Docs Home
lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework
lacework.VulnerabilityExceptionHost
Explore with Pulumi AI
Use this resource to manage Lacework vulnerability exceptions to control and customize your alert profile for hosts, such as for a known package on a specific host. Customize your exceptions by defining the resource scope, vulnerability criteria, and context for each exception.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as lacework from "@pulumi/lacework";
const example = new lacework.VulnerabilityExceptionHost("example", {
description: "This is a host vulnerability exception",
enabled: true,
expiry: "2023-06-06T15:55:15Z",
reason: "Accepted Risk",
resourceScope: {
clusterNames: [
"cluster1",
"cluster2",
],
hostnames: [
"host1",
"host2",
],
namespaces: [
"namespace1",
"namespace2",
],
},
vulnerabilityCriteria: {
cves: [
"cve-2021-11111",
"cve-2021-22222",
],
fixableVuln: "true",
packages: [
{
name: "myPackage",
version: "1.0.0",
},
{
name: "myOtherPackage",
version: "1.0.0",
},
],
severities: ["Critical"],
},
});
import pulumi
import pulumi_lacework as lacework
example = lacework.VulnerabilityExceptionHost("example",
description="This is a host vulnerability exception",
enabled=True,
expiry="2023-06-06T15:55:15Z",
reason="Accepted Risk",
resource_scope={
"cluster_names": [
"cluster1",
"cluster2",
],
"hostnames": [
"host1",
"host2",
],
"namespaces": [
"namespace1",
"namespace2",
],
},
vulnerability_criteria={
"cves": [
"cve-2021-11111",
"cve-2021-22222",
],
"fixable_vuln": "true",
"packages": [
{
"name": "myPackage",
"version": "1.0.0",
},
{
"name": "myOtherPackage",
"version": "1.0.0",
},
],
"severities": ["Critical"],
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/lacework/v2/lacework"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lacework.NewVulnerabilityExceptionHost(ctx, "example", &lacework.VulnerabilityExceptionHostArgs{
Description: pulumi.String("This is a host vulnerability exception"),
Enabled: pulumi.Bool(true),
Expiry: pulumi.String("2023-06-06T15:55:15Z"),
Reason: pulumi.String("Accepted Risk"),
ResourceScope: &lacework.VulnerabilityExceptionHostResourceScopeArgs{
ClusterNames: pulumi.StringArray{
pulumi.String("cluster1"),
pulumi.String("cluster2"),
},
Hostnames: pulumi.StringArray{
pulumi.String("host1"),
pulumi.String("host2"),
},
Namespaces: pulumi.StringArray{
pulumi.String("namespace1"),
pulumi.String("namespace2"),
},
},
VulnerabilityCriteria: &lacework.VulnerabilityExceptionHostVulnerabilityCriteriaArgs{
Cves: pulumi.StringArray{
pulumi.String("cve-2021-11111"),
pulumi.String("cve-2021-22222"),
},
FixableVuln: pulumi.String("true"),
Packages: lacework.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArray{
&lacework.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs{
Name: pulumi.String("myPackage"),
Version: pulumi.String("1.0.0"),
},
&lacework.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs{
Name: pulumi.String("myOtherPackage"),
Version: pulumi.String("1.0.0"),
},
},
Severities: pulumi.StringArray{
pulumi.String("Critical"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Lacework = Pulumi.Lacework;
return await Deployment.RunAsync(() =>
{
var example = new Lacework.VulnerabilityExceptionHost("example", new()
{
Description = "This is a host vulnerability exception",
Enabled = true,
Expiry = "2023-06-06T15:55:15Z",
Reason = "Accepted Risk",
ResourceScope = new Lacework.Inputs.VulnerabilityExceptionHostResourceScopeArgs
{
ClusterNames = new[]
{
"cluster1",
"cluster2",
},
Hostnames = new[]
{
"host1",
"host2",
},
Namespaces = new[]
{
"namespace1",
"namespace2",
},
},
VulnerabilityCriteria = new Lacework.Inputs.VulnerabilityExceptionHostVulnerabilityCriteriaArgs
{
Cves = new[]
{
"cve-2021-11111",
"cve-2021-22222",
},
FixableVuln = "true",
Packages = new[]
{
new Lacework.Inputs.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs
{
Name = "myPackage",
Version = "1.0.0",
},
new Lacework.Inputs.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs
{
Name = "myOtherPackage",
Version = "1.0.0",
},
},
Severities = new[]
{
"Critical",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.lacework.VulnerabilityExceptionHost;
import com.pulumi.lacework.VulnerabilityExceptionHostArgs;
import com.pulumi.lacework.inputs.VulnerabilityExceptionHostResourceScopeArgs;
import com.pulumi.lacework.inputs.VulnerabilityExceptionHostVulnerabilityCriteriaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new VulnerabilityExceptionHost("example", VulnerabilityExceptionHostArgs.builder()
.description("This is a host vulnerability exception")
.enabled(true)
.expiry("2023-06-06T15:55:15Z")
.reason("Accepted Risk")
.resourceScope(VulnerabilityExceptionHostResourceScopeArgs.builder()
.clusterNames(
"cluster1",
"cluster2")
.hostnames(
"host1",
"host2")
.namespaces(
"namespace1",
"namespace2")
.build())
.vulnerabilityCriteria(VulnerabilityExceptionHostVulnerabilityCriteriaArgs.builder()
.cves(
"cve-2021-11111",
"cve-2021-22222")
.fixableVuln("true")
.packages(
VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs.builder()
.name("myPackage")
.version("1.0.0")
.build(),
VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs.builder()
.name("myOtherPackage")
.version("1.0.0")
.build())
.severities("Critical")
.build())
.build());
}
}
resources:
example:
type: lacework:VulnerabilityExceptionHost
properties:
description: This is a host vulnerability exception
enabled: true
expiry: 2023-06-06T15:55:15Z
reason: Accepted Risk
resourceScope:
clusterNames:
- cluster1
- cluster2
hostnames:
- host1
- host2
namespaces:
- namespace1
- namespace2
vulnerabilityCriteria:
cves:
- cve-2021-11111
- cve-2021-22222
fixableVuln: 'true'
packages:
- name: myPackage
version: 1.0.0
- name: myOtherPackage
version: 1.0.0
severities:
- Critical
Create VulnerabilityExceptionHost Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new VulnerabilityExceptionHost(name: string, args: VulnerabilityExceptionHostArgs, opts?: CustomResourceOptions);@overload
def VulnerabilityExceptionHost(resource_name: str,
args: VulnerabilityExceptionHostArgs,
opts: Optional[ResourceOptions] = None)
@overload
def VulnerabilityExceptionHost(resource_name: str,
opts: Optional[ResourceOptions] = None,
vulnerability_criteria: Optional[VulnerabilityExceptionHostVulnerabilityCriteriaArgs] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
expiry: Optional[str] = None,
name: Optional[str] = None,
reason: Optional[str] = None,
resource_scope: Optional[VulnerabilityExceptionHostResourceScopeArgs] = None,
vulnerability_exception_host_id: Optional[str] = None)func NewVulnerabilityExceptionHost(ctx *Context, name string, args VulnerabilityExceptionHostArgs, opts ...ResourceOption) (*VulnerabilityExceptionHost, error)public VulnerabilityExceptionHost(string name, VulnerabilityExceptionHostArgs args, CustomResourceOptions? opts = null)
public VulnerabilityExceptionHost(String name, VulnerabilityExceptionHostArgs args)
public VulnerabilityExceptionHost(String name, VulnerabilityExceptionHostArgs args, CustomResourceOptions options)
type: lacework:VulnerabilityExceptionHost
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args VulnerabilityExceptionHostArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VulnerabilityExceptionHostArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VulnerabilityExceptionHostArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VulnerabilityExceptionHostArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VulnerabilityExceptionHostArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var vulnerabilityExceptionHostResource = new Lacework.VulnerabilityExceptionHost("vulnerabilityExceptionHostResource", new()
{
VulnerabilityCriteria = new Lacework.Inputs.VulnerabilityExceptionHostVulnerabilityCriteriaArgs
{
Cves = new[]
{
"string",
},
FixableVuln = "string",
Packages = new[]
{
new Lacework.Inputs.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs
{
Name = "string",
Version = "string",
},
},
Severities = new[]
{
"string",
},
},
Description = "string",
Enabled = false,
Expiry = "string",
Name = "string",
Reason = "string",
ResourceScope = new Lacework.Inputs.VulnerabilityExceptionHostResourceScopeArgs
{
ClusterNames = new[]
{
"string",
},
ExternalIps = new[]
{
"string",
},
Hostnames = new[]
{
"string",
},
Namespaces = new[]
{
"string",
},
},
VulnerabilityExceptionHostId = "string",
});
example, err := lacework.NewVulnerabilityExceptionHost(ctx, "vulnerabilityExceptionHostResource", &lacework.VulnerabilityExceptionHostArgs{
VulnerabilityCriteria: &lacework.VulnerabilityExceptionHostVulnerabilityCriteriaArgs{
Cves: pulumi.StringArray{
pulumi.String("string"),
},
FixableVuln: pulumi.String("string"),
Packages: lacework.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArray{
&lacework.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs{
Name: pulumi.String("string"),
Version: pulumi.String("string"),
},
},
Severities: pulumi.StringArray{
pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Expiry: pulumi.String("string"),
Name: pulumi.String("string"),
Reason: pulumi.String("string"),
ResourceScope: &lacework.VulnerabilityExceptionHostResourceScopeArgs{
ClusterNames: pulumi.StringArray{
pulumi.String("string"),
},
ExternalIps: pulumi.StringArray{
pulumi.String("string"),
},
Hostnames: pulumi.StringArray{
pulumi.String("string"),
},
Namespaces: pulumi.StringArray{
pulumi.String("string"),
},
},
VulnerabilityExceptionHostId: pulumi.String("string"),
})
var vulnerabilityExceptionHostResource = new VulnerabilityExceptionHost("vulnerabilityExceptionHostResource", VulnerabilityExceptionHostArgs.builder()
.vulnerabilityCriteria(VulnerabilityExceptionHostVulnerabilityCriteriaArgs.builder()
.cves("string")
.fixableVuln("string")
.packages(VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs.builder()
.name("string")
.version("string")
.build())
.severities("string")
.build())
.description("string")
.enabled(false)
.expiry("string")
.name("string")
.reason("string")
.resourceScope(VulnerabilityExceptionHostResourceScopeArgs.builder()
.clusterNames("string")
.externalIps("string")
.hostnames("string")
.namespaces("string")
.build())
.vulnerabilityExceptionHostId("string")
.build());
vulnerability_exception_host_resource = lacework.VulnerabilityExceptionHost("vulnerabilityExceptionHostResource",
vulnerability_criteria={
"cves": ["string"],
"fixable_vuln": "string",
"packages": [{
"name": "string",
"version": "string",
}],
"severities": ["string"],
},
description="string",
enabled=False,
expiry="string",
name="string",
reason="string",
resource_scope={
"cluster_names": ["string"],
"external_ips": ["string"],
"hostnames": ["string"],
"namespaces": ["string"],
},
vulnerability_exception_host_id="string")
const vulnerabilityExceptionHostResource = new lacework.VulnerabilityExceptionHost("vulnerabilityExceptionHostResource", {
vulnerabilityCriteria: {
cves: ["string"],
fixableVuln: "string",
packages: [{
name: "string",
version: "string",
}],
severities: ["string"],
},
description: "string",
enabled: false,
expiry: "string",
name: "string",
reason: "string",
resourceScope: {
clusterNames: ["string"],
externalIps: ["string"],
hostnames: ["string"],
namespaces: ["string"],
},
vulnerabilityExceptionHostId: "string",
});
type: lacework:VulnerabilityExceptionHost
properties:
description: string
enabled: false
expiry: string
name: string
reason: string
resourceScope:
clusterNames:
- string
externalIps:
- string
hostnames:
- string
namespaces:
- string
vulnerabilityCriteria:
cves:
- string
fixableVuln: string
packages:
- name: string
version: string
severities:
- string
vulnerabilityExceptionHostId: string
VulnerabilityExceptionHost Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The VulnerabilityExceptionHost resource accepts the following input properties:
- Vulnerability
Criteria VulnerabilityException Host Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- Description string
- The description of the vulnerability exception.
- Enabled bool
- The state of the vulnerability exception. Defaults to
true. - Expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - Name string
- The vulnerability exception name.
- Reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - Resource
Scope VulnerabilityException Host Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- Vulnerability
Exception stringHost Id
- Vulnerability
Criteria VulnerabilityException Host Vulnerability Criteria Args - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- Description string
- The description of the vulnerability exception.
- Enabled bool
- The state of the vulnerability exception. Defaults to
true. - Expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - Name string
- The vulnerability exception name.
- Reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - Resource
Scope VulnerabilityException Host Resource Scope Args - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- Vulnerability
Exception stringHost Id
- vulnerability
Criteria VulnerabilityException Host Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- description String
- The description of the vulnerability exception.
- enabled Boolean
- The state of the vulnerability exception. Defaults to
true. - expiry String
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - name String
- The vulnerability exception name.
- reason String
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope VulnerabilityException Host Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- vulnerability
Exception StringHost Id
- vulnerability
Criteria VulnerabilityException Host Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- description string
- The description of the vulnerability exception.
- enabled boolean
- The state of the vulnerability exception. Defaults to
true. - expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - name string
- The vulnerability exception name.
- reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope VulnerabilityException Host Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- vulnerability
Exception stringHost Id
- vulnerability_
criteria VulnerabilityException Host Vulnerability Criteria Args - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- description str
- The description of the vulnerability exception.
- enabled bool
- The state of the vulnerability exception. Defaults to
true. - expiry str
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - name str
- The vulnerability exception name.
- reason str
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource_
scope VulnerabilityException Host Resource Scope Args - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- vulnerability_
exception_ strhost_ id
- vulnerability
Criteria Property Map - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- description String
- The description of the vulnerability exception.
- enabled Boolean
- The state of the vulnerability exception. Defaults to
true. - expiry String
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - name String
- The vulnerability exception name.
- reason String
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope Property Map - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- vulnerability
Exception StringHost Id
Outputs
All input properties are implicitly available as output properties. Additionally, the VulnerabilityExceptionHost resource produces the following output properties:
- Created
By string - Created
Time string - Guid string
- Id string
- The provider-assigned unique ID for this managed resource.
- Type string
- Updated
By string - Updated
Time string
- Created
By string - Created
Time string - Guid string
- Id string
- The provider-assigned unique ID for this managed resource.
- Type string
- Updated
By string - Updated
Time string
- created
By String - created
Time String - guid String
- id String
- The provider-assigned unique ID for this managed resource.
- type String
- updated
By String - updated
Time String
- created
By string - created
Time string - guid string
- id string
- The provider-assigned unique ID for this managed resource.
- type string
- updated
By string - updated
Time string
- created_
by str - created_
time str - guid str
- id str
- The provider-assigned unique ID for this managed resource.
- type str
- updated_
by str - updated_
time str
- created
By String - created
Time String - guid String
- id String
- The provider-assigned unique ID for this managed resource.
- type String
- updated
By String - updated
Time String
Look up Existing VulnerabilityExceptionHost Resource
Get an existing VulnerabilityExceptionHost resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VulnerabilityExceptionHostState, opts?: CustomResourceOptions): VulnerabilityExceptionHost@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created_by: Optional[str] = None,
created_time: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
expiry: Optional[str] = None,
guid: Optional[str] = None,
name: Optional[str] = None,
reason: Optional[str] = None,
resource_scope: Optional[VulnerabilityExceptionHostResourceScopeArgs] = None,
type: Optional[str] = None,
updated_by: Optional[str] = None,
updated_time: Optional[str] = None,
vulnerability_criteria: Optional[VulnerabilityExceptionHostVulnerabilityCriteriaArgs] = None,
vulnerability_exception_host_id: Optional[str] = None) -> VulnerabilityExceptionHostfunc GetVulnerabilityExceptionHost(ctx *Context, name string, id IDInput, state *VulnerabilityExceptionHostState, opts ...ResourceOption) (*VulnerabilityExceptionHost, error)public static VulnerabilityExceptionHost Get(string name, Input<string> id, VulnerabilityExceptionHostState? state, CustomResourceOptions? opts = null)public static VulnerabilityExceptionHost get(String name, Output<String> id, VulnerabilityExceptionHostState state, CustomResourceOptions options)resources: _: type: lacework:VulnerabilityExceptionHost get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Created
By string - Created
Time string - Description string
- The description of the vulnerability exception.
- Enabled bool
- The state of the vulnerability exception. Defaults to
true. - Expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - Guid string
- Name string
- The vulnerability exception name.
- Reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - Resource
Scope VulnerabilityException Host Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- Type string
- Updated
By string - Updated
Time string - Vulnerability
Criteria VulnerabilityException Host Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- Vulnerability
Exception stringHost Id
- Created
By string - Created
Time string - Description string
- The description of the vulnerability exception.
- Enabled bool
- The state of the vulnerability exception. Defaults to
true. - Expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - Guid string
- Name string
- The vulnerability exception name.
- Reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - Resource
Scope VulnerabilityException Host Resource Scope Args - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- Type string
- Updated
By string - Updated
Time string - Vulnerability
Criteria VulnerabilityException Host Vulnerability Criteria Args - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- Vulnerability
Exception stringHost Id
- created
By String - created
Time String - description String
- The description of the vulnerability exception.
- enabled Boolean
- The state of the vulnerability exception. Defaults to
true. - expiry String
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - guid String
- name String
- The vulnerability exception name.
- reason String
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope VulnerabilityException Host Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- type String
- updated
By String - updated
Time String - vulnerability
Criteria VulnerabilityException Host Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- vulnerability
Exception StringHost Id
- created
By string - created
Time string - description string
- The description of the vulnerability exception.
- enabled boolean
- The state of the vulnerability exception. Defaults to
true. - expiry string
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - guid string
- name string
- The vulnerability exception name.
- reason string
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope VulnerabilityException Host Resource Scope - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- type string
- updated
By string - updated
Time string - vulnerability
Criteria VulnerabilityException Host Vulnerability Criteria - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- vulnerability
Exception stringHost Id
- created_
by str - created_
time str - description str
- The description of the vulnerability exception.
- enabled bool
- The state of the vulnerability exception. Defaults to
true. - expiry str
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - guid str
- name str
- The vulnerability exception name.
- reason str
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource_
scope VulnerabilityException Host Resource Scope Args - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- type str
- updated_
by str - updated_
time str - vulnerability_
criteria VulnerabilityException Host Vulnerability Criteria Args - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- vulnerability_
exception_ strhost_ id
- created
By String - created
Time String - description String
- The description of the vulnerability exception.
- enabled Boolean
- The state of the vulnerability exception. Defaults to
true. - expiry String
- The expiration date of the vulnerability exception. Example:
2022-06-01T16:35:00Z. - guid String
- name String
- The vulnerability exception name.
- reason String
- The reason for the exception to exist. Valid reasons include:
Accepted Risk,False Positive,Compensating Controls,Fix PendingandOther. See Vulnerability Exceptions Use Cases for more details. - resource
Scope Property Map - Define which resources will be affected by the exclusion. See Resource Scope below for details.
- type String
- updated
By String - updated
Time String - vulnerability
Criteria Property Map - The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
- vulnerability
Exception StringHost Id
Supporting Types
VulnerabilityExceptionHostResourceScope, VulnerabilityExceptionHostResourceScopeArgs
- Cluster
Names List<string> - The list of cluster names.
- External
Ips List<string> - The list of external IP addresses.
- Hostnames List<string>
- The list of hostnames.
- Namespaces List<string>
- The list of namespace for the package distribution (for example, an operating system or language package).
- Cluster
Names []string - The list of cluster names.
- External
Ips []string - The list of external IP addresses.
- Hostnames []string
- The list of hostnames.
- Namespaces []string
- The list of namespace for the package distribution (for example, an operating system or language package).
- cluster
Names List<String> - The list of cluster names.
- external
Ips List<String> - The list of external IP addresses.
- hostnames List<String>
- The list of hostnames.
- namespaces List<String>
- The list of namespace for the package distribution (for example, an operating system or language package).
- cluster
Names string[] - The list of cluster names.
- external
Ips string[] - The list of external IP addresses.
- hostnames string[]
- The list of hostnames.
- namespaces string[]
- The list of namespace for the package distribution (for example, an operating system or language package).
- cluster_
names Sequence[str] - The list of cluster names.
- external_
ips Sequence[str] - The list of external IP addresses.
- hostnames Sequence[str]
- The list of hostnames.
- namespaces Sequence[str]
- The list of namespace for the package distribution (for example, an operating system or language package).
- cluster
Names List<String> - The list of cluster names.
- external
Ips List<String> - The list of external IP addresses.
- hostnames List<String>
- The list of hostnames.
- namespaces List<String>
- The list of namespace for the package distribution (for example, an operating system or language package).
VulnerabilityExceptionHostVulnerabilityCriteria, VulnerabilityExceptionHostVulnerabilityCriteriaArgs
- Cves List<string>
- The list of vulnerability (CVE) IDs.
- Fixable
Vuln string - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - Packages
List<Vulnerability
Exception Host Vulnerability Criteria Package> - The list of package names (for example, an operating system or language package) to constraint.
- Severities List<string>
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
- Cves []string
- The list of vulnerability (CVE) IDs.
- Fixable
Vuln string - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - Packages
[]Vulnerability
Exception Host Vulnerability Criteria Package - The list of package names (for example, an operating system or language package) to constraint.
- Severities []string
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
- cves List<String>
- The list of vulnerability (CVE) IDs.
- fixable
Vuln String - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - packages
List<Vulnerability
Exception Host Vulnerability Criteria Package> - The list of package names (for example, an operating system or language package) to constraint.
- severities List<String>
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
- cves string[]
- The list of vulnerability (CVE) IDs.
- fixable
Vuln string - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - packages
Vulnerability
Exception Host Vulnerability Criteria Package[] - The list of package names (for example, an operating system or language package) to constraint.
- severities string[]
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
- cves Sequence[str]
- The list of vulnerability (CVE) IDs.
- fixable_
vuln str - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - packages
Sequence[Vulnerability
Exception Host Vulnerability Criteria Package] - The list of package names (for example, an operating system or language package) to constraint.
- severities Sequence[str]
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
- cves List<String>
- The list of vulnerability (CVE) IDs.
- fixable
Vuln String - Whether to filter on fixable or non-fixable vulnerability. This argument is of type
string. Valid values are:"true","false". - packages List<Property Map>
- The list of package names (for example, an operating system or language package) to constraint.
- severities List<String>
- The list of severities to which the exception will be constraint. Valid severities
include:
Critical,High,Medium,LowandInfo.
VulnerabilityExceptionHostVulnerabilityCriteriaPackage, VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs
Import
A Lacework vulnerability exception for hosts can be imported using a GUID, e.g.
$ pulumi import lacework:index/vulnerabilityExceptionHost:VulnerabilityExceptionHost example EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5
-> Note: To retrieve the GUID from existing vulnerability exception in your account, use
the Lacework CLI command lacework vulnerability-exception list. To install this tool follow
this documentation.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- lacework lacework/terraform-provider-lacework
- License
- Notes
- This Pulumi package is based on the
laceworkTerraform Provider.