1. Packages
  2. CrowdStrike
  3. API Docs
  4. FilevantageRuleGroup
CrowdStrike v0.0.7 published on Tuesday, Jan 14, 2025 by CrowdStrike

crowdstrike.FilevantageRuleGroup

Explore with Pulumi AI

crowdstrike logo
CrowdStrike v0.0.7 published on Tuesday, Jan 14, 2025 by CrowdStrike

    This resource allows management of a FileVantage rule group. A FileVantage rule group is a collection of file integrity rules that can be assigned to a FileVantge policy.

    API Scopes

    The following API scopes are required:

    • Falcon FileVantage | Read & Write

    Example Usage

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.crowdstrike.FilevantageRuleGroup;
    import com.pulumi.crowdstrike.FilevantageRuleGroupArgs;
    import com.pulumi.crowdstrike.inputs.FilevantageRuleGroupRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new FilevantageRuleGroup("example", FilevantageRuleGroupArgs.builder()
                .description("Made with Pulumi")
                .type("WindowsRegistry")
                .rules(            
                    FilevantageRuleGroupRuleArgs.builder()
                        .description("first rule")
                        .path("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\")
                        .severity("High")
                        .depth("ANY")
                        .registry_values(                    
                            "first",
                            "rule")
                        .watch_key_value_set_changes(true)
                        .enable_content_capture(true)
                        .build(),
                    FilevantageRuleGroupRuleArgs.builder()
                        .description("second rule")
                        .path("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\")
                        .severity("High")
                        .depth("ANY")
                        .registry_values(                    
                            "Value1",
                            "Value2")
                        .watch_key_value_set_changes(true)
                        .enable_content_capture(true)
                        .build())
                .build());
    
            ctx.export("filevantageRuleGroup", example);
        }
    }
    
    resources:
      example:
        type: crowdstrike:FilevantageRuleGroup
        properties:
          description: Made with Pulumi
          type: WindowsRegistry
          rules:
            - description: first rule
              path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
              severity: High
              depth: ANY
              registry_values:
                - first
                - rule
              watch_key_value_set_changes: true
              enable_content_capture: true
            - description: second rule
              path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
              severity: High
              depth: ANY
              registry_values:
                - Value1
                - Value2
              watch_key_value_set_changes: true
              enable_content_capture: true
    outputs:
      filevantageRuleGroup: ${example}
    

    Create FilevantageRuleGroup Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FilevantageRuleGroup(name: string, args?: FilevantageRuleGroupArgs, opts?: CustomResourceOptions);
    @overload
    def FilevantageRuleGroup(resource_name: str,
                             args: Optional[FilevantageRuleGroupArgs] = None,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def FilevantageRuleGroup(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             description: Optional[str] = None,
                             name: Optional[str] = None,
                             rules: Optional[Sequence[FilevantageRuleGroupRuleArgs]] = None,
                             type: Optional[str] = None)
    func NewFilevantageRuleGroup(ctx *Context, name string, args *FilevantageRuleGroupArgs, opts ...ResourceOption) (*FilevantageRuleGroup, error)
    public FilevantageRuleGroup(string name, FilevantageRuleGroupArgs? args = null, CustomResourceOptions? opts = null)
    public FilevantageRuleGroup(String name, FilevantageRuleGroupArgs args)
    public FilevantageRuleGroup(String name, FilevantageRuleGroupArgs args, CustomResourceOptions options)
    
    type: crowdstrike:FilevantageRuleGroup
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FilevantageRuleGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FilevantageRuleGroupArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FilevantageRuleGroupArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FilevantageRuleGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FilevantageRuleGroupArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var filevantageRuleGroupResource = new Crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource", new()
    {
        Description = "string",
        Name = "string",
        Rules = new[]
        {
            new Crowdstrike.Inputs.FilevantageRuleGroupRuleArgs
            {
                Path = "string",
                Description = "string",
                Severity = "string",
                WatchDirectoryCreateChanges = false,
                Id = "string",
                WatchDirectoryDeleteChanges = false,
                FileNames = new[]
                {
                    "string",
                },
                WatchDirectoryPermissionChanges = false,
                Include = "string",
                IncludeProcesses = "string",
                IncludeUsers = "string",
                Exclude = "string",
                Precedence = 0,
                RegistryValues = new[]
                {
                    "string",
                },
                WatchDirectoryRenameChanges = false,
                WatchDirectoryAttributeChanges = false,
                Depth = "string",
                ExcludeUsers = "string",
                ExcludeProcesses = "string",
                EnableContentCapture = false,
                WatchFileAttributeChanges = false,
                WatchFileCreateChanges = false,
                WatchFileDeleteChanges = false,
                WatchFilePermissionChanges = false,
                WatchFileRenameChanges = false,
                WatchFileWriteChanges = false,
                WatchKeyCreateChanges = false,
                WatchKeyDeleteChanges = false,
                WatchKeyPermissionsChanges = false,
                WatchKeyRenameChanges = false,
                WatchKeyValueDeleteChanges = false,
                WatchKeyValueSetChanges = false,
            },
        },
        Type = "string",
    });
    
    example, err := crowdstrike.NewFilevantageRuleGroup(ctx, "filevantageRuleGroupResource", &crowdstrike.FilevantageRuleGroupArgs{
    	Description: pulumi.String("string"),
    	Name:        pulumi.String("string"),
    	Rules: crowdstrike.FilevantageRuleGroupRuleArray{
    		&crowdstrike.FilevantageRuleGroupRuleArgs{
    			Path:                        pulumi.String("string"),
    			Description:                 pulumi.String("string"),
    			Severity:                    pulumi.String("string"),
    			WatchDirectoryCreateChanges: pulumi.Bool(false),
    			Id:                          pulumi.String("string"),
    			WatchDirectoryDeleteChanges: pulumi.Bool(false),
    			FileNames: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			WatchDirectoryPermissionChanges: pulumi.Bool(false),
    			Include:                         pulumi.String("string"),
    			IncludeProcesses:                pulumi.String("string"),
    			IncludeUsers:                    pulumi.String("string"),
    			Exclude:                         pulumi.String("string"),
    			Precedence:                      pulumi.Int(0),
    			RegistryValues: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			WatchDirectoryRenameChanges:    pulumi.Bool(false),
    			WatchDirectoryAttributeChanges: pulumi.Bool(false),
    			Depth:                          pulumi.String("string"),
    			ExcludeUsers:                   pulumi.String("string"),
    			ExcludeProcesses:               pulumi.String("string"),
    			EnableContentCapture:           pulumi.Bool(false),
    			WatchFileAttributeChanges:      pulumi.Bool(false),
    			WatchFileCreateChanges:         pulumi.Bool(false),
    			WatchFileDeleteChanges:         pulumi.Bool(false),
    			WatchFilePermissionChanges:     pulumi.Bool(false),
    			WatchFileRenameChanges:         pulumi.Bool(false),
    			WatchFileWriteChanges:          pulumi.Bool(false),
    			WatchKeyCreateChanges:          pulumi.Bool(false),
    			WatchKeyDeleteChanges:          pulumi.Bool(false),
    			WatchKeyPermissionsChanges:     pulumi.Bool(false),
    			WatchKeyRenameChanges:          pulumi.Bool(false),
    			WatchKeyValueDeleteChanges:     pulumi.Bool(false),
    			WatchKeyValueSetChanges:        pulumi.Bool(false),
    		},
    	},
    	Type: pulumi.String("string"),
    })
    
    var filevantageRuleGroupResource = new FilevantageRuleGroup("filevantageRuleGroupResource", FilevantageRuleGroupArgs.builder()
        .description("string")
        .name("string")
        .rules(FilevantageRuleGroupRuleArgs.builder()
            .path("string")
            .description("string")
            .severity("string")
            .watchDirectoryCreateChanges(false)
            .id("string")
            .watchDirectoryDeleteChanges(false)
            .fileNames("string")
            .watchDirectoryPermissionChanges(false)
            .include("string")
            .includeProcesses("string")
            .includeUsers("string")
            .exclude("string")
            .precedence(0)
            .registryValues("string")
            .watchDirectoryRenameChanges(false)
            .watchDirectoryAttributeChanges(false)
            .depth("string")
            .excludeUsers("string")
            .excludeProcesses("string")
            .enableContentCapture(false)
            .watchFileAttributeChanges(false)
            .watchFileCreateChanges(false)
            .watchFileDeleteChanges(false)
            .watchFilePermissionChanges(false)
            .watchFileRenameChanges(false)
            .watchFileWriteChanges(false)
            .watchKeyCreateChanges(false)
            .watchKeyDeleteChanges(false)
            .watchKeyPermissionsChanges(false)
            .watchKeyRenameChanges(false)
            .watchKeyValueDeleteChanges(false)
            .watchKeyValueSetChanges(false)
            .build())
        .type("string")
        .build());
    
    filevantage_rule_group_resource = crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource",
        description="string",
        name="string",
        rules=[{
            "path": "string",
            "description": "string",
            "severity": "string",
            "watch_directory_create_changes": False,
            "id": "string",
            "watch_directory_delete_changes": False,
            "file_names": ["string"],
            "watch_directory_permission_changes": False,
            "include": "string",
            "include_processes": "string",
            "include_users": "string",
            "exclude": "string",
            "precedence": 0,
            "registry_values": ["string"],
            "watch_directory_rename_changes": False,
            "watch_directory_attribute_changes": False,
            "depth": "string",
            "exclude_users": "string",
            "exclude_processes": "string",
            "enable_content_capture": False,
            "watch_file_attribute_changes": False,
            "watch_file_create_changes": False,
            "watch_file_delete_changes": False,
            "watch_file_permission_changes": False,
            "watch_file_rename_changes": False,
            "watch_file_write_changes": False,
            "watch_key_create_changes": False,
            "watch_key_delete_changes": False,
            "watch_key_permissions_changes": False,
            "watch_key_rename_changes": False,
            "watch_key_value_delete_changes": False,
            "watch_key_value_set_changes": False,
        }],
        type="string")
    
    const filevantageRuleGroupResource = new crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource", {
        description: "string",
        name: "string",
        rules: [{
            path: "string",
            description: "string",
            severity: "string",
            watchDirectoryCreateChanges: false,
            id: "string",
            watchDirectoryDeleteChanges: false,
            fileNames: ["string"],
            watchDirectoryPermissionChanges: false,
            include: "string",
            includeProcesses: "string",
            includeUsers: "string",
            exclude: "string",
            precedence: 0,
            registryValues: ["string"],
            watchDirectoryRenameChanges: false,
            watchDirectoryAttributeChanges: false,
            depth: "string",
            excludeUsers: "string",
            excludeProcesses: "string",
            enableContentCapture: false,
            watchFileAttributeChanges: false,
            watchFileCreateChanges: false,
            watchFileDeleteChanges: false,
            watchFilePermissionChanges: false,
            watchFileRenameChanges: false,
            watchFileWriteChanges: false,
            watchKeyCreateChanges: false,
            watchKeyDeleteChanges: false,
            watchKeyPermissionsChanges: false,
            watchKeyRenameChanges: false,
            watchKeyValueDeleteChanges: false,
            watchKeyValueSetChanges: false,
        }],
        type: "string",
    });
    
    type: crowdstrike:FilevantageRuleGroup
    properties:
        description: string
        name: string
        rules:
            - depth: string
              description: string
              enableContentCapture: false
              exclude: string
              excludeProcesses: string
              excludeUsers: string
              fileNames:
                - string
              id: string
              include: string
              includeProcesses: string
              includeUsers: string
              path: string
              precedence: 0
              registryValues:
                - string
              severity: string
              watchDirectoryAttributeChanges: false
              watchDirectoryCreateChanges: false
              watchDirectoryDeleteChanges: false
              watchDirectoryPermissionChanges: false
              watchDirectoryRenameChanges: false
              watchFileAttributeChanges: false
              watchFileCreateChanges: false
              watchFileDeleteChanges: false
              watchFilePermissionChanges: false
              watchFileRenameChanges: false
              watchFileWriteChanges: false
              watchKeyCreateChanges: false
              watchKeyDeleteChanges: false
              watchKeyPermissionsChanges: false
              watchKeyRenameChanges: false
              watchKeyValueDeleteChanges: false
              watchKeyValueSetChanges: false
        type: string
    

    FilevantageRuleGroup Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The FilevantageRuleGroup resource accepts the following input properties:

    Description string
    Description of the filevantage rule group.
    Name string
    Name of the filevantage rule group.
    Rules List<CrowdStrike.Crowdstrike.Inputs.FilevantageRuleGroupRule>
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    Type string
    The type of filevantage rule group.
    Description string
    Description of the filevantage rule group.
    Name string
    Name of the filevantage rule group.
    Rules []FilevantageRuleGroupRuleArgs
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    Type string
    The type of filevantage rule group.
    description String
    Description of the filevantage rule group.
    name String
    Name of the filevantage rule group.
    rules List<FilevantageRuleGroupRule>
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    type String
    The type of filevantage rule group.
    description string
    Description of the filevantage rule group.
    name string
    Name of the filevantage rule group.
    rules FilevantageRuleGroupRule[]
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    type string
    The type of filevantage rule group.
    description str
    Description of the filevantage rule group.
    name str
    Name of the filevantage rule group.
    rules Sequence[FilevantageRuleGroupRuleArgs]
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    type str
    The type of filevantage rule group.
    description String
    Description of the filevantage rule group.
    name String
    Name of the filevantage rule group.
    rules List<Property Map>
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    type String
    The type of filevantage rule group.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FilevantageRuleGroup resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    LastUpdated string
    Id string
    The provider-assigned unique ID for this managed resource.
    LastUpdated string
    id String
    The provider-assigned unique ID for this managed resource.
    lastUpdated String
    id string
    The provider-assigned unique ID for this managed resource.
    lastUpdated string
    id str
    The provider-assigned unique ID for this managed resource.
    last_updated str
    id String
    The provider-assigned unique ID for this managed resource.
    lastUpdated String

    Look up Existing FilevantageRuleGroup Resource

    Get an existing FilevantageRuleGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FilevantageRuleGroupState, opts?: CustomResourceOptions): FilevantageRuleGroup
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            description: Optional[str] = None,
            last_updated: Optional[str] = None,
            name: Optional[str] = None,
            rules: Optional[Sequence[FilevantageRuleGroupRuleArgs]] = None,
            type: Optional[str] = None) -> FilevantageRuleGroup
    func GetFilevantageRuleGroup(ctx *Context, name string, id IDInput, state *FilevantageRuleGroupState, opts ...ResourceOption) (*FilevantageRuleGroup, error)
    public static FilevantageRuleGroup Get(string name, Input<string> id, FilevantageRuleGroupState? state, CustomResourceOptions? opts = null)
    public static FilevantageRuleGroup get(String name, Output<String> id, FilevantageRuleGroupState state, CustomResourceOptions options)
    resources:  _:    type: crowdstrike:FilevantageRuleGroup    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Description string
    Description of the filevantage rule group.
    LastUpdated string
    Name string
    Name of the filevantage rule group.
    Rules List<CrowdStrike.Crowdstrike.Inputs.FilevantageRuleGroupRule>
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    Type string
    The type of filevantage rule group.
    Description string
    Description of the filevantage rule group.
    LastUpdated string
    Name string
    Name of the filevantage rule group.
    Rules []FilevantageRuleGroupRuleArgs
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    Type string
    The type of filevantage rule group.
    description String
    Description of the filevantage rule group.
    lastUpdated String
    name String
    Name of the filevantage rule group.
    rules List<FilevantageRuleGroupRule>
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    type String
    The type of filevantage rule group.
    description string
    Description of the filevantage rule group.
    lastUpdated string
    name string
    Name of the filevantage rule group.
    rules FilevantageRuleGroupRule[]
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    type string
    The type of filevantage rule group.
    description str
    Description of the filevantage rule group.
    last_updated str
    name str
    Name of the filevantage rule group.
    rules Sequence[FilevantageRuleGroupRuleArgs]
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    type str
    The type of filevantage rule group.
    description String
    Description of the filevantage rule group.
    lastUpdated String
    name String
    Name of the filevantage rule group.
    rules List<Property Map>
    Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
    type String
    The type of filevantage rule group.

    Supporting Types

    FilevantageRuleGroupRule, FilevantageRuleGroupRuleArgs

    Description string
    Description of the filevantage rule.
    Path string
    Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
    Severity string
    Severity to categorize change events produced by this rule.
    Depth string
    Depth below the base path to monitor.
    EnableContentCapture bool
    Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
    Exclude string
    Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
    ExcludeProcesses string
    Represents the changes performed by specific processes that will be excluded from monitoring.
    ExcludeUsers string
    Represents the changes performed by specific users that will be excluded from monitoring.
    FileNames List<string>
    List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
    Id string
    Identifier for the filevantage rule.
    Include string
    Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
    IncludeProcesses string
    Represents the changes performed by specific processes that will be monitored.
    IncludeUsers string
    Represents the changes performed by specific users that will be monitored.
    Precedence int
    Precedence of the rule in the rule group.
    RegistryValues List<string>
    List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
    WatchDirectoryAttributeChanges bool
    Monitor directory attribute change events.
    WatchDirectoryCreateChanges bool
    Monitor directory creation events.
    WatchDirectoryDeleteChanges bool
    Monitor directory deletion events.
    WatchDirectoryPermissionChanges bool
    Monitor directory permission change events.
    WatchDirectoryRenameChanges bool
    Monitor directory rename events.
    WatchFileAttributeChanges bool
    Monitor file attribute change events.
    WatchFileCreateChanges bool
    Monitor file creation events.
    WatchFileDeleteChanges bool
    Monitor file deletion events.
    WatchFilePermissionChanges bool
    Monitor file permission change events.
    WatchFileRenameChanges bool
    Monitor file rename events.
    WatchFileWriteChanges bool
    Monitor file write events.
    WatchKeyCreateChanges bool
    Monitor registry key creation events.
    WatchKeyDeleteChanges bool
    Monitor registry key deletion events.
    WatchKeyPermissionsChanges bool
    Monitor registry key permission change events.
    WatchKeyRenameChanges bool
    Monitor registry key rename events.
    WatchKeyValueDeleteChanges bool
    Monitor registry value deletion events.
    WatchKeyValueSetChanges bool
    Monitor registry value set events.
    Description string
    Description of the filevantage rule.
    Path string
    Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
    Severity string
    Severity to categorize change events produced by this rule.
    Depth string
    Depth below the base path to monitor.
    EnableContentCapture bool
    Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
    Exclude string
    Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
    ExcludeProcesses string
    Represents the changes performed by specific processes that will be excluded from monitoring.
    ExcludeUsers string
    Represents the changes performed by specific users that will be excluded from monitoring.
    FileNames []string
    List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
    Id string
    Identifier for the filevantage rule.
    Include string
    Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
    IncludeProcesses string
    Represents the changes performed by specific processes that will be monitored.
    IncludeUsers string
    Represents the changes performed by specific users that will be monitored.
    Precedence int
    Precedence of the rule in the rule group.
    RegistryValues []string
    List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
    WatchDirectoryAttributeChanges bool
    Monitor directory attribute change events.
    WatchDirectoryCreateChanges bool
    Monitor directory creation events.
    WatchDirectoryDeleteChanges bool
    Monitor directory deletion events.
    WatchDirectoryPermissionChanges bool
    Monitor directory permission change events.
    WatchDirectoryRenameChanges bool
    Monitor directory rename events.
    WatchFileAttributeChanges bool
    Monitor file attribute change events.
    WatchFileCreateChanges bool
    Monitor file creation events.
    WatchFileDeleteChanges bool
    Monitor file deletion events.
    WatchFilePermissionChanges bool
    Monitor file permission change events.
    WatchFileRenameChanges bool
    Monitor file rename events.
    WatchFileWriteChanges bool
    Monitor file write events.
    WatchKeyCreateChanges bool
    Monitor registry key creation events.
    WatchKeyDeleteChanges bool
    Monitor registry key deletion events.
    WatchKeyPermissionsChanges bool
    Monitor registry key permission change events.
    WatchKeyRenameChanges bool
    Monitor registry key rename events.
    WatchKeyValueDeleteChanges bool
    Monitor registry value deletion events.
    WatchKeyValueSetChanges bool
    Monitor registry value set events.
    description String
    Description of the filevantage rule.
    path String
    Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
    severity String
    Severity to categorize change events produced by this rule.
    depth String
    Depth below the base path to monitor.
    enableContentCapture Boolean
    Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
    exclude String
    Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
    excludeProcesses String
    Represents the changes performed by specific processes that will be excluded from monitoring.
    excludeUsers String
    Represents the changes performed by specific users that will be excluded from monitoring.
    fileNames List<String>
    List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
    id String
    Identifier for the filevantage rule.
    include String
    Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
    includeProcesses String
    Represents the changes performed by specific processes that will be monitored.
    includeUsers String
    Represents the changes performed by specific users that will be monitored.
    precedence Integer
    Precedence of the rule in the rule group.
    registryValues List<String>
    List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
    watchDirectoryAttributeChanges Boolean
    Monitor directory attribute change events.
    watchDirectoryCreateChanges Boolean
    Monitor directory creation events.
    watchDirectoryDeleteChanges Boolean
    Monitor directory deletion events.
    watchDirectoryPermissionChanges Boolean
    Monitor directory permission change events.
    watchDirectoryRenameChanges Boolean
    Monitor directory rename events.
    watchFileAttributeChanges Boolean
    Monitor file attribute change events.
    watchFileCreateChanges Boolean
    Monitor file creation events.
    watchFileDeleteChanges Boolean
    Monitor file deletion events.
    watchFilePermissionChanges Boolean
    Monitor file permission change events.
    watchFileRenameChanges Boolean
    Monitor file rename events.
    watchFileWriteChanges Boolean
    Monitor file write events.
    watchKeyCreateChanges Boolean
    Monitor registry key creation events.
    watchKeyDeleteChanges Boolean
    Monitor registry key deletion events.
    watchKeyPermissionsChanges Boolean
    Monitor registry key permission change events.
    watchKeyRenameChanges Boolean
    Monitor registry key rename events.
    watchKeyValueDeleteChanges Boolean
    Monitor registry value deletion events.
    watchKeyValueSetChanges Boolean
    Monitor registry value set events.
    description string
    Description of the filevantage rule.
    path string
    Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
    severity string
    Severity to categorize change events produced by this rule.
    depth string
    Depth below the base path to monitor.
    enableContentCapture boolean
    Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
    exclude string
    Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
    excludeProcesses string
    Represents the changes performed by specific processes that will be excluded from monitoring.
    excludeUsers string
    Represents the changes performed by specific users that will be excluded from monitoring.
    fileNames string[]
    List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
    id string
    Identifier for the filevantage rule.
    include string
    Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
    includeProcesses string
    Represents the changes performed by specific processes that will be monitored.
    includeUsers string
    Represents the changes performed by specific users that will be monitored.
    precedence number
    Precedence of the rule in the rule group.
    registryValues string[]
    List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
    watchDirectoryAttributeChanges boolean
    Monitor directory attribute change events.
    watchDirectoryCreateChanges boolean
    Monitor directory creation events.
    watchDirectoryDeleteChanges boolean
    Monitor directory deletion events.
    watchDirectoryPermissionChanges boolean
    Monitor directory permission change events.
    watchDirectoryRenameChanges boolean
    Monitor directory rename events.
    watchFileAttributeChanges boolean
    Monitor file attribute change events.
    watchFileCreateChanges boolean
    Monitor file creation events.
    watchFileDeleteChanges boolean
    Monitor file deletion events.
    watchFilePermissionChanges boolean
    Monitor file permission change events.
    watchFileRenameChanges boolean
    Monitor file rename events.
    watchFileWriteChanges boolean
    Monitor file write events.
    watchKeyCreateChanges boolean
    Monitor registry key creation events.
    watchKeyDeleteChanges boolean
    Monitor registry key deletion events.
    watchKeyPermissionsChanges boolean
    Monitor registry key permission change events.
    watchKeyRenameChanges boolean
    Monitor registry key rename events.
    watchKeyValueDeleteChanges boolean
    Monitor registry value deletion events.
    watchKeyValueSetChanges boolean
    Monitor registry value set events.
    description str
    Description of the filevantage rule.
    path str
    Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
    severity str
    Severity to categorize change events produced by this rule.
    depth str
    Depth below the base path to monitor.
    enable_content_capture bool
    Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
    exclude str
    Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
    exclude_processes str
    Represents the changes performed by specific processes that will be excluded from monitoring.
    exclude_users str
    Represents the changes performed by specific users that will be excluded from monitoring.
    file_names Sequence[str]
    List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
    id str
    Identifier for the filevantage rule.
    include str
    Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
    include_processes str
    Represents the changes performed by specific processes that will be monitored.
    include_users str
    Represents the changes performed by specific users that will be monitored.
    precedence int
    Precedence of the rule in the rule group.
    registry_values Sequence[str]
    List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
    watch_directory_attribute_changes bool
    Monitor directory attribute change events.
    watch_directory_create_changes bool
    Monitor directory creation events.
    watch_directory_delete_changes bool
    Monitor directory deletion events.
    watch_directory_permission_changes bool
    Monitor directory permission change events.
    watch_directory_rename_changes bool
    Monitor directory rename events.
    watch_file_attribute_changes bool
    Monitor file attribute change events.
    watch_file_create_changes bool
    Monitor file creation events.
    watch_file_delete_changes bool
    Monitor file deletion events.
    watch_file_permission_changes bool
    Monitor file permission change events.
    watch_file_rename_changes bool
    Monitor file rename events.
    watch_file_write_changes bool
    Monitor file write events.
    watch_key_create_changes bool
    Monitor registry key creation events.
    watch_key_delete_changes bool
    Monitor registry key deletion events.
    watch_key_permissions_changes bool
    Monitor registry key permission change events.
    watch_key_rename_changes bool
    Monitor registry key rename events.
    watch_key_value_delete_changes bool
    Monitor registry value deletion events.
    watch_key_value_set_changes bool
    Monitor registry value set events.
    description String
    Description of the filevantage rule.
    path String
    Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
    severity String
    Severity to categorize change events produced by this rule.
    depth String
    Depth below the base path to monitor.
    enableContentCapture Boolean
    Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
    exclude String
    Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
    excludeProcesses String
    Represents the changes performed by specific processes that will be excluded from monitoring.
    excludeUsers String
    Represents the changes performed by specific users that will be excluded from monitoring.
    fileNames List<String>
    List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
    id String
    Identifier for the filevantage rule.
    include String
    Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
    includeProcesses String
    Represents the changes performed by specific processes that will be monitored.
    includeUsers String
    Represents the changes performed by specific users that will be monitored.
    precedence Number
    Precedence of the rule in the rule group.
    registryValues List<String>
    List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
    watchDirectoryAttributeChanges Boolean
    Monitor directory attribute change events.
    watchDirectoryCreateChanges Boolean
    Monitor directory creation events.
    watchDirectoryDeleteChanges Boolean
    Monitor directory deletion events.
    watchDirectoryPermissionChanges Boolean
    Monitor directory permission change events.
    watchDirectoryRenameChanges Boolean
    Monitor directory rename events.
    watchFileAttributeChanges Boolean
    Monitor file attribute change events.
    watchFileCreateChanges Boolean
    Monitor file creation events.
    watchFileDeleteChanges Boolean
    Monitor file deletion events.
    watchFilePermissionChanges Boolean
    Monitor file permission change events.
    watchFileRenameChanges Boolean
    Monitor file rename events.
    watchFileWriteChanges Boolean
    Monitor file write events.
    watchKeyCreateChanges Boolean
    Monitor registry key creation events.
    watchKeyDeleteChanges Boolean
    Monitor registry key deletion events.
    watchKeyPermissionsChanges Boolean
    Monitor registry key permission change events.
    watchKeyRenameChanges Boolean
    Monitor registry key rename events.
    watchKeyValueDeleteChanges Boolean
    Monitor registry value deletion events.
    watchKeyValueSetChanges Boolean
    Monitor registry value set events.

    Import

    filevantage rule group can be imported by specifying the policy id.

    $ pulumi import crowdstrike:index/filevantageRuleGroup:FilevantageRuleGroup example 7fb858a949034a0cbca175f660f1e769
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    crowdstrike crowdstrike/pulumi-crowdstrike
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the crowdstrike Terraform Provider.
    crowdstrike logo
    CrowdStrike v0.0.7 published on Tuesday, Jan 14, 2025 by CrowdStrike