@gtheocrwd/pulumi-crowdstrike
Version:
A Pulumi package for creating and managing Crowdstrike resources. Based on terraform-provider-crowdstrike: version v0.0.5
405 lines (404 loc) • 19.7 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
* This resource allows you to manage CrowdStrike Falcon prevention policies for Mac hosts. Prevention policies allow you to manage what activity will trigger detections and preventions on your hosts.
*
* ## API Scopes
*
* The following API scopes are required:
*
* - Prevention policies | Read & Write
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as crowdstrike from "@gtheocrwd/pulumi-crowdstrike";
*
* const example = new crowdstrike.PreventionPolicyMac("example", {
* enabled: false,
* description: "Made with Pulumi",
* hostGroups: ["d6e3c1e1b3d0467da0fowc96a5e6ecb5"],
* ioaRuleGroups: ["ed334b3243bc4b6bb8e7d40a2ecd86fa"],
* cloudAdwareAndPup: {
* detection: "MODERATE",
* prevention: "CAUTIOUS",
* },
* cloudAntiMalware: {
* detection: "MODERATE",
* prevention: "CAUTIOUS",
* },
* sensorAntiMalware: {
* detection: "MODERATE",
* prevention: "CAUTIOUS",
* },
* sensorAdwareAndPup: {
* detection: "MODERATE",
* prevention: "CAUTIOUS",
* },
* notifyEndUsers: true,
* customBlocking: true,
* detectOnWrite: true,
* intelligenceSourcedThreats: true,
* preventSuspiciousProcesses: true,
* quarantine: true,
* quarantineOnWrite: true,
* scriptBasedExecutionMonitoring: true,
* sensorTamperingProtection: true,
* uploadUnknownExecutables: true,
* uploadUnknownDetectionRelatedExecutables: true,
* xpcomShell: true,
* kcPasswordDecoded: true,
* hashCollector: true,
* empyreBackdoor: true,
* chopperWebshell: true,
* });
* export const preventionPolicyMac = example;
* ```
*
* ## Import
*
* prevention policy can be imported by specifying the policy id.
*
* ```sh
* $ pulumi import crowdstrike:index/preventionPolicyMac:PreventionPolicyMac example 7fb858a949034a0cbca175f660f1e769
* ```
*/
export declare class PreventionPolicyMac extends pulumi.CustomResource {
/**
* Get an existing PreventionPolicyMac resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PreventionPolicyMacState, opts?: pulumi.CustomResourceOptions): PreventionPolicyMac;
/**
* Returns true if the given object is an instance of PreventionPolicyMac. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is PreventionPolicyMac;
/**
* Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
*/
readonly chopperWebshell: pulumi.Output<boolean>;
/**
* Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
*/
readonly cloudAdwareAndPup: pulumi.Output<outputs.PreventionPolicyMacCloudAdwareAndPup>;
/**
* Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
*/
readonly cloudAntiMalware: pulumi.Output<outputs.PreventionPolicyMacCloudAntiMalware>;
/**
* Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
*/
readonly customBlocking: pulumi.Output<boolean>;
/**
* Description of the prevention policy.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
*/
readonly detectOnWrite: pulumi.Output<boolean>;
/**
* Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
*/
readonly empyreBackdoor: pulumi.Output<boolean>;
/**
* Enable the prevention policy.
*/
readonly enabled: pulumi.Output<boolean>;
/**
* Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
*/
readonly hashCollector: pulumi.Output<boolean>;
/**
* Host Group ids to attach to the prevention policy.
*/
readonly hostGroups: pulumi.Output<string[] | undefined>;
/**
* Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
*/
readonly intelligenceSourcedThreats: pulumi.Output<boolean>;
/**
* IOA Rule Group to attach to the prevention policy.
*/
readonly ioaRuleGroups: pulumi.Output<string[] | undefined>;
/**
* Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
*/
readonly kcPasswordDecoded: pulumi.Output<boolean>;
readonly lastUpdated: pulumi.Output<string>;
/**
* Name of the prevention policy.
*/
readonly name: pulumi.Output<string>;
/**
* Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
*/
readonly notifyEndUsers: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
*/
readonly preventSuspiciousProcesses: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
*/
readonly quarantine: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
*/
readonly quarantineOnWrite: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
*/
readonly scriptBasedExecutionMonitoring: pulumi.Output<boolean>;
/**
* For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
*/
readonly sensorAdwareAndPup: pulumi.Output<outputs.PreventionPolicyMacSensorAdwareAndPup>;
/**
* For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
*/
readonly sensorAntiMalware: pulumi.Output<outputs.PreventionPolicyMacSensorAntiMalware>;
/**
* Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
*/
readonly sensorTamperingProtection: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
*/
readonly uploadUnknownDetectionRelatedExecutables: pulumi.Output<boolean>;
/**
* Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
*/
readonly uploadUnknownExecutables: pulumi.Output<boolean>;
/**
* Whether to enable the setting. The execution of an XPCOM shell was blocked.
*/
readonly xpcomShell: pulumi.Output<boolean>;
/**
* Create a PreventionPolicyMac resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args?: PreventionPolicyMacArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering PreventionPolicyMac resources.
*/
export interface PreventionPolicyMacState {
/**
* Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
*/
chopperWebshell?: pulumi.Input<boolean>;
/**
* Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
*/
cloudAdwareAndPup?: pulumi.Input<inputs.PreventionPolicyMacCloudAdwareAndPup>;
/**
* Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
*/
cloudAntiMalware?: pulumi.Input<inputs.PreventionPolicyMacCloudAntiMalware>;
/**
* Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
*/
customBlocking?: pulumi.Input<boolean>;
/**
* Description of the prevention policy.
*/
description?: pulumi.Input<string>;
/**
* Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
*/
detectOnWrite?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
*/
empyreBackdoor?: pulumi.Input<boolean>;
/**
* Enable the prevention policy.
*/
enabled?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
*/
hashCollector?: pulumi.Input<boolean>;
/**
* Host Group ids to attach to the prevention policy.
*/
hostGroups?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
*/
intelligenceSourcedThreats?: pulumi.Input<boolean>;
/**
* IOA Rule Group to attach to the prevention policy.
*/
ioaRuleGroups?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
*/
kcPasswordDecoded?: pulumi.Input<boolean>;
lastUpdated?: pulumi.Input<string>;
/**
* Name of the prevention policy.
*/
name?: pulumi.Input<string>;
/**
* Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
*/
notifyEndUsers?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
*/
preventSuspiciousProcesses?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
*/
quarantine?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
*/
quarantineOnWrite?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
*/
scriptBasedExecutionMonitoring?: pulumi.Input<boolean>;
/**
* For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
*/
sensorAdwareAndPup?: pulumi.Input<inputs.PreventionPolicyMacSensorAdwareAndPup>;
/**
* For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
*/
sensorAntiMalware?: pulumi.Input<inputs.PreventionPolicyMacSensorAntiMalware>;
/**
* Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
*/
sensorTamperingProtection?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
*/
uploadUnknownDetectionRelatedExecutables?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
*/
uploadUnknownExecutables?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. The execution of an XPCOM shell was blocked.
*/
xpcomShell?: pulumi.Input<boolean>;
}
/**
* The set of arguments for constructing a PreventionPolicyMac resource.
*/
export interface PreventionPolicyMacArgs {
/**
* Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
*/
chopperWebshell?: pulumi.Input<boolean>;
/**
* Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
*/
cloudAdwareAndPup?: pulumi.Input<inputs.PreventionPolicyMacCloudAdwareAndPup>;
/**
* Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
*/
cloudAntiMalware?: pulumi.Input<inputs.PreventionPolicyMacCloudAntiMalware>;
/**
* Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
*/
customBlocking?: pulumi.Input<boolean>;
/**
* Description of the prevention policy.
*/
description?: pulumi.Input<string>;
/**
* Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
*/
detectOnWrite?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
*/
empyreBackdoor?: pulumi.Input<boolean>;
/**
* Enable the prevention policy.
*/
enabled?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
*/
hashCollector?: pulumi.Input<boolean>;
/**
* Host Group ids to attach to the prevention policy.
*/
hostGroups?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
*/
intelligenceSourcedThreats?: pulumi.Input<boolean>;
/**
* IOA Rule Group to attach to the prevention policy.
*/
ioaRuleGroups?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
*/
kcPasswordDecoded?: pulumi.Input<boolean>;
/**
* Name of the prevention policy.
*/
name?: pulumi.Input<string>;
/**
* Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
*/
notifyEndUsers?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
*/
preventSuspiciousProcesses?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
*/
quarantine?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
*/
quarantineOnWrite?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
*/
scriptBasedExecutionMonitoring?: pulumi.Input<boolean>;
/**
* For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
*/
sensorAdwareAndPup?: pulumi.Input<inputs.PreventionPolicyMacSensorAdwareAndPup>;
/**
* For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
*/
sensorAntiMalware?: pulumi.Input<inputs.PreventionPolicyMacSensorAntiMalware>;
/**
* Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
*/
sensorTamperingProtection?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
*/
uploadUnknownDetectionRelatedExecutables?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
*/
uploadUnknownExecutables?: pulumi.Input<boolean>;
/**
* Whether to enable the setting. The execution of an XPCOM shell was blocked.
*/
xpcomShell?: pulumi.Input<boolean>;
}