@gtheocrwd/pulumi-crowdstrike
Version:
A Pulumi package for creating and managing Crowdstrike resources. Based on terraform-provider-crowdstrike: version v0.0.5
334 lines (333 loc) • 15.3 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
* This resource allows you to manage CrowdStrike Falcon prevention policies for Linux hosts. Prevention policies allow you to manage what activity will trigger detections and preventions on your hosts.
*
* ## API Scopes
*
* The following API scopes are required:
*
* - Prevention policies | Read & Write
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as crowdstrike from "@gtheocrwd/pulumi-crowdstrike";
*
* const example = new crowdstrike.PreventionPolicyLinux("example", {
* enabled: true,
* description: "Made with Pulumi",
* hostGroups: ["d6e3c1e1b3d0467da0fowc96a5e6ecb5"],
* ioaRuleGroups: ["ed334b3243bc4b6bb8e7d40a2ecd86fa"],
* cloudAntiMalware: {
* detection: "MODERATE",
* prevention: "CAUTIOUS",
* },
* sensorAntiMalware: {
* detection: "MODERATE",
* prevention: "CAUTIOUS",
* },
* quarantine: true,
* customBlocking: true,
* preventSuspiciousProcesses: true,
* scriptBasedExecutionMonitoring: true,
* uploadUnknownExecutables: true,
* uploadUnknownDetectionRelatedExecutables: true,
* driftPrevention: true,
* emailProtocolVisibility: true,
* filesystemVisibility: true,
* ftpVisibility: true,
* httpVisibility: true,
* networkVisibility: true,
* tlsVisibility: true,
* });
* export const preventionPolicyLinux = example;
* ```
*
* ## Import
*
* prevention policy can be imported by specifying the policy id.
*
* ```sh
* $ pulumi import crowdstrike:index/preventionPolicyLinux:PreventionPolicyLinux example 7fb858a949034a0cbca175f660f1e769
* ```
*/
export declare class PreventionPolicyLinux extends pulumi.CustomResource {
/**
* Get an existing PreventionPolicyLinux resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PreventionPolicyLinuxState, opts?: pulumi.CustomResourceOptions): PreventionPolicyLinux;
/**
* Returns true if the given object is an instance of PreventionPolicyLinux. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is PreventionPolicyLinux;
/**
* Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
*/
readonly cloudAntiMalware: pulumi.Output<outputs.PreventionPolicyLinuxCloudAntiMalware>;
/**
* Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
*/
readonly customBlocking: pulumi.Output<boolean>;
/**
* Description of the prevention policy.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
*/
readonly driftPrevention: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
*/
readonly emailProtocolVisibility: pulumi.Output<boolean>;
/**
* Enable the prevention policy.
*/
readonly enabled: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
*/
readonly filesystemVisibility: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
*/
readonly ftpVisibility: pulumi.Output<boolean>;
/**
* Host Group ids to attach to the prevention policy.
*/
readonly hostGroups: pulumi.Output<string[] | undefined>;
/**
* Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
*/
readonly httpVisibility: pulumi.Output<boolean>;
/**
* IOA Rule Group to attach to the prevention policy.
*/
readonly ioaRuleGroups: pulumi.Output<string[] | undefined>;
readonly lastUpdated: pulumi.Output<string>;
/**
* Name of the prevention policy.
*/
readonly name: pulumi.Output<string>;
/**
* Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
*/
readonly networkVisibility: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
*/
readonly preventSuspiciousProcesses: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
*/
readonly quarantine: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
*/
readonly scriptBasedExecutionMonitoring: pulumi.Output<boolean>;
/**
* For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
*/
readonly sensorAntiMalware: pulumi.Output<outputs.PreventionPolicyLinuxSensorAntiMalware>;
/**
* Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
*/
readonly tlsVisibility: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
*/
readonly uploadUnknownDetectionRelatedExecutables: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
*/
readonly uploadUnknownExecutables: pulumi.Output<boolean>;
/**
* Create a PreventionPolicyLinux resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args?: PreventionPolicyLinuxArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering PreventionPolicyLinux resources.
*/
export interface PreventionPolicyLinuxState {
/**
* Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
*/
cloudAntiMalware?: pulumi.Input<inputs.PreventionPolicyLinuxCloudAntiMalware>;
/**
* Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
*/
customBlocking?: pulumi.Input<boolean>;
/**
* Description of the prevention policy.
*/
description?: pulumi.Input<string>;
/**
* Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
*/
driftPrevention?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
*/
emailProtocolVisibility?: pulumi.Input<boolean>;
/**
* Enable the prevention policy.
*/
enabled?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
*/
filesystemVisibility?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
*/
ftpVisibility?: pulumi.Input<boolean>;
/**
* Host Group ids to attach to the prevention policy.
*/
hostGroups?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
*/
httpVisibility?: pulumi.Input<boolean>;
/**
* IOA Rule Group to attach to the prevention policy.
*/
ioaRuleGroups?: pulumi.Input<pulumi.Input<string>[]>;
lastUpdated?: pulumi.Input<string>;
/**
* Name of the prevention policy.
*/
name?: pulumi.Input<string>;
/**
* Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
*/
networkVisibility?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
*/
preventSuspiciousProcesses?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
*/
quarantine?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
*/
scriptBasedExecutionMonitoring?: pulumi.Input<boolean>;
/**
* For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
*/
sensorAntiMalware?: pulumi.Input<inputs.PreventionPolicyLinuxSensorAntiMalware>;
/**
* Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
*/
tlsVisibility?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
*/
uploadUnknownDetectionRelatedExecutables?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
*/
uploadUnknownExecutables?: pulumi.Input<boolean>;
}
/**
* The set of arguments for constructing a PreventionPolicyLinux resource.
*/
export interface PreventionPolicyLinuxArgs {
/**
* Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
*/
cloudAntiMalware?: pulumi.Input<inputs.PreventionPolicyLinuxCloudAntiMalware>;
/**
* Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
*/
customBlocking?: pulumi.Input<boolean>;
/**
* Description of the prevention policy.
*/
description?: pulumi.Input<string>;
/**
* Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
*/
driftPrevention?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
*/
emailProtocolVisibility?: pulumi.Input<boolean>;
/**
* Enable the prevention policy.
*/
enabled?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
*/
filesystemVisibility?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
*/
ftpVisibility?: pulumi.Input<boolean>;
/**
* Host Group ids to attach to the prevention policy.
*/
hostGroups?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
*/
httpVisibility?: pulumi.Input<boolean>;
/**
* IOA Rule Group to attach to the prevention policy.
*/
ioaRuleGroups?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Name of the prevention policy.
*/
name?: pulumi.Input<string>;
/**
* Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
*/
networkVisibility?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
*/
preventSuspiciousProcesses?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
*/
quarantine?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
*/
scriptBasedExecutionMonitoring?: pulumi.Input<boolean>;
/**
* For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
*/
sensorAntiMalware?: pulumi.Input<inputs.PreventionPolicyLinuxSensorAntiMalware>;
/**
* Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
*/
tlsVisibility?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
*/
uploadUnknownDetectionRelatedExecutables?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
*/
uploadUnknownExecutables?: pulumi.Input<boolean>;
}