UNPKG

@crowdstrike/pulumi

Version:

A Pulumi package for creating and managing CrowdStrike resources. Based on terraform-provider-crowdstrike: version v0.0.4

348 lines (347 loc) 17.9 kB
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * This resource allows you to manage the default prevention policy for Linux hosts. Prevention policies allow you to manage what activity will trigger detections and preventions on your hosts. Destruction of this resource *will not* delete the default prevention policy or remove any configured settings. * * ## API Scopes * * The following API scopes are required: * * - Prevention policies | Read & Write * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as crowdstrike from "@crowdstrike/pulumi"; * * const _default = new crowdstrike.DefaultPreventionPolicyLinux("default", { * description: "managed by terraform", * ioaRuleGroups: [], * cloudAntiMalware: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * sensorAntiMalware: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * quarantine: true, * customBlocking: true, * preventSuspiciousProcesses: true, * scriptBasedExecutionMonitoring: true, * uploadUnknownExecutables: true, * uploadUnknownDetectionRelatedExecutables: true, * driftPrevention: true, * emailProtocolVisibility: true, * filesystemVisibility: true, * ftpVisibility: true, * httpVisibility: true, * networkVisibility: true, * tlsVisibility: true, * sensorTamperingProtection: true, * onWriteScriptFileVisibility: true, * memoryVisibility: true, * extendedCommandLineVisibility: true, * }); * export const defaultPreventionPolicyLinux = _default; * ``` * * ## Import * * The mac default prevention policy can be imported by specifying the id. * * ```sh * $ pulumi import crowdstrike:index/defaultPreventionPolicyLinux:DefaultPreventionPolicyLinux default 7fb858a949034a0cbca175f660f1e769 * ``` */ export declare class DefaultPreventionPolicyLinux extends pulumi.CustomResource { /** * Get an existing DefaultPreventionPolicyLinux resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultPreventionPolicyLinuxState, opts?: pulumi.CustomResourceOptions): DefaultPreventionPolicyLinux; /** * Returns true if the given object is an instance of DefaultPreventionPolicyLinux. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is DefaultPreventionPolicyLinux; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ readonly cloudAntiMalware: pulumi.Output<outputs.DefaultPreventionPolicyLinuxCloudAntiMalware>; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ readonly customBlocking: pulumi.Output<boolean>; /** * Description of the prevention policy. */ readonly description: pulumi.Output<string | undefined>; /** * Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state. */ readonly driftPrevention: pulumi.Output<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections. */ readonly emailProtocolVisibility: pulumi.Output<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode. */ readonly extendedCommandLineVisibility: pulumi.Output<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections. */ readonly filesystemVisibility: pulumi.Output<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections. */ readonly ftpVisibility: pulumi.Output<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections. */ readonly httpVisibility: pulumi.Output<boolean>; /** * IOA Rule Group to attach to the prevention policy. */ readonly ioaRuleGroups: pulumi.Output<string[]>; readonly lastUpdated: pulumi.Output<string>; /** * Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events. */ readonly memoryVisibility: pulumi.Output<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections. */ readonly networkVisibility: pulumi.Output<boolean>; /** * Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content. */ readonly onWriteScriptFileVisibility: pulumi.Output<boolean>; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ readonly preventSuspiciousProcesses: pulumi.Output<boolean>; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ readonly quarantine: pulumi.Output<boolean>; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ readonly scriptBasedExecutionMonitoring: pulumi.Output<boolean>; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ readonly sensorAntiMalware: pulumi.Output<outputs.DefaultPreventionPolicyLinuxSensorAntiMalware>; /** * Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended. */ readonly sensorTamperingProtection: pulumi.Output<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections. */ readonly tlsVisibility: pulumi.Output<boolean>; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ readonly uploadUnknownDetectionRelatedExecutables: pulumi.Output<boolean>; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ readonly uploadUnknownExecutables: pulumi.Output<boolean>; /** * Create a DefaultPreventionPolicyLinux resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: DefaultPreventionPolicyLinuxArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering DefaultPreventionPolicyLinux resources. */ export interface DefaultPreventionPolicyLinuxState { /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ cloudAntiMalware?: pulumi.Input<inputs.DefaultPreventionPolicyLinuxCloudAntiMalware>; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ customBlocking?: pulumi.Input<boolean>; /** * Description of the prevention policy. */ description?: pulumi.Input<string>; /** * Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state. */ driftPrevention?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections. */ emailProtocolVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode. */ extendedCommandLineVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections. */ filesystemVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections. */ ftpVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections. */ httpVisibility?: pulumi.Input<boolean>; /** * IOA Rule Group to attach to the prevention policy. */ ioaRuleGroups?: pulumi.Input<pulumi.Input<string>[]>; lastUpdated?: pulumi.Input<string>; /** * Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events. */ memoryVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections. */ networkVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content. */ onWriteScriptFileVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ preventSuspiciousProcesses?: pulumi.Input<boolean>; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ quarantine?: pulumi.Input<boolean>; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ scriptBasedExecutionMonitoring?: pulumi.Input<boolean>; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ sensorAntiMalware?: pulumi.Input<inputs.DefaultPreventionPolicyLinuxSensorAntiMalware>; /** * Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended. */ sensorTamperingProtection?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections. */ tlsVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ uploadUnknownDetectionRelatedExecutables?: pulumi.Input<boolean>; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ uploadUnknownExecutables?: pulumi.Input<boolean>; } /** * The set of arguments for constructing a DefaultPreventionPolicyLinux resource. */ export interface DefaultPreventionPolicyLinuxArgs { /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ cloudAntiMalware?: pulumi.Input<inputs.DefaultPreventionPolicyLinuxCloudAntiMalware>; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ customBlocking?: pulumi.Input<boolean>; /** * Description of the prevention policy. */ description?: pulumi.Input<string>; /** * Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state. */ driftPrevention?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections. */ emailProtocolVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode. */ extendedCommandLineVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections. */ filesystemVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections. */ ftpVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections. */ httpVisibility?: pulumi.Input<boolean>; /** * IOA Rule Group to attach to the prevention policy. */ ioaRuleGroups: pulumi.Input<pulumi.Input<string>[]>; /** * Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events. */ memoryVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections. */ networkVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content. */ onWriteScriptFileVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ preventSuspiciousProcesses?: pulumi.Input<boolean>; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ quarantine?: pulumi.Input<boolean>; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ scriptBasedExecutionMonitoring?: pulumi.Input<boolean>; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ sensorAntiMalware?: pulumi.Input<inputs.DefaultPreventionPolicyLinuxSensorAntiMalware>; /** * Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended. */ sensorTamperingProtection?: pulumi.Input<boolean>; /** * Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections. */ tlsVisibility?: pulumi.Input<boolean>; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ uploadUnknownDetectionRelatedExecutables?: pulumi.Input<boolean>; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ uploadUnknownExecutables?: pulumi.Input<boolean>; }