Skip to main content

Host endpoints

List hosts

GET /api/v1/hosts
Authorization: Bearer <jwt>

Returns an array of host objects with current state information.

Response (200)

[
{
"id": "h_xxx",
"onboarding_mode": "agent",
"approval_status": "approved",
"display_name": "web-01",
"hostname": "web-01.example.com",
"os_family": "rpm",
"os_name": "Rocky Linux",
"os_major": 10,
"os_version": "10.2",
"architecture": "x86_64",
"status": "active",
"overall_action": "none",
"critical_count": 0,
"important_count": 2,
"moderate_count": 5,
"available_updates": 12,
"needs_reboot": 0,
"needs_restart": 0,
"last_seen_at": "2025-01-15T10:00:00Z",
"created_at": "2025-01-01T00:00:00Z"
}
]

Get host details

GET /api/v1/hosts/{hostID}
Authorization: Bearer <jwt>

Get latest snapshot

GET /api/v1/hosts/{hostID}/snapshot
Authorization: Bearer <jwt>

Returns the most recent snapshot for the host, including the raw protobuf payload.

List vulnerable packages

GET /api/v1/hosts/{hostID}/packages/vulnerable
Authorization: Bearer <jwt>

Returns packages on the host that are matched against security advisories, with the advisory details and available fix versions.

List upgradable packages

GET /api/v1/hosts/{hostID}/packages/upgradable
Authorization: Bearer <jwt>

Returns packages with newer versions available in the host's enabled repositories.

Get kernel posture

GET /api/v1/hosts/{hostID}/kernel-posture
Authorization: Bearer <jwt>

Returns information about whether the running kernel matches the latest installed kernel (i.e., whether a reboot is needed to apply a kernel update).

Create SSH host

POST /api/v1/hosts/ssh
Authorization: Bearer <jwt>
Content-Type: application/json

{
"display_name": "db-01",
"hostname": "db-01.example.com",
"ssh_user": "monitor",
"frequency_minutes": 360,
"unique_key_pair": true
}

Response includes the generated public key for installation on the target host.

Create manual host

POST /api/v1/hosts/manual
Authorization: Bearer <jwt>
Content-Type: application/json

{
"display_name": "air-gapped-host",
"hostname": "air-gapped-host"
}

Get collector script

GET /api/v1/hosts/manual/script?os_family=apt
Authorization: Bearer <jwt>

Returns the collector script for the specified OS family (apt or rpm).

Upload manual report

POST /api/v1/hosts/{hostID}/report
Authorization: Bearer <jwt>
Content-Type: text/plain

<report content>

Parses the report, creates a snapshot, and runs advisory matching.

Approve host

POST /api/v1/hosts/{hostID}/approve
Authorization: Bearer <jwt>

Delete host

DELETE /api/v1/hosts/{hostID}
Authorization: Bearer <jwt>

Removes the host and all associated data (snapshots, pull jobs, tokens).

Trigger SSH pull

POST /api/v1/hosts/{hostID}/pull-now
Authorization: Bearer <jwt>

Triggers an immediate SSH pull collection job for the host.

List pull jobs

GET /api/v1/hosts/{hostID}/pull-jobs
Authorization: Bearer <jwt>

Returns the last 10 SSH pull job runs with status, timestamps, and error messages.