CrowdStrike v0.0.13, Apr 22 25

CrowdStrike v0.0.13 published on Tuesday, Apr 22, 2025 by CrowdStrike

crowdstrike.DefaultPreventionPolicyLinux

Explore with Pulumi AI

CrowdStrike v0.0.13 published on Tuesday, Apr 22, 2025 by CrowdStrike

This resource allows you to manage the default prevention policy for Linux hosts. Prevention policies allow you to manage what activity will trigger detections and preventions on your hosts. Destruction of this resource will not delete the default prevention policy or remove any configured settings.

API Scopes

The following API scopes are required:

Prevention policies | Read & Write

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as crowdstrike from "@crowdstrike/pulumi";

const _default = new crowdstrike.DefaultPreventionPolicyLinux("default", {
    description: "managed by terraform",
    ioaRuleGroups: [],
    cloudAntiMalware: {
        detection: "MODERATE",
        prevention: "CAUTIOUS",
    },
    sensorAntiMalware: {
        detection: "MODERATE",
        prevention: "CAUTIOUS",
    },
    quarantine: true,
    customBlocking: true,
    preventSuspiciousProcesses: true,
    scriptBasedExecutionMonitoring: true,
    uploadUnknownExecutables: true,
    uploadUnknownDetectionRelatedExecutables: true,
    driftPrevention: true,
    emailProtocolVisibility: true,
    filesystemVisibility: true,
    ftpVisibility: true,
    httpVisibility: true,
    networkVisibility: true,
    tlsVisibility: true,
    sensorTamperingProtection: true,
    onWriteScriptFileVisibility: true,
    memoryVisibility: true,
    extendedCommandLineVisibility: true,
});
export const defaultPreventionPolicyLinux = _default;

import pulumi
import crowdstrike_pulumi as crowdstrike

default = crowdstrike.DefaultPreventionPolicyLinux("default",
    description="managed by terraform",
    ioa_rule_groups=[],
    cloud_anti_malware={
        "detection": "MODERATE",
        "prevention": "CAUTIOUS",
    },
    sensor_anti_malware={
        "detection": "MODERATE",
        "prevention": "CAUTIOUS",
    },
    quarantine=True,
    custom_blocking=True,
    prevent_suspicious_processes=True,
    script_based_execution_monitoring=True,
    upload_unknown_executables=True,
    upload_unknown_detection_related_executables=True,
    drift_prevention=True,
    email_protocol_visibility=True,
    filesystem_visibility=True,
    ftp_visibility=True,
    http_visibility=True,
    network_visibility=True,
    tls_visibility=True,
    sensor_tampering_protection=True,
    on_write_script_file_visibility=True,
    memory_visibility=True,
    extended_command_line_visibility=True)
pulumi.export("defaultPreventionPolicyLinux", default)

package main

import (
	"github.com/crowdstrike/pulumi-crowdstrike/sdk/go/crowdstrike"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := crowdstrike.NewDefaultPreventionPolicyLinux(ctx, "default", &crowdstrike.DefaultPreventionPolicyLinuxArgs{
			Description:   pulumi.String("managed by terraform"),
			IoaRuleGroups: pulumi.StringArray{},
			CloudAntiMalware: &crowdstrike.DefaultPreventionPolicyLinuxCloudAntiMalwareArgs{
				Detection:  pulumi.String("MODERATE"),
				Prevention: pulumi.String("CAUTIOUS"),
			},
			SensorAntiMalware: &crowdstrike.DefaultPreventionPolicyLinuxSensorAntiMalwareArgs{
				Detection:  pulumi.String("MODERATE"),
				Prevention: pulumi.String("CAUTIOUS"),
			},
			Quarantine:                               pulumi.Bool(true),
			CustomBlocking:                           pulumi.Bool(true),
			PreventSuspiciousProcesses:               pulumi.Bool(true),
			ScriptBasedExecutionMonitoring:           pulumi.Bool(true),
			UploadUnknownExecutables:                 pulumi.Bool(true),
			UploadUnknownDetectionRelatedExecutables: pulumi.Bool(true),
			DriftPrevention:                          pulumi.Bool(true),
			EmailProtocolVisibility:                  pulumi.Bool(true),
			FilesystemVisibility:                     pulumi.Bool(true),
			FtpVisibility:                            pulumi.Bool(true),
			HttpVisibility:                           pulumi.Bool(true),
			NetworkVisibility:                        pulumi.Bool(true),
			TlsVisibility:                            pulumi.Bool(true),
			SensorTamperingProtection:                pulumi.Bool(true),
			OnWriteScriptFileVisibility:              pulumi.Bool(true),
			MemoryVisibility:                         pulumi.Bool(true),
			ExtendedCommandLineVisibility:            pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ctx.Export("defaultPreventionPolicyLinux", _default)
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Crowdstrike = CrowdStrike.Crowdstrike;

return await Deployment.RunAsync(() => 
{
    var @default = new Crowdstrike.DefaultPreventionPolicyLinux("default", new()
    {
        Description = "managed by terraform",
        IoaRuleGroups = new[] {},
        CloudAntiMalware = new Crowdstrike.Inputs.DefaultPreventionPolicyLinuxCloudAntiMalwareArgs
        {
            Detection = "MODERATE",
            Prevention = "CAUTIOUS",
        },
        SensorAntiMalware = new Crowdstrike.Inputs.DefaultPreventionPolicyLinuxSensorAntiMalwareArgs
        {
            Detection = "MODERATE",
            Prevention = "CAUTIOUS",
        },
        Quarantine = true,
        CustomBlocking = true,
        PreventSuspiciousProcesses = true,
        ScriptBasedExecutionMonitoring = true,
        UploadUnknownExecutables = true,
        UploadUnknownDetectionRelatedExecutables = true,
        DriftPrevention = true,
        EmailProtocolVisibility = true,
        FilesystemVisibility = true,
        FtpVisibility = true,
        HttpVisibility = true,
        NetworkVisibility = true,
        TlsVisibility = true,
        SensorTamperingProtection = true,
        OnWriteScriptFileVisibility = true,
        MemoryVisibility = true,
        ExtendedCommandLineVisibility = true,
    });

    return new Dictionary<string, object?>
    {
        ["defaultPreventionPolicyLinux"] = @default,
    };
});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.crowdstrike.crowdstrike.DefaultPreventionPolicyLinux;
import com.crowdstrike.crowdstrike.DefaultPreventionPolicyLinuxArgs;
import com.pulumi.crowdstrike.inputs.DefaultPreventionPolicyLinuxCloudAntiMalwareArgs;
import com.pulumi.crowdstrike.inputs.DefaultPreventionPolicyLinuxSensorAntiMalwareArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new DefaultPreventionPolicyLinux("default", DefaultPreventionPolicyLinuxArgs.builder()
            .description("managed by terraform")
            .ioaRuleGroups()
            .cloudAntiMalware(DefaultPreventionPolicyLinuxCloudAntiMalwareArgs.builder()
%!v(PANIC=Format method: interface conversion: model.Expression is *model.TemplateExpression, not *model.LiteralValueExpression))
                .sensorAntiMalware(DefaultPreventionPolicyLinuxSensorAntiMalwareArgs.builder()
%!v(PANIC=Format method: interface conversion: model.Expression is *model.TemplateExpression, not *model.LiteralValueExpression))
                    .quarantine(true)
                    .customBlocking(true)
                    .preventSuspiciousProcesses(true)
                    .scriptBasedExecutionMonitoring(true)
                    .uploadUnknownExecutables(true)
                    .uploadUnknownDetectionRelatedExecutables(true)
                    .driftPrevention(true)
                    .emailProtocolVisibility(true)
                    .filesystemVisibility(true)
                    .ftpVisibility(true)
                    .httpVisibility(true)
                    .networkVisibility(true)
                    .tlsVisibility(true)
                    .sensorTamperingProtection(true)
                    .onWriteScriptFileVisibility(true)
                    .memoryVisibility(true)
                    .extendedCommandLineVisibility(true)
                    .build());

                ctx.export("defaultPreventionPolicyLinux", default_);
            }
}

resources:
  default:
    type: crowdstrike:DefaultPreventionPolicyLinux
    properties:
      description: managed by terraform
      ioaRuleGroups: []
      cloudAntiMalware:
        detection: MODERATE
        prevention: CAUTIOUS
      sensorAntiMalware:
        detection: MODERATE
        prevention: CAUTIOUS
      quarantine: true
      customBlocking: true
      preventSuspiciousProcesses: true
      scriptBasedExecutionMonitoring: true
      uploadUnknownExecutables: true
      uploadUnknownDetectionRelatedExecutables: true
      driftPrevention: true
      emailProtocolVisibility: true
      filesystemVisibility: true
      ftpVisibility: true
      httpVisibility: true
      networkVisibility: true
      tlsVisibility: true
      sensorTamperingProtection: true
      onWriteScriptFileVisibility: true
      memoryVisibility: true
      extendedCommandLineVisibility: true
outputs:
  defaultPreventionPolicyLinux: ${default}

Create DefaultPreventionPolicyLinux Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new DefaultPreventionPolicyLinux(name: string, args: DefaultPreventionPolicyLinuxArgs, opts?: CustomResourceOptions);

@overload
def DefaultPreventionPolicyLinux(resource_name: str,
                                 args: DefaultPreventionPolicyLinuxArgs,
                                 opts: Optional[ResourceOptions] = None)

@overload
def DefaultPreventionPolicyLinux(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 ioa_rule_groups: Optional[Sequence[str]] = None,
                                 memory_visibility: Optional[bool] = None,
                                 description: Optional[str] = None,
                                 drift_prevention: Optional[bool] = None,
                                 email_protocol_visibility: Optional[bool] = None,
                                 extended_command_line_visibility: Optional[bool] = None,
                                 filesystem_visibility: Optional[bool] = None,
                                 ftp_visibility: Optional[bool] = None,
                                 http_visibility: Optional[bool] = None,
                                 cloud_anti_malware: Optional[DefaultPreventionPolicyLinuxCloudAntiMalwareArgs] = None,
                                 custom_blocking: Optional[bool] = None,
                                 prevent_suspicious_processes: Optional[bool] = None,
                                 on_write_script_file_visibility: Optional[bool] = None,
                                 network_visibility: Optional[bool] = None,
                                 quarantine: Optional[bool] = None,
                                 script_based_execution_monitoring: Optional[bool] = None,
                                 sensor_anti_malware: Optional[DefaultPreventionPolicyLinuxSensorAntiMalwareArgs] = None,
                                 sensor_tampering_protection: Optional[bool] = None,
                                 tls_visibility: Optional[bool] = None,
                                 upload_unknown_detection_related_executables: Optional[bool] = None,
                                 upload_unknown_executables: Optional[bool] = None)

func NewDefaultPreventionPolicyLinux(ctx *Context, name string, args DefaultPreventionPolicyLinuxArgs, opts ...ResourceOption) (*DefaultPreventionPolicyLinux, error)

public DefaultPreventionPolicyLinux(string name, DefaultPreventionPolicyLinuxArgs args, CustomResourceOptions? opts = null)

public DefaultPreventionPolicyLinux(String name, DefaultPreventionPolicyLinuxArgs args)
public DefaultPreventionPolicyLinux(String name, DefaultPreventionPolicyLinuxArgs args, CustomResourceOptions options)

type: crowdstrike:DefaultPreventionPolicyLinux
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args DefaultPreventionPolicyLinuxArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DefaultPreventionPolicyLinuxArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DefaultPreventionPolicyLinuxArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DefaultPreventionPolicyLinuxArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DefaultPreventionPolicyLinuxArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var defaultPreventionPolicyLinuxResource = new Crowdstrike.DefaultPreventionPolicyLinux("defaultPreventionPolicyLinuxResource", new()
{
    IoaRuleGroups = new[]
    {
        "string",
    },
    MemoryVisibility = false,
    Description = "string",
    DriftPrevention = false,
    EmailProtocolVisibility = false,
    ExtendedCommandLineVisibility = false,
    FilesystemVisibility = false,
    FtpVisibility = false,
    HttpVisibility = false,
    CloudAntiMalware = new Crowdstrike.Inputs.DefaultPreventionPolicyLinuxCloudAntiMalwareArgs
    {
        Detection = "string",
        Prevention = "string",
    },
    CustomBlocking = false,
    PreventSuspiciousProcesses = false,
    OnWriteScriptFileVisibility = false,
    NetworkVisibility = false,
    Quarantine = false,
    ScriptBasedExecutionMonitoring = false,
    SensorAntiMalware = new Crowdstrike.Inputs.DefaultPreventionPolicyLinuxSensorAntiMalwareArgs
    {
        Detection = "string",
        Prevention = "string",
    },
    SensorTamperingProtection = false,
    TlsVisibility = false,
    UploadUnknownDetectionRelatedExecutables = false,
    UploadUnknownExecutables = false,
});

example, err := crowdstrike.NewDefaultPreventionPolicyLinux(ctx, "defaultPreventionPolicyLinuxResource", &crowdstrike.DefaultPreventionPolicyLinuxArgs{
	IoaRuleGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	MemoryVisibility:              pulumi.Bool(false),
	Description:                   pulumi.String("string"),
	DriftPrevention:               pulumi.Bool(false),
	EmailProtocolVisibility:       pulumi.Bool(false),
	ExtendedCommandLineVisibility: pulumi.Bool(false),
	FilesystemVisibility:          pulumi.Bool(false),
	FtpVisibility:                 pulumi.Bool(false),
	HttpVisibility:                pulumi.Bool(false),
	CloudAntiMalware: &crowdstrike.DefaultPreventionPolicyLinuxCloudAntiMalwareArgs{
		Detection:  pulumi.String("string"),
		Prevention: pulumi.String("string"),
	},
	CustomBlocking:                 pulumi.Bool(false),
	PreventSuspiciousProcesses:     pulumi.Bool(false),
	OnWriteScriptFileVisibility:    pulumi.Bool(false),
	NetworkVisibility:              pulumi.Bool(false),
	Quarantine:                     pulumi.Bool(false),
	ScriptBasedExecutionMonitoring: pulumi.Bool(false),
	SensorAntiMalware: &crowdstrike.DefaultPreventionPolicyLinuxSensorAntiMalwareArgs{
		Detection:  pulumi.String("string"),
		Prevention: pulumi.String("string"),
	},
	SensorTamperingProtection:                pulumi.Bool(false),
	TlsVisibility:                            pulumi.Bool(false),
	UploadUnknownDetectionRelatedExecutables: pulumi.Bool(false),
	UploadUnknownExecutables:                 pulumi.Bool(false),
})

var defaultPreventionPolicyLinuxResource = new DefaultPreventionPolicyLinux("defaultPreventionPolicyLinuxResource", DefaultPreventionPolicyLinuxArgs.builder()
    .ioaRuleGroups("string")
    .memoryVisibility(false)
    .description("string")
    .driftPrevention(false)
    .emailProtocolVisibility(false)
    .extendedCommandLineVisibility(false)
    .filesystemVisibility(false)
    .ftpVisibility(false)
    .httpVisibility(false)
    .cloudAntiMalware(DefaultPreventionPolicyLinuxCloudAntiMalwareArgs.builder()
        .detection("string")
        .prevention("string")
        .build())
    .customBlocking(false)
    .preventSuspiciousProcesses(false)
    .onWriteScriptFileVisibility(false)
    .networkVisibility(false)
    .quarantine(false)
    .scriptBasedExecutionMonitoring(false)
    .sensorAntiMalware(DefaultPreventionPolicyLinuxSensorAntiMalwareArgs.builder()
        .detection("string")
        .prevention("string")
        .build())
    .sensorTamperingProtection(false)
    .tlsVisibility(false)
    .uploadUnknownDetectionRelatedExecutables(false)
    .uploadUnknownExecutables(false)
    .build());

default_prevention_policy_linux_resource = crowdstrike.DefaultPreventionPolicyLinux("defaultPreventionPolicyLinuxResource",
    ioa_rule_groups=["string"],
    memory_visibility=False,
    description="string",
    drift_prevention=False,
    email_protocol_visibility=False,
    extended_command_line_visibility=False,
    filesystem_visibility=False,
    ftp_visibility=False,
    http_visibility=False,
    cloud_anti_malware={
        "detection": "string",
        "prevention": "string",
    },
    custom_blocking=False,
    prevent_suspicious_processes=False,
    on_write_script_file_visibility=False,
    network_visibility=False,
    quarantine=False,
    script_based_execution_monitoring=False,
    sensor_anti_malware={
        "detection": "string",
        "prevention": "string",
    },
    sensor_tampering_protection=False,
    tls_visibility=False,
    upload_unknown_detection_related_executables=False,
    upload_unknown_executables=False)

const defaultPreventionPolicyLinuxResource = new crowdstrike.DefaultPreventionPolicyLinux("defaultPreventionPolicyLinuxResource", {
    ioaRuleGroups: ["string"],
    memoryVisibility: false,
    description: "string",
    driftPrevention: false,
    emailProtocolVisibility: false,
    extendedCommandLineVisibility: false,
    filesystemVisibility: false,
    ftpVisibility: false,
    httpVisibility: false,
    cloudAntiMalware: {
        detection: "string",
        prevention: "string",
    },
    customBlocking: false,
    preventSuspiciousProcesses: false,
    onWriteScriptFileVisibility: false,
    networkVisibility: false,
    quarantine: false,
    scriptBasedExecutionMonitoring: false,
    sensorAntiMalware: {
        detection: "string",
        prevention: "string",
    },
    sensorTamperingProtection: false,
    tlsVisibility: false,
    uploadUnknownDetectionRelatedExecutables: false,
    uploadUnknownExecutables: false,
});

type: crowdstrike:DefaultPreventionPolicyLinux
properties:
    cloudAntiMalware:
        detection: string
        prevention: string
    customBlocking: false
    description: string
    driftPrevention: false
    emailProtocolVisibility: false
    extendedCommandLineVisibility: false
    filesystemVisibility: false
    ftpVisibility: false
    httpVisibility: false
    ioaRuleGroups:
        - string
    memoryVisibility: false
    networkVisibility: false
    onWriteScriptFileVisibility: false
    preventSuspiciousProcesses: false
    quarantine: false
    scriptBasedExecutionMonitoring: false
    sensorAntiMalware:
        detection: string
        prevention: string
    sensorTamperingProtection: false
    tlsVisibility: false
    uploadUnknownDetectionRelatedExecutables: false
    uploadUnknownExecutables: false

DefaultPreventionPolicyLinux Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The DefaultPreventionPolicyLinux resource accepts the following input properties:

IoaRuleGroups List<string>: IOA Rule Group to attach to the prevention policy.
CloudAntiMalware CrowdStrike.Crowdstrike.Inputs.DefaultPreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DriftPrevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
EmailProtocolVisibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
ExtendedCommandLineVisibility bool: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
FilesystemVisibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
FtpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
HttpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
MemoryVisibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
NetworkVisibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
OnWriteScriptFileVisibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAntiMalware CrowdStrike.Crowdstrike.Inputs.DefaultPreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
TlsVisibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

IoaRuleGroups []string: IOA Rule Group to attach to the prevention policy.
CloudAntiMalware DefaultPreventionPolicyLinuxCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DriftPrevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
EmailProtocolVisibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
ExtendedCommandLineVisibility bool: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
FilesystemVisibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
FtpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
HttpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
MemoryVisibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
NetworkVisibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
OnWriteScriptFileVisibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAntiMalware DefaultPreventionPolicyLinuxSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
TlsVisibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
cloudAntiMalware DefaultPreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
driftPrevention Boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
extendedCommandLineVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
filesystemVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
httpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
memoryVisibility Boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
networkVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility Boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware DefaultPreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

ioaRuleGroups string[]: IOA Rule Group to attach to the prevention policy.
cloudAntiMalware DefaultPreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description string: Description of the prevention policy.
driftPrevention boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
extendedCommandLineVisibility boolean: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
filesystemVisibility boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
httpVisibility boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
memoryVisibility boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
networkVisibility boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware DefaultPreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

ioa_rule_groups Sequence[str]: IOA Rule Group to attach to the prevention policy.
cloud_anti_malware DefaultPreventionPolicyLinuxCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
custom_blocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description str: Description of the prevention policy.
drift_prevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
email_protocol_visibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
extended_command_line_visibility bool: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
filesystem_visibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftp_visibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
http_visibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
memory_visibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
network_visibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
on_write_script_file_visibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
prevent_suspicious_processes bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
script_based_execution_monitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensor_anti_malware DefaultPreventionPolicyLinuxSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensor_tampering_protection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tls_visibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
upload_unknown_detection_related_executables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
upload_unknown_executables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
cloudAntiMalware Property Map: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
driftPrevention Boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
extendedCommandLineVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
filesystemVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
httpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
memoryVisibility Boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
networkVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility Boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware Property Map: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

Outputs

All input properties are implicitly available as output properties. Additionally, the DefaultPreventionPolicyLinux resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
LastUpdated string

Id string: The provider-assigned unique ID for this managed resource.
LastUpdated string

id String: The provider-assigned unique ID for this managed resource.
lastUpdated String

id string: The provider-assigned unique ID for this managed resource.
lastUpdated string

id str: The provider-assigned unique ID for this managed resource.
last_updated str

id String: The provider-assigned unique ID for this managed resource.
lastUpdated String

Look up Existing DefaultPreventionPolicyLinux Resource

Get an existing DefaultPreventionPolicyLinux resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DefaultPreventionPolicyLinuxState, opts?: CustomResourceOptions): DefaultPreventionPolicyLinux

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        cloud_anti_malware: Optional[DefaultPreventionPolicyLinuxCloudAntiMalwareArgs] = None,
        custom_blocking: Optional[bool] = None,
        description: Optional[str] = None,
        drift_prevention: Optional[bool] = None,
        email_protocol_visibility: Optional[bool] = None,
        extended_command_line_visibility: Optional[bool] = None,
        filesystem_visibility: Optional[bool] = None,
        ftp_visibility: Optional[bool] = None,
        http_visibility: Optional[bool] = None,
        ioa_rule_groups: Optional[Sequence[str]] = None,
        last_updated: Optional[str] = None,
        memory_visibility: Optional[bool] = None,
        network_visibility: Optional[bool] = None,
        on_write_script_file_visibility: Optional[bool] = None,
        prevent_suspicious_processes: Optional[bool] = None,
        quarantine: Optional[bool] = None,
        script_based_execution_monitoring: Optional[bool] = None,
        sensor_anti_malware: Optional[DefaultPreventionPolicyLinuxSensorAntiMalwareArgs] = None,
        sensor_tampering_protection: Optional[bool] = None,
        tls_visibility: Optional[bool] = None,
        upload_unknown_detection_related_executables: Optional[bool] = None,
        upload_unknown_executables: Optional[bool] = None) -> DefaultPreventionPolicyLinux

func GetDefaultPreventionPolicyLinux(ctx *Context, name string, id IDInput, state *DefaultPreventionPolicyLinuxState, opts ...ResourceOption) (*DefaultPreventionPolicyLinux, error)

public static DefaultPreventionPolicyLinux Get(string name, Input<string> id, DefaultPreventionPolicyLinuxState? state, CustomResourceOptions? opts = null)

public static DefaultPreventionPolicyLinux get(String name, Output<String> id, DefaultPreventionPolicyLinuxState state, CustomResourceOptions options)

resources:  _:    type: crowdstrike:DefaultPreventionPolicyLinux    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CloudAntiMalware CrowdStrike.Crowdstrike.Inputs.DefaultPreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DriftPrevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
EmailProtocolVisibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
ExtendedCommandLineVisibility bool: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
FilesystemVisibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
FtpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
HttpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
IoaRuleGroups List<string>: IOA Rule Group to attach to the prevention policy.
LastUpdated string
MemoryVisibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
NetworkVisibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
OnWriteScriptFileVisibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAntiMalware CrowdStrike.Crowdstrike.Inputs.DefaultPreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
TlsVisibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

CloudAntiMalware DefaultPreventionPolicyLinuxCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DriftPrevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
EmailProtocolVisibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
ExtendedCommandLineVisibility bool: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
FilesystemVisibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
FtpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
HttpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
IoaRuleGroups []string: IOA Rule Group to attach to the prevention policy.
LastUpdated string
MemoryVisibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
NetworkVisibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
OnWriteScriptFileVisibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAntiMalware DefaultPreventionPolicyLinuxSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
TlsVisibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

cloudAntiMalware DefaultPreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
driftPrevention Boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
extendedCommandLineVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
filesystemVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
httpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
lastUpdated String
memoryVisibility Boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
networkVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility Boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware DefaultPreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

cloudAntiMalware DefaultPreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description string: Description of the prevention policy.
driftPrevention boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
extendedCommandLineVisibility boolean: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
filesystemVisibility boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
httpVisibility boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
ioaRuleGroups string[]: IOA Rule Group to attach to the prevention policy.
lastUpdated string
memoryVisibility boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
networkVisibility boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware DefaultPreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

cloud_anti_malware DefaultPreventionPolicyLinuxCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
custom_blocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description str: Description of the prevention policy.
drift_prevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
email_protocol_visibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
extended_command_line_visibility bool: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
filesystem_visibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftp_visibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
http_visibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
ioa_rule_groups Sequence[str]: IOA Rule Group to attach to the prevention policy.
last_updated str
memory_visibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
network_visibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
on_write_script_file_visibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
prevent_suspicious_processes bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
script_based_execution_monitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensor_anti_malware DefaultPreventionPolicyLinuxSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensor_tampering_protection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tls_visibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
upload_unknown_detection_related_executables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
upload_unknown_executables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

cloudAntiMalware Property Map: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
driftPrevention Boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
extendedCommandLineVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor full CLI commands that include pipes and redirects. This is applicable only for User mode.
filesystemVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
httpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
lastUpdated String
memoryVisibility Boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
networkVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility Boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware Property Map: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

Supporting Types

DefaultPreventionPolicyLinuxCloudAntiMalware, DefaultPreventionPolicyLinuxCloudAntiMalwareArgs

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

detection string: Machine learning level for detection.
prevention string: Machine learning level for prevention.

detection str: Machine learning level for detection.
prevention str: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

DefaultPreventionPolicyLinuxSensorAntiMalware, DefaultPreventionPolicyLinuxSensorAntiMalwareArgs

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

detection string: Machine learning level for detection.
prevention string: Machine learning level for prevention.

detection str: Machine learning level for detection.
prevention str: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

Import

The mac default prevention policy can be imported by specifying the id.

$ pulumi import crowdstrike:index/defaultPreventionPolicyLinux:DefaultPreventionPolicyLinux default 7fb858a949034a0cbca175f660f1e769

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: crowdstrike crowdstrike/pulumi-crowdstrike
License: Apache-2.0
Notes: This Pulumi package is based on the crowdstrike Terraform Provider.

CrowdStrike v0.0.13 published on Tuesday, Apr 22, 2025 by CrowdStrike

crowdstrike/pulumi-crowdstrike

crowdstrike.DefaultPreventionPolicyLinux

On this page

On this page

API Scopes

Example Usage

Create DefaultPreventionPolicyLinux Resource

Constructor syntax

Parameters

Constructor example

DefaultPreventionPolicyLinux Resource Properties

Inputs

Outputs

Look up Existing DefaultPreventionPolicyLinux Resource

Supporting Types

DefaultPreventionPolicyLinuxCloudAntiMalware, DefaultPreventionPolicyLinuxCloudAntiMalwareArgs

DefaultPreventionPolicyLinuxSensorAntiMalware, DefaultPreventionPolicyLinuxSensorAntiMalwareArgs

Import

Package Details

On this page

On this page