@pulumi/scm

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * VulnerabilityProtectionProfile resource * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as scm from "@pulumi/scm"; * * const scmVpProfile1Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_1_test", { * folder: "Shared", * name: "vp-profile-1-test", * description: "basic profile", * }); * const scmVpProfile2Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_2_test", { * folder: "Shared", * name: "vp-profile-2-test", * description: "rules: allow, alert, and drop", * rules: [ * { * name: "Rule-Informational-Allow", * action: { * allow: {}, * }, * packetCapture: "extended-capture", * severity: ["informational"], * category: "scan", * cve: ["N/A"], * host: "client", * vendorId: ["Match Any Vendor"], * threatName: "30000", * }, * { * name: "Rule-Medium-Alert", * action: { * alert: {}, * }, * packetCapture: "single-packet", * severity: ["medium"], * category: "info-leak", * cve: ["Match Any CVE"], * host: "server", * vendorId: ["MS08-037"], * threatName: "OpenSSL Threat", * }, * { * name: "Rule-Critical-High-Drop", * action: { * drop: {}, * }, * packetCapture: "disable", * severity: [ * "critical", * "high", * ], * category: "overflow", * cve: ["CVE-2008-1147"], * host: "any", * vendorId: ["Match Any Vendor"], * threatName: "any", * }, * ], * }); * const scmVpProfile3Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_3_test", { * folder: "Shared", * name: "vp-profile-3-test", * description: "rules: reset client, reset server, reset both", * rules: [ * { * name: "Rule-Low-Reset_Client", * action: { * resetClient: {}, * }, * severity: ["low"], * category: "protocol-anomaly", * cve: [ * "CVE-2010-3332", * "CVE-2019-14537", * ], * host: "client", * vendorId: [ * "MSO5-032", * "IZ18434", * ], * threatName: "30261", * }, * { * name: "Rule-Info-Low-Reset_Server", * action: { * resetServer: {}, * }, * packetCapture: "disable", * severity: [ * "informational", * "low", * ], * category: "insecure-credentials", * cve: ["N/A"], * host: "server", * vendorId: ["Match Any Vendor"], * threatName: "Zone Bypass", * }, * { * name: "Rule-Medium-Reset_Both", * action: { * resetBoth: {}, * }, * packetCapture: "single-packet", * severity: ["medium"], * category: "brute-force", * cve: [ * "CVE-2012-0175", * "CVE-2024-6387", * "CVE-2017-14473", * ], * host: "any", * vendorId: [ * "CORE-1009-0227", * "SHIRO-550", * "AST-2012-008", * ], * threatName: "any", * }, * ], * }); * const scmVpProfile4Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_4_test", { * folder: "Shared", * name: "vp-profile-4-test", * description: "rules: block ip", * rules: [ * { * name: "Rule-High-Critical-Block_IP", * action: { * blockIp: { * duration: 3600, * trackBy: "source-and-destination", * }, * }, * severity: [ * "high", * "critical", * ], * category: "insecure-credentials", * cve: ["N/A"], * host: "server", * vendorId: ["Match Any Vendor"], * threatName: "Zone Credentials", * }, * { * name: "Rule-Low-Medium-Block_IP", * action: { * blockIp: { * duration: 2400, * trackBy: "source-and-destination", * }, * }, * severity: [ * "low", * "medium", * ], * category: "command-execution", * cve: ["N/A"], * host: "server", * vendorId: ["Match Any Vendor"], * threatName: "any", * }, * ], * }); * const scmVpProfile5Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_5_test", { * folder: "Shared", * name: "vp-profile-5-test", * description: "override", * threatExceptions: [{ * name: "12345", * action: { * allow: {}, * }, * severity: ["informational"], * category: "command-execution", * exemptIp: [{ * name: "192.14.3.100", * }], * timeAttribute: { * interval: 3600, * threshold: 24000, * trackBy: "source", * }, * }], * }); * const scmVpProfile6Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_6_test", { * folder: "Shared", * name: "vp-profile-6-test", * description: "mixed", * rules: [ * { * name: "Rule-Info-Rest_Both", * action: { * allow: {}, * }, * packetCapture: "disable", * severity: ["informational"], * category: "exploit-kit", * cve: ["N/A"], * host: "client", * vendorId: ["Match Any Vendor"], * threatName: "30000", * }, * { * name: "Rule-Low-Alert", * action: { * alert: {}, * }, * packetCapture: "single-packet", * severity: ["low"], * category: "dos", * cve: ["CVE-2020-8790"], * host: "server", * vendorId: ["MS09-036"], * threatName: "Memory Corruption", * }, * { * name: "Rule-Medium-Drop", * action: { * drop: {}, * }, * packetCapture: "disable", * severity: [ * "medium", * "high", * ], * category: "insecure-credentials", * cve: ["N/A"], * host: "any", * vendorId: ["Match Any Vendor"], * threatName: "any", * }, * ], * threatExceptions: [{ * name: "12345", * action: { * drop: {}, * }, * packetCapture: "single-packet", * host: "any", * category: "scan", * cve: [ * "CVE-2011-2663", * "CVE-2016-9949", * ], * exemptIp: [{ * name: "192.14.3.100", * }], * }], * }); * ``` */ export declare class VulnerabilityProtectionProfile extends pulumi.CustomResource { /** * Get an existing VulnerabilityProtectionProfile resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VulnerabilityProtectionProfileState, opts?: pulumi.CustomResourceOptions): VulnerabilityProtectionProfile; /** * Returns true if the given object is an instance of VulnerabilityProtectionProfile. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is VulnerabilityProtectionProfile; /** * Description */ readonly description: pulumi.Output<string | undefined>; /** * The device in which the resource is defined */ readonly device: pulumi.Output<string | undefined>; /** * The folder in which the resource is defined * * > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`. */ readonly folder: pulumi.Output<string | undefined>; /** * Name */ readonly name: pulumi.Output<string>; /** * Rules */ readonly rules: pulumi.Output<outputs.VulnerabilityProtectionProfileRule[] | undefined>; /** * The snippet in which the resource is defined * * > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`. */ readonly snippet: pulumi.Output<string | undefined>; readonly tfid: pulumi.Output<string>; /** * Threat exception */ readonly threatExceptions: pulumi.Output<outputs.VulnerabilityProtectionProfileThreatException[] | undefined>; /** * Create a VulnerabilityProtectionProfile resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: VulnerabilityProtectionProfileArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering VulnerabilityProtectionProfile resources. */ export interface VulnerabilityProtectionProfileState { /** * Description */ description?: pulumi.Input<string>; /** * The device in which the resource is defined */ device?: pulumi.Input<string>; /** * The folder in which the resource is defined * * > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`. */ folder?: pulumi.Input<string>; /** * Name */ name?: pulumi.Input<string>; /** * Rules */ rules?: pulumi.Input<pulumi.Input<inputs.VulnerabilityProtectionProfileRule>[]>; /** * The snippet in which the resource is defined * * > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`. */ snippet?: pulumi.Input<string>; tfid?: pulumi.Input<string>; /** * Threat exception */ threatExceptions?: pulumi.Input<pulumi.Input<inputs.VulnerabilityProtectionProfileThreatException>[]>; } /** * The set of arguments for constructing a VulnerabilityProtectionProfile resource. */ export interface VulnerabilityProtectionProfileArgs { /** * Description */ description?: pulumi.Input<string>; /** * The device in which the resource is defined */ device?: pulumi.Input<string>; /** * The folder in which the resource is defined * * > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`. */ folder?: pulumi.Input<string>; /** * Name */ name?: pulumi.Input<string>; /** * Rules */ rules?: pulumi.Input<pulumi.Input<inputs.VulnerabilityProtectionProfileRule>[]>; /** * The snippet in which the resource is defined * * > ℹ️ **Note:** You must specify exactly one of `device`, `folder`, and `snippet`. */ snippet?: pulumi.Input<string>; /** * Threat exception */ threatExceptions?: pulumi.Input<pulumi.Input<inputs.VulnerabilityProtectionProfileThreatException>[]>; }