import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * This resource allows you to manage CrowdStrike Falcon prevention policies for Mac hosts. Prevention policies allow you to manage what activity will trigger detections and preventions on your hosts. * * ## API Scopes * * The following API scopes are required: * * - Prevention policies | Read & Write * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as crowdstrike from "@gtheocrwd/pulumi-crowdstrike"; * * const example = new crowdstrike.PreventionPolicyMac("example", { * enabled: false, * description: "Made with Pulumi", * hostGroups: ["d6e3c1e1b3d0467da0fowc96a5e6ecb5"], * ioaRuleGroups: ["ed334b3243bc4b6bb8e7d40a2ecd86fa"], * cloudAdwareAndPup: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * cloudAntiMalware: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * sensorAntiMalware: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * sensorAdwareAndPup: { * detection: "MODERATE", * prevention: "CAUTIOUS", * }, * notifyEndUsers: true, * customBlocking: true, * detectOnWrite: true, * intelligenceSourcedThreats: true, * preventSuspiciousProcesses: true, * quarantine: true, * quarantineOnWrite: true, * scriptBasedExecutionMonitoring: true, * sensorTamperingProtection: true, * uploadUnknownExecutables: true, * uploadUnknownDetectionRelatedExecutables: true, * xpcomShell: true, * kcPasswordDecoded: true, * hashCollector: true, * empyreBackdoor: true, * chopperWebshell: true, * }); * export const preventionPolicyMac = example; * ``` * * ## Import * * prevention policy can be imported by specifying the policy id. * * ```sh * $ pulumi import crowdstrike:index/preventionPolicyMac:PreventionPolicyMac example 7fb858a949034a0cbca175f660f1e769 * ``` */ export declare class PreventionPolicyMac extends pulumi.CustomResource { /** * Get an existing PreventionPolicyMac resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: PreventionPolicyMacState, opts?: pulumi.CustomResourceOptions): PreventionPolicyMac; /** * Returns true if the given object is an instance of PreventionPolicyMac. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is PreventionPolicyMac; /** * Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page. */ readonly chopperWebshell: pulumi.Output; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts. */ readonly cloudAdwareAndPup: pulumi.Output; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ readonly cloudAntiMalware: pulumi.Output; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ readonly customBlocking: pulumi.Output; /** * Description of the prevention policy. */ readonly description: pulumi.Output; /** * Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning. */ readonly detectOnWrite: pulumi.Output; /** * Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated. */ readonly empyreBackdoor: pulumi.Output; /** * Enable the prevention policy. */ readonly enabled: pulumi.Output; /** * Whether to enable the setting. An attempt to dump a user’s hashed password was blocked. */ readonly hashCollector: pulumi.Output; /** * Host Group ids to attach to the prevention policy. */ readonly hostGroups: pulumi.Output; /** * Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs. */ readonly intelligenceSourcedThreats: pulumi.Output; /** * IOA Rule Group to attach to the prevention policy. */ readonly ioaRuleGroups: pulumi.Output; /** * Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked. */ readonly kcPasswordDecoded: pulumi.Output; readonly lastUpdated: pulumi.Output; /** * Name of the prevention policy. */ readonly name: pulumi.Output; /** * Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications. */ readonly notifyEndUsers: pulumi.Output; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ readonly preventSuspiciousProcesses: pulumi.Output; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ readonly quarantine: pulumi.Output; /** * Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning. */ readonly quarantineOnWrite: pulumi.Output; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ readonly scriptBasedExecutionMonitoring: pulumi.Output; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP). */ readonly sensorAdwareAndPup: pulumi.Output; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ readonly sensorAntiMalware: pulumi.Output; /** * Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended. */ readonly sensorTamperingProtection: pulumi.Output; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ readonly uploadUnknownDetectionRelatedExecutables: pulumi.Output; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ readonly uploadUnknownExecutables: pulumi.Output; /** * Whether to enable the setting. The execution of an XPCOM shell was blocked. */ readonly xpcomShell: pulumi.Output; /** * Create a PreventionPolicyMac resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: PreventionPolicyMacArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering PreventionPolicyMac resources. */ export interface PreventionPolicyMacState { /** * Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page. */ chopperWebshell?: pulumi.Input; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts. */ cloudAdwareAndPup?: pulumi.Input; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ cloudAntiMalware?: pulumi.Input; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ customBlocking?: pulumi.Input; /** * Description of the prevention policy. */ description?: pulumi.Input; /** * Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning. */ detectOnWrite?: pulumi.Input; /** * Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated. */ empyreBackdoor?: pulumi.Input; /** * Enable the prevention policy. */ enabled?: pulumi.Input; /** * Whether to enable the setting. An attempt to dump a user’s hashed password was blocked. */ hashCollector?: pulumi.Input; /** * Host Group ids to attach to the prevention policy. */ hostGroups?: pulumi.Input[]>; /** * Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs. */ intelligenceSourcedThreats?: pulumi.Input; /** * IOA Rule Group to attach to the prevention policy. */ ioaRuleGroups?: pulumi.Input[]>; /** * Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked. */ kcPasswordDecoded?: pulumi.Input; lastUpdated?: pulumi.Input; /** * Name of the prevention policy. */ name?: pulumi.Input; /** * Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications. */ notifyEndUsers?: pulumi.Input; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ preventSuspiciousProcesses?: pulumi.Input; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ quarantine?: pulumi.Input; /** * Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning. */ quarantineOnWrite?: pulumi.Input; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ scriptBasedExecutionMonitoring?: pulumi.Input; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP). */ sensorAdwareAndPup?: pulumi.Input; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ sensorAntiMalware?: pulumi.Input; /** * Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended. */ sensorTamperingProtection?: pulumi.Input; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ uploadUnknownDetectionRelatedExecutables?: pulumi.Input; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ uploadUnknownExecutables?: pulumi.Input; /** * Whether to enable the setting. The execution of an XPCOM shell was blocked. */ xpcomShell?: pulumi.Input; } /** * The set of arguments for constructing a PreventionPolicyMac resource. */ export interface PreventionPolicyMacArgs { /** * Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page. */ chopperWebshell?: pulumi.Input; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts. */ cloudAdwareAndPup?: pulumi.Input; /** * Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts. */ cloudAntiMalware?: pulumi.Input; /** * Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection". */ customBlocking?: pulumi.Input; /** * Description of the prevention policy. */ description?: pulumi.Input; /** * Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning. */ detectOnWrite?: pulumi.Input; /** * Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated. */ empyreBackdoor?: pulumi.Input; /** * Enable the prevention policy. */ enabled?: pulumi.Input; /** * Whether to enable the setting. An attempt to dump a user’s hashed password was blocked. */ hashCollector?: pulumi.Input; /** * Host Group ids to attach to the prevention policy. */ hostGroups?: pulumi.Input[]>; /** * Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs. */ intelligenceSourcedThreats?: pulumi.Input; /** * IOA Rule Group to attach to the prevention policy. */ ioaRuleGroups?: pulumi.Input[]>; /** * Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked. */ kcPasswordDecoded?: pulumi.Input; /** * Name of the prevention policy. */ name?: pulumi.Input; /** * Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications. */ notifyEndUsers?: pulumi.Input; /** * Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats. */ preventSuspiciousProcesses?: pulumi.Input; /** * Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions. */ quarantine?: pulumi.Input; /** * Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning. */ quarantineOnWrite?: pulumi.Input; /** * Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages. */ scriptBasedExecutionMonitoring?: pulumi.Input; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP). */ sensorAdwareAndPup?: pulumi.Input; /** * For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. */ sensorAntiMalware?: pulumi.Input; /** * Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended. */ sensorTamperingProtection?: pulumi.Input; /** * Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud. */ uploadUnknownDetectionRelatedExecutables?: pulumi.Input; /** * Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud. */ uploadUnknownExecutables?: pulumi.Input; /** * Whether to enable the setting. The execution of an XPCOM shell was blocked. */ xpcomShell?: pulumi.Input; }