1. Packages
  2. Cloudflare
  3. API Docs
  4. DevicePostureRule
Cloudflare v5.34.0 published on Friday, Jul 12, 2024 by Pulumi

cloudflare.DevicePostureRule

Explore with Pulumi AI

cloudflare logo
Cloudflare v5.34.0 published on Friday, Jul 12, 2024 by Pulumi

    Provides a Cloudflare Device Posture Rule resource. Device posture rules configure security policies for device posture checks.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as cloudflare from "@pulumi/cloudflare";
    
    const eaxmple = new cloudflare.DevicePostureRule("eaxmple", {
        accountId: "f037e56e89293a057740de681ac9abbe",
        name: "Corporate devices posture rule",
        type: "os_version",
        description: "Device posture rule for corporate devices.",
        schedule: "24h",
        expiration: "24h",
        matches: [{
            platform: "linux",
        }],
        inputs: [{
            id: corporateDevices.id,
            version: "1.0.0",
            operator: "<",
            osDistroName: "ubuntu",
            osDistroRevision: "1.0.0",
            osVersionExtra: "(a)",
        }],
    });
    
    import pulumi
    import pulumi_cloudflare as cloudflare
    
    eaxmple = cloudflare.DevicePostureRule("eaxmple",
        account_id="f037e56e89293a057740de681ac9abbe",
        name="Corporate devices posture rule",
        type="os_version",
        description="Device posture rule for corporate devices.",
        schedule="24h",
        expiration="24h",
        matches=[cloudflare.DevicePostureRuleMatchArgs(
            platform="linux",
        )],
        inputs=[cloudflare.DevicePostureRuleInputArgs(
            id=corporate_devices["id"],
            version="1.0.0",
            operator="<",
            os_distro_name="ubuntu",
            os_distro_revision="1.0.0",
            os_version_extra="(a)",
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := cloudflare.NewDevicePostureRule(ctx, "eaxmple", &cloudflare.DevicePostureRuleArgs{
    			AccountId:   pulumi.String("f037e56e89293a057740de681ac9abbe"),
    			Name:        pulumi.String("Corporate devices posture rule"),
    			Type:        pulumi.String("os_version"),
    			Description: pulumi.String("Device posture rule for corporate devices."),
    			Schedule:    pulumi.String("24h"),
    			Expiration:  pulumi.String("24h"),
    			Matches: cloudflare.DevicePostureRuleMatchArray{
    				&cloudflare.DevicePostureRuleMatchArgs{
    					Platform: pulumi.String("linux"),
    				},
    			},
    			Inputs: cloudflare.DevicePostureRuleInputTypeArray{
    				&cloudflare.DevicePostureRuleInputTypeArgs{
    					Id:               pulumi.Any(corporateDevices.Id),
    					Version:          pulumi.String("1.0.0"),
    					Operator:         pulumi.String("<"),
    					OsDistroName:     pulumi.String("ubuntu"),
    					OsDistroRevision: pulumi.String("1.0.0"),
    					OsVersionExtra:   pulumi.String("(a)"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Cloudflare = Pulumi.Cloudflare;
    
    return await Deployment.RunAsync(() => 
    {
        var eaxmple = new Cloudflare.DevicePostureRule("eaxmple", new()
        {
            AccountId = "f037e56e89293a057740de681ac9abbe",
            Name = "Corporate devices posture rule",
            Type = "os_version",
            Description = "Device posture rule for corporate devices.",
            Schedule = "24h",
            Expiration = "24h",
            Matches = new[]
            {
                new Cloudflare.Inputs.DevicePostureRuleMatchArgs
                {
                    Platform = "linux",
                },
            },
            Inputs = new[]
            {
                new Cloudflare.Inputs.DevicePostureRuleInputArgs
                {
                    Id = corporateDevices.Id,
                    Version = "1.0.0",
                    Operator = "<",
                    OsDistroName = "ubuntu",
                    OsDistroRevision = "1.0.0",
                    OsVersionExtra = "(a)",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.cloudflare.DevicePostureRule;
    import com.pulumi.cloudflare.DevicePostureRuleArgs;
    import com.pulumi.cloudflare.inputs.DevicePostureRuleMatchArgs;
    import com.pulumi.cloudflare.inputs.DevicePostureRuleInputArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var eaxmple = new DevicePostureRule("eaxmple", DevicePostureRuleArgs.builder()
                .accountId("f037e56e89293a057740de681ac9abbe")
                .name("Corporate devices posture rule")
                .type("os_version")
                .description("Device posture rule for corporate devices.")
                .schedule("24h")
                .expiration("24h")
                .matches(DevicePostureRuleMatchArgs.builder()
                    .platform("linux")
                    .build())
                .inputs(DevicePostureRuleInputArgs.builder()
                    .id(corporateDevices.id())
                    .version("1.0.0")
                    .operator("<")
                    .osDistroName("ubuntu")
                    .osDistroRevision("1.0.0")
                    .osVersionExtra("(a)")
                    .build())
                .build());
    
        }
    }
    
    resources:
      eaxmple:
        type: cloudflare:DevicePostureRule
        properties:
          accountId: f037e56e89293a057740de681ac9abbe
          name: Corporate devices posture rule
          type: os_version
          description: Device posture rule for corporate devices.
          schedule: 24h
          expiration: 24h
          matches:
            - platform: linux
          inputs:
            - id: ${corporateDevices.id}
              version: 1.0.0
              operator: <
              osDistroName: ubuntu
              osDistroRevision: 1.0.0
              osVersionExtra: (a)
    

    Create DevicePostureRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DevicePostureRule(name: string, args: DevicePostureRuleArgs, opts?: CustomResourceOptions);
    @overload
    def DevicePostureRule(resource_name: str,
                          args: DevicePostureRuleArgs,
                          opts: Optional[ResourceOptions] = None)
    
    @overload
    def DevicePostureRule(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          account_id: Optional[str] = None,
                          type: Optional[str] = None,
                          description: Optional[str] = None,
                          expiration: Optional[str] = None,
                          inputs: Optional[Sequence[DevicePostureRuleInputArgs]] = None,
                          matches: Optional[Sequence[DevicePostureRuleMatchArgs]] = None,
                          name: Optional[str] = None,
                          schedule: Optional[str] = None)
    func NewDevicePostureRule(ctx *Context, name string, args DevicePostureRuleArgs, opts ...ResourceOption) (*DevicePostureRule, error)
    public DevicePostureRule(string name, DevicePostureRuleArgs args, CustomResourceOptions? opts = null)
    public DevicePostureRule(String name, DevicePostureRuleArgs args)
    public DevicePostureRule(String name, DevicePostureRuleArgs args, CustomResourceOptions options)
    
    type: cloudflare:DevicePostureRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DevicePostureRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DevicePostureRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DevicePostureRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DevicePostureRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DevicePostureRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var devicePostureRuleResource = new Cloudflare.DevicePostureRule("devicePostureRuleResource", new()
    {
        AccountId = "string",
        Type = "string",
        Description = "string",
        Expiration = "string",
        Inputs = new[]
        {
            new Cloudflare.Inputs.DevicePostureRuleInputArgs
            {
                ActiveThreats = 0,
                CertificateId = "string",
                CheckDisks = new[]
                {
                    "string",
                },
                Cn = "string",
                ComplianceStatus = "string",
                ConnectionId = "string",
                CountOperator = "string",
                Domain = "string",
                EidLastSeen = "string",
                Enabled = false,
                Exists = false,
                Id = "string",
                Infected = false,
                IsActive = false,
                IssueCount = "string",
                LastSeen = "string",
                NetworkStatus = "string",
                Operator = "string",
                Os = "string",
                OsDistroName = "string",
                OsDistroRevision = "string",
                OsVersionExtra = "string",
                Overall = "string",
                Path = "string",
                RequireAll = false,
                RiskLevel = "string",
                Running = false,
                SensorConfig = "string",
                Sha256 = "string",
                State = "string",
                Thumbprint = "string",
                TotalScore = 0,
                Version = "string",
                VersionOperator = "string",
            },
        },
        Matches = new[]
        {
            new Cloudflare.Inputs.DevicePostureRuleMatchArgs
            {
                Platform = "string",
            },
        },
        Name = "string",
        Schedule = "string",
    });
    
    example, err := cloudflare.NewDevicePostureRule(ctx, "devicePostureRuleResource", &cloudflare.DevicePostureRuleArgs{
    	AccountId:   pulumi.String("string"),
    	Type:        pulumi.String("string"),
    	Description: pulumi.String("string"),
    	Expiration:  pulumi.String("string"),
    	Inputs: cloudflare.DevicePostureRuleInputTypeArray{
    		&cloudflare.DevicePostureRuleInputTypeArgs{
    			ActiveThreats: pulumi.Int(0),
    			CertificateId: pulumi.String("string"),
    			CheckDisks: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Cn:               pulumi.String("string"),
    			ComplianceStatus: pulumi.String("string"),
    			ConnectionId:     pulumi.String("string"),
    			CountOperator:    pulumi.String("string"),
    			Domain:           pulumi.String("string"),
    			EidLastSeen:      pulumi.String("string"),
    			Enabled:          pulumi.Bool(false),
    			Exists:           pulumi.Bool(false),
    			Id:               pulumi.String("string"),
    			Infected:         pulumi.Bool(false),
    			IsActive:         pulumi.Bool(false),
    			IssueCount:       pulumi.String("string"),
    			LastSeen:         pulumi.String("string"),
    			NetworkStatus:    pulumi.String("string"),
    			Operator:         pulumi.String("string"),
    			Os:               pulumi.String("string"),
    			OsDistroName:     pulumi.String("string"),
    			OsDistroRevision: pulumi.String("string"),
    			OsVersionExtra:   pulumi.String("string"),
    			Overall:          pulumi.String("string"),
    			Path:             pulumi.String("string"),
    			RequireAll:       pulumi.Bool(false),
    			RiskLevel:        pulumi.String("string"),
    			Running:          pulumi.Bool(false),
    			SensorConfig:     pulumi.String("string"),
    			Sha256:           pulumi.String("string"),
    			State:            pulumi.String("string"),
    			Thumbprint:       pulumi.String("string"),
    			TotalScore:       pulumi.Int(0),
    			Version:          pulumi.String("string"),
    			VersionOperator:  pulumi.String("string"),
    		},
    	},
    	Matches: cloudflare.DevicePostureRuleMatchArray{
    		&cloudflare.DevicePostureRuleMatchArgs{
    			Platform: pulumi.String("string"),
    		},
    	},
    	Name:     pulumi.String("string"),
    	Schedule: pulumi.String("string"),
    })
    
    var devicePostureRuleResource = new DevicePostureRule("devicePostureRuleResource", DevicePostureRuleArgs.builder()
        .accountId("string")
        .type("string")
        .description("string")
        .expiration("string")
        .inputs(DevicePostureRuleInputArgs.builder()
            .activeThreats(0)
            .certificateId("string")
            .checkDisks("string")
            .cn("string")
            .complianceStatus("string")
            .connectionId("string")
            .countOperator("string")
            .domain("string")
            .eidLastSeen("string")
            .enabled(false)
            .exists(false)
            .id("string")
            .infected(false)
            .isActive(false)
            .issueCount("string")
            .lastSeen("string")
            .networkStatus("string")
            .operator("string")
            .os("string")
            .osDistroName("string")
            .osDistroRevision("string")
            .osVersionExtra("string")
            .overall("string")
            .path("string")
            .requireAll(false)
            .riskLevel("string")
            .running(false)
            .sensorConfig("string")
            .sha256("string")
            .state("string")
            .thumbprint("string")
            .totalScore(0)
            .version("string")
            .versionOperator("string")
            .build())
        .matches(DevicePostureRuleMatchArgs.builder()
            .platform("string")
            .build())
        .name("string")
        .schedule("string")
        .build());
    
    device_posture_rule_resource = cloudflare.DevicePostureRule("devicePostureRuleResource",
        account_id="string",
        type="string",
        description="string",
        expiration="string",
        inputs=[cloudflare.DevicePostureRuleInputArgs(
            active_threats=0,
            certificate_id="string",
            check_disks=["string"],
            cn="string",
            compliance_status="string",
            connection_id="string",
            count_operator="string",
            domain="string",
            eid_last_seen="string",
            enabled=False,
            exists=False,
            id="string",
            infected=False,
            is_active=False,
            issue_count="string",
            last_seen="string",
            network_status="string",
            operator="string",
            os="string",
            os_distro_name="string",
            os_distro_revision="string",
            os_version_extra="string",
            overall="string",
            path="string",
            require_all=False,
            risk_level="string",
            running=False,
            sensor_config="string",
            sha256="string",
            state="string",
            thumbprint="string",
            total_score=0,
            version="string",
            version_operator="string",
        )],
        matches=[cloudflare.DevicePostureRuleMatchArgs(
            platform="string",
        )],
        name="string",
        schedule="string")
    
    const devicePostureRuleResource = new cloudflare.DevicePostureRule("devicePostureRuleResource", {
        accountId: "string",
        type: "string",
        description: "string",
        expiration: "string",
        inputs: [{
            activeThreats: 0,
            certificateId: "string",
            checkDisks: ["string"],
            cn: "string",
            complianceStatus: "string",
            connectionId: "string",
            countOperator: "string",
            domain: "string",
            eidLastSeen: "string",
            enabled: false,
            exists: false,
            id: "string",
            infected: false,
            isActive: false,
            issueCount: "string",
            lastSeen: "string",
            networkStatus: "string",
            operator: "string",
            os: "string",
            osDistroName: "string",
            osDistroRevision: "string",
            osVersionExtra: "string",
            overall: "string",
            path: "string",
            requireAll: false,
            riskLevel: "string",
            running: false,
            sensorConfig: "string",
            sha256: "string",
            state: "string",
            thumbprint: "string",
            totalScore: 0,
            version: "string",
            versionOperator: "string",
        }],
        matches: [{
            platform: "string",
        }],
        name: "string",
        schedule: "string",
    });
    
    type: cloudflare:DevicePostureRule
    properties:
        accountId: string
        description: string
        expiration: string
        inputs:
            - activeThreats: 0
              certificateId: string
              checkDisks:
                - string
              cn: string
              complianceStatus: string
              connectionId: string
              countOperator: string
              domain: string
              eidLastSeen: string
              enabled: false
              exists: false
              id: string
              infected: false
              isActive: false
              issueCount: string
              lastSeen: string
              networkStatus: string
              operator: string
              os: string
              osDistroName: string
              osDistroRevision: string
              osVersionExtra: string
              overall: string
              path: string
              requireAll: false
              riskLevel: string
              running: false
              sensorConfig: string
              sha256: string
              state: string
              thumbprint: string
              totalScore: 0
              version: string
              versionOperator: string
        matches:
            - platform: string
        name: string
        schedule: string
        type: string
    

    DevicePostureRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The DevicePostureRule resource accepts the following input properties:

    AccountId string
    The account identifier to target for the resource.
    Type string
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    Description string
    Expiration string
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    Inputs List<DevicePostureRuleInput>
    Required for all rule types except warp, gateway, and tanium.
    Matches List<DevicePostureRuleMatch>
    The conditions that the client must match to run the rule.
    Name string
    Name of the device posture rule.
    Schedule string
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    AccountId string
    The account identifier to target for the resource.
    Type string
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    Description string
    Expiration string
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    Inputs []DevicePostureRuleInputTypeArgs
    Required for all rule types except warp, gateway, and tanium.
    Matches []DevicePostureRuleMatchArgs
    The conditions that the client must match to run the rule.
    Name string
    Name of the device posture rule.
    Schedule string
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    accountId String
    The account identifier to target for the resource.
    type String
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    description String
    expiration String
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    inputs List<DevicePostureRuleInput>
    Required for all rule types except warp, gateway, and tanium.
    matches List<DevicePostureRuleMatch>
    The conditions that the client must match to run the rule.
    name String
    Name of the device posture rule.
    schedule String
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    accountId string
    The account identifier to target for the resource.
    type string
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    description string
    expiration string
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    inputs DevicePostureRuleInput[]
    Required for all rule types except warp, gateway, and tanium.
    matches DevicePostureRuleMatch[]
    The conditions that the client must match to run the rule.
    name string
    Name of the device posture rule.
    schedule string
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    account_id str
    The account identifier to target for the resource.
    type str
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    description str
    expiration str
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    inputs Sequence[DevicePostureRuleInputArgs]
    Required for all rule types except warp, gateway, and tanium.
    matches Sequence[DevicePostureRuleMatchArgs]
    The conditions that the client must match to run the rule.
    name str
    Name of the device posture rule.
    schedule str
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    accountId String
    The account identifier to target for the resource.
    type String
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    description String
    expiration String
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    inputs List<Property Map>
    Required for all rule types except warp, gateway, and tanium.
    matches List<Property Map>
    The conditions that the client must match to run the rule.
    name String
    Name of the device posture rule.
    schedule String
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DevicePostureRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing DevicePostureRule Resource

    Get an existing DevicePostureRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DevicePostureRuleState, opts?: CustomResourceOptions): DevicePostureRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_id: Optional[str] = None,
            description: Optional[str] = None,
            expiration: Optional[str] = None,
            inputs: Optional[Sequence[DevicePostureRuleInputArgs]] = None,
            matches: Optional[Sequence[DevicePostureRuleMatchArgs]] = None,
            name: Optional[str] = None,
            schedule: Optional[str] = None,
            type: Optional[str] = None) -> DevicePostureRule
    func GetDevicePostureRule(ctx *Context, name string, id IDInput, state *DevicePostureRuleState, opts ...ResourceOption) (*DevicePostureRule, error)
    public static DevicePostureRule Get(string name, Input<string> id, DevicePostureRuleState? state, CustomResourceOptions? opts = null)
    public static DevicePostureRule get(String name, Output<String> id, DevicePostureRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountId string
    The account identifier to target for the resource.
    Description string
    Expiration string
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    Inputs List<DevicePostureRuleInput>
    Required for all rule types except warp, gateway, and tanium.
    Matches List<DevicePostureRuleMatch>
    The conditions that the client must match to run the rule.
    Name string
    Name of the device posture rule.
    Schedule string
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    Type string
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    AccountId string
    The account identifier to target for the resource.
    Description string
    Expiration string
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    Inputs []DevicePostureRuleInputTypeArgs
    Required for all rule types except warp, gateway, and tanium.
    Matches []DevicePostureRuleMatchArgs
    The conditions that the client must match to run the rule.
    Name string
    Name of the device posture rule.
    Schedule string
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    Type string
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    accountId String
    The account identifier to target for the resource.
    description String
    expiration String
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    inputs List<DevicePostureRuleInput>
    Required for all rule types except warp, gateway, and tanium.
    matches List<DevicePostureRuleMatch>
    The conditions that the client must match to run the rule.
    name String
    Name of the device posture rule.
    schedule String
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    type String
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    accountId string
    The account identifier to target for the resource.
    description string
    expiration string
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    inputs DevicePostureRuleInput[]
    Required for all rule types except warp, gateway, and tanium.
    matches DevicePostureRuleMatch[]
    The conditions that the client must match to run the rule.
    name string
    Name of the device posture rule.
    schedule string
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    type string
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    account_id str
    The account identifier to target for the resource.
    description str
    expiration str
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    inputs Sequence[DevicePostureRuleInputArgs]
    Required for all rule types except warp, gateway, and tanium.
    matches Sequence[DevicePostureRuleMatchArgs]
    The conditions that the client must match to run the rule.
    name str
    Name of the device posture rule.
    schedule str
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    type str
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.
    accountId String
    The account identifier to target for the resource.
    description String
    expiration String
    Expire posture results after the specified amount of time. Must be in the format 1h or 30m. Valid units are h and m.
    inputs List<Property Map>
    Required for all rule types except warp, gateway, and tanium.
    matches List<Property Map>
    The conditions that the client must match to run the rule.
    name String
    Name of the device posture rule.
    schedule String
    Tells the client when to run the device posture check. Must be in the format 1h or 30m. Valid units are h and m.
    type String
    The device posture rule type. Available values: serial_number, file, application, gateway, warp, domain_joined, os_version, disk_encryption, firewall, client_certificate, workspace_one, unique_client_id, crowdstrike_s2s, sentinelone, kolide, tanium_s2s, intune, sentinelone_s2s.

    Supporting Types

    DevicePostureRuleInput, DevicePostureRuleInputArgs

    ActiveThreats int
    The number of active threats from SentinelOne.
    CertificateId string
    The UUID of a Cloudflare managed certificate.
    CheckDisks List<string>
    Specific volume(s) to check for encryption.
    Cn string
    The common name for a certificate.
    ComplianceStatus string
    The workspace one device compliance status. Available values: compliant, noncompliant.
    ConnectionId string
    The workspace one connection id.
    CountOperator string
    The count comparison operator for kolide. Available values: >, >=, <, <=, ==.
    Domain string
    The domain that the client must join.
    EidLastSeen string
    The datetime a device last seen in RFC 3339 format from Tanium.
    Enabled bool
    True if the firewall must be enabled.
    Exists bool
    Checks if the file should exist.
    Id string
    The Teams List id. Required for serial_number and unique_client_id rule types.
    Infected bool
    True if SentinelOne device is infected.
    IsActive bool
    True if SentinelOne device is active.
    IssueCount string
    The number of issues for kolide.
    LastSeen string
    The duration of time that the host was last seen from Crowdstrike. Must be in the format 1h or 30m. Valid units are d, h and m.
    NetworkStatus string
    The network status from SentinelOne. Available values: connected, disconnected, disconnecting, connecting.
    Operator string
    The version comparison operator. Available values: >, >=, <, <=, ==.
    Os string
    OS signal score from Crowdstrike. Value must be between 1 and 100.
    OsDistroName string
    The operating system excluding version information.
    OsDistroRevision string
    The operating system version excluding OS name information or release name.
    OsVersionExtra string
    Extra version value following the operating system semantic version.
    Overall string
    Overall ZTA score from Crowdstrike. Value must be between 1 and 100.
    Path string
    The path to the file.
    RequireAll bool
    True if all drives must be encrypted.
    RiskLevel string
    The risk level from Tanium. Available values: low, medium, high, critical.
    Running bool
    Checks if the application should be running.
    SensorConfig string
    Sensor signal score from Crowdstrike. Value must be between 1 and 100.
    Sha256 string
    The sha256 hash of the file.
    State string
    The host’s current online status from Crowdstrike. Available values: online, offline, unknown.
    Thumbprint string
    The thumbprint of the file certificate.
    TotalScore int
    The total score from Tanium.
    Version string
    The operating system semantic version.
    VersionOperator string
    The version comparison operator for crowdstrike. Available values: >, >=, <, <=, ==.
    ActiveThreats int
    The number of active threats from SentinelOne.
    CertificateId string
    The UUID of a Cloudflare managed certificate.
    CheckDisks []string
    Specific volume(s) to check for encryption.
    Cn string
    The common name for a certificate.
    ComplianceStatus string
    The workspace one device compliance status. Available values: compliant, noncompliant.
    ConnectionId string
    The workspace one connection id.
    CountOperator string
    The count comparison operator for kolide. Available values: >, >=, <, <=, ==.
    Domain string
    The domain that the client must join.
    EidLastSeen string
    The datetime a device last seen in RFC 3339 format from Tanium.
    Enabled bool
    True if the firewall must be enabled.
    Exists bool
    Checks if the file should exist.
    Id string
    The Teams List id. Required for serial_number and unique_client_id rule types.
    Infected bool
    True if SentinelOne device is infected.
    IsActive bool
    True if SentinelOne device is active.
    IssueCount string
    The number of issues for kolide.
    LastSeen string
    The duration of time that the host was last seen from Crowdstrike. Must be in the format 1h or 30m. Valid units are d, h and m.
    NetworkStatus string
    The network status from SentinelOne. Available values: connected, disconnected, disconnecting, connecting.
    Operator string
    The version comparison operator. Available values: >, >=, <, <=, ==.
    Os string
    OS signal score from Crowdstrike. Value must be between 1 and 100.
    OsDistroName string
    The operating system excluding version information.
    OsDistroRevision string
    The operating system version excluding OS name information or release name.
    OsVersionExtra string
    Extra version value following the operating system semantic version.
    Overall string
    Overall ZTA score from Crowdstrike. Value must be between 1 and 100.
    Path string
    The path to the file.
    RequireAll bool
    True if all drives must be encrypted.
    RiskLevel string
    The risk level from Tanium. Available values: low, medium, high, critical.
    Running bool
    Checks if the application should be running.
    SensorConfig string
    Sensor signal score from Crowdstrike. Value must be between 1 and 100.
    Sha256 string
    The sha256 hash of the file.
    State string
    The host’s current online status from Crowdstrike. Available values: online, offline, unknown.
    Thumbprint string
    The thumbprint of the file certificate.
    TotalScore int
    The total score from Tanium.
    Version string
    The operating system semantic version.
    VersionOperator string
    The version comparison operator for crowdstrike. Available values: >, >=, <, <=, ==.
    activeThreats Integer
    The number of active threats from SentinelOne.
    certificateId String
    The UUID of a Cloudflare managed certificate.
    checkDisks List<String>
    Specific volume(s) to check for encryption.
    cn String
    The common name for a certificate.
    complianceStatus String
    The workspace one device compliance status. Available values: compliant, noncompliant.
    connectionId String
    The workspace one connection id.
    countOperator String
    The count comparison operator for kolide. Available values: >, >=, <, <=, ==.
    domain String
    The domain that the client must join.
    eidLastSeen String
    The datetime a device last seen in RFC 3339 format from Tanium.
    enabled Boolean
    True if the firewall must be enabled.
    exists Boolean
    Checks if the file should exist.
    id String
    The Teams List id. Required for serial_number and unique_client_id rule types.
    infected Boolean
    True if SentinelOne device is infected.
    isActive Boolean
    True if SentinelOne device is active.
    issueCount String
    The number of issues for kolide.
    lastSeen String
    The duration of time that the host was last seen from Crowdstrike. Must be in the format 1h or 30m. Valid units are d, h and m.
    networkStatus String
    The network status from SentinelOne. Available values: connected, disconnected, disconnecting, connecting.
    operator String
    The version comparison operator. Available values: >, >=, <, <=, ==.
    os String
    OS signal score from Crowdstrike. Value must be between 1 and 100.
    osDistroName String
    The operating system excluding version information.
    osDistroRevision String
    The operating system version excluding OS name information or release name.
    osVersionExtra String
    Extra version value following the operating system semantic version.
    overall String
    Overall ZTA score from Crowdstrike. Value must be between 1 and 100.
    path String
    The path to the file.
    requireAll Boolean
    True if all drives must be encrypted.
    riskLevel String
    The risk level from Tanium. Available values: low, medium, high, critical.
    running Boolean
    Checks if the application should be running.
    sensorConfig String
    Sensor signal score from Crowdstrike. Value must be between 1 and 100.
    sha256 String
    The sha256 hash of the file.
    state String
    The host’s current online status from Crowdstrike. Available values: online, offline, unknown.
    thumbprint String
    The thumbprint of the file certificate.
    totalScore Integer
    The total score from Tanium.
    version String
    The operating system semantic version.
    versionOperator String
    The version comparison operator for crowdstrike. Available values: >, >=, <, <=, ==.
    activeThreats number
    The number of active threats from SentinelOne.
    certificateId string
    The UUID of a Cloudflare managed certificate.
    checkDisks string[]
    Specific volume(s) to check for encryption.
    cn string
    The common name for a certificate.
    complianceStatus string
    The workspace one device compliance status. Available values: compliant, noncompliant.
    connectionId string
    The workspace one connection id.
    countOperator string
    The count comparison operator for kolide. Available values: >, >=, <, <=, ==.
    domain string
    The domain that the client must join.
    eidLastSeen string
    The datetime a device last seen in RFC 3339 format from Tanium.
    enabled boolean
    True if the firewall must be enabled.
    exists boolean
    Checks if the file should exist.
    id string
    The Teams List id. Required for serial_number and unique_client_id rule types.
    infected boolean
    True if SentinelOne device is infected.
    isActive boolean
    True if SentinelOne device is active.
    issueCount string
    The number of issues for kolide.
    lastSeen string
    The duration of time that the host was last seen from Crowdstrike. Must be in the format 1h or 30m. Valid units are d, h and m.
    networkStatus string
    The network status from SentinelOne. Available values: connected, disconnected, disconnecting, connecting.
    operator string
    The version comparison operator. Available values: >, >=, <, <=, ==.
    os string
    OS signal score from Crowdstrike. Value must be between 1 and 100.
    osDistroName string
    The operating system excluding version information.
    osDistroRevision string
    The operating system version excluding OS name information or release name.
    osVersionExtra string
    Extra version value following the operating system semantic version.
    overall string
    Overall ZTA score from Crowdstrike. Value must be between 1 and 100.
    path string
    The path to the file.
    requireAll boolean
    True if all drives must be encrypted.
    riskLevel string
    The risk level from Tanium. Available values: low, medium, high, critical.
    running boolean
    Checks if the application should be running.
    sensorConfig string
    Sensor signal score from Crowdstrike. Value must be between 1 and 100.
    sha256 string
    The sha256 hash of the file.
    state string
    The host’s current online status from Crowdstrike. Available values: online, offline, unknown.
    thumbprint string
    The thumbprint of the file certificate.
    totalScore number
    The total score from Tanium.
    version string
    The operating system semantic version.
    versionOperator string
    The version comparison operator for crowdstrike. Available values: >, >=, <, <=, ==.
    active_threats int
    The number of active threats from SentinelOne.
    certificate_id str
    The UUID of a Cloudflare managed certificate.
    check_disks Sequence[str]
    Specific volume(s) to check for encryption.
    cn str
    The common name for a certificate.
    compliance_status str
    The workspace one device compliance status. Available values: compliant, noncompliant.
    connection_id str
    The workspace one connection id.
    count_operator str
    The count comparison operator for kolide. Available values: >, >=, <, <=, ==.
    domain str
    The domain that the client must join.
    eid_last_seen str
    The datetime a device last seen in RFC 3339 format from Tanium.
    enabled bool
    True if the firewall must be enabled.
    exists bool
    Checks if the file should exist.
    id str
    The Teams List id. Required for serial_number and unique_client_id rule types.
    infected bool
    True if SentinelOne device is infected.
    is_active bool
    True if SentinelOne device is active.
    issue_count str
    The number of issues for kolide.
    last_seen str
    The duration of time that the host was last seen from Crowdstrike. Must be in the format 1h or 30m. Valid units are d, h and m.
    network_status str
    The network status from SentinelOne. Available values: connected, disconnected, disconnecting, connecting.
    operator str
    The version comparison operator. Available values: >, >=, <, <=, ==.
    os str
    OS signal score from Crowdstrike. Value must be between 1 and 100.
    os_distro_name str
    The operating system excluding version information.
    os_distro_revision str
    The operating system version excluding OS name information or release name.
    os_version_extra str
    Extra version value following the operating system semantic version.
    overall str
    Overall ZTA score from Crowdstrike. Value must be between 1 and 100.
    path str
    The path to the file.
    require_all bool
    True if all drives must be encrypted.
    risk_level str
    The risk level from Tanium. Available values: low, medium, high, critical.
    running bool
    Checks if the application should be running.
    sensor_config str
    Sensor signal score from Crowdstrike. Value must be between 1 and 100.
    sha256 str
    The sha256 hash of the file.
    state str
    The host’s current online status from Crowdstrike. Available values: online, offline, unknown.
    thumbprint str
    The thumbprint of the file certificate.
    total_score int
    The total score from Tanium.
    version str
    The operating system semantic version.
    version_operator str
    The version comparison operator for crowdstrike. Available values: >, >=, <, <=, ==.
    activeThreats Number
    The number of active threats from SentinelOne.
    certificateId String
    The UUID of a Cloudflare managed certificate.
    checkDisks List<String>
    Specific volume(s) to check for encryption.
    cn String
    The common name for a certificate.
    complianceStatus String
    The workspace one device compliance status. Available values: compliant, noncompliant.
    connectionId String
    The workspace one connection id.
    countOperator String
    The count comparison operator for kolide. Available values: >, >=, <, <=, ==.
    domain String
    The domain that the client must join.
    eidLastSeen String
    The datetime a device last seen in RFC 3339 format from Tanium.
    enabled Boolean
    True if the firewall must be enabled.
    exists Boolean
    Checks if the file should exist.
    id String
    The Teams List id. Required for serial_number and unique_client_id rule types.
    infected Boolean
    True if SentinelOne device is infected.
    isActive Boolean
    True if SentinelOne device is active.
    issueCount String
    The number of issues for kolide.
    lastSeen String
    The duration of time that the host was last seen from Crowdstrike. Must be in the format 1h or 30m. Valid units are d, h and m.
    networkStatus String
    The network status from SentinelOne. Available values: connected, disconnected, disconnecting, connecting.
    operator String
    The version comparison operator. Available values: >, >=, <, <=, ==.
    os String
    OS signal score from Crowdstrike. Value must be between 1 and 100.
    osDistroName String
    The operating system excluding version information.
    osDistroRevision String
    The operating system version excluding OS name information or release name.
    osVersionExtra String
    Extra version value following the operating system semantic version.
    overall String
    Overall ZTA score from Crowdstrike. Value must be between 1 and 100.
    path String
    The path to the file.
    requireAll Boolean
    True if all drives must be encrypted.
    riskLevel String
    The risk level from Tanium. Available values: low, medium, high, critical.
    running Boolean
    Checks if the application should be running.
    sensorConfig String
    Sensor signal score from Crowdstrike. Value must be between 1 and 100.
    sha256 String
    The sha256 hash of the file.
    state String
    The host’s current online status from Crowdstrike. Available values: online, offline, unknown.
    thumbprint String
    The thumbprint of the file certificate.
    totalScore Number
    The total score from Tanium.
    version String
    The operating system semantic version.
    versionOperator String
    The version comparison operator for crowdstrike. Available values: >, >=, <, <=, ==.

    DevicePostureRuleMatch, DevicePostureRuleMatchArgs

    Platform string
    The platform of the device. Available values: windows, mac, linux, android, ios, chromeos.
    Platform string
    The platform of the device. Available values: windows, mac, linux, android, ios, chromeos.
    platform String
    The platform of the device. Available values: windows, mac, linux, android, ios, chromeos.
    platform string
    The platform of the device. Available values: windows, mac, linux, android, ios, chromeos.
    platform str
    The platform of the device. Available values: windows, mac, linux, android, ios, chromeos.
    platform String
    The platform of the device. Available values: windows, mac, linux, android, ios, chromeos.

    Import

    $ pulumi import cloudflare:index/devicePostureRule:DevicePostureRule example <account_id>/<device_posture_rule_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Cloudflare pulumi/pulumi-cloudflare
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the cloudflare Terraform Provider.
    cloudflare logo
    Cloudflare v5.34.0 published on Friday, Jul 12, 2024 by Pulumi