{"resources":{"asset":{"id":"asset","name":"asset","fields":{"cpes":{"name":"cpes","type":"\u0019\u001bcpe","title":"Common Platform Enumeration (CPE) for the asset","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere asset resource","is_extension":true,"min_provider_version":"9.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"audit":{"id":"audit","fields":{"cvss":{"name":"cvss","type":"\u001baudit.cvss","title":"CVSS Score","desc":"Examine a Common Vulnerability Scoring System score. Exposes the numeric `score` (0.0–10.0) and the `vector` string (e.g., CVSS:3.1/AV:N/...). Used as the `worstScore` field on `vuln.cve` and `vuln.advisory`, and as `stats` on `vulnmgmt`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true}},"is_extension":true},"audit.cvss":{"id":"audit.cvss","name":"audit.cvss","fields":{"score":{"name":"score","type":"\u0006","is_mandatory":true,"title":"CVSS score ranging from 0.0 to 10.0","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vector":{"name":"vector","type":"\u0007","is_mandatory":true,"title":"CVSS score represented as a vector string","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"CVSS Score","desc":"Examine a Common Vulnerability Scoring System score. Exposes the numeric `score` (0.0–10.0) and the `vector` string (e.g., CVSS:3.1/AV:N/...). Used as the `worstScore` field on `vuln.cve` and `vuln.advisory`, and as `stats` on `vulnmgmt`.","private":true,"min_provider_version":"9.1.11","defaults":"score","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"esxi":{"id":"esxi","name":"esxi","fields":{"certificate":{"name":"certificate","type":"\u001besxi.certificate","title":"Legacy ESXi host SSL/TLS certificate","desc":"Deprecated in favor of `vsphere.host.certificate`. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"command":{"name":"command","type":"\u001besxi.command","title":"Legacy ESXi host command execution","desc":"Deprecated in favor of `vsphere.host.command`. This resource is kept for backward compatibility and has the same fields as its replacement.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"firewallRule":{"name":"firewallRule","type":"\u001besxi.firewallRule","title":"Legacy ESXi firewall rule","desc":"Deprecated in favor of `vsphere.host.firewallRule`. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"firewallRuleset":{"name":"firewallRuleset","type":"\u001besxi.firewallRuleset","title":"Legacy ESXi firewall ruleset","desc":"Deprecated in favor of `vsphere.host.firewallRuleset`. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"iscsiAdapter":{"name":"iscsiAdapter","type":"\u001besxi.iscsiAdapter","title":"Legacy ESXi iSCSI host bus adapter","desc":"Deprecated in favor of `vsphere.host.iscsiAdapter`. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"kernelmodule":{"name":"kernelmodule","type":"\u001besxi.kernelmodule","title":"Legacy ESXi kernel module","desc":"Deprecated in favor of `vsphere.host.kernelModule`. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"ntpconfig":{"name":"ntpconfig","type":"\u001besxi.ntpconfig","title":"Legacy ESXi host NTP configuration","desc":"Deprecated in favor of `vsphere.host.ntpConfig`. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"service":{"name":"service","type":"\u001besxi.service","title":"Legacy ESXi management service","desc":"Deprecated in favor of `vsphere.host.service`. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"timezone":{"name":"timezone","type":"\u001besxi.timezone","title":"Legacy ESXi host timezone configuration","desc":"Deprecated in favor of `vsphere.host.timezone`. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"},"vib":{"name":"vib","type":"\u001besxi.vib","title":"Legacy ESXi VIB","desc":"Deprecated in favor of `vsphere.host.vib`. This resource is kept for backward compatibility and has the same fields as its replacement.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true,"maturity":"deprecated"}},"title":"Legacy ESXi namespace","desc":"Deprecated in favor of `vsphere` and its sub-resources. This namespace is kept for backward compatibility only and exposes no queryable fields.","min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.certificate":{"id":"esxi.certificate","name":"esxi.certificate","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"issuer":{"name":"issuer","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"kind":{"name":"kind","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"notAfter":{"name":"notAfter","type":"\t","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"notBefore":{"name":"notBefore","type":"\t","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"subject":{"name":"subject","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Legacy ESXi host SSL/TLS certificate","desc":"Deprecated in favor of `vsphere.host.certificate`. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"13.0.12","defaults":"subject status notAfter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.command":{"id":"esxi.command","name":"esxi.command","fields":{"command":{"name":"command","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"result":{"name":"result","type":"\u0019\n","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"init":{"args":[{"name":"command","type":"\u0007"}]},"title":"Legacy ESXi host command execution","desc":"Deprecated in favor of `vsphere.host.command`. This resource is kept for backward compatibility and has the same fields as its replacement.","min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.firewallRule":{"id":"esxi.firewallRule","name":"esxi.firewallRule","fields":{"direction":{"name":"direction","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"endPort":{"name":"endPort","type":"\u0005","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"port":{"name":"port","type":"\u0005","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portType":{"name":"portType","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"protocol":{"name":"protocol","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Legacy ESXi firewall rule","desc":"Deprecated in favor of `vsphere.host.firewallRule`. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"13.0.12","defaults":"port direction protocol","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.firewallRuleset":{"id":"esxi.firewallRuleset","name":"esxi.firewallRuleset","fields":{"allIpsAllowed":{"name":"allIpsAllowed","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowedIpAddresses":{"name":"allowedIpAddresses","type":"\u0019\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowedIpNetworks":{"name":"allowedIpNetworks","type":"\u0019\n","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"required":{"name":"required","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"rules":{"name":"rules","type":"\u0019\u001besxi.firewallRule","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"service":{"name":"service","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Legacy ESXi firewall ruleset","desc":"Deprecated in favor of `vsphere.host.firewallRuleset`. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"13.0.12","defaults":"key enabled allIpsAllowed","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.iscsiAdapter":{"id":"esxi.iscsiAdapter","name":"esxi.iscsiAdapter","fields":{"chapAuthEnabled":{"name":"chapAuthEnabled","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"chapAuthenticationType":{"name":"chapAuthenticationType","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"chapName":{"name":"chapName","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"device":{"name":"device","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"iScsiAlias":{"name":"iScsiAlias","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"iScsiName":{"name":"iScsiName","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mutualChapAuthenticationType":{"name":"mutualChapAuthenticationType","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mutualChapName":{"name":"mutualChapName","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Legacy ESXi iSCSI host bus adapter","desc":"Deprecated in favor of `vsphere.host.iscsiAdapter`. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"13.0.12","defaults":"device iScsiName","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.kernelmodule":{"id":"esxi.kernelmodule","name":"esxi.kernelmodule","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"license":{"name":"license","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"loaded":{"name":"loaded","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"modulefile":{"name":"modulefile","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signatureDigest":{"name":"signatureDigest","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signatureFingerprint":{"name":"signatureFingerprint","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signedStatus":{"name":"signedStatus","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vibAcceptanceLevel":{"name":"vibAcceptanceLevel","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Legacy ESXi kernel module","desc":"Deprecated in favor of `vsphere.host.kernelModule`. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.ntpconfig":{"id":"esxi.ntpconfig","name":"esxi.ntpconfig","fields":{"config":{"name":"config","type":"\u0019\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"server":{"name":"server","type":"\u0019\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Legacy ESXi host NTP configuration","desc":"Deprecated in favor of `vsphere.host.ntpConfig`. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"9.0.0","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.service":{"id":"esxi.service","name":"esxi.service","fields":{"key":{"name":"key","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"policy":{"name":"policy","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"required":{"name":"required","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ruleset":{"name":"ruleset","type":"\u0019\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"running":{"name":"running","type":"\u0004","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Legacy ESXi management service","desc":"Deprecated in favor of `vsphere.host.service`. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"9.0.0","defaults":"key label","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.timezone":{"id":"esxi.timezone","name":"esxi.timezone","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"offset":{"name":"offset","type":"\u0005","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Legacy ESXi host timezone configuration","desc":"Deprecated in favor of `vsphere.host.timezone`. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"9.0.0","defaults":"key name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"esxi.vib":{"id":"esxi.vib","name":"esxi.vib","fields":{"acceptanceLevel":{"name":"acceptanceLevel","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"creationDate":{"name":"creationDate","type":"\t","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"installDate":{"name":"installDate","type":"\t","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vendor":{"name":"vendor","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Legacy ESXi VIB","desc":"Deprecated in favor of `vsphere.host.vib`. This resource is kept for backward compatibility and has the same fields as its replacement.","private":true,"min_provider_version":"9.0.0","defaults":"id name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"vsphere":{"id":"vsphere","name":"vsphere","fields":{"about":{"name":"about","type":"\n","title":"System information including the name, type, version, and build number","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cluster":{"name":"cluster","type":"\u001bvsphere.cluster","title":"vSphere Cluster","desc":"Examine a cluster compute resource in a vCenter datacenter. A cluster groups multiple ESXi `hosts` and exposes key configuration flags: `vsanEnabled`, `haEnabled` (vSphere HA), `drsEnabled` (Distributed Resource Scheduler), and `evcMode` (Enhanced vMotion Compatibility baseline). Use `properties` for the full raw ClusterConfigInfo dict. Iterate from `vsphere.datacenter.clusters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"datacenter":{"name":"datacenter","type":"\u001bvsphere.datacenter","title":"vSphere Datacenter","desc":"Examine a datacenter object in the vCenter inventory. A datacenter is the primary organizational unit containing `hosts`, `vms`, `clusters`, `distributedSwitches`, `distributedPortGroups`, `datastores`, and `resourcePools`. Use `moid` and `inventoryPath` to identify a specific datacenter when multiple exist. Iterate from `vsphere.datacenters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"datacenters":{"name":"datacenters","type":"\u0019\u001bvsphere.datacenter","title":"List of available datacenter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastore":{"name":"datastore","type":"\u001bvsphere.datastore","title":"vSphere Datastore","desc":"Examine a storage backing for virtual machine files. Each datastore has a `type` (VMFS, NFS, NFS41, vsan, VVOL), `capacity` and `freeSpace` in bytes, an `accessible` flag (when false, capacity data is unreliable), and a `maintenanceMode` status. VMFS datastores also expose `vmfsVersion` and `ssd`. Navigate to `hosts` and `vms` to audit which hosts have it mounted and which VMs store files on it. Iterate from `vsphere.datacenter.datastores`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"encryptionKey":{"name":"encryptionKey","type":"\u001bvsphere.encryptionKey","title":"vSphere VM Encryption Key Reference","desc":"Examine a CryptoKeyId reference on an encrypted virtual machine resource. vCenter only tracks the key's `keyId` (UUID assigned by the KMS provider) and `providerId` (KMS provider/cluster identifier); key material lives in the external KMS. Navigate to `kmsCluster` to resolve the provider reference against the registered KMIP clusters. Accessed from `vsphere.vm.disk.encryptionKey`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"folder":{"name":"folder","type":"\u001bvsphere.folder","title":"vSphere Inventory Folder","desc":"Examine an organizational container in vCenter's inventory tree. Folders are the unit of permission inheritance — RBAC grants on a folder propagate to all objects inside it. Key fields include `name`, `inventoryPath`, `childTypes` (the managed-object types allowed as direct children), and `childCount` (number of immediate children). Iterate from `vsphere.folders`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"folders":{"name":"folders","type":"\u0019\u001bvsphere.folder","title":"Inventory folders across all datacenters","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"host":{"name":"host","type":"\u001bvsphere.host","title":"vSphere ESXi Host","desc":"Examine an ESXi host managed by vCenter. Exposes hardware identity (`vendor`, `model`, `numCpuCores`, `cpuMhz`), security posture (`lockdownMode`, `firewallIncomingBlocked`, `firewallOutgoingBlocked`, `secureBootEnabled`), network configuration (`standardSwitch`, `distributedSwitch`, `adapters`, `vmknics`), storage (`datastores`), software inventory (`packages`, `kernelModules`), and operational configuration (`advancedSettings`, `services`, `ntp`, `snmp`, `timezone`, `certificate`). Navigate to `cluster` for cluster membership. Iterate from `vsphere.datacenter.hosts`.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"identitySources":{"name":"identitySources","type":"\u0019\u001bvsphere.identitysource","title":"SSO identity sources configured on vCenter (LDAP/AD/local-OS providers)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"identitysource":{"name":"identitysource","type":"\u001bvsphere.identitysource","title":"vSphere SSO Identity Source","desc":"Examine an authentication provider registered with vCenter's SSO service. Sources include the built-in `vsphere.local` domain, the local OS identity source, native Active Directory integration, and external LDAP/AD providers. The `type` field distinguishes source kinds (system, localos, nativead, ldap); LDAP sources expose `primaryUrl`, `failoverUrl`, `userBaseDn`, `groupBaseDn`, and `authenticationUsername`. Iterate from `vsphere.identitySources`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"kmsCluster":{"name":"kmsCluster","type":"\u001bvsphere.kmsCluster","title":"vSphere KMIP Key-Management Cluster","desc":"Examine a registered key-management server cluster used for VM encryption and virtual TPM provisioning. KMIP clusters are configured at the vCenter level (not per host). The `clusterId` is the vCenter-visible name, `useAsDefault` indicates whether this cluster is the default for new encryption keys, `managementType` distinguishes cluster kinds (vCenter, trustAuthority, nativeKeyProvider, externalKeyProvider), and `servers` lists each KMS server entry. Iterate from `vsphere.kmsClusters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"kmsClusters":{"name":"kmsClusters","type":"\u0019\u001bvsphere.kmsCluster","title":"KMIP key-management clusters registered with vCenter (drive VM encryption / vTPM)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"license":{"name":"license","type":"\u001bvsphere.license","title":"vSphere License","desc":"Examine a license entry assigned in vCenter. Each license has a `name`, a `total` seat count, and a `used` seat count. Iterate from `vsphere.licenses` to audit license compliance and over-assignment.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"licenses":{"name":"licenses","type":"\u0019\u001bvsphere.license","title":"Configured licenses","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"permission":{"name":"permission","type":"\u001bvsphere.permission","title":"vSphere RBAC Permission Grant","desc":"Examine a single (entity, principal, role) permission tuple from vCenter's AuthorizationManager. Each grant ties a `principal` (user or group, often in `DOMAIN\\\\name` form) to a `role` on a specific managed object identified by `entityMoid` and `entityType`. Use `propagate` to determine whether the grant flows down the inventory hierarchy. Iterate from `vsphere.permissions`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"permissions":{"name":"permissions","type":"\u0019\u001bvsphere.permission","title":"All RBAC permission grants in vCenter (every (entity, principal, role) tuple)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"resourcepool":{"name":"resourcepool","type":"\u001bvsphere.resourcepool","title":"vSphere Resource Pool","desc":"Examine a CPU and memory partition on a cluster or standalone host. Resource pools enforce reservation, limit, and share policies independently for CPU and memory. Key fields include `cpuReservationMhz`, `cpuLimitMhz`, `cpuShareLevel`, `memoryReservationMB`, `memoryLimitMB`, and `memoryShareLevel`. Use `inventoryPath` to identify the pool's position in the hierarchy. Iterate from `vsphere.datacenter.resourcePools`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"role":{"name":"role","type":"\u001bvsphere.role","title":"vSphere Authorization Role","desc":"Examine an RBAC role definition from vCenter's AuthorizationManager. Each role has a `name`, a human-readable `label`, a `summary` description, and a `privileges` list of privilege identifiers it grants. Built-in (immutable) roles are identified by `system == true`. Iterate from `vsphere.roles`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"roles":{"name":"roles","type":"\u0019\u001bvsphere.role","title":"Authorization roles defined in vCenter (RBAC role catalog)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vm":{"name":"vm","type":"\u001bvsphere.vm","title":"vSphere Virtual Machine","desc":"Examine a virtual machine managed by vCenter. Covers security configuration (`bootFirmware`, `secureBootEnabled`, `vbsEnabled`, `encrypted`, `encryptionKeyId`, `kmsCluster`, `vtpmPresent`), hardware allocation (`numCpu`, `memoryMB`, `cpuAllocation`, `memoryAllocation`), operational state (`powerState`, `vmwareToolsRunning`, `vmwareToolsVersion`), and attached devices (`disks`, `cdroms`, `networkAdapters`, `snapshots`). Navigate to `host` for the ESXi host running the VM and `datastores` for its storage backing. Iterate from `vsphere.datacenter.vms`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"vmknic":{"name":"vmknic","type":"\u001bvsphere.vmknic","title":"vSphere ESXi VMkernel NIC","desc":"Examine a VMkernel virtual network interface on an ESXi host — the host's own network endpoint for management, vMotion, vSAN, FT, replication, and other services. Identified by `name` (e.g., `vmk0`). Key fields include `mac`, `mtu`, `dhcp`, `ipv4` and `ipv6` address records, `tcpipStack`, and `services` (the list of managed services this NIC carries, such as `management`, `vmotion`, `vsan`). Binding to a standard port group is via `portGroupName`; binding to a DVS port group is via `portGroupMoid`. Iterate from `vsphere.host.vmknics`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"vmnic":{"name":"vmnic","type":"\u001bvsphere.vmnic","title":"vSphere ESXi Physical NIC (Uplink)","desc":"Examine a physical NIC on an ESXi host — one entry per pNIC bound to a vSwitch or available for binding. Each adapter is identified by `name` (e.g., `vmnic0`) and exposes `mac`, `linkSpeedMb`, `fullDuplex`, `driver`, and `wakeOnLanSupported`. The `properties` dict holds raw `esxcli network nic list` output; `details` provides additional negotiation and capability data. Iterate from `vsphere.host.adapters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"vswitch":{"name":"vswitch","type":"\u001bvsphere.vswitch","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true}},"title":"VMware vSphere","desc":"Use the top-level entry point for all vSphere inventory queries. Exposes system identity (`about`), `licenses`, `datacenters`, RBAC `roles` and `permissions`, inventory `folders`, SSO `identitySources`, and KMIP `kmsClusters`. Most audits start here and navigate into `vsphere.datacenter` objects for hosts, VMs, clusters, and networking.","min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.cluster":{"id":"vsphere.cluster","name":"vsphere.cluster","fields":{"drsEnabled":{"name":"drsEnabled","type":"\u0004","is_mandatory":true,"title":"Whether DRS (Distributed Resource Scheduler) is enabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"evcMode":{"name":"evcMode","type":"\u0007","is_mandatory":true,"title":"Currently-applied EVC (Enhanced vMotion Compatibility) baseline key, e.g. \"intel-broadwell\"; empty if EVC is disabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"haEnabled":{"name":"haEnabled","type":"\u0004","is_mandatory":true,"title":"Whether vSphere HA (Distributed Availability Service) is enabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"hosts":{"name":"hosts","type":"\u0019\u001bvsphere.host","title":"ESXi hosts running in the cluster","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"vSphere resource name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Cluster properties","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsanEnabled":{"name":"vsanEnabled","type":"\u0004","is_mandatory":true,"title":"Whether vSAN is enabled on the cluster","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Cluster","desc":"Examine a cluster compute resource in a vCenter datacenter. A cluster groups multiple ESXi `hosts` and exposes key configuration flags: `vsanEnabled`, `haEnabled` (vSphere HA), `drsEnabled` (Distributed Resource Scheduler), and `evcMode` (Enhanced vMotion Compatibility baseline). Use `properties` for the full raw ClusterConfigInfo dict. Iterate from `vsphere.datacenter.clusters`.","private":true,"min_provider_version":"9.0.0","defaults":"moid name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.datacenter":{"id":"vsphere.datacenter","name":"vsphere.datacenter","fields":{"clusters":{"name":"clusters","type":"\u0019\u001bvsphere.cluster","title":"Clusters in the datacenter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastores":{"name":"datastores","type":"\u0019\u001bvsphere.datastore","title":"Datastores in the datacenter","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"distributedPortGroups":{"name":"distributedPortGroups","type":"\u0019\u001bvsphere.vswitch.portgroup","title":"List of distributed virtual port groups","min_provider_version":"11.0.39","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"distributedSwitches":{"name":"distributedSwitches","type":"\u0019\u001bvsphere.vswitch.dvs","title":"Distributed virtual switches","min_provider_version":"11.0.39","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"hosts":{"name":"hosts","type":"\u0019\u001bvsphere.host","title":"Hosts in the datacenter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"vSphere datacenter name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"resourcePools":{"name":"resourcePools","type":"\u0019\u001bvsphere.resourcepool","title":"Resource pools in the datacenter (CPU/memory partitions on clusters or standalone hosts)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vms":{"name":"vms","type":"\u0019\u001bvsphere.vm","title":"VMs in the datacenter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Datacenter","desc":"Examine a datacenter object in the vCenter inventory. A datacenter is the primary organizational unit containing `hosts`, `vms`, `clusters`, `distributedSwitches`, `distributedPortGroups`, `datastores`, and `resourcePools`. Use `moid` and `inventoryPath` to identify a specific datacenter when multiple exist. Iterate from `vsphere.datacenters`.","private":true,"min_provider_version":"9.0.0","defaults":"moid name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.datastore":{"id":"vsphere.datastore","name":"vsphere.datastore","fields":{"accessible":{"name":"accessible","type":"\u0004","is_mandatory":true,"title":"Whether the datastore is currently accessible. When false, capacity / freeSpace / uncommitted / url are not guaranteed to be valid.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"capacity":{"name":"capacity","type":"\u0005","is_mandatory":true,"title":"Total capacity in bytes (only meaningful when accessible == true)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"freeSpace":{"name":"freeSpace","type":"\u0005","is_mandatory":true,"title":"Free space in bytes (only meaningful when accessible == true)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"hosts":{"name":"hosts","type":"\u0019\u001bvsphere.host","title":"Hosts that have this datastore mounted, resolved against vsphere.datacenters[].hosts","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"maintenanceMode":{"name":"maintenanceMode","type":"\u0007","is_mandatory":true,"title":"Maintenance mode state (normal, inMaintenance, enteringMaintenance)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"multipleHostAccess":{"name":"multipleHostAccess","type":"\u0004","is_mandatory":true,"title":"Whether more than one host has access (vCenter-only)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Datastore name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ssd":{"name":"ssd","type":"\u0004","is_mandatory":true,"title":"Whether the underlying VMFS volume is on SSD (only set for VMFS; false for non-VMFS or unknown)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Volume type (VMFS, NFS, NFS41, vsan, VVOL, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"uncommitted":{"name":"uncommitted","type":"\u0005","is_mandatory":true,"title":"Bytes potentially used by all VMs (over-commit headroom for thin provisioning); only meaningful when accessible == true","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"url":{"name":"url","type":"\u0007","is_mandatory":true,"title":"Datastore URL/locator (only valid when accessible == true)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vmfsVersion":{"name":"vmfsVersion","type":"\u0007","is_mandatory":true,"title":"VMFS version (only set for VMFS datastores; empty for NFS, vSAN, VVOL, etc.)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vms":{"name":"vms","type":"\u0019\u001bvsphere.vm","title":"Virtual machines whose files are stored on this datastore, resolved against vsphere.datacenters[].vms","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Datastore","desc":"Examine a storage backing for virtual machine files. Each datastore has a `type` (VMFS, NFS, NFS41, vsan, VVOL), `capacity` and `freeSpace` in bytes, an `accessible` flag (when false, capacity data is unreliable), and a `maintenanceMode` status. VMFS datastores also expose `vmfsVersion` and `ssd`. Navigate to `hosts` and `vms` to audit which hosts have it mounted and which VMs store files on it. Iterate from `vsphere.datacenter.datastores`.","private":true,"min_provider_version":"13.0.12","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.encryptionKey":{"id":"vsphere.encryptionKey","name":"vsphere.encryptionKey","fields":{"keyId":{"name":"keyId","type":"\u0007","is_mandatory":true,"title":"CryptoKeyId.KeyId — UUID assigned by the KMS provider","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"kmsCluster":{"name":"kmsCluster","type":"\u001bvsphere.kmsCluster","title":"KMS cluster that issued the key, resolved against vsphere.kmsClusters; null when the provider isn't registered","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"providerId":{"name":"providerId","type":"\u0007","is_mandatory":true,"title":"CryptoKeyId.ProviderId — KMS provider/cluster identifier; empty when the key isn't tied to a registered provider","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Encryption Key Reference","desc":"Examine a CryptoKeyId reference on an encrypted virtual machine resource. vCenter only tracks the key's `keyId` (UUID assigned by the KMS provider) and `providerId` (KMS provider/cluster identifier); key material lives in the external KMS. Navigate to `kmsCluster` to resolve the provider reference against the registered KMIP clusters. Accessed from `vsphere.vm.disk.encryptionKey`.","private":true,"min_provider_version":"13.1.1","defaults":"keyId providerId","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.folder":{"id":"vsphere.folder","name":"vsphere.folder","fields":{"childCount":{"name":"childCount","type":"\u0005","is_mandatory":true,"title":"Number of immediate child entities under this folder","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"childTypes":{"name":"childTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Allowed child managed-object types (e.g., VirtualMachine, Folder, HostSystem)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Folder name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Inventory Folder","desc":"Examine an organizational container in vCenter's inventory tree. Folders are the unit of permission inheritance — RBAC grants on a folder propagate to all objects inside it. Key fields include `name`, `inventoryPath`, `childTypes` (the managed-object types allowed as direct children), and `childCount` (number of immediate children). Iterate from `vsphere.folders`.","private":true,"min_provider_version":"13.0.12","defaults":"name inventoryPath","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host":{"id":"vsphere.host","name":"vsphere.host","fields":{"acceptanceLevel":{"name":"acceptanceLevel","type":"\u0007","title":"Host-level VIB acceptance level","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"adapters":{"name":"adapters","type":"\u0019\u001bvsphere.vmnic","title":"Physical NICs currently installed and loaded on the system","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"advancedSettings":{"name":"advancedSettings","type":"\u001a\u0007\u0007","title":"ESXi host advanced settings","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"bootInfo":{"name":"bootInfo","type":"\u001bvsphere.host.bootInfo","title":"Last-boot timestamp + BIOS / firmware identity","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"certificate":{"name":"certificate","type":"\u001bvsphere.host.certificate","title":"Host SSL/TLS certificate","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cluster":{"name":"cluster","type":"\u001bvsphere.cluster","title":"Cluster the host belongs to, resolved against vsphere.datacenters[].clusters; null for standalone hosts","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"command":{"name":"command","type":"\u001bvsphere.host.command","title":"ESXi Host Command Execution","desc":"Examine the output of an arbitrary command run on an ESXi host. The connected target must be a host — use `--platform-id` to select one when connecting through vCenter. The `command` field holds the raw command string, `inventoryPath` identifies the host, and `result` returns the parsed command output as a list of dicts.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"cpuMhz":{"name":"cpuMhz","type":"\u0005","is_mandatory":true,"title":"Per-core CPU clock in MHz","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastores":{"name":"datastores","type":"\u0019\u001bvsphere.datastore","title":"Datastores mounted on the host, resolved against vsphere.datacenters[].datastores","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"distributedSwitch":{"name":"distributedSwitch","type":"\u0019\u001bvsphere.vswitch.dvs","title":"Distributed virtual switches","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"dnsConfig":{"name":"dnsConfig","type":"\u001bvsphere.host.dnsConfig","title":"Host DNS configuration","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"firewallIncomingBlocked":{"name":"firewallIncomingBlocked","type":"\u0004","is_mandatory":true,"title":"Whether the host firewall blocks unsolicited incoming traffic by default (the host firewall service itself is always running on ESXi)","min_provider_version":"13.0.11","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"firewallOutgoingBlocked":{"name":"firewallOutgoingBlocked","type":"\u0004","is_mandatory":true,"title":"Whether the host firewall blocks unsolicited outgoing traffic by default","min_provider_version":"13.0.11","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"firewallRule":{"name":"firewallRule","type":"\u001bvsphere.host.firewallRule","title":"ESXi Host Firewall Rule","desc":"Examine a single port/protocol rule within a `vsphere.host.firewallRuleset`. Each rule specifies a `port` (or start port for a range), `endPort`, traffic `direction` (inbound, outbound), `portType` (src, dst), and `protocol` (tcp, udp). Iterate from `vsphere.host.firewallRuleset.rules`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"firewallRuleset":{"name":"firewallRuleset","type":"\u001bvsphere.host.firewallRuleset","title":"ESXi Host Firewall Ruleset","desc":"Examine one per-service firewall rule entry on an ESXi host. Each ruleset has a `key` (service identifier such as `CIMHttpServer`, `sshServer`), `label`, `enabled` state, and a `required` flag for rulesets ESXi cannot disable. The allowed-IP scope is controlled by `allIpsAllowed`, `allowedIpAddresses`, and `allowedIpNetworks`. Port and protocol details are in `rules`. The global default-deny posture for the host lives on `vsphere.host.firewallIncomingBlocked` and `firewallOutgoingBlocked`. Iterate from `vsphere.host.firewallRulesets`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"firewallRulesets":{"name":"firewallRulesets","type":"\u0019\u001bvsphere.host.firewallRuleset","title":"ESXi firewall rulesets — per-service rule definitions (CIM, SSH, NTP, vMotion, etc.)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ipRouteConfig":{"name":"ipRouteConfig","type":"\u001bvsphere.host.ipRouteConfig","title":"Host IP routing (default gateways)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"iscsiAdapter":{"name":"iscsiAdapter","type":"\u001bvsphere.host.iscsiAdapter","title":"ESXi iSCSI Host Bus Adapter","desc":"Examine an iSCSI HBA configured on an ESXi host. Each adapter exposes its `device` name (e.g., `vmhba65`), `iScsiName` (IQN), and `iScsiAlias`. CHAP authentication posture is available via `chapAuthEnabled`, `chapAuthenticationType`, and `chapName` (the secret is intentionally not exposed); mutual CHAP settings follow the same pattern. Iterate from `vsphere.host.iscsiAdapters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"iscsiAdapters":{"name":"iscsiAdapters","type":"\u0019\u001bvsphere.host.iscsiAdapter","title":"iSCSI host bus adapters configured on the host (zero entries if iSCSI is not in use)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"kernelModule":{"name":"kernelModule","type":"\u001bvsphere.host.kernelModule","title":"ESXi Kernel Module (Driver)","desc":"Examine a kernel module loaded on an ESXi host. Each module exposes `name`, `modulefile`, `version`, `loaded`, `enabled`, `license`, `signedStatus`, `signatureDigest`, `signatureFingerprint`, and `vibAcceptanceLevel`. Use `signedStatus` and `vibAcceptanceLevel` to audit driver signing posture. Iterate from `vsphere.host.kernelModules`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"kernelModules":{"name":"kernelModules","type":"\u0019\u001bvsphere.host.kernelModule","title":"Kernel modules (drivers) on ESXi","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"lockdownMode":{"name":"lockdownMode","type":"\u0007","is_mandatory":true,"title":"Lockdown mode (lockdownDisabled, lockdownNormal, lockdownStrict)","min_provider_version":"13.0.10","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"model":{"name":"model","type":"\u0007","is_mandatory":true,"title":"Hardware model (as reported by SMBIOS)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"vSphere resource name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ntp":{"name":"ntp","type":"\u001bvsphere.host.ntpConfig","title":"Host NTP configuration","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ntpConfig":{"name":"ntpConfig","type":"\u001bvsphere.host.ntpConfig","title":"ESXi Host NTP Configuration","desc":"Examine the NTP configuration on an ESXi host. The `server` list contains the configured NTP server addresses (IP or FQDN), and `config` holds the raw lines of the host's `ntp.conf` file. Accessed from `vsphere.host.ntp`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"numCpuCores":{"name":"numCpuCores","type":"\u0005","is_mandatory":true,"title":"Number of physical CPU cores across all sockets","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"packages":{"name":"packages","type":"\u0019\u001bvsphere.host.vib","title":"All VIBs installed on your ESXi host","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"ESXi properties","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"secureBootEnabled":{"name":"secureBootEnabled","type":"\u0004","is_mandatory":true,"title":"Whether the host firmware reports UEFI Secure Boot was used during system boot (requires vSphere 8.0.3 or later)","min_provider_version":"13.0.10","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"service":{"name":"service","type":"\u001bvsphere.host.service","title":"ESXi Management Service","desc":"Examine a management daemon on an ESXi host. Each service has a `key` (brief identifier), `label`, `running` state, `required` flag (cannot be disabled), and `policy` (activation mode: on, off, automatic). The `ruleset` field lists the firewall ruleset keys this service relies on. Use `running` and `policy` to audit service enablement posture (e.g., SSH should typically be off or set to automatic-with-justification). Iterate from `vsphere.host.services`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"services":{"name":"services","type":"\u0019\u001bvsphere.host.service","title":"List of ESXi management services","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"snmp":{"name":"snmp","type":"\u001a\u0007\u0007","title":"Host SNMP configuration","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"standardSwitch":{"name":"standardSwitch","type":"\u0019\u001bvsphere.vswitch.standard","title":"Standard virtual switches","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"systemInfo":{"name":"systemInfo","type":"\u001bvsphere.host.systemInfo","title":"Hardware identity — UUID, serial, asset/service tag, install date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Host tags","min_provider_version":"11.0.101","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"timezone":{"name":"timezone","type":"\u001bvsphere.host.timezone","title":"Host timezone settings","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vendor":{"name":"vendor","type":"\u0007","is_mandatory":true,"title":"Hardware vendor (as reported by SMBIOS)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vib":{"name":"vib","type":"\u001bvsphere.host.vib","title":"ESXi VIB (vSphere Installation Bundle)","desc":"Examine a software package installed on an ESXi host. Each VIB has a `name`, `version`, `vendor`, `acceptanceLevel` (VMwareCertified, VMwareAccepted, PartnerSupported, CommunitySupported), `creationDate`, `installDate`, and `status`. Use `acceptanceLevel` to audit the software acceptance policy of the host. Iterate from `vsphere.host.packages`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"vmknics":{"name":"vmknics","type":"\u0019\u001bvsphere.vmknic","title":"Virtual network interface that is used by the VMKernel","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere ESXi Host","desc":"Examine an ESXi host managed by vCenter. Exposes hardware identity (`vendor`, `model`, `numCpuCores`, `cpuMhz`), security posture (`lockdownMode`, `firewallIncomingBlocked`, `firewallOutgoingBlocked`, `secureBootEnabled`), network configuration (`standardSwitch`, `distributedSwitch`, `adapters`, `vmknics`), storage (`datastores`), software inventory (`packages`, `kernelModules`), and operational configuration (`advancedSettings`, `services`, `ntp`, `snmp`, `timezone`, `certificate`). Navigate to `cluster` for cluster membership. Iterate from `vsphere.datacenter.hosts`.","private":true,"min_provider_version":"9.0.0","defaults":"moid name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.bootInfo":{"id":"vsphere.host.bootInfo","name":"vsphere.host.bootInfo","fields":{"biosMajorRelease":{"name":"biosMajorRelease","type":"\u0005","is_mandatory":true,"title":"BIOS major release number (vendor-specific)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"biosMinorRelease":{"name":"biosMinorRelease","type":"\u0005","is_mandatory":true,"title":"BIOS minor release number","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"biosReleaseDate":{"name":"biosReleaseDate","type":"\t","is_mandatory":true,"title":"BIOS release date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"biosVersion":{"name":"biosVersion","type":"\u0007","is_mandatory":true,"title":"BIOS version string as reported by SMBIOS","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"bootTime":{"name":"bootTime","type":"\t","is_mandatory":true,"title":"Last time the host booted; zero time if vCenter has never observed a boot","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"firmwareMajorRelease":{"name":"firmwareMajorRelease","type":"\u0005","is_mandatory":true,"title":"Platform firmware major release (UEFI / BMC), separate from system BIOS","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"firmwareMinorRelease":{"name":"firmwareMinorRelease","type":"\u0005","is_mandatory":true,"title":"Platform firmware minor release","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host Boot and BIOS Information","desc":"Examine the last-boot timestamp and BIOS/platform-firmware identity for an ESXi host. Exposes `bootTime`, BIOS version (`biosVersion`, `biosReleaseDate`, `biosMajorRelease`, `biosMinorRelease`), and platform firmware release numbers (`firmwareMajorRelease`, `firmwareMinorRelease`). Accessed from `vsphere.host.bootInfo`.","private":true,"min_provider_version":"13.1.1","defaults":"bootTime biosVersion","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.certificate":{"id":"vsphere.host.certificate","name":"vsphere.host.certificate","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier (host inventory path + cert kind)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"issuer":{"name":"issuer","type":"\u0007","is_mandatory":true,"title":"Issuer distinguished name","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"kind":{"name":"kind","type":"\u0007","is_mandatory":true,"title":"Certificate kind (e.g. machine, vmca); empty/unset means the host machine cert","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"notAfter":{"name":"notAfter","type":"\t","is_mandatory":true,"title":"Validity end (expiration)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"notBefore":{"name":"notBefore","type":"\t","is_mandatory":true,"title":"Validity start","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Status reported by vCenter (good, expiring, expired, expiringShortly, unknown, etc.)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"subject":{"name":"subject","type":"\u0007","is_mandatory":true,"title":"Subject distinguished name","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host SSL/TLS Certificate","desc":"Examine a TLS certificate managed by the ESXi HostCertificateManager. Key fields include `subject` and `issuer` distinguished names, `notBefore` and `notAfter` validity timestamps, and `status` as reported by vCenter (good, expiring, expiringSoon, expired, unknown). Use `notAfter` and `status` to audit certificate expiration posture. Accessed from `vsphere.host.certificate`.","private":true,"min_provider_version":"13.0.12","defaults":"subject status notAfter","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.command":{"id":"vsphere.host.command","name":"vsphere.host.command","fields":{"command":{"name":"command","type":"\u0007","is_mandatory":true,"title":"Raw command","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path of the host the command runs on","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"result":{"name":"result","type":"\u0019\n","title":"Command result","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"init":{"args":[{"name":"command","type":"\u0007"}]},"title":"ESXi Host Command Execution","desc":"Examine the output of an arbitrary command run on an ESXi host. The connected target must be a host — use `--platform-id` to select one when connecting through vCenter. The `command` field holds the raw command string, `inventoryPath` identifies the host, and `result` returns the parsed command output as a list of dicts.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.dnsConfig":{"id":"vsphere.host.dnsConfig","name":"vsphere.host.dnsConfig","fields":{"dhcp":{"name":"dhcp","type":"\u0004","is_mandatory":true,"title":"Whether DNS settings come from DHCP (when true, the static fields below may be ignored)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"domain":{"name":"domain","type":"\u0007","is_mandatory":true,"title":"DNS domain","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"fqdn":{"name":"fqdn","type":"\u0007","is_mandatory":true,"title":"FQDN convenience: hostName + \".\" + domain when both are set, otherwise just hostName","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"hostName":{"name":"hostName","type":"\u0007","is_mandatory":true,"title":"Hostname portion (no domain)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"searchDomains":{"name":"searchDomains","type":"\u0019\u0007","is_mandatory":true,"title":"DNS search domains","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"servers":{"name":"servers","type":"\u0019\u0007","is_mandatory":true,"title":"Configured DNS server addresses","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"virtualNicDevice":{"name":"virtualNicDevice","type":"\u0007","is_mandatory":true,"title":"VMkernel NIC the DNS configuration is bound to (e.g. \"vmk0\"); empty when not pinned","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host DNS Configuration","desc":"Examine the DNS configuration on an ESXi host. Key fields include `dhcp` (whether DNS settings come from DHCP), `hostName`, `domain`, `fqdn` (computed convenience), `servers` (configured DNS server addresses), and `searchDomains`. The `virtualNicDevice` field identifies which VMkernel NIC the DNS configuration is bound to. Accessed from `vsphere.host.dnsConfig`.","private":true,"min_provider_version":"13.1.1","defaults":"hostName domain","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.firewallRule":{"id":"vsphere.host.firewallRule","name":"vsphere.host.firewallRule","fields":{"direction":{"name":"direction","type":"\u0007","is_mandatory":true,"title":"Direction (inbound, outbound)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"endPort":{"name":"endPort","type":"\u0005","is_mandatory":true,"title":"End port (only meaningful when the rule covers a range; 0 for single-port rules)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier (parent ruleset id + rule index)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"port":{"name":"port","type":"\u0005","is_mandatory":true,"title":"Port number (or start port for a range)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portType":{"name":"portType","type":"\u0007","is_mandatory":true,"title":"Port type (src, dst)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"protocol":{"name":"protocol","type":"\u0007","is_mandatory":true,"title":"Protocol (tcp, udp)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host Firewall Rule","desc":"Examine a single port/protocol rule within a `vsphere.host.firewallRuleset`. Each rule specifies a `port` (or start port for a range), `endPort`, traffic `direction` (inbound, outbound), `portType` (src, dst), and `protocol` (tcp, udp). Iterate from `vsphere.host.firewallRuleset.rules`.","private":true,"min_provider_version":"13.1.1","defaults":"port direction protocol","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.firewallRuleset":{"id":"vsphere.host.firewallRuleset","name":"vsphere.host.firewallRuleset","fields":{"allIpsAllowed":{"name":"allIpsAllowed","type":"\u0004","is_mandatory":true,"title":"Whether traffic is allowed from any IP. When false, callers should consult allowedIpAddresses / allowedIpNetworks.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowedIpAddresses":{"name":"allowedIpAddresses","type":"\u0019\u0007","is_mandatory":true,"title":"Specific IP addresses allowed to reach the service (only populated when allIpsAllowed == false)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowedIpNetworks":{"name":"allowedIpNetworks","type":"\u0019\n","is_mandatory":true,"title":"Specific IP networks allowed (only populated when allIpsAllowed == false). Each entry is a dict with `network` and `prefixLength`.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the ruleset is currently enabled","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier (host inventory path + ruleset key)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Service identifier (e.g., CIMHttpServer, DVSSync, sshServer)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Human-readable service label","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"required":{"name":"required","type":"\u0004","is_mandatory":true,"title":"Whether the ruleset is required by ESXi and cannot be disabled","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"rules":{"name":"rules","type":"\u0019\u001bvsphere.host.firewallRule","is_mandatory":true,"title":"Port and protocol rules opened by this ruleset","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"service":{"name":"service","type":"\u0007","is_mandatory":true,"title":"Backing service name (matches a vsphere.host.service.key); empty if no daemon service","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host Firewall Ruleset","desc":"Examine one per-service firewall rule entry on an ESXi host. Each ruleset has a `key` (service identifier such as `CIMHttpServer`, `sshServer`), `label`, `enabled` state, and a `required` flag for rulesets ESXi cannot disable. The allowed-IP scope is controlled by `allIpsAllowed`, `allowedIpAddresses`, and `allowedIpNetworks`. Port and protocol details are in `rules`. The global default-deny posture for the host lives on `vsphere.host.firewallIncomingBlocked` and `firewallOutgoingBlocked`. Iterate from `vsphere.host.firewallRulesets`.","private":true,"min_provider_version":"13.1.1","defaults":"key enabled allIpsAllowed","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.ipRouteConfig":{"id":"vsphere.host.ipRouteConfig","name":"vsphere.host.ipRouteConfig","fields":{"defaultGateway":{"name":"defaultGateway","type":"\u0007","is_mandatory":true,"title":"IPv4 default gateway; empty when not configured","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"gatewayDevice":{"name":"gatewayDevice","type":"\u0007","is_mandatory":true,"title":"VMkernel NIC the IPv4 default gateway is bound to (e.g. \"vmk0\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ipv6DefaultGateway":{"name":"ipv6DefaultGateway","type":"\u0007","is_mandatory":true,"title":"IPv6 default gateway; empty when not configured","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ipv6GatewayDevice":{"name":"ipv6GatewayDevice","type":"\u0007","is_mandatory":true,"title":"VMkernel NIC the IPv6 default gateway is bound to","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host IP Routing Configuration","desc":"Examine the IP routing (default gateway) configuration on an ESXi host. Exposes `defaultGateway` and `gatewayDevice` (bound VMkernel NIC) for IPv4, and `ipv6DefaultGateway` and `ipv6GatewayDevice` for IPv6. Accessed from `vsphere.host.ipRouteConfig`.","private":true,"min_provider_version":"13.1.1","defaults":"defaultGateway ipv6DefaultGateway","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.iscsiAdapter":{"id":"vsphere.host.iscsiAdapter","name":"vsphere.host.iscsiAdapter","fields":{"chapAuthEnabled":{"name":"chapAuthEnabled","type":"\u0004","is_mandatory":true,"title":"Whether CHAP authentication is enabled at all","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"chapAuthenticationType":{"name":"chapAuthenticationType","type":"\u0007","is_mandatory":true,"title":"CHAP authentication policy (chapDiscouraged, chapPreferred, chapRequired, chapProhibited)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"chapName":{"name":"chapName","type":"\u0007","is_mandatory":true,"title":"CHAP username (the secret is intentionally NOT exposed)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"device":{"name":"device","type":"\u0007","is_mandatory":true,"title":"HBA device name (e.g., vmhba65)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"iScsiAlias":{"name":"iScsiAlias","type":"\u0007","is_mandatory":true,"title":"Optional alias","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"iScsiName":{"name":"iScsiName","type":"\u0007","is_mandatory":true,"title":"iSCSI Qualified Name (IQN)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier (host inventory path + device name)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mutualChapAuthenticationType":{"name":"mutualChapAuthenticationType","type":"\u0007","is_mandatory":true,"title":"Mutual CHAP authentication policy (chapProhibited, chapRequired, ...)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mutualChapName":{"name":"mutualChapName","type":"\u0007","is_mandatory":true,"title":"Mutual CHAP username","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi iSCSI Host Bus Adapter","desc":"Examine an iSCSI HBA configured on an ESXi host. Each adapter exposes its `device` name (e.g., `vmhba65`), `iScsiName` (IQN), and `iScsiAlias`. CHAP authentication posture is available via `chapAuthEnabled`, `chapAuthenticationType`, and `chapName` (the secret is intentionally not exposed); mutual CHAP settings follow the same pattern. Iterate from `vsphere.host.iscsiAdapters`.","private":true,"min_provider_version":"13.1.1","defaults":"device iScsiName","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.kernelModule":{"id":"vsphere.host.kernelModule","name":"vsphere.host.kernelModule","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the module is enabled","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"license":{"name":"license","type":"\u0007","is_mandatory":true,"title":"Module license","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"loaded":{"name":"loaded","type":"\u0004","is_mandatory":true,"title":"Whether the module is currently loaded","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"modulefile":{"name":"modulefile","type":"\u0007","is_mandatory":true,"title":"Module file location","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Module name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signatureDigest":{"name":"signatureDigest","type":"\u0007","is_mandatory":true,"title":"Module signed digest","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signatureFingerprint":{"name":"signatureFingerprint","type":"\u0007","is_mandatory":true,"title":"Module signed fingerprint","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"signedStatus":{"name":"signedStatus","type":"\u0007","is_mandatory":true,"title":"Module signed status","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Module version","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vibAcceptanceLevel":{"name":"vibAcceptanceLevel","type":"\u0007","is_mandatory":true,"title":"Module acceptance level","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Kernel Module (Driver)","desc":"Examine a kernel module loaded on an ESXi host. Each module exposes `name`, `modulefile`, `version`, `loaded`, `enabled`, `license`, `signedStatus`, `signatureDigest`, `signatureFingerprint`, and `vibAcceptanceLevel`. Use `signedStatus` and `vibAcceptanceLevel` to audit driver signing posture. Iterate from `vsphere.host.kernelModules`.","private":true,"min_provider_version":"13.1.1","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.ntpConfig":{"id":"vsphere.host.ntpConfig","name":"vsphere.host.ntpConfig","fields":{"config":{"name":"config","type":"\u0019\u0007","is_mandatory":true,"title":"Content of ntp.conf host configuration file, split by lines","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"NTP config ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"server":{"name":"server","type":"\u0019\u0007","is_mandatory":true,"title":"List of time servers, specified as either IP addresses or fully qualified domain names (FQDNs)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host NTP Configuration","desc":"Examine the NTP configuration on an ESXi host. The `server` list contains the configured NTP server addresses (IP or FQDN), and `config` holds the raw lines of the host's `ntp.conf` file. Accessed from `vsphere.host.ntp`.","private":true,"min_provider_version":"13.1.1","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.service":{"id":"vsphere.host.service","name":"vsphere.host.service","fields":{"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Brief identifier for the service","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Display label for the service","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"policy":{"name":"policy","type":"\u0007","is_mandatory":true,"title":"Service activation policy (on, off, automatic)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"required":{"name":"required","type":"\u0004","is_mandatory":true,"title":"Whether the service is required and cannot be disabled","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ruleset":{"name":"ruleset","type":"\u0019\u0007","is_mandatory":true,"title":"Firewall rulesets used by this service (matches vsphere.host.firewallRuleset.key)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"running":{"name":"running","type":"\u0004","is_mandatory":true,"title":"Whether the service is currently running","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Management Service","desc":"Examine a management daemon on an ESXi host. Each service has a `key` (brief identifier), `label`, `running` state, `required` flag (cannot be disabled), and `policy` (activation mode: on, off, automatic). The `ruleset` field lists the firewall ruleset keys this service relies on. Use `running` and `policy` to audit service enablement posture (e.g., SSH should typically be off or set to automatic-with-justification). Iterate from `vsphere.host.services`.","private":true,"min_provider_version":"13.1.1","defaults":"key label","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.systemInfo":{"id":"vsphere.host.systemInfo","name":"vsphere.host.systemInfo","fields":{"assetTag":{"name":"assetTag","type":"\u0007","is_mandatory":true,"title":"Asset tag from SMBIOS, when populated by the vendor","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"installDate":{"name":"installDate","type":"\t","is_mandatory":true,"title":"ESXi install date (vSphere 7+); zero time when the platform doesn't report it","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"model":{"name":"model","type":"\u0007","is_mandatory":true,"title":"Hardware model (SMBIOS)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"oemSpecific":{"name":"oemSpecific","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Other vendor-specific identifying info that doesn't map to the named fields above (key → value)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"serialNumber":{"name":"serialNumber","type":"\u0007","is_mandatory":true,"title":"Vendor-assigned serial number; empty when not reported","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"serviceTag":{"name":"serviceTag","type":"\u0007","is_mandatory":true,"title":"Service tag (Dell-specific identifier; empty on non-Dell hardware)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"uuid":{"name":"uuid","type":"\u0007","is_mandatory":true,"title":"Hardware UUID (SMBIOS UUID, stable per chassis)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vendor":{"name":"vendor","type":"\u0007","is_mandatory":true,"title":"Hardware vendor (SMBIOS) — same value as vsphere.host.vendor, exposed here for grouping","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host Hardware Identity","desc":"Examine the hardware identity for an ESXi host sourced from SMBIOS and HostSystemIdentificationInfo. Key fields include `vendor`, `model`, `uuid` (stable per chassis), `serialNumber`, `assetTag`, `serviceTag` (Dell only), and `installDate` (vSphere 7+). Unrecognized OEM identifiers land in `oemSpecific` so unusual platforms (HPE iLO, IBM, custom OEM) don't lose data. Accessed from `vsphere.host.systemInfo`.","private":true,"min_provider_version":"13.1.1","defaults":"model serialNumber","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.timezone":{"id":"vsphere.host.timezone","name":"vsphere.host.timezone","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the time zone","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Identifier for the time zone","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Time zone name","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"offset":{"name":"offset","type":"\u0005","is_mandatory":true,"title":"GMT offset","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi Host Timezone Configuration","desc":"Examine the time zone configured on an ESXi host. Fields include `key` (timezone identifier), `name` (display name), `description`, and `offset` (GMT offset in seconds). Accessed from `vsphere.host.timezone`.","private":true,"min_provider_version":"9.0.0","defaults":"key name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.host.vib":{"id":"vsphere.host.vib","name":"vsphere.host.vib","fields":{"acceptanceLevel":{"name":"acceptanceLevel","type":"\u0007","is_mandatory":true,"title":"Acceptance level (VMwareCertified, VMwareAccepted, PartnerSupported, CommunitySupported)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"creationDate":{"name":"creationDate","type":"\t","is_mandatory":true,"title":"Creation date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"VIB ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"installDate":{"name":"installDate","type":"\t","is_mandatory":true,"title":"Install date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Bundle name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"status":{"name":"status","type":"\u0007","is_mandatory":true,"title":"Bundle status","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vendor":{"name":"vendor","type":"\u0007","is_mandatory":true,"title":"Bundle vendor","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Bundle version","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"ESXi VIB (vSphere Installation Bundle)","desc":"Examine a software package installed on an ESXi host. Each VIB has a `name`, `version`, `vendor`, `acceptanceLevel` (VMwareCertified, VMwareAccepted, PartnerSupported, CommunitySupported), `creationDate`, `installDate`, and `status`. Use `acceptanceLevel` to audit the software acceptance policy of the host. Iterate from `vsphere.host.packages`.","private":true,"min_provider_version":"13.1.1","defaults":"id name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.identitysource":{"id":"vsphere.identitysource","name":"vsphere.identitysource","fields":{"alternativeNames":{"name":"alternativeNames","type":"\u0019\u0007","is_mandatory":true,"title":"Alternative names recognized for the domain (e.g., NetBIOS aliases)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"authenticationType":{"name":"authenticationType","type":"\u0007","is_mandatory":true,"title":"Authentication mechanism used by external providers (anonymous, password, srp, reserved); empty for system/localos","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"authenticationUsername":{"name":"authenticationUsername","type":"\u0007","is_mandatory":true,"title":"Service-account username used to bind (LDAP only)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"failoverUrl":{"name":"failoverUrl","type":"\u0007","is_mandatory":true,"title":"Failover directory server URL (LDAP only; empty if not configured)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"groupBaseDn":{"name":"groupBaseDn","type":"\u0007","is_mandatory":true,"title":"Distinguished name to bind under for groups (LDAP only)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Domain name of the identity source (e.g., vsphere.local, corp.example.com)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"primaryUrl":{"name":"primaryUrl","type":"\u0007","is_mandatory":true,"title":"Primary directory server URL (LDAP only)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Source kind (system, localos, nativead, ldap)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"userBaseDn":{"name":"userBaseDn","type":"\u0007","is_mandatory":true,"title":"Distinguished name to bind under for users (LDAP only)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere SSO Identity Source","desc":"Examine an authentication provider registered with vCenter's SSO service. Sources include the built-in `vsphere.local` domain, the local OS identity source, native Active Directory integration, and external LDAP/AD providers. The `type` field distinguishes source kinds (system, localos, nativead, ldap); LDAP sources expose `primaryUrl`, `failoverUrl`, `userBaseDn`, `groupBaseDn`, and `authenticationUsername`. Iterate from `vsphere.identitySources`.","private":true,"min_provider_version":"13.0.12","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.kmsCluster":{"id":"vsphere.kmsCluster","name":"vsphere.kmsCluster","fields":{"clusterId":{"name":"clusterId","type":"\u0007","is_mandatory":true,"title":"Cluster identifier — also the vCenter-visible name","desc":"KmipClusterInfo has no separate display name; the ID you set when registering the cluster is what appears in the UI.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"managementType":{"name":"managementType","type":"\u0007","is_mandatory":true,"title":"Management type (vCenter, trustAuthority, nativeKeyProvider, externalKeyProvider)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"serverCount":{"name":"serverCount","type":"\u0005","is_mandatory":true,"title":"Number of KMS servers configured under this cluster","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"servers":{"name":"servers","type":"\u0019\n","is_mandatory":true,"title":"KMS server entries. Each is a dict with `name`, `address`, and `port` (no secret material exposed).","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"useAsDefault":{"name":"useAsDefault","type":"\u0004","is_mandatory":true,"title":"Whether this cluster is the vCenter default for new encryption keys","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere KMIP Key-Management Cluster","desc":"Examine a registered key-management server cluster used for VM encryption and virtual TPM provisioning. KMIP clusters are configured at the vCenter level (not per host). The `clusterId` is the vCenter-visible name, `useAsDefault` indicates whether this cluster is the default for new encryption keys, `managementType` distinguishes cluster kinds (vCenter, trustAuthority, nativeKeyProvider, externalKeyProvider), and `servers` lists each KMS server entry. Iterate from `vsphere.kmsClusters`.","private":true,"min_provider_version":"13.0.12","defaults":"clusterId useAsDefault managementType","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.license":{"id":"vsphere.license","name":"vsphere.license","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"License name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"total":{"name":"total","type":"\u0005","is_mandatory":true,"title":"Total licenses","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"used":{"name":"used","type":"\u0005","is_mandatory":true,"title":"Used licenses","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere License","desc":"Examine a license entry assigned in vCenter. Each license has a `name`, a `total` seat count, and a `used` seat count. Iterate from `vsphere.licenses` to audit license compliance and over-assignment.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.permission":{"id":"vsphere.permission","name":"vsphere.permission","fields":{"entityMoid":{"name":"entityMoid","type":"\u0007","is_mandatory":true,"title":"Managed object ID of the entity the permission is granted on","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"entityType":{"name":"entityType","type":"\u0007","is_mandatory":true,"title":"Type of the entity (e.g., Datacenter, ClusterComputeResource, HostSystem, VirtualMachine, Folder)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"group":{"name":"group","type":"\u0004","is_mandatory":true,"title":"Whether the principal is a group (true) or a user (false)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Identifier (entity moid + principal kind + principal)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"principal":{"name":"principal","type":"\u0007","is_mandatory":true,"title":"Principal (user or group) the permission is granted to, often \"DOMAIN\\\\name\" or \"DOMAIN\\\\GroupName\"","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"propagate":{"name":"propagate","type":"\u0004","is_mandatory":true,"title":"Whether the permission propagates to children of the entity in the inventory hierarchy","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"role":{"name":"role","type":"\u001bvsphere.role","title":"RBAC role granted by this permission","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere RBAC Permission Grant","desc":"Examine a single (entity, principal, role) permission tuple from vCenter's AuthorizationManager. Each grant ties a `principal` (user or group, often in `DOMAIN\\\\name` form) to a `role` on a specific managed object identified by `entityMoid` and `entityType`. Use `propagate` to determine whether the grant flows down the inventory hierarchy. Iterate from `vsphere.permissions`.","private":true,"min_provider_version":"13.0.12","defaults":"principal entityType entityMoid","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.resourcepool":{"id":"vsphere.resourcepool","name":"vsphere.resourcepool","fields":{"cpuExpandableReservation":{"name":"cpuExpandableReservation","type":"\u0004","is_mandatory":true,"title":"Whether CPU reservation can grow into the parent's unreserved capacity","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuLimitMhz":{"name":"cpuLimitMhz","type":"\u0005","is_mandatory":true,"title":"CPU limit in MHz (-1 = unlimited)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuReservationMhz":{"name":"cpuReservationMhz","type":"\u0005","is_mandatory":true,"title":"CPU reservation in MHz (0 = no reservation)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuShareLevel":{"name":"cpuShareLevel","type":"\u0007","is_mandatory":true,"title":"CPU share level (low, normal, high, custom)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuShares":{"name":"cpuShares","type":"\u0005","is_mandatory":true,"title":"CPU shares (only meaningful when cpuShareLevel == custom)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryExpandableReservation":{"name":"memoryExpandableReservation","type":"\u0004","is_mandatory":true,"title":"Whether memory reservation can grow into the parent's unreserved capacity","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryLimitMB":{"name":"memoryLimitMB","type":"\u0005","is_mandatory":true,"title":"Memory limit in MB (-1 = unlimited)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryReservationMB":{"name":"memoryReservationMB","type":"\u0005","is_mandatory":true,"title":"Memory reservation in MB (0 = no reservation)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryShareLevel":{"name":"memoryShareLevel","type":"\u0007","is_mandatory":true,"title":"Memory share level (low, normal, high, custom)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryShares":{"name":"memoryShares","type":"\u0005","is_mandatory":true,"title":"Memory shares (only meaningful when memoryShareLevel == custom)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource pool name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Resource Pool","desc":"Examine a CPU and memory partition on a cluster or standalone host. Resource pools enforce reservation, limit, and share policies independently for CPU and memory. Key fields include `cpuReservationMhz`, `cpuLimitMhz`, `cpuShareLevel`, `memoryReservationMB`, `memoryLimitMB`, and `memoryShareLevel`. Use `inventoryPath` to identify the pool's position in the hierarchy. Iterate from `vsphere.datacenter.resourcePools`.","private":true,"min_provider_version":"13.0.12","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.role":{"id":"vsphere.role","name":"vsphere.role","fields":{"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Human-readable label","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Role name (e.g., \"Admin\", \"ReadOnly\", or a custom name)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"privileges":{"name":"privileges","type":"\u0019\u0007","is_mandatory":true,"title":"Privilege identifiers granted by this role","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"roleId":{"name":"roleId","type":"\u0005","is_mandatory":true,"title":"Unique role identifier","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"summary":{"name":"summary","type":"\u0007","is_mandatory":true,"title":"Role summary / description","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"system":{"name":"system","type":"\u0004","is_mandatory":true,"title":"Whether the role is built-in (system-defined and immutable) vs. customer-defined","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Authorization Role","desc":"Examine an RBAC role definition from vCenter's AuthorizationManager. Each role has a `name`, a human-readable `label`, a `summary` description, and a `privileges` list of privilege identifiers it grants. Built-in (immutable) roles are identified by `system == true`. Iterate from `vsphere.roles`.","private":true,"min_provider_version":"13.0.12","defaults":"name system","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm":{"id":"vsphere.vm","name":"vsphere.vm","fields":{"advancedSettings":{"name":"advancedSettings","type":"\u001a\u0007\u0007","title":"Virtual machine advanced properties","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"annotation":{"name":"annotation","type":"\u0007","is_mandatory":true,"title":"Free-form description / notes set on the VM","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"biosUuid":{"name":"biosUuid","type":"\u0007","is_mandatory":true,"title":"SMBIOS UUID exposed to the guest OS via virtual BIOS; can be reused if a VM is cloned with same uuid setting","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"bootFirmware":{"name":"bootFirmware","type":"\u0007","is_mandatory":true,"title":"Boot firmware (bios or efi)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cdrom":{"name":"cdrom","type":"\u001bvsphere.vm.cdrom","title":"vSphere VM Virtual CD/DVD Device","desc":"Examine a virtual CD/DVD drive attached to a VM. The `backingType` field identifies the source: `iso` (file on a datastore), `atapi` (host ATAPI passthrough), `passthrough` (host CD/DVD), `remoteAtapi`, or `remotePassthrough`. For ISO-backed drives, `isoPath` gives the datastore-bracket path and `datastore` resolves the backing datastore. Use `connected` and `connectedAtPowerOn` to audit ISO attachment posture (running production VMs should typically have no ISO attached). Iterate from `vsphere.vm.cdroms`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"cdroms":{"name":"cdroms","type":"\u0019\u001bvsphere.vm.cdrom","title":"Virtual CD/DVD devices attached to the VM (in device order)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuAllocation":{"name":"cpuAllocation","type":"\u001bvsphere.vm.cpuAllocation","title":"CPU resource allocation (reservation, limit, shares)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cpuHotAddEnabled":{"name":"cpuHotAddEnabled","type":"\u0004","is_mandatory":true,"title":"Whether CPU hot-add is enabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"createDate":{"name":"createDate","type":"\t","is_mandatory":true,"title":"When the VM was created","desc":"vCenter may not report this for VMs created before vSphere 6.7 or for templates; in those cases the field is the zero time (0001-01-01).","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastores":{"name":"datastores","type":"\u0019\u001bvsphere.datastore","title":"Datastores backing the VM's files, resolved against vsphere.datacenters[].datastores","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"disk":{"name":"disk","type":"\u001bvsphere.vm.disk","title":"vSphere VM Virtual Disk","desc":"Examine a virtual disk attached to a VM. The `backingType` identifies the VMDK variant (flatVer2 for regular VMFS, rdmV1 for raw device mapping, etc.). Key audit fields include `diskMode` (persistence mode — independent disks are excluded from snapshots), `thinProvisioned`, `eagerlyScrub` (required for FT), and `uuid`. Navigate to `encryptionKey` to check disk-level encryption and to `datastore` to identify the backing storage. Iterate from `vsphere.vm.disks`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"disks":{"name":"disks","type":"\u0019\u001bvsphere.vm.disk","title":"Virtual disks attached to the VM, in device order","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"encrypted":{"name":"encrypted","type":"\u0004","is_mandatory":true,"title":"Whether vSphere VM encryption is enabled on this VM (encrypts VMX, swap, and disks)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"encryptionKeyId":{"name":"encryptionKeyId","type":"\u0007","is_mandatory":true,"title":"Encryption key ID (CryptoKeyId.KeyId) used to encrypt the VM; empty if not encrypted","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"guestHostname":{"name":"guestHostname","type":"\u0007","is_mandatory":true,"title":"Hostname reported by VMware Tools (only meaningful when Tools is running)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"guestIpAddress":{"name":"guestIpAddress","type":"\u0007","is_mandatory":true,"title":"Primary IP address reported by VMware Tools (only meaningful when Tools is running)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"host":{"name":"host","type":"\u001bvsphere.host","title":"ESXi host the VM is currently registered on","desc":"Resolved against vsphere.datacenters[].hosts; null when the VM is unregistered or the host is missing from inventory.","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"instanceUuid":{"name":"instanceUuid","type":"\u0007","is_mandatory":true,"title":"VM instance UUID — stable across vCenter migrations (vc.uuid + InstanceUuid bit), unique per vCenter","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"inventoryPath":{"name":"inventoryPath","type":"\u0007","is_mandatory":true,"title":"vSphere inventory path","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"kmsCluster":{"name":"kmsCluster","type":"\u001bvsphere.kmsCluster","title":"KMS cluster providing the encryption key, resolved lazily against vsphere.kmsClusters; null when the VM is not encrypted","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryAllocation":{"name":"memoryAllocation","type":"\u001bvsphere.vm.memoryAllocation","title":"Memory resource allocation (reservation, limit, shares, overhead limit)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryHotAddEnabled":{"name":"memoryHotAddEnabled","type":"\u0004","is_mandatory":true,"title":"Whether memory hot-add is enabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"memoryMB":{"name":"memoryMB","type":"\u0005","is_mandatory":true,"title":"Configured memory size in megabytes","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"vSphere managed object ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"vSphere resource name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"networkAdapter":{"name":"networkAdapter","type":"\u001bvsphere.vm.networkAdapter","title":"vSphere VM Virtual Network Adapter","desc":"Examine a virtual NIC attached to a VM. Covers all NIC variants: e1000, e1000e, vmxnet, vmxnet2, vmxnet3, pcnet32, sriov. Key fields include `adapterType`, `macAddress`, `addressType` (manual, generated, assigned), `connected`, `connectedAtPowerOn`, and `wakeOnLan`. The `backingType` distinguishes standard portgroup (`network`), distributed portgroup (`dvs`), and NSX-T logical switch (`opaque`) backings; use `portGroupName` or `portGroupMoid` / `portGroup` to identify the backing network. Iterate from `vsphere.vm.networkAdapters`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"networkAdapters":{"name":"networkAdapters","type":"\u0019\u001bvsphere.vm.networkAdapter","title":"Virtual network adapters attached to the VM (in device order)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"numCpu":{"name":"numCpu","type":"\u0005","is_mandatory":true,"title":"Number of virtual CPUs configured","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"numSnapshots":{"name":"numSnapshots","type":"\u0005","is_mandatory":true,"title":"Number of snapshots in the VM's snapshot tree (0 if none)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"powerState":{"name":"powerState","type":"\u0007","is_mandatory":true,"title":"Power state (poweredOn, poweredOff, suspended)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Virtual machine properties","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"secureBootEnabled":{"name":"secureBootEnabled","type":"\u0004","is_mandatory":true,"title":"Whether UEFI Secure Boot is enabled (only meaningful when bootFirmware is efi)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"snapshot":{"name":"snapshot","type":"\u001bvsphere.vm.snapshot","title":"vSphere VM Snapshot","desc":"Examine a single snapshot in a VM's snapshot tree. The tree is flattened — use `parentMoid` to reconstruct hierarchy and `current` to identify the active snapshot. Key fields include `name`, `description`, `createDate`, `powerState` at snapshot time, and `quiesced` (file-system consistent snapshot). Use `numSnapshots` on the parent VM to quickly check if any snapshots exist. Iterate from `vsphere.vm.snapshots`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"snapshots":{"name":"snapshots","type":"\u0019\u001bvsphere.vm.snapshot","title":"Snapshots in this VM's snapshot tree, flattened (root-first depth-first); empty when no snapshots exist","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"VM tags","min_provider_version":"11.0.101","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"template":{"name":"template","type":"\u0004","is_mandatory":true,"title":"Whether this entry is a VM template rather than a runnable VM","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vbsEnabled":{"name":"vbsEnabled","type":"\u0004","is_mandatory":true,"title":"Whether Virtualization-Based Security (VBS) is enabled","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vmwareToolsRunning":{"name":"vmwareToolsRunning","type":"\u0004","is_mandatory":true,"title":"Whether VMware Tools reports as running in the guest (only meaningful when powerState == poweredOn)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vmwareToolsVersion":{"name":"vmwareToolsVersion","type":"\u0007","is_mandatory":true,"title":"VMware Tools version installed in the guest, as the numeric build string (empty if Tools not running or not reported)","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vtpmPresent":{"name":"vtpmPresent","type":"\u0004","is_mandatory":true,"title":"Whether a virtual TPM 2.0 device is attached to the VM","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Virtual Machine","desc":"Examine a virtual machine managed by vCenter. Covers security configuration (`bootFirmware`, `secureBootEnabled`, `vbsEnabled`, `encrypted`, `encryptionKeyId`, `kmsCluster`, `vtpmPresent`), hardware allocation (`numCpu`, `memoryMB`, `cpuAllocation`, `memoryAllocation`), operational state (`powerState`, `vmwareToolsRunning`, `vmwareToolsVersion`), and attached devices (`disks`, `cdroms`, `networkAdapters`, `snapshots`). Navigate to `host` for the ESXi host running the VM and `datastores` for its storage backing. Iterate from `vsphere.datacenter.vms`.","private":true,"min_provider_version":"9.0.0","defaults":"moid name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.cdrom":{"id":"vsphere.vm.cdrom","name":"vsphere.vm.cdrom","fields":{"allowGuestControl":{"name":"allowGuestControl","type":"\u0004","is_mandatory":true,"title":"Whether the guest OS can connect / disconnect this device at runtime","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"backingType":{"name":"backingType","type":"\u0007","is_mandatory":true,"title":"Backing variant","desc":"One of iso (file on a datastore), atapi (host ATAPI passthrough), passthrough (host CD/DVD), remoteAtapi, remotePassthrough, or empty for an unknown backing.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"connected":{"name":"connected","type":"\u0004","is_mandatory":true,"title":"Whether the drive is currently connected to the VM","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"connectedAtPowerOn":{"name":"connectedAtPowerOn","type":"\u0004","is_mandatory":true,"title":"Whether the drive auto-connects when the VM powers on","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastore":{"name":"datastore","type":"\u001bvsphere.datastore","title":"Datastore backing the ISO file","desc":"Resolved against vsphere.datacenters[].datastores. Null when the backing isn't ISO-on-datastore or the datastore isn't visible in inventory.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"isoPath":{"name":"isoPath","type":"\u0007","is_mandatory":true,"title":"ISO file path in datastore-bracket form (e.g. \"[datastore1] isos/install.iso\"); empty unless backingType is iso","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0005","is_mandatory":true,"title":"Device key (unique within the parent VM, stable across reconfigure)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Device label (e.g., \"CD/DVD drive 1\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Virtual CD/DVD Device","desc":"Examine a virtual CD/DVD drive attached to a VM. The `backingType` field identifies the source: `iso` (file on a datastore), `atapi` (host ATAPI passthrough), `passthrough` (host CD/DVD), `remoteAtapi`, or `remotePassthrough`. For ISO-backed drives, `isoPath` gives the datastore-bracket path and `datastore` resolves the backing datastore. Use `connected` and `connectedAtPowerOn` to audit ISO attachment posture (running production VMs should typically have no ISO attached). Iterate from `vsphere.vm.cdroms`.","private":true,"min_provider_version":"13.1.1","defaults":"label backingType connected","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.cpuAllocation":{"id":"vsphere.vm.cpuAllocation","name":"vsphere.vm.cpuAllocation","fields":{"expandableReservation":{"name":"expandableReservation","type":"\u0004","is_mandatory":true,"title":"Whether the reservation can grow dynamically beyond the configured value","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"limitMHz":{"name":"limitMHz","type":"\u0005","is_mandatory":true,"title":"CPU limit in MHz; -1 means unlimited","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"reservationMHz":{"name":"reservationMHz","type":"\u0005","is_mandatory":true,"title":"Guaranteed CPU reservation in MHz","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"shares":{"name":"shares","type":"\u0005","is_mandatory":true,"title":"Numeric share weight (only meaningful when sharesLevel == \"custom\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"sharesLevel":{"name":"sharesLevel","type":"\u0007","is_mandatory":true,"title":"Shares level: low, normal, high, or custom","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM CPU Resource Allocation","desc":"Examine the CPU resource allocation settings for a virtual machine. Fields include `reservationMHz` (guaranteed MHz), `limitMHz` (-1 = unlimited), `expandableReservation`, `sharesLevel` (low, normal, high, custom), and `shares` (numeric weight when `sharesLevel` is custom). Accessed from `vsphere.vm.cpuAllocation`.","private":true,"min_provider_version":"13.1.1","defaults":"reservationMHz limitMHz sharesLevel","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.disk":{"id":"vsphere.vm.disk","name":"vsphere.vm.disk","fields":{"backingType":{"name":"backingType","type":"\u0007","is_mandatory":true,"title":"Backing variant","desc":"One of flatVer2 (regular VMFS .vmdk), rdmV1 (raw device mapping), sparseVer2, seSparse (linked clone delta), or empty when an unknown backing is in use.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"capacityBytes":{"name":"capacityBytes","type":"\u0005","is_mandatory":true,"title":"Disk capacity in bytes","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"datastore":{"name":"datastore","type":"\u001bvsphere.datastore","title":"Datastore backing this disk","desc":"Resolved against vsphere.datacenters[].datastores. Null when the backing has no datastore (e.g., RDM with passthrough) or the datastore isn't visible in inventory.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"diskMode":{"name":"diskMode","type":"\u0007","is_mandatory":true,"title":"Persistence mode","desc":"One of persistent, independent_persistent, independent_nonpersistent, nonpersistent, undoable, or append. Independent disks are excluded from snapshots.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"eagerlyScrub":{"name":"eagerlyScrub","type":"\u0004","is_mandatory":true,"title":"Whether the disk is eager-zeroed thick (required for FT and clustered apps; only meaningful for flatVer2 backing)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"encryptionKey":{"name":"encryptionKey","type":"\u001bvsphere.encryptionKey","title":"Encryption key wrapping this disk, resolved lazily; null when the disk is not encrypted","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"fileName":{"name":"fileName","type":"\u0007","is_mandatory":true,"title":"VMDK file path in datastore-bracket form (e.g. \"[datastore1] vm/vm.vmdk\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0005","is_mandatory":true,"title":"Device key (unique within the parent VM, stable across reconfigure)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Device label (e.g., \"Hard disk 1\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"sharing":{"name":"sharing","type":"\u0007","is_mandatory":true,"title":"Sharing mode (sharingNone, sharingMultiWriter)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"thinProvisioned":{"name":"thinProvisioned","type":"\u0004","is_mandatory":true,"title":"Whether the disk is thin-provisioned (only meaningful for flatVer2 backing)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"uuid":{"name":"uuid","type":"\u0007","is_mandatory":true,"title":"Disk UUID assigned by ESXi (stable across vMotion / storage vMotion)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"writeThrough":{"name":"writeThrough","type":"\u0004","is_mandatory":true,"title":"Whether writes bypass the host buffer cache (only meaningful for flatVer2 backing)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Virtual Disk","desc":"Examine a virtual disk attached to a VM. The `backingType` identifies the VMDK variant (flatVer2 for regular VMFS, rdmV1 for raw device mapping, etc.). Key audit fields include `diskMode` (persistence mode — independent disks are excluded from snapshots), `thinProvisioned`, `eagerlyScrub` (required for FT), and `uuid`. Navigate to `encryptionKey` to check disk-level encryption and to `datastore` to identify the backing storage. Iterate from `vsphere.vm.disks`.","private":true,"min_provider_version":"13.1.1","defaults":"label capacityBytes diskMode","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.memoryAllocation":{"id":"vsphere.vm.memoryAllocation","name":"vsphere.vm.memoryAllocation","fields":{"expandableReservation":{"name":"expandableReservation","type":"\u0004","is_mandatory":true,"title":"Whether the reservation can grow dynamically beyond the configured value","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"limitMB":{"name":"limitMB","type":"\u0005","is_mandatory":true,"title":"Memory limit in MB; -1 means unlimited","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"overheadLimitMB":{"name":"overheadLimitMB","type":"\u0005","is_mandatory":true,"title":"Cap on virtualization overhead memory in MB; -1 means unlimited (the default)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"reservationMB":{"name":"reservationMB","type":"\u0005","is_mandatory":true,"title":"Guaranteed memory reservation in MB","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"shares":{"name":"shares","type":"\u0005","is_mandatory":true,"title":"Numeric share weight (only meaningful when sharesLevel == \"custom\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"sharesLevel":{"name":"sharesLevel","type":"\u0007","is_mandatory":true,"title":"Shares level: low, normal, high, or custom","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Memory Resource Allocation","desc":"Examine the memory resource allocation settings for a virtual machine. Fields include `reservationMB` (guaranteed MB), `limitMB` (-1 = unlimited), `expandableReservation`, `sharesLevel` (low, normal, high, custom), `shares` (numeric weight when `sharesLevel` is custom), and `overheadLimitMB` (cap on virtualization overhead memory; -1 = unlimited). Accessed from `vsphere.vm.memoryAllocation`.","private":true,"min_provider_version":"13.1.1","defaults":"reservationMB limitMB sharesLevel","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.networkAdapter":{"id":"vsphere.vm.networkAdapter","name":"vsphere.vm.networkAdapter","fields":{"adapterType":{"name":"adapterType","type":"\u0007","is_mandatory":true,"title":"Adapter virtual hardware type: e1000, e1000e, vmxnet, vmxnet2, vmxnet3, pcnet32, sriov, or empty for unknown","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"addressType":{"name":"addressType","type":"\u0007","is_mandatory":true,"title":"MAC address assignment mode: manual (set by user), generated (auto by ESXi), assigned (assigned by vCenter)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowGuestControl":{"name":"allowGuestControl","type":"\u0004","is_mandatory":true,"title":"Whether the guest OS can connect / disconnect this adapter at runtime","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"backingType":{"name":"backingType","type":"\u0007","is_mandatory":true,"title":"Backing variant: network (standard portgroup by name), dvs (distributed port group), opaque (NSX-T logical switch), or empty for unknown","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"connected":{"name":"connected","type":"\u0004","is_mandatory":true,"title":"Whether the adapter is currently connected to the network","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"connectedAtPowerOn":{"name":"connectedAtPowerOn","type":"\u0004","is_mandatory":true,"title":"Whether the adapter auto-connects when the VM powers on","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"key":{"name":"key","type":"\u0005","is_mandatory":true,"title":"Device key (unique within the parent VM, stable across reconfigure)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"label":{"name":"label","type":"\u0007","is_mandatory":true,"title":"Device label (e.g., \"Network adapter 1\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"macAddress":{"name":"macAddress","type":"\u0007","is_mandatory":true,"title":"MAC address as ESXi reports it","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroup":{"name":"portGroup","type":"\u001bvsphere.vswitch.portgroup","title":"Distributed port group the adapter is connected to","desc":"Resolved against vsphere.datacenters[].distributedPortGroups. Null for standard portgroup or opaque backings, or when the port group isn't visible in inventory.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroupMoid":{"name":"portGroupMoid","type":"\u0007","is_mandatory":true,"title":"DistributedVirtualSwitchPortConnection.PortgroupKey (the moid of the distributed port group); empty for standard portgroup or opaque backings","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroupName":{"name":"portGroupName","type":"\u0007","is_mandatory":true,"title":"Network or portgroup name (human-readable)","desc":"Populated for standard portgroup backings (`backingType == \"network\"`) and opaque-network backings; empty for DVS backings — use `portGroupMoid` to identify the port group instead.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"wakeOnLan":{"name":"wakeOnLan","type":"\u0004","is_mandatory":true,"title":"Whether Wake-on-LAN is enabled on the virtual NIC","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Virtual Network Adapter","desc":"Examine a virtual NIC attached to a VM. Covers all NIC variants: e1000, e1000e, vmxnet, vmxnet2, vmxnet3, pcnet32, sriov. Key fields include `adapterType`, `macAddress`, `addressType` (manual, generated, assigned), `connected`, `connectedAtPowerOn`, and `wakeOnLan`. The `backingType` distinguishes standard portgroup (`network`), distributed portgroup (`dvs`), and NSX-T logical switch (`opaque`) backings; use `portGroupName` or `portGroupMoid` / `portGroup` to identify the backing network. Iterate from `vsphere.vm.networkAdapters`.","private":true,"min_provider_version":"13.1.1","defaults":"label adapterType macAddress connected","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vm.snapshot":{"id":"vsphere.vm.snapshot","name":"vsphere.vm.snapshot","fields":{"createDate":{"name":"createDate","type":"\t","is_mandatory":true,"title":"When the snapshot was taken","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"current":{"name":"current","type":"\u0004","is_mandatory":true,"title":"Whether this is the VM's current (active) snapshot","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Snapshot description","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0005","is_mandatory":true,"title":"VM-internal sequential identifier (unique within the parent VM)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"ManagedObjectReference of the snapshot, encoded","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Snapshot name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"parentMoid":{"name":"parentMoid","type":"\u0007","is_mandatory":true,"title":"Encoded ManagedObjectReference of the parent snapshot; empty for root snapshots","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"powerState":{"name":"powerState","type":"\u0007","is_mandatory":true,"title":"VM power state when the snapshot was taken (poweredOn, poweredOff, suspended)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"quiesced":{"name":"quiesced","type":"\u0004","is_mandatory":true,"title":"Whether the snapshot was taken with the quiesce option (file-system consistent)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere VM Snapshot","desc":"Examine a single snapshot in a VM's snapshot tree. The tree is flattened — use `parentMoid` to reconstruct hierarchy and `current` to identify the active snapshot. Key fields include `name`, `description`, `createDate`, `powerState` at snapshot time, and `quiesced` (file-system consistent snapshot). Use `numSnapshots` on the parent VM to quickly check if any snapshots exist. Iterate from `vsphere.vm.snapshots`.","private":true,"min_provider_version":"13.1.1","defaults":"name id createDate","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vmknic":{"id":"vsphere.vmknic","name":"vsphere.vmknic","fields":{"dhcp":{"name":"dhcp","type":"\u0004","is_mandatory":true,"title":"Whether the VMkernel NIC's IPv4 address is provided by DHCP (false when statically configured)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ipv4":{"name":"ipv4","type":"\u0019\n","is_mandatory":true,"title":"Per-IPv4 address records (Address, Netmask, Type — DHCP / STATIC). One entry per assigned address.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"ipv6":{"name":"ipv6","type":"\u0019\n","is_mandatory":true,"title":"Per-IPv6 address records (Address, PrefixLength, Type — autoconf / DHCP / static / linklayer). One entry per assigned address.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mac":{"name":"mac","type":"\u0007","is_mandatory":true,"title":"MAC address of the VMkernel NIC","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mtu":{"name":"mtu","type":"\u0005","is_mandatory":true,"title":"Configured MTU in bytes (typically 1500, or 9000 for jumbo frames)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Device name as ESXi exposes it (e.g. \"vmk0\", \"vmk1\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroupMoid":{"name":"portGroupMoid","type":"\u0007","is_mandatory":true,"title":"Encoded ManagedObjectReference of the DistributedVirtualPortgroup the VMkernel NIC is attached to","desc":"Empty when bound to a standard-vSwitch port group instead.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroupName":{"name":"portGroupName","type":"\u0007","is_mandatory":true,"title":"Standard-vSwitch port group the VMkernel NIC is attached to","desc":"Empty when bound to a DVS port group instead — exactly one of `portGroupName` / `portGroupMoid` is populated.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Raw output of `esxcli network ip interface list` for this device, as a dict","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"services":{"name":"services","type":"\u0019\u0007","is_mandatory":true,"title":"Host services this VMkernel NIC currently carries","desc":"Possible values: `management`, `vmotion`, `vsan`, `faultToleranceLogging`, `vSphereReplication`, `vSphereReplicationNFC`, `vSphereProvisioning`, `vSphereBackupNFC`, `ptp`. Empty when the NIC carries no managed services.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Optional ESXi-managed tag list on the VMkernel NIC; rarely populated, useful for vendor-specific labelling.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"tcpipStack":{"name":"tcpipStack","type":"\u0007","is_mandatory":true,"title":"TCP/IP stack the VMkernel NIC is bound to. Common values: `defaultTcpipStack`, `vmotion`, `vSphereProvisioning`, `vxlan`.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere ESXi VMkernel NIC","desc":"Examine a VMkernel virtual network interface on an ESXi host — the host's own network endpoint for management, vMotion, vSAN, FT, replication, and other services. Identified by `name` (e.g., `vmk0`). Key fields include `mac`, `mtu`, `dhcp`, `ipv4` and `ipv6` address records, `tcpipStack`, and `services` (the list of managed services this NIC carries, such as `management`, `vmotion`, `vsan`). Binding to a standard port group is via `portGroupName`; binding to a DVS port group is via `portGroupMoid`. Iterate from `vsphere.host.vmknics`.","private":true,"min_provider_version":"9.0.0","defaults":"name portGroupName tcpipStack","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vmnic":{"id":"vsphere.vmnic","name":"vsphere.vmnic","fields":{"details":{"name":"details","type":"\n","title":"Output of `esxcli network nic get` for this device","desc":"Reports driver, advertised auto-negotiation modes, VMDirectPath capability, and virtual address. Lazy-loaded; one ESXCli call per access.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"driver":{"name":"driver","type":"\u0007","is_mandatory":true,"title":"Kernel module name driving this NIC (e.g. \"ixgbe\", \"nvmxnet3\")","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"fullDuplex":{"name":"fullDuplex","type":"\u0004","is_mandatory":true,"title":"Whether the link negotiated full duplex (only meaningful when linkSpeedMb \u003e 0)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"linkSpeedMb":{"name":"linkSpeedMb","type":"\u0005","is_mandatory":true,"title":"Current negotiated link speed in megabits/second; 0 when the link is down","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mac":{"name":"mac","type":"\u0007","is_mandatory":true,"title":"Hardware MAC address","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Device name as ESXi exposes it (e.g. \"vmnic0\", \"vmnic1\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"pauseParams":{"name":"pauseParams","type":"\n","is_mandatory":true,"title":"802.3x (Ethernet flow-control) pause-frame parameters reported by the driver","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Raw output of `esxcli network nic list` for this device, as a dict","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"wakeOnLanSupported":{"name":"wakeOnLanSupported","type":"\u0004","is_mandatory":true,"title":"Whether the NIC's hardware advertises Wake-on-LAN support (capability, not whether WoL is currently enabled on the host)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere ESXi Physical NIC (Uplink)","desc":"Examine a physical NIC on an ESXi host — one entry per pNIC bound to a vSwitch or available for binding. Each adapter is identified by `name` (e.g., `vmnic0`) and exposes `mac`, `linkSpeedMb`, `fullDuplex`, `driver`, and `wakeOnLanSupported`. The `properties` dict holds raw `esxcli network nic list` output; `details` provides additional negotiation and capability data. Iterate from `vsphere.host.adapters`.","private":true,"min_provider_version":"9.0.0","defaults":"name mac linkSpeedMb","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch":{"id":"vsphere.vswitch","fields":{"dvs":{"name":"dvs","type":"\u001bvsphere.vswitch.dvs","title":"vSphere Distributed Virtual Switch","desc":"Examine a vDS managed at the datacenter or cluster level. Unlike standard vSwitches, a distributed virtual switch is shared across all member hosts. Key fields include `moid`, `name`, and `properties` (full raw dict from esxcli). Navigate to `uplinks` to see the physical NICs all member hosts contribute. Iterate from `vsphere.datacenter.distributedSwitches`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"failoverPolicy":{"name":"failoverPolicy","type":"\u001bvsphere.vswitch.failoverPolicy","title":"vSphere vSwitch NIC Teaming and Failover Policy","desc":"Examine the NIC teaming and failover policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. The `policy` field specifies the load-balancing algorithm (loadbalance_ip, loadbalance_srcmac, loadbalance_srcid, loadbalance_loadbased, failover_explicit). `notifySwitches` controls upstream switch notification on failover. `activeNic` and `standbyNic` list uplinks in priority order. Accessed via `failoverPolicySettings` on vSwitch/portgroup.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"portgroup":{"name":"portgroup","type":"\u001bvsphere.vswitch.portgroup","title":"vSphere Distributed Virtual Port Group","desc":"Examine a port group on a distributed virtual switch. DVS port groups are cluster-scoped — one object shared across every host attached to the switch — so they are identified by `moid` rather than by name. Key fields include `name`, `vlanId` (0 = untagged; VLAN trunking and PVLAN configs also report 0 — check `properties` for the full spec), and the typed policy methods `securityPolicySettings`, `failoverPolicySettings`, and `shapingPolicySettings`. Iterate from `vsphere.datacenter.distributedPortGroups`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"securityPolicy":{"name":"securityPolicy","type":"\u001bvsphere.vswitch.securityPolicy","title":"vSphere vSwitch Layer-2 Security Policy","desc":"Examine the layer-2 security policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. The three key audit fields are `allowPromiscuous` (whether a guest NIC can observe traffic destined for other ports), `allowForgedTransmits` (whether the guest may send frames with a different source MAC), and `allowMacChanges` (whether the guest may change its NIC's effective MAC at runtime). CIS hardening benchmarks typically require all three to be false on production port groups. Accessed via `securityPolicySettings` on vSwitch/portgroup.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"shapingPolicy":{"name":"shapingPolicy","type":"\u001bvsphere.vswitch.shapingPolicy","title":"vSphere vSwitch Traffic Shaping Policy","desc":"Examine the traffic shaping policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. When `enabled` is true, `averageBandwidth` and `peakBandwidth` (both in bits per second) and `burstSize` (in bytes) constrain outbound traffic. Accessed via `shapingPolicySettings` on vSwitch/portgroup.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"standard":{"name":"standard","type":"\u001bvsphere.vswitch.standard","title":"vSphere Standard Virtual Switch","desc":"Examine a per-host standard vSwitch on an ESXi host. Unlike a distributed virtual switch, a standard vSwitch is not shared across the cluster. Key fields include `name`, `mtu`, `numPorts`, and `numPortsAvailable`. Security, failover, and shaping policies are available via `securityPolicySettings`, `failoverPolicySettings`, and `shapingPolicySettings`. Navigate to `uplinks` for bound physical NICs and `portGroups` for attached standard port groups. Iterate from `vsphere.host.standardSwitch`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true}},"is_extension":true},"vsphere.vswitch.dvs":{"id":"vsphere.vswitch.dvs","name":"vsphere.vswitch.dvs","fields":{"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"Encoded ManagedObjectReference of the DVS","min_provider_version":"11.0.39","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"DVS name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Raw output of `esxcli network vswitch dvs vmware list` for this DVS, as a dict","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"uplinks":{"name":"uplinks","type":"\u0019\u001bvsphere.vmnic","title":"Physical NICs the host (or all member hosts) contribute as uplinks to this DVS","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Distributed Virtual Switch","desc":"Examine a vDS managed at the datacenter or cluster level. Unlike standard vSwitches, a distributed virtual switch is shared across all member hosts. Key fields include `moid`, `name`, and `properties` (full raw dict from esxcli). Navigate to `uplinks` to see the physical NICs all member hosts contribute. Iterate from `vsphere.datacenter.distributedSwitches`.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.failoverPolicy":{"id":"vsphere.vswitch.failoverPolicy","name":"vsphere.vswitch.failoverPolicy","fields":{"activeNic":{"name":"activeNic","type":"\u0019\u0007","is_mandatory":true,"title":"Active uplink names in priority order","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"checkBeacon":{"name":"checkBeacon","type":"\u0004","is_mandatory":true,"title":"Whether beacon probing is used as a failover detection method","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"notifySwitches":{"name":"notifySwitches","type":"\u0004","is_mandatory":true,"title":"Whether to notify upstream switches when failover happens","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"policy":{"name":"policy","type":"\u0007","is_mandatory":true,"title":"Load-balancing algorithm: loadbalance_ip, loadbalance_srcmac, loadbalance_srcid, loadbalance_loadbased (DVS only), failover_explicit","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"reversePolicy":{"name":"reversePolicy","type":"\u0004","is_mandatory":true,"title":"Whether load-balanced flows are reversed back after a failback (deprecated; system default applies)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"rollingOrder":{"name":"rollingOrder","type":"\u0004","is_mandatory":true,"title":"Whether the rolling-failover ordering is honored (instead of immediate failback)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"standbyNic":{"name":"standbyNic","type":"\u0019\u0007","is_mandatory":true,"title":"Standby uplink names in priority order","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere vSwitch NIC Teaming and Failover Policy","desc":"Examine the NIC teaming and failover policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. The `policy` field specifies the load-balancing algorithm (loadbalance_ip, loadbalance_srcmac, loadbalance_srcid, loadbalance_loadbased, failover_explicit). `notifySwitches` controls upstream switch notification on failover. `activeNic` and `standbyNic` list uplinks in priority order. Accessed via `failoverPolicySettings` on vSwitch/portgroup.","private":true,"min_provider_version":"13.1.1","defaults":"policy notifySwitches","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.portgroup":{"id":"vsphere.vswitch.portgroup","name":"vsphere.vswitch.portgroup","fields":{"failoverPolicySettings":{"name":"failoverPolicySettings","type":"\u001bvsphere.vswitch.failoverPolicy","title":"Uplink teaming / failover policy from the port group's DefaultPortConfig","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"moid":{"name":"moid","type":"\u0007","is_mandatory":true,"title":"Encoded ManagedObjectReference of the distributed port group","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Port group name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Generated dict view of the port-group config","desc":"Covers DefaultPortConfig, policy overrides, etc. Use the typed `*PolicySettings` methods for audit-friendly access.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"securityPolicySettings":{"name":"securityPolicySettings","type":"\u001bvsphere.vswitch.securityPolicy","title":"Layer-2 security policy from the port group's DefaultPortConfig","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"shapingPolicySettings":{"name":"shapingPolicySettings","type":"\u001bvsphere.vswitch.shapingPolicy","title":"Inbound traffic shaping policy from the port group's DefaultPortConfig","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vlanId":{"name":"vlanId","type":"\u0005","is_mandatory":true,"title":"VLAN tag carried on this port group's traffic","desc":"0 means untagged; non-zero is a single tag. For VLAN trunking or PVLAN configurations vlanId is reported as 0 — inspect `properties` for the full VLAN spec.","min_provider_version":"13.0.12","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Distributed Virtual Port Group","desc":"Examine a port group on a distributed virtual switch. DVS port groups are cluster-scoped — one object shared across every host attached to the switch — so they are identified by `moid` rather than by name. Key fields include `name`, `vlanId` (0 = untagged; VLAN trunking and PVLAN configs also report 0 — check `properties` for the full spec), and the typed policy methods `securityPolicySettings`, `failoverPolicySettings`, and `shapingPolicySettings`. Iterate from `vsphere.datacenter.distributedPortGroups`.","private":true,"min_provider_version":"11.0.39","defaults":"name vlanId","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.securityPolicy":{"id":"vsphere.vswitch.securityPolicy","name":"vsphere.vswitch.securityPolicy","fields":{"allowForgedTransmits":{"name":"allowForgedTransmits","type":"\u0004","is_mandatory":true,"title":"Whether the guest may transmit frames with a source MAC different from the one assigned by ESXi","desc":"When false, the host silently drops mismatched frames.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowMacChanges":{"name":"allowMacChanges","type":"\u0004","is_mandatory":true,"title":"Whether the guest may change the effective MAC of its NIC at runtime","desc":"Away from the initial MAC assignment. When false, the host drops frames after a guest-initiated MAC change.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"allowPromiscuous":{"name":"allowPromiscuous","type":"\u0004","is_mandatory":true,"title":"Whether a guest VM on this port can put its NIC in promiscuous mode","desc":"When true, the NIC can observe traffic destined for other ports on the segment. CIS hardening typically requires this be false on production port groups.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere vSwitch Layer-2 Security Policy","desc":"Examine the layer-2 security policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. The three key audit fields are `allowPromiscuous` (whether a guest NIC can observe traffic destined for other ports), `allowForgedTransmits` (whether the guest may send frames with a different source MAC), and `allowMacChanges` (whether the guest may change its NIC's effective MAC at runtime). CIS hardening benchmarks typically require all three to be false on production port groups. Accessed via `securityPolicySettings` on vSwitch/portgroup.","private":true,"min_provider_version":"13.1.1","defaults":"allowPromiscuous allowForgedTransmits allowMacChanges","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.shapingPolicy":{"id":"vsphere.vswitch.shapingPolicy","name":"vsphere.vswitch.shapingPolicy","fields":{"averageBandwidth":{"name":"averageBandwidth","type":"\u0005","is_mandatory":true,"title":"Average bandwidth in bps","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"burstSize":{"name":"burstSize","type":"\u0005","is_mandatory":true,"title":"Burst size in bytes","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether shaping is currently enabled","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"peakBandwidth":{"name":"peakBandwidth","type":"\u0005","is_mandatory":true,"title":"Peak bandwidth in bps","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere vSwitch Traffic Shaping Policy","desc":"Examine the traffic shaping policy applied at a vSwitch or port group level. Applies to both standard vSwitches and DVS port groups. When `enabled` is true, `averageBandwidth` and `peakBandwidth` (both in bits per second) and `burstSize` (in bytes) constrain outbound traffic. Accessed via `shapingPolicySettings` on vSwitch/portgroup.","private":true,"min_provider_version":"13.1.1","defaults":"enabled averageBandwidth peakBandwidth","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.standard":{"id":"vsphere.vswitch.standard","name":"vsphere.vswitch.standard","fields":{"failoverPolicy":{"name":"failoverPolicy","type":"\n","title":"Raw failover policy dict","desc":"Deprecated in favor of `failoverPolicySettings`.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"failoverPolicySettings":{"name":"failoverPolicySettings","type":"\u001bvsphere.vswitch.failoverPolicy","title":"NIC teaming / failover policy applied to traffic on this vSwitch","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"mtu":{"name":"mtu","type":"\u0005","is_mandatory":true,"title":"MTU in bytes for traffic on this vSwitch — typically 1500, or 9000 for jumbo-frame fabrics. 0 when the host doesn't expose it.","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"vSwitch name (unique within the host, e.g. \"vSwitch0\")","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"numPorts":{"name":"numPorts","type":"\u0005","is_mandatory":true,"title":"Total ports configured on the switch (the pre-allocated capacity, not the number currently in use)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"numPortsAvailable":{"name":"numPortsAvailable","type":"\u0005","is_mandatory":true,"title":"Free ports remaining — equal to numPorts minus the ports consumed by attached VMkernel and VM NICs","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portGroups":{"name":"portGroups","type":"\u0019\u001bvsphere.vswitch.standard.portgroup","title":"Port groups attached to this vSwitch","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"portgroup":{"name":"portgroup","type":"\u001bvsphere.vswitch.standard.portgroup","title":"vSphere Standard vSwitch Port Group","desc":"Examine a per-host port group attached to a standard vSwitch (e.g., \"Management Network\", \"VM Network\"). Standard port groups are per-host; the same name on two different hosts represents two distinct objects. Key fields include `name`, `vSwitchName`, and `vlanId` (0 = untagged, 4095 = trunk). Policy methods — `securityPolicySettings`, `failoverPolicySettings`, `shapingPolicySettings` — return the effective merged policy (port-group override applied on top of the parent vSwitch policy). Iterate from `vsphere.vswitch.standard.portGroups`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"properties":{"name":"properties","type":"\n","is_mandatory":true,"title":"Raw output of `esxcli network vswitch standard list` for this switch, as a dict","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"securityPolicy":{"name":"securityPolicy","type":"\n","title":"Raw security policy dict","desc":"Deprecated in favor of `securityPolicySettings`.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"securityPolicySettings":{"name":"securityPolicySettings","type":"\u001bvsphere.vswitch.securityPolicy","title":"Layer-2 security policy applied to traffic on this vSwitch (promiscuous mode, MAC changes, forged transmits)","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"shapingPolicy":{"name":"shapingPolicy","type":"\n","title":"Raw shaping policy dict","desc":"Deprecated in favor of `shapingPolicySettings`.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere","maturity":"deprecated"},"shapingPolicySettings":{"name":"shapingPolicySettings","type":"\u001bvsphere.vswitch.shapingPolicy","title":"Traffic shaping policy applied to outbound traffic on this vSwitch","min_provider_version":"13.1.1","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"uplinks":{"name":"uplinks","type":"\u0019\u001bvsphere.vmnic","title":"Physical NICs currently bound to this vSwitch as uplinks","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Standard Virtual Switch","desc":"Examine a per-host standard vSwitch on an ESXi host. Unlike a distributed virtual switch, a standard vSwitch is not shared across the cluster. Key fields include `name`, `mtu`, `numPorts`, and `numPortsAvailable`. Security, failover, and shaping policies are available via `securityPolicySettings`, `failoverPolicySettings`, and `shapingPolicySettings`. Navigate to `uplinks` for bound physical NICs and `portGroups` for attached standard port groups. Iterate from `vsphere.host.standardSwitch`.","private":true,"min_provider_version":"9.0.0","defaults":"name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vsphere.vswitch.standard.portgroup":{"id":"vsphere.vswitch.standard.portgroup","name":"vsphere.vswitch.standard.portgroup","fields":{"failoverPolicySettings":{"name":"failoverPolicySettings","type":"\u001bvsphere.vswitch.failoverPolicy","title":"Effective NIC teaming / failover policy after merging any port-group override with the parent vSwitch's policy","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Stable identifier built from the host inventory path and the port-group name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Port group name (unique within the host)","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"securityPolicySettings":{"name":"securityPolicySettings","type":"\u001bvsphere.vswitch.securityPolicy","title":"Effective layer-2 security policy after merging any port-group override with the parent vSwitch's policy","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"shapingPolicySettings":{"name":"shapingPolicySettings","type":"\u001bvsphere.vswitch.shapingPolicy","title":"Effective traffic shaping policy after merging any port-group override with the parent vSwitch's policy","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vSwitchName":{"name":"vSwitchName","type":"\u0007","is_mandatory":true,"title":"Name of the parent standard vSwitch this port group is attached to","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vlanId":{"name":"vlanId","type":"\u0005","is_mandatory":true,"title":"VLAN tag carried on this port group's traffic","desc":"0 means untagged (native VLAN); 4095 means VLAN trunking (the port group sees frames for all VLANs); any other value is a single tag.","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Standard vSwitch Port Group","desc":"Examine a per-host port group attached to a standard vSwitch (e.g., \"Management Network\", \"VM Network\"). Standard port groups are per-host; the same name on two different hosts represents two distinct objects. Key fields include `name`, `vSwitchName`, and `vlanId` (0 = untagged, 4095 = trunk). Policy methods — `securityPolicySettings`, `failoverPolicySettings`, `shapingPolicySettings` — return the effective merged policy (port-group override applied on top of the parent vSwitch policy). Iterate from `vsphere.vswitch.standard.portGroups`.","private":true,"min_provider_version":"13.1.1","defaults":"name vlanId vSwitchName","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vuln":{"id":"vuln","fields":{"advisory":{"name":"advisory","type":"\u001bvuln.advisory","title":"Vendor Security Advisory","desc":"Examine a vendor security advisory affecting the connected vSphere asset. Each advisory has an `id`, `title`, `description`, `published` and `modified` timestamps, and a `worstScore` (highest CVSS score across all CVEs covered by the advisory). Iterate from `vulnmgmt.advisories`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"cve":{"name":"cve","type":"\u001bvuln.cve","title":"Common Vulnerabilities and Exposures (CVE) Entry","desc":"Examine a single CVE affecting the connected vSphere asset. Exposes the `id`, `state`, `summary`, `published` and `modified` timestamps, `unscored` flag (whether a CVSS score has been assigned), and `worstScore` (the highest CVSS score across all assigned CVEs for this entry). Iterate from `vulnmgmt.cves`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true},"package":{"name":"package","type":"\u001bvuln.package","title":"Vulnerable Package","desc":"Examine a software package affected by known vulnerabilities on the connected vSphere asset. Exposes `name`, installed `version`, `available` (the version that resolves the vulnerability), and `arch`. Iterate from `vulnmgmt.packages`.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/vsphere","is_implicit_resource":true}},"is_extension":true},"vuln.advisory":{"id":"vuln.advisory","name":"vuln.advisory","fields":{"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the advisory","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Advisory ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"modified":{"name":"modified","type":"\t","is_mandatory":true,"title":"Last modification date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"published":{"name":"published","type":"\t","is_mandatory":true,"title":"Advisory publication date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"title":{"name":"title","type":"\u0007","is_mandatory":true,"title":"Title of the advisory","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"worstScore":{"name":"worstScore","type":"\u001baudit.cvss","is_mandatory":true,"title":"Worst CVSS score of all assigned CVEs","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Vendor Security Advisory","desc":"Examine a vendor security advisory affecting the connected vSphere asset. Each advisory has an `id`, `title`, `description`, `published` and `modified` timestamps, and a `worstScore` (highest CVSS score across all CVEs covered by the advisory). Iterate from `vulnmgmt.advisories`.","private":true,"min_provider_version":"9.1.11","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vuln.cve":{"id":"vuln.cve","name":"vuln.cve","fields":{"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"CVE ID","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"modified":{"name":"modified","type":"\t","is_mandatory":true,"title":"Last modification date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"published":{"name":"published","type":"\t","is_mandatory":true,"title":"Publication date","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"CVE state","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"summary":{"name":"summary","type":"\u0007","is_mandatory":true,"title":"Summary description","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"unscored":{"name":"unscored","type":"\u0004","is_mandatory":true,"title":"Whether the CVE has a CVSS score","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"worstScore":{"name":"worstScore","type":"\u001baudit.cvss","is_mandatory":true,"title":"Worst CVSS score of all assigned CVEs","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Common Vulnerabilities and Exposures (CVE) Entry","desc":"Examine a single CVE affecting the connected vSphere asset. Exposes the `id`, `state`, `summary`, `published` and `modified` timestamps, `unscored` flag (whether a CVSS score has been assigned), and `worstScore` (the highest CVSS score across all assigned CVEs for this entry). Iterate from `vulnmgmt.cves`.","private":true,"min_provider_version":"9.1.11","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vuln.package":{"id":"vuln.package","name":"vuln.package","fields":{"arch":{"name":"arch","type":"\u0007","is_mandatory":true,"title":"Architecture of this package","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"available":{"name":"available","type":"\u0007","is_mandatory":true,"title":"Available package version","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Package name","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Package version","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"Vulnerable Package","desc":"Examine a software package affected by known vulnerabilities on the connected vSphere asset. Exposes `name`, installed `version`, `available` (the version that resolves the vulnerability), and `arch`. Iterate from `vulnmgmt.packages`.","private":true,"min_provider_version":"9.1.11","defaults":"name version","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"vulnmgmt":{"id":"vulnmgmt","name":"vulnmgmt","fields":{"advisories":{"name":"advisories","type":"\u0019\u001bvuln.advisory","title":"List of all Advisories affecting the asset","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"cves":{"name":"cves","type":"\u0019\u001bvuln.cve","title":"List of all CVEs affecting the asset","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"lastAssessment":{"name":"lastAssessment","type":"\t","title":"Last time the vulnerability information was updated","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"packages":{"name":"packages","type":"\u0019\u001bvuln.package","title":"List of all packages affected by vulnerabilities","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"},"stats":{"name":"stats","type":"\u001baudit.cvss","title":"Statistics about the vulnerabilities","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}},"title":"vSphere Vulnerability Information","desc":"Examine vulnerability data for the connected vSphere asset. Exposes `cves`, `advisories`, and `packages` affected by known vulnerabilities, a `lastAssessment` timestamp, and aggregated `stats` (CVSS scoring). Use this resource to audit the patch and vulnerability posture of an ESXi host or vCenter appliance.","min_provider_version":"9.1.11","provider":"go.mondoo.com/cnquery/v9/providers/vsphere"}}}