":"container","type":"\u001bproxmox.container","title":"Proxmox VE LXC container","desc":"Examine an LXC container in the cluster, identified by numeric `id` and display `name`. Reports current `status` (running, stopped), the `node` it runs on, and resource usage including `cpu`, `mem`, `disk`, `netin`, and `netout`. Configuration details — whether the container runs `unprivileged`, its `ostype`, `hostname`, enabled `features` (nesting, fuse, mount, keyctl), boot options (`onboot`, `startup`, `protection`), description, and tags — are available as computed fields. Network interfaces are listed through `networks`, mount points through `mountPoints`, point-in-time `snapshots` through the snapshots field, firewall configuration via `firewallRules`, `firewallOptions`, `ipsets`, and `aliases`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"containers":{"name":"containers","type":"\u0019\u001bproxmox.container","title":"All LXC containers across the cluster","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"dns":{"name":"dns","type":"\u001bproxmox.dns","title":"Proxmox VE node DNS configuration","desc":"Examine the DNS resolver configuration on a Proxmox node. Reports the `search` domain and up to three nameservers via `dns1`, `dns2`, and `dns3`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"firewall":{"name":"firewall","type":"\u001bproxmox.firewall","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"group":{"name":"group","type":"\u001bproxmox.group","title":"Proxmox VE access control group","desc":"Examine a group defined in the Proxmox cluster, identified by `id`. Groups bundle users for path-based ACL assignment. The `comment` holds the group description. `memberIds` lists the user IDs that belong to the group; `members` resolves them to typed `proxmox.user` references for traversal.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"groups":{"name":"groups","type":"\u0019\u001bproxmox.group","title":"Groups configured in the cluster","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"lvm":{"name":"lvm","type":"\u001bproxmox.lvm","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"network":{"name":"network","type":"\u001bproxmox.network","title":"Proxmox VE node network interface","desc":"Examine a network interface on a Proxmox node, identified by `iface` (e.g. `vmbr0`, `eth0`). Reports the interface `type` (bridge, bond, eth, vlan, OVSBridge, etc.), whether it is `active` and `autostart` enabled, the address assignment `method` (static, dhcp, manual), and addressing details including `address`, `netmask`, `gateway`, and `cidr`. Bridge interfaces list their member ports in `bridgePorts`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"node":{"name":"node","type":"\u001bproxmox.node","title":"Proxmox VE node","desc":"Examine a physical or virtual host in the Proxmox cluster, identified by `name`. Reports hardware details including CPU model, socket and core counts, memory and swap totals, as well as current utilization via `cpuUsage`, `memUsed`, and `memFree`. System information covers the running `kernelVersion`, `pveVersion`, and `uptime`. Network interfaces are available through `networks`, DNS configuration through `dns`, and systemd service states through `services`. Security-relevant data includes TLS `certificates`, APT `repositories`, available `updates`, and node-level `firewallRules`. VMs running on the node are listed via `vms`, and subscription status is available through `subscription`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"nodes":{"name":"nodes","type":"\u0019\u001bproxmox.node","title":"All cluster nodes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pool":{"name":"pool","type":"\u001bproxmox.pool","title":"Proxmox VE resource pool","desc":"Examine a resource pool in the cluster, identified by `id`. Pools group VMs and storage for access-control purposes. The `comment` field holds the pool description.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"pools":{"name":"pools","type":"\u0019\u001bproxmox.pool","title":"Resource pools","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"realm":{"name":"realm","type":"\u001bproxmox.realm","title":"Proxmox VE authentication realm","desc":"Examine an authentication realm configured in the Proxmox cluster, identified by `realm`. Reports the realm `type` (pam, pve, ldap, ad, openid), whether it is the `default` realm, the realm-enforced TFA challenge in `tfaType` (empty when no realm-wide TFA is required), and full configuration via `config` — including LDAP servers, sync settings, OpenID issuer URLs, and `autocreate` flags.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"realms":{"name":"realms","type":"\u0019\u001bproxmox.realm","title":"Authentication realms (pam, pve, ldap, ad, openid)","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"replication":{"name":"replication","type":"\u001bproxmox.replication","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"replicationJobs":{"name":"replicationJobs","type":"\u0019\u001bproxmox.replication.job","title":"Guest-storage replication jobs configured on the cluster","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"repository":{"name":"repository","type":"\u001bproxmox.repository","title":"Proxmox VE node APT repository","desc":"Examine an APT repository configured on a Proxmox node, identified by `id`. Reports the repository `name`, whether it is `enabled`, declared `types` (deb, deb-src), `uris`, `suites` (e.g. bookworm, stable), `components` (main, contrib, etc.), and `fileType` (sources.list or sources.list.d entry). Useful for verifying that only official Proxmox repositories are active.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"role":{"name":"role","type":"\u001bproxmox.role","title":"Proxmox VE access control role","desc":"Examine a role defined in the Proxmox cluster, identified by `id`. Reports the list of `privs` (privileges) assigned to the role and whether it is a built-in role via `special`. Roles are assigned to users and groups on paths to implement Proxmox's path-based access-control model.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"roles":{"name":"roles","type":"\u0019\u001bproxmox.role","title":"Roles defined in the cluster","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"sdn":{"name":"sdn","type":"\u001bproxmox.sdn","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"sdnVnets":{"name":"sdnVnets","type":"\u0019\u001bproxmox.sdn.vnet","title":"SDN virtual networks defined on the cluster","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"sdnZones":{"name":"sdnZones","type":"\u0019\u001bproxmox.sdn.zone","title":"SDN zones defined on the cluster","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"service":{"name":"service","type":"\u001bproxmox.service","title":"Proxmox VE node systemd service","desc":"Examine a systemd service on a Proxmox node, identified by `name`. Reports the current runtime `state` (running, dead, etc.), service `description`, and `unitFileState` (enabled, disabled, static, masked). Useful for auditing whether critical Proxmox services such as `pve-cluster`, `pveproxy`, or `corosync` are active.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"storage":{"name":"storage","type":"\u001bproxmox.storage","title":"Proxmox VE storage pool","desc":"Examine a storage pool configured in the cluster, identified by `id`. Reports the storage `type` (dir, lvm, lvmthin, nfs, cifs, zfspool, ceph, etc.), allowed `content` types, filesystem `path` for local types, and whether the pool is `enabled` and `shared` across nodes. Capacity data is available via `total`, `used`, `available`, and `usagePercent`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"storages":{"name":"storages","type":"\u0019\u001bproxmox.storage","title":"Storage pools configured in the cluster","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"subscription":{"name":"subscription","type":"\u001bproxmox.subscription","title":"Proxmox VE subscription","desc":"Examine the Proxmox support subscription for a node. Reports `status` (active, notfound, invalid), subscription `level` (basic, standard, premium), `productName`, `key`, `serverId`, registration date via `regDate`, and the next renewal date via `nextDueDate`. Useful for compliance checks that require an active subscription.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"token":{"name":"token","type":"\u001bproxmox.token","title":"Proxmox VE API token","desc":"Examine an API token belonging to a Proxmox user, identified by `id` in the form `user@realm!tokenid`. Reports the token `comment`, `expire` time (Unix timestamp, 0 = never), and whether privilege separation is active via `privsep`. When `privsep` is true the token's permissions are limited to a subset of the owner's privileges.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"user":{"name":"user","type":"\u001bproxmox.user","title":"Proxmox VE user","desc":"Examine a user account in the Proxmox cluster, identified by `id` in the form `user@realm`. Reports whether the account is `enable`d, its `email`, `firstname`, `lastname`, `realm` (pam, pve, ldap, ad), `groups` membership, and `expire` time (Unix timestamp, 0 = never). Multi-factor enrollment is available through `tfaFactors` and `tfaLockedUntil`, the realm authentication type through `realmType`, and API tokens belonging to the user through `tokens`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"users":{"name":"users","type":"\u0019\u001bproxmox.user","title":"Users configured in the cluster","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vm":{"name":"vm","type":"\u001bproxmox.vm","title":"Proxmox VE virtual machine","desc":"Examine a QEMU virtual machine in the cluster, identified by numeric `id` and display `name`. Reports current `status` (running, stopped, paused), the `node` it runs on, and resource usage including `cpu`, `mem`, `disk`, `netin`, and `netout`. Configuration details — OS type, machine type, BIOS, boot order, guest agent state, protection, description, and tags — are available as computed fields. Network interfaces are listed through `networks`, storage devices through `disks`, and point-in-time `snapshots` through the snapshots field. VM-level firewall rules are accessible via `firewallRules`, and installed packages with available updates via `updates` (requires the QEMU guest agent).","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"vms":{"name":"vms","type":"\u0019\u001bproxmox.vm","title":"All QEMU virtual machines across the cluster","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"zfs":{"name":"zfs","type":"\u001bproxmox.zfs","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true}},"title":"Proxmox VE","desc":"Use this resource to access the top-level Proxmox Virtual Environment cluster. Query version and system information via `about`, enumerate all virtual machines with `vms`, all LXC `containers`, list cluster nodes with `nodes`, inspect storage pools via `storages`, manage resource pools with `pools`, and audit users, groups, roles, ACL entries, and authentication realms through `users`, `groups`, `roles`, `acl`, and `realms`. Cluster-level HA, quorum, and firewall configuration is available through `cluster`. Scheduled vzdump backup jobs are exposed via `backupJobs`.","min_provider_version":"0.1.1","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.acl":{"id":"proxmox.acl","name":"proxmox.acl","fields":{"group":{"name":"group","type":"\u001bproxmox.group","title":"Group this entry refers to when `type` is `group`; null otherwise","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Path the entry applies to (e.g. /, /vms/100, /storage/local)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"propagate":{"name":"propagate","type":"\u0004","is_mandatory":true,"title":"Whether the grant propagates to child paths","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"role":{"name":"role","type":"\u001bproxmox.role","title":"Resolved role","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"roleId":{"name":"roleId","type":"\u0007","is_mandatory":true,"title":"Role ID granted at this path","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"token":{"name":"token","type":"\u001bproxmox.token","title":"Token this entry refers to when `type` is `token`; null otherwise","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Entry type — user, group, or token","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ugid":{"name":"ugid","type":"\u0007","is_mandatory":true,"title":"Identifier of the user, group, or token the grant applies to","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"user":{"name":"user","type":"\u001bproxmox.user","title":"User this entry refers to when `type` is `user`; null otherwise","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE access control list entry","desc":"Examine an ACL assignment in the Proxmox cluster. An entry grants a `role` to a user, group, or API token (identified by `ugid`) at a specific `path` such as `/`, `/vms/100`, or `/storage/local`. The `type` field discriminates between user, group, and token entries; `propagate` indicates whether the grant applies to child paths. Typed accessors `user`, `group`, `token`, and `role` resolve `ugid` and `roleId` to their corresponding resources for traversal — only the accessor matching `type` is non-null.","min_provider_version":"0.1.9","defaults":"path type ugid roleId propagate","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.backup":{"id":"proxmox.backup","fields":{"job":{"name":"job","type":"\u001bproxmox.backup.job","title":"Proxmox VE scheduled backup job","desc":"Examine a cluster-wide vzdump backup job, identified by `id`. The job selects guests by explicit `vmids`, by `pool`, or by `all`, and writes to `storage` on the optional `schedule`. Reports the dump `mode` (snapshot, suspend, stop), `compress` algorithm, notification configuration via `mailto` and `notificationMode`, retention via `prune`, and the `fleecing` setting. `targetStorage` resolves `storage` to a typed `proxmox.storage` reference so audits can check the storage pool's encryption or sharing semantics in the same query. The full raw job definition is available through `config`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true}},"is_extension":true},"proxmox.backup.job":{"id":"proxmox.backup.job","name":"proxmox.backup.job","fields":{"all":{"name":"all","type":"\u0004","is_mandatory":true,"title":"Whether the job targets every guest","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Job comment","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"compress":{"name":"compress","type":"\u0007","is_mandatory":true,"title":"Compression algorithm (0, 1, gzip, lzo, zstd)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"config":{"name":"config","type":"\n","title":"Full raw job configuration as returned by /cluster/backup/\u003cid\u003e","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the job is enabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"exclude":{"name":"exclude","type":"\u0007","is_mandatory":true,"title":"Comma-separated VMIDs to exclude","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"fleecing":{"name":"fleecing","type":"\u0007","is_mandatory":true,"title":"Fleecing configuration (e.g. enabled=1,storage=pbs)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Job identifier","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mailto":{"name":"mailto","type":"\u0007","is_mandatory":true,"title":"Comma-separated email recipients","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mode":{"name":"mode","type":"\u0007","is_mandatory":true,"title":"Dump mode (snapshot, suspend, stop)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"nextRun":{"name":"nextRun","type":"\u0005","is_mandatory":true,"title":"Next scheduled run as a Unix timestamp; 0 if not scheduled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"node":{"name":"node","type":"\u0007","is_mandatory":true,"title":"Node the job is restricted to; empty when cluster-wide","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"notesTemplate":{"name":"notesTemplate","type":"\u0007","is_mandatory":true,"title":"Template for backup notes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"notificationMode":{"name":"notificationMode","type":"\u0007","is_mandatory":true,"title":"Notification routing mode (auto, legacy-sendmail, notification-system)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pool":{"name":"pool","type":"\u0007","is_mandatory":true,"title":"Pool the job targets (alternative to vmids)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"protected":{"name":"protected","type":"\u0004","is_mandatory":true,"title":"Whether resulting backups are marked protected","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"prune":{"name":"prune","type":"\u0007","is_mandatory":true,"title":"Retention specification (e.g. keep-last=7,keep-daily=14)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"schedule":{"name":"schedule","type":"\u0007","is_mandatory":true,"title":"Schedule (systemd-calendar expression, e.g. `mon..fri 03:00`)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"storage":{"name":"storage","type":"\u0007","is_mandatory":true,"title":"Storage name backups are written to","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"targetContainers":{"name":"targetContainers","type":"\u0019\u001bproxmox.container","title":"Containers this job targets, resolved the same way as `targetVms`","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"targetStorage":{"name":"targetStorage","type":"\u001bproxmox.storage","title":"Resolved target storage pool","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"targetVms":{"name":"targetVms","type":"\u0019\u001bproxmox.vm","title":"VMs this job targets","desc":"Resolved from `vmids` and `all` against the current cluster inventory. When `all` is true this returns every VM and `vmids` is ignored. Pool-scoped jobs (`pool` set, `vmids` empty) return an empty list — query `pool` for those instead.","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vmids":{"name":"vmids","type":"\u0007","is_mandatory":true,"title":"Comma-separated VMIDs the job targets","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE scheduled backup job","desc":"Examine a cluster-wide vzdump backup job, identified by `id`. The job selects guests by explicit `vmids`, by `pool`, or by `all`, and writes to `storage` on the optional `schedule`. Reports the dump `mode` (snapshot, suspend, stop), `compress` algorithm, notification configuration via `mailto` and `notificationMode`, retention via `prune`, and the `fleecing` setting. `targetStorage` resolves `storage` to a typed `proxmox.storage` reference so audits can check the storage pool's encryption or sharing semantics in the same query. The full raw job definition is available through `config`.","min_provider_version":"0.1.9","defaults":"id schedule storage enabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.certificate":{"id":"proxmox.certificate","name":"proxmox.certificate","fields":{"daysUntilExpiry":{"name":"daysUntilExpiry","type":"\u0005","title":"Days remaining until `notAfter`","desc":"Computed as `notAfter` minus the time the value is read. Negative when the certificate has already expired, which makes `daysUntilExpiry \u003c 30` / `\u003c 0` a natural way to write expiry policies.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"filename":{"name":"filename","type":"\u0007","is_mandatory":true,"title":"Certificate filename","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Certificate fingerprint","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"issuer":{"name":"issuer","type":"\u0007","is_mandatory":true,"title":"Certificate issuer","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"notAfter":{"name":"notAfter","type":"\t","is_mandatory":true,"title":"Expiration date","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"notBefore":{"name":"notBefore","type":"\t","is_mandatory":true,"title":"Valid from date","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"publicKeyBits":{"name":"publicKeyBits","type":"\u0005","is_mandatory":true,"title":"Public key size in bits","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"publicKeyType":{"name":"publicKeyType","type":"\u0007","is_mandatory":true,"title":"Public key type (rsa, ec)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"san":{"name":"san","type":"\u0019\u0007","is_mandatory":true,"title":"Subject Alternative Names","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"subject":{"name":"subject","type":"\u0007","is_mandatory":true,"title":"Certificate subject","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE node TLS certificate","desc":"Examine a TLS/SSL certificate installed on a Proxmox node. Reports the certificate `subject`, `issuer`, `fingerprint`, validity window via `notBefore` and `notAfter`, Subject Alternative Names in `san`, and the public key details `publicKeyType` and `publicKeyBits`. The `filename` field identifies which certificate file this entry represents.","min_provider_version":"0.1.1","defaults":"subject notAfter","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.cluster":{"id":"proxmox.cluster","name":"proxmox.cluster","fields":{"aliases":{"name":"aliases","type":"\u0019\u001bproxmox.firewall.alias","title":"Cluster-level firewall aliases","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"bandwidthLimits":{"name":"bandwidthLimits","type":"\n","title":"Default cluster-wide bandwidth limits","desc":"Limits cover restore, migration, clone, and move operations. Keys mirror /cluster/options (`default`, `restore`, `migration`, etc.). Empty when no limits are set.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"consoleViewer":{"name":"consoleViewer","type":"\u0007","title":"Default VNC/SPICE console viewer","desc":"One of `html5`, `vv`, or empty for the PVE default.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewallGroups":{"name":"firewallGroups","type":"\u0019\u001bproxmox.firewall.group","title":"Cluster-level firewall security groups","desc":"Each group is a named rule set that other rules reference with `type=group`. Auditing the group definitions lets policies verify that the referenced rules match their stated intent.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewallOptions":{"name":"firewallOptions","type":"\u001bproxmox.firewall.options","title":"Cluster-level firewall options (enable, policy_in, policy_out, log_*)","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewallRules":{"name":"firewallRules","type":"\u0019\u001bproxmox.firewall.rule","title":"Cluster-level firewall rules","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"haGroup":{"name":"haGroup","type":"\u001bproxmox.cluster.haGroup","title":"Proxmox VE HA group","desc":"Examine a high-availability group defined on the cluster. A group constrains where HA-managed guests are allowed to run. Reports the group `id`, comma-separated `nodes` membership (entries may include priorities like `pve1:2`), whether the group is `restricted` (HA will refuse to fail over outside group members), and `noFailback` (HA will not automatically move guests back to higher-priority nodes once they recover).","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"haGroups":{"name":"haGroups","type":"\u0019\u001bproxmox.cluster.haGroup","title":"High-availability groups","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"haResource":{"name":"haResource","type":"\u001bproxmox.cluster.haResource","title":"Proxmox VE cluster HA resource","desc":"Examine a high-availability resource managed by the cluster. Each entry is identified by `id` (e.g. `vm:100`) and `type` (vm or ct), and reports its current `status`, assigned `node`, desired `state` (started, stopped, disabled), HA `group`, and the maximum number of restart and relocate attempts via `maxRestart` and `maxRelocate`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"haResources":{"name":"haResources","type":"\u0019\u001bproxmox.cluster.haResource","title":"High-availability resources","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ipsets":{"name":"ipsets","type":"\u0019\u001bproxmox.firewall.ipset","title":"Cluster-level IPsets","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"migrationNetwork":{"name":"migrationNetwork","type":"\u0007","title":"CIDR of the dedicated migration network","desc":"Empty when migrations use the management network.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"migrationPolicy":{"name":"migrationPolicy","type":"\u0007","title":"Migration network policy","desc":"`secure` tunnels through SSH; `insecure` exposes the storage stream on the chosen migration network. Empty when not configured; Proxmox defaults to `secure`.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Cluster name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"nodeCount":{"name":"nodeCount","type":"\u0005","is_mandatory":true,"title":"Number of nodes in the cluster","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"options":{"name":"options","type":"\n","title":"Cluster-level options","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"quorate":{"name":"quorate","type":"\u0004","is_mandatory":true,"title":"Whether the cluster has quorum","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"version":{"name":"version","type":"\u0005","is_mandatory":true,"title":"Cluster config version","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE cluster","desc":"Examine cluster-level configuration and health. Includes the cluster `name`, `version`, quorum status via `quorate`, and `nodeCount`. High-availability resources are listed through `haResources`, cluster-wide firewall rules through `firewallRules`, and global cluster options through `options`.","min_provider_version":"0.1.1","defaults":"name quorate","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.cluster.haGroup":{"id":"proxmox.cluster.haGroup","name":"proxmox.cluster.haGroup","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Group comment","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Group ID","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"noFailback":{"name":"noFailback","type":"\u0004","is_mandatory":true,"title":"Whether HA suppresses automatic failback to higher-priority members","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"nodes":{"name":"nodes","type":"\u0007","is_mandatory":true,"title":"Member nodes (comma-separated; entries may carry `node:priority`)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"restricted":{"name":"restricted","type":"\u0004","is_mandatory":true,"title":"Whether HA refuses to fail over outside group members","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE HA group","desc":"Examine a high-availability group defined on the cluster. A group constrains where HA-managed guests are allowed to run. Reports the group `id`, comma-separated `nodes` membership (entries may include priorities like `pve1:2`), whether the group is `restricted` (HA will refuse to fail over outside group members), and `noFailback` (HA will not automatically move guests back to higher-priority nodes once they recover).","min_provider_version":"0.1.9","defaults":"id restricted noFailback","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.cluster.haResource":{"id":"proxmox.cluster.haResource","name":"proxmox.cluster.haResource","fields":{"container":{"name":"container","type":"\u001bproxmox.container","title":"Container this resource refers to when `type` is `ct`; null otherwise","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"group":{"name":"group","type":"\u0007","is_mandatory":true,"title":"HA group","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"groupRef":{"name":"groupRef","type":"\u001bproxmox.cluster.haGroup","title":"Resolved HA group","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Resource ID (e.g. vm:100)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"maxRelocate":{"name":"maxRelocate","type":"\u0005","is_mandatory":true,"title":"Maximum relocate attempts","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"maxRestart":{"name":"maxRestart","type":"\u0005","is_mandatory":true,"title":"Maximum restart attempts","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"node":{"name":"node","type":"\u0007","is_mandatory":true,"title":"Node the resource is assigned to","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Desired state (started, stopped, disabled)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Current HA status","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Resource type (vm, ct)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vm":{"name":"vm","type":"\u001bproxmox.vm","title":"VM this resource refers to when `type` is `vm`; null otherwise","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE cluster HA resource","desc":"Examine a high-availability resource managed by the cluster. Each entry is identified by `id` (e.g. `vm:100`) and `type` (vm or ct), and reports its current `status`, assigned `node`, desired `state` (started, stopped, disabled), HA `group`, and the maximum number of restart and relocate attempts via `maxRestart` and `maxRelocate`.","min_provider_version":"0.1.1","defaults":"id type status","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.container":{"id":"proxmox.container","name":"proxmox.container","fields":{"aliases":{"name":"aliases","type":"\u0019\u001bproxmox.firewall.alias","title":"Container-level firewall aliases","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cmode":{"name":"cmode","type":"\u0007","title":"Console mode","desc":"One of `tty` (per-tty consoles, default), `console` (single console on /dev/console), or `shell` (drop into a shell). `shell` disables the login prompt and is unusual in production.","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"config":{"name":"config","type":"\n","title":"Full container configuration as dictionary","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cpu":{"name":"cpu","type":"\u0006","is_mandatory":true,"title":"Current CPU usage (fraction)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cpuLimit":{"name":"cpuLimit","type":"\u0006","title":"CPU limit in cores; 0 means no per-container limit (CFS bandwidth throttling disabled)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cpuUnits":{"name":"cpuUnits","type":"\u0005","title":"CPU weight relative to other containers; PVE default is 1024","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"description":{"name":"description","type":"\u0007","title":"Container description/notes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"disk":{"name":"disk","type":"\u0005","is_mandatory":true,"title":"Current disk usage in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"diskread":{"name":"diskread","type":"\u0005","is_mandatory":true,"title":"Total bytes read from disk","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"diskwrite":{"name":"diskwrite","type":"\u0005","is_mandatory":true,"title":"Total bytes written to disk","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"features":{"name":"features","type":"\u0019\u0007","title":"Enabled features parsed from the `features` config line","desc":"Each entry is the name of an enabled extra capability — `nesting`, `fuse`, `mount=\u003ctypes\u003e`, or `keyctl`. An empty list means the container runs with the default capability set.","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewallOptions":{"name":"firewallOptions","type":"\u001bproxmox.firewall.options","title":"Container-level firewall options","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewallRules":{"name":"firewallRules","type":"\u0019\u001bproxmox.firewall.rule","title":"Container-level firewall rules","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"hostname":{"name":"hostname","type":"\u0007","title":"Container hostname","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0005","is_mandatory":true,"title":"VMID","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ipsets":{"name":"ipsets","type":"\u0019\u001bproxmox.firewall.ipset","title":"Container-level IPsets","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"maxcpu":{"name":"maxcpu","type":"\u0005","is_mandatory":true,"title":"Number of configured vCPUs","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"maxdisk":{"name":"maxdisk","type":"\u0005","is_mandatory":true,"title":"Configured maximum disk size in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"maxmem":{"name":"maxmem","type":"\u0005","is_mandatory":true,"title":"Configured maximum memory in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mem":{"name":"mem","type":"\u0005","is_mandatory":true,"title":"Current memory usage in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mountPoint":{"name":"mountPoint","type":"\u001bproxmox.container.mountPoint","title":"Proxmox VE container mount point","desc":"Examine a mount point attached to an LXC container. The `id` field identifies the slot (`rootfs`, `mp0`–`mp254`). Reports the backing `storage`, `size` in bytes, in-container `mountPath`, whether the mount is `backup`-included, `replicate`-included, and `readonly`, and whether ID mapping is permitted via `aclEnabled`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"mountPoints":{"name":"mountPoints","type":"\u0019\u001bproxmox.container.mountPoint","title":"Mount points (rootfs + mp0..mp254) attached to the container","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Container display name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"nameserver":{"name":"nameserver","type":"\u0007","title":"DNS nameservers configured for the container; empty inherits the host's resolver","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"netin":{"name":"netin","type":"\u0005","is_mandatory":true,"title":"Total incoming network bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"netout":{"name":"netout","type":"\u0005","is_mandatory":true,"title":"Total outgoing network bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"network":{"name":"network","type":"\u001bproxmox.container.network","title":"Proxmox VE container network interface","desc":"Examine a network interface attached to an LXC container. The `id` field identifies the slot (e.g. `net0`, `net1`). Reports the interface `name` (as seen inside the guest), `macAddress`, connected `bridge`, VLAN `tag`, whether the per-NIC `firewall` is enabled, and IPv4/IPv6 addressing (`ip`, `gw`, `ip6`, `gw6`).","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"networks":{"name":"networks","type":"\u0019\u001bproxmox.container.network","title":"Network interfaces attached to the container","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"node":{"name":"node","type":"\u0007","is_mandatory":true,"title":"Node this container is running on","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"onboot":{"name":"onboot","type":"\u0004","title":"Whether the container starts on boot","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"osType":{"name":"osType","type":"\u0007","title":"OS type (debian, ubuntu, centos, alpine, ...)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"passthroughDevice":{"name":"passthroughDevice","type":"\u001bproxmox.container.passthroughDevice","title":"Proxmox VE container host-device passthrough entry","desc":"Examine a `dev\u003cn\u003e` configuration entry on an LXC container. PVE 7+ uses this format to expose a host `/dev` node into the guest; the optional `uid=`, `gid=`, and `mode=` overrides control the in-container permissions. A `mode=` of 0666 effectively grants the device to every UID in the container.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"passthroughDevices":{"name":"passthroughDevices","type":"\u0019\u001bproxmox.container.passthroughDevice","title":"Host devices passed through to the container","desc":"Parsed from `dev0`..`dev255`. Each entry grants the container direct access to a host `/dev` node and is a host-pivot surface — a permissive `mode=` (e.g. `0666`) effectively shares the device with everyone inside the guest.","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pool":{"name":"pool","type":"\u001bproxmox.pool","title":"Resource pool this container belongs to; null when unassigned","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"protection":{"name":"protection","type":"\u0004","title":"Whether the container is protected from removal","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"rawLxc":{"name":"rawLxc","type":"\u0019\u0007","title":"Raw `lxc.*` config lines applied verbatim to the container","desc":"Each entry is one `lxc.\u003ckey\u003e: \u003cvalue\u003e` line — typically used for AppArmor profiles (`lxc.apparmor.profile`), capability adjustments (`lxc.cap.drop` / `lxc.cap.keep`), or mount tweaks. Anything in here is an explicit override of the PVE defaults and warrants an audit review.","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"searchDomain":{"name":"searchDomain","type":"\u0007","title":"DNS search domain configured for the container; empty inherits the host's resolver","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"snapshots":{"name":"snapshots","type":"\u0019\u001bproxmox.vm.snapshot","title":"Container snapshots","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Current status (running, stopped)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"swap":{"name":"swap","type":"\u0005","title":"Swap size in bytes; 0 means swap is disabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"tags":{"name":"tags","type":"\u0019\u0007","title":"Tags assigned to the container","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"template":{"name":"template","type":"\u0004","is_mandatory":true,"title":"Whether this container is a template","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"unprivileged":{"name":"unprivileged","type":"\u0004","title":"Whether the container runs unprivileged","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"uptime":{"name":"uptime","type":"\u0005","is_mandatory":true,"title":"Uptime in seconds","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE LXC container","desc":"Examine an LXC container in the cluster, identified by numeric `id` and display `name`. Reports current `status` (running, stopped), the `node` it runs on, and resource usage including `cpu`, `mem`, `disk`, `netin`, and `netout`. Configuration details — whether the container runs `unprivileged`, its `ostype`, `hostname`, enabled `features` (nesting, fuse, mount, keyctl), boot options (`onboot`, `startup`, `protection`), description, and tags — are available as computed fields. Network interfaces are listed through `networks`, mount points through `mountPoints`, point-in-time `snapshots` through the snapshots field, firewall configuration via `firewallRules`, `firewallOptions`, `ipsets`, and `aliases`.","min_provider_version":"0.1.9","defaults":"id name status unprivileged","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.container.mountPoint":{"id":"proxmox.container.mountPoint","name":"proxmox.container.mountPoint","fields":{"aclEnabled":{"name":"aclEnabled","type":"\u0004","is_mandatory":true,"title":"Whether POSIX ACLs are enabled on the mount","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"backup":{"name":"backup","type":"\u0004","is_mandatory":true,"title":"Whether this mount point is included in backups","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Mount point ID (rootfs, mp0, mp1, ...)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mountPath":{"name":"mountPath","type":"\u0007","is_mandatory":true,"title":"Path inside the container","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"readonly":{"name":"readonly","type":"\u0004","is_mandatory":true,"title":"Whether the mount point is read-only","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"replicate":{"name":"replicate","type":"\u0004","is_mandatory":true,"title":"Whether this mount point is included in replication","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"size":{"name":"size","type":"\u0005","is_mandatory":true,"title":"Size in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"storage":{"name":"storage","type":"\u0007","is_mandatory":true,"title":"Backing storage name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"storageRef":{"name":"storageRef","type":"\u001bproxmox.storage","title":"Resolved backing storage pool","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE container mount point","desc":"Examine a mount point attached to an LXC container. The `id` field identifies the slot (`rootfs`, `mp0`–`mp254`). Reports the backing `storage`, `size` in bytes, in-container `mountPath`, whether the mount is `backup`-included, `replicate`-included, and `readonly`, and whether ID mapping is permitted via `aclEnabled`.","min_provider_version":"0.1.9","defaults":"id storage mountPath size","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.container.network":{"id":"proxmox.container.network","name":"proxmox.container.network","fields":{"bridge":{"name":"bridge","type":"\u0007","is_mandatory":true,"title":"Bridge this NIC is connected to","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewall":{"name":"firewall","type":"\u0004","is_mandatory":true,"title":"Whether the firewall is enabled for this NIC","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"gw":{"name":"gw","type":"\u0007","is_mandatory":true,"title":"IPv4 gateway","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"gw6":{"name":"gw6","type":"\u0007","is_mandatory":true,"title":"IPv6 gateway","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Interface ID (net0, net1, ...)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ip":{"name":"ip","type":"\u0007","is_mandatory":true,"title":"IPv4 address (CIDR notation, dhcp, or empty)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ip6":{"name":"ip6","type":"\u0007","is_mandatory":true,"title":"IPv6 address (CIDR notation, auto, dhcp, or empty)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"macAddress":{"name":"macAddress","type":"\u0007","is_mandatory":true,"title":"MAC address","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Interface name inside the container (e.g. eth0)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"tag":{"name":"tag","type":"\u0005","is_mandatory":true,"title":"VLAN tag (0 = none)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE container network interface","desc":"Examine a network interface attached to an LXC container. The `id` field identifies the slot (e.g. `net0`, `net1`). Reports the interface `name` (as seen inside the guest), `macAddress`, connected `bridge`, VLAN `tag`, whether the per-NIC `firewall` is enabled, and IPv4/IPv6 addressing (`ip`, `gw`, `ip6`, `gw6`).","min_provider_version":"0.1.9","defaults":"id name bridge","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.container.passthroughDevice":{"id":"proxmox.container.passthroughDevice","name":"proxmox.container.passthroughDevice","fields":{"gid":{"name":"gid","type":"\u0005","is_mandatory":true,"title":"GID owner inside the container; 0 when not overridden","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mode":{"name":"mode","type":"\u0007","is_mandatory":true,"title":"Mode (octal) applied to the in-container device node; empty when not set","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Host path being exposed (e.g. `/dev/kvm`)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"slot":{"name":"slot","type":"\u0007","is_mandatory":true,"title":"Config slot (`dev0` through `dev255`)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"uid":{"name":"uid","type":"\u0005","is_mandatory":true,"title":"UID owner inside the container; 0 when not overridden","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE container host-device passthrough entry","desc":"Examine a `dev\u003cn\u003e` configuration entry on an LXC container. PVE 7+ uses this format to expose a host `/dev` node into the guest; the optional `uid=`, `gid=`, and `mode=` overrides control the in-container permissions. A `mode=` of 0666 effectively grants the device to every UID in the container.","min_provider_version":"0.1.9","defaults":"slot path mode","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.dns":{"id":"proxmox.dns","name":"proxmox.dns","fields":{"dns1":{"name":"dns1","type":"\u0007","is_mandatory":true,"title":"Primary DNS server","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"dns2":{"name":"dns2","type":"\u0007","is_mandatory":true,"title":"Secondary DNS server","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"dns3":{"name":"dns3","type":"\u0007","is_mandatory":true,"title":"Tertiary DNS server","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"search":{"name":"search","type":"\u0007","is_mandatory":true,"title":"DNS search domain","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE node DNS configuration","desc":"Examine the DNS resolver configuration on a Proxmox node. Reports the `search` domain and up to three nameservers via `dns1`, `dns2`, and `dns3`.","min_provider_version":"0.1.1","defaults":"search dns1","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.firewall":{"id":"proxmox.firewall","fields":{"alias":{"name":"alias","type":"\u001bproxmox.firewall.alias","title":"Proxmox VE firewall alias","desc":"Examine a named alias for a CIDR at the cluster or guest level, identified by `name`. Aliases let firewall rules reference networks by symbolic name. The `scope` field identifies the owner (cluster, vm/\u003cid\u003e, ct/\u003cid\u003e) and `ipVersion` is 4 or 6.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"group":{"name":"group","type":"\u001bproxmox.firewall.group","title":"Proxmox VE firewall security group","desc":"Examine a named rule set defined under `/cluster/firewall/groups`. Other firewall rules reference the group through `type=group, action=\u003cgroupName\u003e`; the rules `inside` the group then apply in place. Auditing both the references and the group's own `rules` is how policies confirm a `type=group` rule is actually doing what it claims to.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"ipset":{"name":"ipset","type":"\u001bproxmox.firewall.ipset","title":"Proxmox VE firewall IPset","desc":"Examine an IP set defined at the cluster or guest level, identified by `name`. IPsets group CIDR ranges that firewall rules can reference by name through the `+\u003cname\u003e` syntax. The `scope` field identifies the owner (cluster, vm/\u003cid\u003e, ct/\u003cid\u003e) and `entries` lists the contained CIDRs.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"options":{"name":"options","type":"\u001bproxmox.firewall.options","title":"Proxmox VE firewall options","desc":"Examine the firewall options configured at the cluster, node, VM, or container level. The available keys differ by scope — cluster-level options include `policy_in`, `policy_out`, and `log_ratelimit`; node options include `nf_conntrack_*` tuning; guest-level options include `dhcp`, `ndp`, `macfilter`, `ipfilter`, and `radv`. The `config` dict holds the raw response so audits can target keys that vary by Proxmox version.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"rule":{"name":"rule","type":"\u001bproxmox.firewall.rule","title":"Proxmox VE firewall rule","desc":"Examine a firewall rule applied at the cluster, node, or VM level. Rules are ordered by `pos` and specify a `type` (in, out, group), `action` (ACCEPT, DROP, REJECT), `proto`, source (`source`, `sport`), and destination (`dest`, `dport`). Additional fields include `iface`, security `macro`, `log` level, `comment`, and whether the rule is `enable`d.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true}},"is_extension":true},"proxmox.firewall.alias":{"id":"proxmox.firewall.alias","name":"proxmox.firewall.alias","fields":{"cidr":{"name":"cidr","type":"\u0007","is_mandatory":true,"title":"CIDR the alias resolves to","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Alias comment","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ipVersion":{"name":"ipVersion","type":"\u0005","is_mandatory":true,"title":"IP version (4 or 6)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Alias name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"scope":{"name":"scope","type":"\u0007","is_mandatory":true,"title":"Scope of this alias (cluster, vm/\u003cid\u003e, ct/\u003cid\u003e)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE firewall alias","desc":"Examine a named alias for a CIDR at the cluster or guest level, identified by `name`. Aliases let firewall rules reference networks by symbolic name. The `scope` field identifies the owner (cluster, vm/\u003cid\u003e, ct/\u003cid\u003e) and `ipVersion` is 4 or 6.","min_provider_version":"0.1.9","defaults":"scope name cidr","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.firewall.group":{"id":"proxmox.firewall.group","name":"proxmox.firewall.group","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Group comment","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Group name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"rules":{"name":"rules","type":"\u0019\u001bproxmox.firewall.rule","title":"Rules contained in this group","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE firewall security group","desc":"Examine a named rule set defined under `/cluster/firewall/groups`. Other firewall rules reference the group through `type=group, action=\u003cgroupName\u003e`; the rules `inside` the group then apply in place. Auditing both the references and the group's own `rules` is how policies confirm a `type=group` rule is actually doing what it claims to.","min_provider_version":"0.1.9","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.firewall.ipset":{"id":"proxmox.firewall.ipset","name":"proxmox.firewall.ipset","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"IPset comment","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"entries":{"name":"entries","type":"\u0019\u001bproxmox.firewall.ipset.entry","title":"CIDR entries that belong to this set","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"entry":{"name":"entry","type":"\u001bproxmox.firewall.ipset.entry","title":"Proxmox VE firewall IPset entry","desc":"Examine a single CIDR entry inside a Proxmox firewall IPset. The `cidr` is the network or host (e.g. `10.0.0.0/24`), `comment` holds any descriptive text, and `nomatch` inverts the membership semantics so the entry excludes rather than includes its CIDR.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"IPset name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"scope":{"name":"scope","type":"\u0007","is_mandatory":true,"title":"Scope of this ipset (cluster, vm/\u003cid\u003e, ct/\u003cid\u003e)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE firewall IPset","desc":"Examine an IP set defined at the cluster or guest level, identified by `name`. IPsets group CIDR ranges that firewall rules can reference by name through the `+\u003cname\u003e` syntax. The `scope` field identifies the owner (cluster, vm/\u003cid\u003e, ct/\u003cid\u003e) and `entries` lists the contained CIDRs.","min_provider_version":"0.1.9","defaults":"scope name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.firewall.ipset.entry":{"id":"proxmox.firewall.ipset.entry","name":"proxmox.firewall.ipset.entry","fields":{"cidr":{"name":"cidr","type":"\u0007","is_mandatory":true,"title":"CIDR entry (e.g. 10.0.0.0/24)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Entry comment","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"nomatch":{"name":"nomatch","type":"\u0004","is_mandatory":true,"title":"Whether the entry is a negative match (excludes the CIDR)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE firewall IPset entry","desc":"Examine a single CIDR entry inside a Proxmox firewall IPset. The `cidr` is the network or host (e.g. `10.0.0.0/24`), `comment` holds any descriptive text, and `nomatch` inverts the membership semantics so the entry excludes rather than includes its CIDR.","min_provider_version":"0.1.9","defaults":"cidr nomatch","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.firewall.options":{"id":"proxmox.firewall.options","name":"proxmox.firewall.options","fields":{"config":{"name":"config","type":"\n","is_mandatory":true,"title":"Raw options as returned by the API","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"dhcp":{"name":"dhcp","type":"\u0004","is_mandatory":true,"title":"Whether DHCP is permitted (guest scope)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"enable":{"name":"enable","type":"\u0004","is_mandatory":true,"title":"Whether the firewall is enabled at this scope","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ipfilter":{"name":"ipfilter","type":"\u0004","is_mandatory":true,"title":"Whether IP-address spoofing is filtered (guest scope)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"logLevelIn":{"name":"logLevelIn","type":"\u0007","is_mandatory":true,"title":"Log level for inbound traffic (nolog, emerg, alert, crit, err, warning, notice, info, debug)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"logLevelOut":{"name":"logLevelOut","type":"\u0007","is_mandatory":true,"title":"Log level for outbound traffic","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"macfilter":{"name":"macfilter","type":"\u0004","is_mandatory":true,"title":"Whether the firewall enforces matching MAC addresses (guest scope)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ndp":{"name":"ndp","type":"\u0004","is_mandatory":true,"title":"Whether NDP is permitted (guest scope)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"policyIn":{"name":"policyIn","type":"\u0007","is_mandatory":true,"title":"Default inbound policy (ACCEPT, DROP, REJECT)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"policyOut":{"name":"policyOut","type":"\u0007","is_mandatory":true,"title":"Default outbound policy (ACCEPT, DROP, REJECT)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"radv":{"name":"radv","type":"\u0004","is_mandatory":true,"title":"Whether router advertisements are permitted (guest scope)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"scope":{"name":"scope","type":"\u0007","is_mandatory":true,"title":"Scope of these options (cluster, node/\u003cname\u003e, vm/\u003cid\u003e, ct/\u003cid\u003e)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE firewall options","desc":"Examine the firewall options configured at the cluster, node, VM, or container level. The available keys differ by scope — cluster-level options include `policy_in`, `policy_out`, and `log_ratelimit`; node options include `nf_conntrack_*` tuning; guest-level options include `dhcp`, `ndp`, `macfilter`, `ipfilter`, and `radv`. The `config` dict holds the raw response so audits can target keys that vary by Proxmox version.","min_provider_version":"0.1.9","defaults":"scope enable","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.firewall.rule":{"id":"proxmox.firewall.rule","name":"proxmox.firewall.rule","fields":{"action":{"name":"action","type":"\u0007","is_mandatory":true,"title":"Rule action (ACCEPT, DROP, REJECT)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Rule comment","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"dest":{"name":"dest","type":"\u0007","is_mandatory":true,"title":"Destination address","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"dport":{"name":"dport","type":"\u0007","is_mandatory":true,"title":"Destination port","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"enable":{"name":"enable","type":"\u0004","is_mandatory":true,"title":"Whether the rule is enabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"group":{"name":"group","type":"\u001bproxmox.firewall.group","title":"Security group referenced by this rule when `type == \"group\"`","desc":"PVE rules of type `group` carry the group name in `action` rather than a verb like ACCEPT/DROP, and apply that named rule set in place. This resolves the reference; null for non-group rules.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"iface":{"name":"iface","type":"\u0007","is_mandatory":true,"title":"Network interface","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"log":{"name":"log","type":"\u0007","is_mandatory":true,"title":"Log level","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"macro":{"name":"macro","type":"\u0007","is_mandatory":true,"title":"Security macro name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pos":{"name":"pos","type":"\u0005","is_mandatory":true,"title":"Rule position","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proto":{"name":"proto","type":"\u0007","is_mandatory":true,"title":"Protocol (tcp, udp, icmp, etc.)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"source":{"name":"source","type":"\u0007","is_mandatory":true,"title":"Source address","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"sport":{"name":"sport","type":"\u0007","is_mandatory":true,"title":"Source port","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Rule type (in, out, group)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE firewall rule","desc":"Examine a firewall rule applied at the cluster, node, or VM level. Rules are ordered by `pos` and specify a `type` (in, out, group), `action` (ACCEPT, DROP, REJECT), `proto`, source (`source`, `sport`), and destination (`dest`, `dport`). Additional fields include `iface`, security `macro`, `log` level, `comment`, and whether the rule is `enable`d.","min_provider_version":"0.1.1","defaults":"pos action","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.group":{"id":"proxmox.group","name":"proxmox.group","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Group comment/description","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Group ID","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"memberIds":{"name":"memberIds","type":"\u0019\u0007","is_mandatory":true,"title":"User IDs that belong to this group","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"members":{"name":"members","type":"\u0019\u001bproxmox.user","title":"Members of this group resolved as user resources","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE access control group","desc":"Examine a group defined in the Proxmox cluster, identified by `id`. Groups bundle users for path-based ACL assignment. The `comment` holds the group description. `memberIds` lists the user IDs that belong to the group; `members` resolves them to typed `proxmox.user` references for traversal.","min_provider_version":"0.1.9","defaults":"id comment","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.lvm":{"id":"proxmox.lvm","fields":{"thinPool":{"name":"thinPool","type":"\u001bproxmox.lvm.thinPool","title":"Proxmox VE LVM-thin pool","desc":"Examine an LVM-thin pool on a Proxmox node, identified by the pool logical volume `name`. Reports the parent `volumeGroup`, total data `size`, allocated data via `used`, and the metadata pool size and usage via `metadataSize` and `metadataUsed`. Metadata exhaustion renders the entire thin pool read-only, so these are the audit signals that matter most.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"volumeGroup":{"name":"volumeGroup","type":"\u001bproxmox.lvm.volumeGroup","title":"Proxmox VE LVM volume group","desc":"Examine an LVM volume group on a Proxmox node, identified by `name`. Reports the VG `size` and `free` bytes and the number of logical volumes via `lvCount`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true}},"is_extension":true},"proxmox.lvm.thinPool":{"id":"proxmox.lvm.thinPool","name":"proxmox.lvm.thinPool","fields":{"metadataSize":{"name":"metadataSize","type":"\u0005","is_mandatory":true,"title":"Metadata pool size in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"metadataUsed":{"name":"metadataUsed","type":"\u0005","is_mandatory":true,"title":"Metadata pool usage in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Thin-pool LV name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"size":{"name":"size","type":"\u0005","is_mandatory":true,"title":"Total data size in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"used":{"name":"used","type":"\u0005","is_mandatory":true,"title":"Allocated data bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"volumeGroup":{"name":"volumeGroup","type":"\u0007","is_mandatory":true,"title":"Parent volume group","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE LVM-thin pool","desc":"Examine an LVM-thin pool on a Proxmox node, identified by the pool logical volume `name`. Reports the parent `volumeGroup`, total data `size`, allocated data via `used`, and the metadata pool size and usage via `metadataSize` and `metadataUsed`. Metadata exhaustion renders the entire thin pool read-only, so these are the audit signals that matter most.","min_provider_version":"0.1.9","defaults":"name volumeGroup size used","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.lvm.volumeGroup":{"id":"proxmox.lvm.volumeGroup","name":"proxmox.lvm.volumeGroup","fields":{"free":{"name":"free","type":"\u0005","is_mandatory":true,"title":"Free space in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"lvCount":{"name":"lvCount","type":"\u0005","is_mandatory":true,"title":"Number of logical volumes in the VG","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Volume group name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"size":{"name":"size","type":"\u0005","is_mandatory":true,"title":"VG size in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE LVM volume group","desc":"Examine an LVM volume group on a Proxmox node, identified by `name`. Reports the VG `size` and `free` bytes and the number of logical volumes via `lvCount`.","min_provider_version":"0.1.9","defaults":"name size free lvCount","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.network":{"id":"proxmox.network","name":"proxmox.network","fields":{"active":{"name":"active","type":"\u0004","is_mandatory":true,"title":"Whether the interface is active","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"address":{"name":"address","type":"\u0007","is_mandatory":true,"title":"IP address","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"autostart":{"name":"autostart","type":"\u0004","is_mandatory":true,"title":"Whether the interface starts on boot","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"bridgePorts":{"name":"bridgePorts","type":"\u0007","is_mandatory":true,"title":"Bridge ports (for bridge interfaces)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cidr":{"name":"cidr","type":"\u0007","is_mandatory":true,"title":"CIDR notation","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"comments":{"name":"comments","type":"\u0007","is_mandatory":true,"title":"Interface comments","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"gateway":{"name":"gateway","type":"\u0007","is_mandatory":true,"title":"Default gateway","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"iface":{"name":"iface","type":"\u0007","is_mandatory":true,"title":"Interface name (e.g. vmbr0, eth0)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"method":{"name":"method","type":"\u0007","is_mandatory":true,"title":"Address assignment method (static, dhcp, manual)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"netmask":{"name":"netmask","type":"\u0007","is_mandatory":true,"title":"Network mask","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Interface type (bridge, bond, eth, vlan, OVSBridge, etc.)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE node network interface","desc":"Examine a network interface on a Proxmox node, identified by `iface` (e.g. `vmbr0`, `eth0`). Reports the interface `type` (bridge, bond, eth, vlan, OVSBridge, etc.), whether it is `active` and `autostart` enabled, the address assignment `method` (static, dhcp, manual), and addressing details including `address`, `netmask`, `gateway`, and `cidr`. Bridge interfaces list their member ports in `bridgePorts`.","min_provider_version":"0.1.1","defaults":"iface type active","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.node":{"id":"proxmox.node","name":"proxmox.node","fields":{"bootKernel":{"name":"bootKernel","type":"\u0007","title":"Kernel image that would boot on next reboot","desc":"When this differs from `kernelVersion` a kernel package has been installed but the host hasn't been rebooted to pick it up. Empty on older PVE versions that don't report `boot-info`.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"certificates":{"name":"certificates","type":"\u0019\u001bproxmox.certificate","title":"TLS/SSL certificates","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"containers":{"name":"containers","type":"\u0019\u001bproxmox.container","title":"LXC containers running on this node","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cpuCores":{"name":"cpuCores","type":"\u0005","is_mandatory":true,"title":"Number of CPU cores","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cpuFlags":{"name":"cpuFlags","type":"\u0007","title":"CPU feature flags reported by /proc/cpuinfo","desc":"Space-separated when set, empty on older PVE versions that don't expose `cpuinfo.flags`. Use a `cpuFlags.contains(...)` query to detect microcode/vulnerability mitigations like `ibpb`, `ssbd`, `md_clear`, `pti`, etc.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cpuModel":{"name":"cpuModel","type":"\u0007","is_mandatory":true,"title":"CPU model name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cpuSockets":{"name":"cpuSockets","type":"\u0005","is_mandatory":true,"title":"Number of CPU sockets","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cpuUsage":{"name":"cpuUsage","type":"\u0006","is_mandatory":true,"title":"Current CPU usage (fraction 0.0-1.0)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"disk":{"name":"disk","type":"\u001bproxmox.node.disk","title":"Proxmox VE physical disk","desc":"Examine a physical disk attached to a Proxmox node, identified by `devPath` (e.g. `/dev/sda`, `/dev/nvme0n1`). Reports the disk `model`, `vendor`, `serial`, `wwn`, capacity (`size` in bytes), rotational speed (`rpm`; 0 for SSDs/NVMe), `type` (hdd, ssd, nvme, usb), and current `health` from SMART. The `used` field reports which volume manager owns the disk (ZFS, LVM, partitions, or empty for unallocated). SMART attributes are available through `smart` when the device exposes them.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"disks":{"name":"disks","type":"\u0019\u001bproxmox.node.disk","title":"Physical disks attached to this node","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"dns":{"name":"dns","type":"\u001bproxmox.dns","title":"DNS configuration","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewallOptions":{"name":"firewallOptions","type":"\u001bproxmox.firewall.options","title":"Node-level firewall options (enable, log_nf_conntrack, nf_conntrack_*)","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewallRules":{"name":"firewallRules","type":"\u0019\u001bproxmox.firewall.rule","title":"Node-level firewall rules","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ip":{"name":"ip","type":"\u0007","is_mandatory":true,"title":"Node IP address","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"kernelVersion":{"name":"kernelVersion","type":"\u0007","is_mandatory":true,"title":"Running kernel version","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"memFree":{"name":"memFree","type":"\u0005","is_mandatory":true,"title":"Free memory in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"memTotal":{"name":"memTotal","type":"\u0005","is_mandatory":true,"title":"Total memory in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"memUsed":{"name":"memUsed","type":"\u0005","is_mandatory":true,"title":"Used memory in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Node hostname","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"networks":{"name":"networks","type":"\u0019\u001bproxmox.network","title":"Network interfaces (bridges, bonds, physical)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pciDevice":{"name":"pciDevice","type":"\u001bproxmox.node.pciDevice","title":"Proxmox VE node PCI device","desc":"Examine a PCI device visible to a Proxmox node, identified by its `id` (`\u003cseg\u003e:\u003cbus\u003e:\u003cslot\u003e.\u003cfunc\u003e`). Reports vendor and device IDs alongside their human-readable names, the PCI `class` (eg `0x0300` for VGA), the secondary vendor/device IDs (`subVendor`, `subDevice`) used to distinguish OEM variants, `iommuGroup` (passthrough granularity — devices in the same group must be passed through together), and whether the device advertises mediated-device support via `mdevSupported`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"pciDevices":{"name":"pciDevices","type":"\u0019\u001bproxmox.node.pciDevice","title":"PCI devices visible to the host","desc":"Lists everything `/nodes/\u003cn\u003e/hardware/pci` reports, regardless of whether the device is currently assigned to a guest. Pair with `proxmox.vm.pciDevices` to confirm what's actually passed through.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pendingReboot":{"name":"pendingReboot","type":"\u0004","title":"Whether a kernel upgrade is pending a reboot","desc":"True when `kernelVersion` and `bootKernel` disagree. False when either value is empty so older PVE versions don't false-positive.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pveVersion":{"name":"pveVersion","type":"\u0007","is_mandatory":true,"title":"PVE manager version","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"repositories":{"name":"repositories","type":"\u0019\u001bproxmox.repository","title":"APT repositories configured on this node","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"secureBoot":{"name":"secureBoot","type":"\u0004","title":"UEFI Secure Boot status — true when enforcing, false when disabled or on BIOS-only platforms","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"services":{"name":"services","type":"\u0019\u001bproxmox.service","title":"systemd services","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Connectivity status of the node (online or offline)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"storages":{"name":"storages","type":"\u0019\u001bproxmox.storage","title":"Storage pools available on this node","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"subscription":{"name":"subscription","type":"\u001bproxmox.subscription","title":"Proxmox subscription status","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"swapTotal":{"name":"swapTotal","type":"\u0005","is_mandatory":true,"title":"Total swap in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"swapUsed":{"name":"swapUsed","type":"\u0005","is_mandatory":true,"title":"Used swap in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"thinPools":{"name":"thinPools","type":"\u0019\u001bproxmox.lvm.thinPool","title":"LVM-thin pools on this node","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"timezone":{"name":"timezone","type":"\u0007","is_mandatory":true,"title":"Configured timezone","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"update":{"name":"update","type":"\u001bproxmox.node.update","title":"Proxmox VE node package update","desc":"Examine an available package update on a Proxmox node. Reports the `package` name, `installedVersion`, and available `newVersion`. The `severity` field indicates urgency (important, recommended, optional), enabling audits for outstanding security patches.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"updates":{"name":"updates","type":"\u0019\u001bproxmox.node.update","title":"Available package updates","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"uptime":{"name":"uptime","type":"\u0005","is_mandatory":true,"title":"Uptime in seconds","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"usbDevice":{"name":"usbDevice","type":"\u001bproxmox.node.usbDevice","title":"Proxmox VE node USB device","desc":"Examine a USB device plugged into a Proxmox node. Reports the `vendorId`/`productId` pair, manufacturer/product/serial strings (when the device exposes them), the bus and device numbers (`busNum`, `devNum`), the topology `port` / `level`, and the negotiated `speed` and `usbPath` Proxmox uses when assigning the device to a guest.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"usbDevices":{"name":"usbDevices","type":"\u0019\u001bproxmox.node.usbDevice","title":"USB devices visible to the host (pair with `proxmox.vm.usbDevices`)","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vms":{"name":"vms","type":"\u0019\u001bproxmox.vm","title":"VMs running on this node","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"volumeGroups":{"name":"volumeGroups","type":"\u0019\u001bproxmox.lvm.volumeGroup","title":"LVM volume groups on this node","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"zfsPools":{"name":"zfsPools","type":"\u0019\u001bproxmox.zfs.pool","title":"ZFS storage pools managed by this node","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE node","desc":"Examine a physical or virtual host in the Proxmox cluster, identified by `name`. Reports hardware details including CPU model, socket and core counts, memory and swap totals, as well as current utilization via `cpuUsage`, `memUsed`, and `memFree`. System information covers the running `kernelVersion`, `pveVersion`, and `uptime`. Network interfaces are available through `networks`, DNS configuration through `dns`, and systemd service states through `services`. Security-relevant data includes TLS `certificates`, APT `repositories`, available `updates`, and node-level `firewallRules`. VMs running on the node are listed via `vms`, and subscription status is available through `subscription`.","min_provider_version":"0.1.1","defaults":"name status","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.node.disk":{"id":"proxmox.node.disk","name":"proxmox.node.disk","fields":{"byIdLink":{"name":"byIdLink","type":"\u0007","is_mandatory":true,"title":"Stable /dev/disk/by-id symlink","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"devPath":{"name":"devPath","type":"\u0007","is_mandatory":true,"title":"Device path (e.g. /dev/sda)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"gpt":{"name":"gpt","type":"\u0004","is_mandatory":true,"title":"Whether the disk is partitioned with a GPT","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"health":{"name":"health","type":"\u0007","is_mandatory":true,"title":"Overall SMART health (PASSED, FAILED, UNKNOWN)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"model":{"name":"model","type":"\u0007","is_mandatory":true,"title":"Disk model","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"rpm":{"name":"rpm","type":"\u0005","is_mandatory":true,"title":"Rotational speed in RPM (0 for SSD/NVMe)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"serial":{"name":"serial","type":"\u0007","is_mandatory":true,"title":"Disk serial number","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"size":{"name":"size","type":"\u0005","is_mandatory":true,"title":"Capacity in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"smart":{"name":"smart","type":"\u001bproxmox.node.disk.smart","title":"SMART report including the per-attribute table","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Disk type (hdd, ssd, nvme, usb)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"usedBy":{"name":"usedBy","type":"\u0007","is_mandatory":true,"title":"Subsystem currently using the disk (ZFS, LVM, partitions, or empty)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vendor":{"name":"vendor","type":"\u0007","is_mandatory":true,"title":"Disk vendor","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"wwn":{"name":"wwn","type":"\u0007","is_mandatory":true,"title":"World Wide Name identifier","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE physical disk","desc":"Examine a physical disk attached to a Proxmox node, identified by `devPath` (e.g. `/dev/sda`, `/dev/nvme0n1`). Reports the disk `model`, `vendor`, `serial`, `wwn`, capacity (`size` in bytes), rotational speed (`rpm`; 0 for SSDs/NVMe), `type` (hdd, ssd, nvme, usb), and current `health` from SMART. The `used` field reports which volume manager owns the disk (ZFS, LVM, partitions, or empty for unallocated). SMART attributes are available through `smart` when the device exposes them.","min_provider_version":"0.1.9","defaults":"devPath model size health","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.node.disk.smart":{"id":"proxmox.node.disk.smart","name":"proxmox.node.disk.smart","fields":{"attributes":{"name":"attributes","type":"\u0019\n","is_mandatory":true,"title":"Per-attribute SMART entries (empty for text-only reports)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"health":{"name":"health","type":"\u0007","is_mandatory":true,"title":"Overall device health verdict","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"text":{"name":"text","type":"\u0007","is_mandatory":true,"title":"Unstructured SMART output (populated when type=text)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"SMART report flavor (ata, nvme, sas, text)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE disk SMART report","desc":"Examine the SMART self-assessment for a Proxmox-managed disk. The `health` field carries the device's overall PASSED/FAILED verdict. `type` is the SMART report flavor (`ata`, `nvme`, `sas`, `text`); when it is `text` the device only returns unstructured output via the `text` field. Structured `attributes` are available for ATA and SAS drives.","min_provider_version":"0.1.9","defaults":"health type","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.node.pciDevice":{"id":"proxmox.node.pciDevice","name":"proxmox.node.pciDevice","fields":{"class":{"name":"class","type":"\u0007","is_mandatory":true,"title":"PCI class code (hex string, e.g. `0x0300` for VGA)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"className":{"name":"className","type":"\u0007","is_mandatory":true,"title":"Human-readable PCI class name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"device":{"name":"device","type":"\u0007","is_mandatory":true,"title":"Device ID (4-digit hex string)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"deviceName":{"name":"deviceName","type":"\u0007","is_mandatory":true,"title":"Human-readable device name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"PCI address (e.g. 0000:01:00.0)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"iommuGroup":{"name":"iommuGroup","type":"\u0005","is_mandatory":true,"title":"IOMMU group; devices that share a group must be passed through together","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mdevSupported":{"name":"mdevSupported","type":"\u0004","is_mandatory":true,"title":"Whether the device advertises mediated-device (vGPU) support","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"subDevice":{"name":"subDevice","type":"\u0007","is_mandatory":true,"title":"Secondary device ID","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"subDeviceName":{"name":"subDeviceName","type":"\u0007","is_mandatory":true,"title":"Human-readable secondary device name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"subVendor":{"name":"subVendor","type":"\u0007","is_mandatory":true,"title":"Secondary vendor ID","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"subVendorName":{"name":"subVendorName","type":"\u0007","is_mandatory":true,"title":"Human-readable secondary vendor name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vendor":{"name":"vendor","type":"\u0007","is_mandatory":true,"title":"Vendor ID (4-digit hex string)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vendorName":{"name":"vendorName","type":"\u0007","is_mandatory":true,"title":"Human-readable vendor name","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE node PCI device","desc":"Examine a PCI device visible to a Proxmox node, identified by its `id` (`\u003cseg\u003e:\u003cbus\u003e:\u003cslot\u003e.\u003cfunc\u003e`). Reports vendor and device IDs alongside their human-readable names, the PCI `class` (eg `0x0300` for VGA), the secondary vendor/device IDs (`subVendor`, `subDevice`) used to distinguish OEM variants, `iommuGroup` (passthrough granularity — devices in the same group must be passed through together), and whether the device advertises mediated-device support via `mdevSupported`.","min_provider_version":"0.1.9","defaults":"id deviceName iommuGroup","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.node.update":{"id":"proxmox.node.update","name":"proxmox.node.update","fields":{"installedVersion":{"name":"installedVersion","type":"\u0007","is_mandatory":true,"title":"Currently installed version","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"newVersion":{"name":"newVersion","type":"\u0007","is_mandatory":true,"title":"Available new version","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"package":{"name":"package","type":"\u0007","is_mandatory":true,"title":"Package name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"severity":{"name":"severity","type":"\u0007","is_mandatory":true,"title":"Update severity (important, recommended, optional)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE node package update","desc":"Examine an available package update on a Proxmox node. Reports the `package` name, `installedVersion`, and available `newVersion`. The `severity` field indicates urgency (important, recommended, optional), enabling audits for outstanding security patches.","min_provider_version":"0.1.1","defaults":"package newVersion severity","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.node.usbDevice":{"id":"proxmox.node.usbDevice","name":"proxmox.node.usbDevice","fields":{"busNum":{"name":"busNum","type":"\u0007","is_mandatory":true,"title":"Bus number","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"class":{"name":"class","type":"\u0007","is_mandatory":true,"title":"USB class string (e.g. `Hub`, `Mass Storage`)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"devNum":{"name":"devNum","type":"\u0007","is_mandatory":true,"title":"Device number on the bus","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"level":{"name":"level","type":"\u0007","is_mandatory":true,"title":"Hub depth (0 = root port)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"manufacturer":{"name":"manufacturer","type":"\u0007","is_mandatory":true,"title":"Manufacturer string reported by the device","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"port":{"name":"port","type":"\u0007","is_mandatory":true,"title":"USB topology port","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"product":{"name":"product","type":"\u0007","is_mandatory":true,"title":"Product name reported by the device","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"productId":{"name":"productId","type":"\u0007","is_mandatory":true,"title":"Product ID (4-digit hex string)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"serial":{"name":"serial","type":"\u0007","is_mandatory":true,"title":"Serial number reported by the device; empty when not provided","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"speed":{"name":"speed","type":"\u0007","is_mandatory":true,"title":"Negotiated speed (e.g. `12`, `480`, `5000` Mbit/s)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"usbPath":{"name":"usbPath","type":"\u0007","is_mandatory":true,"title":"USB path Proxmox uses to assign the device to a guest","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vendorId":{"name":"vendorId","type":"\u0007","is_mandatory":true,"title":"Vendor ID (4-digit hex string)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE node USB device","desc":"Examine a USB device plugged into a Proxmox node. Reports the `vendorId`/`productId` pair, manufacturer/product/serial strings (when the device exposes them), the bus and device numbers (`busNum`, `devNum`), the topology `port` / `level`, and the negotiated `speed` and `usbPath` Proxmox uses when assigning the device to a guest.","min_provider_version":"0.1.9","defaults":"vendorId productId product","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.pool":{"id":"proxmox.pool","name":"proxmox.pool","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Pool comment/description","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Pool ID","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE resource pool","desc":"Examine a resource pool in the cluster, identified by `id`. Pools group VMs and storage for access-control purposes. The `comment` field holds the pool description.","min_provider_version":"0.1.1","defaults":"id","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.realm":{"id":"proxmox.realm","name":"proxmox.realm","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Realm description","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"config":{"name":"config","type":"\n","title":"Full realm configuration as returned by /access/domains/\u003crealm\u003e","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"default":{"name":"default","type":"\u0004","is_mandatory":true,"title":"Whether this is the default realm","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"realm":{"name":"realm","type":"\u0007","is_mandatory":true,"title":"Realm identifier","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"tfaType":{"name":"tfaType","type":"\u0007","is_mandatory":true,"title":"Realm-enforced TFA challenge type (e.g. oath, yubico); empty when not required at the realm level","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Realm type (pam, pve, ldap, ad, openid)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE authentication realm","desc":"Examine an authentication realm configured in the Proxmox cluster, identified by `realm`. Reports the realm `type` (pam, pve, ldap, ad, openid), whether it is the `default` realm, the realm-enforced TFA challenge in `tfaType` (empty when no realm-wide TFA is required), and full configuration via `config` — including LDAP servers, sync settings, OpenID issuer URLs, and `autocreate` flags.","min_provider_version":"0.1.9","defaults":"realm type default","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.replication":{"id":"proxmox.replication","fields":{"job":{"name":"job","type":"\u001bproxmox.replication.job","title":"Proxmox VE storage replication job","desc":"Examine a guest replication job from /cluster/replication. Each job continuously replicates a single guest from `source` to `target` node on the cluster according to `schedule` (a systemd-calendar expression). The `vmid` selects which guest, `rate` caps the per-job bandwidth in MB/s (0 = unlimited), and `disabled` reflects whether the job is paused. Typed `sourceNode`/`targetNode`/`guest` references resolve the string identifiers for traversal.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true}},"is_extension":true},"proxmox.replication.job":{"id":"proxmox.replication.job","name":"proxmox.replication.job","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Job comment","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"container":{"name":"container","type":"\u001bproxmox.container","title":"Container counterpart of `vm`; only one of the two is non-null","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the job is currently disabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Job identifier (format: \u003cvmid\u003e-\u003cjobnum\u003e)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"rate":{"name":"rate","type":"\u0005","is_mandatory":true,"title":"Bandwidth cap in MB/s; 0 = unlimited","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"removeJob":{"name":"removeJob","type":"\u0007","is_mandatory":true,"title":"Behavior when the job is removed (full | local)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"schedule":{"name":"schedule","type":"\u0007","is_mandatory":true,"title":"Schedule expression (systemd-calendar)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"source":{"name":"source","type":"\u0007","is_mandatory":true,"title":"Source node name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"sourceNode":{"name":"sourceNode","type":"\u001bproxmox.node","title":"Resolved source node","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"target":{"name":"target","type":"\u0007","is_mandatory":true,"title":"Target node name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"targetNode":{"name":"targetNode","type":"\u001bproxmox.node","title":"Resolved target node","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Job type (local for built-in storage replication)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vm":{"name":"vm","type":"\u001bproxmox.vm","title":"Resolved guest — a VM or container, depending on what `vmid` refers to","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vmid":{"name":"vmid","type":"\u0005","is_mandatory":true,"title":"VMID of the guest being replicated","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE storage replication job","desc":"Examine a guest replication job from /cluster/replication. Each job continuously replicates a single guest from `source` to `target` node on the cluster according to `schedule` (a systemd-calendar expression). The `vmid` selects which guest, `rate` caps the per-job bandwidth in MB/s (0 = unlimited), and `disabled` reflects whether the job is paused. Typed `sourceNode`/`targetNode`/`guest` references resolve the string identifiers for traversal.","min_provider_version":"0.1.9","defaults":"id schedule source target disabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.repository":{"id":"proxmox.repository","name":"proxmox.repository","fields":{"components":{"name":"components","type":"\u0019\u0007","is_mandatory":true,"title":"Repository components (main, contrib, etc.)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the repository is enabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"fileType":{"name":"fileType","type":"\u0007","is_mandatory":true,"title":"File type (sources.list, sources.list.d)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Repository identifier","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Repository name/description","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"signedBy":{"name":"signedBy","type":"\u0007","is_mandatory":true,"title":"Path to the keyring used to verify repository signatures","desc":"Reads the `Signed-By` option from modern `.sources` entries. Empty when the entry doesn't declare one — older `.list` entries typically don't, and instead inherit the system trust store.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"suites":{"name":"suites","type":"\u0019\u0007","is_mandatory":true,"title":"Repository suites (e.g. bookworm, stable)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"types":{"name":"types","type":"\u0019\u0007","is_mandatory":true,"title":"Repository types declared on the entry (e.g., deb, deb-src)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"uris":{"name":"uris","type":"\u0019\u0007","is_mandatory":true,"title":"Repository URIs","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE node APT repository","desc":"Examine an APT repository configured on a Proxmox node, identified by `id`. Reports the repository `name`, whether it is `enabled`, declared `types` (deb, deb-src), `uris`, `suites` (e.g. bookworm, stable), `components` (main, contrib, etc.), and `fileType` (sources.list or sources.list.d entry). Useful for verifying that only official Proxmox repositories are active.","min_provider_version":"0.1.1","defaults":"name enabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.role":{"id":"proxmox.role","name":"proxmox.role","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Role ID","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"privs":{"name":"privs","type":"\u0019\u0007","is_mandatory":true,"title":"Privileges assigned to this role","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"special":{"name":"special","type":"\u0004","is_mandatory":true,"title":"Whether this is a built-in role","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE access control role","desc":"Examine a role defined in the Proxmox cluster, identified by `id`. Reports the list of `privs` (privileges) assigned to the role and whether it is a built-in role via `special`. Roles are assigned to users and groups on paths to implement Proxmox's path-based access-control model.","min_provider_version":"0.1.1","defaults":"id","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.sdn":{"id":"proxmox.sdn","fields":{"subnet":{"name":"subnet","type":"\u001bproxmox.sdn.subnet","title":"Proxmox VE SDN subnet","desc":"Examine an SDN subnet attached to a vnet. The `cidr` (e.g. `10.0.0.0/24`) is the subnet's address range and `gateway` is the default route presented to guests. `snat` controls whether outbound traffic from the subnet is masqueraded behind the host.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"vnet":{"name":"vnet","type":"\u001bproxmox.sdn.vnet","title":"Proxmox VE SDN virtual network","desc":"Examine a software-defined virtual network, identified by `vnet`. A vnet is the bridge-equivalent guests attach to, scoped to its parent `zone`. Reports the optional `alias`, VLAN/VXLAN `tag`, and whether the network is `vlanAware` (Linux 802.1Q tagging is preserved on the bridge).","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"zone":{"name":"zone","type":"\u001bproxmox.sdn.zone","title":"Proxmox VE SDN zone","desc":"Examine a software-defined networking zone, identified by `zone`. A zone groups the layer-2 fabric a set of vnets share. Reports the zone `type` (simple, vlan, qinq, vxlan, evpn), the IP-address management backend via `ipam`, MTU, optional `nodes` restriction (empty means all nodes), DNS settings, and whether the zone is `pending` (has uncommitted changes).","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true}},"is_extension":true},"proxmox.sdn.subnet":{"id":"proxmox.sdn.subnet","name":"proxmox.sdn.subnet","fields":{"cidr":{"name":"cidr","type":"\u0007","is_mandatory":true,"title":"CIDR-formatted subnet (e.g. 10.0.0.0/24)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"dnsZonePrefix":{"name":"dnsZonePrefix","type":"\u0007","is_mandatory":true,"title":"DNS prefix appended to records created for this subnet","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"gateway":{"name":"gateway","type":"\u0007","is_mandatory":true,"title":"Default gateway advertised to guests","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Subnet identifier (typically `\u003czone\u003e-\u003cnetwork\u003e-\u003cprefix\u003e`)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"snat":{"name":"snat","type":"\u0004","is_mandatory":true,"title":"Whether outbound traffic is SNATed by the host","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vnet":{"name":"vnet","type":"\u0007","is_mandatory":true,"title":"Parent vnet identifier","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vnetRef":{"name":"vnetRef","type":"\u001bproxmox.sdn.vnet","title":"Resolved parent vnet","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE SDN subnet","desc":"Examine an SDN subnet attached to a vnet. The `cidr` (e.g. `10.0.0.0/24`) is the subnet's address range and `gateway` is the default route presented to guests. `snat` controls whether outbound traffic from the subnet is masqueraded behind the host.","min_provider_version":"0.1.9","defaults":"id cidr gateway","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.sdn.vnet":{"id":"proxmox.sdn.vnet","name":"proxmox.sdn.vnet","fields":{"alias":{"name":"alias","type":"\u0007","is_mandatory":true,"title":"Friendly alias","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"subnets":{"name":"subnets","type":"\u0019\u001bproxmox.sdn.subnet","title":"Subnets defined on this vnet","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"tag":{"name":"tag","type":"\u0005","is_mandatory":true,"title":"VLAN/VXLAN tag identifier","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"VNet type","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vlanAware":{"name":"vlanAware","type":"\u0004","is_mandatory":true,"title":"Whether the VNet is VLAN-aware","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vnet":{"name":"vnet","type":"\u0007","is_mandatory":true,"title":"VNet identifier","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"zone":{"name":"zone","type":"\u0007","is_mandatory":true,"title":"Parent zone identifier","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"zoneRef":{"name":"zoneRef","type":"\u001bproxmox.sdn.zone","title":"Resolved parent zone","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE SDN virtual network","desc":"Examine a software-defined virtual network, identified by `vnet`. A vnet is the bridge-equivalent guests attach to, scoped to its parent `zone`. Reports the optional `alias`, VLAN/VXLAN `tag`, and whether the network is `vlanAware` (Linux 802.1Q tagging is preserved on the bridge).","min_provider_version":"0.1.9","defaults":"vnet zone tag","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.sdn.zone":{"id":"proxmox.sdn.zone","name":"proxmox.sdn.zone","fields":{"dns":{"name":"dns","type":"\u0007","is_mandatory":true,"title":"DNS server","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"dnsZone":{"name":"dnsZone","type":"\u0007","is_mandatory":true,"title":"DNS forward zone","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ipam":{"name":"ipam","type":"\u0007","is_mandatory":true,"title":"IPAM backend (pve, phpipam, netbox, or empty)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mtu":{"name":"mtu","type":"\u0005","is_mandatory":true,"title":"MTU","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"nodes":{"name":"nodes","type":"\u0007","is_mandatory":true,"title":"Comma-separated node restriction; empty means all nodes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pending":{"name":"pending","type":"\u0004","is_mandatory":true,"title":"Whether the zone has uncommitted changes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"reverseDns":{"name":"reverseDns","type":"\u0007","is_mandatory":true,"title":"Reverse DNS forward zone","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Zone state","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Zone type (simple, vlan, qinq, vxlan, evpn)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"zone":{"name":"zone","type":"\u0007","is_mandatory":true,"title":"Zone identifier","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE SDN zone","desc":"Examine a software-defined networking zone, identified by `zone`. A zone groups the layer-2 fabric a set of vnets share. Reports the zone `type` (simple, vlan, qinq, vxlan, evpn), the IP-address management backend via `ipam`, MTU, optional `nodes` restriction (empty means all nodes), DNS settings, and whether the zone is `pending` (has uncommitted changes).","min_provider_version":"0.1.9","defaults":"zone type","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.service":{"id":"proxmox.service","name":"proxmox.service","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Service description","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Service unit name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Current state (running, dead, etc.)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"unitFileState":{"name":"unitFileState","type":"\u0007","is_mandatory":true,"title":"Unit file state (enabled, disabled, static, masked)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE node systemd service","desc":"Examine a systemd service on a Proxmox node, identified by `name`. Reports the current runtime `state` (running, dead, etc.), service `description`, and `unitFileState` (enabled, disabled, static, masked). Useful for auditing whether critical Proxmox services such as `pve-cluster`, `pveproxy`, or `corosync` are active.","min_provider_version":"0.1.1","defaults":"name state","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.storage":{"id":"proxmox.storage","name":"proxmox.storage","fields":{"available":{"name":"available","type":"\u0005","is_mandatory":true,"title":"Available space in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"content":{"name":"content","type":"\u0007","is_mandatory":true,"title":"Allowed content types as a comma-separated string (e.g., \"images,rootdir,vztmpl,backup,iso,snippets\")","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the storage is enabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"encrypted":{"name":"encrypted","type":"\u0004","is_mandatory":true,"title":"Whether backups written to this storage are encrypted at rest","desc":"True when the storage configuration carries an `encryption-key` (PBS-encrypted datastore). The key value itself is exposed via `encryptionKey` — it is either an explicit fingerprint or the literal `autogen` when Proxmox manages the key.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"encryptionKey":{"name":"encryptionKey","type":"\u0007","is_mandatory":true,"title":"The raw `encryption-key` value from the storage config; empty when not configured","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Storage ID","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Storage path (for local storage types)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"shared":{"name":"shared","type":"\u0004","is_mandatory":true,"title":"Whether the storage is shared across nodes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"total":{"name":"total","type":"\u0005","is_mandatory":true,"title":"Total capacity in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Storage type (dir, lvm, lvmthin, nfs, cifs, zfspool, ceph, etc.)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"usagePercent":{"name":"usagePercent","type":"\u0006","is_mandatory":true,"title":"Usage percentage","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"used":{"name":"used","type":"\u0005","is_mandatory":true,"title":"Used space in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE storage pool","desc":"Examine a storage pool configured in the cluster, identified by `id`. Reports the storage `type` (dir, lvm, lvmthin, nfs, cifs, zfspool, ceph, etc.), allowed `content` types, filesystem `path` for local types, and whether the pool is `enabled` and `shared` across nodes. Capacity data is available via `total`, `used`, `available`, and `usagePercent`.","min_provider_version":"0.1.1","defaults":"id type enabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.subscription":{"id":"proxmox.subscription","name":"proxmox.subscription","fields":{"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Subscription key","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"level":{"name":"level","type":"\u0007","is_mandatory":true,"title":"Subscription level (basic, standard, premium)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"nextDueDate":{"name":"nextDueDate","type":"\u0007","is_mandatory":true,"title":"Next due date","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"productName":{"name":"productName","type":"\u0007","is_mandatory":true,"title":"Product name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"regDate":{"name":"regDate","type":"\u0007","is_mandatory":true,"title":"Registration date","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"serverId":{"name":"serverId","type":"\u0007","is_mandatory":true,"title":"Server ID","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Subscription status (active, notfound, invalid)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE subscription","desc":"Examine the Proxmox support subscription for a node. Reports `status` (active, notfound, invalid), subscription `level` (basic, standard, premium), `productName`, `key`, `serverId`, registration date via `regDate`, and the next renewal date via `nextDueDate`. Useful for compliance checks that require an active subscription.","min_provider_version":"0.1.1","defaults":"status level","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.token":{"id":"proxmox.token","name":"proxmox.token","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Token comment","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"expire":{"name":"expire","type":"\u0005","is_mandatory":true,"title":"Token expiration (unix timestamp, 0 = never)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Token ID (user@realm!tokenid)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"owner":{"name":"owner","type":"\u001bproxmox.user","title":"Resolved owner of this token (everything before the `!` in `id`)","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"privsep":{"name":"privsep","type":"\u0004","is_mandatory":true,"title":"Whether privilege separation is active","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE API token","desc":"Examine an API token belonging to a Proxmox user, identified by `id` in the form `user@realm!tokenid`. Reports the token `comment`, `expire` time (Unix timestamp, 0 = never), and whether privilege separation is active via `privsep`. When `privsep` is true the token's permissions are limited to a subset of the owner's privileges.","min_provider_version":"0.1.1","defaults":"id privsep","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.user":{"id":"proxmox.user","name":"proxmox.user","fields":{"email":{"name":"email","type":"\u0007","is_mandatory":true,"title":"Email address","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"enable":{"name":"enable","type":"\u0004","is_mandatory":true,"title":"Whether the user is enabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"expire":{"name":"expire","type":"\u0005","is_mandatory":true,"title":"Account expiration (unix timestamp, 0 = never)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firstname":{"name":"firstname","type":"\u0007","is_mandatory":true,"title":"First name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"groupRefs":{"name":"groupRefs","type":"\u0019\u001bproxmox.group","title":"Resolved group memberships","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"groups":{"name":"groups","type":"\u0019\u0007","is_mandatory":true,"title":"Raw group membership names","desc":"Deprecated in favor of `groupRefs`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","maturity":"deprecated"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"User ID (user@realm)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"lastname":{"name":"lastname","type":"\u0007","is_mandatory":true,"title":"Last name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"realm":{"name":"realm","type":"\u0007","is_mandatory":true,"title":"Authentication realm (pam, pve, ldap, ad)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"realmType":{"name":"realmType","type":"\u0007","is_mandatory":true,"title":"Authentication realm type (pam, pve, ldap, ad, openid)","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"tfaFactors":{"name":"tfaFactors","type":"\u0019\u0007","title":"Enrolled multi-factor authentication factor types","desc":"One per enrolled second-factor: `totp`, `webauthn`, `recovery`, or `yubico`. An empty list means the user has no TFA enrolled.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"tfaLockedUntil":{"name":"tfaLockedUntil","type":"\u0005","is_mandatory":true,"title":"Unix timestamp until which the user is locked out due to failed TFA attempts; 0 if not locked","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"tokens":{"name":"tokens","type":"\u0019\u001bproxmox.token","title":"API tokens for this user","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE user","desc":"Examine a user account in the Proxmox cluster, identified by `id` in the form `user@realm`. Reports whether the account is `enable`d, its `email`, `firstname`, `lastname`, `realm` (pam, pve, ldap, ad), `groups` membership, and `expire` time (Unix timestamp, 0 = never). Multi-factor enrollment is available through `tfaFactors` and `tfaLockedUntil`, the realm authentication type through `realmType`, and API tokens belonging to the user through `tokens`.","min_provider_version":"0.1.1","defaults":"id enable realm","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.vm":{"id":"proxmox.vm","name":"proxmox.vm","fields":{"agent":{"name":"agent","type":"\u0004","title":"Whether the QEMU guest agent is enabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"aliases":{"name":"aliases","type":"\u0019\u001bproxmox.firewall.alias","title":"VM-level firewall aliases","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"args":{"name":"args","type":"\u0007","title":"Raw KVM/QEMU command-line arguments passed to the hypervisor","desc":"Anything in here bypasses the normal config schema and can grant the VM extra device passthrough, capabilities, or host filesystem access. Empty when no overrides are configured.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"bios":{"name":"bios","type":"\u0007","title":"BIOS type (seabios, ovmf)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"bootOrder":{"name":"bootOrder","type":"\u0007","title":"Boot order string","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ciCustom":{"name":"ciCustom","type":"\n","title":"Custom cloud-init snippet references","desc":"Maps the four cloud-init sections (`user`, `network`, `meta`, `vendor`) to `\u003cstorage\u003e:snippets/\u003cfile\u003e` paths. Empty when the VM uses the default Proxmox-generated config.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cipasswordSet":{"name":"cipasswordSet","type":"\u0004","title":"Whether a cloud-init password is configured for the VM","desc":"True when the `cipassword` config key is set. The actual value is never read or surfaced through the resource — auditing should focus on whether a password is present, not on the password itself.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ciuser":{"name":"ciuser","type":"\u0007","title":"Default username injected by cloud-init; empty when not configured","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"config":{"name":"config","type":"\n","title":"Full VM configuration as dictionary","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cpu":{"name":"cpu","type":"\u0006","is_mandatory":true,"title":"Current CPU usage (fraction)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"description":{"name":"description","type":"\u0007","title":"VM description/notes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"disk":{"name":"disk","type":"\u0005","is_mandatory":true,"title":"Current disk usage in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"diskread":{"name":"diskread","type":"\u0005","is_mandatory":true,"title":"Total bytes read from disk","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"disks":{"name":"disks","type":"\u0019\u001bproxmox.vm.disk","title":"Disk devices attached to the VM","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"diskwrite":{"name":"diskwrite","type":"\u0005","is_mandatory":true,"title":"Total bytes written to disk","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewallOptions":{"name":"firewallOptions","type":"\u001bproxmox.firewall.options","title":"VM-level firewall options (enable, policy_in, policy_out, dhcp, ndp, macfilter)","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewallRules":{"name":"firewallRules","type":"\u0019\u001bproxmox.firewall.rule","title":"VM-level firewall rules","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"hookscript":{"name":"hookscript","type":"\u0007","title":"Path to a hook script run before/after VM lifecycle events","desc":"Stored as `\u003cstorage\u003e:snippets/\u003cfile\u003e`. Treat as a potential arbitrary-execution surface on the hypervisor host — anyone who can edit the snippet can run code as root during VM start, stop, pre-backup, etc.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0005","is_mandatory":true,"title":"VMID","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"ipsets":{"name":"ipsets","type":"\u0019\u001bproxmox.firewall.ipset","title":"VM-level IPsets","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"lock":{"name":"lock","type":"\u0007","title":"Acquired lock blocking other operations","desc":"One of `backup`, `migrate`, `snapshot`, `rollback`, `clone`, `create`, `destroy`, or empty when the VM is not locked.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"machine":{"name":"machine","type":"\u0007","title":"Machine type (pc, q35)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"maxcpu":{"name":"maxcpu","type":"\u0005","is_mandatory":true,"title":"Number of configured vCPUs","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"maxdisk":{"name":"maxdisk","type":"\u0005","is_mandatory":true,"title":"Configured maximum disk size in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"maxmem":{"name":"maxmem","type":"\u0005","is_mandatory":true,"title":"Configured maximum memory in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mem":{"name":"mem","type":"\u0005","is_mandatory":true,"title":"Current memory usage in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"VM display name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"nameserver":{"name":"nameserver","type":"\u0007","title":"DNS nameservers cloud-init writes to the guest (space-separated)","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"netin":{"name":"netin","type":"\u0005","is_mandatory":true,"title":"Total incoming network bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"netout":{"name":"netout","type":"\u0005","is_mandatory":true,"title":"Total outgoing network bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"network":{"name":"network","type":"\u001bproxmox.vm.network","title":"Proxmox VE VM network interface","desc":"Examine a network interface attached to a virtual machine. The `id` field identifies the slot (e.g. `net0`, `net1`). Reports the NIC `model` (virtio, e1000, etc.), `macAddress`, connected `bridge`, VLAN `tag`, and whether the per-NIC `firewall` is enabled.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"networks":{"name":"networks","type":"\u0019\u001bproxmox.vm.network","title":"Network interfaces attached to the VM","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"node":{"name":"node","type":"\u0007","is_mandatory":true,"title":"Node this VM is running on","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"osType":{"name":"osType","type":"\u0007","title":"OS type (l26, win10, etc.)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pciDevice":{"name":"pciDevice","type":"\u001bproxmox.vm.pciDevice","title":"Proxmox VE VM PCI passthrough entry","desc":"Examine a `hostpci\u003cn\u003e` configuration entry on a virtual machine. PVE accepts two forms: a direct PCI address (`0000:01:00.0`, with optional `.func` suffix for multi-function devices) or a named `mapping=\u003cname\u003e` reference to a cluster-defined PCI mapping. The extra knobs PVE exposes — express vs legacy bus, ROM-BAR visibility, VGA tag, mdev type for vGPU — are surfaced so audits can flag risky configurations (e.g. `xVga = true` with no IOMMU isolation).","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"pciDevices":{"name":"pciDevices","type":"\u0019\u001bproxmox.vm.pciDevice","title":"PCI devices passed through to the VM","desc":"Parsed from `hostpci0`..`hostpci15` config keys. Each entry grants the guest direct access to host PCIe hardware — an audit risk since it bypasses the virtualization boundary for that device.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pool":{"name":"pool","type":"\u001bproxmox.pool","title":"Resource pool this VM belongs to; null when unassigned","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"protection":{"name":"protection","type":"\u0004","title":"Whether the VM is protected from removal","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"searchDomain":{"name":"searchDomain","type":"\u0007","title":"DNS search domain cloud-init writes to the guest","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"serialPort":{"name":"serialPort","type":"\u001bproxmox.vm.serialPort","title":"Proxmox VE VM serial port","desc":"Examine a serial port attached to a virtual machine, identified by `id` (`serial0` through `serial3`). The `target` reports either the literal `socket` (VM speaks over a Unix-domain socket on the host) or a host device path like `/dev/ttyS0`. A host-device target is a pivot opportunity that audits should review.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"serialPorts":{"name":"serialPorts","type":"\u0019\u001bproxmox.vm.serialPort","title":"Serial ports attached to the VM","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"snapshot":{"name":"snapshot","type":"\u001bproxmox.vm.snapshot","title":"Proxmox VE VM snapshot","desc":"Examine a point-in-time snapshot of a virtual machine. Reports the snapshot `name`, `description`, `parent` snapshot name, creation time via `snaptime` (Unix timestamp), and whether VM RAM state is captured in `vmstate`.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"snapshots":{"name":"snapshots","type":"\u0019\u001bproxmox.vm.snapshot","title":"VM snapshots","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"sshkeys":{"name":"sshkeys","type":"\u0007","title":"URL-encoded list of SSH public keys cloud-init writes to the default user; empty when not configured","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Current status (running, stopped, paused)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"tags":{"name":"tags","type":"\u0019\u0007","title":"Tags assigned to the VM","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"template":{"name":"template","type":"\u0004","is_mandatory":true,"title":"Whether this VM is a template","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"update":{"name":"update","type":"\u001bproxmox.vm.update","title":"Proxmox VE VM package update","desc":"Examine an installed package and its update status on a virtual machine, retrieved via the QEMU guest agent. Reports the package `name`, `installedVersion`, available `newVersion`, whether an update is available via `upgradable`, and `severity` (security, enhancement).","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"updates":{"name":"updates","type":"\u0019\u001bproxmox.vm.update","title":"Installed packages and available updates","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"uptime":{"name":"uptime","type":"\u0005","is_mandatory":true,"title":"Uptime in seconds","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"usbDevice":{"name":"usbDevice","type":"\u001bproxmox.vm.usbDevice","title":"Proxmox VE VM USB passthrough entry","desc":"Examine a `usb\u003cn\u003e` configuration entry on a virtual machine. PVE supports four target forms: vendor:product IDs (`host=1234:5678`), USB bus/port paths (`host=1-2.3`), host device paths (typically `/dev/...`), and the SPICE redirection sentinel. The `usb3` flag requests USB-3 emulation regardless of the underlying device class.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true},"usbDevices":{"name":"usbDevices","type":"\u0019\u001bproxmox.vm.usbDevice","title":"USB devices passed through to the VM","desc":"Parsed from `usb0`..`usb14`. Targets are either `host=vendor:product` vendor IDs, USB bus paths, the SPICE redirection sentinel, or host device paths — all of which surface direct host-USB access.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vga":{"name":"vga","type":"\u0007","title":"Display adapter configuration","desc":"Examples: `qxl`, `std`, `serial0`, `none`. Empty selects the PVE default.","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE virtual machine","desc":"Examine a QEMU virtual machine in the cluster, identified by numeric `id` and display `name`. Reports current `status` (running, stopped, paused), the `node` it runs on, and resource usage including `cpu`, `mem`, `disk`, `netin`, and `netout`. Configuration details — OS type, machine type, BIOS, boot order, guest agent state, protection, description, and tags — are available as computed fields. Network interfaces are listed through `networks`, storage devices through `disks`, and point-in-time `snapshots` through the snapshots field. VM-level firewall rules are accessible via `firewallRules`, and installed packages with available updates via `updates` (requires the QEMU guest agent).","min_provider_version":"0.1.1","defaults":"id name status","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.vm.disk":{"id":"proxmox.vm.disk","name":"proxmox.vm.disk","fields":{"backup":{"name":"backup","type":"\u0004","is_mandatory":true,"title":"Whether backup is enabled for this disk","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"cache":{"name":"cache","type":"\u0007","is_mandatory":true,"title":"Cache mode (none, writethrough, writeback, etc.)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"format":{"name":"format","type":"\u0007","is_mandatory":true,"title":"Disk format (qcow2, raw, vmdk)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Disk ID (scsi0, virtio0, ide0, ...)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"iothread":{"name":"iothread","type":"\u0004","is_mandatory":true,"title":"Whether iothread is enabled","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"size":{"name":"size","type":"\u0005","is_mandatory":true,"title":"Disk size in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"storage":{"name":"storage","type":"\u0007","is_mandatory":true,"title":"Storage pool name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"storageRef":{"name":"storageRef","type":"\u001bproxmox.storage","title":"Resolved backing storage pool","min_provider_version":"0.1.9","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE VM disk","desc":"Examine a disk device attached to a virtual machine. The `id` field identifies the controller slot (e.g. `scsi0`, `virtio0`, `ide0`). Reports the `storage` pool name, disk `size` in bytes, `format` (qcow2, raw, vmdk), cache `cache` mode, and whether `iothread` and `backup` are enabled for this disk.","min_provider_version":"0.1.1","defaults":"id storage size","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.vm.network":{"id":"proxmox.vm.network","name":"proxmox.vm.network","fields":{"bridge":{"name":"bridge","type":"\u0007","is_mandatory":true,"title":"Bridge this NIC is connected to","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"firewall":{"name":"firewall","type":"\u0004","is_mandatory":true,"title":"Whether the firewall is enabled for this NIC","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Interface ID (net0, net1, ...)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"macAddress":{"name":"macAddress","type":"\u0007","is_mandatory":true,"title":"MAC address","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"model":{"name":"model","type":"\u0007","is_mandatory":true,"title":"NIC model (virtio, e1000, etc.)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"tag":{"name":"tag","type":"\u0005","is_mandatory":true,"title":"VLAN tag (0 = none)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE VM network interface","desc":"Examine a network interface attached to a virtual machine. The `id` field identifies the slot (e.g. `net0`, `net1`). Reports the NIC `model` (virtio, e1000, etc.), `macAddress`, connected `bridge`, VLAN `tag`, and whether the per-NIC `firewall` is enabled.","min_provider_version":"0.1.1","defaults":"id model bridge","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.vm.pciDevice":{"id":"proxmox.vm.pciDevice","name":"proxmox.vm.pciDevice","fields":{"address":{"name":"address","type":"\u0007","is_mandatory":true,"title":"PCI address when configured directly; empty when `mapping` is used","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mapping":{"name":"mapping","type":"\u0007","is_mandatory":true,"title":"Cluster-defined PCI mapping name when configured by reference; empty otherwise","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"mdev":{"name":"mdev","type":"\u0007","is_mandatory":true,"title":"Mediated-device type for vGPU passthrough; empty for direct passthrough","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"pciExpress":{"name":"pciExpress","type":"\u0004","is_mandatory":true,"title":"Whether the device is exposed as PCI Express (true) or legacy PCI (false)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"raw":{"name":"raw","type":"\u0007","is_mandatory":true,"title":"Raw `hostpci\u003cn\u003e` config line for any options not surfaced above","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"romBar":{"name":"romBar","type":"\u0004","is_mandatory":true,"title":"Whether the ROM BAR is visible to the guest","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"slot":{"name":"slot","type":"\u0007","is_mandatory":true,"title":"Config slot (`hostpci0` through `hostpci15`)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"xVga":{"name":"xVga","type":"\u0004","is_mandatory":true,"title":"Whether this device is the primary VGA for the guest","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE VM PCI passthrough entry","desc":"Examine a `hostpci\u003cn\u003e` configuration entry on a virtual machine. PVE accepts two forms: a direct PCI address (`0000:01:00.0`, with optional `.func` suffix for multi-function devices) or a named `mapping=\u003cname\u003e` reference to a cluster-defined PCI mapping. The extra knobs PVE exposes — express vs legacy bus, ROM-BAR visibility, VGA tag, mdev type for vGPU — are surfaced so audits can flag risky configurations (e.g. `xVga = true` with no IOMMU isolation).","min_provider_version":"0.1.9","defaults":"slot address mapping","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.vm.serialPort":{"id":"proxmox.vm.serialPort","name":"proxmox.vm.serialPort","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Serial port slot (serial0..serial3)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"target":{"name":"target","type":"\u0007","is_mandatory":true,"title":"Target — `socket` or a host device path (e.g. `/dev/ttyS0`)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE VM serial port","desc":"Examine a serial port attached to a virtual machine, identified by `id` (`serial0` through `serial3`). The `target` reports either the literal `socket` (VM speaks over a Unix-domain socket on the host) or a host device path like `/dev/ttyS0`. A host-device target is a pivot opportunity that audits should review.","min_provider_version":"0.1.9","defaults":"id target","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.vm.snapshot":{"id":"proxmox.vm.snapshot","name":"proxmox.vm.snapshot","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Snapshot description","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Snapshot name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"parent":{"name":"parent","type":"\u0007","is_mandatory":true,"title":"Parent snapshot name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"snaptime":{"name":"snaptime","type":"\u0005","is_mandatory":true,"title":"Snapshot creation time (unix timestamp)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"vmstate":{"name":"vmstate","type":"\u0004","is_mandatory":true,"title":"Whether VM state (RAM) is included","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE VM snapshot","desc":"Examine a point-in-time snapshot of a virtual machine. Reports the snapshot `name`, `description`, `parent` snapshot name, creation time via `snaptime` (Unix timestamp), and whether VM RAM state is captured in `vmstate`.","min_provider_version":"0.1.1","defaults":"name snaptime","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.vm.update":{"id":"proxmox.vm.update","name":"proxmox.vm.update","fields":{"installedVersion":{"name":"installedVersion","type":"\u0007","is_mandatory":true,"title":"Currently installed version","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Package name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"newVersion":{"name":"newVersion","type":"\u0007","is_mandatory":true,"title":"Available new version (empty if no update)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"severity":{"name":"severity","type":"\u0007","is_mandatory":true,"title":"Update severity (security, enhancement)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"upgradable":{"name":"upgradable","type":"\u0004","is_mandatory":true,"title":"Whether an update is available","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE VM package update","desc":"Examine an installed package and its update status on a virtual machine, retrieved via the QEMU guest agent. Reports the package `name`, `installedVersion`, available `newVersion`, whether an update is available via `upgradable`, and `severity` (security, enhancement).","min_provider_version":"0.1.1","defaults":"name severity upgradable","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.vm.usbDevice":{"id":"proxmox.vm.usbDevice","name":"proxmox.vm.usbDevice","fields":{"raw":{"name":"raw","type":"\u0007","is_mandatory":true,"title":"Raw `usb\u003cn\u003e` config line","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"slot":{"name":"slot","type":"\u0007","is_mandatory":true,"title":"Config slot (`usb0` through `usb14`)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"target":{"name":"target","type":"\u0007","is_mandatory":true,"title":"Target as written in the config","desc":"One of: vendor:product (e.g. `1234:5678`), USB bus path (e.g. `1-2.3`), host device path (`/dev/...`), or the literal `spice` sentinel for redirected USB.","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"usb3":{"name":"usb3","type":"\u0004","is_mandatory":true,"title":"Whether USB-3 emulation is forced","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE VM USB passthrough entry","desc":"Examine a `usb\u003cn\u003e` configuration entry on a virtual machine. PVE supports four target forms: vendor:product IDs (`host=1234:5678`), USB bus/port paths (`host=1-2.3`), host device paths (typically `/dev/...`), and the SPICE redirection sentinel. The `usb3` flag requests USB-3 emulation regardless of the underlying device class.","min_provider_version":"0.1.9","defaults":"slot target","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"proxmox.zfs":{"id":"proxmox.zfs","fields":{"pool":{"name":"pool","type":"\u001bproxmox.zfs.pool","title":"Proxmox VE ZFS pool","desc":"Examine a ZFS storage pool managed by a Proxmox node, identified by `name`. Reports the pool `size`, `alloc`ated and `free` bytes, average `fragmentation` percentage, `dedupRatio`, and current `health` (ONLINE, DEGRADED, FAULTED, etc.). The pool topology — the vdev tree and the latest scrub status — is available through `state`, `scan`, `errors`, and the `children` vdev tree.","provider":"go.mondoo.com/mql/v13/providers/proxmox","is_implicit_resource":true}},"is_extension":true},"proxmox.zfs.pool":{"id":"proxmox.zfs.pool","name":"proxmox.zfs.pool","fields":{"alloc":{"name":"alloc","type":"\u0005","is_mandatory":true,"title":"Allocated bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"children":{"name":"children","type":"\u0019\n","title":"vdev / child-device tree","desc":"Each entry is a dict with `name`, `state`, `read`/`write`/`cksum` error counters, and a recursive `children` array. The shape mirrors the `zpool status` output so audits can recurse to leaf disks.","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"dedupRatio":{"name":"dedupRatio","type":"\u0006","is_mandatory":true,"title":"Deduplication ratio (1.0 = no dedup, higher = more savings)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"errors":{"name":"errors","type":"\u0007","title":"Pool-wide error counter line from `zpool status`","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"fragmentation":{"name":"fragmentation","type":"\u0005","is_mandatory":true,"title":"Fragmentation percentage (0-100)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"free":{"name":"free","type":"\u0005","is_mandatory":true,"title":"Free bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"health":{"name":"health","type":"\u0007","is_mandatory":true,"title":"Pool health (ONLINE, DEGRADED, FAULTED, UNAVAIL, REMOVED)","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Pool name","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"scan":{"name":"scan","type":"\u0007","title":"Latest scrub line from `zpool status`","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"size":{"name":"size","type":"\u0005","is_mandatory":true,"title":"Pool capacity in bytes","provider":"go.mondoo.com/mql/v13/providers/proxmox"},"state":{"name":"state","type":"\u0007","title":"Pool state from `zpool status` (e.g. ONLINE)","provider":"go.mondoo.com/mql/v13/providers/proxmox"}},"title":"Proxmox VE ZFS pool","desc":"Examine a ZFS storage pool managed by a Proxmox node, identified by `name`. Reports the pool `size`, `alloc`ated and `free` bytes, average `fragmentation` percentage, `dedupRatio`, and current `health` (ONLINE, DEGRADED, FAULTED, etc.). The pool topology — the vdev tree and the latest scrub status — is available through `state`, `scan`, `errors`, and the `children` vdev tree.","min_provider_version":"0.1.9","defaults":"name health size","provider":"go.mondoo.com/mql/v13/providers/proxmox"}}}