{"resources":{"tailscale":{"id":"tailscale","name":"tailscale","fields":{"aclPolicy":{"name":"aclPolicy","type":"\u001btailscale.aclPolicy","title":"Tailnet ACL (access control list) policy","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"authKey":{"name":"authKey","type":"\u001btailscale.authKey","title":"Tailscale pre-authentication key","desc":"Examine a single auth key (pre-auth key) issued for the tailnet, identified by `id`. Auth keys onboard devices into the tailnet without interactive sign-in and are long-lived credentials, so the `expires` and `revoked` timestamps, the `invalid` flag, and the `reusable` / `ephemeral` / `preauthorized` capability flags are the primary audit signals. `tags` lists the ACL tags any device enrolled with this key will receive — over-broad tagging is a common finding. The key material itself is never exposed; only the metadata is.","is_private":true,"provider":"go.mondoo.com/mql/v13/providers/tailscale","is_implicit_resource":true},"authKeys":{"name":"authKeys","type":"\u0019\u001btailscale.authKey","title":"Authentication keys (pre-auth keys) issued for the tailnet","min_provider_version":"13.1.8","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"device":{"name":"device","type":"\u001btailscale.device","title":"Tailscale device (also called a node or machine)","desc":"Examine a single device registered in the tailnet, identified by `id`: hostname, operating system, MagicDNS name, the user that registered it, ACL tags, all assigned Tailscale IP addresses (IPv4 and IPv6), the Tailscale client version and update-availability flag, the machine and node keys, tailnet-lock signing state, posture flags (`blocksIncomingConnections`, `authorized`, `isExternal`, `keyExpiryDisabled`), lifecycle timestamps (`createdAt`, `expiresAt`, `lastSeenAt`), and the advertised vs enabled subnet routes (each fetched per-device on demand).","provider":"go.mondoo.com/mql/v13/providers/tailscale","is_implicit_resource":true},"deviceApprovalRequired":{"name":"deviceApprovalRequired","type":"\u0004","title":"Whether new devices must be manually approved before joining the tailnet","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"devices":{"name":"devices","type":"\u0019\u001btailscale.device","title":"List devices in a tailnet","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"devicesAutoUpdatesEnabled":{"name":"devicesAutoUpdatesEnabled","type":"\u0004","title":"Whether devices in the tailnet are configured to receive automatic Tailscale client updates","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"devicesKeyDurationDays":{"name":"devicesKeyDurationDays","type":"\u0005","title":"Number of days before a device's auth key expires (0 means keys never expire)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"logstream":{"name":"logstream","type":"\u001btailscale.logstream","title":"Tailscale log stream destination","desc":"Examine a configured log stream that forwards tailnet logs to an external destination. `logType` is `configuration` (admin audit log) or `network` (flow log). `destinationType` is one of `splunk`, `elastic`, `panther`, `cribl`, `datadog`, `axiom`, or `s3`. For HTTP sinks `url` and `user` carry the connection details; for S3 sinks `s3Bucket`, `s3Region`, `s3KeyPrefix`, and `s3AuthenticationType` (`accesskey` or `rolearn`) define the bucket and authentication mode, with `s3AccessKeyId` or `s3RoleArn` and `s3ExternalId` filled in accordingly. Tokens and S3 secret access keys are never returned by the Tailscale API and are not exposed here.","is_private":true,"provider":"go.mondoo.com/mql/v13/providers/tailscale","is_implicit_resource":true},"logstreams":{"name":"logstreams","type":"\u0019\u001btailscale.logstream","title":"Configured log stream destinations for the tailnet (configuration audit logs, network flow logs)","desc":"Returns at most two entries — one with `logType == \"configuration\"` and one with `logType == \"network\"`. Entries are omitted when no destination is configured for that log type. Use this resource to assert that an organization is exporting tailnet audit and flow logs to a SIEM or object store.","min_provider_version":"13.1.8","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"nameservers":{"name":"nameservers","type":"\u0019\u0007","title":"List global DNS nameservers for a tailnet","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"networkFlowLoggingEnabled":{"name":"networkFlowLoggingEnabled","type":"\u0004","title":"Whether network flow logging is enabled for the tailnet","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"postureIdentityCollectionEnabled":{"name":"postureIdentityCollectionEnabled","type":"\u0004","title":"Whether device posture identity collection is enabled for the tailnet","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailnet":{"name":"tailnet","type":"\u0007","is_mandatory":true,"title":"Tailnet organization name","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"user":{"name":"user","type":"\u001btailscale.user","title":"Tailscale user","desc":"Examine a single user known to the tailnet, identified by `id`: display name, login name, profile picture, the owning tailnet, relation type (member vs shared), role (owner / admin / member / etc.), status (active / idle / suspended / needs-approval / over-billing-limit), the count of devices the user owns, `createdAt` / `lastSeenAt` lifecycle timestamps, and a `currentlyConnected` flag — used for access reviews and dormant / suspended-account hygiene.","provider":"go.mondoo.com/mql/v13/providers/tailscale","is_implicit_resource":true},"userApprovalRequired":{"name":"userApprovalRequired","type":"\u0004","title":"Whether new users must be manually approved before joining the tailnet","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"users":{"name":"users","type":"\u0019\u001btailscale.user","title":"List users of a tailnet","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"usersRoleAllowedToJoinExternalTailnets":{"name":"usersRoleAllowedToJoinExternalTailnets","type":"\u0007","title":"Lowest user role allowed to join external tailnets: 'none' (disabled), 'admin' (admins only), or 'member' (any member)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"webhook":{"name":"webhook","type":"\u001btailscale.webhook","title":"Tailscale webhook endpoint","desc":"Examine a single webhook endpoint subscribed to tailnet events, identified by `endpointId`. `providerType` distinguishes the receiver shape — `slack`, `mattermost`, `googlechat`, `discord`, or empty for a generic Tailscale-formatted POST. `subscriptions` lists the events the endpoint receives (for example `nodeNeedsApproval`, `userSuspended`, `policyUpdate`, or the umbrella `categoryTailnetManagement` / `categoryDeviceMisconfigurations`). `creatorLoginName` is the user that registered the endpoint. The shared HMAC secret is never exposed.","is_private":true,"provider":"go.mondoo.com/mql/v13/providers/tailscale","is_implicit_resource":true},"webhooks":{"name":"webhooks","type":"\u0019\u001btailscale.webhook","title":"Webhook endpoints subscribed to tailnet events","min_provider_version":"13.1.8","provider":"go.mondoo.com/mql/v13/providers/tailscale"}},"title":"Tailscale tailnet","desc":"Examine a Tailscale tailnet (organization): its name, the devices and users it contains, the configured global DNS nameservers, the ACL policy, and the tailnet-wide hardening flags — device-approval and user-approval requirements, automatic-update enrollment, the auth-key expiration window, network-flow logging, posture identity collection, and which user role is allowed to join external tailnets. Also exposes `authKeys` (pre-auth keys issued to onboard devices), `webhooks` (event subscription endpoints), and `logstreams` (audit and network-flow log export destinations).","min_provider_version":"11.0.0","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailscale.aclPolicy":{"id":"tailscale.aclPolicy","name":"tailscale.aclPolicy","fields":{"acls":{"name":"acls","type":"\u0019\n","is_mandatory":true,"title":"ACL access rules defining what each source (src) can connect to (dst, ports, action)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"autoApproverExitNodes":{"name":"autoApproverExitNodes","type":"\u0019\u0007","is_mandatory":true,"title":"Users or groups whose advertised exit-node routes are auto-approved","desc":"Empty means no users may auto-advertise as exit nodes.","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"autoApproverRoutes":{"name":"autoApproverRoutes","type":"\u001a\u0007\u0019\u0007","is_mandatory":true,"title":"Subnet routes that are auto-approved when advertised by listed users/groups (CIDR → owners)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"defaultSourcePosture":{"name":"defaultSourcePosture","type":"\u0019\u0007","is_mandatory":true,"title":"Default device-posture rule names applied to every ACL source that doesn't specify its own srcPosture. Empty when posture rules are unused.","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"disableIPv4":{"name":"disableIPv4","type":"\u0004","is_mandatory":true,"title":"Whether IPv4 is disabled across the tailnet","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"etag":{"name":"etag","type":"\u0007","is_mandatory":true,"title":"ETag (version identifier) of the policy","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"groups":{"name":"groups","type":"\u001a\u0007\u0019\u0007","is_mandatory":true,"title":"Named groups of users used in ACL rules (group name → list of members)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"hosts":{"name":"hosts","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Named hosts (alias → IP/CIDR) referenced by ACL rules","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"nodeAttrs":{"name":"nodeAttrs","type":"\u0019\n","is_mandatory":true,"title":"Per-node attribute grants","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"oneCGNATRoute":{"name":"oneCGNATRoute","type":"\u0007","is_mandatory":true,"title":"Setting that affects how Tailscale routes traffic on the 100.64.0.0/10 CGNAT range","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"postures":{"name":"postures","type":"\u001a\u0007\u0019\u0007","is_mandatory":true,"title":"Named device posture rules referenced by name from src/defaultSrcPosture (rule name -\u003e list of posture conditions)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"randomizeClientPort":{"name":"randomizeClientPort","type":"\u0004","is_mandatory":true,"title":"Whether the Tailscale client is set to randomize its source port on each connection","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"raw":{"name":"raw","type":"\u0007","title":"Raw HuJSON representation of the policy","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"ssh":{"name":"ssh","type":"\u0019\n","is_mandatory":true,"title":"Tailscale SSH access rules","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tagOwners":{"name":"tagOwners","type":"\u001a\u0007\u0019\u0007","is_mandatory":true,"title":"Tag owners — users or groups allowed to assign each ACL tag (tag → list of owners)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailnet":{"name":"tailnet","type":"\u0007","is_mandatory":true,"title":"Tailnet name this ACL policy belongs to","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tests":{"name":"tests","type":"\u0019\n","is_mandatory":true,"title":"Connectivity tests embedded in the policy","provider":"go.mondoo.com/mql/v13/providers/tailscale"}},"title":"Tailscale tailnet ACL (access control list) policy","desc":"Examine the tailnet's parsed HuJSON ACL policy (https://tailscale.com/kb/1018/acls). The policy governs which users and devices can reach which others, and the resource exposes the ACL rules, named groups, host aliases, tag-owner assignments, Tailscale SSH rules, embedded connectivity tests, per-node attribute grants, exit-node and subnet-route auto-approvers, default and named device-posture rules, the IPv4-disabled flag, the OneCGNATRoute setting, the randomize-client-port flag, the policy `etag`, and the raw HuJSON for fall-through pattern matching.","min_provider_version":"13.0.7","defaults":"tailnet","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailscale.authKey":{"id":"tailscale.authKey","name":"tailscale.authKey","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the key was created","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Human-readable description set when the key was created","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"ephemeral":{"name":"ephemeral","type":"\u0004","is_mandatory":true,"title":"Whether devices created with the key are ephemeral (auto-removed when offline)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"expires":{"name":"expires","type":"\t","is_mandatory":true,"title":"Time the key expires; the zero value means the key never expires","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"hasExpiration":{"name":"hasExpiration","type":"\u0004","title":"Whether the key has an expiration set (false means the key never expires)","min_provider_version":"13.2.4","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier of the key","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"invalid":{"name":"invalid","type":"\u0004","is_mandatory":true,"title":"Whether the key has been marked invalid (revoked or its tailnet was deleted)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"isRevoked":{"name":"isRevoked","type":"\u0004","title":"Whether the key has been revoked","min_provider_version":"13.2.4","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"preauthorized":{"name":"preauthorized","type":"\u0004","is_mandatory":true,"title":"Whether devices created with the key are pre-approved into a tailnet that requires device approval","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"reusable":{"name":"reusable","type":"\u0004","is_mandatory":true,"title":"Whether the key can be used to authenticate more than one device","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"revoked":{"name":"revoked","type":"\t","is_mandatory":true,"title":"Time the key was revoked; the zero value means the key has not been revoked","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"ACL tags applied to devices that authenticate using this key","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"userId":{"name":"userId","type":"\u0007","is_mandatory":true,"title":"ID of the user that owns the key","provider":"go.mondoo.com/mql/v13/providers/tailscale"}},"init":{"args":[{"name":"id","type":"\u0007","optional":true}]},"title":"Tailscale pre-authentication key","desc":"Examine a single auth key (pre-auth key) issued for the tailnet, identified by `id`. Auth keys onboard devices into the tailnet without interactive sign-in and are long-lived credentials, so the `expires` and `revoked` timestamps, the `invalid` flag, and the `reusable` / `ephemeral` / `preauthorized` capability flags are the primary audit signals. `tags` lists the ACL tags any device enrolled with this key will receive — over-broad tagging is a common finding. The key material itself is never exposed; only the metadata is.","private":true,"min_provider_version":"13.1.8","defaults":"id description expires revoked","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailscale.device":{"id":"tailscale.device","name":"tailscale.device","fields":{"addresses":{"name":"addresses","type":"\u0019\u0007","is_mandatory":true,"title":"List of Tailscale IP addresses for the device, including both IPv4 and IPv6 addresses","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"advertisedRoutes":{"name":"advertisedRoutes","type":"\u0019\u0007","title":"Subnet routes that the device is advertising (fetched per-device on demand)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"authorized":{"name":"authorized","type":"\u0004","is_mandatory":true,"title":"Whether the device is authorized to join the tailnet","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"blocksIncomingConnections":{"name":"blocksIncomingConnections","type":"\u0004","is_mandatory":true,"title":"Whether the device is blocked from accepting connections over Tailscale, including pings","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"clientVersion":{"name":"clientVersion","type":"\u0007","is_mandatory":true,"title":"Version of the Tailscale client software (empty for external devices)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Date when the device was added to the tailnet (empty for external devices)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"enabledRoutes":{"name":"enabledRoutes","type":"\u0019\u0007","title":"Subnet routes that are enabled (allowed) for the device — the device's effective subnet scope (fetched per-device on demand)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"expiresAt":{"name":"expiresAt","type":"\t","is_mandatory":true,"title":"Expiration date of the device's auth key","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"hostname":{"name":"hostname","type":"\u0007","is_mandatory":true,"title":"Machine name in the admin console","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Legacy identifier for a device","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"isExternal":{"name":"isExternal","type":"\u0004","is_mandatory":true,"title":"Whether a device is shared into the tailnet (rather than a member of the tailnet)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"keyExpiryDisabled":{"name":"keyExpiryDisabled","type":"\u0004","is_mandatory":true,"title":"Whether key expiration is disabled for the device","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"lastSeenAt":{"name":"lastSeenAt","type":"\t","is_mandatory":true,"title":"When device was last active on the tailnet","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"machineKey":{"name":"machineKey","type":"\u0007","is_mandatory":true,"title":"Machine key used by Tailscale (empty for external devices)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"MagicDNS name of the device","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"nodeKey":{"name":"nodeKey","type":"\u0007","is_mandatory":true,"title":"Node key primarily used by Tailscale and required for select operations, such as adding a node to a locked tailnet","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"os":{"name":"os","type":"\u0007","is_mandatory":true,"title":"Operating system that the device is running","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"An identity for the device that is separate from human users (used as part of an ACL to restrict access)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailnetLockError":{"name":"tailnetLockError","type":"\u0007","is_mandatory":true,"title":"Issue with the tailnet lock node-key signature on this device (only populated when tailnet lock is enabled)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailnetLockKey":{"name":"tailnetLockKey","type":"\u0007","is_mandatory":true,"title":"Node's tailnet lock key","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"updateAvailable":{"name":"updateAvailable","type":"\u0004","is_mandatory":true,"title":"Whether a Tailscale client version upgrade is available (empty for external devices)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"user":{"name":"user","type":"\u0007","is_mandatory":true,"title":"User who registered the device. For untagged devices this is also the device owner.","provider":"go.mondoo.com/mql/v13/providers/tailscale"}},"init":{"args":[{"name":"id","type":"\u0007","optional":true}]},"title":"Tailscale device (also called a node or machine)","desc":"Examine a single device registered in the tailnet, identified by `id`: hostname, operating system, MagicDNS name, the user that registered it, ACL tags, all assigned Tailscale IP addresses (IPv4 and IPv6), the Tailscale client version and update-availability flag, the machine and node keys, tailnet-lock signing state, posture flags (`blocksIncomingConnections`, `authorized`, `isExternal`, `keyExpiryDisabled`), lifecycle timestamps (`createdAt`, `expiresAt`, `lastSeenAt`), and the advertised vs enabled subnet routes (each fetched per-device on demand).","min_provider_version":"11.0.0","defaults":"id hostname os","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailscale.logstream":{"id":"tailscale.logstream","name":"tailscale.logstream","fields":{"destinationType":{"name":"destinationType","type":"\u0007","is_mandatory":true,"title":"Destination service receiving the stream","desc":"One of `splunk`, `elastic`, `panther`, `cribl`, `datadog`, `axiom`, or `s3`.","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"logType":{"name":"logType","type":"\u0007","is_mandatory":true,"title":"Log feed this stream carries — `configuration` (audit log) or `network` (flow log)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"s3AccessKeyId":{"name":"s3AccessKeyId","type":"\u0007","is_mandatory":true,"title":"Access key ID used when `s3AuthenticationType == \"accesskey\"`","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"s3AuthenticationType":{"name":"s3AuthenticationType","type":"\u0007","is_mandatory":true,"title":"S3 authentication mode (`accesskey` or `rolearn`)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"s3Bucket":{"name":"s3Bucket","type":"\u0007","is_mandatory":true,"title":"S3 bucket name when `destinationType == \"s3\"`","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"s3ExternalId":{"name":"s3ExternalId","type":"\u0007","is_mandatory":true,"title":"External ID Tailscale must include when assuming the role","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"s3KeyPrefix":{"name":"s3KeyPrefix","type":"\u0007","is_mandatory":true,"title":"S3 key prefix prepended to written objects when `destinationType == \"s3\"`","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"s3Region":{"name":"s3Region","type":"\u0007","is_mandatory":true,"title":"S3 region when `destinationType == \"s3\"`","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"s3RoleArn":{"name":"s3RoleArn","type":"\u0007","is_mandatory":true,"title":"ARN of the IAM role Tailscale assumes when `s3AuthenticationType == \"rolearn\"`","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"url":{"name":"url","type":"\u0007","is_mandatory":true,"title":"Endpoint URL for HTTP destinations","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"user":{"name":"user","type":"\u0007","is_mandatory":true,"title":"Username for HTTP destinations that authenticate with basic credentials","provider":"go.mondoo.com/mql/v13/providers/tailscale"}},"title":"Tailscale log stream destination","desc":"Examine a configured log stream that forwards tailnet logs to an external destination. `logType` is `configuration` (admin audit log) or `network` (flow log). `destinationType` is one of `splunk`, `elastic`, `panther`, `cribl`, `datadog`, `axiom`, or `s3`. For HTTP sinks `url` and `user` carry the connection details; for S3 sinks `s3Bucket`, `s3Region`, `s3KeyPrefix`, and `s3AuthenticationType` (`accesskey` or `rolearn`) define the bucket and authentication mode, with `s3AccessKeyId` or `s3RoleArn` and `s3ExternalId` filled in accordingly. Tokens and S3 secret access keys are never returned by the Tailscale API and are not exposed here.","private":true,"min_provider_version":"13.1.8","defaults":"logType destinationType","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailscale.user":{"id":"tailscale.user","name":"tailscale.user","fields":{"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"Time the user joined the tailnet","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"currentlyConnected":{"name":"currentlyConnected","type":"\u0004","is_mandatory":true,"title":"Whether the user is currently connected to the tailnet","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"deviceCount":{"name":"deviceCount","type":"\u0005","is_mandatory":true,"title":"Number of devices the user owns","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Name of the user","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Unique identifier for the user","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"lastSeenAt":{"name":"lastSeenAt","type":"\t","is_mandatory":true,"title":"Last time the user was active on the tailnet — either via a node connection or by authenticating to a Tailscale service (including the admin panel)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"loginName":{"name":"loginName","type":"\u0007","is_mandatory":true,"title":"Email-like login name of the user","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"profilePicUrl":{"name":"profilePicUrl","type":"\u0007","is_mandatory":true,"title":"Profile picture URL for the user","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"role":{"name":"role","type":"\u0007","is_mandatory":true,"title":"Role of the user (owner, member, admin, etc.)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status of the user","desc":"'active' - Last seen within 28 days 'idle' - Last seen more than 28 days ago 'suspended' - Suspended from accessing the tailnet 'needs-approval' - Unable to join tailnet until approved 'over-billing-limit' - Unable to join tailnet until billing count increased","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailnetId":{"name":"tailnetId","type":"\u0007","is_mandatory":true,"title":"Tailnet that owns the user","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of relation this user has to the tailnet (member or shared)","provider":"go.mondoo.com/mql/v13/providers/tailscale"}},"init":{"args":[{"name":"id","type":"\u0007","optional":true}]},"title":"Tailscale user","desc":"Examine a single user known to the tailnet, identified by `id`: display name, login name, profile picture, the owning tailnet, relation type (member vs shared), role (owner / admin / member / etc.), status (active / idle / suspended / needs-approval / over-billing-limit), the count of devices the user owns, `createdAt` / `lastSeenAt` lifecycle timestamps, and a `currentlyConnected` flag — used for access reviews and dormant / suspended-account hygiene.","min_provider_version":"11.0.0","defaults":"id displayName type","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"tailscale.webhook":{"id":"tailscale.webhook","name":"tailscale.webhook","fields":{"created":{"name":"created","type":"\t","is_mandatory":true,"title":"Time the endpoint was registered","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"creatorLoginName":{"name":"creatorLoginName","type":"\u0007","is_mandatory":true,"title":"Login name of the user that registered the endpoint","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"endpointId":{"name":"endpointId","type":"\u0007","is_mandatory":true,"title":"Identifier of the webhook endpoint","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"endpointUrl":{"name":"endpointUrl","type":"\u0007","is_mandatory":true,"title":"URL events are POSTed to","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"lastModified":{"name":"lastModified","type":"\t","is_mandatory":true,"title":"Time the endpoint subscription was last modified","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"providerType":{"name":"providerType","type":"\u0007","is_mandatory":true,"title":"Receiver shape (`slack`, `mattermost`, `googlechat`, `discord`, or empty for the generic Tailscale format)","provider":"go.mondoo.com/mql/v13/providers/tailscale"},"subscriptions":{"name":"subscriptions","type":"\u0019\u0007","is_mandatory":true,"title":"Events the endpoint is subscribed to","desc":"Individual events such as `nodeCreated`, `nodeNeedsApproval`, `nodeApproved`, `nodeKeyExpiringInOneDay`, `nodeKeyExpired`, `nodeDeleted`, `policyUpdate`, `userCreated`, `userNeedsApproval`, `userSuspended`, `userRestored`, `userDeleted`, `userApproved`, `userRoleUpdated`, `subnetIPForwardingNotEnabled`, `exitNodeIPForwardingNotEnabled`. Umbrella categories `categoryTailnetManagement` and `categoryDeviceMisconfigurations` subscribe to every event in their group, including future additions.","provider":"go.mondoo.com/mql/v13/providers/tailscale"}},"init":{"args":[{"name":"endpointId","type":"\u0007","optional":true}]},"title":"Tailscale webhook endpoint","desc":"Examine a single webhook endpoint subscribed to tailnet events, identified by `endpointId`. `providerType` distinguishes the receiver shape — `slack`, `mattermost`, `googlechat`, `discord`, or empty for a generic Tailscale-formatted POST. `subscriptions` lists the events the endpoint receives (for example `nodeNeedsApproval`, `userSuspended`, `policyUpdate`, or the umbrella `categoryTailnetManagement` / `categoryDeviceMisconfigurations`). `creatorLoginName` is the user that registered the endpoint. The shared HMAC secret is never exposed.","private":true,"min_provider_version":"13.1.8","defaults":"endpointId providerType endpointUrl","provider":"go.mondoo.com/mql/v13/providers/tailscale"}}}