{"resources":{"asset":{"id":"asset","name":"asset","fields":{"cpes":{"name":"cpes","type":"\u0019\u001bcpe","title":"Common Platform Enumeration (CPE) for the asset","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere asset resource","is_extension":true,"min_provider_version":"9.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"audit":{"id":"audit","fields":{"cvss":{"name":"cvss","type":"\u001baudit.cvss","title":"CVSS Score","desc":" Examine a Common Vulnerability Scoring System score. Exposes the numeric `score` (0.0–10.0) and the `vector` string (e.g., CVSS:3.1/AV:N/...). Used as the `worstScore` field on `vuln.cve` and `vuln.advisory`, and as `stats` on `vulnmgmt`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true}},"is_extension":true},"audit.cvss":{"id":"audit.cvss","name":"audit.cvss","fields":{"score":{"name":"score","type":"\u0006","is_mandatory":true,"title":"CVSS score ranging from 0.0 to 10.0","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vector":{"name":"vector","type":"\u0007","is_mandatory":true,"title":"CVSS score represented as a vector string","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"CVSS Score","desc":" Examine a Common Vulnerability Scoring System score. Exposes the numeric `score` (0.0–10.0) and the `vector` string (e.g., CVSS:3.1/AV:N/...). Used as the `worstScore` field on `vuln.cve` and `vuln.advisory`, and as `stats` on `vulnmgmt`.","private":true,"min_provider_version":"9.1.11","defaults":"score","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"esxi":{"id":"esxi","name":"esxi","fields":{"certificate":{"name":"certificate","type":"\u001besxi.certificate","title":"DEPRECATED: ESXi Host SSL/TLS Certificate (legacy)","desc":" Use `vsphere.host.certificate` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"command":{"name":"command","type":"\u001besxi.command","title":"DEPRECATED: ESXi Host Command Execution (legacy)","desc":" Use `vsphere.host.command` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"firewallRule":{"name":"firewallRule","type":"\u001besxi.firewallRule","title":"DEPRECATED: ESXi Firewall Rule (legacy)","desc":" Use `vsphere.host.firewallRule` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"firewallRuleset":{"name":"firewallRuleset","type":"\u001besxi.firewallRuleset","title":"DEPRECATED: ESXi Firewall Ruleset (legacy)","desc":" Use `vsphere.host.firewallRuleset` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"iscsiAdapter":{"name":"iscsiAdapter","type":"\u001besxi.iscsiAdapter","title":"DEPRECATED: ESXi iSCSI Host Bus Adapter (legacy)","desc":" Use `vsphere.host.iscsiAdapter` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"kernelmodule":{"name":"kernelmodule","type":"\u001besxi.kernelmodule","title":"DEPRECATED: ESXi Kernel Module (legacy)","desc":" Use `vsphere.host.kernelModule` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"ntpconfig":{"name":"ntpconfig","type":"\u001besxi.ntpconfig","title":"DEPRECATED: ESXi Host NTP Configuration (legacy)","desc":" Use `vsphere.host.ntpConfig` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"service":{"name":"service","type":"\u001besxi.service","title":"DEPRECATED: ESXi Management Service (legacy)","desc":" Use `vsphere.host.service` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"timezone":{"name":"timezone","type":"\u001besxi.timezone","title":"DEPRECATED: ESXi Host Timezone Configuration (legacy)","desc":" Use `vsphere.host.timezone` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"vib":{"name":"vib","type":"\u001besxi.vib","title":"DEPRECATED: ESXi VIB (legacy)","desc":" Use `vsphere.host.vib` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"}},"title":"DEPRECATED: ESXi Namespace","desc":" Use `vsphere` and its sub-resources instead. This namespace is kept for backward compatibility only and exposes no queryable fields.","min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.certificate":{"id":"esxi.certificate","name":"esxi.certificate","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"issuer":{"name":"issuer","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"kind":{"name":"kind","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"notAfter":{"name":"notAfter","type":"\t","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"notBefore":{"name":"notBefore","type":"\t","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"subject":{"name":"subject","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"DEPRECATED: ESXi Host SSL/TLS Certificate (legacy)","desc":" Use `vsphere.host.certificate` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"13.0.12","defaults":"subject status notAfter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.command":{"id":"esxi.command","name":"esxi.command","fields":{"command":{"name":"command","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"result":{"name":"result","type":"\u0019\n","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"init":{"args":[{"name":"command","type":"\u0007"}]},"title":"DEPRECATED: ESXi Host Command Execution (legacy)","desc":" Use `vsphere.host.command` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.firewallRule":{"id":"esxi.firewallRule","name":"esxi.firewallRule","fields":{"direction":{"name":"direction","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"endPort":{"name":"endPort","type":"\u0005","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"port":{"name":"port","type":"\u0005","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portType":{"name":"portType","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"protocol":{"name":"protocol","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"DEPRECATED: ESXi Firewall Rule (legacy)","desc":" Use `vsphere.host.firewallRule` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"13.0.12","defaults":"port direction protocol","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.firewallRuleset":{"id":"esxi.firewallRuleset","name":"esxi.firewallRuleset","fields":{"allIpsAllowed":{"name":"allIpsAllowed","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowedIpAddresses":{"name":"allowedIpAddresses","type":"\u0019\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowedIpNetworks":{"name":"allowedIpNetworks","type":"\u0019\n","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"required":{"name":"required","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"rules":{"name":"rules","type":"\u0019\u001besxi.firewallRule","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"service":{"name":"service","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"DEPRECATED: ESXi Firewall Ruleset (legacy)","desc":" Use `vsphere.host.firewallRuleset` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"13.0.12","defaults":"key enabled allIpsAllowed","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.iscsiAdapter":{"id":"esxi.iscsiAdapter","name":"esxi.iscsiAdapter","fields":{"chapAuthEnabled":{"name":"chapAuthEnabled","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"chapAuthenticationType":{"name":"chapAuthenticationType","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"chapName":{"name":"chapName","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"device":{"name":"device","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"iScsiAlias":{"name":"iScsiAlias","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"iScsiName":{"name":"iScsiName","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mutualChapAuthenticationType":{"name":"mutualChapAuthenticationType","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mutualChapName":{"name":"mutualChapName","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"DEPRECATED: ESXi iSCSI Host Bus Adapter (legacy)","desc":" Use `vsphere.host.iscsiAdapter` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"13.0.12","defaults":"device iScsiName","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.kernelmodule":{"id":"esxi.kernelmodule","name":"esxi.kernelmodule","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"license":{"name":"license","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"loaded":{"name":"loaded","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"modulefile":{"name":"modulefile","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signatureDigest":{"name":"signatureDigest","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signatureFingerprint":{"name":"signatureFingerprint","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signedStatus":{"name":"signedStatus","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vibAcceptanceLevel":{"name":"vibAcceptanceLevel","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"DEPRECATED: ESXi Kernel Module (legacy)","desc":" Use `vsphere.host.kernelModule` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.ntpconfig":{"id":"esxi.ntpconfig","name":"esxi.ntpconfig","fields":{"config":{"name":"config","type":"\u0019\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"server":{"name":"server","type":"\u0019\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"DEPRECATED: ESXi Host NTP Configuration (legacy)","desc":" Use `vsphere.host.ntpConfig` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"9.0.0","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.service":{"id":"esxi.service","name":"esxi.service","fields":{"key":{"name":"key","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"policy":{"name":"policy","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"required":{"name":"required","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ruleset":{"name":"ruleset","type":"\u0019\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"running":{"name":"running","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"DEPRECATED: ESXi Management Service (legacy)","desc":" Use `vsphere.host.service` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"9.0.0","defaults":"key label","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.timezone":{"id":"esxi.timezone","name":"esxi.timezone","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"offset":{"name":"offset","type":"\u0005","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"DEPRECATED: ESXi Host Timezone Configuration (legacy)","desc":" Use `vsphere.host.timezone` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"9.0.0","defaults":"key name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.vib":{"id":"esxi.vib","name":"esxi.vib","fields":{"acceptanceLevel":{"name":"acceptanceLevel","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"creationDate":{"name":"creationDate","type":"\t","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"installDate":{"name":"installDate","type":"\t","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vendor":{"name":"vendor","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"DEPRECATED: ESXi VIB (legacy)","desc":" Use `vsphere.host.vib` instead. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"9.0.0","defaults":"id name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"vsphere":{"id":"vsphere","name":"vsphere","fields":{"about":{"name":"about","type":"\n","title":"System information including the name, type, version, and build number","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cluster":{"name":"cluster","type":"\u001bvsphere.cluster","title":"vSphere Cluster","desc":" Examine a cluster compute resource in a vCenter datacenter. A cluster groups multiple ESXi `hosts` and exposes key configuration flags: `vsanEnabled`, `haEnabled` (vSphere HA), `drsEnabled` (Distributed Resource Scheduler), and `evcMode` (Enhanced vMotion Compatibility baseline). Use `properties` for the full raw ClusterConfigInfo dict. Iterate from `vsphere.datacenter.clusters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"datacenter":{"name":"datacenter","type":"\u001bvsphere.datacenter","title":"vSphere Datacenter","desc":" Examine a datacenter object in the vCenter inventory. A datacenter is the primary organizational unit containing `hosts`, `vms`, `clusters`, `distributedSwitches`, `distributedPortGroups`, `datastores`, and `resourcePools`. Use `moid` and `inventoryPath` to identify a specific datacenter when multiple exist. Iterate from `vsphere.datacenters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"datacenters":{"name":"datacenters","type":"\u0019\u001bvsphere.datacenter","title":"List of available datacenter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastore":{"name":"datastore","type":"\u001bvsphere.datastore","title":"vSphere Datastore","desc":" Examine a storage backing for virtual machine files. Each datastore has a `type` (VMFS, NFS, NFS41, vsan, VVOL), `capacity` and `freeSpace` in bytes, an `accessible` flag (when false, capacity data is unreliable), and a `maintenanceMode` status. VMFS datastores also expose `vmfsVersion` and `ssd`. Navigate to `hosts` and `vms` to audit which hosts have it mounted and which VMs store files on it. Iterate from `vsphere.datacenter.datastores`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"encryptionKey":{"name":"encryptionKey","type":"\u001bvsphere.encryptionKey","title":"vSphere VM Encryption Key Reference","desc":" Examine a CryptoKeyId reference on an encrypted virtual machine resource. vCenter only tracks the key's `keyId` (UUID assigned by the KMS provider) and `providerId` (KMS provider/cluster identifier); key material lives in the external KMS. Navigate to `kmsCluster` to resolve the provider reference against the registered KMIP clusters. Accessed from `vsphere.vm.disk.encryptionKey`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"folder":{"name":"folder","type":"\u001bvsphere.folder","title":"vSphere Inventory Folder","desc":" Examine an organizational container in vCenter's inventory tree. Folders are the unit of permission inheritance — RBAC grants on a folder propagate to all objects inside it. Key fields include `name`, `inventoryPath`, `childTypes` (the managed-object types allowed as direct children), and `childCount` (number of immediate children). Iterate from `vsphere.folders`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"folders":{"name":"folders","type":"\u0019\u001bvsphere.folder","title":"Inventory folders across all datacenters","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"host":{"name":"host","type":"\u001bvsphere.host","title":"vSphere ESXi Host","desc":" Examine an ESXi host managed by vCenter. Exposes hardware identity (`vendor`, `model`, `numCpuCores`, `cpuMhz`), security posture (`lockdownMode`, `firewallIncomingBlocked`, `firewallOutgoingBlocked`, `secureBootEnabled`), network configuration (`standardSwitch`, `distributedSwitch`, `adapters`, `vmknics`), storage (`datastores`), software inventory (`packages`, `kernelModules`), and operational configuration (`advancedSettings`, `services`, `ntp`, `snmp`, `timezone`, `certificate`). Navigate to `cluster` for cluster membership. Iterate from `vsphere.datacenter.hosts`.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"identitySources":{"name":"identitySources","type":"\u0019\u001bvsphere.identitysource","title":"SSO identity sources configured on vCenter (LDAP/AD/local-OS providers)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"identitysource":{"name":"identitysource","type":"\u001bvsphere.identitysource","title":"vSphere SSO Identity Source","desc":" Examine an authentication provider registered with vCenter's SSO service. Sources include the built-in `vsphere.local` domain, the local OS identity source, native Active Directory integration, and external LDAP/AD providers. The `type` field distinguishes source kinds (system, localos, nativead, ldap); LDAP sources expose `primaryUrl`, `failoverUrl`, `userBaseDn`, `groupBaseDn`, and `authenticationUsername`. Iterate from `vsphere.identitySources`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"kmsCluster":{"name":"kmsCluster","type":"\u001bvsphere.kmsCluster","title":"vSphere KMIP Key-Management Cluster","desc":" Examine a registered key-management server cluster used for VM encryption and virtual TPM provisioning. KMIP clusters are configured at the vCenter level (not per host). The `clusterId` is the vCenter-visible name, `useAsDefault` indicates whether this cluster is the default for new encryption keys, `managementType` distinguishes cluster kinds (vCenter, trustAuthority, nativeKeyProvider, externalKeyProvider), and `servers` lists each KMS server entry. Iterate from `vsphere.kmsClusters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"kmsClusters":{"name":"kmsClusters","type":"\u0019\u001bvsphere.kmsCluster","title":"KMIP key-management clusters registered with vCenter (drive VM encryption / vTPM)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"license":{"name":"license","type":"\u001bvsphere.license","title":"vSphere License","desc":" Examine a license entry assigned in vCenter. Each license has a `name`, a `total` seat count, and a `used` seat count. Iterate from `vsphere.licenses` to audit license compliance and over-assignment.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"licenses":{"name":"licenses","type":"\u0019\u001bvsphere.license","title":"Configured licenses","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"permission":{"name":"permission","type":"\u001bvsphere.permission","title":"vSphere RBAC Permission Grant","desc":" Examine a single (entity, principal, role) permission tuple from vCenter's AuthorizationManager. Each grant ties a `principal` (user or group, often in `DOMAIN\\\\name` form) to a `role` on a specific managed object identified by `entityMoid` and `entityType`. Use `propagate` to determine whether the grant flows down the inventory hierarchy. Iterate from `vsphere.permissions`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"permissions":{"name":"permissions","type":"\u0019\u001bvsphere.permission","title":"All RBAC permission grants in vCenter (every (entity, principal, role) tuple)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"resourcepool":{"name":"resourcepool","type":"\u001bvsphere.resourcepool","title":"vSphere Resource Pool","desc":" Examine a CPU and memory partition on a cluster or standalone host. Resource pools enforce reservation, limit, and share policies independently for CPU and memory. Key fields include `cpuReservationMhz`, `cpuLimitMhz`, `cpuShareLevel`, `memoryReservationMB`, `memoryLimitMB`, and `memoryShareLevel`. Use `inventoryPath` to identify the pool's position in the hierarchy. Iterate from `vsphere.datacenter.resourcePools`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"role":{"name":"role","type":"\u001bvsphere.role","title":"vSphere Authorization Role","desc":" Examine an RBAC role definition from vCenter's AuthorizationManager. Each role has a `name`, a human-readable `label`, a `summary` description, and a `privileges` list of privilege identifiers it grants. Built-in (immutable) roles are identified by `system == true`. Iterate from `vsphere.roles`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"roles":{"name":"roles","type":"\u0019\u001bvsphere.role","title":"Authorization roles defined in vCenter (RBAC role catalog)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vm":{"name":"vm","type":"\u001bvsphere.vm","title":"vSphere Virtual Machine","desc":" Examine a virtual machine managed by vCenter. Covers security configuration (`bootFirmware`, `secureBootEnabled`, `vbsEnabled`, `encrypted`, `encryptionKeyId`, `kmsCluster`, `vtpmPresent`), hardware allocation (`numCpu`, `memoryMB`, `cpuAllocation`, `memoryAllocation`), operational state (`powerState`, `vmwareToolsRunning`, `vmwareToolsVersion`), and attached devices (`disks`, `cdroms`, `networkAdapters`, `snapshots`). Navigate to `host` for the ESXi host running the VM and `datastores` for its storage backing. Iterate from `vsphere.datacenter.vms`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"vmknic":{"name":"vmknic","type":"\u001bvsphere.vmknic","title":"vSphere ESXi VMkernel NIC","desc":" Examine a VMkernel virtual network interface on an ESXi host — the host's own network endpoint for management, vMotion, vSAN, FT, replication, and other services. Identified by `name` (e.g., `vmk0`). Key fields include `mac`, `mtu`, `dhcp`, `ipv4` and `ipv6` address records, `tcpipStack`, and `services` (the list of managed services this NIC carries, such as `management`, `vmotion`, `vsan`). Binding to a standard port group is via `portGroupName`; binding to a DVS port group is via `portGroupMoid`. Iterate from `vsphere.host.vmknics`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"vmnic":{"name":"vmnic","type":"\u001bvsphere.vmnic","title":"vSphere ESXi Physical NIC (Uplink)","desc":" Examine a physical NIC on an ESXi host — one entry per pNIC bound to a vSwitch or available for binding. Each adapter is identified by `name` (e.g., `vmnic0`) and exposes `mac`, `linkSpeedMb`, `fullDuplex`, `driver`, and `wakeOnLanSupported`. The `properties` dict holds raw `esxcli network nic list` output; `details` provides additional negotiation and capability data. Iterate from `vsphere.host.adapters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"vswitch":{"name":"vswitch","type":"\u001bvsphere.vswitch","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true}},"title":"VMware vSphere","desc":" Use the top-level entry point for all vSphere inventory queries. Exposes system identity (`about`), `licenses`, `datacenters`, RBAC `roles` and `permissions`, inventory `folders`, SSO `identitySources`, and KMIP `kmsClusters`. Most audits start here and navigate into `vsphere.datacenter` objects for hosts, VMs, clusters, and networking.","min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.cluster":{"id":"vsphere.cluster","name":"vsphere.cluster","fields":{"drsEnabled":{"name":"drsEnabled","type":"\u0004","is_mandatory":true,"title":"Whether DRS (Distributed Resource Scheduler) is enabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"evcMode":{"name":"evcMode","type":"\u0007","is_mandatory":true,"title":"Currently-applied EVC (Enhanced vMotion Compatibility) baseline key, e.g. \"intel-broadwell\"; empty if EVC is disabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"haEnabled":{"name":"haEnabled","type":"\u0004","is_mandatory":true,"title":"Whether vSphere HA (Distributed Availability Service) is enabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"hosts":{"name":"hosts","type":"\u0019\u001bvsphere.host","title":"ESXi hosts running in the cluster","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"vSphere resource name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Cluster properties","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsanEnabled":{"name":"vsanEnabled","type":"\u0004","is_mandatory":true,"title":"Whether vSAN is enabled on the cluster","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Cluster","desc":" Examine a cluster compute resource in a vCenter datacenter. A cluster groups multiple ESXi `hosts` and exposes key configuration flags: `vsanEnabled`, `haEnabled` (vSphere HA), `drsEnabled` (Distributed Resource Scheduler), and `evcMode` (Enhanced vMotion Compatibility baseline). Use `properties` for the full raw ClusterConfigInfo dict. Iterate from `vsphere.datacenter.clusters`.","private":true,"min_provider_version":"9.0.0","defaults":"moid name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.datacenter":{"id":"vsphere.datacenter","name":"vsphere.datacenter","fields":{"clusters":{"name":"clusters","type":"\u0019\u001bvsphere.cluster","title":"Clusters in the datacenter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastores":{"name":"datastores","type":"\u0019\u001bvsphere.datastore","title":"Datastores in the datacenter","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"distributedPortGroups":{"name":"distributedPortGroups","type":"\u0019\u001bvsphere.vswitch.portgroup","title":"List of distributed virtual port groups","min_provider_version":"11.0.39","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"distributedSwitches":{"name":"distributedSwitches","type":"\u0019\u001bvsphere.vswitch.dvs","title":"Distributed virtual switches","min_provider_version":"11.0.39","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"hosts":{"name":"hosts","type":"\u0019\u001bvsphere.host","title":"Hosts in the datacenter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"vSphere datacenter name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"resourcePools":{"name":"resourcePools","type":"\u0019\u001bvsphere.resourcepool","title":"Resource pools in the datacenter (CPU/memory partitions on clusters or standalone hosts)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vms":{"name":"vms","type":"\u0019\u001bvsphere.vm","title":"VMs in the datacenter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Datacenter","desc":" Examine a datacenter object in the vCenter inventory. A datacenter is the primary organizational unit containing `hosts`, `vms`, `clusters`, `distributedSwitches`, `distributedPortGroups`, `datastores`, and `resourcePools`. Use `moid` and `inventoryPath` to identify a specific datacenter when multiple exist. Iterate from `vsphere.datacenters`.","private":true,"min_provider_version":"9.0.0","defaults":"moid name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.datastore":{"id":"vsphere.datastore","name":"vsphere.datastore","fields":{"accessible":{"name":"accessible","type":"\u0004","is_mandatory":true,"title":"Whether the datastore is currently accessible. When false, capacity / freeSpace / uncommitted / url are not guaranteed to be valid.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"capacity":{"name":"capacity","type":"\u0005","is_mandatory":true,"title":"Total capacity in bytes (only meaningful when accessible == true)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"freeSpace":{"name":"freeSpace","type":"\u0005","is_mandatory":true,"title":"Free space in bytes (only meaningful when accessible == true)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"hosts":{"name":"hosts","type":"\u0019\u001bvsphere.host","title":"Hosts that have this datastore mounted, resolved against vsphere.datacenters[].hosts","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"maintenanceMode":{"name":"maintenanceMode","type":"\u0007","is_mandatory":true,"title":"Maintenance mode state (normal, inMaintenance, enteringMaintenance)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"multipleHostAccess":{"name":"multipleHostAccess","type":"\u0004","is_mandatory":true,"title":"Whether more than one host has access (vCenter-only)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Datastore name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ssd":{"name":"ssd","type":"\u0004","is_mandatory":true,"title":"Whether the underlying VMFS volume is on SSD (only set for VMFS; false for non-VMFS or unknown)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Volume type (VMFS, NFS, NFS41, vsan, VVOL, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"uncommitted":{"name":"uncommitted","type":"\u0005","is_mandatory":true,"title":"Bytes potentially used by all VMs (over-commit headroom for thin provisioning); only meaningful when accessible == true","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"url":{"name":"url","type":"\u0007","is_mandatory":true,"title":"Datastore URL/locator (only valid when accessible == true)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vmfsVersion":{"name":"vmfsVersion","type":"\u0007","is_mandatory":true,"title":"VMFS version (only set for VMFS datastores; empty for NFS, vSAN, VVOL, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vms":{"name":"vms","type":"\u0019\u001bvsphere.vm","title":"Virtual machines whose files are stored on this datastore, resolved against vsphere.datacenters[].vms","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Datastore","desc":" Examine a storage backing for virtual machine files. Each datastore has a `type` (VMFS, NFS, NFS41, vsan, VVOL), `capacity` and `freeSpace` in bytes, an `accessible` flag (when false, capacity data is unreliable), and a `maintenanceMode` status. VMFS datastores also expose `vmfsVersion` and `ssd`. Navigate to `hosts` and `vms` to audit which hosts have it mounted and which VMs store files on it. Iterate from `vsphere.datacenter.datastores`.","private":true,"min_provider_version":"13.0.12","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.encryptionKey":{"id":"vsphere.encryptionKey","name":"vsphere.encryptionKey","fields":{"keyId":{"name":"keyId","type":"\u0007","is_mandatory":true,"title":"CryptoKeyId.KeyId — UUID assigned by the KMS provider","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"kmsCluster":{"name":"kmsCluster","type":"\u001bvsphere.kmsCluster","title":"KMS cluster that issued the key, resolved against vsphere.kmsClusters; null when the provider isn't registered","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"providerId":{"name":"providerId","type":"\u0007","is_mandatory":true,"title":"CryptoKeyId.ProviderId — KMS provider/cluster identifier; empty when the key isn't tied to a registered provider","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Encryption Key Reference","desc":" Examine a CryptoKeyId reference on an encrypted virtual machine resource. vCenter only tracks the key's `keyId` (UUID assigned by the KMS provider) and `providerId` (KMS provider/cluster identifier); key material lives in the external KMS. Navigate to `kmsCluster` to resolve the provider reference against the registered KMIP clusters. Accessed from `vsphere.vm.disk.encryptionKey`.","private":true,"min_provider_version":"13.1.1","defaults":"keyId providerId","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.folder":{"id":"vsphere.folder","name":"vsphere.folder","fields":{"childCount":{"name":"childCount","type":"\u0005","is_mandatory":true,"title":"Number of immediate child entities under this folder","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"childTypes":{"name":"childTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Allowed child managed-object types (e.g., VirtualMachine, Folder, HostSystem)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Folder name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Inventory Folder","desc":" Examine an organizational container in vCenter's inventory tree. Folders are the unit of permission inheritance — RBAC grants on a folder propagate to all objects inside it. Key fields include `name`, `inventoryPath`, `childTypes` (the managed-object types allowed as direct children), and `childCount` (number of immediate children). Iterate from `vsphere.folders`.","private":true,"min_provider_version":"13.0.12","defaults":"name inventoryPath","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host":{"id":"vsphere.host","name":"vsphere.host","fields":{"acceptanceLevel":{"name":"acceptanceLevel","type":"\u0007","title":"Host-level VIB acceptance level","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"adapters":{"name":"adapters","type":"\u0019\u001bvsphere.vmnic","title":"Physical NICs currently installed and loaded on the system","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"advancedSettings":{"name":"advancedSettings","type":"\u001a\u0007\u0007","title":"ESXi host advanced settings","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"bootInfo":{"name":"bootInfo","type":"\u001bvsphere.host.bootInfo","title":"Last-boot timestamp + BIOS / firmware identity","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"certificate":{"name":"certificate","type":"\u001bvsphere.host.certificate","title":"Host SSL/TLS certificate","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cluster":{"name":"cluster","type":"\u001bvsphere.cluster","title":"Cluster the host belongs to, resolved against vsphere.datacenters[].clusters; null for standalone hosts","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"command":{"name":"command","type":"\u001bvsphere.host.command","title":"ESXi Host Command Execution","desc":" Examine the output of an arbitrary command run on an ESXi host. The connected target must be a host — use `--platform-id` to select one when connecting through vCenter. The `command` field holds the raw command string, `inventoryPath` identifies the host, and `result` returns the parsed command output as a list of dicts.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"cpuMhz":{"name":"cpuMhz","type":"\u0005","is_mandatory":true,"title":"Per-core CPU clock in MHz","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastores":{"name":"datastores","type":"\u0019\u001bvsphere.datastore","title":"Datastores mounted on the host, resolved against vsphere.datacenters[].datastores","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"distributedSwitch":{"name":"distributedSwitch","type":"\u0019\u001bvsphere.vswitch.dvs","title":"Distributed virtual switches","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"dnsConfig":{"name":"dnsConfig","type":"\u001bvsphere.host.dnsConfig","title":"Host DNS configuration","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"firewallIncomingBlocked":{"name":"firewallIncomingBlocked","type":"\u0004","is_mandatory":true,"title":"Whether the host firewall blocks unsolicited incoming traffic by default (the host firewall service itself is always running on ESXi)","min_provider_version":"13.0.11","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"firewallOutgoingBlocked":{"name":"firewallOutgoingBlocked","type":"\u0004","is_mandatory":true,"title":"Whether the host firewall blocks unsolicited outgoing traffic by default","min_provider_version":"13.0.11","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"firewallRule":{"name":"firewallRule","type":"\u001bvsphere.host.firewallRule","title":"ESXi Host Firewall Rule","desc":" Examine a single port/protocol rule within a `vsphere.host.firewallRuleset`. Each rule specifies a `port` (or start port for a range), `endPort`, traffic `direction` (inbound, outbound), `portType` (src, dst), and `protocol` (tcp, udp). Iterate from `vsphere.host.firewallRuleset.rules`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"firewallRuleset":{"name":"firewallRuleset","type":"\u001bvsphere.host.firewallRuleset","title":"ESXi Host Firewall Ruleset","desc":" Examine one per-service firewall rule entry on an ESXi host. Each ruleset has a `key` (service identifier such as `CIMHttpServer`, `sshServer`), `label`, `enabled` state, and a `required` flag for rulesets ESXi cannot disable. The allowed-IP scope is controlled by `allIpsAllowed`, `allowedIpAddresses`, and `allowedIpNetworks`. Port and protocol details are in `rules`. The global default-deny posture for the host lives on `vsphere.host.firewallIncomingBlocked` and `firewallOutgoingBlocked`. Iterate from `vsphere.host.firewallRulesets`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"firewallRulesets":{"name":"firewallRulesets","type":"\u0019\u001bvsphere.host.firewallRuleset","title":"ESXi firewall rulesets — per-service rule definitions (CIM, SSH, NTP, vMotion, etc.)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ipRouteConfig":{"name":"ipRouteConfig","type":"\u001bvsphere.host.ipRouteConfig","title":"Host IP routing (default gateways)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"iscsiAdapter":{"name":"iscsiAdapter","type":"\u001bvsphere.host.iscsiAdapter","title":"ESXi iSCSI Host Bus Adapter","desc":" Examine an iSCSI HBA configured on an ESXi host. Each adapter exposes its `device` name (e.g., `vmhba65`), `iScsiName` (IQN), and `iScsiAlias`. CHAP authentication posture is available via `chapAuthEnabled`, `chapAuthenticationType`, and `chapName` (the secret is intentionally not exposed); mutual CHAP settings follow the same pattern. Iterate from `vsphere.host.iscsiAdapters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"iscsiAdapters":{"name":"iscsiAdapters","type":"\u0019\u001bvsphere.host.iscsiAdapter","title":"iSCSI host bus adapters configured on the host (zero entries if iSCSI is not in use)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"kernelModule":{"name":"kernelModule","type":"\u001bvsphere.host.kernelModule","title":"ESXi Kernel Module (Driver)","desc":" Examine a kernel module loaded on an ESXi host. Each module exposes `name`, `modulefile`, `version`, `loaded`, `enabled`, `license`, `signedStatus`, `signatureDigest`, `signatureFingerprint`, and `vibAcceptanceLevel`. Use `signedStatus` and `vibAcceptanceLevel` to audit driver signing posture. Iterate from `vsphere.host.kernelModules`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"kernelModules":{"name":"kernelModules","type":"\u0019\u001bvsphere.host.kernelModule","title":"Kernel modules (drivers) on ESXi","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"lockdownMode":{"name":"lockdownMode","type":"\u0007","is_mandatory":true,"title":"Lockdown mode (lockdownDisabled, lockdownNormal, lockdownStrict)","min_provider_version":"13.0.10","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"model":{"name":"model","type":"\u0007","is_mandatory":true,"title":"Hardware model (as reported by SMBIOS)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"vSphere resource name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ntp":{"name":"ntp","type":"\u001bvsphere.host.ntpConfig","title":"Host NTP configuration","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ntpConfig":{"name":"ntpConfig","type":"\u001bvsphere.host.ntpConfig","title":"ESXi Host NTP Configuration","desc":" Examine the NTP configuration on an ESXi host. The `server` list contains the configured NTP server addresses (IP or FQDN), and `config` holds the raw lines of the host's `ntp.conf` file. Accessed from `vsphere.host.ntp`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"numCpuCores":{"name":"numCpuCores","type":"\u0005","is_mandatory":true,"title":"Number of physical CPU cores across all sockets","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"packages":{"name":"packages","type":"\u0019\u001bvsphere.host.vib","title":"All VIBs installed on your ESXi host","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"ESXi properties","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"secureBootEnabled":{"name":"secureBootEnabled","type":"\u0004","is_mandatory":true,"title":"Whether the host firmware reports UEFI Secure Boot was used during system boot (requires vSphere 8.0.3 or later)","min_provider_version":"13.0.10","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"service":{"name":"service","type":"\u001bvsphere.host.service","title":"ESXi Management Service","desc":" Examine a management daemon on an ESXi host. Each service has a `key` (brief identifier), `label`, `running` state, `required` flag (cannot be disabled), and `policy` (activation mode: on, off, automatic). The `ruleset` field lists the firewall ruleset keys this service relies on. Use `running` and `policy` to audit service enablement posture (e.g., SSH should typically be off or set to automatic-with-justification). Iterate from `vsphere.host.services`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"services":{"name":"services","type":"\u0019\u001bvsphere.host.service","title":"List of ESXi management services","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"snmp":{"name":"snmp","type":"\u001a\u0007\u0007","title":"Host SNMP configuration","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"standardSwitch":{"name":"standardSwitch","type":"\u0019\u001bvsphere.vswitch.standard","title":"Standard virtual switches","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"systemInfo":{"name":"systemInfo","type":"\u001bvsphere.host.systemInfo","title":"Hardware identity — UUID, serial, asset/service tag, install date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Host tags","min_provider_version":"11.0.101","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"timezone":{"name":"timezone","type":"\u001bvsphere.host.timezone","title":"Host timezone settings","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vendor":{"name":"vendor","type":"\u0007","is_mandatory":true,"title":"Hardware vendor (as reported by SMBIOS)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vib":{"name":"vib","type":"\u001bvsphere.host.vib","title":"ESXi VIB (vSphere Installation Bundle)","desc":" Examine a software package installed on an ESXi host. Each VIB has a `name`, `version`, `vendor`, `acceptanceLevel` (VMwareCertified, VMwareAccepted, PartnerSupported, CommunitySupported), `creationDate`, `installDate`, and `status`. Use `acceptanceLevel` to audit the software acceptance policy of the host. Iterate from `vsphere.host.packages`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"vmknics":{"name":"vmknics","type":"\u0019\u001bvsphere.vmknic","title":"Virtual network interface that is used by the VMKernel","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere ESXi Host","desc":" Examine an ESXi host managed by vCenter. Exposes hardware identity (`vendor`, `model`, `numCpuCores`, `cpuMhz`), security posture (`lockdownMode`, `firewallIncomingBlocked`, `firewallOutgoingBlocked`, `secureBootEnabled`), network configuration (`standardSwitch`, `distributedSwitch`, `adapters`, `vmknics`), storage (`datastores`), software inventory (`packages`, `kernelModules`), and operational configuration (`advancedSettings`, `services`, `ntp`, `snmp`, `timezone`, `certificate`). Navigate to `cluster` for cluster membership. Iterate from `vsphere.datacenter.hosts`.","private":true,"min_provider_version":"9.0.0","defaults":"moid name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.bootInfo":{"id":"vsphere.host.bootInfo","name":"vsphere.host.bootInfo","fields":{"biosMajorRelease":{"name":"biosMajorRelease","type":"\u0005","is_mandatory":true,"title":"BIOS major release number (vendor-specific)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"biosMinorRelease":{"name":"biosMinorRelease","type":"\u0005","is_mandatory":true,"title":"BIOS minor release number","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"biosReleaseDate":{"name":"biosReleaseDate","type":"\t","is_mandatory":true,"title":"BIOS release date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"biosVersion":{"name":"biosVersion","type":"\u0007","is_mandatory":true,"title":"BIOS version string as reported by SMBIOS","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"bootTime":{"name":"bootTime","type":"\t","is_mandatory":true,"title":"Last time the host booted; zero time if vCenter has never observed a boot","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"firmwareMajorRelease":{"name":"firmwareMajorRelease","type":"\u0005","is_mandatory":true,"title":"Platform firmware major release (UEFI / BMC), separate from system BIOS","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"firmwareMinorRelease":{"name":"firmwareMinorRelease","type":"\u0005","is_mandatory":true,"title":"Platform firmware minor release","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host Boot and BIOS Information","desc":" Examine the last-boot timestamp and BIOS/platform-firmware identity for an ESXi host. Exposes `bootTime`, BIOS version (`biosVersion`, `biosReleaseDate`, `biosMajorRelease`, `biosMinorRelease`), and platform firmware release numbers (`firmwareMajorRelease`, `firmwareMinorRelease`). Accessed from `vsphere.host.bootInfo`.","private":true,"min_provider_version":"13.1.1","defaults":"bootTime biosVersion","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.certificate":{"id":"vsphere.host.certificate","name":"vsphere.host.certificate","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier (host inventory path + cert kind)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"issuer":{"name":"issuer","type":"\u0007","is_mandatory":true,"title":"Issuer distinguished name","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"kind":{"name":"kind","type":"\u0007","is_mandatory":true,"title":"Certificate kind (e.g. machine, vmca); empty/unset means the host machine cert","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"notAfter":{"name":"notAfter","type":"\t","is_mandatory":true,"title":"Validity end (expiration)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"notBefore":{"name":"notBefore","type":"\t","is_mandatory":true,"title":"Validity start","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status reported by vCenter (good, expiring, expired, expiringShortly, unknown, etc.)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"subject":{"name":"subject","type":"\u0007","is_mandatory":true,"title":"Subject distinguished name","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host SSL/TLS Certificate","desc":" Examine a TLS certificate managed by the ESXi HostCertificateManager. Key fields include `subject` and `issuer` distinguished names, `notBefore` and `notAfter` validity timestamps, and `status` as reported by vCenter (good, expiring, expiringSoon, expired, unknown). Use `notAfter` and `status` to audit certificate expiration posture. Accessed from `vsphere.host.certificate`.","private":true,"min_provider_version":"13.0.12","defaults":"subject status notAfter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.command":{"id":"vsphere.host.command","name":"vsphere.host.command","fields":{"command":{"name":"command","type":"\u0007","is_mandatory":true,"title":"Raw command","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path of the host the command runs on","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"result":{"name":"result","type":"\u0019\n","title":"Command result","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"init":{"args":[{"name":"command","type":"\u0007"}]},"title":"ESXi Host Command Execution","desc":" Examine the output of an arbitrary command run on an ESXi host. The connected target must be a host — use `--platform-id` to select one when connecting through vCenter. The `command` field holds the raw command string, `inventoryPath` identifies the host, and `result` returns the parsed command output as a list of dicts.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.dnsConfig":{"id":"vsphere.host.dnsConfig","name":"vsphere.host.dnsConfig","fields":{"dhcp":{"name":"dhcp","type":"\u0004","is_mandatory":true,"title":"Whether DNS settings come from DHCP (when true, the static fields below may be ignored)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"domain":{"name":"domain","type":"\u0007","is_mandatory":true,"title":"DNS domain","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"fqdn":{"name":"fqdn","type":"\u0007","is_mandatory":true,"title":"FQDN convenience: hostName + \".\" + domain when both are set, otherwise just hostName","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"hostName":{"name":"hostName","type":"\u0007","is_mandatory":true,"title":"Hostname portion (no domain)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"searchDomains":{"name":"searchDomains","type":"\u0019\u0007","is_mandatory":true,"title":"DNS search domains","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"servers":{"name":"servers","type":"\u0019\u0007","is_mandatory":true,"title":"Configured DNS server addresses","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"virtualNicDevice":{"name":"virtualNicDevice","type":"\u0007","is_mandatory":true,"title":"VMkernel NIC the DNS configuration is bound to (e.g. \"vmk0\"); empty when not pinned","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host DNS Configuration","desc":" Examine the DNS configuration on an ESXi host. Key fields include `dhcp` (whether DNS settings come from DHCP), `hostName`, `domain`, `fqdn` (computed convenience), `servers` (configured DNS server addresses), and `searchDomains`. The `virtualNicDevice` field identifies which VMkernel NIC the DNS configuration is bound to. Accessed from `vsphere.host.dnsConfig`.","private":true,"min_provider_version":"13.1.1","defaults":"hostName domain","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.firewallRule":{"id":"vsphere.host.firewallRule","name":"vsphere.host.firewallRule","fields":{"direction":{"name":"direction","type":"\u0007","is_mandatory":true,"title":"Direction (inbound, outbound)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"endPort":{"name":"endPort","type":"\u0005","is_mandatory":true,"title":"End port (only meaningful when the rule covers a range; 0 for single-port rules)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier (parent ruleset id + rule index)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"port":{"name":"port","type":"\u0005","is_mandatory":true,"title":"Port number (or start port for a range)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portType":{"name":"portType","type":"\u0007","is_mandatory":true,"title":"Port type (src, dst)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"protocol":{"name":"protocol","type":"\u0007","is_mandatory":true,"title":"Protocol (tcp, udp)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host Firewall Rule","desc":" Examine a single port/protocol rule within a `vsphere.host.firewallRuleset`. Each rule specifies a `port` (or start port for a range), `endPort`, traffic `direction` (inbound, outbound), `portType` (src, dst), and `protocol` (tcp, udp). Iterate from `vsphere.host.firewallRuleset.rules`.","private":true,"min_provider_version":"13.1.1","defaults":"port direction protocol","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.firewallRuleset":{"id":"vsphere.host.firewallRuleset","name":"vsphere.host.firewallRuleset","fields":{"allIpsAllowed":{"name":"allIpsAllowed","type":"\u0004","is_mandatory":true,"title":"Whether traffic is allowed from any IP. When false, callers should consult allowedIpAddresses / allowedIpNetworks.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowedIpAddresses":{"name":"allowedIpAddresses","type":"\u0019\u0007","is_mandatory":true,"title":"Specific IP addresses allowed to reach the service (only populated when allIpsAllowed == false)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowedIpNetworks":{"name":"allowedIpNetworks","type":"\u0019\n","is_mandatory":true,"title":"Specific IP networks allowed (only populated when allIpsAllowed == false). Each entry is a dict with `network` and `prefixLength`.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the ruleset is currently enabled","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier (host inventory path + ruleset key)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Service identifier (e.g., CIMHttpServer, DVSSync, sshServer)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Human-readable service label","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"required":{"name":"required","type":"\u0004","is_mandatory":true,"title":"Whether the ruleset is required by ESXi and cannot be disabled","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"rules":{"name":"rules","type":"\u0019\u001bvsphere.host.firewallRule","is_mandatory":true,"title":"Port and protocol rules opened by this ruleset","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"service":{"name":"service","type":"\u0007","is_mandatory":true,"title":"Backing service name (matches a vsphere.host.service.key); empty if no daemon service","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host Firewall Ruleset","desc":" Examine one per-service firewall rule entry on an ESXi host. Each ruleset has a `key` (service identifier such as `CIMHttpServer`, `sshServer`), `label`, `enabled` state, and a `required` flag for rulesets ESXi cannot disable. The allowed-IP scope is controlled by `allIpsAllowed`, `allowedIpAddresses`, and `allowedIpNetworks`. Port and protocol details are in `rules`. The global default-deny posture for the host lives on `vsphere.host.firewallIncomingBlocked` and `firewallOutgoingBlocked`. Iterate from `vsphere.host.firewallRulesets`.","private":true,"min_provider_version":"13.1.1","defaults":"key enabled allIpsAllowed","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.ipRouteConfig":{"id":"vsphere.host.ipRouteConfig","name":"vsphere.host.ipRouteConfig","fields":{"defaultGateway":{"name":"defaultGateway","type":"\u0007","is_mandatory":true,"title":"IPv4 default gateway; empty when not configured","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"gatewayDevice":{"name":"gatewayDevice","type":"\u0007","is_mandatory":true,"title":"VMkernel NIC the IPv4 default gateway is bound to (e.g. \"vmk0\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ipv6DefaultGateway":{"name":"ipv6DefaultGateway","type":"\u0007","is_mandatory":true,"title":"IPv6 default gateway; empty when not configured","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ipv6GatewayDevice":{"name":"ipv6GatewayDevice","type":"\u0007","is_mandatory":true,"title":"VMkernel NIC the IPv6 default gateway is bound to","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host IP Routing Configuration","desc":" Examine the IP routing (default gateway) configuration on an ESXi host. Exposes `defaultGateway` and `gatewayDevice` (bound VMkernel NIC) for IPv4, and `ipv6DefaultGateway` and `ipv6GatewayDevice` for IPv6. Accessed from `vsphere.host.ipRouteConfig`.","private":true,"min_provider_version":"13.1.1","defaults":"defaultGateway ipv6DefaultGateway","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.iscsiAdapter":{"id":"vsphere.host.iscsiAdapter","name":"vsphere.host.iscsiAdapter","fields":{"chapAuthEnabled":{"name":"chapAuthEnabled","type":"\u0004","is_mandatory":true,"title":"Whether CHAP authentication is enabled at all","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"chapAuthenticationType":{"name":"chapAuthenticationType","type":"\u0007","is_mandatory":true,"title":"CHAP authentication policy (chapDiscouraged, chapPreferred, chapRequired, chapProhibited)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"chapName":{"name":"chapName","type":"\u0007","is_mandatory":true,"title":"CHAP username (the secret is intentionally NOT exposed)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"device":{"name":"device","type":"\u0007","is_mandatory":true,"title":"HBA device name (e.g., vmhba65)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"iScsiAlias":{"name":"iScsiAlias","type":"\u0007","is_mandatory":true,"title":"Optional alias","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"iScsiName":{"name":"iScsiName","type":"\u0007","is_mandatory":true,"title":"iSCSI Qualified Name (IQN)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier (host inventory path + device name)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mutualChapAuthenticationType":{"name":"mutualChapAuthenticationType","type":"\u0007","is_mandatory":true,"title":"Mutual CHAP authentication policy (chapProhibited, chapRequired, ...)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mutualChapName":{"name":"mutualChapName","type":"\u0007","is_mandatory":true,"title":"Mutual CHAP username","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi iSCSI Host Bus Adapter","desc":" Examine an iSCSI HBA configured on an ESXi host. Each adapter exposes its `device` name (e.g., `vmhba65`), `iScsiName` (IQN), and `iScsiAlias`. CHAP authentication posture is available via `chapAuthEnabled`, `chapAuthenticationType`, and `chapName` (the secret is intentionally not exposed); mutual CHAP settings follow the same pattern. Iterate from `vsphere.host.iscsiAdapters`.","private":true,"min_provider_version":"13.1.1","defaults":"device iScsiName","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.kernelModule":{"id":"vsphere.host.kernelModule","name":"vsphere.host.kernelModule","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the module is enabled","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"license":{"name":"license","type":"\u0007","is_mandatory":true,"title":"Module license","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"loaded":{"name":"loaded","type":"\u0004","is_mandatory":true,"title":"Whether the module is currently loaded","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"modulefile":{"name":"modulefile","type":"\u0007","is_mandatory":true,"title":"Module file location","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Module name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signatureDigest":{"name":"signatureDigest","type":"\u0007","is_mandatory":true,"title":"Module signed digest","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signatureFingerprint":{"name":"signatureFingerprint","type":"\u0007","is_mandatory":true,"title":"Module signed fingerprint","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signedStatus":{"name":"signedStatus","type":"\u0007","is_mandatory":true,"title":"Module signed status","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Module version","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vibAcceptanceLevel":{"name":"vibAcceptanceLevel","type":"\u0007","is_mandatory":true,"title":"Module acceptance level","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Kernel Module (Driver)","desc":" Examine a kernel module loaded on an ESXi host. Each module exposes `name`, `modulefile`, `version`, `loaded`, `enabled`, `license`, `signedStatus`, `signatureDigest`, `signatureFingerprint`, and `vibAcceptanceLevel`. Use `signedStatus` and `vibAcceptanceLevel` to audit driver signing posture. Iterate from `vsphere.host.kernelModules`.","private":true,"min_provider_version":"13.1.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.ntpConfig":{"id":"vsphere.host.ntpConfig","name":"vsphere.host.ntpConfig","fields":{"config":{"name":"config","type":"\u0019\u0007","is_mandatory":true,"title":"Content of ntp.conf host configuration file, split by lines","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"NTP config ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"server":{"name":"server","type":"\u0019\u0007","is_mandatory":true,"title":"List of time servers, specified as either IP addresses or fully qualified domain names (FQDNs)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host NTP Configuration","desc":" Examine the NTP configuration on an ESXi host. The `server` list contains the configured NTP server addresses (IP or FQDN), and `config` holds the raw lines of the host's `ntp.conf` file. Accessed from `vsphere.host.ntp`.","private":true,"min_provider_version":"13.1.1","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.service":{"id":"vsphere.host.service","name":"vsphere.host.service","fields":{"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Brief identifier for the service","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Display label for the service","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"policy":{"name":"policy","type":"\u0007","is_mandatory":true,"title":"Service activation policy (on, off, automatic)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"required":{"name":"required","type":"\u0004","is_mandatory":true,"title":"Whether the service is required and cannot be disabled","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ruleset":{"name":"ruleset","type":"\u0019\u0007","is_mandatory":true,"title":"Firewall rulesets used by this service (matches vsphere.host.firewallRuleset.key)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"running":{"name":"running","type":"\u0004","is_mandatory":true,"title":"Whether the service is currently running","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Management Service","desc":" Examine a management daemon on an ESXi host. Each service has a `key` (brief identifier), `label`, `running` state, `required` flag (cannot be disabled), and `policy` (activation mode: on, off, automatic). The `ruleset` field lists the firewall ruleset keys this service relies on. Use `running` and `policy` to audit service enablement posture (e.g., SSH should typically be off or set to automatic-with-justification). Iterate from `vsphere.host.services`.","private":true,"min_provider_version":"13.1.1","defaults":"key label","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.systemInfo":{"id":"vsphere.host.systemInfo","name":"vsphere.host.systemInfo","fields":{"assetTag":{"name":"assetTag","type":"\u0007","is_mandatory":true,"title":"Asset tag from SMBIOS, when populated by the vendor","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"installDate":{"name":"installDate","type":"\t","is_mandatory":true,"title":"ESXi install date (vSphere 7+); zero time when the platform doesn't report it","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"model":{"name":"model","type":"\u0007","is_mandatory":true,"title":"Hardware model (SMBIOS)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"oemSpecific":{"name":"oemSpecific","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Other vendor-specific identifying info that doesn't map to the named fields above (key → value)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"serialNumber":{"name":"serialNumber","type":"\u0007","is_mandatory":true,"title":"Vendor-assigned serial number; empty when not reported","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"serviceTag":{"name":"serviceTag","type":"\u0007","is_mandatory":true,"title":"Service tag (Dell-specific identifier; empty on non-Dell hardware)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"uuid":{"name":"uuid","type":"\u0007","is_mandatory":true,"title":"Hardware UUID (SMBIOS UUID, stable per chassis)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vendor":{"name":"vendor","type":"\u0007","is_mandatory":true,"title":"Hardware vendor (SMBIOS) — same value as vsphere.host.vendor, exposed here for grouping","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host Hardware Identity","desc":" Examine the hardware identity for an ESXi host sourced from SMBIOS and HostSystemIdentificationInfo. Key fields include `vendor`, `model`, `uuid` (stable per chassis), `serialNumber`, `assetTag`, `serviceTag` (Dell only), and `installDate` (vSphere 7+). Unrecognized OEM identifiers land in `oemSpecific` so unusual platforms (HPE iLO, IBM, custom OEM) don't lose data. Accessed from `vsphere.host.systemInfo`.","private":true,"min_provider_version":"13.1.1","defaults":"model serialNumber","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.timezone":{"id":"vsphere.host.timezone","name":"vsphere.host.timezone","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the time zone","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Identifier for the time zone","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Time zone name","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"offset":{"name":"offset","type":"\u0005","is_mandatory":true,"title":"GMT offset","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host Timezone Configuration","desc":" Examine the time zone configured on an ESXi host. Fields include `key` (timezone identifier), `name` (display name), `description`, and `offset` (GMT offset in seconds). Accessed from `vsphere.host.timezone`.","private":true,"min_provider_version":"9.0.0","defaults":"key name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.vib":{"id":"vsphere.host.vib","name":"vsphere.host.vib","fields":{"acceptanceLevel":{"name":"acceptanceLevel","type":"\u0007","is_mandatory":true,"title":"Acceptance level (VMwareCertified, VMwareAccepted, PartnerSupported, CommunitySupported)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"creationDate":{"name":"creationDate","type":"\t","is_mandatory":true,"title":"Creation date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"VIB ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"installDate":{"name":"installDate","type":"\t","is_mandatory":true,"title":"Install date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Bundle name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Bundle status","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vendor":{"name":"vendor","type":"\u0007","is_mandatory":true,"title":"Bundle vendor","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Bundle version","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi VIB (vSphere Installation Bundle)","desc":" Examine a software package installed on an ESXi host. Each VIB has a `name`, `version`, `vendor`, `acceptanceLevel` (VMwareCertified, VMwareAccepted, PartnerSupported, CommunitySupported), `creationDate`, `installDate`, and `status`. Use `acceptanceLevel` to audit the software acceptance policy of the host. Iterate from `vsphere.host.packages`.","private":true,"min_provider_version":"13.1.1","defaults":"id name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.identitysource":{"id":"vsphere.identitysource","name":"vsphere.identitysource","fields":{"alternativeNames":{"name":"alternativeNames","type":"\u0019\u0007","is_mandatory":true,"title":"Alternative names recognized for the domain (e.g., NetBIOS aliases)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"authenticationType":{"name":"authenticationType","type":"\u0007","is_mandatory":true,"title":"Authentication mechanism used by external providers (anonymous, password, srp, reserved); empty for system/localos","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"authenticationUsername":{"name":"authenticationUsername","type":"\u0007","is_mandatory":true,"title":"Service-account username used to bind (LDAP only)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"failoverUrl":{"name":"failoverUrl","type":"\u0007","is_mandatory":true,"title":"Failover directory server URL (LDAP only; empty if not configured)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"groupBaseDn":{"name":"groupBaseDn","type":"\u0007","is_mandatory":true,"title":"Distinguished name to bind under for groups (LDAP only)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Domain name of the identity source (e.g., vsphere.local, corp.example.com)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"primaryUrl":{"name":"primaryUrl","type":"\u0007","is_mandatory":true,"title":"Primary directory server URL (LDAP only)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Source kind (system, localos, nativead, ldap)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"userBaseDn":{"name":"userBaseDn","type":"\u0007","is_mandatory":true,"title":"Distinguished name to bind under for users (LDAP only)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere SSO Identity Source","desc":" Examine an authentication provider registered with vCenter's SSO service. Sources include the built-in `vsphere.local` domain, the local OS identity source, native Active Directory integration, and external LDAP/AD providers. The `type` field distinguishes source kinds (system, localos, nativead, ldap); LDAP sources expose `primaryUrl`, `failoverUrl`, `userBaseDn`, `groupBaseDn`, and `authenticationUsername`. Iterate from `vsphere.identitySources`.","private":true,"min_provider_version":"13.0.12","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.kmsCluster":{"id":"vsphere.kmsCluster","name":"vsphere.kmsCluster","fields":{"clusterId":{"name":"clusterId","type":"\u0007","is_mandatory":true,"title":"Cluster identifier — also the vCenter-visible name (KmipClusterInfo has no","desc":"separate display name; the ID you set when registering the cluster is what appears in the UI).","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"managementType":{"name":"managementType","type":"\u0007","is_mandatory":true,"title":"Management type (vCenter, trustAuthority, nativeKeyProvider, externalKeyProvider)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"serverCount":{"name":"serverCount","type":"\u0005","is_mandatory":true,"title":"Number of KMS servers configured under this cluster","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"servers":{"name":"servers","type":"\u0019\n","is_mandatory":true,"title":"KMS server entries. Each is a dict with `name`, `address`, and `port` (no secret material exposed).","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"useAsDefault":{"name":"useAsDefault","type":"\u0004","is_mandatory":true,"title":"Whether this cluster is the vCenter default for new encryption keys","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere KMIP Key-Management Cluster","desc":" Examine a registered key-management server cluster used for VM encryption and virtual TPM provisioning. KMIP clusters are configured at the vCenter level (not per host). The `clusterId` is the vCenter-visible name, `useAsDefault` indicates whether this cluster is the default for new encryption keys, `managementType` distinguishes cluster kinds (vCenter, trustAuthority, nativeKeyProvider, externalKeyProvider), and `servers` lists each KMS server entry. Iterate from `vsphere.kmsClusters`.","private":true,"min_provider_version":"13.0.12","defaults":"clusterId useAsDefault managementType","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.license":{"id":"vsphere.license","name":"vsphere.license","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"License name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"total":{"name":"total","type":"\u0005","is_mandatory":true,"title":"Total licenses","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"used":{"name":"used","type":"\u0005","is_mandatory":true,"title":"Used licenses","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere License","desc":" Examine a license entry assigned in vCenter. Each license has a `name`, a `total` seat count, and a `used` seat count. Iterate from `vsphere.licenses` to audit license compliance and over-assignment.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.permission":{"id":"vsphere.permission","name":"vsphere.permission","fields":{"entityMoid":{"name":"entityMoid","type":"\u0007","is_mandatory":true,"title":"Managed object ID of the entity the permission is granted on","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"entityType":{"name":"entityType","type":"\u0007","is_mandatory":true,"title":"Type of the entity (e.g., Datacenter, ClusterComputeResource, HostSystem, VirtualMachine, Folder)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"group":{"name":"group","type":"\u0004","is_mandatory":true,"title":"Whether the principal is a group (true) or a user (false)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier (entity moid + principal kind + principal)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"principal":{"name":"principal","type":"\u0007","is_mandatory":true,"title":"Principal (user or group) the permission is granted to, often \"DOMAIN\\\\name\" or \"DOMAIN\\\\GroupName\"","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"propagate":{"name":"propagate","type":"\u0004","is_mandatory":true,"title":"Whether the permission propagates to children of the entity in the inventory hierarchy","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"role":{"name":"role","type":"\u001bvsphere.role","title":"RBAC role granted by this permission","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere RBAC Permission Grant","desc":" Examine a single (entity, principal, role) permission tuple from vCenter's AuthorizationManager. Each grant ties a `principal` (user or group, often in `DOMAIN\\\\name` form) to a `role` on a specific managed object identified by `entityMoid` and `entityType`. Use `propagate` to determine whether the grant flows down the inventory hierarchy. Iterate from `vsphere.permissions`.","private":true,"min_provider_version":"13.0.12","defaults":"principal entityType entityMoid","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.resourcepool":{"id":"vsphere.resourcepool","name":"vsphere.resourcepool","fields":{"cpuExpandableReservation":{"name":"cpuExpandableReservation","type":"\u0004","is_mandatory":true,"title":"Whether CPU reservation can grow into the parent's unreserved capacity","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuLimitMhz":{"name":"cpuLimitMhz","type":"\u0005","is_mandatory":true,"title":"CPU limit in MHz (-1 = unlimited)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuReservationMhz":{"name":"cpuReservationMhz","type":"\u0005","is_mandatory":true,"title":"CPU reservation in MHz (0 = no reservation)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuShareLevel":{"name":"cpuShareLevel","type":"\u0007","is_mandatory":true,"title":"CPU share level (low, normal, high, custom)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuShares":{"name":"cpuShares","type":"\u0005","is_mandatory":true,"title":"CPU shares (only meaningful when cpuShareLevel == custom)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryExpandableReservation":{"name":"memoryExpandableReservation","type":"\u0004","is_mandatory":true,"title":"Whether memory reservation can grow into the parent's unreserved capacity","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryLimitMB":{"name":"memoryLimitMB","type":"\u0005","is_mandatory":true,"title":"Memory limit in MB (-1 = unlimited)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryReservationMB":{"name":"memoryReservationMB","type":"\u0005","is_mandatory":true,"title":"Memory reservation in MB (0 = no reservation)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryShareLevel":{"name":"memoryShareLevel","type":"\u0007","is_mandatory":true,"title":"Memory share level (low, normal, high, custom)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryShares":{"name":"memoryShares","type":"\u0005","is_mandatory":true,"title":"Memory shares (only meaningful when memoryShareLevel == custom)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource pool name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Resource Pool","desc":" Examine a CPU and memory partition on a cluster or standalone host. Resource pools enforce reservation, limit, and share policies independently for CPU and memory. Key fields include `cpuReservationMhz`, `cpuLimitMhz`, `cpuShareLevel`, `memoryReservationMB`, `memoryLimitMB`, and `memoryShareLevel`. Use `inventoryPath` to identify the pool's position in the hierarchy. Iterate from `vsphere.datacenter.resourcePools`.","private":true,"min_provider_version":"13.0.12","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.role":{"id":"vsphere.role","name":"vsphere.role","fields":{"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Human-readable label","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Role name (e.g., \"Admin\", \"ReadOnly\", or a custom name)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"privileges":{"name":"privileges","type":"\u0019\u0007","is_mandatory":true,"title":"Privilege identifiers granted by this role","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"roleId":{"name":"roleId","type":"\u0005","is_mandatory":true,"title":"Unique role identifier","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"summary":{"name":"summary","type":"\u0007","is_mandatory":true,"title":"Role summary / description","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"system":{"name":"system","type":"\u0004","is_mandatory":true,"title":"Whether the role is built-in (system-defined and immutable) vs. customer-defined","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Authorization Role","desc":" Examine an RBAC role definition from vCenter's AuthorizationManager. Each role has a `name`, a human-readable `label`, a `summary` description, and a `privileges` list of privilege identifiers it grants. Built-in (immutable) roles are identified by `system == true`. Iterate from `vsphere.roles`.","private":true,"min_provider_version":"13.0.12","defaults":"name system","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm":{"id":"vsphere.vm","name":"vsphere.vm","fields":{"advancedSettings":{"name":"advancedSettings","type":"\u001a\u0007\u0007","title":"Virtual machine advanced properties","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"annotation":{"name":"annotation","type":"\u0007","is_mandatory":true,"title":"Free-form description / notes set on the VM","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"biosUuid":{"name":"biosUuid","type":"\u0007","is_mandatory":true,"title":"SMBIOS UUID exposed to the guest OS via virtual BIOS; can be reused if a VM is cloned with same uuid setting","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"bootFirmware":{"name":"bootFirmware","type":"\u0007","is_mandatory":true,"title":"Boot firmware (bios or efi)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cdrom":{"name":"cdrom","type":"\u001bvsphere.vm.cdrom","title":"vSphere VM Virtual CD/DVD Device","desc":" Examine a virtual CD/DVD drive attached to a VM. The `backingType` field identifies the source: `iso` (file on a datastore), `atapi` (host ATAPI passthrough), `passthrough` (host CD/DVD), `remoteAtapi`, or `remotePassthrough`. For ISO-backed drives, `isoPath` gives the datastore-bracket path and `datastore` resolves the backing datastore. Use `connected` and `connectedAtPowerOn` to audit ISO attachment posture (running production VMs should typically have no ISO attached). Iterate from `vsphere.vm.cdroms`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"cdroms":{"name":"cdroms","type":"\u0019\u001bvsphere.vm.cdrom","title":"Virtual CD/DVD devices attached to the VM (in device order)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuAllocation":{"name":"cpuAllocation","type":"\u001bvsphere.vm.cpuAllocation","title":"CPU resource allocation (reservation, limit, shares)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuHotAddEnabled":{"name":"cpuHotAddEnabled","type":"\u0004","is_mandatory":true,"title":"Whether CPU hot-add is enabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"createDate":{"name":"createDate","type":"\t","is_mandatory":true,"title":"When the VM was created. vCenter may not report this for VMs created before vSphere 6.7 or for templates; in those cases the field is the zero time (0001-01-01).","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastores":{"name":"datastores","type":"\u0019\u001bvsphere.datastore","title":"Datastores backing the VM's files, resolved against vsphere.datacenters[].datastores","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"disk":{"name":"disk","type":"\u001bvsphere.vm.disk","title":"vSphere VM Virtual Disk","desc":" Examine a virtual disk attached to a VM. The `backingType` identifies the VMDK variant (flatVer2 for regular VMFS, rdmV1 for raw device mapping, etc.). Key audit fields include `diskMode` (persistence mode — independent disks are excluded from snapshots), `thinProvisioned`, `eagerlyScrub` (required for FT), and `uuid`. Navigate to `encryptionKey` to check disk-level encryption and to `datastore` to identify the backing storage. Iterate from `vsphere.vm.disks`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"disks":{"name":"disks","type":"\u0019\u001bvsphere.vm.disk","title":"Virtual disks attached to the VM, in device order","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"encrypted":{"name":"encrypted","type":"\u0004","is_mandatory":true,"title":"Whether vSphere VM encryption is enabled on this VM (encrypts VMX, swap, and disks)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"encryptionKeyId":{"name":"encryptionKeyId","type":"\u0007","is_mandatory":true,"title":"Encryption key ID (CryptoKeyId.KeyId) used to encrypt the VM; empty if not encrypted","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"guestHostname":{"name":"guestHostname","type":"\u0007","is_mandatory":true,"title":"Hostname reported by VMware Tools (only meaningful when Tools is running)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"guestIpAddress":{"name":"guestIpAddress","type":"\u0007","is_mandatory":true,"title":"Primary IP address reported by VMware Tools (only meaningful when Tools is running)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"host":{"name":"host","type":"\u001bvsphere.host","title":"ESXi host the VM is currently registered on, resolved against vsphere.datacenters[].hosts; null when the VM is unregistered or the host is missing from inventory","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"instanceUuid":{"name":"instanceUuid","type":"\u0007","is_mandatory":true,"title":"VM instance UUID — stable across vCenter migrations (vc.uuid + InstanceUuid bit), unique per vCenter","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"kmsCluster":{"name":"kmsCluster","type":"\u001bvsphere.kmsCluster","title":"KMS cluster providing the encryption key, resolved lazily against vsphere.kmsClusters; null when the VM is not encrypted","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryAllocation":{"name":"memoryAllocation","type":"\u001bvsphere.vm.memoryAllocation","title":"Memory resource allocation (reservation, limit, shares, overhead limit)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryHotAddEnabled":{"name":"memoryHotAddEnabled","type":"\u0004","is_mandatory":true,"title":"Whether memory hot-add is enabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryMB":{"name":"memoryMB","type":"\u0005","is_mandatory":true,"title":"Configured memory size in megabytes","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"vSphere resource name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"networkAdapter":{"name":"networkAdapter","type":"\u001bvsphere.vm.networkAdapter","title":"vSphere VM Virtual Network Adapter","desc":" Examine a virtual NIC attached to a VM. Covers all NIC variants: e1000, e1000e, vmxnet, vmxnet2, vmxnet3, pcnet32, sriov. Key fields include `adapterType`, `macAddress`, `addressType` (manual, generated, assigned), `connected`, `connectedAtPowerOn`, and `wakeOnLan`. The `backingType` distinguishes standard portgroup (`network`), distributed portgroup (`dvs`), and NSX-T logical switch (`opaque`) backings; use `portGroupName` or `portGroupMoid` / `portGroup` to identify the backing network. Iterate from `vsphere.vm.networkAdapters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"networkAdapters":{"name":"networkAdapters","type":"\u0019\u001bvsphere.vm.networkAdapter","title":"Virtual network adapters attached to the VM (in device order)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"numCpu":{"name":"numCpu","type":"\u0005","is_mandatory":true,"title":"Number of virtual CPUs configured","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"numSnapshots":{"name":"numSnapshots","type":"\u0005","is_mandatory":true,"title":"Number of snapshots in the VM's snapshot tree (0 if none)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"powerState":{"name":"powerState","type":"\u0007","is_mandatory":true,"title":"Power state (poweredOn, poweredOff, suspended)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Virtual machine properties","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"secureBootEnabled":{"name":"secureBootEnabled","type":"\u0004","is_mandatory":true,"title":"Whether UEFI Secure Boot is enabled (only meaningful when bootFirmware is efi)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"snapshot":{"name":"snapshot","type":"\u001bvsphere.vm.snapshot","title":"vSphere VM Snapshot","desc":" Examine a single snapshot in a VM's snapshot tree. The tree is flattened — use `parentMoid` to reconstruct hierarchy and `current` to identify the active snapshot. Key fields include `name`, `description`, `createDate`, `powerState` at snapshot time, and `quiesced` (file-system consistent snapshot). Use `numSnapshots` on the parent VM to quickly check if any snapshots exist. Iterate from `vsphere.vm.snapshots`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"snapshots":{"name":"snapshots","type":"\u0019\u001bvsphere.vm.snapshot","title":"Snapshots in this VM's snapshot tree, flattened (root-first depth-first); empty when no snapshots exist","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"VM tags","min_provider_version":"11.0.101","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"template":{"name":"template","type":"\u0004","is_mandatory":true,"title":"Whether this entry is a VM template rather than a runnable VM","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vbsEnabled":{"name":"vbsEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Virtualization-Based Security (VBS) is enabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vmwareToolsRunning":{"name":"vmwareToolsRunning","type":"\u0004","is_mandatory":true,"title":"Whether VMware Tools reports as running in the guest (only meaningful when powerState == poweredOn)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vmwareToolsVersion":{"name":"vmwareToolsVersion","type":"\u0007","is_mandatory":true,"title":"VMware Tools version installed in the guest, as the numeric build string (empty if Tools not running or not reported)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vtpmPresent":{"name":"vtpmPresent","type":"\u0004","is_mandatory":true,"title":"Whether a virtual TPM 2.0 device is attached to the VM","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Virtual Machine","desc":" Examine a virtual machine managed by vCenter. Covers security configuration (`bootFirmware`, `secureBootEnabled`, `vbsEnabled`, `encrypted`, `encryptionKeyId`, `kmsCluster`, `vtpmPresent`), hardware allocation (`numCpu`, `memoryMB`, `cpuAllocation`, `memoryAllocation`), operational state (`powerState`, `vmwareToolsRunning`, `vmwareToolsVersion`), and attached devices (`disks`, `cdroms`, `networkAdapters`, `snapshots`). Navigate to `host` for the ESXi host running the VM and `datastores` for its storage backing. Iterate from `vsphere.datacenter.vms`.","private":true,"min_provider_version":"9.0.0","defaults":"moid name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.cdrom":{"id":"vsphere.vm.cdrom","name":"vsphere.vm.cdrom","fields":{"allowGuestControl":{"name":"allowGuestControl","type":"\u0004","is_mandatory":true,"title":"Whether the guest OS can connect / disconnect this device at runtime","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"backingType":{"name":"backingType","type":"\u0007","is_mandatory":true,"title":"Backing variant: iso (file on a datastore), atapi (host ATAPI passthrough), passthrough (host CD/DVD), remoteAtapi, remotePassthrough, or empty for an unknown backing","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"connected":{"name":"connected","type":"\u0004","is_mandatory":true,"title":"Whether the drive is currently connected to the VM","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"connectedAtPowerOn":{"name":"connectedAtPowerOn","type":"\u0004","is_mandatory":true,"title":"Whether the drive auto-connects when the VM powers on","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastore":{"name":"datastore","type":"\u001bvsphere.datastore","title":"Datastore backing the ISO file, resolved against vsphere.datacenters[].datastores; null when the backing isn't ISO-on-datastore or the datastore isn't visible in inventory","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"isoPath":{"name":"isoPath","type":"\u0007","is_mandatory":true,"title":"ISO file path in datastore-bracket form (e.g. \"[datastore1] isos/install.iso\"); empty unless backingType is iso","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0005","is_mandatory":true,"title":"Device key (unique within the parent VM, stable across reconfigure)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Device label (e.g., \"CD/DVD drive 1\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Virtual CD/DVD Device","desc":" Examine a virtual CD/DVD drive attached to a VM. The `backingType` field identifies the source: `iso` (file on a datastore), `atapi` (host ATAPI passthrough), `passthrough` (host CD/DVD), `remoteAtapi`, or `remotePassthrough`. For ISO-backed drives, `isoPath` gives the datastore-bracket path and `datastore` resolves the backing datastore. Use `connected` and `connectedAtPowerOn` to audit ISO attachment posture (running production VMs should typically have no ISO attached). Iterate from `vsphere.vm.cdroms`.","private":true,"min_provider_version":"13.1.1","defaults":"label backingType connected","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.cpuAllocation":{"id":"vsphere.vm.cpuAllocation","name":"vsphere.vm.cpuAllocation","fields":{"expandableReservation":{"name":"expandableReservation","type":"\u0004","is_mandatory":true,"title":"Whether the reservation can grow dynamically beyond the configured value","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"limitMHz":{"name":"limitMHz","type":"\u0005","is_mandatory":true,"title":"CPU limit in MHz; -1 means unlimited","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"reservationMHz":{"name":"reservationMHz","type":"\u0005","is_mandatory":true,"title":"Guaranteed CPU reservation in MHz","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"shares":{"name":"shares","type":"\u0005","is_mandatory":true,"title":"Numeric share weight (only meaningful when sharesLevel == \"custom\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"sharesLevel":{"name":"sharesLevel","type":"\u0007","is_mandatory":true,"title":"Shares level: low, normal, high, or custom","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM CPU Resource Allocation","desc":" Examine the CPU resource allocation settings for a virtual machine. Fields include `reservationMHz` (guaranteed MHz), `limitMHz` (-1 = unlimited), `expandableReservation`, `sharesLevel` (low, normal, high, custom), and `shares` (numeric weight when `sharesLevel` is custom). Accessed from `vsphere.vm.cpuAllocation`.","private":true,"min_provider_version":"13.1.1","defaults":"reservationMHz limitMHz sharesLevel","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.disk":{"id":"vsphere.vm.disk","name":"vsphere.vm.disk","fields":{"backingType":{"name":"backingType","type":"\u0007","is_mandatory":true,"title":"Backing variant: flatVer2 (regular VMFS .vmdk), rdmV1 (raw device mapping), sparseVer2, seSparse (linked clone delta), or empty when an unknown backing is in use","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"capacityBytes":{"name":"capacityBytes","type":"\u0005","is_mandatory":true,"title":"Disk capacity in bytes","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastore":{"name":"datastore","type":"\u001bvsphere.datastore","title":"Datastore backing this disk, resolved against vsphere.datacenters[].datastores; null when the backing has no datastore (e.g., RDM with passthrough) or the datastore isn't visible in inventory","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"diskMode":{"name":"diskMode","type":"\u0007","is_mandatory":true,"title":"Persistence mode (persistent, independent_persistent, independent_nonpersistent, nonpersistent, undoable, append). Independent disks are excluded from snapshots.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"eagerlyScrub":{"name":"eagerlyScrub","type":"\u0004","is_mandatory":true,"title":"Whether the disk is eager-zeroed thick (required for FT and clustered apps; only meaningful for flatVer2 backing)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"encryptionKey":{"name":"encryptionKey","type":"\u001bvsphere.encryptionKey","title":"Encryption key wrapping this disk, resolved lazily; null when the disk is not encrypted","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"fileName":{"name":"fileName","type":"\u0007","is_mandatory":true,"title":"VMDK file path in datastore-bracket form (e.g. \"[datastore1] vm/vm.vmdk\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0005","is_mandatory":true,"title":"Device key (unique within the parent VM, stable across reconfigure)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Device label (e.g., \"Hard disk 1\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"sharing":{"name":"sharing","type":"\u0007","is_mandatory":true,"title":"Sharing mode (sharingNone, sharingMultiWriter)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"thinProvisioned":{"name":"thinProvisioned","type":"\u0004","is_mandatory":true,"title":"Whether the disk is thin-provisioned (only meaningful for flatVer2 backing)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"uuid":{"name":"uuid","type":"\u0007","is_mandatory":true,"title":"Disk UUID assigned by ESXi (stable across vMotion / storage vMotion)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"writeThrough":{"name":"writeThrough","type":"\u0004","is_mandatory":true,"title":"Whether writes bypass the host buffer cache (only meaningful for flatVer2 backing)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Virtual Disk","desc":" Examine a virtual disk attached to a VM. The `backingType` identifies the VMDK variant (flatVer2 for regular VMFS, rdmV1 for raw device mapping, etc.). Key audit fields include `diskMode` (persistence mode — independent disks are excluded from snapshots), `thinProvisioned`, `eagerlyScrub` (required for FT), and `uuid`. Navigate to `encryptionKey` to check disk-level encryption and to `datastore` to identify the backing storage. Iterate from `vsphere.vm.disks`.","private":true,"min_provider_version":"13.1.1","defaults":"label capacityBytes diskMode","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.memoryAllocation":{"id":"vsphere.vm.memoryAllocation","name":"vsphere.vm.memoryAllocation","fields":{"expandableReservation":{"name":"expandableReservation","type":"\u0004","is_mandatory":true,"title":"Whether the reservation can grow dynamically beyond the configured value","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"limitMB":{"name":"limitMB","type":"\u0005","is_mandatory":true,"title":"Memory limit in MB; -1 means unlimited","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"overheadLimitMB":{"name":"overheadLimitMB","type":"\u0005","is_mandatory":true,"title":"Cap on virtualization overhead memory in MB; -1 means unlimited (the default)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"reservationMB":{"name":"reservationMB","type":"\u0005","is_mandatory":true,"title":"Guaranteed memory reservation in MB","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"shares":{"name":"shares","type":"\u0005","is_mandatory":true,"title":"Numeric share weight (only meaningful when sharesLevel == \"custom\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"sharesLevel":{"name":"sharesLevel","type":"\u0007","is_mandatory":true,"title":"Shares level: low, normal, high, or custom","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Memory Resource Allocation","desc":" Examine the memory resource allocation settings for a virtual machine. Fields include `reservationMB` (guaranteed MB), `limitMB` (-1 = unlimited), `expandableReservation`, `sharesLevel` (low, normal, high, custom), `shares` (numeric weight when `sharesLevel` is custom), and `overheadLimitMB` (cap on virtualization overhead memory; -1 = unlimited). Accessed from `vsphere.vm.memoryAllocation`.","private":true,"min_provider_version":"13.1.1","defaults":"reservationMB limitMB sharesLevel","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.networkAdapter":{"id":"vsphere.vm.networkAdapter","name":"vsphere.vm.networkAdapter","fields":{"adapterType":{"name":"adapterType","type":"\u0007","is_mandatory":true,"title":"Adapter virtual hardware type: e1000, e1000e, vmxnet, vmxnet2, vmxnet3, pcnet32, sriov, or empty for unknown","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"addressType":{"name":"addressType","type":"\u0007","is_mandatory":true,"title":"MAC address assignment mode: manual (set by user), generated (auto by ESXi), assigned (assigned by vCenter)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowGuestControl":{"name":"allowGuestControl","type":"\u0004","is_mandatory":true,"title":"Whether the guest OS can connect / disconnect this adapter at runtime","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"backingType":{"name":"backingType","type":"\u0007","is_mandatory":true,"title":"Backing variant: network (standard portgroup by name), dvs (distributed port group), opaque (NSX-T logical switch), or empty for unknown","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"connected":{"name":"connected","type":"\u0004","is_mandatory":true,"title":"Whether the adapter is currently connected to the network","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"connectedAtPowerOn":{"name":"connectedAtPowerOn","type":"\u0004","is_mandatory":true,"title":"Whether the adapter auto-connects when the VM powers on","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0005","is_mandatory":true,"title":"Device key (unique within the parent VM, stable across reconfigure)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Device label (e.g., \"Network adapter 1\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"macAddress":{"name":"macAddress","type":"\u0007","is_mandatory":true,"title":"MAC address as ESXi reports it","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroup":{"name":"portGroup","type":"\u001bvsphere.vswitch.portgroup","title":"Distributed port group the adapter is connected to, resolved against vsphere.datacenters[].distributedPortGroups; null for standard portgroup or opaque backings, or when the port group isn't visible in inventory","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroupMoid":{"name":"portGroupMoid","type":"\u0007","is_mandatory":true,"title":"DistributedVirtualSwitchPortConnection.PortgroupKey (the moid of the distributed port group); empty for standard portgroup or opaque backings","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroupName":{"name":"portGroupName","type":"\u0007","is_mandatory":true,"title":"Network or portgroup name (human-readable). Populated for standard portgroup backings (`backingType == \"network\"`) and opaque-network backings; empty for DVS backings — use `portGroupMoid` to identify the port group instead.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"wakeOnLan":{"name":"wakeOnLan","type":"\u0004","is_mandatory":true,"title":"Whether Wake-on-LAN is enabled on the virtual NIC","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Virtual Network Adapter","desc":" Examine a virtual NIC attached to a VM. Covers all NIC variants: e1000, e1000e, vmxnet, vmxnet2, vmxnet3, pcnet32, sriov. Key fields include `adapterType`, `macAddress`, `addressType` (manual, generated, assigned), `connected`, `connectedAtPowerOn`, and `wakeOnLan`. The `backingType` distinguishes standard portgroup (`network`), distributed portgroup (`dvs`), and NSX-T logical switch (`opaque`) backings; use `portGroupName` or `portGroupMoid` / `portGroup` to identify the backing network. Iterate from `vsphere.vm.networkAdapters`.","private":true,"min_provider_version":"13.1.1","defaults":"label adapterType macAddress connected","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.snapshot":{"id":"vsphere.vm.snapshot","name":"vsphere.vm.snapshot","fields":{"createDate":{"name":"createDate","type":"\t","is_mandatory":true,"title":"When the snapshot was taken","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"current":{"name":"current","type":"\u0004","is_mandatory":true,"title":"Whether this is the VM's current (active) snapshot","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Snapshot description","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0005","is_mandatory":true,"title":"VM-internal sequential identifier (unique within the parent VM)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"ManagedObjectReference of the snapshot, encoded","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Snapshot name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"parentMoid":{"name":"parentMoid","type":"\u0007","is_mandatory":true,"title":"Encoded ManagedObjectReference of the parent snapshot; empty for root snapshots","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"powerState":{"name":"powerState","type":"\u0007","is_mandatory":true,"title":"VM power state when the snapshot was taken (poweredOn, poweredOff, suspended)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"quiesced":{"name":"quiesced","type":"\u0004","is_mandatory":true,"title":"Whether the snapshot was taken with the quiesce option (file-system consistent)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Snapshot","desc":" Examine a single snapshot in a VM's snapshot tree. The tree is flattened — use `parentMoid` to reconstruct hierarchy and `current` to identify the active snapshot. Key fields include `name`, `description`, `createDate`, `powerState` at snapshot time, and `quiesced` (file-system consistent snapshot). Use `numSnapshots` on the parent VM to quickly check if any snapshots exist. Iterate from `vsphere.vm.snapshots`.","private":true,"min_provider_version":"13.1.1","defaults":"name id createDate","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vmknic":{"id":"vsphere.vmknic","name":"vsphere.vmknic","fields":{"dhcp":{"name":"dhcp","type":"\u0004","is_mandatory":true,"title":"Whether the VMkernel NIC's IPv4 address is provided by DHCP (false when statically configured)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ipv4":{"name":"ipv4","type":"\u0019\n","is_mandatory":true,"title":"Per-IPv4 address records (Address, Netmask, Type — DHCP / STATIC). One entry per assigned address.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ipv6":{"name":"ipv6","type":"\u0019\n","is_mandatory":true,"title":"Per-IPv6 address records (Address, PrefixLength, Type — autoconf / DHCP / static / linklayer). One entry per assigned address.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mac":{"name":"mac","type":"\u0007","is_mandatory":true,"title":"MAC address of the VMkernel NIC","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mtu":{"name":"mtu","type":"\u0005","is_mandatory":true,"title":"Configured MTU in bytes (typically 1500, or 9000 for jumbo frames)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Device name as ESXi exposes it (e.g. \"vmk0\", \"vmk1\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroupMoid":{"name":"portGroupMoid","type":"\u0007","is_mandatory":true,"title":"Encoded ManagedObjectReference of the DistributedVirtualPortgroup the VMkernel NIC is attached to; empty when bound to a standard-vSwitch port group instead.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroupName":{"name":"portGroupName","type":"\u0007","is_mandatory":true,"title":"Standard-vSwitch port group the VMkernel NIC is attached to; empty when bound to a DVS port group instead — exactly one of `portGroupName` / `portGroupMoid` is populated.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Raw output of `esxcli network ip interface list` for this device, as a dict","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"services":{"name":"services","type":"\u0019\u0007","is_mandatory":true,"title":"Host services this VMkernel NIC currently carries. Possible values: `management`, `vmotion`, `vsan`, `faultToleranceLogging`, `vSphereReplication`, `vSphereReplicationNFC`, `vSphereProvisioning`, `vSphereBackupNFC`, `ptp`. Empty when the NIC carries no managed services.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Optional ESXi-managed tag list on the VMkernel NIC; rarely populated, useful for vendor-specific labelling.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"tcpipStack":{"name":"tcpipStack","type":"\u0007","is_mandatory":true,"title":"TCP/IP stack the VMkernel NIC is bound to. Common values: `defaultTcpipStack`, `vmotion`, `vSphereProvisioning`, `vxlan`.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere ESXi VMkernel NIC","desc":" Examine a VMkernel virtual network interface on an ESXi host — the host's own network endpoint for management, vMotion, vSAN, FT, replication, and other services. Identified by `name` (e.g., `vmk0`). Key fields include `mac`, `mtu`, `dhcp`, `ipv4` and `ipv6` address records, `tcpipStack`, and `services` (the list of managed services this NIC carries, such as `management`, `vmotion`, `vsan`). Binding to a standard port group is via `portGroupName`; binding to a DVS port group is via `portGroupMoid`. Iterate from `vsphere.host.vmknics`.","private":true,"min_provider_version":"9.0.0","defaults":"name portGroupName tcpipStack","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vmnic":{"id":"vsphere.vmnic","name":"vsphere.vmnic","fields":{"details":{"name":"details","type":"\n","title":"Output of `esxcli network nic get` for this device — driver, advertised auto-negotiation modes, VMDirectPath capability, virtual address. Lazy-loaded; one ESXCli call per access.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"driver":{"name":"driver","type":"\u0007","is_mandatory":true,"title":"Kernel module name driving this NIC (e.g. \"ixgbe\", \"nvmxnet3\")","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"fullDuplex":{"name":"fullDuplex","type":"\u0004","is_mandatory":true,"title":"Whether the link negotiated full duplex (only meaningful when linkSpeedMb \u003e 0)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"linkSpeedMb":{"name":"linkSpeedMb","type":"\u0005","is_mandatory":true,"title":"Current negotiated link speed in megabits/second; 0 when the link is down","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mac":{"name":"mac","type":"\u0007","is_mandatory":true,"title":"Hardware MAC address","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Device name as ESXi exposes it (e.g. \"vmnic0\", \"vmnic1\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"pauseParams":{"name":"pauseParams","type":"\n","is_mandatory":true,"title":"802.3x (Ethernet flow-control) pause-frame parameters reported by the driver","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Raw output of `esxcli network nic list` for this device, as a dict","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"wakeOnLanSupported":{"name":"wakeOnLanSupported","type":"\u0004","is_mandatory":true,"title":"Whether the NIC's hardware advertises Wake-on-LAN support (capability, not whether WoL is currently enabled on the host)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere ESXi Physical NIC (Uplink)","desc":" Examine a physical NIC on an ESXi host — one entry per pNIC bound to a vSwitch or available for binding. Each adapter is identified by `name` (e.g., `vmnic0`) and exposes `mac`, `linkSpeedMb`, `fullDuplex`, `driver`, and `wakeOnLanSupported`. The `properties` dict holds raw `esxcli network nic list` output; `details` provides additional negotiation and capability data. Iterate from `vsphere.host.adapters`.","private":true,"min_provider_version":"9.0.0","defaults":"name mac linkSpeedMb","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch":{"id":"vsphere.vswitch","fields":{"dvs":{"name":"dvs","type":"\u001bvsphere.vswitch.dvs","title":"vSphere Distributed Virtual Switch","desc":" Examine a vDS managed at the datacenter or cluster level. Unlike standard vSwitches, a distributed virtual switch is shared across all member hosts. Key fields include `moid`, `name`, and `properties` (full raw dict from esxcli). Navigate to `uplinks` to see the physical NICs all member hosts contribute. Iterate from `vsphere.datacenter.distributedSwitches`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"failoverPolicy":{"name":"failoverPolicy","type":"\u001bvsphere.vswitch.failoverPolicy","title":"vSphere vSwitch NIC Teaming and Failover Policy","desc":" Examine the NIC teaming and failover policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. The `policy` field specifies the load-balancing algorithm (loadbalance_ip, loadbalance_srcmac, loadbalance_srcid, loadbalance_loadbased, failover_explicit). `notifySwitches` controls upstream switch notification on failover. `activeNic` and `standbyNic` list uplinks in priority order. Accessed via `failoverPolicySettings` on vSwitch/portgroup.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"portgroup":{"name":"portgroup","type":"\u001bvsphere.vswitch.portgroup","title":"vSphere Distributed Virtual Port Group","desc":" Examine a port group on a distributed virtual switch. DVS port groups are cluster-scoped — one object shared across every host attached to the switch — so they are identified by `moid` rather than by name. Key fields include `name`, `vlanId` (0 = untagged; VLAN trunking and PVLAN configs also report 0 — check `properties` for the full spec), and the typed policy methods `securityPolicySettings`, `failoverPolicySettings`, and `shapingPolicySettings`. Iterate from `vsphere.datacenter.distributedPortGroups`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"securityPolicy":{"name":"securityPolicy","type":"\u001bvsphere.vswitch.securityPolicy","title":"vSphere vSwitch Layer-2 Security Policy","desc":" Examine the layer-2 security policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. The three key audit fields are `allowPromiscuous` (whether a guest NIC can observe traffic destined for other ports), `allowForgedTransmits` (whether the guest may send frames with a different source MAC), and `allowMacChanges` (whether the guest may change its NIC's effective MAC at runtime). CIS hardening benchmarks typically require all three to be false on production port groups. Accessed via `securityPolicySettings` on vSwitch/portgroup.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"shapingPolicy":{"name":"shapingPolicy","type":"\u001bvsphere.vswitch.shapingPolicy","title":"vSphere vSwitch Traffic Shaping Policy","desc":" Examine the traffic shaping policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. When `enabled` is true, `averageBandwidth` and `peakBandwidth` (both in bits per second) and `burstSize` (in bytes) constrain outbound traffic. Accessed via `shapingPolicySettings` on vSwitch/portgroup.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"standard":{"name":"standard","type":"\u001bvsphere.vswitch.standard","title":"vSphere Standard Virtual Switch","desc":" Examine a per-host standard vSwitch on an ESXi host. Unlike a distributed virtual switch, a standard vSwitch is not shared across the cluster. Key fields include `name`, `mtu`, `numPorts`, and `numPortsAvailable`. Security, failover, and shaping policies are available via `securityPolicySettings`, `failoverPolicySettings`, and `shapingPolicySettings`. Navigate to `uplinks` for bound physical NICs and `portGroups` for attached standard port groups. Iterate from `vsphere.host.standardSwitch`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true}},"is_extension":true},"vsphere.vswitch.dvs":{"id":"vsphere.vswitch.dvs","name":"vsphere.vswitch.dvs","fields":{"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"Encoded ManagedObjectReference of the DVS","min_provider_version":"11.0.39","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"DVS name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Raw output of `esxcli network vswitch dvs vmware list` for this DVS, as a dict","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"uplinks":{"name":"uplinks","type":"\u0019\u001bvsphere.vmnic","title":"Physical NICs the host (or all member hosts) contribute as uplinks to this DVS","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Distributed Virtual Switch","desc":" Examine a vDS managed at the datacenter or cluster level. Unlike standard vSwitches, a distributed virtual switch is shared across all member hosts. Key fields include `moid`, `name`, and `properties` (full raw dict from esxcli). Navigate to `uplinks` to see the physical NICs all member hosts contribute. Iterate from `vsphere.datacenter.distributedSwitches`.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.failoverPolicy":{"id":"vsphere.vswitch.failoverPolicy","name":"vsphere.vswitch.failoverPolicy","fields":{"activeNic":{"name":"activeNic","type":"\u0019\u0007","is_mandatory":true,"title":"Active uplink names in priority order","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"checkBeacon":{"name":"checkBeacon","type":"\u0004","is_mandatory":true,"title":"Whether beacon probing is used as a failover detection method","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"notifySwitches":{"name":"notifySwitches","type":"\u0004","is_mandatory":true,"title":"Whether to notify upstream switches when failover happens","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"policy":{"name":"policy","type":"\u0007","is_mandatory":true,"title":"Load-balancing algorithm: loadbalance_ip, loadbalance_srcmac, loadbalance_srcid, loadbalance_loadbased (DVS only), failover_explicit","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"reversePolicy":{"name":"reversePolicy","type":"\u0004","is_mandatory":true,"title":"Whether load-balanced flows are reversed back after a failback (deprecated; system default applies)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"rollingOrder":{"name":"rollingOrder","type":"\u0004","is_mandatory":true,"title":"Whether the rolling-failover ordering is honored (instead of immediate failback)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"standbyNic":{"name":"standbyNic","type":"\u0019\u0007","is_mandatory":true,"title":"Standby uplink names in priority order","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere vSwitch NIC Teaming and Failover Policy","desc":" Examine the NIC teaming and failover policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. The `policy` field specifies the load-balancing algorithm (loadbalance_ip, loadbalance_srcmac, loadbalance_srcid, loadbalance_loadbased, failover_explicit). `notifySwitches` controls upstream switch notification on failover. `activeNic` and `standbyNic` list uplinks in priority order. Accessed via `failoverPolicySettings` on vSwitch/portgroup.","private":true,"min_provider_version":"13.1.1","defaults":"policy notifySwitches","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.portgroup":{"id":"vsphere.vswitch.portgroup","name":"vsphere.vswitch.portgroup","fields":{"failoverPolicySettings":{"name":"failoverPolicySettings","type":"\u001bvsphere.vswitch.failoverPolicy","title":"Uplink teaming / failover policy from the port group's DefaultPortConfig","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"Encoded ManagedObjectReference of the distributed port group","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Port group name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Generated dict view of the port-group config (DefaultPortConfig, policy overrides, etc.); use the typed `*PolicySettings` methods for audit-friendly access.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"securityPolicySettings":{"name":"securityPolicySettings","type":"\u001bvsphere.vswitch.securityPolicy","title":"Layer-2 security policy from the port group's DefaultPortConfig","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"shapingPolicySettings":{"name":"shapingPolicySettings","type":"\u001bvsphere.vswitch.shapingPolicy","title":"Inbound traffic shaping policy from the port group's DefaultPortConfig","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vlanId":{"name":"vlanId","type":"\u0005","is_mandatory":true,"title":"VLAN tag carried on this port group's traffic. 0 means untagged; non-zero is a single tag. For VLAN trunking or PVLAN configurations vlanId is reported as 0 — inspect `properties` for the full VLAN spec.","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Distributed Virtual Port Group","desc":" Examine a port group on a distributed virtual switch. DVS port groups are cluster-scoped — one object shared across every host attached to the switch — so they are identified by `moid` rather than by name. Key fields include `name`, `vlanId` (0 = untagged; VLAN trunking and PVLAN configs also report 0 — check `properties` for the full spec), and the typed policy methods `securityPolicySettings`, `failoverPolicySettings`, and `shapingPolicySettings`. Iterate from `vsphere.datacenter.distributedPortGroups`.","private":true,"min_provider_version":"11.0.39","defaults":"name vlanId","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.securityPolicy":{"id":"vsphere.vswitch.securityPolicy","name":"vsphere.vswitch.securityPolicy","fields":{"allowForgedTransmits":{"name":"allowForgedTransmits","type":"\u0004","is_mandatory":true,"title":"Whether the guest may transmit frames with a source MAC different from the one assigned by ESXi. When false, the host silently drops mismatched frames.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowMacChanges":{"name":"allowMacChanges","type":"\u0004","is_mandatory":true,"title":"Whether the guest may change the effective MAC of its NIC at runtime (away from the initial MAC assignment). When false, the host drops frames after a guest-initiated MAC change.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowPromiscuous":{"name":"allowPromiscuous","type":"\u0004","is_mandatory":true,"title":"Whether a guest VM on this port can put its NIC in promiscuous mode and observe traffic destined for other ports on the segment. CIS hardening typically requires this be false on production port groups.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere vSwitch Layer-2 Security Policy","desc":" Examine the layer-2 security policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. The three key audit fields are `allowPromiscuous` (whether a guest NIC can observe traffic destined for other ports), `allowForgedTransmits` (whether the guest may send frames with a different source MAC), and `allowMacChanges` (whether the guest may change its NIC's effective MAC at runtime). CIS hardening benchmarks typically require all three to be false on production port groups. Accessed via `securityPolicySettings` on vSwitch/portgroup.","private":true,"min_provider_version":"13.1.1","defaults":"allowPromiscuous allowForgedTransmits allowMacChanges","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.shapingPolicy":{"id":"vsphere.vswitch.shapingPolicy","name":"vsphere.vswitch.shapingPolicy","fields":{"averageBandwidth":{"name":"averageBandwidth","type":"\u0005","is_mandatory":true,"title":"Average bandwidth in bps","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"burstSize":{"name":"burstSize","type":"\u0005","is_mandatory":true,"title":"Burst size in bytes","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether shaping is currently enabled","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"peakBandwidth":{"name":"peakBandwidth","type":"\u0005","is_mandatory":true,"title":"Peak bandwidth in bps","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere vSwitch Traffic Shaping Policy","desc":" Examine the traffic shaping policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. When `enabled` is true, `averageBandwidth` and `peakBandwidth` (both in bits per second) and `burstSize` (in bytes) constrain outbound traffic. Accessed via `shapingPolicySettings` on vSwitch/portgroup.","private":true,"min_provider_version":"13.1.1","defaults":"enabled averageBandwidth peakBandwidth","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.standard":{"id":"vsphere.vswitch.standard","name":"vsphere.vswitch.standard","fields":{"failoverPolicy":{"name":"failoverPolicy","type":"\n","title":"DEPRECATED: use failoverPolicySettings instead.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"failoverPolicySettings":{"name":"failoverPolicySettings","type":"\u001bvsphere.vswitch.failoverPolicy","title":"NIC teaming / failover policy applied to traffic on this vSwitch","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mtu":{"name":"mtu","type":"\u0005","is_mandatory":true,"title":"MTU in bytes for traffic on this vSwitch — typically 1500, or 9000 for jumbo-frame fabrics. 0 when the host doesn't expose it.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"vSwitch name (unique within the host, e.g. \"vSwitch0\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"numPorts":{"name":"numPorts","type":"\u0005","is_mandatory":true,"title":"Total ports configured on the switch (the pre-allocated capacity, not the number currently in use)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"numPortsAvailable":{"name":"numPortsAvailable","type":"\u0005","is_mandatory":true,"title":"Free ports remaining — equal to numPorts minus the ports consumed by attached VMkernel and VM NICs","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroups":{"name":"portGroups","type":"\u0019\u001bvsphere.vswitch.standard.portgroup","title":"Port groups attached to this vSwitch","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portgroup":{"name":"portgroup","type":"\u001bvsphere.vswitch.standard.portgroup","title":"vSphere Standard vSwitch Port Group","desc":" Examine a per-host port group attached to a standard vSwitch (e.g., \"Management Network\", \"VM Network\"). Standard port groups are per-host; the same name on two different hosts represents two distinct objects. Key fields include `name`, `vSwitchName`, and `vlanId` (0 = untagged, 4095 = trunk). Policy methods — `securityPolicySettings`, `failoverPolicySettings`, `shapingPolicySettings` — return the effective merged policy (port-group override applied on top of the parent vSwitch policy). Iterate from `vsphere.vswitch.standard.portGroups`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Raw output of `esxcli network vswitch standard list` for this switch, as a dict","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"securityPolicy":{"name":"securityPolicy","type":"\n","title":"DEPRECATED: use securityPolicySettings instead.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"securityPolicySettings":{"name":"securityPolicySettings","type":"\u001bvsphere.vswitch.securityPolicy","title":"Layer-2 security policy applied to traffic on this vSwitch (promiscuous mode, MAC changes, forged transmits)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"shapingPolicy":{"name":"shapingPolicy","type":"\n","title":"DEPRECATED: use shapingPolicySettings instead.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"shapingPolicySettings":{"name":"shapingPolicySettings","type":"\u001bvsphere.vswitch.shapingPolicy","title":"Traffic shaping policy applied to outbound traffic on this vSwitch","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"uplinks":{"name":"uplinks","type":"\u0019\u001bvsphere.vmnic","title":"Physical NICs currently bound to this vSwitch as uplinks","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Standard Virtual Switch","desc":" Examine a per-host standard vSwitch on an ESXi host. Unlike a distributed virtual switch, a standard vSwitch is not shared across the cluster. Key fields include `name`, `mtu`, `numPorts`, and `numPortsAvailable`. Security, failover, and shaping policies are available via `securityPolicySettings`, `failoverPolicySettings`, and `shapingPolicySettings`. Navigate to `uplinks` for bound physical NICs and `portGroups` for attached standard port groups. Iterate from `vsphere.host.standardSwitch`.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.standard.portgroup":{"id":"vsphere.vswitch.standard.portgroup","name":"vsphere.vswitch.standard.portgroup","fields":{"failoverPolicySettings":{"name":"failoverPolicySettings","type":"\u001bvsphere.vswitch.failoverPolicy","title":"Effective NIC teaming / failover policy after merging any port-group override with the parent vSwitch's policy","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Stable identifier built from the host inventory path and the port-group name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Port group name (unique within the host)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"securityPolicySettings":{"name":"securityPolicySettings","type":"\u001bvsphere.vswitch.securityPolicy","title":"Effective layer-2 security policy after merging any port-group override with the parent vSwitch's policy","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"shapingPolicySettings":{"name":"shapingPolicySettings","type":"\u001bvsphere.vswitch.shapingPolicy","title":"Effective traffic shaping policy after merging any port-group override with the parent vSwitch's policy","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vSwitchName":{"name":"vSwitchName","type":"\u0007","is_mandatory":true,"title":"Name of the parent standard vSwitch this port group is attached to","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vlanId":{"name":"vlanId","type":"\u0005","is_mandatory":true,"title":"VLAN tag carried on this port group's traffic. 0 means untagged (native VLAN); 4095 means VLAN trunking (the port group sees frames for all VLANs); any other value is a single tag.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Standard vSwitch Port Group","desc":" Examine a per-host port group attached to a standard vSwitch (e.g., \"Management Network\", \"VM Network\"). Standard port groups are per-host; the same name on two different hosts represents two distinct objects. Key fields include `name`, `vSwitchName`, and `vlanId` (0 = untagged, 4095 = trunk). Policy methods — `securityPolicySettings`, `failoverPolicySettings`, `shapingPolicySettings` — return the effective merged policy (port-group override applied on top of the parent vSwitch policy). Iterate from `vsphere.vswitch.standard.portGroups`.","private":true,"min_provider_version":"13.1.1","defaults":"name vlanId vSwitchName","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vuln":{"id":"vuln","fields":{"advisory":{"name":"advisory","type":"\u001bvuln.advisory","title":"Vendor Security Advisory","desc":" Examine a vendor security advisory affecting the connected vSphere asset. Each advisory has an `id`, `title`, `description`, `published` and `modified` timestamps, and a `worstScore` (highest CVSS score across all CVEs covered by the advisory). Iterate from `vulnmgmt.advisories`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"cve":{"name":"cve","type":"\u001bvuln.cve","title":"Common Vulnerabilities and Exposures (CVE) Entry","desc":" Examine a single CVE affecting the connected vSphere asset. Exposes the `id`, `state`, `summary`, `published` and `modified` timestamps, `unscored` flag (whether a CVSS score has been assigned), and `worstScore` (the highest CVSS score across all assigned CVEs for this entry). Iterate from `vulnmgmt.cves`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"package":{"name":"package","type":"\u001bvuln.package","title":"Vulnerable Package","desc":" Examine a software package affected by known vulnerabilities on the connected vSphere asset. Exposes `name`, installed `version`, `available` (the version that resolves the vulnerability), and `arch`. Iterate from `vulnmgmt.packages`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true}},"is_extension":true},"vuln.advisory":{"id":"vuln.advisory","name":"vuln.advisory","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the advisory","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Advisory ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"modified":{"name":"modified","type":"\t","is_mandatory":true,"title":"Last modification date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"published":{"name":"published","type":"\t","is_mandatory":true,"title":"Advisory publication date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"title":{"name":"title","type":"\u0007","is_mandatory":true,"title":"Title of the advisory","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"worstScore":{"name":"worstScore","type":"\u001baudit.cvss","is_mandatory":true,"title":"Worst CVSS score of all assigned CVEs","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Vendor Security Advisory","desc":" Examine a vendor security advisory affecting the connected vSphere asset. Each advisory has an `id`, `title`, `description`, `published` and `modified` timestamps, and a `worstScore` (highest CVSS score across all CVEs covered by the advisory). Iterate from `vulnmgmt.advisories`.","private":true,"min_provider_version":"9.1.11","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vuln.cve":{"id":"vuln.cve","name":"vuln.cve","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"CVE ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"modified":{"name":"modified","type":"\t","is_mandatory":true,"title":"Last modification date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"published":{"name":"published","type":"\t","is_mandatory":true,"title":"Publication date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"CVE state","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"summary":{"name":"summary","type":"\u0007","is_mandatory":true,"title":"Summary description","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"unscored":{"name":"unscored","type":"\u0004","is_mandatory":true,"title":"Whether the CVE has a CVSS score","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"worstScore":{"name":"worstScore","type":"\u001baudit.cvss","is_mandatory":true,"title":"Worst CVSS score of all assigned CVEs","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Common Vulnerabilities and Exposures (CVE) Entry","desc":" Examine a single CVE affecting the connected vSphere asset. Exposes the `id`, `state`, `summary`, `published` and `modified` timestamps, `unscored` flag (whether a CVSS score has been assigned), and `worstScore` (the highest CVSS score across all assigned CVEs for this entry). Iterate from `vulnmgmt.cves`.","private":true,"min_provider_version":"9.1.11","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vuln.package":{"id":"vuln.package","name":"vuln.package","fields":{"arch":{"name":"arch","type":"\u0007","is_mandatory":true,"title":"Architecture of this package","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"available":{"name":"available","type":"\u0007","is_mandatory":true,"title":"Available package version","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Package name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Package version","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Vulnerable Package","desc":" Examine a software package affected by known vulnerabilities on the connected vSphere asset. Exposes `name`, installed `version`, `available` (the version that resolves the vulnerability), and `arch`. Iterate from `vulnmgmt.packages`.","private":true,"min_provider_version":"9.1.11","defaults":"name version","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vulnmgmt":{"id":"vulnmgmt","name":"vulnmgmt","fields":{"advisories":{"name":"advisories","type":"\u0019\u001bvuln.advisory","title":"List of all Advisories affecting the asset","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cves":{"name":"cves","type":"\u0019\u001bvuln.cve","title":"List of all CVEs affecting the asset","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"lastAssessment":{"name":"lastAssessment","type":"\t","title":"Last time the vulnerability information was updated","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"packages":{"name":"packages","type":"\u0019\u001bvuln.package","title":"List of all packages affected by vulnerabilities","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"stats":{"name":"stats","type":"\u001baudit.cvss","title":"Statistics about the vulnerabilities","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Vulnerability Information","desc":" Examine vulnerability data for the connected vSphere asset. Exposes `cves`, `advisories`, and `packages` affected by known vulnerabilities, a `lastAssessment` timestamp, and aggregated `stats` (CVSS scoring). Use this resource to audit the patch and vulnerability posture of an ESXi host or vCenter appliance.","min_provider_version":"9.1.11","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}}}