crowdstrike.FilevantageRuleGroup
Explore with Pulumi AI
This resource allows management of a FileVantage rule group. A FileVantage rule group is a collection of file integrity rules that can be assigned to a FileVantge policy.
API Scopes
The following API scopes are required:
- Falcon FileVantage | Read & Write
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.crowdstrike.FilevantageRuleGroup;
import com.pulumi.crowdstrike.FilevantageRuleGroupArgs;
import com.pulumi.crowdstrike.inputs.FilevantageRuleGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new FilevantageRuleGroup("example", FilevantageRuleGroupArgs.builder()
.description("Made with Pulumi")
.type("WindowsRegistry")
.rules(
FilevantageRuleGroupRuleArgs.builder()
.description("first rule")
.path("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\")
.severity("High")
.depth("ANY")
.registry_values(
"first",
"rule")
.watch_key_value_set_changes(true)
.enable_content_capture(true)
.build(),
FilevantageRuleGroupRuleArgs.builder()
.description("second rule")
.path("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\")
.severity("High")
.depth("ANY")
.registry_values(
"Value1",
"Value2")
.watch_key_value_set_changes(true)
.enable_content_capture(true)
.build())
.build());
ctx.export("filevantageRuleGroup", example);
}
}
resources:
example:
type: crowdstrike:FilevantageRuleGroup
properties:
description: Made with Pulumi
type: WindowsRegistry
rules:
- description: first rule
path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
severity: High
depth: ANY
registry_values:
- first
- rule
watch_key_value_set_changes: true
enable_content_capture: true
- description: second rule
path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
severity: High
depth: ANY
registry_values:
- Value1
- Value2
watch_key_value_set_changes: true
enable_content_capture: true
outputs:
filevantageRuleGroup: ${example}
Create FilevantageRuleGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FilevantageRuleGroup(name: string, args?: FilevantageRuleGroupArgs, opts?: CustomResourceOptions);
@overload
def FilevantageRuleGroup(resource_name: str,
args: Optional[FilevantageRuleGroupArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def FilevantageRuleGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
name: Optional[str] = None,
rules: Optional[Sequence[FilevantageRuleGroupRuleArgs]] = None,
type: Optional[str] = None)
func NewFilevantageRuleGroup(ctx *Context, name string, args *FilevantageRuleGroupArgs, opts ...ResourceOption) (*FilevantageRuleGroup, error)
public FilevantageRuleGroup(string name, FilevantageRuleGroupArgs? args = null, CustomResourceOptions? opts = null)
public FilevantageRuleGroup(String name, FilevantageRuleGroupArgs args)
public FilevantageRuleGroup(String name, FilevantageRuleGroupArgs args, CustomResourceOptions options)
type: crowdstrike:FilevantageRuleGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FilevantageRuleGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FilevantageRuleGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FilevantageRuleGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FilevantageRuleGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FilevantageRuleGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var filevantageRuleGroupResource = new Crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource", new()
{
Description = "string",
Name = "string",
Rules = new[]
{
new Crowdstrike.Inputs.FilevantageRuleGroupRuleArgs
{
Path = "string",
Description = "string",
Severity = "string",
WatchDirectoryCreateChanges = false,
Id = "string",
WatchDirectoryDeleteChanges = false,
FileNames = new[]
{
"string",
},
WatchDirectoryPermissionChanges = false,
Include = "string",
IncludeProcesses = "string",
IncludeUsers = "string",
Exclude = "string",
Precedence = 0,
RegistryValues = new[]
{
"string",
},
WatchDirectoryRenameChanges = false,
WatchDirectoryAttributeChanges = false,
Depth = "string",
ExcludeUsers = "string",
ExcludeProcesses = "string",
EnableContentCapture = false,
WatchFileAttributeChanges = false,
WatchFileCreateChanges = false,
WatchFileDeleteChanges = false,
WatchFilePermissionChanges = false,
WatchFileRenameChanges = false,
WatchFileWriteChanges = false,
WatchKeyCreateChanges = false,
WatchKeyDeleteChanges = false,
WatchKeyPermissionsChanges = false,
WatchKeyRenameChanges = false,
WatchKeyValueDeleteChanges = false,
WatchKeyValueSetChanges = false,
},
},
Type = "string",
});
example, err := crowdstrike.NewFilevantageRuleGroup(ctx, "filevantageRuleGroupResource", &crowdstrike.FilevantageRuleGroupArgs{
Description: pulumi.String("string"),
Name: pulumi.String("string"),
Rules: crowdstrike.FilevantageRuleGroupRuleArray{
&crowdstrike.FilevantageRuleGroupRuleArgs{
Path: pulumi.String("string"),
Description: pulumi.String("string"),
Severity: pulumi.String("string"),
WatchDirectoryCreateChanges: pulumi.Bool(false),
Id: pulumi.String("string"),
WatchDirectoryDeleteChanges: pulumi.Bool(false),
FileNames: pulumi.StringArray{
pulumi.String("string"),
},
WatchDirectoryPermissionChanges: pulumi.Bool(false),
Include: pulumi.String("string"),
IncludeProcesses: pulumi.String("string"),
IncludeUsers: pulumi.String("string"),
Exclude: pulumi.String("string"),
Precedence: pulumi.Int(0),
RegistryValues: pulumi.StringArray{
pulumi.String("string"),
},
WatchDirectoryRenameChanges: pulumi.Bool(false),
WatchDirectoryAttributeChanges: pulumi.Bool(false),
Depth: pulumi.String("string"),
ExcludeUsers: pulumi.String("string"),
ExcludeProcesses: pulumi.String("string"),
EnableContentCapture: pulumi.Bool(false),
WatchFileAttributeChanges: pulumi.Bool(false),
WatchFileCreateChanges: pulumi.Bool(false),
WatchFileDeleteChanges: pulumi.Bool(false),
WatchFilePermissionChanges: pulumi.Bool(false),
WatchFileRenameChanges: pulumi.Bool(false),
WatchFileWriteChanges: pulumi.Bool(false),
WatchKeyCreateChanges: pulumi.Bool(false),
WatchKeyDeleteChanges: pulumi.Bool(false),
WatchKeyPermissionsChanges: pulumi.Bool(false),
WatchKeyRenameChanges: pulumi.Bool(false),
WatchKeyValueDeleteChanges: pulumi.Bool(false),
WatchKeyValueSetChanges: pulumi.Bool(false),
},
},
Type: pulumi.String("string"),
})
var filevantageRuleGroupResource = new FilevantageRuleGroup("filevantageRuleGroupResource", FilevantageRuleGroupArgs.builder()
.description("string")
.name("string")
.rules(FilevantageRuleGroupRuleArgs.builder()
.path("string")
.description("string")
.severity("string")
.watchDirectoryCreateChanges(false)
.id("string")
.watchDirectoryDeleteChanges(false)
.fileNames("string")
.watchDirectoryPermissionChanges(false)
.include("string")
.includeProcesses("string")
.includeUsers("string")
.exclude("string")
.precedence(0)
.registryValues("string")
.watchDirectoryRenameChanges(false)
.watchDirectoryAttributeChanges(false)
.depth("string")
.excludeUsers("string")
.excludeProcesses("string")
.enableContentCapture(false)
.watchFileAttributeChanges(false)
.watchFileCreateChanges(false)
.watchFileDeleteChanges(false)
.watchFilePermissionChanges(false)
.watchFileRenameChanges(false)
.watchFileWriteChanges(false)
.watchKeyCreateChanges(false)
.watchKeyDeleteChanges(false)
.watchKeyPermissionsChanges(false)
.watchKeyRenameChanges(false)
.watchKeyValueDeleteChanges(false)
.watchKeyValueSetChanges(false)
.build())
.type("string")
.build());
filevantage_rule_group_resource = crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource",
description="string",
name="string",
rules=[{
"path": "string",
"description": "string",
"severity": "string",
"watch_directory_create_changes": False,
"id": "string",
"watch_directory_delete_changes": False,
"file_names": ["string"],
"watch_directory_permission_changes": False,
"include": "string",
"include_processes": "string",
"include_users": "string",
"exclude": "string",
"precedence": 0,
"registry_values": ["string"],
"watch_directory_rename_changes": False,
"watch_directory_attribute_changes": False,
"depth": "string",
"exclude_users": "string",
"exclude_processes": "string",
"enable_content_capture": False,
"watch_file_attribute_changes": False,
"watch_file_create_changes": False,
"watch_file_delete_changes": False,
"watch_file_permission_changes": False,
"watch_file_rename_changes": False,
"watch_file_write_changes": False,
"watch_key_create_changes": False,
"watch_key_delete_changes": False,
"watch_key_permissions_changes": False,
"watch_key_rename_changes": False,
"watch_key_value_delete_changes": False,
"watch_key_value_set_changes": False,
}],
type="string")
const filevantageRuleGroupResource = new crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource", {
description: "string",
name: "string",
rules: [{
path: "string",
description: "string",
severity: "string",
watchDirectoryCreateChanges: false,
id: "string",
watchDirectoryDeleteChanges: false,
fileNames: ["string"],
watchDirectoryPermissionChanges: false,
include: "string",
includeProcesses: "string",
includeUsers: "string",
exclude: "string",
precedence: 0,
registryValues: ["string"],
watchDirectoryRenameChanges: false,
watchDirectoryAttributeChanges: false,
depth: "string",
excludeUsers: "string",
excludeProcesses: "string",
enableContentCapture: false,
watchFileAttributeChanges: false,
watchFileCreateChanges: false,
watchFileDeleteChanges: false,
watchFilePermissionChanges: false,
watchFileRenameChanges: false,
watchFileWriteChanges: false,
watchKeyCreateChanges: false,
watchKeyDeleteChanges: false,
watchKeyPermissionsChanges: false,
watchKeyRenameChanges: false,
watchKeyValueDeleteChanges: false,
watchKeyValueSetChanges: false,
}],
type: "string",
});
type: crowdstrike:FilevantageRuleGroup
properties:
description: string
name: string
rules:
- depth: string
description: string
enableContentCapture: false
exclude: string
excludeProcesses: string
excludeUsers: string
fileNames:
- string
id: string
include: string
includeProcesses: string
includeUsers: string
path: string
precedence: 0
registryValues:
- string
severity: string
watchDirectoryAttributeChanges: false
watchDirectoryCreateChanges: false
watchDirectoryDeleteChanges: false
watchDirectoryPermissionChanges: false
watchDirectoryRenameChanges: false
watchFileAttributeChanges: false
watchFileCreateChanges: false
watchFileDeleteChanges: false
watchFilePermissionChanges: false
watchFileRenameChanges: false
watchFileWriteChanges: false
watchKeyCreateChanges: false
watchKeyDeleteChanges: false
watchKeyPermissionsChanges: false
watchKeyRenameChanges: false
watchKeyValueDeleteChanges: false
watchKeyValueSetChanges: false
type: string
FilevantageRuleGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FilevantageRuleGroup resource accepts the following input properties:
- Description string
- Description of the filevantage rule group.
- Name string
- Name of the filevantage rule group.
- Rules
List<Crowd
Strike. Crowdstrike. Inputs. Filevantage Rule Group Rule> - Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- Type string
- The type of filevantage rule group.
- Description string
- Description of the filevantage rule group.
- Name string
- Name of the filevantage rule group.
- Rules
[]Filevantage
Rule Group Rule Args - Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- Type string
- The type of filevantage rule group.
- description String
- Description of the filevantage rule group.
- name String
- Name of the filevantage rule group.
- rules
List<Filevantage
Rule Group Rule> - Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- type String
- The type of filevantage rule group.
- description string
- Description of the filevantage rule group.
- name string
- Name of the filevantage rule group.
- rules
Filevantage
Rule Group Rule[] - Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- type string
- The type of filevantage rule group.
- description str
- Description of the filevantage rule group.
- name str
- Name of the filevantage rule group.
- rules
Sequence[Filevantage
Rule Group Rule Args] - Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- type str
- The type of filevantage rule group.
- description String
- Description of the filevantage rule group.
- name String
- Name of the filevantage rule group.
- rules List<Property Map>
- Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- type String
- The type of filevantage rule group.
Outputs
All input properties are implicitly available as output properties. Additionally, the FilevantageRuleGroup resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated string
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated string
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated String
- id string
- The provider-assigned unique ID for this managed resource.
- last
Updated string
- id str
- The provider-assigned unique ID for this managed resource.
- last_
updated str
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated String
Look up Existing FilevantageRuleGroup Resource
Get an existing FilevantageRuleGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FilevantageRuleGroupState, opts?: CustomResourceOptions): FilevantageRuleGroup
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
last_updated: Optional[str] = None,
name: Optional[str] = None,
rules: Optional[Sequence[FilevantageRuleGroupRuleArgs]] = None,
type: Optional[str] = None) -> FilevantageRuleGroup
func GetFilevantageRuleGroup(ctx *Context, name string, id IDInput, state *FilevantageRuleGroupState, opts ...ResourceOption) (*FilevantageRuleGroup, error)
public static FilevantageRuleGroup Get(string name, Input<string> id, FilevantageRuleGroupState? state, CustomResourceOptions? opts = null)
public static FilevantageRuleGroup get(String name, Output<String> id, FilevantageRuleGroupState state, CustomResourceOptions options)
resources: _: type: crowdstrike:FilevantageRuleGroup get: id: ${id}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- Description of the filevantage rule group.
- Last
Updated string - Name string
- Name of the filevantage rule group.
- Rules
List<Crowd
Strike. Crowdstrike. Inputs. Filevantage Rule Group Rule> - Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- Type string
- The type of filevantage rule group.
- Description string
- Description of the filevantage rule group.
- Last
Updated string - Name string
- Name of the filevantage rule group.
- Rules
[]Filevantage
Rule Group Rule Args - Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- Type string
- The type of filevantage rule group.
- description String
- Description of the filevantage rule group.
- last
Updated String - name String
- Name of the filevantage rule group.
- rules
List<Filevantage
Rule Group Rule> - Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- type String
- The type of filevantage rule group.
- description string
- Description of the filevantage rule group.
- last
Updated string - name string
- Name of the filevantage rule group.
- rules
Filevantage
Rule Group Rule[] - Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- type string
- The type of filevantage rule group.
- description str
- Description of the filevantage rule group.
- last_
updated str - name str
- Name of the filevantage rule group.
- rules
Sequence[Filevantage
Rule Group Rule Args] - Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- type str
- The type of filevantage rule group.
- description String
- Description of the filevantage rule group.
- last
Updated String - name String
- Name of the filevantage rule group.
- rules List<Property Map>
- Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
- type String
- The type of filevantage rule group.
Supporting Types
FilevantageRuleGroupRule, FilevantageRuleGroupRuleArgs
- Description string
- Description of the filevantage rule.
- Path string
- Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
- Severity string
- Severity to categorize change events produced by this rule.
- Depth string
- Depth below the base path to monitor.
- Enable
Content boolCapture - Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
- Exclude string
- Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
- Exclude
Processes string - Represents the changes performed by specific processes that will be excluded from monitoring.
- Exclude
Users string - Represents the changes performed by specific users that will be excluded from monitoring.
- File
Names List<string> - List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
- Id string
- Identifier for the filevantage rule.
- Include string
- Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
- Include
Processes string - Represents the changes performed by specific processes that will be monitored.
- Include
Users string - Represents the changes performed by specific users that will be monitored.
- Precedence int
- Precedence of the rule in the rule group.
- Registry
Values List<string> - List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
- Watch
Directory boolAttribute Changes - Monitor directory attribute change events.
- Watch
Directory boolCreate Changes - Monitor directory creation events.
- Watch
Directory boolDelete Changes - Monitor directory deletion events.
- Watch
Directory boolPermission Changes - Monitor directory permission change events.
- Watch
Directory boolRename Changes - Monitor directory rename events.
- Watch
File boolAttribute Changes - Monitor file attribute change events.
- Watch
File boolCreate Changes - Monitor file creation events.
- Watch
File boolDelete Changes - Monitor file deletion events.
- Watch
File boolPermission Changes - Monitor file permission change events.
- Watch
File boolRename Changes - Monitor file rename events.
- Watch
File boolWrite Changes - Monitor file write events.
- Watch
Key boolCreate Changes - Monitor registry key creation events.
- Watch
Key boolDelete Changes - Monitor registry key deletion events.
- Watch
Key boolPermissions Changes - Monitor registry key permission change events.
- Watch
Key boolRename Changes - Monitor registry key rename events.
- Watch
Key boolValue Delete Changes - Monitor registry value deletion events.
- Watch
Key boolValue Set Changes - Monitor registry value set events.
- Description string
- Description of the filevantage rule.
- Path string
- Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
- Severity string
- Severity to categorize change events produced by this rule.
- Depth string
- Depth below the base path to monitor.
- Enable
Content boolCapture - Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
- Exclude string
- Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
- Exclude
Processes string - Represents the changes performed by specific processes that will be excluded from monitoring.
- Exclude
Users string - Represents the changes performed by specific users that will be excluded from monitoring.
- File
Names []string - List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
- Id string
- Identifier for the filevantage rule.
- Include string
- Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
- Include
Processes string - Represents the changes performed by specific processes that will be monitored.
- Include
Users string - Represents the changes performed by specific users that will be monitored.
- Precedence int
- Precedence of the rule in the rule group.
- Registry
Values []string - List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
- Watch
Directory boolAttribute Changes - Monitor directory attribute change events.
- Watch
Directory boolCreate Changes - Monitor directory creation events.
- Watch
Directory boolDelete Changes - Monitor directory deletion events.
- Watch
Directory boolPermission Changes - Monitor directory permission change events.
- Watch
Directory boolRename Changes - Monitor directory rename events.
- Watch
File boolAttribute Changes - Monitor file attribute change events.
- Watch
File boolCreate Changes - Monitor file creation events.
- Watch
File boolDelete Changes - Monitor file deletion events.
- Watch
File boolPermission Changes - Monitor file permission change events.
- Watch
File boolRename Changes - Monitor file rename events.
- Watch
File boolWrite Changes - Monitor file write events.
- Watch
Key boolCreate Changes - Monitor registry key creation events.
- Watch
Key boolDelete Changes - Monitor registry key deletion events.
- Watch
Key boolPermissions Changes - Monitor registry key permission change events.
- Watch
Key boolRename Changes - Monitor registry key rename events.
- Watch
Key boolValue Delete Changes - Monitor registry value deletion events.
- Watch
Key boolValue Set Changes - Monitor registry value set events.
- description String
- Description of the filevantage rule.
- path String
- Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
- severity String
- Severity to categorize change events produced by this rule.
- depth String
- Depth below the base path to monitor.
- enable
Content BooleanCapture - Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
- exclude String
- Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
- exclude
Processes String - Represents the changes performed by specific processes that will be excluded from monitoring.
- exclude
Users String - Represents the changes performed by specific users that will be excluded from monitoring.
- file
Names List<String> - List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
- id String
- Identifier for the filevantage rule.
- include String
- Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
- include
Processes String - Represents the changes performed by specific processes that will be monitored.
- include
Users String - Represents the changes performed by specific users that will be monitored.
- precedence Integer
- Precedence of the rule in the rule group.
- registry
Values List<String> - List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
- watch
Directory BooleanAttribute Changes - Monitor directory attribute change events.
- watch
Directory BooleanCreate Changes - Monitor directory creation events.
- watch
Directory BooleanDelete Changes - Monitor directory deletion events.
- watch
Directory BooleanPermission Changes - Monitor directory permission change events.
- watch
Directory BooleanRename Changes - Monitor directory rename events.
- watch
File BooleanAttribute Changes - Monitor file attribute change events.
- watch
File BooleanCreate Changes - Monitor file creation events.
- watch
File BooleanDelete Changes - Monitor file deletion events.
- watch
File BooleanPermission Changes - Monitor file permission change events.
- watch
File BooleanRename Changes - Monitor file rename events.
- watch
File BooleanWrite Changes - Monitor file write events.
- watch
Key BooleanCreate Changes - Monitor registry key creation events.
- watch
Key BooleanDelete Changes - Monitor registry key deletion events.
- watch
Key BooleanPermissions Changes - Monitor registry key permission change events.
- watch
Key BooleanRename Changes - Monitor registry key rename events.
- watch
Key BooleanValue Delete Changes - Monitor registry value deletion events.
- watch
Key BooleanValue Set Changes - Monitor registry value set events.
- description string
- Description of the filevantage rule.
- path string
- Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
- severity string
- Severity to categorize change events produced by this rule.
- depth string
- Depth below the base path to monitor.
- enable
Content booleanCapture - Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
- exclude string
- Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
- exclude
Processes string - Represents the changes performed by specific processes that will be excluded from monitoring.
- exclude
Users string - Represents the changes performed by specific users that will be excluded from monitoring.
- file
Names string[] - List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
- id string
- Identifier for the filevantage rule.
- include string
- Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
- include
Processes string - Represents the changes performed by specific processes that will be monitored.
- include
Users string - Represents the changes performed by specific users that will be monitored.
- precedence number
- Precedence of the rule in the rule group.
- registry
Values string[] - List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
- watch
Directory booleanAttribute Changes - Monitor directory attribute change events.
- watch
Directory booleanCreate Changes - Monitor directory creation events.
- watch
Directory booleanDelete Changes - Monitor directory deletion events.
- watch
Directory booleanPermission Changes - Monitor directory permission change events.
- watch
Directory booleanRename Changes - Monitor directory rename events.
- watch
File booleanAttribute Changes - Monitor file attribute change events.
- watch
File booleanCreate Changes - Monitor file creation events.
- watch
File booleanDelete Changes - Monitor file deletion events.
- watch
File booleanPermission Changes - Monitor file permission change events.
- watch
File booleanRename Changes - Monitor file rename events.
- watch
File booleanWrite Changes - Monitor file write events.
- watch
Key booleanCreate Changes - Monitor registry key creation events.
- watch
Key booleanDelete Changes - Monitor registry key deletion events.
- watch
Key booleanPermissions Changes - Monitor registry key permission change events.
- watch
Key booleanRename Changes - Monitor registry key rename events.
- watch
Key booleanValue Delete Changes - Monitor registry value deletion events.
- watch
Key booleanValue Set Changes - Monitor registry value set events.
- description str
- Description of the filevantage rule.
- path str
- Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
- severity str
- Severity to categorize change events produced by this rule.
- depth str
- Depth below the base path to monitor.
- enable_
content_ boolcapture - Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
- exclude str
- Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
- exclude_
processes str - Represents the changes performed by specific processes that will be excluded from monitoring.
- exclude_
users str - Represents the changes performed by specific users that will be excluded from monitoring.
- file_
names Sequence[str] - List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
- id str
- Identifier for the filevantage rule.
- include str
- Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
- include_
processes str - Represents the changes performed by specific processes that will be monitored.
- include_
users str - Represents the changes performed by specific users that will be monitored.
- precedence int
- Precedence of the rule in the rule group.
- registry_
values Sequence[str] - List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
- watch_
directory_ boolattribute_ changes - Monitor directory attribute change events.
- watch_
directory_ boolcreate_ changes - Monitor directory creation events.
- watch_
directory_ booldelete_ changes - Monitor directory deletion events.
- watch_
directory_ boolpermission_ changes - Monitor directory permission change events.
- watch_
directory_ boolrename_ changes - Monitor directory rename events.
- watch_
file_ boolattribute_ changes - Monitor file attribute change events.
- watch_
file_ boolcreate_ changes - Monitor file creation events.
- watch_
file_ booldelete_ changes - Monitor file deletion events.
- watch_
file_ boolpermission_ changes - Monitor file permission change events.
- watch_
file_ boolrename_ changes - Monitor file rename events.
- watch_
file_ boolwrite_ changes - Monitor file write events.
- watch_
key_ boolcreate_ changes - Monitor registry key creation events.
- watch_
key_ booldelete_ changes - Monitor registry key deletion events.
- watch_
key_ boolpermissions_ changes - Monitor registry key permission change events.
- watch_
key_ boolrename_ changes - Monitor registry key rename events.
- watch_
key_ boolvalue_ delete_ changes - Monitor registry value deletion events.
- watch_
key_ boolvalue_ set_ changes - Monitor registry value set events.
- description String
- Description of the filevantage rule.
- path String
- Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
- severity String
- Severity to categorize change events produced by this rule.
- depth String
- Depth below the base path to monitor.
- enable
Content BooleanCapture - Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
- exclude String
- Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
- exclude
Processes String - Represents the changes performed by specific processes that will be excluded from monitoring.
- exclude
Users String - Represents the changes performed by specific users that will be excluded from monitoring.
- file
Names List<String> - List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
- id String
- Identifier for the filevantage rule.
- include String
- Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
- include
Processes String - Represents the changes performed by specific processes that will be monitored.
- include
Users String - Represents the changes performed by specific users that will be monitored.
- precedence Number
- Precedence of the rule in the rule group.
- registry
Values List<String> - List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
- watch
Directory BooleanAttribute Changes - Monitor directory attribute change events.
- watch
Directory BooleanCreate Changes - Monitor directory creation events.
- watch
Directory BooleanDelete Changes - Monitor directory deletion events.
- watch
Directory BooleanPermission Changes - Monitor directory permission change events.
- watch
Directory BooleanRename Changes - Monitor directory rename events.
- watch
File BooleanAttribute Changes - Monitor file attribute change events.
- watch
File BooleanCreate Changes - Monitor file creation events.
- watch
File BooleanDelete Changes - Monitor file deletion events.
- watch
File BooleanPermission Changes - Monitor file permission change events.
- watch
File BooleanRename Changes - Monitor file rename events.
- watch
File BooleanWrite Changes - Monitor file write events.
- watch
Key BooleanCreate Changes - Monitor registry key creation events.
- watch
Key BooleanDelete Changes - Monitor registry key deletion events.
- watch
Key BooleanPermissions Changes - Monitor registry key permission change events.
- watch
Key BooleanRename Changes - Monitor registry key rename events.
- watch
Key BooleanValue Delete Changes - Monitor registry value deletion events.
- watch
Key BooleanValue Set Changes - Monitor registry value set events.
Import
filevantage rule group can be imported by specifying the policy id.
$ pulumi import crowdstrike:index/filevantageRuleGroup:FilevantageRuleGroup example 7fb858a949034a0cbca175f660f1e769
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- crowdstrike crowdstrike/pulumi-crowdstrike
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
crowdstrike
Terraform Provider.