UNPKG

@crowdstrike/pulumi

Version:

A Pulumi package for creating and managing CrowdStrike resources. Based on terraform-provider-crowdstrike: version v0.0.4

367 lines (366 loc) 19 kB
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * This resource allows you to manage the default prevention policy for Mac hosts. Prevention policies allow you to manage what activity will trigger detections and preventions on your hosts. Destruction of this resource *will not* delete the default prevention policy or remove any configured settings. * * ## API Scopes * * The following API scopes are required: * * - Prevention policies | Read & Write * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as crowdstrike from "@crowdstrike/pulumi"; * * const _default = new crowdstrike.DefaultPreventionPolicyMac("default", { * description: "managed by terraform", * ioaRuleGroups: [], * cloudAdwareAndPup: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * cloudAntiMalware: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * sensorAntiMalware: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * sensorAdwareAndPup: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * notifyEndUsers: true, * customBlocking: true, * detectOnWrite: true, * intelligenceSourcedThreats: true, * preventSuspiciousProcesses: true, * quarantine: true, * quarantineOnWrite: true, * scriptBasedExecutionMonitoring: true, * sensorTamperingProtection: true, * uploadUnknownExecutables: true, * uploadUnknownDetectionRelatedExecutables: true, * xpcomShell: true, * kcPasswordDecoded: true, * hashCollector: true, * empyreBackdoor: true, * chopperWebshell: true, * }); * export const defaultPreventionPolicyMac = _default; * ``` * * ## Import * * The windows default prevention policy can be imported by specifying the id. * * ```sh * $ pulumi import crowdstrike:index/defaultPreventionPolicyMac:DefaultPreventionPolicyMac default 7fb858a949034a0cbca175f660f1e769 * ``` */ export declare class DefaultPreventionPolicyMac extends pulumi.CustomResource { /** * Get an existing DefaultPreventionPolicyMac resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultPreventionPolicyMacState, opts?: pulumi.CustomResourceOptions): DefaultPreventionPolicyMac; /** * Returns true if the given object is an instance of DefaultPreventionPolicyMac. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is DefaultPreventionPolicyMac; /** * Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page. */ readonly chopperWebshell: pulumi.Output<boolean>; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts. */ readonly cloudAdwareAndPup: pulumi.Output<outputs.DefaultPreventionPolicyMacCloudAdwareAndPup>; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ readonly cloudAntiMalware: pulumi.Output<outputs.DefaultPreventionPolicyMacCloudAntiMalware>; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ readonly customBlocking: pulumi.Output<boolean>; /** * Description of the prevention policy. */ readonly description: pulumi.Output<string | undefined>; /** * Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning. */ readonly detectOnWrite: pulumi.Output<boolean>; /** * Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated. */ readonly empyreBackdoor: pulumi.Output<boolean>; /** * Whether to enable the setting. An attempt to dump a user’s hashed password was blocked. */ readonly hashCollector: pulumi.Output<boolean>; /** * Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs. */ readonly intelligenceSourcedThreats: pulumi.Output<boolean>; /** * IOA Rule Group to attach to the prevention policy. */ readonly ioaRuleGroups: pulumi.Output<string[]>; /** * Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked. */ readonly kcPasswordDecoded: pulumi.Output<boolean>; readonly lastUpdated: pulumi.Output<string>; /** * Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications. */ readonly notifyEndUsers: pulumi.Output<boolean>; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ readonly preventSuspiciousProcesses: pulumi.Output<boolean>; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ readonly quarantine: pulumi.Output<boolean>; /** * Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning. */ readonly quarantineOnWrite: pulumi.Output<boolean>; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ readonly scriptBasedExecutionMonitoring: pulumi.Output<boolean>; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP). */ readonly sensorAdwareAndPup: pulumi.Output<outputs.DefaultPreventionPolicyMacSensorAdwareAndPup>; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ readonly sensorAntiMalware: pulumi.Output<outputs.DefaultPreventionPolicyMacSensorAntiMalware>; /** * Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended. */ readonly sensorTamperingProtection: pulumi.Output<boolean>; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ readonly uploadUnknownDetectionRelatedExecutables: pulumi.Output<boolean>; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ readonly uploadUnknownExecutables: pulumi.Output<boolean>; /** * Whether to enable the setting. The execution of an XPCOM shell was blocked. */ readonly xpcomShell: pulumi.Output<boolean>; /** * Create a DefaultPreventionPolicyMac resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: DefaultPreventionPolicyMacArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering DefaultPreventionPolicyMac resources. */ export interface DefaultPreventionPolicyMacState { /** * Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page. */ chopperWebshell?: pulumi.Input<boolean>; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts. */ cloudAdwareAndPup?: pulumi.Input<inputs.DefaultPreventionPolicyMacCloudAdwareAndPup>; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ cloudAntiMalware?: pulumi.Input<inputs.DefaultPreventionPolicyMacCloudAntiMalware>; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ customBlocking?: pulumi.Input<boolean>; /** * Description of the prevention policy. */ description?: pulumi.Input<string>; /** * Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning. */ detectOnWrite?: pulumi.Input<boolean>; /** * Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated. */ empyreBackdoor?: pulumi.Input<boolean>; /** * Whether to enable the setting. An attempt to dump a user’s hashed password was blocked. */ hashCollector?: pulumi.Input<boolean>; /** * Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs. */ intelligenceSourcedThreats?: pulumi.Input<boolean>; /** * IOA Rule Group to attach to the prevention policy. */ ioaRuleGroups?: pulumi.Input<pulumi.Input<string>[]>; /** * Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked. */ kcPasswordDecoded?: pulumi.Input<boolean>; lastUpdated?: pulumi.Input<string>; /** * Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications. */ notifyEndUsers?: pulumi.Input<boolean>; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ preventSuspiciousProcesses?: pulumi.Input<boolean>; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ quarantine?: pulumi.Input<boolean>; /** * Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning. */ quarantineOnWrite?: pulumi.Input<boolean>; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ scriptBasedExecutionMonitoring?: pulumi.Input<boolean>; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP). */ sensorAdwareAndPup?: pulumi.Input<inputs.DefaultPreventionPolicyMacSensorAdwareAndPup>; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ sensorAntiMalware?: pulumi.Input<inputs.DefaultPreventionPolicyMacSensorAntiMalware>; /** * Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended. */ sensorTamperingProtection?: pulumi.Input<boolean>; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ uploadUnknownDetectionRelatedExecutables?: pulumi.Input<boolean>; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ uploadUnknownExecutables?: pulumi.Input<boolean>; /** * Whether to enable the setting. The execution of an XPCOM shell was blocked. */ xpcomShell?: pulumi.Input<boolean>; } /** * The set of arguments for constructing a DefaultPreventionPolicyMac resource. */ export interface DefaultPreventionPolicyMacArgs { /** * Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page. */ chopperWebshell?: pulumi.Input<boolean>; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts. */ cloudAdwareAndPup?: pulumi.Input<inputs.DefaultPreventionPolicyMacCloudAdwareAndPup>; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ cloudAntiMalware?: pulumi.Input<inputs.DefaultPreventionPolicyMacCloudAntiMalware>; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ customBlocking?: pulumi.Input<boolean>; /** * Description of the prevention policy. */ description?: pulumi.Input<string>; /** * Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning. */ detectOnWrite?: pulumi.Input<boolean>; /** * Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated. */ empyreBackdoor?: pulumi.Input<boolean>; /** * Whether to enable the setting. An attempt to dump a user’s hashed password was blocked. */ hashCollector?: pulumi.Input<boolean>; /** * Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs. */ intelligenceSourcedThreats?: pulumi.Input<boolean>; /** * IOA Rule Group to attach to the prevention policy. */ ioaRuleGroups: pulumi.Input<pulumi.Input<string>[]>; /** * Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked. */ kcPasswordDecoded?: pulumi.Input<boolean>; /** * Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications. */ notifyEndUsers?: pulumi.Input<boolean>; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ preventSuspiciousProcesses?: pulumi.Input<boolean>; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ quarantine?: pulumi.Input<boolean>; /** * Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning. */ quarantineOnWrite?: pulumi.Input<boolean>; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ scriptBasedExecutionMonitoring?: pulumi.Input<boolean>; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP). */ sensorAdwareAndPup?: pulumi.Input<inputs.DefaultPreventionPolicyMacSensorAdwareAndPup>; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ sensorAntiMalware?: pulumi.Input<inputs.DefaultPreventionPolicyMacSensorAntiMalware>; /** * Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended. */ sensorTamperingProtection?: pulumi.Input<boolean>; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ uploadUnknownDetectionRelatedExecutables?: pulumi.Input<boolean>; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ uploadUnknownExecutables?: pulumi.Input<boolean>; /** * Whether to enable the setting. The execution of an XPCOM shell was blocked. */ xpcomShell?: pulumi.Input<boolean>; }