@pulumi/scm
Version:
A Pulumi package for managing resources on Strata Cloud Manager.. Based on terraform-provider-scm: version v0.2.1
319 lines • 10.8 kB
JavaScript
"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.VulnerabilityProtectionProfile = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("./utilities");
/**
* VulnerabilityProtectionProfile resource
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as scm from "@pulumi/scm";
*
* const scmVpProfile1Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_1_test", {
* folder: "Shared",
* name: "vp-profile-1-test",
* description: "basic profile",
* });
* const scmVpProfile2Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_2_test", {
* folder: "Shared",
* name: "vp-profile-2-test",
* description: "rules: allow, alert, and drop",
* rules: [
* {
* name: "Rule-Informational-Allow",
* action: {
* allow: {},
* },
* packetCapture: "extended-capture",
* severity: ["informational"],
* category: "scan",
* cve: ["N/A"],
* host: "client",
* vendorId: ["Match Any Vendor"],
* threatName: "30000",
* },
* {
* name: "Rule-Medium-Alert",
* action: {
* alert: {},
* },
* packetCapture: "single-packet",
* severity: ["medium"],
* category: "info-leak",
* cve: ["Match Any CVE"],
* host: "server",
* vendorId: ["MS08-037"],
* threatName: "OpenSSL Threat",
* },
* {
* name: "Rule-Critical-High-Drop",
* action: {
* drop: {},
* },
* packetCapture: "disable",
* severity: [
* "critical",
* "high",
* ],
* category: "overflow",
* cve: ["CVE-2008-1147"],
* host: "any",
* vendorId: ["Match Any Vendor"],
* threatName: "any",
* },
* ],
* });
* const scmVpProfile3Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_3_test", {
* folder: "Shared",
* name: "vp-profile-3-test",
* description: "rules: reset client, reset server, reset both",
* rules: [
* {
* name: "Rule-Low-Reset_Client",
* action: {
* resetClient: {},
* },
* severity: ["low"],
* category: "protocol-anomaly",
* cve: [
* "CVE-2010-3332",
* "CVE-2019-14537",
* ],
* host: "client",
* vendorId: [
* "MSO5-032",
* "IZ18434",
* ],
* threatName: "30261",
* },
* {
* name: "Rule-Info-Low-Reset_Server",
* action: {
* resetServer: {},
* },
* packetCapture: "disable",
* severity: [
* "informational",
* "low",
* ],
* category: "insecure-credentials",
* cve: ["N/A"],
* host: "server",
* vendorId: ["Match Any Vendor"],
* threatName: "Zone Bypass",
* },
* {
* name: "Rule-Medium-Reset_Both",
* action: {
* resetBoth: {},
* },
* packetCapture: "single-packet",
* severity: ["medium"],
* category: "brute-force",
* cve: [
* "CVE-2012-0175",
* "CVE-2024-6387",
* "CVE-2017-14473",
* ],
* host: "any",
* vendorId: [
* "CORE-1009-0227",
* "SHIRO-550",
* "AST-2012-008",
* ],
* threatName: "any",
* },
* ],
* });
* const scmVpProfile4Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_4_test", {
* folder: "Shared",
* name: "vp-profile-4-test",
* description: "rules: block ip",
* rules: [
* {
* name: "Rule-High-Critical-Block_IP",
* action: {
* blockIp: {
* duration: 3600,
* trackBy: "source-and-destination",
* },
* },
* severity: [
* "high",
* "critical",
* ],
* category: "insecure-credentials",
* cve: ["N/A"],
* host: "server",
* vendorId: ["Match Any Vendor"],
* threatName: "Zone Credentials",
* },
* {
* name: "Rule-Low-Medium-Block_IP",
* action: {
* blockIp: {
* duration: 2400,
* trackBy: "source-and-destination",
* },
* },
* severity: [
* "low",
* "medium",
* ],
* category: "command-execution",
* cve: ["N/A"],
* host: "server",
* vendorId: ["Match Any Vendor"],
* threatName: "any",
* },
* ],
* });
* const scmVpProfile5Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_5_test", {
* folder: "Shared",
* name: "vp-profile-5-test",
* description: "override",
* threatExceptions: [{
* name: "12345",
* action: {
* allow: {},
* },
* severity: ["informational"],
* category: "command-execution",
* exemptIp: [{
* name: "192.14.3.100",
* }],
* timeAttribute: {
* interval: 3600,
* threshold: 24000,
* trackBy: "source",
* },
* }],
* });
* const scmVpProfile6Test = new scm.VulnerabilityProtectionProfile("scm_vp_profile_6_test", {
* folder: "Shared",
* name: "vp-profile-6-test",
* description: "mixed",
* rules: [
* {
* name: "Rule-Info-Rest_Both",
* action: {
* allow: {},
* },
* packetCapture: "disable",
* severity: ["informational"],
* category: "exploit-kit",
* cve: ["N/A"],
* host: "client",
* vendorId: ["Match Any Vendor"],
* threatName: "30000",
* },
* {
* name: "Rule-Low-Alert",
* action: {
* alert: {},
* },
* packetCapture: "single-packet",
* severity: ["low"],
* category: "dos",
* cve: ["CVE-2020-8790"],
* host: "server",
* vendorId: ["MS09-036"],
* threatName: "Memory Corruption",
* },
* {
* name: "Rule-Medium-Drop",
* action: {
* drop: {},
* },
* packetCapture: "disable",
* severity: [
* "medium",
* "high",
* ],
* category: "insecure-credentials",
* cve: ["N/A"],
* host: "any",
* vendorId: ["Match Any Vendor"],
* threatName: "any",
* },
* ],
* threatExceptions: [{
* name: "12345",
* action: {
* drop: {},
* },
* packetCapture: "single-packet",
* host: "any",
* category: "scan",
* cve: [
* "CVE-2011-2663",
* "CVE-2016-9949",
* ],
* exemptIp: [{
* name: "192.14.3.100",
* }],
* }],
* });
* ```
*/
class VulnerabilityProtectionProfile extends pulumi.CustomResource {
/**
* Get an existing VulnerabilityProtectionProfile resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new VulnerabilityProtectionProfile(name, state, { ...opts, id: id });
}
/**
* Returns true if the given object is an instance of VulnerabilityProtectionProfile. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === VulnerabilityProtectionProfile.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["description"] = state?.description;
resourceInputs["device"] = state?.device;
resourceInputs["folder"] = state?.folder;
resourceInputs["name"] = state?.name;
resourceInputs["rules"] = state?.rules;
resourceInputs["snippet"] = state?.snippet;
resourceInputs["tfid"] = state?.tfid;
resourceInputs["threatExceptions"] = state?.threatExceptions;
}
else {
const args = argsOrState;
resourceInputs["description"] = args?.description;
resourceInputs["device"] = args?.device;
resourceInputs["folder"] = args?.folder;
resourceInputs["name"] = args?.name;
resourceInputs["rules"] = args?.rules;
resourceInputs["snippet"] = args?.snippet;
resourceInputs["threatExceptions"] = args?.threatExceptions;
resourceInputs["tfid"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(VulnerabilityProtectionProfile.__pulumiType, name, resourceInputs, opts);
}
}
exports.VulnerabilityProtectionProfile = VulnerabilityProtectionProfile;
/** @internal */
VulnerabilityProtectionProfile.__pulumiType = 'scm:index/vulnerabilityProtectionProfile:VulnerabilityProtectionProfile';
//# sourceMappingURL=vulnerabilityProtectionProfile.js.map