import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * This resource allows you to manage CrowdStrike Falcon prevention policies for Linux hosts. Prevention policies allow you to manage what activity will trigger detections and preventions on your hosts. * * ## API Scopes * * The following API scopes are required: * * - Prevention policies | Read & Write * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as crowdstrike from "@gtheocrwd/pulumi-crowdstrike"; * * const example = new crowdstrike.PreventionPolicyLinux("example", { * enabled: true, * description: "Made with Pulumi", * hostGroups: ["d6e3c1e1b3d0467da0fowc96a5e6ecb5"], * ioaRuleGroups: ["ed334b3243bc4b6bb8e7d40a2ecd86fa"], * cloudAntiMalware: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * sensorAntiMalware: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * quarantine: true, * customBlocking: true, * preventSuspiciousProcesses: true, * scriptBasedExecutionMonitoring: true, * uploadUnknownExecutables: true, * uploadUnknownDetectionRelatedExecutables: true, * driftPrevention: true, * emailProtocolVisibility: true, * filesystemVisibility: true, * ftpVisibility: true, * httpVisibility: true, * networkVisibility: true, * tlsVisibility: true, * }); * export const preventionPolicyLinux = example; * ``` * * ## Import * * prevention policy can be imported by specifying the policy id. * * ```sh * $ pulumi import crowdstrike:index/preventionPolicyLinux:PreventionPolicyLinux example 7fb858a949034a0cbca175f660f1e769 * ``` */ export declare class PreventionPolicyLinux extends pulumi.CustomResource { /** * Get an existing PreventionPolicyLinux resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: PreventionPolicyLinuxState, opts?: pulumi.CustomResourceOptions): PreventionPolicyLinux; /** * Returns true if the given object is an instance of PreventionPolicyLinux. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is PreventionPolicyLinux; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ readonly cloudAntiMalware: pulumi.Output; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ readonly customBlocking: pulumi.Output; /** * Description of the prevention policy. */ readonly description: pulumi.Output; /** * Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state. */ readonly driftPrevention: pulumi.Output; /** * Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections. */ readonly emailProtocolVisibility: pulumi.Output; /** * Enable the prevention policy. */ readonly enabled: pulumi.Output; /** * Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections. */ readonly filesystemVisibility: pulumi.Output; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections. */ readonly ftpVisibility: pulumi.Output; /** * Host Group ids to attach to the prevention policy. */ readonly hostGroups: pulumi.Output; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections. */ readonly httpVisibility: pulumi.Output; /** * IOA Rule Group to attach to the prevention policy. */ readonly ioaRuleGroups: pulumi.Output; readonly lastUpdated: pulumi.Output; /** * Name of the prevention policy. */ readonly name: pulumi.Output; /** * Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections. */ readonly networkVisibility: pulumi.Output; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ readonly preventSuspiciousProcesses: pulumi.Output; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ readonly quarantine: pulumi.Output; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ readonly scriptBasedExecutionMonitoring: pulumi.Output; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ readonly sensorAntiMalware: pulumi.Output; /** * Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections. */ readonly tlsVisibility: pulumi.Output; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ readonly uploadUnknownDetectionRelatedExecutables: pulumi.Output; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ readonly uploadUnknownExecutables: pulumi.Output; /** * Create a PreventionPolicyLinux resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: PreventionPolicyLinuxArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering PreventionPolicyLinux resources. */ export interface PreventionPolicyLinuxState { /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ cloudAntiMalware?: pulumi.Input; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ customBlocking?: pulumi.Input; /** * Description of the prevention policy. */ description?: pulumi.Input; /** * Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state. */ driftPrevention?: pulumi.Input; /** * Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections. */ emailProtocolVisibility?: pulumi.Input; /** * Enable the prevention policy. */ enabled?: pulumi.Input; /** * Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections. */ filesystemVisibility?: pulumi.Input; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections. */ ftpVisibility?: pulumi.Input; /** * Host Group ids to attach to the prevention policy. */ hostGroups?: pulumi.Input[]>; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections. */ httpVisibility?: pulumi.Input; /** * IOA Rule Group to attach to the prevention policy. */ ioaRuleGroups?: pulumi.Input[]>; lastUpdated?: pulumi.Input; /** * Name of the prevention policy. */ name?: pulumi.Input; /** * Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections. */ networkVisibility?: pulumi.Input; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ preventSuspiciousProcesses?: pulumi.Input; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ quarantine?: pulumi.Input; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ scriptBasedExecutionMonitoring?: pulumi.Input; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ sensorAntiMalware?: pulumi.Input; /** * Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections. */ tlsVisibility?: pulumi.Input; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ uploadUnknownDetectionRelatedExecutables?: pulumi.Input; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ uploadUnknownExecutables?: pulumi.Input; } /** * The set of arguments for constructing a PreventionPolicyLinux resource. */ export interface PreventionPolicyLinuxArgs { /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ cloudAntiMalware?: pulumi.Input; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ customBlocking?: pulumi.Input; /** * Description of the prevention policy. */ description?: pulumi.Input; /** * Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state. */ driftPrevention?: pulumi.Input; /** * Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections. */ emailProtocolVisibility?: pulumi.Input; /** * Enable the prevention policy. */ enabled?: pulumi.Input; /** * Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections. */ filesystemVisibility?: pulumi.Input; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections. */ ftpVisibility?: pulumi.Input; /** * Host Group ids to attach to the prevention policy. */ hostGroups?: pulumi.Input[]>; /** * Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections. */ httpVisibility?: pulumi.Input; /** * IOA Rule Group to attach to the prevention policy. */ ioaRuleGroups?: pulumi.Input[]>; /** * Name of the prevention policy. */ name?: pulumi.Input; /** * Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections. */ networkVisibility?: pulumi.Input; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ preventSuspiciousProcesses?: pulumi.Input; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ quarantine?: pulumi.Input; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ scriptBasedExecutionMonitoring?: pulumi.Input; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ sensorAntiMalware?: pulumi.Input; /** * Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections. */ tlsVisibility?: pulumi.Input; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ uploadUnknownDetectionRelatedExecutables?: pulumi.Input; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ uploadUnknownExecutables?: pulumi.Input; }