aquasec.getHostRuntimePolicy

Explore with Pulumi AI

Aquasec v0.8.26 published on Monday, Oct 2, 2023 by Pulumiverse

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aquasec = Pulumi.Aquasec;

return await Deployment.RunAsync(() => 
{
    var hostRuntimePolicy = Aquasec.GetHostRuntimePolicy.Invoke(new()
    {
        Name = "hostRuntimePolicyName",
    });

    return new Dictionary<string, object?>
    {
        ["hostRuntimePolicyDetails"] = hostRuntimePolicy,
    };
});

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		hostRuntimePolicy, err := aquasec.LookupHostRuntimePolicy(ctx, &aquasec.LookupHostRuntimePolicyArgs{
			Name: "hostRuntimePolicyName",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("hostRuntimePolicyDetails", hostRuntimePolicy)
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aquasec.AquasecFunctions;
import com.pulumi.aquasec.inputs.GetHostRuntimePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var hostRuntimePolicy = AquasecFunctions.getHostRuntimePolicy(GetHostRuntimePolicyArgs.builder()
            .name("hostRuntimePolicyName")
            .build());

        ctx.export("hostRuntimePolicyDetails", hostRuntimePolicy.applyValue(getHostRuntimePolicyResult -> getHostRuntimePolicyResult));
    }
}

import pulumi
import pulumi_aquasec as aquasec

host_runtime_policy = aquasec.get_host_runtime_policy(name="hostRuntimePolicyName")
pulumi.export("hostRuntimePolicyDetails", host_runtime_policy)

import * as pulumi from "@pulumi/pulumi";
import * as aquasec from "@pulumi/aquasec";

const hostRuntimePolicy = aquasec.getHostRuntimePolicy({
    name: "hostRuntimePolicyName",
});
export const hostRuntimePolicyDetails = hostRuntimePolicy;

variables:
  hostRuntimePolicy:
    fn::invoke:
      Function: aquasec:getHostRuntimePolicy
      Arguments:
        name: hostRuntimePolicyName
outputs:
  hostRuntimePolicyDetails: ${hostRuntimePolicy}

Using getHostRuntimePolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getHostRuntimePolicy(args: GetHostRuntimePolicyArgs, opts?: InvokeOptions): Promise<GetHostRuntimePolicyResult>
function getHostRuntimePolicyOutput(args: GetHostRuntimePolicyOutputArgs, opts?: InvokeOptions): Output<GetHostRuntimePolicyResult>

def get_host_runtime_policy(name: Optional[str] = None,
                            opts: Optional[InvokeOptions] = None) -> GetHostRuntimePolicyResult
def get_host_runtime_policy_output(name: Optional[pulumi.Input[str]] = None,
                            opts: Optional[InvokeOptions] = None) -> Output[GetHostRuntimePolicyResult]

func LookupHostRuntimePolicy(ctx *Context, args *LookupHostRuntimePolicyArgs, opts ...InvokeOption) (*LookupHostRuntimePolicyResult, error)
func LookupHostRuntimePolicyOutput(ctx *Context, args *LookupHostRuntimePolicyOutputArgs, opts ...InvokeOption) LookupHostRuntimePolicyResultOutput

> Note: This function is named LookupHostRuntimePolicy in the Go SDK.

public static class GetHostRuntimePolicy 
{
    public static Task<GetHostRuntimePolicyResult> InvokeAsync(GetHostRuntimePolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetHostRuntimePolicyResult> Invoke(GetHostRuntimePolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetHostRuntimePolicyResult> getHostRuntimePolicy(GetHostRuntimePolicyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: aquasec:index/getHostRuntimePolicy:getHostRuntimePolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string: Name of the host runtime policy

Name string: Name of the host runtime policy

name String: Name of the host runtime policy

name string: Name of the host runtime policy

name str: Name of the host runtime policy

name String: Name of the host runtime policy

getHostRuntimePolicy Result

The following output properties are available:

ApplicationScopes List<string>: Indicates the application scope of the service.
AuditAllOsUserActivity bool: If true, all process activity will be audited.
AuditBruteForceLogin bool: Detects brute force login attempts
AuditFullCommandArguments bool: If true, full command arguments will be audited.
AuditHostFailedLoginEvents bool: If true, host failed logins will be audited.
AuditHostSuccessfulLoginEvents bool: If true, host successful logins will be audited.
AuditUserAccountManagement bool: If true, account management will be audited.
Author string: Username of the account that created the service.
BlockCryptocurrencyMining bool: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
BlockedFiles List<string>: List of files that are prevented from being read, modified and executed in the containers.
Description string: The description of the host runtime policy
EnableIpReputationSecurity bool: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
Enabled bool: Indicates if the runtime policy is enabled or not.
Enforce bool: Indicates that policy should effect container execution (not just for audit).
EnforceAfterDays int: Indicates the number of days after which the runtime policy will be changed to enforce mode.
FileIntegrityMonitorings List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyFileIntegrityMonitoring>: Configuration for file integrity monitoring.
Id string: The provider-assigned unique ID for this managed resource.
MalwareScanOptions List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyMalwareScanOption>: Configuration for Real-Time Malware Protection.
MonitorSystemLogIntegrity bool: If true, system log will be monitored.
MonitorSystemTimeChanges bool: If true, system time changes will be monitored.
MonitorWindowsServices bool: If true, windows service operations will be monitored.
Name string: Name of the host runtime policy
OsGroupsAlloweds List<string>: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
OsGroupsBlockeds List<string>: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
OsUsersAlloweds List<string>: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
OsUsersBlockeds List<string>: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
PackageBlocks List<string>: List of packages that are not allowed read, write or execute all files that under the packages.
PortScanningDetection bool: If true, port scanning behaviors will be audited.
ScopeExpression string: Logical expression of how to compute the dependency of the scope variables.
ScopeVariables List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyScopeVariable>: List of scope attributes.
WindowsRegistryMonitorings List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyWindowsRegistryMonitoring>: Configuration for windows registry monitoring.
WindowsRegistryProtections List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyWindowsRegistryProtection>: Configuration for windows registry protection.

ApplicationScopes []string: Indicates the application scope of the service.
AuditAllOsUserActivity bool: If true, all process activity will be audited.
AuditBruteForceLogin bool: Detects brute force login attempts
AuditFullCommandArguments bool: If true, full command arguments will be audited.
AuditHostFailedLoginEvents bool: If true, host failed logins will be audited.
AuditHostSuccessfulLoginEvents bool: If true, host successful logins will be audited.
AuditUserAccountManagement bool: If true, account management will be audited.
Author string: Username of the account that created the service.
BlockCryptocurrencyMining bool: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
BlockedFiles []string: List of files that are prevented from being read, modified and executed in the containers.
Description string: The description of the host runtime policy
EnableIpReputationSecurity bool: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
Enabled bool: Indicates if the runtime policy is enabled or not.
Enforce bool: Indicates that policy should effect container execution (not just for audit).
EnforceAfterDays int: Indicates the number of days after which the runtime policy will be changed to enforce mode.
FileIntegrityMonitorings []GetHostRuntimePolicyFileIntegrityMonitoring: Configuration for file integrity monitoring.
Id string: The provider-assigned unique ID for this managed resource.
MalwareScanOptions []GetHostRuntimePolicyMalwareScanOption: Configuration for Real-Time Malware Protection.
MonitorSystemLogIntegrity bool: If true, system log will be monitored.
MonitorSystemTimeChanges bool: If true, system time changes will be monitored.
MonitorWindowsServices bool: If true, windows service operations will be monitored.
Name string: Name of the host runtime policy
OsGroupsAlloweds []string: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
OsGroupsBlockeds []string: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
OsUsersAlloweds []string: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
OsUsersBlockeds []string: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
PackageBlocks []string: List of packages that are not allowed read, write or execute all files that under the packages.
PortScanningDetection bool: If true, port scanning behaviors will be audited.
ScopeExpression string: Logical expression of how to compute the dependency of the scope variables.
ScopeVariables []GetHostRuntimePolicyScopeVariable: List of scope attributes.
WindowsRegistryMonitorings []GetHostRuntimePolicyWindowsRegistryMonitoring: Configuration for windows registry monitoring.
WindowsRegistryProtections []GetHostRuntimePolicyWindowsRegistryProtection: Configuration for windows registry protection.

applicationScopes List<String>: Indicates the application scope of the service.
auditAllOsUserActivity Boolean: If true, all process activity will be audited.
auditBruteForceLogin Boolean: Detects brute force login attempts
auditFullCommandArguments Boolean: If true, full command arguments will be audited.
auditHostFailedLoginEvents Boolean: If true, host failed logins will be audited.
auditHostSuccessfulLoginEvents Boolean: If true, host successful logins will be audited.
auditUserAccountManagement Boolean: If true, account management will be audited.
author String: Username of the account that created the service.
blockCryptocurrencyMining Boolean: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
blockedFiles List<String>: List of files that are prevented from being read, modified and executed in the containers.
description String: The description of the host runtime policy
enableIpReputationSecurity Boolean: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
enabled Boolean: Indicates if the runtime policy is enabled or not.
enforce Boolean: Indicates that policy should effect container execution (not just for audit).
enforceAfterDays Integer: Indicates the number of days after which the runtime policy will be changed to enforce mode.
fileIntegrityMonitorings List<GetHostRuntimePolicyFileIntegrityMonitoring>: Configuration for file integrity monitoring.
id String: The provider-assigned unique ID for this managed resource.
malwareScanOptions List<GetHostRuntimePolicyMalwareScanOption>: Configuration for Real-Time Malware Protection.
monitorSystemLogIntegrity Boolean: If true, system log will be monitored.
monitorSystemTimeChanges Boolean: If true, system time changes will be monitored.
monitorWindowsServices Boolean: If true, windows service operations will be monitored.
name String: Name of the host runtime policy
osGroupsAlloweds List<String>: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osGroupsBlockeds List<String>: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osUsersAlloweds List<String>: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
osUsersBlockeds List<String>: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
packageBlocks List<String>: List of packages that are not allowed read, write or execute all files that under the packages.
portScanningDetection Boolean: If true, port scanning behaviors will be audited.
scopeExpression String: Logical expression of how to compute the dependency of the scope variables.
scopeVariables List<GetHostRuntimePolicyScopeVariable>: List of scope attributes.
windowsRegistryMonitorings List<GetHostRuntimePolicyWindowsRegistryMonitoring>: Configuration for windows registry monitoring.
windowsRegistryProtections List<GetHostRuntimePolicyWindowsRegistryProtection>: Configuration for windows registry protection.

applicationScopes string[]: Indicates the application scope of the service.
auditAllOsUserActivity boolean: If true, all process activity will be audited.
auditBruteForceLogin boolean: Detects brute force login attempts
auditFullCommandArguments boolean: If true, full command arguments will be audited.
auditHostFailedLoginEvents boolean: If true, host failed logins will be audited.
auditHostSuccessfulLoginEvents boolean: If true, host successful logins will be audited.
auditUserAccountManagement boolean: If true, account management will be audited.
author string: Username of the account that created the service.
blockCryptocurrencyMining boolean: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
blockedFiles string[]: List of files that are prevented from being read, modified and executed in the containers.
description string: The description of the host runtime policy
enableIpReputationSecurity boolean: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
enabled boolean: Indicates if the runtime policy is enabled or not.
enforce boolean: Indicates that policy should effect container execution (not just for audit).
enforceAfterDays number: Indicates the number of days after which the runtime policy will be changed to enforce mode.
fileIntegrityMonitorings GetHostRuntimePolicyFileIntegrityMonitoring[]: Configuration for file integrity monitoring.
id string: The provider-assigned unique ID for this managed resource.
malwareScanOptions GetHostRuntimePolicyMalwareScanOption[]: Configuration for Real-Time Malware Protection.
monitorSystemLogIntegrity boolean: If true, system log will be monitored.
monitorSystemTimeChanges boolean: If true, system time changes will be monitored.
monitorWindowsServices boolean: If true, windows service operations will be monitored.
name string: Name of the host runtime policy
osGroupsAlloweds string[]: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osGroupsBlockeds string[]: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osUsersAlloweds string[]: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
osUsersBlockeds string[]: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
packageBlocks string[]: List of packages that are not allowed read, write or execute all files that under the packages.
portScanningDetection boolean: If true, port scanning behaviors will be audited.
scopeExpression string: Logical expression of how to compute the dependency of the scope variables.
scopeVariables GetHostRuntimePolicyScopeVariable[]: List of scope attributes.
windowsRegistryMonitorings GetHostRuntimePolicyWindowsRegistryMonitoring[]: Configuration for windows registry monitoring.
windowsRegistryProtections GetHostRuntimePolicyWindowsRegistryProtection[]: Configuration for windows registry protection.

application_scopes Sequence[str]: Indicates the application scope of the service.
audit_all_os_user_activity bool: If true, all process activity will be audited.
audit_brute_force_login bool: Detects brute force login attempts
audit_full_command_arguments bool: If true, full command arguments will be audited.
audit_host_failed_login_events bool: If true, host failed logins will be audited.
audit_host_successful_login_events bool: If true, host successful logins will be audited.
audit_user_account_management bool: If true, account management will be audited.
author str: Username of the account that created the service.
block_cryptocurrency_mining bool: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
blocked_files Sequence[str]: List of files that are prevented from being read, modified and executed in the containers.
description str: The description of the host runtime policy
enable_ip_reputation_security bool: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
enabled bool: Indicates if the runtime policy is enabled or not.
enforce bool: Indicates that policy should effect container execution (not just for audit).
enforce_after_days int: Indicates the number of days after which the runtime policy will be changed to enforce mode.
file_integrity_monitorings Sequence[GetHostRuntimePolicyFileIntegrityMonitoring]: Configuration for file integrity monitoring.
id str: The provider-assigned unique ID for this managed resource.
malware_scan_options Sequence[GetHostRuntimePolicyMalwareScanOption]: Configuration for Real-Time Malware Protection.
monitor_system_log_integrity bool: If true, system log will be monitored.
monitor_system_time_changes bool: If true, system time changes will be monitored.
monitor_windows_services bool: If true, windows service operations will be monitored.
name str: Name of the host runtime policy
os_groups_alloweds Sequence[str]: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
os_groups_blockeds Sequence[str]: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
os_users_alloweds Sequence[str]: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
os_users_blockeds Sequence[str]: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
package_blocks Sequence[str]: List of packages that are not allowed read, write or execute all files that under the packages.
port_scanning_detection bool: If true, port scanning behaviors will be audited.
scope_expression str: Logical expression of how to compute the dependency of the scope variables.
scope_variables Sequence[GetHostRuntimePolicyScopeVariable]: List of scope attributes.
windows_registry_monitorings Sequence[GetHostRuntimePolicyWindowsRegistryMonitoring]: Configuration for windows registry monitoring.
windows_registry_protections Sequence[GetHostRuntimePolicyWindowsRegistryProtection]: Configuration for windows registry protection.

applicationScopes List<String>: Indicates the application scope of the service.
auditAllOsUserActivity Boolean: If true, all process activity will be audited.
auditBruteForceLogin Boolean: Detects brute force login attempts
auditFullCommandArguments Boolean: If true, full command arguments will be audited.
auditHostFailedLoginEvents Boolean: If true, host failed logins will be audited.
auditHostSuccessfulLoginEvents Boolean: If true, host successful logins will be audited.
auditUserAccountManagement Boolean: If true, account management will be audited.
author String: Username of the account that created the service.
blockCryptocurrencyMining Boolean: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
blockedFiles List<String>: List of files that are prevented from being read, modified and executed in the containers.
description String: The description of the host runtime policy
enableIpReputationSecurity Boolean: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
enabled Boolean: Indicates if the runtime policy is enabled or not.
enforce Boolean: Indicates that policy should effect container execution (not just for audit).
enforceAfterDays Number: Indicates the number of days after which the runtime policy will be changed to enforce mode.
fileIntegrityMonitorings List<Property Map>: Configuration for file integrity monitoring.
id String: The provider-assigned unique ID for this managed resource.
malwareScanOptions List<Property Map>: Configuration for Real-Time Malware Protection.
monitorSystemLogIntegrity Boolean: If true, system log will be monitored.
monitorSystemTimeChanges Boolean: If true, system time changes will be monitored.
monitorWindowsServices Boolean: If true, windows service operations will be monitored.
name String: Name of the host runtime policy
osGroupsAlloweds List<String>: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osGroupsBlockeds List<String>: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osUsersAlloweds List<String>: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
osUsersBlockeds List<String>: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
packageBlocks List<String>: List of packages that are not allowed read, write or execute all files that under the packages.
portScanningDetection Boolean: If true, port scanning behaviors will be audited.
scopeExpression String: Logical expression of how to compute the dependency of the scope variables.
scopeVariables List<Property Map>: List of scope attributes.
windowsRegistryMonitorings List<Property Map>: Configuration for windows registry monitoring.
windowsRegistryProtections List<Property Map>: Configuration for windows registry protection.