Docs Home
Packages
Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse
aquasec.HostRuntimePolicy
Explore with Pulumi AI
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
resources:
hostRuntimePolicy:
type: aquasec:HostRuntimePolicy
properties:
applicationScopes:
- Global
auditAllOsUserActivity: true
auditBruteForceLogin: true
auditFullCommandArguments: true
auditHostFailedLoginEvents: true
auditHostSuccessfulLoginEvents: true
auditUserAccountManagement: true
blockCryptocurrencyMining: true
blockedFiles:
- blocked
description: host_runtime_policy
enabled: true
enforce: false
fileIntegrityMonitoring:
excludedPaths:
- expaths
excludedProcesses:
- exprocess
excludedUsers:
- expuser
monitorAttributes: true
monitorCreate: true
monitorDelete: true
monitorModify: true
monitorRead: true
monitoredPaths:
- paths
monitoredProcesses:
- process
monitoredUsers:
- user
monitorSystemLogIntegrity: true
monitorSystemTimeChanges: true
monitorWindowsServices: true
osGroupsAlloweds:
- group1
osGroupsBlockeds:
- group2
osUsersAlloweds:
- user1
osUsersBlockeds:
- user2
packageBlocks:
- package1
scopeVariables:
- attribute: kubernetes.cluster
value: default
- attribute: kubernetes.label
name: app
value: aqua
Create HostRuntimePolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new HostRuntimePolicy(name: string, args?: HostRuntimePolicyArgs, opts?: CustomResourceOptions);@overload
def HostRuntimePolicy(resource_name: str,
args: Optional[HostRuntimePolicyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def HostRuntimePolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_executables: Optional[Sequence[HostRuntimePolicyAllowedExecutableArgs]] = None,
allowed_registries: Optional[Sequence[HostRuntimePolicyAllowedRegistryArgs]] = None,
application_scopes: Optional[Sequence[str]] = None,
audit_brute_force_login: Optional[bool] = None,
audit_full_command_arguments: Optional[bool] = None,
audit_host_failed_login_events: Optional[bool] = None,
audit_host_successful_login_events: Optional[bool] = None,
audit_user_account_management: Optional[bool] = None,
auditing: Optional[HostRuntimePolicyAuditingArgs] = None,
author: Optional[str] = None,
blacklisted_os_users: Optional[HostRuntimePolicyBlacklistedOsUsersArgs] = None,
block_container_exec: Optional[bool] = None,
block_cryptocurrency_mining: Optional[bool] = None,
block_disallowed_images: Optional[bool] = None,
block_fileless_exec: Optional[bool] = None,
block_non_compliant_workloads: Optional[bool] = None,
block_non_k8s_containers: Optional[bool] = None,
blocked_files: Optional[Sequence[str]] = None,
bypass_scopes: Optional[Sequence[HostRuntimePolicyBypassScopeArgs]] = None,
container_exec: Optional[HostRuntimePolicyContainerExecArgs] = None,
created: Optional[str] = None,
cve: Optional[str] = None,
default_security_profile: Optional[str] = None,
description: Optional[str] = None,
digest: Optional[str] = None,
drift_preventions: Optional[Sequence[HostRuntimePolicyDriftPreventionArgs]] = None,
enable_crypto_mining_dns: Optional[bool] = None,
enable_fork_guard: Optional[bool] = None,
enable_ip_reputation: Optional[bool] = None,
enable_port_scan_protection: Optional[bool] = None,
enabled: Optional[bool] = None,
enforce: Optional[bool] = None,
enforce_after_days: Optional[int] = None,
enforce_scheduler_added_on: Optional[int] = None,
exclude_application_scopes: Optional[Sequence[str]] = None,
executable_blacklists: Optional[Sequence[HostRuntimePolicyExecutableBlacklistArgs]] = None,
failed_kubernetes_checks: Optional[HostRuntimePolicyFailedKubernetesChecksArgs] = None,
file_block: Optional[HostRuntimePolicyFileBlockArgs] = None,
file_integrity_monitoring: Optional[HostRuntimePolicyFileIntegrityMonitoringArgs] = None,
fork_guard_process_limit: Optional[int] = None,
image_name: Optional[str] = None,
is_audit_checked: Optional[bool] = None,
is_auto_generated: Optional[bool] = None,
is_ootb_policy: Optional[bool] = None,
lastupdate: Optional[int] = None,
limit_container_privileges: Optional[Sequence[HostRuntimePolicyLimitContainerPrivilegeArgs]] = None,
linux_capabilities: Optional[HostRuntimePolicyLinuxCapabilitiesArgs] = None,
malware_scan_options: Optional[HostRuntimePolicyMalwareScanOptionsArgs] = None,
monitor_system_log_integrity: Optional[bool] = None,
monitor_system_time_changes: Optional[bool] = None,
monitor_windows_services: Optional[bool] = None,
name: Optional[str] = None,
no_new_privileges: Optional[bool] = None,
only_registered_images: Optional[bool] = None,
os_groups_alloweds: Optional[Sequence[str]] = None,
os_groups_blockeds: Optional[Sequence[str]] = None,
os_users_alloweds: Optional[Sequence[str]] = None,
os_users_blockeds: Optional[Sequence[str]] = None,
package_blocks: Optional[Sequence[HostRuntimePolicyPackageBlockArgs]] = None,
permission: Optional[str] = None,
port_block: Optional[HostRuntimePolicyPortBlockArgs] = None,
readonly_files: Optional[HostRuntimePolicyReadonlyFilesArgs] = None,
readonly_registry: Optional[HostRuntimePolicyReadonlyRegistryArgs] = None,
registry: Optional[str] = None,
registry_access_monitoring: Optional[HostRuntimePolicyRegistryAccessMonitoringArgs] = None,
repo_name: Optional[str] = None,
resource_name_: Optional[str] = None,
resource_type: Optional[str] = None,
restricted_volumes: Optional[Sequence[HostRuntimePolicyRestrictedVolumeArgs]] = None,
reverse_shell: Optional[HostRuntimePolicyReverseShellArgs] = None,
runtime_mode: Optional[int] = None,
runtime_type: Optional[str] = None,
scope_expression: Optional[str] = None,
scope_variables: Optional[Sequence[HostRuntimePolicyScopeVariableArgs]] = None,
scopes: Optional[Sequence[HostRuntimePolicyScopeArgs]] = None,
system_integrity_protection: Optional[HostRuntimePolicySystemIntegrityProtectionArgs] = None,
tripwire: Optional[HostRuntimePolicyTripwireArgs] = None,
type: Optional[str] = None,
updated: Optional[str] = None,
version: Optional[str] = None,
vpatch_version: Optional[str] = None,
whitelisted_os_users: Optional[HostRuntimePolicyWhitelistedOsUsersArgs] = None)func NewHostRuntimePolicy(ctx *Context, name string, args *HostRuntimePolicyArgs, opts ...ResourceOption) (*HostRuntimePolicy, error)public HostRuntimePolicy(string name, HostRuntimePolicyArgs? args = null, CustomResourceOptions? opts = null)
public HostRuntimePolicy(String name, HostRuntimePolicyArgs args)
public HostRuntimePolicy(String name, HostRuntimePolicyArgs args, CustomResourceOptions options)
type: aquasec:HostRuntimePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args HostRuntimePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args HostRuntimePolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args HostRuntimePolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args HostRuntimePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args HostRuntimePolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var hostRuntimePolicyResource = new Aquasec.HostRuntimePolicy("hostRuntimePolicyResource", new()
{
AllowedExecutables = new[]
{
new Aquasec.Inputs.HostRuntimePolicyAllowedExecutableArgs
{
AllowExecutables = new[]
{
"string",
},
AllowRootExecutables = new[]
{
"string",
},
Enabled = false,
SeparateExecutables = false,
},
},
AllowedRegistries = new[]
{
new Aquasec.Inputs.HostRuntimePolicyAllowedRegistryArgs
{
AllowedRegistries = new[]
{
"string",
},
Enabled = false,
},
},
ApplicationScopes = new[]
{
"string",
},
AuditBruteForceLogin = false,
AuditFullCommandArguments = false,
AuditHostFailedLoginEvents = false,
AuditHostSuccessfulLoginEvents = false,
AuditUserAccountManagement = false,
Auditing = new Aquasec.Inputs.HostRuntimePolicyAuditingArgs
{
AuditAllNetwork = false,
AuditAllProcesses = false,
AuditFailedLogin = false,
AuditOsUserActivity = false,
AuditProcessCmdline = false,
AuditSuccessLogin = false,
AuditUserAccountManagement = false,
Enabled = false,
},
Author = "string",
BlacklistedOsUsers = new Aquasec.Inputs.HostRuntimePolicyBlacklistedOsUsersArgs
{
Enabled = false,
GroupBlackLists = new[]
{
"string",
},
UserBlackLists = new[]
{
"string",
},
},
BlockContainerExec = false,
BlockCryptocurrencyMining = false,
BlockDisallowedImages = false,
BlockFilelessExec = false,
BlockNonCompliantWorkloads = false,
BlockNonK8sContainers = false,
BlockedFiles = new[]
{
"string",
},
BypassScopes = new[]
{
new Aquasec.Inputs.HostRuntimePolicyBypassScopeArgs
{
Enabled = false,
Scopes = new[]
{
new Aquasec.Inputs.HostRuntimePolicyBypassScopeScopeArgs
{
Expression = "string",
Variables = new[]
{
new Aquasec.Inputs.HostRuntimePolicyBypassScopeScopeVariableArgs
{
Attribute = "string",
Value = "string",
},
},
},
},
},
},
ContainerExec = new Aquasec.Inputs.HostRuntimePolicyContainerExecArgs
{
BlockContainerExec = false,
ContainerExecProcWhiteLists = new[]
{
"string",
},
Enabled = false,
ReverseShellIpWhiteLists = new[]
{
"string",
},
},
Created = "string",
Cve = "string",
DefaultSecurityProfile = "string",
Description = "string",
Digest = "string",
DriftPreventions = new[]
{
new Aquasec.Inputs.HostRuntimePolicyDriftPreventionArgs
{
Enabled = false,
ExecLockdown = false,
ExecLockdownWhiteLists = new[]
{
"string",
},
ImageLockdown = false,
},
},
EnableCryptoMiningDns = false,
EnableForkGuard = false,
EnableIpReputation = false,
EnablePortScanProtection = false,
Enabled = false,
Enforce = false,
EnforceAfterDays = 0,
EnforceSchedulerAddedOn = 0,
ExcludeApplicationScopes = new[]
{
"string",
},
ExecutableBlacklists = new[]
{
new Aquasec.Inputs.HostRuntimePolicyExecutableBlacklistArgs
{
Enabled = false,
Executables = new[]
{
"string",
},
},
},
FailedKubernetesChecks = new Aquasec.Inputs.HostRuntimePolicyFailedKubernetesChecksArgs
{
Enabled = false,
FailedChecks = new[]
{
"string",
},
},
FileBlock = new Aquasec.Inputs.HostRuntimePolicyFileBlockArgs
{
BlockFilesProcesses = new[]
{
"string",
},
BlockFilesUsers = new[]
{
"string",
},
Enabled = false,
ExceptionalBlockFiles = new[]
{
"string",
},
ExceptionalBlockFilesProcesses = new[]
{
"string",
},
ExceptionalBlockFilesUsers = new[]
{
"string",
},
FilenameBlockLists = new[]
{
"string",
},
},
FileIntegrityMonitoring = new Aquasec.Inputs.HostRuntimePolicyFileIntegrityMonitoringArgs
{
Enabled = false,
ExceptionalMonitoredFiles = new[]
{
"string",
},
ExceptionalMonitoredFilesProcesses = new[]
{
"string",
},
ExceptionalMonitoredFilesUsers = new[]
{
"string",
},
MonitoredFiles = new[]
{
"string",
},
MonitoredFilesAttributes = false,
MonitoredFilesCreate = false,
MonitoredFilesDelete = false,
MonitoredFilesModify = false,
MonitoredFilesProcesses = new[]
{
"string",
},
MonitoredFilesRead = false,
MonitoredFilesUsers = new[]
{
"string",
},
},
ForkGuardProcessLimit = 0,
ImageName = "string",
IsAuditChecked = false,
IsAutoGenerated = false,
IsOotbPolicy = false,
Lastupdate = 0,
LimitContainerPrivileges = new[]
{
new Aquasec.Inputs.HostRuntimePolicyLimitContainerPrivilegeArgs
{
BlockAddCapabilities = false,
Enabled = false,
Ipcmode = false,
Netmode = false,
Pidmode = false,
PreventLowPortBinding = false,
PreventRootUser = false,
Privileged = false,
UseHostUser = false,
Usermode = false,
Utsmode = false,
},
},
LinuxCapabilities = new Aquasec.Inputs.HostRuntimePolicyLinuxCapabilitiesArgs
{
Enabled = false,
RemoveLinuxCapabilities = new[]
{
"string",
},
},
MalwareScanOptions = new Aquasec.Inputs.HostRuntimePolicyMalwareScanOptionsArgs
{
Action = "string",
Enabled = false,
ExcludeDirectories = new[]
{
"string",
},
ExcludeProcesses = new[]
{
"string",
},
IncludeDirectories = new[]
{
"string",
},
},
MonitorSystemLogIntegrity = false,
MonitorSystemTimeChanges = false,
MonitorWindowsServices = false,
Name = "string",
NoNewPrivileges = false,
OnlyRegisteredImages = false,
OsGroupsAlloweds = new[]
{
"string",
},
OsGroupsBlockeds = new[]
{
"string",
},
OsUsersAlloweds = new[]
{
"string",
},
OsUsersBlockeds = new[]
{
"string",
},
PackageBlocks = new[]
{
new Aquasec.Inputs.HostRuntimePolicyPackageBlockArgs
{
BlockPackagesProcesses = new[]
{
"string",
},
BlockPackagesUsers = new[]
{
"string",
},
Enabled = false,
ExceptionalBlockPackagesFiles = new[]
{
"string",
},
ExceptionalBlockPackagesProcesses = new[]
{
"string",
},
ExceptionalBlockPackagesUsers = new[]
{
"string",
},
PackagesBlackLists = new[]
{
"string",
},
},
},
Permission = "string",
PortBlock = new Aquasec.Inputs.HostRuntimePolicyPortBlockArgs
{
BlockInboundPorts = new[]
{
"string",
},
BlockOutboundPorts = new[]
{
"string",
},
Enabled = false,
},
ReadonlyFiles = new Aquasec.Inputs.HostRuntimePolicyReadonlyFilesArgs
{
Enabled = false,
ExceptionalReadonlyFiles = new[]
{
"string",
},
ExceptionalReadonlyFilesProcesses = new[]
{
"string",
},
ExceptionalReadonlyFilesUsers = new[]
{
"string",
},
ReadonlyFiles = new[]
{
"string",
},
ReadonlyFilesProcesses = new[]
{
"string",
},
ReadonlyFilesUsers = new[]
{
"string",
},
},
ReadonlyRegistry = new Aquasec.Inputs.HostRuntimePolicyReadonlyRegistryArgs
{
Enabled = false,
ExceptionalReadonlyRegistryPaths = new[]
{
"string",
},
ExceptionalReadonlyRegistryProcesses = new[]
{
"string",
},
ExceptionalReadonlyRegistryUsers = new[]
{
"string",
},
ReadonlyRegistryPaths = new[]
{
"string",
},
ReadonlyRegistryProcesses = new[]
{
"string",
},
ReadonlyRegistryUsers = new[]
{
"string",
},
},
Registry = "string",
RegistryAccessMonitoring = new Aquasec.Inputs.HostRuntimePolicyRegistryAccessMonitoringArgs
{
Enabled = false,
ExceptionalMonitoredRegistryPaths = new[]
{
"string",
},
ExceptionalMonitoredRegistryProcesses = new[]
{
"string",
},
ExceptionalMonitoredRegistryUsers = new[]
{
"string",
},
MonitoredRegistryAttributes = false,
MonitoredRegistryCreate = false,
MonitoredRegistryDelete = false,
MonitoredRegistryModify = false,
MonitoredRegistryPaths = new[]
{
"string",
},
MonitoredRegistryProcesses = new[]
{
"string",
},
MonitoredRegistryRead = false,
MonitoredRegistryUsers = new[]
{
"string",
},
},
RepoName = "string",
ResourceName = "string",
ResourceType = "string",
RestrictedVolumes = new[]
{
new Aquasec.Inputs.HostRuntimePolicyRestrictedVolumeArgs
{
Enabled = false,
Volumes = new[]
{
"string",
},
},
},
ReverseShell = new Aquasec.Inputs.HostRuntimePolicyReverseShellArgs
{
BlockReverseShell = false,
Enabled = false,
ReverseShellIpWhiteLists = new[]
{
"string",
},
ReverseShellProcWhiteLists = new[]
{
"string",
},
},
RuntimeMode = 0,
RuntimeType = "string",
ScopeExpression = "string",
ScopeVariables = new[]
{
new Aquasec.Inputs.HostRuntimePolicyScopeVariableArgs
{
Attribute = "string",
Value = "string",
Name = "string",
},
},
Scopes = new[]
{
new Aquasec.Inputs.HostRuntimePolicyScopeArgs
{
Expression = "string",
Variables = new[]
{
new Aquasec.Inputs.HostRuntimePolicyScopeVariableArgs
{
Attribute = "string",
Value = "string",
Name = "string",
},
},
},
},
SystemIntegrityProtection = new Aquasec.Inputs.HostRuntimePolicySystemIntegrityProtectionArgs
{
AuditSystemtimeChange = false,
Enabled = false,
MonitorAuditLogIntegrity = false,
WindowsServicesMonitoring = false,
},
Tripwire = new Aquasec.Inputs.HostRuntimePolicyTripwireArgs
{
ApplyOns = new[]
{
"string",
},
Enabled = false,
ServerlessApp = "string",
UserId = "string",
UserPassword = "string",
},
Type = "string",
Updated = "string",
Version = "string",
VpatchVersion = "string",
WhitelistedOsUsers = new Aquasec.Inputs.HostRuntimePolicyWhitelistedOsUsersArgs
{
Enabled = false,
GroupWhiteLists = new[]
{
"string",
},
UserWhiteLists = new[]
{
"string",
},
},
});
example, err := aquasec.NewHostRuntimePolicy(ctx, "hostRuntimePolicyResource", &aquasec.HostRuntimePolicyArgs{
AllowedExecutables: aquasec.HostRuntimePolicyAllowedExecutableArray{
&aquasec.HostRuntimePolicyAllowedExecutableArgs{
AllowExecutables: pulumi.StringArray{
pulumi.String("string"),
},
AllowRootExecutables: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
SeparateExecutables: pulumi.Bool(false),
},
},
AllowedRegistries: aquasec.HostRuntimePolicyAllowedRegistryArray{
&aquasec.HostRuntimePolicyAllowedRegistryArgs{
AllowedRegistries: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
},
},
ApplicationScopes: pulumi.StringArray{
pulumi.String("string"),
},
AuditBruteForceLogin: pulumi.Bool(false),
AuditFullCommandArguments: pulumi.Bool(false),
AuditHostFailedLoginEvents: pulumi.Bool(false),
AuditHostSuccessfulLoginEvents: pulumi.Bool(false),
AuditUserAccountManagement: pulumi.Bool(false),
Auditing: &aquasec.HostRuntimePolicyAuditingArgs{
AuditAllNetwork: pulumi.Bool(false),
AuditAllProcesses: pulumi.Bool(false),
AuditFailedLogin: pulumi.Bool(false),
AuditOsUserActivity: pulumi.Bool(false),
AuditProcessCmdline: pulumi.Bool(false),
AuditSuccessLogin: pulumi.Bool(false),
AuditUserAccountManagement: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
},
Author: pulumi.String("string"),
BlacklistedOsUsers: &aquasec.HostRuntimePolicyBlacklistedOsUsersArgs{
Enabled: pulumi.Bool(false),
GroupBlackLists: pulumi.StringArray{
pulumi.String("string"),
},
UserBlackLists: pulumi.StringArray{
pulumi.String("string"),
},
},
BlockContainerExec: pulumi.Bool(false),
BlockCryptocurrencyMining: pulumi.Bool(false),
BlockDisallowedImages: pulumi.Bool(false),
BlockFilelessExec: pulumi.Bool(false),
BlockNonCompliantWorkloads: pulumi.Bool(false),
BlockNonK8sContainers: pulumi.Bool(false),
BlockedFiles: pulumi.StringArray{
pulumi.String("string"),
},
BypassScopes: aquasec.HostRuntimePolicyBypassScopeArray{
&aquasec.HostRuntimePolicyBypassScopeArgs{
Enabled: pulumi.Bool(false),
Scopes: aquasec.HostRuntimePolicyBypassScopeScopeArray{
&aquasec.HostRuntimePolicyBypassScopeScopeArgs{
Expression: pulumi.String("string"),
Variables: aquasec.HostRuntimePolicyBypassScopeScopeVariableArray{
&aquasec.HostRuntimePolicyBypassScopeScopeVariableArgs{
Attribute: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
},
},
ContainerExec: &aquasec.HostRuntimePolicyContainerExecArgs{
BlockContainerExec: pulumi.Bool(false),
ContainerExecProcWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
ReverseShellIpWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
},
Created: pulumi.String("string"),
Cve: pulumi.String("string"),
DefaultSecurityProfile: pulumi.String("string"),
Description: pulumi.String("string"),
Digest: pulumi.String("string"),
DriftPreventions: aquasec.HostRuntimePolicyDriftPreventionArray{
&aquasec.HostRuntimePolicyDriftPreventionArgs{
Enabled: pulumi.Bool(false),
ExecLockdown: pulumi.Bool(false),
ExecLockdownWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
ImageLockdown: pulumi.Bool(false),
},
},
EnableCryptoMiningDns: pulumi.Bool(false),
EnableForkGuard: pulumi.Bool(false),
EnableIpReputation: pulumi.Bool(false),
EnablePortScanProtection: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Enforce: pulumi.Bool(false),
EnforceAfterDays: pulumi.Int(0),
EnforceSchedulerAddedOn: pulumi.Int(0),
ExcludeApplicationScopes: pulumi.StringArray{
pulumi.String("string"),
},
ExecutableBlacklists: aquasec.HostRuntimePolicyExecutableBlacklistArray{
&aquasec.HostRuntimePolicyExecutableBlacklistArgs{
Enabled: pulumi.Bool(false),
Executables: pulumi.StringArray{
pulumi.String("string"),
},
},
},
FailedKubernetesChecks: &aquasec.HostRuntimePolicyFailedKubernetesChecksArgs{
Enabled: pulumi.Bool(false),
FailedChecks: pulumi.StringArray{
pulumi.String("string"),
},
},
FileBlock: &aquasec.HostRuntimePolicyFileBlockArgs{
BlockFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
BlockFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
ExceptionalBlockFiles: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalBlockFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalBlockFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
FilenameBlockLists: pulumi.StringArray{
pulumi.String("string"),
},
},
FileIntegrityMonitoring: &aquasec.HostRuntimePolicyFileIntegrityMonitoringArgs{
Enabled: pulumi.Bool(false),
ExceptionalMonitoredFiles: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalMonitoredFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalMonitoredFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredFiles: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredFilesAttributes: pulumi.Bool(false),
MonitoredFilesCreate: pulumi.Bool(false),
MonitoredFilesDelete: pulumi.Bool(false),
MonitoredFilesModify: pulumi.Bool(false),
MonitoredFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredFilesRead: pulumi.Bool(false),
MonitoredFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
},
ForkGuardProcessLimit: pulumi.Int(0),
ImageName: pulumi.String("string"),
IsAuditChecked: pulumi.Bool(false),
IsAutoGenerated: pulumi.Bool(false),
IsOotbPolicy: pulumi.Bool(false),
Lastupdate: pulumi.Int(0),
LimitContainerPrivileges: aquasec.HostRuntimePolicyLimitContainerPrivilegeArray{
&aquasec.HostRuntimePolicyLimitContainerPrivilegeArgs{
BlockAddCapabilities: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Ipcmode: pulumi.Bool(false),
Netmode: pulumi.Bool(false),
Pidmode: pulumi.Bool(false),
PreventLowPortBinding: pulumi.Bool(false),
PreventRootUser: pulumi.Bool(false),
Privileged: pulumi.Bool(false),
UseHostUser: pulumi.Bool(false),
Usermode: pulumi.Bool(false),
Utsmode: pulumi.Bool(false),
},
},
LinuxCapabilities: &aquasec.HostRuntimePolicyLinuxCapabilitiesArgs{
Enabled: pulumi.Bool(false),
RemoveLinuxCapabilities: pulumi.StringArray{
pulumi.String("string"),
},
},
MalwareScanOptions: &aquasec.HostRuntimePolicyMalwareScanOptionsArgs{
Action: pulumi.String("string"),
Enabled: pulumi.Bool(false),
ExcludeDirectories: pulumi.StringArray{
pulumi.String("string"),
},
ExcludeProcesses: pulumi.StringArray{
pulumi.String("string"),
},
IncludeDirectories: pulumi.StringArray{
pulumi.String("string"),
},
},
MonitorSystemLogIntegrity: pulumi.Bool(false),
MonitorSystemTimeChanges: pulumi.Bool(false),
MonitorWindowsServices: pulumi.Bool(false),
Name: pulumi.String("string"),
NoNewPrivileges: pulumi.Bool(false),
OnlyRegisteredImages: pulumi.Bool(false),
OsGroupsAlloweds: pulumi.StringArray{
pulumi.String("string"),
},
OsGroupsBlockeds: pulumi.StringArray{
pulumi.String("string"),
},
OsUsersAlloweds: pulumi.StringArray{
pulumi.String("string"),
},
OsUsersBlockeds: pulumi.StringArray{
pulumi.String("string"),
},
PackageBlocks: aquasec.HostRuntimePolicyPackageBlockArray{
&aquasec.HostRuntimePolicyPackageBlockArgs{
BlockPackagesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
BlockPackagesUsers: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
ExceptionalBlockPackagesFiles: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalBlockPackagesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalBlockPackagesUsers: pulumi.StringArray{
pulumi.String("string"),
},
PackagesBlackLists: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Permission: pulumi.String("string"),
PortBlock: &aquasec.HostRuntimePolicyPortBlockArgs{
BlockInboundPorts: pulumi.StringArray{
pulumi.String("string"),
},
BlockOutboundPorts: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
},
ReadonlyFiles: &aquasec.HostRuntimePolicyReadonlyFilesArgs{
Enabled: pulumi.Bool(false),
ExceptionalReadonlyFiles: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalReadonlyFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalReadonlyFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyFiles: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyFilesProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyFilesUsers: pulumi.StringArray{
pulumi.String("string"),
},
},
ReadonlyRegistry: &aquasec.HostRuntimePolicyReadonlyRegistryArgs{
Enabled: pulumi.Bool(false),
ExceptionalReadonlyRegistryPaths: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalReadonlyRegistryProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalReadonlyRegistryUsers: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyRegistryPaths: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyRegistryProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ReadonlyRegistryUsers: pulumi.StringArray{
pulumi.String("string"),
},
},
Registry: pulumi.String("string"),
RegistryAccessMonitoring: &aquasec.HostRuntimePolicyRegistryAccessMonitoringArgs{
Enabled: pulumi.Bool(false),
ExceptionalMonitoredRegistryPaths: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalMonitoredRegistryProcesses: pulumi.StringArray{
pulumi.String("string"),
},
ExceptionalMonitoredRegistryUsers: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredRegistryAttributes: pulumi.Bool(false),
MonitoredRegistryCreate: pulumi.Bool(false),
MonitoredRegistryDelete: pulumi.Bool(false),
MonitoredRegistryModify: pulumi.Bool(false),
MonitoredRegistryPaths: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredRegistryProcesses: pulumi.StringArray{
pulumi.String("string"),
},
MonitoredRegistryRead: pulumi.Bool(false),
MonitoredRegistryUsers: pulumi.StringArray{
pulumi.String("string"),
},
},
RepoName: pulumi.String("string"),
ResourceName: pulumi.String("string"),
ResourceType: pulumi.String("string"),
RestrictedVolumes: aquasec.HostRuntimePolicyRestrictedVolumeArray{
&aquasec.HostRuntimePolicyRestrictedVolumeArgs{
Enabled: pulumi.Bool(false),
Volumes: pulumi.StringArray{
pulumi.String("string"),
},
},
},
ReverseShell: &aquasec.HostRuntimePolicyReverseShellArgs{
BlockReverseShell: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
ReverseShellIpWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
ReverseShellProcWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
},
RuntimeMode: pulumi.Int(0),
RuntimeType: pulumi.String("string"),
ScopeExpression: pulumi.String("string"),
ScopeVariables: aquasec.HostRuntimePolicyScopeVariableArray{
&aquasec.HostRuntimePolicyScopeVariableArgs{
Attribute: pulumi.String("string"),
Value: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
Scopes: aquasec.HostRuntimePolicyScopeArray{
&aquasec.HostRuntimePolicyScopeArgs{
Expression: pulumi.String("string"),
Variables: aquasec.HostRuntimePolicyScopeVariableArray{
&aquasec.HostRuntimePolicyScopeVariableArgs{
Attribute: pulumi.String("string"),
Value: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
},
},
SystemIntegrityProtection: &aquasec.HostRuntimePolicySystemIntegrityProtectionArgs{
AuditSystemtimeChange: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
MonitorAuditLogIntegrity: pulumi.Bool(false),
WindowsServicesMonitoring: pulumi.Bool(false),
},
Tripwire: &aquasec.HostRuntimePolicyTripwireArgs{
ApplyOns: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
ServerlessApp: pulumi.String("string"),
UserId: pulumi.String("string"),
UserPassword: pulumi.String("string"),
},
Type: pulumi.String("string"),
Updated: pulumi.String("string"),
Version: pulumi.String("string"),
VpatchVersion: pulumi.String("string"),
WhitelistedOsUsers: &aquasec.HostRuntimePolicyWhitelistedOsUsersArgs{
Enabled: pulumi.Bool(false),
GroupWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
UserWhiteLists: pulumi.StringArray{
pulumi.String("string"),
},
},
})
var hostRuntimePolicyResource = new HostRuntimePolicy("hostRuntimePolicyResource", HostRuntimePolicyArgs.builder()
.allowedExecutables(HostRuntimePolicyAllowedExecutableArgs.builder()
.allowExecutables("string")
.allowRootExecutables("string")
.enabled(false)
.separateExecutables(false)
.build())
.allowedRegistries(HostRuntimePolicyAllowedRegistryArgs.builder()
.allowedRegistries("string")
.enabled(false)
.build())
.applicationScopes("string")
.auditBruteForceLogin(false)
.auditFullCommandArguments(false)
.auditHostFailedLoginEvents(false)
.auditHostSuccessfulLoginEvents(false)
.auditUserAccountManagement(false)
.auditing(HostRuntimePolicyAuditingArgs.builder()
.auditAllNetwork(false)
.auditAllProcesses(false)
.auditFailedLogin(false)
.auditOsUserActivity(false)
.auditProcessCmdline(false)
.auditSuccessLogin(false)
.auditUserAccountManagement(false)
.enabled(false)
.build())
.author("string")
.blacklistedOsUsers(HostRuntimePolicyBlacklistedOsUsersArgs.builder()
.enabled(false)
.groupBlackLists("string")
.userBlackLists("string")
.build())
.blockContainerExec(false)
.blockCryptocurrencyMining(false)
.blockDisallowedImages(false)
.blockFilelessExec(false)
.blockNonCompliantWorkloads(false)
.blockNonK8sContainers(false)
.blockedFiles("string")
.bypassScopes(HostRuntimePolicyBypassScopeArgs.builder()
.enabled(false)
.scopes(HostRuntimePolicyBypassScopeScopeArgs.builder()
.expression("string")
.variables(HostRuntimePolicyBypassScopeScopeVariableArgs.builder()
.attribute("string")
.value("string")
.build())
.build())
.build())
.containerExec(HostRuntimePolicyContainerExecArgs.builder()
.blockContainerExec(false)
.containerExecProcWhiteLists("string")
.enabled(false)
.reverseShellIpWhiteLists("string")
.build())
.created("string")
.cve("string")
.defaultSecurityProfile("string")
.description("string")
.digest("string")
.driftPreventions(HostRuntimePolicyDriftPreventionArgs.builder()
.enabled(false)
.execLockdown(false)
.execLockdownWhiteLists("string")
.imageLockdown(false)
.build())
.enableCryptoMiningDns(false)
.enableForkGuard(false)
.enableIpReputation(false)
.enablePortScanProtection(false)
.enabled(false)
.enforce(false)
.enforceAfterDays(0)
.enforceSchedulerAddedOn(0)
.excludeApplicationScopes("string")
.executableBlacklists(HostRuntimePolicyExecutableBlacklistArgs.builder()
.enabled(false)
.executables("string")
.build())
.failedKubernetesChecks(HostRuntimePolicyFailedKubernetesChecksArgs.builder()
.enabled(false)
.failedChecks("string")
.build())
.fileBlock(HostRuntimePolicyFileBlockArgs.builder()
.blockFilesProcesses("string")
.blockFilesUsers("string")
.enabled(false)
.exceptionalBlockFiles("string")
.exceptionalBlockFilesProcesses("string")
.exceptionalBlockFilesUsers("string")
.filenameBlockLists("string")
.build())
.fileIntegrityMonitoring(HostRuntimePolicyFileIntegrityMonitoringArgs.builder()
.enabled(false)
.exceptionalMonitoredFiles("string")
.exceptionalMonitoredFilesProcesses("string")
.exceptionalMonitoredFilesUsers("string")
.monitoredFiles("string")
.monitoredFilesAttributes(false)
.monitoredFilesCreate(false)
.monitoredFilesDelete(false)
.monitoredFilesModify(false)
.monitoredFilesProcesses("string")
.monitoredFilesRead(false)
.monitoredFilesUsers("string")
.build())
.forkGuardProcessLimit(0)
.imageName("string")
.isAuditChecked(false)
.isAutoGenerated(false)
.isOotbPolicy(false)
.lastupdate(0)
.limitContainerPrivileges(HostRuntimePolicyLimitContainerPrivilegeArgs.builder()
.blockAddCapabilities(false)
.enabled(false)
.ipcmode(false)
.netmode(false)
.pidmode(false)
.preventLowPortBinding(false)
.preventRootUser(false)
.privileged(false)
.useHostUser(false)
.usermode(false)
.utsmode(false)
.build())
.linuxCapabilities(HostRuntimePolicyLinuxCapabilitiesArgs.builder()
.enabled(false)
.removeLinuxCapabilities("string")
.build())
.malwareScanOptions(HostRuntimePolicyMalwareScanOptionsArgs.builder()
.action("string")
.enabled(false)
.excludeDirectories("string")
.excludeProcesses("string")
.includeDirectories("string")
.build())
.monitorSystemLogIntegrity(false)
.monitorSystemTimeChanges(false)
.monitorWindowsServices(false)
.name("string")
.noNewPrivileges(false)
.onlyRegisteredImages(false)
.osGroupsAlloweds("string")
.osGroupsBlockeds("string")
.osUsersAlloweds("string")
.osUsersBlockeds("string")
.packageBlocks(HostRuntimePolicyPackageBlockArgs.builder()
.blockPackagesProcesses("string")
.blockPackagesUsers("string")
.enabled(false)
.exceptionalBlockPackagesFiles("string")
.exceptionalBlockPackagesProcesses("string")
.exceptionalBlockPackagesUsers("string")
.packagesBlackLists("string")
.build())
.permission("string")
.portBlock(HostRuntimePolicyPortBlockArgs.builder()
.blockInboundPorts("string")
.blockOutboundPorts("string")
.enabled(false)
.build())
.readonlyFiles(HostRuntimePolicyReadonlyFilesArgs.builder()
.enabled(false)
.exceptionalReadonlyFiles("string")
.exceptionalReadonlyFilesProcesses("string")
.exceptionalReadonlyFilesUsers("string")
.readonlyFiles("string")
.readonlyFilesProcesses("string")
.readonlyFilesUsers("string")
.build())
.readonlyRegistry(HostRuntimePolicyReadonlyRegistryArgs.builder()
.enabled(false)
.exceptionalReadonlyRegistryPaths("string")
.exceptionalReadonlyRegistryProcesses("string")
.exceptionalReadonlyRegistryUsers("string")
.readonlyRegistryPaths("string")
.readonlyRegistryProcesses("string")
.readonlyRegistryUsers("string")
.build())
.registry("string")
.registryAccessMonitoring(HostRuntimePolicyRegistryAccessMonitoringArgs.builder()
.enabled(false)
.exceptionalMonitoredRegistryPaths("string")
.exceptionalMonitoredRegistryProcesses("string")
.exceptionalMonitoredRegistryUsers("string")
.monitoredRegistryAttributes(false)
.monitoredRegistryCreate(false)
.monitoredRegistryDelete(false)
.monitoredRegistryModify(false)
.monitoredRegistryPaths("string")
.monitoredRegistryProcesses("string")
.monitoredRegistryRead(false)
.monitoredRegistryUsers("string")
.build())
.repoName("string")
.resourceName("string")
.resourceType("string")
.restrictedVolumes(HostRuntimePolicyRestrictedVolumeArgs.builder()
.enabled(false)
.volumes("string")
.build())
.reverseShell(HostRuntimePolicyReverseShellArgs.builder()
.blockReverseShell(false)
.enabled(false)
.reverseShellIpWhiteLists("string")
.reverseShellProcWhiteLists("string")
.build())
.runtimeMode(0)
.runtimeType("string")
.scopeExpression("string")
.scopeVariables(HostRuntimePolicyScopeVariableArgs.builder()
.attribute("string")
.value("string")
.name("string")
.build())
.scopes(HostRuntimePolicyScopeArgs.builder()
.expression("string")
.variables(HostRuntimePolicyScopeVariableArgs.builder()
.attribute("string")
.value("string")
.name("string")
.build())
.build())
.systemIntegrityProtection(HostRuntimePolicySystemIntegrityProtectionArgs.builder()
.auditSystemtimeChange(false)
.enabled(false)
.monitorAuditLogIntegrity(false)
.windowsServicesMonitoring(false)
.build())
.tripwire(HostRuntimePolicyTripwireArgs.builder()
.applyOns("string")
.enabled(false)
.serverlessApp("string")
.userId("string")
.userPassword("string")
.build())
.type("string")
.updated("string")
.version("string")
.vpatchVersion("string")
.whitelistedOsUsers(HostRuntimePolicyWhitelistedOsUsersArgs.builder()
.enabled(false)
.groupWhiteLists("string")
.userWhiteLists("string")
.build())
.build());
host_runtime_policy_resource = aquasec.HostRuntimePolicy("hostRuntimePolicyResource",
allowed_executables=[aquasec.HostRuntimePolicyAllowedExecutableArgs(
allow_executables=["string"],
allow_root_executables=["string"],
enabled=False,
separate_executables=False,
)],
allowed_registries=[aquasec.HostRuntimePolicyAllowedRegistryArgs(
allowed_registries=["string"],
enabled=False,
)],
application_scopes=["string"],
audit_brute_force_login=False,
audit_full_command_arguments=False,
audit_host_failed_login_events=False,
audit_host_successful_login_events=False,
audit_user_account_management=False,
auditing=aquasec.HostRuntimePolicyAuditingArgs(
audit_all_network=False,
audit_all_processes=False,
audit_failed_login=False,
audit_os_user_activity=False,
audit_process_cmdline=False,
audit_success_login=False,
audit_user_account_management=False,
enabled=False,
),
author="string",
blacklisted_os_users=aquasec.HostRuntimePolicyBlacklistedOsUsersArgs(
enabled=False,
group_black_lists=["string"],
user_black_lists=["string"],
),
block_container_exec=False,
block_cryptocurrency_mining=False,
block_disallowed_images=False,
block_fileless_exec=False,
block_non_compliant_workloads=False,
block_non_k8s_containers=False,
blocked_files=["string"],
bypass_scopes=[aquasec.HostRuntimePolicyBypassScopeArgs(
enabled=False,
scopes=[aquasec.HostRuntimePolicyBypassScopeScopeArgs(
expression="string",
variables=[aquasec.HostRuntimePolicyBypassScopeScopeVariableArgs(
attribute="string",
value="string",
)],
)],
)],
container_exec=aquasec.HostRuntimePolicyContainerExecArgs(
block_container_exec=False,
container_exec_proc_white_lists=["string"],
enabled=False,
reverse_shell_ip_white_lists=["string"],
),
created="string",
cve="string",
default_security_profile="string",
description="string",
digest="string",
drift_preventions=[aquasec.HostRuntimePolicyDriftPreventionArgs(
enabled=False,
exec_lockdown=False,
exec_lockdown_white_lists=["string"],
image_lockdown=False,
)],
enable_crypto_mining_dns=False,
enable_fork_guard=False,
enable_ip_reputation=False,
enable_port_scan_protection=False,
enabled=False,
enforce=False,
enforce_after_days=0,
enforce_scheduler_added_on=0,
exclude_application_scopes=["string"],
executable_blacklists=[aquasec.HostRuntimePolicyExecutableBlacklistArgs(
enabled=False,
executables=["string"],
)],
failed_kubernetes_checks=aquasec.HostRuntimePolicyFailedKubernetesChecksArgs(
enabled=False,
failed_checks=["string"],
),
file_block=aquasec.HostRuntimePolicyFileBlockArgs(
block_files_processes=["string"],
block_files_users=["string"],
enabled=False,
exceptional_block_files=["string"],
exceptional_block_files_processes=["string"],
exceptional_block_files_users=["string"],
filename_block_lists=["string"],
),
file_integrity_monitoring=aquasec.HostRuntimePolicyFileIntegrityMonitoringArgs(
enabled=False,
exceptional_monitored_files=["string"],
exceptional_monitored_files_processes=["string"],
exceptional_monitored_files_users=["string"],
monitored_files=["string"],
monitored_files_attributes=False,
monitored_files_create=False,
monitored_files_delete=False,
monitored_files_modify=False,
monitored_files_processes=["string"],
monitored_files_read=False,
monitored_files_users=["string"],
),
fork_guard_process_limit=0,
image_name="string",
is_audit_checked=False,
is_auto_generated=False,
is_ootb_policy=False,
lastupdate=0,
limit_container_privileges=[aquasec.HostRuntimePolicyLimitContainerPrivilegeArgs(
block_add_capabilities=False,
enabled=False,
ipcmode=False,
netmode=False,
pidmode=False,
prevent_low_port_binding=False,
prevent_root_user=False,
privileged=False,
use_host_user=False,
usermode=False,
utsmode=False,
)],
linux_capabilities=aquasec.HostRuntimePolicyLinuxCapabilitiesArgs(
enabled=False,
remove_linux_capabilities=["string"],
),
malware_scan_options=aquasec.HostRuntimePolicyMalwareScanOptionsArgs(
action="string",
enabled=False,
exclude_directories=["string"],
exclude_processes=["string"],
include_directories=["string"],
),
monitor_system_log_integrity=False,
monitor_system_time_changes=False,
monitor_windows_services=False,
name="string",
no_new_privileges=False,
only_registered_images=False,
os_groups_alloweds=["string"],
os_groups_blockeds=["string"],
os_users_alloweds=["string"],
os_users_blockeds=["string"],
package_blocks=[aquasec.HostRuntimePolicyPackageBlockArgs(
block_packages_processes=["string"],
block_packages_users=["string"],
enabled=False,
exceptional_block_packages_files=["string"],
exceptional_block_packages_processes=["string"],
exceptional_block_packages_users=["string"],
packages_black_lists=["string"],
)],
permission="string",
port_block=aquasec.HostRuntimePolicyPortBlockArgs(
block_inbound_ports=["string"],
block_outbound_ports=["string"],
enabled=False,
),
readonly_files=aquasec.HostRuntimePolicyReadonlyFilesArgs(
enabled=False,
exceptional_readonly_files=["string"],
exceptional_readonly_files_processes=["string"],
exceptional_readonly_files_users=["string"],
readonly_files=["string"],
readonly_files_processes=["string"],
readonly_files_users=["string"],
),
readonly_registry=aquasec.HostRuntimePolicyReadonlyRegistryArgs(
enabled=False,
exceptional_readonly_registry_paths=["string"],
exceptional_readonly_registry_processes=["string"],
exceptional_readonly_registry_users=["string"],
readonly_registry_paths=["string"],
readonly_registry_processes=["string"],
readonly_registry_users=["string"],
),
registry="string",
registry_access_monitoring=aquasec.HostRuntimePolicyRegistryAccessMonitoringArgs(
enabled=False,
exceptional_monitored_registry_paths=["string"],
exceptional_monitored_registry_processes=["string"],
exceptional_monitored_registry_users=["string"],
monitored_registry_attributes=False,
monitored_registry_create=False,
monitored_registry_delete=False,
monitored_registry_modify=False,
monitored_registry_paths=["string"],
monitored_registry_processes=["string"],
monitored_registry_read=False,
monitored_registry_users=["string"],
),
repo_name="string",
resource_name_="string",
resource_type="string",
restricted_volumes=[aquasec.HostRuntimePolicyRestrictedVolumeArgs(
enabled=False,
volumes=["string"],
)],
reverse_shell=aquasec.HostRuntimePolicyReverseShellArgs(
block_reverse_shell=False,
enabled=False,
reverse_shell_ip_white_lists=["string"],
reverse_shell_proc_white_lists=["string"],
),
runtime_mode=0,
runtime_type="string",
scope_expression="string",
scope_variables=[aquasec.HostRuntimePolicyScopeVariableArgs(
attribute="string",
value="string",
name="string",
)],
scopes=[aquasec.HostRuntimePolicyScopeArgs(
expression="string",
variables=[aquasec.HostRuntimePolicyScopeVariableArgs(
attribute="string",
value="string",
name="string",
)],
)],
system_integrity_protection=aquasec.HostRuntimePolicySystemIntegrityProtectionArgs(
audit_systemtime_change=False,
enabled=False,
monitor_audit_log_integrity=False,
windows_services_monitoring=False,
),
tripwire=aquasec.HostRuntimePolicyTripwireArgs(
apply_ons=["string"],
enabled=False,
serverless_app="string",
user_id="string",
user_password="string",
),
type="string",
updated="string",
version="string",
vpatch_version="string",
whitelisted_os_users=aquasec.HostRuntimePolicyWhitelistedOsUsersArgs(
enabled=False,
group_white_lists=["string"],
user_white_lists=["string"],
))
const hostRuntimePolicyResource = new aquasec.HostRuntimePolicy("hostRuntimePolicyResource", {
allowedExecutables: [{
allowExecutables: ["string"],
allowRootExecutables: ["string"],
enabled: false,
separateExecutables: false,
}],
allowedRegistries: [{
allowedRegistries: ["string"],
enabled: false,
}],
applicationScopes: ["string"],
auditBruteForceLogin: false,
auditFullCommandArguments: false,
auditHostFailedLoginEvents: false,
auditHostSuccessfulLoginEvents: false,
auditUserAccountManagement: false,
auditing: {
auditAllNetwork: false,
auditAllProcesses: false,
auditFailedLogin: false,
auditOsUserActivity: false,
auditProcessCmdline: false,
auditSuccessLogin: false,
auditUserAccountManagement: false,
enabled: false,
},
author: "string",
blacklistedOsUsers: {
enabled: false,
groupBlackLists: ["string"],
userBlackLists: ["string"],
},
blockContainerExec: false,
blockCryptocurrencyMining: false,
blockDisallowedImages: false,
blockFilelessExec: false,
blockNonCompliantWorkloads: false,
blockNonK8sContainers: false,
blockedFiles: ["string"],
bypassScopes: [{
enabled: false,
scopes: [{
expression: "string",
variables: [{
attribute: "string",
value: "string",
}],
}],
}],
containerExec: {
blockContainerExec: false,
containerExecProcWhiteLists: ["string"],
enabled: false,
reverseShellIpWhiteLists: ["string"],
},
created: "string",
cve: "string",
defaultSecurityProfile: "string",
description: "string",
digest: "string",
driftPreventions: [{
enabled: false,
execLockdown: false,
execLockdownWhiteLists: ["string"],
imageLockdown: false,
}],
enableCryptoMiningDns: false,
enableForkGuard: false,
enableIpReputation: false,
enablePortScanProtection: false,
enabled: false,
enforce: false,
enforceAfterDays: 0,
enforceSchedulerAddedOn: 0,
excludeApplicationScopes: ["string"],
executableBlacklists: [{
enabled: false,
executables: ["string"],
}],
failedKubernetesChecks: {
enabled: false,
failedChecks: ["string"],
},
fileBlock: {
blockFilesProcesses: ["string"],
blockFilesUsers: ["string"],
enabled: false,
exceptionalBlockFiles: ["string"],
exceptionalBlockFilesProcesses: ["string"],
exceptionalBlockFilesUsers: ["string"],
filenameBlockLists: ["string"],
},
fileIntegrityMonitoring: {
enabled: false,
exceptionalMonitoredFiles: ["string"],
exceptionalMonitoredFilesProcesses: ["string"],
exceptionalMonitoredFilesUsers: ["string"],
monitoredFiles: ["string"],
monitoredFilesAttributes: false,
monitoredFilesCreate: false,
monitoredFilesDelete: false,
monitoredFilesModify: false,
monitoredFilesProcesses: ["string"],
monitoredFilesRead: false,
monitoredFilesUsers: ["string"],
},
forkGuardProcessLimit: 0,
imageName: "string",
isAuditChecked: false,
isAutoGenerated: false,
isOotbPolicy: false,
lastupdate: 0,
limitContainerPrivileges: [{
blockAddCapabilities: false,
enabled: false,
ipcmode: false,
netmode: false,
pidmode: false,
preventLowPortBinding: false,
preventRootUser: false,
privileged: false,
useHostUser: false,
usermode: false,
utsmode: false,
}],
linuxCapabilities: {
enabled: false,
removeLinuxCapabilities: ["string"],
},
malwareScanOptions: {
action: "string",
enabled: false,
excludeDirectories: ["string"],
excludeProcesses: ["string"],
includeDirectories: ["string"],
},
monitorSystemLogIntegrity: false,
monitorSystemTimeChanges: false,
monitorWindowsServices: false,
name: "string",
noNewPrivileges: false,
onlyRegisteredImages: false,
osGroupsAlloweds: ["string"],
osGroupsBlockeds: ["string"],
osUsersAlloweds: ["string"],
osUsersBlockeds: ["string"],
packageBlocks: [{
blockPackagesProcesses: ["string"],
blockPackagesUsers: ["string"],
enabled: false,
exceptionalBlockPackagesFiles: ["string"],
exceptionalBlockPackagesProcesses: ["string"],
exceptionalBlockPackagesUsers: ["string"],
packagesBlackLists: ["string"],
}],
permission: "string",
portBlock: {
blockInboundPorts: ["string"],
blockOutboundPorts: ["string"],
enabled: false,
},
readonlyFiles: {
enabled: false,
exceptionalReadonlyFiles: ["string"],
exceptionalReadonlyFilesProcesses: ["string"],
exceptionalReadonlyFilesUsers: ["string"],
readonlyFiles: ["string"],
readonlyFilesProcesses: ["string"],
readonlyFilesUsers: ["string"],
},
readonlyRegistry: {
enabled: false,
exceptionalReadonlyRegistryPaths: ["string"],
exceptionalReadonlyRegistryProcesses: ["string"],
exceptionalReadonlyRegistryUsers: ["string"],
readonlyRegistryPaths: ["string"],
readonlyRegistryProcesses: ["string"],
readonlyRegistryUsers: ["string"],
},
registry: "string",
registryAccessMonitoring: {
enabled: false,
exceptionalMonitoredRegistryPaths: ["string"],
exceptionalMonitoredRegistryProcesses: ["string"],
exceptionalMonitoredRegistryUsers: ["string"],
monitoredRegistryAttributes: false,
monitoredRegistryCreate: false,
monitoredRegistryDelete: false,
monitoredRegistryModify: false,
monitoredRegistryPaths: ["string"],
monitoredRegistryProcesses: ["string"],
monitoredRegistryRead: false,
monitoredRegistryUsers: ["string"],
},
repoName: "string",
resourceName: "string",
resourceType: "string",
restrictedVolumes: [{
enabled: false,
volumes: ["string"],
}],
reverseShell: {
blockReverseShell: false,
enabled: false,
reverseShellIpWhiteLists: ["string"],
reverseShellProcWhiteLists: ["string"],
},
runtimeMode: 0,
runtimeType: "string",
scopeExpression: "string",
scopeVariables: [{
attribute: "string",
value: "string",
name: "string",
}],
scopes: [{
expression: "string",
variables: [{
attribute: "string",
value: "string",
name: "string",
}],
}],
systemIntegrityProtection: {
auditSystemtimeChange: false,
enabled: false,
monitorAuditLogIntegrity: false,
windowsServicesMonitoring: false,
},
tripwire: {
applyOns: ["string"],
enabled: false,
serverlessApp: "string",
userId: "string",
userPassword: "string",
},
type: "string",
updated: "string",
version: "string",
vpatchVersion: "string",
whitelistedOsUsers: {
enabled: false,
groupWhiteLists: ["string"],
userWhiteLists: ["string"],
},
});
type: aquasec:HostRuntimePolicy
properties:
allowedExecutables:
- allowExecutables:
- string
allowRootExecutables:
- string
enabled: false
separateExecutables: false
allowedRegistries:
- allowedRegistries:
- string
enabled: false
applicationScopes:
- string
auditBruteForceLogin: false
auditFullCommandArguments: false
auditHostFailedLoginEvents: false
auditHostSuccessfulLoginEvents: false
auditUserAccountManagement: false
auditing:
auditAllNetwork: false
auditAllProcesses: false
auditFailedLogin: false
auditOsUserActivity: false
auditProcessCmdline: false
auditSuccessLogin: false
auditUserAccountManagement: false
enabled: false
author: string
blacklistedOsUsers:
enabled: false
groupBlackLists:
- string
userBlackLists:
- string
blockContainerExec: false
blockCryptocurrencyMining: false
blockDisallowedImages: false
blockFilelessExec: false
blockNonCompliantWorkloads: false
blockNonK8sContainers: false
blockedFiles:
- string
bypassScopes:
- enabled: false
scopes:
- expression: string
variables:
- attribute: string
value: string
containerExec:
blockContainerExec: false
containerExecProcWhiteLists:
- string
enabled: false
reverseShellIpWhiteLists:
- string
created: string
cve: string
defaultSecurityProfile: string
description: string
digest: string
driftPreventions:
- enabled: false
execLockdown: false
execLockdownWhiteLists:
- string
imageLockdown: false
enableCryptoMiningDns: false
enableForkGuard: false
enableIpReputation: false
enablePortScanProtection: false
enabled: false
enforce: false
enforceAfterDays: 0
enforceSchedulerAddedOn: 0
excludeApplicationScopes:
- string
executableBlacklists:
- enabled: false
executables:
- string
failedKubernetesChecks:
enabled: false
failedChecks:
- string
fileBlock:
blockFilesProcesses:
- string
blockFilesUsers:
- string
enabled: false
exceptionalBlockFiles:
- string
exceptionalBlockFilesProcesses:
- string
exceptionalBlockFilesUsers:
- string
filenameBlockLists:
- string
fileIntegrityMonitoring:
enabled: false
exceptionalMonitoredFiles:
- string
exceptionalMonitoredFilesProcesses:
- string
exceptionalMonitoredFilesUsers:
- string
monitoredFiles:
- string
monitoredFilesAttributes: false
monitoredFilesCreate: false
monitoredFilesDelete: false
monitoredFilesModify: false
monitoredFilesProcesses:
- string
monitoredFilesRead: false
monitoredFilesUsers:
- string
forkGuardProcessLimit: 0
imageName: string
isAuditChecked: false
isAutoGenerated: false
isOotbPolicy: false
lastupdate: 0
limitContainerPrivileges:
- blockAddCapabilities: false
enabled: false
ipcmode: false
netmode: false
pidmode: false
preventLowPortBinding: false
preventRootUser: false
privileged: false
useHostUser: false
usermode: false
utsmode: false
linuxCapabilities:
enabled: false
removeLinuxCapabilities:
- string
malwareScanOptions:
action: string
enabled: false
excludeDirectories:
- string
excludeProcesses:
- string
includeDirectories:
- string
monitorSystemLogIntegrity: false
monitorSystemTimeChanges: false
monitorWindowsServices: false
name: string
noNewPrivileges: false
onlyRegisteredImages: false
osGroupsAlloweds:
- string
osGroupsBlockeds:
- string
osUsersAlloweds:
- string
osUsersBlockeds:
- string
packageBlocks:
- blockPackagesProcesses:
- string
blockPackagesUsers:
- string
enabled: false
exceptionalBlockPackagesFiles:
- string
exceptionalBlockPackagesProcesses:
- string
exceptionalBlockPackagesUsers:
- string
packagesBlackLists:
- string
permission: string
portBlock:
blockInboundPorts:
- string
blockOutboundPorts:
- string
enabled: false
readonlyFiles:
enabled: false
exceptionalReadonlyFiles:
- string
exceptionalReadonlyFilesProcesses:
- string
exceptionalReadonlyFilesUsers:
- string
readonlyFiles:
- string
readonlyFilesProcesses:
- string
readonlyFilesUsers:
- string
readonlyRegistry:
enabled: false
exceptionalReadonlyRegistryPaths:
- string
exceptionalReadonlyRegistryProcesses:
- string
exceptionalReadonlyRegistryUsers:
- string
readonlyRegistryPaths:
- string
readonlyRegistryProcesses:
- string
readonlyRegistryUsers:
- string
registry: string
registryAccessMonitoring:
enabled: false
exceptionalMonitoredRegistryPaths:
- string
exceptionalMonitoredRegistryProcesses:
- string
exceptionalMonitoredRegistryUsers:
- string
monitoredRegistryAttributes: false
monitoredRegistryCreate: false
monitoredRegistryDelete: false
monitoredRegistryModify: false
monitoredRegistryPaths:
- string
monitoredRegistryProcesses:
- string
monitoredRegistryRead: false
monitoredRegistryUsers:
- string
repoName: string
resourceName: string
resourceType: string
restrictedVolumes:
- enabled: false
volumes:
- string
reverseShell:
blockReverseShell: false
enabled: false
reverseShellIpWhiteLists:
- string
reverseShellProcWhiteLists:
- string
runtimeMode: 0
runtimeType: string
scopeExpression: string
scopeVariables:
- attribute: string
name: string
value: string
scopes:
- expression: string
variables:
- attribute: string
name: string
value: string
systemIntegrityProtection:
auditSystemtimeChange: false
enabled: false
monitorAuditLogIntegrity: false
windowsServicesMonitoring: false
tripwire:
applyOns:
- string
enabled: false
serverlessApp: string
userId: string
userPassword: string
type: string
updated: string
version: string
vpatchVersion: string
whitelistedOsUsers:
enabled: false
groupWhiteLists:
- string
userWhiteLists:
- string
HostRuntimePolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The HostRuntimePolicy resource accepts the following input properties:
- Allowed
Executables List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Allowed Executable> - Allowed executables configuration.
- Allowed
Registries List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Allowed Registry> - Allowed registries configuration.
- Application
Scopes List<string> - Indicates the application scope of the service.
- Audit
Brute boolForce Login - Detects brute force login attempts
- Audit
Full boolCommand Arguments - If true, full command arguments will be audited.
- Audit
Host boolFailed Login Events - If true, host failed logins will be audited.
- Audit
Host boolSuccessful Login Events - If true, host successful logins will be audited.
- Audit
User boolAccount Management - If true, account management will be audited.
- Auditing
Pulumiverse.
Aquasec. Inputs. Host Runtime Policy Auditing - string
- Username of the account that created the service.
- Blacklisted
Os Pulumiverse.Users Aquasec. Inputs. Host Runtime Policy Blacklisted Os Users - Block
Container boolExec - Block
Cryptocurrency boolMining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- Block
Disallowed boolImages - Block
Fileless boolExec - Block
Non boolCompliant Workloads - Block
Non boolK8s Containers - Blocked
Files List<string> - List of files that are prevented from being read, modified and executed in the containers.
- Bypass
Scopes List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Bypass Scope> - Bypass scope configuration.
- Container
Exec Pulumiverse.Aquasec. Inputs. Host Runtime Policy Container Exec - Created string
- Cve string
- Default
Security stringProfile - Description string
- The description of the host runtime policy
- Digest string
- Drift
Preventions List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Drift Prevention> - Drift prevention configuration.
- Enable
Crypto boolMining Dns - Enable
Fork boolGuard - Enable
Ip boolReputation - Enable
Port boolScan Protection - Enabled bool
- Indicates if the runtime policy is enabled or not.
- Enforce bool
- Indicates that policy should effect container execution (not just for audit).
- Enforce
After intDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- Enforce
Scheduler intAdded On - Exclude
Application List<string>Scopes - List of excluded application scopes.
- Executable
Blacklists List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Executable Blacklist> - Executable blacklist configuration.
- Failed
Kubernetes Pulumiverse.Checks Aquasec. Inputs. Host Runtime Policy Failed Kubernetes Checks - File
Block Pulumiverse.Aquasec. Inputs. Host Runtime Policy File Block - File
Integrity Pulumiverse.Monitoring Aquasec. Inputs. Host Runtime Policy File Integrity Monitoring - Configuration for file integrity monitoring.
- Fork
Guard intProcess Limit - Image
Name string - Is
Audit boolChecked - Is
Auto boolGenerated - Is
Ootb boolPolicy - Lastupdate int
- Limit
Container List<Pulumiverse.Privileges Aquasec. Inputs. Host Runtime Policy Limit Container Privilege> - Container privileges configuration.
- Linux
Capabilities Pulumiverse.Aquasec. Inputs. Host Runtime Policy Linux Capabilities - Malware
Scan Pulumiverse.Options Aquasec. Inputs. Host Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- Monitor
System boolLog Integrity - If true, system log will be monitored.
- Monitor
System boolTime Changes - If true, system time changes will be monitored.
- Monitor
Windows boolServices - If true, windows service operations will be monitored.
- Name string
- Name of the host runtime policy
- No
New boolPrivileges - Only
Registered boolImages - Os
Groups List<string>Alloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- Os
Groups List<string>Blockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- Os
Users List<string>Alloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- Os
Users List<string>Blockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- Package
Blocks List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Package Block> - Permission string
- Port
Block Pulumiverse.Aquasec. Inputs. Host Runtime Policy Port Block - Readonly
Files Pulumiverse.Aquasec. Inputs. Host Runtime Policy Readonly Files - Readonly
Registry Pulumiverse.Aquasec. Inputs. Host Runtime Policy Readonly Registry - Registry string
- Registry
Access Pulumiverse.Monitoring Aquasec. Inputs. Host Runtime Policy Registry Access Monitoring - Repo
Name string - Resource
Name string - Resource
Type string - Restricted
Volumes List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Restricted Volume> - Restricted volumes configuration.
- Reverse
Shell Pulumiverse.Aquasec. Inputs. Host Runtime Policy Reverse Shell - Runtime
Mode int - Runtime
Type string - Scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Scope Variable> - List of scope attributes.
- Scopes
List<Pulumiverse.
Aquasec. Inputs. Host Runtime Policy Scope> - Scope configuration.
- System
Integrity Pulumiverse.Protection Aquasec. Inputs. Host Runtime Policy System Integrity Protection - Tripwire
Pulumiverse.
Aquasec. Inputs. Host Runtime Policy Tripwire - Type string
- Updated string
- Version string
- Vpatch
Version string - Whitelisted
Os Pulumiverse.Users Aquasec. Inputs. Host Runtime Policy Whitelisted Os Users
- Allowed
Executables []HostRuntime Policy Allowed Executable Args - Allowed executables configuration.
- Allowed
Registries []HostRuntime Policy Allowed Registry Args - Allowed registries configuration.
- Application
Scopes []string - Indicates the application scope of the service.
- Audit
Brute boolForce Login - Detects brute force login attempts
- Audit
Full boolCommand Arguments - If true, full command arguments will be audited.
- Audit
Host boolFailed Login Events - If true, host failed logins will be audited.
- Audit
Host boolSuccessful Login Events - If true, host successful logins will be audited.
- Audit
User boolAccount Management - If true, account management will be audited.
- Auditing
Host
Runtime Policy Auditing Args - string
- Username of the account that created the service.
- Blacklisted
Os HostUsers Runtime Policy Blacklisted Os Users Args - Block
Container boolExec - Block
Cryptocurrency boolMining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- Block
Disallowed boolImages - Block
Fileless boolExec - Block
Non boolCompliant Workloads - Block
Non boolK8s Containers - Blocked
Files []string - List of files that are prevented from being read, modified and executed in the containers.
- Bypass
Scopes []HostRuntime Policy Bypass Scope Args - Bypass scope configuration.
- Container
Exec HostRuntime Policy Container Exec Args - Created string
- Cve string
- Default
Security stringProfile - Description string
- The description of the host runtime policy
- Digest string
- Drift
Preventions []HostRuntime Policy Drift Prevention Args - Drift prevention configuration.
- Enable
Crypto boolMining Dns - Enable
Fork boolGuard - Enable
Ip boolReputation - Enable
Port boolScan Protection - Enabled bool
- Indicates if the runtime policy is enabled or not.
- Enforce bool
- Indicates that policy should effect container execution (not just for audit).
- Enforce
After intDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- Enforce
Scheduler intAdded On - Exclude
Application []stringScopes - List of excluded application scopes.
- Executable
Blacklists []HostRuntime Policy Executable Blacklist Args - Executable blacklist configuration.
- Failed
Kubernetes HostChecks Runtime Policy Failed Kubernetes Checks Args - File
Block HostRuntime Policy File Block Args - File
Integrity HostMonitoring Runtime Policy File Integrity Monitoring Args - Configuration for file integrity monitoring.
- Fork
Guard intProcess Limit - Image
Name string - Is
Audit boolChecked - Is
Auto boolGenerated - Is
Ootb boolPolicy - Lastupdate int
- Limit
Container []HostPrivileges Runtime Policy Limit Container Privilege Args - Container privileges configuration.
- Linux
Capabilities HostRuntime Policy Linux Capabilities Args - Malware
Scan HostOptions Runtime Policy Malware Scan Options Args - Configuration for Real-Time Malware Protection.
- Monitor
System boolLog Integrity - If true, system log will be monitored.
- Monitor
System boolTime Changes - If true, system time changes will be monitored.
- Monitor
Windows boolServices - If true, windows service operations will be monitored.
- Name string
- Name of the host runtime policy
- No
New boolPrivileges - Only
Registered boolImages - Os
Groups []stringAlloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- Os
Groups []stringBlockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- Os
Users []stringAlloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- Os
Users []stringBlockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- Package
Blocks []HostRuntime Policy Package Block Args - Permission string
- Port
Block HostRuntime Policy Port Block Args - Readonly
Files HostRuntime Policy Readonly Files Args - Readonly
Registry HostRuntime Policy Readonly Registry Args - Registry string
- Registry
Access HostMonitoring Runtime Policy Registry Access Monitoring Args - Repo
Name string - Resource
Name string - Resource
Type string - Restricted
Volumes []HostRuntime Policy Restricted Volume Args - Restricted volumes configuration.
- Reverse
Shell HostRuntime Policy Reverse Shell Args - Runtime
Mode int - Runtime
Type string - Scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables []HostRuntime Policy Scope Variable Args - List of scope attributes.
- Scopes
[]Host
Runtime Policy Scope Args - Scope configuration.
- System
Integrity HostProtection Runtime Policy System Integrity Protection Args - Tripwire
Host
Runtime Policy Tripwire Args - Type string
- Updated string
- Version string
- Vpatch
Version string - Whitelisted
Os HostUsers Runtime Policy Whitelisted Os Users Args
- allowed
Executables List<HostRuntime Policy Allowed Executable> - Allowed executables configuration.
- allowed
Registries List<HostRuntime Policy Allowed Registry> - Allowed registries configuration.
- application
Scopes List<String> - Indicates the application scope of the service.
- audit
Brute BooleanForce Login - Detects brute force login attempts
- audit
Full BooleanCommand Arguments - If true, full command arguments will be audited.
- audit
Host BooleanFailed Login Events - If true, host failed logins will be audited.
- audit
Host BooleanSuccessful Login Events - If true, host successful logins will be audited.
- audit
User BooleanAccount Management - If true, account management will be audited.
- auditing
Host
Runtime Policy Auditing - String
- Username of the account that created the service.
- blacklisted
Os HostUsers Runtime Policy Blacklisted Os Users - block
Container BooleanExec - block
Cryptocurrency BooleanMining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- block
Disallowed BooleanImages - block
Fileless BooleanExec - block
Non BooleanCompliant Workloads - block
Non BooleanK8s Containers - blocked
Files List<String> - List of files that are prevented from being read, modified and executed in the containers.
- bypass
Scopes List<HostRuntime Policy Bypass Scope> - Bypass scope configuration.
- container
Exec HostRuntime Policy Container Exec - created String
- cve String
- default
Security StringProfile - description String
- The description of the host runtime policy
- digest String
- drift
Preventions List<HostRuntime Policy Drift Prevention> - Drift prevention configuration.
- enable
Crypto BooleanMining Dns - enable
Fork BooleanGuard - enable
Ip BooleanReputation - enable
Port BooleanScan Protection - enabled Boolean
- Indicates if the runtime policy is enabled or not.
- enforce Boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After IntegerDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler IntegerAdded On - exclude
Application List<String>Scopes - List of excluded application scopes.
- executable
Blacklists List<HostRuntime Policy Executable Blacklist> - Executable blacklist configuration.
- failed
Kubernetes HostChecks Runtime Policy Failed Kubernetes Checks - file
Block HostRuntime Policy File Block - file
Integrity HostMonitoring Runtime Policy File Integrity Monitoring - Configuration for file integrity monitoring.
- fork
Guard IntegerProcess Limit - image
Name String - is
Audit BooleanChecked - is
Auto BooleanGenerated - is
Ootb BooleanPolicy - lastupdate Integer
- limit
Container List<HostPrivileges Runtime Policy Limit Container Privilege> - Container privileges configuration.
- linux
Capabilities HostRuntime Policy Linux Capabilities - malware
Scan HostOptions Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- monitor
System BooleanLog Integrity - If true, system log will be monitored.
- monitor
System BooleanTime Changes - If true, system time changes will be monitored.
- monitor
Windows BooleanServices - If true, windows service operations will be monitored.
- name String
- Name of the host runtime policy
- no
New BooleanPrivileges - only
Registered BooleanImages - os
Groups List<String>Alloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Groups List<String>Blockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Users List<String>Alloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- os
Users List<String>Blockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- package
Blocks List<HostRuntime Policy Package Block> - permission String
- port
Block HostRuntime Policy Port Block - readonly
Files HostRuntime Policy Readonly Files - readonly
Registry HostRuntime Policy Readonly Registry - registry String
- registry
Access HostMonitoring Runtime Policy Registry Access Monitoring - repo
Name String - resource
Name String - resource
Type String - restricted
Volumes List<HostRuntime Policy Restricted Volume> - Restricted volumes configuration.
- reverse
Shell HostRuntime Policy Reverse Shell - runtime
Mode Integer - runtime
Type String - scope
Expression String - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<HostRuntime Policy Scope Variable> - List of scope attributes.
- scopes
List<Host
Runtime Policy Scope> - Scope configuration.
- system
Integrity HostProtection Runtime Policy System Integrity Protection - tripwire
Host
Runtime Policy Tripwire - type String
- updated String
- version String
- vpatch
Version String - whitelisted
Os HostUsers Runtime Policy Whitelisted Os Users
- allowed
Executables HostRuntime Policy Allowed Executable[] - Allowed executables configuration.
- allowed
Registries HostRuntime Policy Allowed Registry[] - Allowed registries configuration.
- application
Scopes string[] - Indicates the application scope of the service.
- audit
Brute booleanForce Login - Detects brute force login attempts
- audit
Full booleanCommand Arguments - If true, full command arguments will be audited.
- audit
Host booleanFailed Login Events - If true, host failed logins will be audited.
- audit
Host booleanSuccessful Login Events - If true, host successful logins will be audited.
- audit
User booleanAccount Management - If true, account management will be audited.
- auditing
Host
Runtime Policy Auditing - string
- Username of the account that created the service.
- blacklisted
Os HostUsers Runtime Policy Blacklisted Os Users - block
Container booleanExec - block
Cryptocurrency booleanMining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- block
Disallowed booleanImages - block
Fileless booleanExec - block
Non booleanCompliant Workloads - block
Non booleanK8s Containers - blocked
Files string[] - List of files that are prevented from being read, modified and executed in the containers.
- bypass
Scopes HostRuntime Policy Bypass Scope[] - Bypass scope configuration.
- container
Exec HostRuntime Policy Container Exec - created string
- cve string
- default
Security stringProfile - description string
- The description of the host runtime policy
- digest string
- drift
Preventions HostRuntime Policy Drift Prevention[] - Drift prevention configuration.
- enable
Crypto booleanMining Dns - enable
Fork booleanGuard - enable
Ip booleanReputation - enable
Port booleanScan Protection - enabled boolean
- Indicates if the runtime policy is enabled or not.
- enforce boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After numberDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler numberAdded On - exclude
Application string[]Scopes - List of excluded application scopes.
- executable
Blacklists HostRuntime Policy Executable Blacklist[] - Executable blacklist configuration.
- failed
Kubernetes HostChecks Runtime Policy Failed Kubernetes Checks - file
Block HostRuntime Policy File Block - file
Integrity HostMonitoring Runtime Policy File Integrity Monitoring - Configuration for file integrity monitoring.
- fork
Guard numberProcess Limit - image
Name string - is
Audit booleanChecked - is
Auto booleanGenerated - is
Ootb booleanPolicy - lastupdate number
- limit
Container HostPrivileges Runtime Policy Limit Container Privilege[] - Container privileges configuration.
- linux
Capabilities HostRuntime Policy Linux Capabilities - malware
Scan HostOptions Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- monitor
System booleanLog Integrity - If true, system log will be monitored.
- monitor
System booleanTime Changes - If true, system time changes will be monitored.
- monitor
Windows booleanServices - If true, windows service operations will be monitored.
- name string
- Name of the host runtime policy
- no
New booleanPrivileges - only
Registered booleanImages - os
Groups string[]Alloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Groups string[]Blockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Users string[]Alloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- os
Users string[]Blockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- package
Blocks HostRuntime Policy Package Block[] - permission string
- port
Block HostRuntime Policy Port Block - readonly
Files HostRuntime Policy Readonly Files - readonly
Registry HostRuntime Policy Readonly Registry - registry string
- registry
Access HostMonitoring Runtime Policy Registry Access Monitoring - repo
Name string - resource
Name string - resource
Type string - restricted
Volumes HostRuntime Policy Restricted Volume[] - Restricted volumes configuration.
- reverse
Shell HostRuntime Policy Reverse Shell - runtime
Mode number - runtime
Type string - scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables HostRuntime Policy Scope Variable[] - List of scope attributes.
- scopes
Host
Runtime Policy Scope[] - Scope configuration.
- system
Integrity HostProtection Runtime Policy System Integrity Protection - tripwire
Host
Runtime Policy Tripwire - type string
- updated string
- version string
- vpatch
Version string - whitelisted
Os HostUsers Runtime Policy Whitelisted Os Users
- allowed_
executables Sequence[HostRuntime Policy Allowed Executable Args] - Allowed executables configuration.
- allowed_
registries Sequence[HostRuntime Policy Allowed Registry Args] - Allowed registries configuration.
- application_
scopes Sequence[str] - Indicates the application scope of the service.
- audit_
brute_ boolforce_ login - Detects brute force login attempts
- audit_
full_ boolcommand_ arguments - If true, full command arguments will be audited.
- audit_
host_ boolfailed_ login_ events - If true, host failed logins will be audited.
- audit_
host_ boolsuccessful_ login_ events - If true, host successful logins will be audited.
- audit_
user_ boolaccount_ management - If true, account management will be audited.
- auditing
Host
Runtime Policy Auditing Args - str
- Username of the account that created the service.
- blacklisted_
os_ Hostusers Runtime Policy Blacklisted Os Users Args - block_
container_ boolexec - block_
cryptocurrency_ boolmining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- block_
disallowed_ boolimages - block_
fileless_ boolexec - block_
non_ boolcompliant_ workloads - block_
non_ boolk8s_ containers - blocked_
files Sequence[str] - List of files that are prevented from being read, modified and executed in the containers.
- bypass_
scopes Sequence[HostRuntime Policy Bypass Scope Args] - Bypass scope configuration.
- container_
exec HostRuntime Policy Container Exec Args - created str
- cve str
- default_
security_ strprofile - description str
- The description of the host runtime policy
- digest str
- drift_
preventions Sequence[HostRuntime Policy Drift Prevention Args] - Drift prevention configuration.
- enable_
crypto_ boolmining_ dns - enable_
fork_ boolguard - enable_
ip_ boolreputation - enable_
port_ boolscan_ protection - enabled bool
- Indicates if the runtime policy is enabled or not.
- enforce bool
- Indicates that policy should effect container execution (not just for audit).
- enforce_
after_ intdays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce_
scheduler_ intadded_ on - exclude_
application_ Sequence[str]scopes - List of excluded application scopes.
- executable_
blacklists Sequence[HostRuntime Policy Executable Blacklist Args] - Executable blacklist configuration.
- failed_
kubernetes_ Hostchecks Runtime Policy Failed Kubernetes Checks Args - file_
block HostRuntime Policy File Block Args - file_
integrity_ Hostmonitoring Runtime Policy File Integrity Monitoring Args - Configuration for file integrity monitoring.
- fork_
guard_ intprocess_ limit - image_
name str - is_
audit_ boolchecked - is_
auto_ boolgenerated - is_
ootb_ boolpolicy - lastupdate int
- limit_
container_ Sequence[Hostprivileges Runtime Policy Limit Container Privilege Args] - Container privileges configuration.
- linux_
capabilities HostRuntime Policy Linux Capabilities Args - malware_
scan_ Hostoptions Runtime Policy Malware Scan Options Args - Configuration for Real-Time Malware Protection.
- monitor_
system_ boollog_ integrity - If true, system log will be monitored.
- monitor_
system_ booltime_ changes - If true, system time changes will be monitored.
- monitor_
windows_ boolservices - If true, windows service operations will be monitored.
- name str
- Name of the host runtime policy
- no_
new_ boolprivileges - only_
registered_ boolimages - os_
groups_ Sequence[str]alloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os_
groups_ Sequence[str]blockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os_
users_ Sequence[str]alloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- os_
users_ Sequence[str]blockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- package_
blocks Sequence[HostRuntime Policy Package Block Args] - permission str
- port_
block HostRuntime Policy Port Block Args - readonly_
files HostRuntime Policy Readonly Files Args - readonly_
registry HostRuntime Policy Readonly Registry Args - registry str
- registry_
access_ Hostmonitoring Runtime Policy Registry Access Monitoring Args - repo_
name str - resource_
name str - resource_
type str - restricted_
volumes Sequence[HostRuntime Policy Restricted Volume Args] - Restricted volumes configuration.
- reverse_
shell HostRuntime Policy Reverse Shell Args - runtime_
mode int - runtime_
type str - scope_
expression str - Logical expression of how to compute the dependency of the scope variables.
- scope_
variables Sequence[HostRuntime Policy Scope Variable Args] - List of scope attributes.
- scopes
Sequence[Host
Runtime Policy Scope Args] - Scope configuration.
- system_
integrity_ Hostprotection Runtime Policy System Integrity Protection Args - tripwire
Host
Runtime Policy Tripwire Args - type str
- updated str
- version str
- vpatch_
version str - whitelisted_
os_ Hostusers Runtime Policy Whitelisted Os Users Args
- allowed
Executables List<Property Map> - Allowed executables configuration.
- allowed
Registries List<Property Map> - Allowed registries configuration.
- application
Scopes List<String> - Indicates the application scope of the service.
- audit
Brute BooleanForce Login - Detects brute force login attempts
- audit
Full BooleanCommand Arguments - If true, full command arguments will be audited.
- audit
Host BooleanFailed Login Events - If true, host failed logins will be audited.
- audit
Host BooleanSuccessful Login Events - If true, host successful logins will be audited.
- audit
User BooleanAccount Management - If true, account management will be audited.
- auditing Property Map
- String
- Username of the account that created the service.
- blacklisted
Os Property MapUsers - block
Container BooleanExec - block
Cryptocurrency BooleanMining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- block
Disallowed BooleanImages - block
Fileless BooleanExec - block
Non BooleanCompliant Workloads - block
Non BooleanK8s Containers - blocked
Files List<String> - List of files that are prevented from being read, modified and executed in the containers.
- bypass
Scopes List<Property Map> - Bypass scope configuration.
- container
Exec Property Map - created String
- cve String
- default
Security StringProfile - description String
- The description of the host runtime policy
- digest String
- drift
Preventions List<Property Map> - Drift prevention configuration.
- enable
Crypto BooleanMining Dns - enable
Fork BooleanGuard - enable
Ip BooleanReputation - enable
Port BooleanScan Protection - enabled Boolean
- Indicates if the runtime policy is enabled or not.
- enforce Boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After NumberDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler NumberAdded On - exclude
Application List<String>Scopes - List of excluded application scopes.
- executable
Blacklists List<Property Map> - Executable blacklist configuration.
- failed
Kubernetes Property MapChecks - file
Block Property Map - file
Integrity Property MapMonitoring - Configuration for file integrity monitoring.
- fork
Guard NumberProcess Limit - image
Name String - is
Audit BooleanChecked - is
Auto BooleanGenerated - is
Ootb BooleanPolicy - lastupdate Number
- limit
Container List<Property Map>Privileges - Container privileges configuration.
- linux
Capabilities Property Map - malware
Scan Property MapOptions - Configuration for Real-Time Malware Protection.
- monitor
System BooleanLog Integrity - If true, system log will be monitored.
- monitor
System BooleanTime Changes - If true, system time changes will be monitored.
- monitor
Windows BooleanServices - If true, windows service operations will be monitored.
- name String
- Name of the host runtime policy
- no
New BooleanPrivileges - only
Registered BooleanImages - os
Groups List<String>Alloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Groups List<String>Blockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Users List<String>Alloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- os
Users List<String>Blockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- package
Blocks List<Property Map> - permission String
- port
Block Property Map - readonly
Files Property Map - readonly
Registry Property Map - registry String
- registry
Access Property MapMonitoring - repo
Name String - resource
Name String - resource
Type String - restricted
Volumes List<Property Map> - Restricted volumes configuration.
- reverse
Shell Property Map - runtime
Mode Number - runtime
Type String - scope
Expression String - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<Property Map> - List of scope attributes.
- scopes List<Property Map>
- Scope configuration.
- system
Integrity Property MapProtection - tripwire Property Map
- type String
- updated String
- version String
- vpatch
Version String - whitelisted
Os Property MapUsers
Outputs
All input properties are implicitly available as output properties. Additionally, the HostRuntimePolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing HostRuntimePolicy Resource
Get an existing HostRuntimePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: HostRuntimePolicyState, opts?: CustomResourceOptions): HostRuntimePolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_executables: Optional[Sequence[HostRuntimePolicyAllowedExecutableArgs]] = None,
allowed_registries: Optional[Sequence[HostRuntimePolicyAllowedRegistryArgs]] = None,
application_scopes: Optional[Sequence[str]] = None,
audit_brute_force_login: Optional[bool] = None,
audit_full_command_arguments: Optional[bool] = None,
audit_host_failed_login_events: Optional[bool] = None,
audit_host_successful_login_events: Optional[bool] = None,
audit_user_account_management: Optional[bool] = None,
auditing: Optional[HostRuntimePolicyAuditingArgs] = None,
author: Optional[str] = None,
blacklisted_os_users: Optional[HostRuntimePolicyBlacklistedOsUsersArgs] = None,
block_container_exec: Optional[bool] = None,
block_cryptocurrency_mining: Optional[bool] = None,
block_disallowed_images: Optional[bool] = None,
block_fileless_exec: Optional[bool] = None,
block_non_compliant_workloads: Optional[bool] = None,
block_non_k8s_containers: Optional[bool] = None,
blocked_files: Optional[Sequence[str]] = None,
bypass_scopes: Optional[Sequence[HostRuntimePolicyBypassScopeArgs]] = None,
container_exec: Optional[HostRuntimePolicyContainerExecArgs] = None,
created: Optional[str] = None,
cve: Optional[str] = None,
default_security_profile: Optional[str] = None,
description: Optional[str] = None,
digest: Optional[str] = None,
drift_preventions: Optional[Sequence[HostRuntimePolicyDriftPreventionArgs]] = None,
enable_crypto_mining_dns: Optional[bool] = None,
enable_fork_guard: Optional[bool] = None,
enable_ip_reputation: Optional[bool] = None,
enable_port_scan_protection: Optional[bool] = None,
enabled: Optional[bool] = None,
enforce: Optional[bool] = None,
enforce_after_days: Optional[int] = None,
enforce_scheduler_added_on: Optional[int] = None,
exclude_application_scopes: Optional[Sequence[str]] = None,
executable_blacklists: Optional[Sequence[HostRuntimePolicyExecutableBlacklistArgs]] = None,
failed_kubernetes_checks: Optional[HostRuntimePolicyFailedKubernetesChecksArgs] = None,
file_block: Optional[HostRuntimePolicyFileBlockArgs] = None,
file_integrity_monitoring: Optional[HostRuntimePolicyFileIntegrityMonitoringArgs] = None,
fork_guard_process_limit: Optional[int] = None,
image_name: Optional[str] = None,
is_audit_checked: Optional[bool] = None,
is_auto_generated: Optional[bool] = None,
is_ootb_policy: Optional[bool] = None,
lastupdate: Optional[int] = None,
limit_container_privileges: Optional[Sequence[HostRuntimePolicyLimitContainerPrivilegeArgs]] = None,
linux_capabilities: Optional[HostRuntimePolicyLinuxCapabilitiesArgs] = None,
malware_scan_options: Optional[HostRuntimePolicyMalwareScanOptionsArgs] = None,
monitor_system_log_integrity: Optional[bool] = None,
monitor_system_time_changes: Optional[bool] = None,
monitor_windows_services: Optional[bool] = None,
name: Optional[str] = None,
no_new_privileges: Optional[bool] = None,
only_registered_images: Optional[bool] = None,
os_groups_alloweds: Optional[Sequence[str]] = None,
os_groups_blockeds: Optional[Sequence[str]] = None,
os_users_alloweds: Optional[Sequence[str]] = None,
os_users_blockeds: Optional[Sequence[str]] = None,
package_blocks: Optional[Sequence[HostRuntimePolicyPackageBlockArgs]] = None,
permission: Optional[str] = None,
port_block: Optional[HostRuntimePolicyPortBlockArgs] = None,
readonly_files: Optional[HostRuntimePolicyReadonlyFilesArgs] = None,
readonly_registry: Optional[HostRuntimePolicyReadonlyRegistryArgs] = None,
registry: Optional[str] = None,
registry_access_monitoring: Optional[HostRuntimePolicyRegistryAccessMonitoringArgs] = None,
repo_name: Optional[str] = None,
resource_name: Optional[str] = None,
resource_type: Optional[str] = None,
restricted_volumes: Optional[Sequence[HostRuntimePolicyRestrictedVolumeArgs]] = None,
reverse_shell: Optional[HostRuntimePolicyReverseShellArgs] = None,
runtime_mode: Optional[int] = None,
runtime_type: Optional[str] = None,
scope_expression: Optional[str] = None,
scope_variables: Optional[Sequence[HostRuntimePolicyScopeVariableArgs]] = None,
scopes: Optional[Sequence[HostRuntimePolicyScopeArgs]] = None,
system_integrity_protection: Optional[HostRuntimePolicySystemIntegrityProtectionArgs] = None,
tripwire: Optional[HostRuntimePolicyTripwireArgs] = None,
type: Optional[str] = None,
updated: Optional[str] = None,
version: Optional[str] = None,
vpatch_version: Optional[str] = None,
whitelisted_os_users: Optional[HostRuntimePolicyWhitelistedOsUsersArgs] = None) -> HostRuntimePolicyfunc GetHostRuntimePolicy(ctx *Context, name string, id IDInput, state *HostRuntimePolicyState, opts ...ResourceOption) (*HostRuntimePolicy, error)public static HostRuntimePolicy Get(string name, Input<string> id, HostRuntimePolicyState? state, CustomResourceOptions? opts = null)public static HostRuntimePolicy get(String name, Output<String> id, HostRuntimePolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Executables List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Allowed Executable> - Allowed executables configuration.
- Allowed
Registries List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Allowed Registry> - Allowed registries configuration.
- Application
Scopes List<string> - Indicates the application scope of the service.
- Audit
Brute boolForce Login - Detects brute force login attempts
- Audit
Full boolCommand Arguments - If true, full command arguments will be audited.
- Audit
Host boolFailed Login Events - If true, host failed logins will be audited.
- Audit
Host boolSuccessful Login Events - If true, host successful logins will be audited.
- Audit
User boolAccount Management - If true, account management will be audited.
- Auditing
Pulumiverse.
Aquasec. Inputs. Host Runtime Policy Auditing - string
- Username of the account that created the service.
- Blacklisted
Os Pulumiverse.Users Aquasec. Inputs. Host Runtime Policy Blacklisted Os Users - Block
Container boolExec - Block
Cryptocurrency boolMining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- Block
Disallowed boolImages - Block
Fileless boolExec - Block
Non boolCompliant Workloads - Block
Non boolK8s Containers - Blocked
Files List<string> - List of files that are prevented from being read, modified and executed in the containers.
- Bypass
Scopes List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Bypass Scope> - Bypass scope configuration.
- Container
Exec Pulumiverse.Aquasec. Inputs. Host Runtime Policy Container Exec - Created string
- Cve string
- Default
Security stringProfile - Description string
- The description of the host runtime policy
- Digest string
- Drift
Preventions List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Drift Prevention> - Drift prevention configuration.
- Enable
Crypto boolMining Dns - Enable
Fork boolGuard - Enable
Ip boolReputation - Enable
Port boolScan Protection - Enabled bool
- Indicates if the runtime policy is enabled or not.
- Enforce bool
- Indicates that policy should effect container execution (not just for audit).
- Enforce
After intDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- Enforce
Scheduler intAdded On - Exclude
Application List<string>Scopes - List of excluded application scopes.
- Executable
Blacklists List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Executable Blacklist> - Executable blacklist configuration.
- Failed
Kubernetes Pulumiverse.Checks Aquasec. Inputs. Host Runtime Policy Failed Kubernetes Checks - File
Block Pulumiverse.Aquasec. Inputs. Host Runtime Policy File Block - File
Integrity Pulumiverse.Monitoring Aquasec. Inputs. Host Runtime Policy File Integrity Monitoring - Configuration for file integrity monitoring.
- Fork
Guard intProcess Limit - Image
Name string - Is
Audit boolChecked - Is
Auto boolGenerated - Is
Ootb boolPolicy - Lastupdate int
- Limit
Container List<Pulumiverse.Privileges Aquasec. Inputs. Host Runtime Policy Limit Container Privilege> - Container privileges configuration.
- Linux
Capabilities Pulumiverse.Aquasec. Inputs. Host Runtime Policy Linux Capabilities - Malware
Scan Pulumiverse.Options Aquasec. Inputs. Host Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- Monitor
System boolLog Integrity - If true, system log will be monitored.
- Monitor
System boolTime Changes - If true, system time changes will be monitored.
- Monitor
Windows boolServices - If true, windows service operations will be monitored.
- Name string
- Name of the host runtime policy
- No
New boolPrivileges - Only
Registered boolImages - Os
Groups List<string>Alloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- Os
Groups List<string>Blockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- Os
Users List<string>Alloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- Os
Users List<string>Blockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- Package
Blocks List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Package Block> - Permission string
- Port
Block Pulumiverse.Aquasec. Inputs. Host Runtime Policy Port Block - Readonly
Files Pulumiverse.Aquasec. Inputs. Host Runtime Policy Readonly Files - Readonly
Registry Pulumiverse.Aquasec. Inputs. Host Runtime Policy Readonly Registry - Registry string
- Registry
Access Pulumiverse.Monitoring Aquasec. Inputs. Host Runtime Policy Registry Access Monitoring - Repo
Name string - Resource
Name string - Resource
Type string - Restricted
Volumes List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Restricted Volume> - Restricted volumes configuration.
- Reverse
Shell Pulumiverse.Aquasec. Inputs. Host Runtime Policy Reverse Shell - Runtime
Mode int - Runtime
Type string - Scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables List<Pulumiverse.Aquasec. Inputs. Host Runtime Policy Scope Variable> - List of scope attributes.
- Scopes
List<Pulumiverse.
Aquasec. Inputs. Host Runtime Policy Scope> - Scope configuration.
- System
Integrity Pulumiverse.Protection Aquasec. Inputs. Host Runtime Policy System Integrity Protection - Tripwire
Pulumiverse.
Aquasec. Inputs. Host Runtime Policy Tripwire - Type string
- Updated string
- Version string
- Vpatch
Version string - Whitelisted
Os Pulumiverse.Users Aquasec. Inputs. Host Runtime Policy Whitelisted Os Users
- Allowed
Executables []HostRuntime Policy Allowed Executable Args - Allowed executables configuration.
- Allowed
Registries []HostRuntime Policy Allowed Registry Args - Allowed registries configuration.
- Application
Scopes []string - Indicates the application scope of the service.
- Audit
Brute boolForce Login - Detects brute force login attempts
- Audit
Full boolCommand Arguments - If true, full command arguments will be audited.
- Audit
Host boolFailed Login Events - If true, host failed logins will be audited.
- Audit
Host boolSuccessful Login Events - If true, host successful logins will be audited.
- Audit
User boolAccount Management - If true, account management will be audited.
- Auditing
Host
Runtime Policy Auditing Args - string
- Username of the account that created the service.
- Blacklisted
Os HostUsers Runtime Policy Blacklisted Os Users Args - Block
Container boolExec - Block
Cryptocurrency boolMining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- Block
Disallowed boolImages - Block
Fileless boolExec - Block
Non boolCompliant Workloads - Block
Non boolK8s Containers - Blocked
Files []string - List of files that are prevented from being read, modified and executed in the containers.
- Bypass
Scopes []HostRuntime Policy Bypass Scope Args - Bypass scope configuration.
- Container
Exec HostRuntime Policy Container Exec Args - Created string
- Cve string
- Default
Security stringProfile - Description string
- The description of the host runtime policy
- Digest string
- Drift
Preventions []HostRuntime Policy Drift Prevention Args - Drift prevention configuration.
- Enable
Crypto boolMining Dns - Enable
Fork boolGuard - Enable
Ip boolReputation - Enable
Port boolScan Protection - Enabled bool
- Indicates if the runtime policy is enabled or not.
- Enforce bool
- Indicates that policy should effect container execution (not just for audit).
- Enforce
After intDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- Enforce
Scheduler intAdded On - Exclude
Application []stringScopes - List of excluded application scopes.
- Executable
Blacklists []HostRuntime Policy Executable Blacklist Args - Executable blacklist configuration.
- Failed
Kubernetes HostChecks Runtime Policy Failed Kubernetes Checks Args - File
Block HostRuntime Policy File Block Args - File
Integrity HostMonitoring Runtime Policy File Integrity Monitoring Args - Configuration for file integrity monitoring.
- Fork
Guard intProcess Limit - Image
Name string - Is
Audit boolChecked - Is
Auto boolGenerated - Is
Ootb boolPolicy - Lastupdate int
- Limit
Container []HostPrivileges Runtime Policy Limit Container Privilege Args - Container privileges configuration.
- Linux
Capabilities HostRuntime Policy Linux Capabilities Args - Malware
Scan HostOptions Runtime Policy Malware Scan Options Args - Configuration for Real-Time Malware Protection.
- Monitor
System boolLog Integrity - If true, system log will be monitored.
- Monitor
System boolTime Changes - If true, system time changes will be monitored.
- Monitor
Windows boolServices - If true, windows service operations will be monitored.
- Name string
- Name of the host runtime policy
- No
New boolPrivileges - Only
Registered boolImages - Os
Groups []stringAlloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- Os
Groups []stringBlockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- Os
Users []stringAlloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- Os
Users []stringBlockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- Package
Blocks []HostRuntime Policy Package Block Args - Permission string
- Port
Block HostRuntime Policy Port Block Args - Readonly
Files HostRuntime Policy Readonly Files Args - Readonly
Registry HostRuntime Policy Readonly Registry Args - Registry string
- Registry
Access HostMonitoring Runtime Policy Registry Access Monitoring Args - Repo
Name string - Resource
Name string - Resource
Type string - Restricted
Volumes []HostRuntime Policy Restricted Volume Args - Restricted volumes configuration.
- Reverse
Shell HostRuntime Policy Reverse Shell Args - Runtime
Mode int - Runtime
Type string - Scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- Scope
Variables []HostRuntime Policy Scope Variable Args - List of scope attributes.
- Scopes
[]Host
Runtime Policy Scope Args - Scope configuration.
- System
Integrity HostProtection Runtime Policy System Integrity Protection Args - Tripwire
Host
Runtime Policy Tripwire Args - Type string
- Updated string
- Version string
- Vpatch
Version string - Whitelisted
Os HostUsers Runtime Policy Whitelisted Os Users Args
- allowed
Executables List<HostRuntime Policy Allowed Executable> - Allowed executables configuration.
- allowed
Registries List<HostRuntime Policy Allowed Registry> - Allowed registries configuration.
- application
Scopes List<String> - Indicates the application scope of the service.
- audit
Brute BooleanForce Login - Detects brute force login attempts
- audit
Full BooleanCommand Arguments - If true, full command arguments will be audited.
- audit
Host BooleanFailed Login Events - If true, host failed logins will be audited.
- audit
Host BooleanSuccessful Login Events - If true, host successful logins will be audited.
- audit
User BooleanAccount Management - If true, account management will be audited.
- auditing
Host
Runtime Policy Auditing - String
- Username of the account that created the service.
- blacklisted
Os HostUsers Runtime Policy Blacklisted Os Users - block
Container BooleanExec - block
Cryptocurrency BooleanMining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- block
Disallowed BooleanImages - block
Fileless BooleanExec - block
Non BooleanCompliant Workloads - block
Non BooleanK8s Containers - blocked
Files List<String> - List of files that are prevented from being read, modified and executed in the containers.
- bypass
Scopes List<HostRuntime Policy Bypass Scope> - Bypass scope configuration.
- container
Exec HostRuntime Policy Container Exec - created String
- cve String
- default
Security StringProfile - description String
- The description of the host runtime policy
- digest String
- drift
Preventions List<HostRuntime Policy Drift Prevention> - Drift prevention configuration.
- enable
Crypto BooleanMining Dns - enable
Fork BooleanGuard - enable
Ip BooleanReputation - enable
Port BooleanScan Protection - enabled Boolean
- Indicates if the runtime policy is enabled or not.
- enforce Boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After IntegerDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler IntegerAdded On - exclude
Application List<String>Scopes - List of excluded application scopes.
- executable
Blacklists List<HostRuntime Policy Executable Blacklist> - Executable blacklist configuration.
- failed
Kubernetes HostChecks Runtime Policy Failed Kubernetes Checks - file
Block HostRuntime Policy File Block - file
Integrity HostMonitoring Runtime Policy File Integrity Monitoring - Configuration for file integrity monitoring.
- fork
Guard IntegerProcess Limit - image
Name String - is
Audit BooleanChecked - is
Auto BooleanGenerated - is
Ootb BooleanPolicy - lastupdate Integer
- limit
Container List<HostPrivileges Runtime Policy Limit Container Privilege> - Container privileges configuration.
- linux
Capabilities HostRuntime Policy Linux Capabilities - malware
Scan HostOptions Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- monitor
System BooleanLog Integrity - If true, system log will be monitored.
- monitor
System BooleanTime Changes - If true, system time changes will be monitored.
- monitor
Windows BooleanServices - If true, windows service operations will be monitored.
- name String
- Name of the host runtime policy
- no
New BooleanPrivileges - only
Registered BooleanImages - os
Groups List<String>Alloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Groups List<String>Blockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Users List<String>Alloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- os
Users List<String>Blockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- package
Blocks List<HostRuntime Policy Package Block> - permission String
- port
Block HostRuntime Policy Port Block - readonly
Files HostRuntime Policy Readonly Files - readonly
Registry HostRuntime Policy Readonly Registry - registry String
- registry
Access HostMonitoring Runtime Policy Registry Access Monitoring - repo
Name String - resource
Name String - resource
Type String - restricted
Volumes List<HostRuntime Policy Restricted Volume> - Restricted volumes configuration.
- reverse
Shell HostRuntime Policy Reverse Shell - runtime
Mode Integer - runtime
Type String - scope
Expression String - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<HostRuntime Policy Scope Variable> - List of scope attributes.
- scopes
List<Host
Runtime Policy Scope> - Scope configuration.
- system
Integrity HostProtection Runtime Policy System Integrity Protection - tripwire
Host
Runtime Policy Tripwire - type String
- updated String
- version String
- vpatch
Version String - whitelisted
Os HostUsers Runtime Policy Whitelisted Os Users
- allowed
Executables HostRuntime Policy Allowed Executable[] - Allowed executables configuration.
- allowed
Registries HostRuntime Policy Allowed Registry[] - Allowed registries configuration.
- application
Scopes string[] - Indicates the application scope of the service.
- audit
Brute booleanForce Login - Detects brute force login attempts
- audit
Full booleanCommand Arguments - If true, full command arguments will be audited.
- audit
Host booleanFailed Login Events - If true, host failed logins will be audited.
- audit
Host booleanSuccessful Login Events - If true, host successful logins will be audited.
- audit
User booleanAccount Management - If true, account management will be audited.
- auditing
Host
Runtime Policy Auditing - string
- Username of the account that created the service.
- blacklisted
Os HostUsers Runtime Policy Blacklisted Os Users - block
Container booleanExec - block
Cryptocurrency booleanMining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- block
Disallowed booleanImages - block
Fileless booleanExec - block
Non booleanCompliant Workloads - block
Non booleanK8s Containers - blocked
Files string[] - List of files that are prevented from being read, modified and executed in the containers.
- bypass
Scopes HostRuntime Policy Bypass Scope[] - Bypass scope configuration.
- container
Exec HostRuntime Policy Container Exec - created string
- cve string
- default
Security stringProfile - description string
- The description of the host runtime policy
- digest string
- drift
Preventions HostRuntime Policy Drift Prevention[] - Drift prevention configuration.
- enable
Crypto booleanMining Dns - enable
Fork booleanGuard - enable
Ip booleanReputation - enable
Port booleanScan Protection - enabled boolean
- Indicates if the runtime policy is enabled or not.
- enforce boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After numberDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler numberAdded On - exclude
Application string[]Scopes - List of excluded application scopes.
- executable
Blacklists HostRuntime Policy Executable Blacklist[] - Executable blacklist configuration.
- failed
Kubernetes HostChecks Runtime Policy Failed Kubernetes Checks - file
Block HostRuntime Policy File Block - file
Integrity HostMonitoring Runtime Policy File Integrity Monitoring - Configuration for file integrity monitoring.
- fork
Guard numberProcess Limit - image
Name string - is
Audit booleanChecked - is
Auto booleanGenerated - is
Ootb booleanPolicy - lastupdate number
- limit
Container HostPrivileges Runtime Policy Limit Container Privilege[] - Container privileges configuration.
- linux
Capabilities HostRuntime Policy Linux Capabilities - malware
Scan HostOptions Runtime Policy Malware Scan Options - Configuration for Real-Time Malware Protection.
- monitor
System booleanLog Integrity - If true, system log will be monitored.
- monitor
System booleanTime Changes - If true, system time changes will be monitored.
- monitor
Windows booleanServices - If true, windows service operations will be monitored.
- name string
- Name of the host runtime policy
- no
New booleanPrivileges - only
Registered booleanImages - os
Groups string[]Alloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Groups string[]Blockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Users string[]Alloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- os
Users string[]Blockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- package
Blocks HostRuntime Policy Package Block[] - permission string
- port
Block HostRuntime Policy Port Block - readonly
Files HostRuntime Policy Readonly Files - readonly
Registry HostRuntime Policy Readonly Registry - registry string
- registry
Access HostMonitoring Runtime Policy Registry Access Monitoring - repo
Name string - resource
Name string - resource
Type string - restricted
Volumes HostRuntime Policy Restricted Volume[] - Restricted volumes configuration.
- reverse
Shell HostRuntime Policy Reverse Shell - runtime
Mode number - runtime
Type string - scope
Expression string - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables HostRuntime Policy Scope Variable[] - List of scope attributes.
- scopes
Host
Runtime Policy Scope[] - Scope configuration.
- system
Integrity HostProtection Runtime Policy System Integrity Protection - tripwire
Host
Runtime Policy Tripwire - type string
- updated string
- version string
- vpatch
Version string - whitelisted
Os HostUsers Runtime Policy Whitelisted Os Users
- allowed_
executables Sequence[HostRuntime Policy Allowed Executable Args] - Allowed executables configuration.
- allowed_
registries Sequence[HostRuntime Policy Allowed Registry Args] - Allowed registries configuration.
- application_
scopes Sequence[str] - Indicates the application scope of the service.
- audit_
brute_ boolforce_ login - Detects brute force login attempts
- audit_
full_ boolcommand_ arguments - If true, full command arguments will be audited.
- audit_
host_ boolfailed_ login_ events - If true, host failed logins will be audited.
- audit_
host_ boolsuccessful_ login_ events - If true, host successful logins will be audited.
- audit_
user_ boolaccount_ management - If true, account management will be audited.
- auditing
Host
Runtime Policy Auditing Args - str
- Username of the account that created the service.
- blacklisted_
os_ Hostusers Runtime Policy Blacklisted Os Users Args - block_
container_ boolexec - block_
cryptocurrency_ boolmining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- block_
disallowed_ boolimages - block_
fileless_ boolexec - block_
non_ boolcompliant_ workloads - block_
non_ boolk8s_ containers - blocked_
files Sequence[str] - List of files that are prevented from being read, modified and executed in the containers.
- bypass_
scopes Sequence[HostRuntime Policy Bypass Scope Args] - Bypass scope configuration.
- container_
exec HostRuntime Policy Container Exec Args - created str
- cve str
- default_
security_ strprofile - description str
- The description of the host runtime policy
- digest str
- drift_
preventions Sequence[HostRuntime Policy Drift Prevention Args] - Drift prevention configuration.
- enable_
crypto_ boolmining_ dns - enable_
fork_ boolguard - enable_
ip_ boolreputation - enable_
port_ boolscan_ protection - enabled bool
- Indicates if the runtime policy is enabled or not.
- enforce bool
- Indicates that policy should effect container execution (not just for audit).
- enforce_
after_ intdays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce_
scheduler_ intadded_ on - exclude_
application_ Sequence[str]scopes - List of excluded application scopes.
- executable_
blacklists Sequence[HostRuntime Policy Executable Blacklist Args] - Executable blacklist configuration.
- failed_
kubernetes_ Hostchecks Runtime Policy Failed Kubernetes Checks Args - file_
block HostRuntime Policy File Block Args - file_
integrity_ Hostmonitoring Runtime Policy File Integrity Monitoring Args - Configuration for file integrity monitoring.
- fork_
guard_ intprocess_ limit - image_
name str - is_
audit_ boolchecked - is_
auto_ boolgenerated - is_
ootb_ boolpolicy - lastupdate int
- limit_
container_ Sequence[Hostprivileges Runtime Policy Limit Container Privilege Args] - Container privileges configuration.
- linux_
capabilities HostRuntime Policy Linux Capabilities Args - malware_
scan_ Hostoptions Runtime Policy Malware Scan Options Args - Configuration for Real-Time Malware Protection.
- monitor_
system_ boollog_ integrity - If true, system log will be monitored.
- monitor_
system_ booltime_ changes - If true, system time changes will be monitored.
- monitor_
windows_ boolservices - If true, windows service operations will be monitored.
- name str
- Name of the host runtime policy
- no_
new_ boolprivileges - only_
registered_ boolimages - os_
groups_ Sequence[str]alloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os_
groups_ Sequence[str]blockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os_
users_ Sequence[str]alloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- os_
users_ Sequence[str]blockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- package_
blocks Sequence[HostRuntime Policy Package Block Args] - permission str
- port_
block HostRuntime Policy Port Block Args - readonly_
files HostRuntime Policy Readonly Files Args - readonly_
registry HostRuntime Policy Readonly Registry Args - registry str
- registry_
access_ Hostmonitoring Runtime Policy Registry Access Monitoring Args - repo_
name str - resource_
name str - resource_
type str - restricted_
volumes Sequence[HostRuntime Policy Restricted Volume Args] - Restricted volumes configuration.
- reverse_
shell HostRuntime Policy Reverse Shell Args - runtime_
mode int - runtime_
type str - scope_
expression str - Logical expression of how to compute the dependency of the scope variables.
- scope_
variables Sequence[HostRuntime Policy Scope Variable Args] - List of scope attributes.
- scopes
Sequence[Host
Runtime Policy Scope Args] - Scope configuration.
- system_
integrity_ Hostprotection Runtime Policy System Integrity Protection Args - tripwire
Host
Runtime Policy Tripwire Args - type str
- updated str
- version str
- vpatch_
version str - whitelisted_
os_ Hostusers Runtime Policy Whitelisted Os Users Args
- allowed
Executables List<Property Map> - Allowed executables configuration.
- allowed
Registries List<Property Map> - Allowed registries configuration.
- application
Scopes List<String> - Indicates the application scope of the service.
- audit
Brute BooleanForce Login - Detects brute force login attempts
- audit
Full BooleanCommand Arguments - If true, full command arguments will be audited.
- audit
Host BooleanFailed Login Events - If true, host failed logins will be audited.
- audit
Host BooleanSuccessful Login Events - If true, host successful logins will be audited.
- audit
User BooleanAccount Management - If true, account management will be audited.
- auditing Property Map
- String
- Username of the account that created the service.
- blacklisted
Os Property MapUsers - block
Container BooleanExec - block
Cryptocurrency BooleanMining - Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
- block
Disallowed BooleanImages - block
Fileless BooleanExec - block
Non BooleanCompliant Workloads - block
Non BooleanK8s Containers - blocked
Files List<String> - List of files that are prevented from being read, modified and executed in the containers.
- bypass
Scopes List<Property Map> - Bypass scope configuration.
- container
Exec Property Map - created String
- cve String
- default
Security StringProfile - description String
- The description of the host runtime policy
- digest String
- drift
Preventions List<Property Map> - Drift prevention configuration.
- enable
Crypto BooleanMining Dns - enable
Fork BooleanGuard - enable
Ip BooleanReputation - enable
Port BooleanScan Protection - enabled Boolean
- Indicates if the runtime policy is enabled or not.
- enforce Boolean
- Indicates that policy should effect container execution (not just for audit).
- enforce
After NumberDays - Indicates the number of days after which the runtime policy will be changed to enforce mode.
- enforce
Scheduler NumberAdded On - exclude
Application List<String>Scopes - List of excluded application scopes.
- executable
Blacklists List<Property Map> - Executable blacklist configuration.
- failed
Kubernetes Property MapChecks - file
Block Property Map - file
Integrity Property MapMonitoring - Configuration for file integrity monitoring.
- fork
Guard NumberProcess Limit - image
Name String - is
Audit BooleanChecked - is
Auto BooleanGenerated - is
Ootb BooleanPolicy - lastupdate Number
- limit
Container List<Property Map>Privileges - Container privileges configuration.
- linux
Capabilities Property Map - malware
Scan Property MapOptions - Configuration for Real-Time Malware Protection.
- monitor
System BooleanLog Integrity - If true, system log will be monitored.
- monitor
System BooleanTime Changes - If true, system time changes will be monitored.
- monitor
Windows BooleanServices - If true, windows service operations will be monitored.
- name String
- Name of the host runtime policy
- no
New BooleanPrivileges - only
Registered BooleanImages - os
Groups List<String>Alloweds - List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Groups List<String>Blockeds - List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
- os
Users List<String>Alloweds - List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
- os
Users List<String>Blockeds - List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
- package
Blocks List<Property Map> - permission String
- port
Block Property Map - readonly
Files Property Map - readonly
Registry Property Map - registry String
- registry
Access Property MapMonitoring - repo
Name String - resource
Name String - resource
Type String - restricted
Volumes List<Property Map> - Restricted volumes configuration.
- reverse
Shell Property Map - runtime
Mode Number - runtime
Type String - scope
Expression String - Logical expression of how to compute the dependency of the scope variables.
- scope
Variables List<Property Map> - List of scope attributes.
- scopes List<Property Map>
- Scope configuration.
- system
Integrity Property MapProtection - tripwire Property Map
- type String
- updated String
- version String
- vpatch
Version String - whitelisted
Os Property MapUsers
Supporting Types
HostRuntimePolicyAllowedExecutable, HostRuntimePolicyAllowedExecutableArgs
- Allow
Executables List<string> - List of allowed executables.
- Allow
Root List<string>Executables - List of allowed root executables.
- Enabled bool
- Whether allowed executables configuration is enabled.
- Separate
Executables bool - Whether to treat executables separately.
- Allow
Executables []string - List of allowed executables.
- Allow
Root []stringExecutables - List of allowed root executables.
- Enabled bool
- Whether allowed executables configuration is enabled.
- Separate
Executables bool - Whether to treat executables separately.
- allow
Executables List<String> - List of allowed executables.
- allow
Root List<String>Executables - List of allowed root executables.
- enabled Boolean
- Whether allowed executables configuration is enabled.
- separate
Executables Boolean - Whether to treat executables separately.
- allow
Executables string[] - List of allowed executables.
- allow
Root string[]Executables - List of allowed root executables.
- enabled boolean
- Whether allowed executables configuration is enabled.
- separate
Executables boolean - Whether to treat executables separately.
- allow_
executables Sequence[str] - List of allowed executables.
- allow_
root_ Sequence[str]executables - List of allowed root executables.
- enabled bool
- Whether allowed executables configuration is enabled.
- separate_
executables bool - Whether to treat executables separately.
- allow
Executables List<String> - List of allowed executables.
- allow
Root List<String>Executables - List of allowed root executables.
- enabled Boolean
- Whether allowed executables configuration is enabled.
- separate
Executables Boolean - Whether to treat executables separately.
HostRuntimePolicyAllowedRegistry, HostRuntimePolicyAllowedRegistryArgs
- Allowed
Registries List<string> - List of allowed registries.
- Enabled bool
- Whether allowed registries are enabled.
- Allowed
Registries []string - List of allowed registries.
- Enabled bool
- Whether allowed registries are enabled.
- allowed
Registries List<String> - List of allowed registries.
- enabled Boolean
- Whether allowed registries are enabled.
- allowed
Registries string[] - List of allowed registries.
- enabled boolean
- Whether allowed registries are enabled.
- allowed_
registries Sequence[str] - List of allowed registries.
- enabled bool
- Whether allowed registries are enabled.
- allowed
Registries List<String> - List of allowed registries.
- enabled Boolean
- Whether allowed registries are enabled.
HostRuntimePolicyAuditing, HostRuntimePolicyAuditingArgs
- Audit
All boolNetwork - Audit
All boolProcesses - Audit
Failed boolLogin - Audit
Os boolUser Activity - Audit
Process boolCmdline - Audit
Success boolLogin - Audit
User boolAccount Management - Enabled bool
- Audit
All boolNetwork - Audit
All boolProcesses - Audit
Failed boolLogin - Audit
Os boolUser Activity - Audit
Process boolCmdline - Audit
Success boolLogin - Audit
User boolAccount Management - Enabled bool
- audit
All BooleanNetwork - audit
All BooleanProcesses - audit
Failed BooleanLogin - audit
Os BooleanUser Activity - audit
Process BooleanCmdline - audit
Success BooleanLogin - audit
User BooleanAccount Management - enabled Boolean
- audit
All booleanNetwork - audit
All booleanProcesses - audit
Failed booleanLogin - audit
Os booleanUser Activity - audit
Process booleanCmdline - audit
Success booleanLogin - audit
User booleanAccount Management - enabled boolean
- audit_
all_ boolnetwork - audit_
all_ boolprocesses - audit_
failed_ boollogin - audit_
os_ booluser_ activity - audit_
process_ boolcmdline - audit_
success_ boollogin - audit_
user_ boolaccount_ management - enabled bool
- audit
All BooleanNetwork - audit
All BooleanProcesses - audit
Failed BooleanLogin - audit
Os BooleanUser Activity - audit
Process BooleanCmdline - audit
Success BooleanLogin - audit
User BooleanAccount Management - enabled Boolean
HostRuntimePolicyBlacklistedOsUsers, HostRuntimePolicyBlacklistedOsUsersArgs
- Enabled bool
- Group
Black List<string>Lists - User
Black List<string>Lists
- Enabled bool
- Group
Black []stringLists - User
Black []stringLists
- enabled Boolean
- group
Black List<String>Lists - user
Black List<String>Lists
- enabled boolean
- group
Black string[]Lists - user
Black string[]Lists
- enabled bool
- group_
black_ Sequence[str]lists - user_
black_ Sequence[str]lists
- enabled Boolean
- group
Black List<String>Lists - user
Black List<String>Lists
HostRuntimePolicyBypassScope, HostRuntimePolicyBypassScopeArgs
- Enabled bool
- Whether bypassing the scope is enabled.
- Scopes
List<Pulumiverse.
Aquasec. Inputs. Host Runtime Policy Bypass Scope Scope> - Scope configuration.
- Enabled bool
- Whether bypassing the scope is enabled.
- Scopes
[]Host
Runtime Policy Bypass Scope Scope - Scope configuration.
- enabled Boolean
- Whether bypassing the scope is enabled.
- scopes
List<Host
Runtime Policy Bypass Scope Scope> - Scope configuration.
- enabled boolean
- Whether bypassing the scope is enabled.
- scopes
Host
Runtime Policy Bypass Scope Scope[] - Scope configuration.
- enabled bool
- Whether bypassing the scope is enabled.
- scopes
Sequence[Host
Runtime Policy Bypass Scope Scope] - Scope configuration.
- enabled Boolean
- Whether bypassing the scope is enabled.
- scopes List<Property Map>
- Scope configuration.
HostRuntimePolicyBypassScopeScope, HostRuntimePolicyBypassScopeScopeArgs
- Expression string
- Scope expression.
- Variables
List<Pulumiverse.
Aquasec. Inputs. Host Runtime Policy Bypass Scope Scope Variable> - List of variables in the scope.
- Expression string
- Scope expression.
- Variables
[]Host
Runtime Policy Bypass Scope Scope Variable - List of variables in the scope.
- expression String
- Scope expression.
- variables
List<Host
Runtime Policy Bypass Scope Scope Variable> - List of variables in the scope.
- expression string
- Scope expression.
- variables
Host
Runtime Policy Bypass Scope Scope Variable[] - List of variables in the scope.
- expression str
- Scope expression.
- variables
Sequence[Host
Runtime Policy Bypass Scope Scope Variable] - List of variables in the scope.
- expression String
- Scope expression.
- variables List<Property Map>
- List of variables in the scope.
HostRuntimePolicyBypassScopeScopeVariable, HostRuntimePolicyBypassScopeScopeVariableArgs
HostRuntimePolicyContainerExec, HostRuntimePolicyContainerExecArgs
- Block
Container boolExec - Container
Exec List<string>Proc White Lists - Enabled bool
- Reverse
Shell List<string>Ip White Lists
- Block
Container boolExec - Container
Exec []stringProc White Lists - Enabled bool
- Reverse
Shell []stringIp White Lists
- block
Container BooleanExec - container
Exec List<String>Proc White Lists - enabled Boolean
- reverse
Shell List<String>Ip White Lists
- block
Container booleanExec - container
Exec string[]Proc White Lists - enabled boolean
- reverse
Shell string[]Ip White Lists
- block_
container_ boolexec - container_
exec_ Sequence[str]proc_ white_ lists - enabled bool
- reverse_
shell_ Sequence[str]ip_ white_ lists
- block
Container BooleanExec - container
Exec List<String>Proc White Lists - enabled Boolean
- reverse
Shell List<String>Ip White Lists
HostRuntimePolicyDriftPrevention, HostRuntimePolicyDriftPreventionArgs
- Enabled bool
- Whether drift prevention is enabled.
- Exec
Lockdown bool - Whether to lockdown execution drift.
- Exec
Lockdown List<string>White Lists - List of items in the execution lockdown white list.
- Image
Lockdown bool - Whether to lockdown image drift.
- Enabled bool
- Whether drift prevention is enabled.
- Exec
Lockdown bool - Whether to lockdown execution drift.
- Exec
Lockdown []stringWhite Lists - List of items in the execution lockdown white list.
- Image
Lockdown bool - Whether to lockdown image drift.
- enabled Boolean
- Whether drift prevention is enabled.
- exec
Lockdown Boolean - Whether to lockdown execution drift.
- exec
Lockdown List<String>White Lists - List of items in the execution lockdown white list.
- image
Lockdown Boolean - Whether to lockdown image drift.
- enabled boolean
- Whether drift prevention is enabled.
- exec
Lockdown boolean - Whether to lockdown execution drift.
- exec
Lockdown string[]White Lists - List of items in the execution lockdown white list.
- image
Lockdown boolean - Whether to lockdown image drift.
- enabled bool
- Whether drift prevention is enabled.
- exec_
lockdown bool - Whether to lockdown execution drift.
- exec_
lockdown_ Sequence[str]white_ lists - List of items in the execution lockdown white list.
- image_
lockdown bool - Whether to lockdown image drift.
- enabled Boolean
- Whether drift prevention is enabled.
- exec
Lockdown Boolean - Whether to lockdown execution drift.
- exec
Lockdown List<String>White Lists - List of items in the execution lockdown white list.
- image
Lockdown Boolean - Whether to lockdown image drift.
HostRuntimePolicyExecutableBlacklist, HostRuntimePolicyExecutableBlacklistArgs
- Enabled bool
- Whether the executable blacklist is enabled.
- Executables List<string>
- List of blacklisted executables.
- Enabled bool
- Whether the executable blacklist is enabled.
- Executables []string
- List of blacklisted executables.
- enabled Boolean
- Whether the executable blacklist is enabled.
- executables List<String>
- List of blacklisted executables.
- enabled boolean
- Whether the executable blacklist is enabled.
- executables string[]
- List of blacklisted executables.
- enabled bool
- Whether the executable blacklist is enabled.
- executables Sequence[str]
- List of blacklisted executables.
- enabled Boolean
- Whether the executable blacklist is enabled.
- executables List<String>
- List of blacklisted executables.
HostRuntimePolicyFailedKubernetesChecks, HostRuntimePolicyFailedKubernetesChecksArgs
- Enabled bool
- Failed
Checks List<string>
- Enabled bool
- Failed
Checks []string
- enabled Boolean
- failed
Checks List<String>
- enabled boolean
- failed
Checks string[]
- enabled bool
- failed_
checks Sequence[str]
- enabled Boolean
- failed
Checks List<String>
HostRuntimePolicyFileBlock, HostRuntimePolicyFileBlockArgs
- Block
Files List<string>Processes - Block
Files List<string>Users - Enabled bool
- Exceptional
Block List<string>Files - Exceptional
Block List<string>Files Processes - Exceptional
Block List<string>Files Users - Filename
Block List<string>Lists
- Block
Files []stringProcesses - Block
Files []stringUsers - Enabled bool
- Exceptional
Block []stringFiles - Exceptional
Block []stringFiles Processes - Exceptional
Block []stringFiles Users - Filename
Block []stringLists
- block
Files List<String>Processes - block
Files List<String>Users - enabled Boolean
- exceptional
Block List<String>Files - exceptional
Block List<String>Files Processes - exceptional
Block List<String>Files Users - filename
Block List<String>Lists
- block
Files string[]Processes - block
Files string[]Users - enabled boolean
- exceptional
Block string[]Files - exceptional
Block string[]Files Processes - exceptional
Block string[]Files Users - filename
Block string[]Lists
- block_
files_ Sequence[str]processes - block_
files_ Sequence[str]users - enabled bool
- exceptional_
block_ Sequence[str]files - exceptional_
block_ Sequence[str]files_ processes - exceptional_
block_ Sequence[str]files_ users - filename_
block_ Sequence[str]lists
- block
Files List<String>Processes - block
Files List<String>Users - enabled Boolean
- exceptional
Block List<String>Files - exceptional
Block List<String>Files Processes - exceptional
Block List<String>Files Users - filename
Block List<String>Lists
HostRuntimePolicyFileIntegrityMonitoring, HostRuntimePolicyFileIntegrityMonitoringArgs
- Enabled bool
- If true, file integrity monitoring is enabled.
- Exceptional
Monitored List<string>Files - List of paths to be excluded from monitoring.
- Exceptional
Monitored List<string>Files Processes - List of processes to be excluded from monitoring.
- Exceptional
Monitored List<string>Files Users - List of users to be excluded from monitoring.
- Monitored
Files List<string> - List of paths to be monitored.
- Monitored
Files boolAttributes - Whether to monitor file attribute operations.
- Monitored
Files boolCreate - Whether to monitor file create operations.
- Monitored
Files boolDelete - Whether to monitor file delete operations.
- Monitored
Files boolModify - Whether to monitor file modify operations.
- Monitored
Files List<string>Processes - List of processes associated with monitored files.
- Monitored
Files boolRead - Whether to monitor file read operations.
- Monitored
Files List<string>Users - List of users associated with monitored files.
- Enabled bool
- If true, file integrity monitoring is enabled.
- Exceptional
Monitored []stringFiles - List of paths to be excluded from monitoring.
- Exceptional
Monitored []stringFiles Processes - List of processes to be excluded from monitoring.
- Exceptional
Monitored []stringFiles Users - List of users to be excluded from monitoring.
- Monitored
Files []string - List of paths to be monitored.
- Monitored
Files boolAttributes - Whether to monitor file attribute operations.
- Monitored
Files boolCreate - Whether to monitor file create operations.
- Monitored
Files boolDelete - Whether to monitor file delete operations.
- Monitored
Files boolModify - Whether to monitor file modify operations.
- Monitored
Files []stringProcesses - List of processes associated with monitored files.
- Monitored
Files boolRead - Whether to monitor file read operations.
- Monitored
Files []stringUsers - List of users associated with monitored files.
- enabled Boolean
- If true, file integrity monitoring is enabled.
- exceptional
Monitored List<String>Files - List of paths to be excluded from monitoring.
- exceptional
Monitored List<String>Files Processes - List of processes to be excluded from monitoring.
- exceptional
Monitored List<String>Files Users - List of users to be excluded from monitoring.
- monitored
Files List<String> - List of paths to be monitored.
- monitored
Files BooleanAttributes - Whether to monitor file attribute operations.
- monitored
Files BooleanCreate - Whether to monitor file create operations.
- monitored
Files BooleanDelete - Whether to monitor file delete operations.
- monitored
Files BooleanModify - Whether to monitor file modify operations.
- monitored
Files List<String>Processes - List of processes associated with monitored files.
- monitored
Files BooleanRead - Whether to monitor file read operations.
- monitored
Files List<String>Users - List of users associated with monitored files.
- enabled boolean
- If true, file integrity monitoring is enabled.
- exceptional
Monitored string[]Files - List of paths to be excluded from monitoring.
- exceptional
Monitored string[]Files Processes - List of processes to be excluded from monitoring.
- exceptional
Monitored string[]Files Users - List of users to be excluded from monitoring.
- monitored
Files string[] - List of paths to be monitored.
- monitored
Files booleanAttributes - Whether to monitor file attribute operations.
- monitored
Files booleanCreate - Whether to monitor file create operations.
- monitored
Files booleanDelete - Whether to monitor file delete operations.
- monitored
Files booleanModify - Whether to monitor file modify operations.
- monitored
Files string[]Processes - List of processes associated with monitored files.
- monitored
Files booleanRead - Whether to monitor file read operations.
- monitored
Files string[]Users - List of users associated with monitored files.
- enabled bool
- If true, file integrity monitoring is enabled.
- exceptional_
monitored_ Sequence[str]files - List of paths to be excluded from monitoring.
- exceptional_
monitored_ Sequence[str]files_ processes - List of processes to be excluded from monitoring.
- exceptional_
monitored_ Sequence[str]files_ users - List of users to be excluded from monitoring.
- monitored_
files Sequence[str] - List of paths to be monitored.
- monitored_
files_ boolattributes - Whether to monitor file attribute operations.
- monitored_
files_ boolcreate - Whether to monitor file create operations.
- monitored_
files_ booldelete - Whether to monitor file delete operations.
- monitored_
files_ boolmodify - Whether to monitor file modify operations.
- monitored_
files_ Sequence[str]processes - List of processes associated with monitored files.
- monitored_
files_ boolread - Whether to monitor file read operations.
- monitored_
files_ Sequence[str]users - List of users associated with monitored files.
- enabled Boolean
- If true, file integrity monitoring is enabled.
- exceptional
Monitored List<String>Files - List of paths to be excluded from monitoring.
- exceptional
Monitored List<String>Files Processes - List of processes to be excluded from monitoring.
- exceptional
Monitored List<String>Files Users - List of users to be excluded from monitoring.
- monitored
Files List<String> - List of paths to be monitored.
- monitored
Files BooleanAttributes - Whether to monitor file attribute operations.
- monitored
Files BooleanCreate - Whether to monitor file create operations.
- monitored
Files BooleanDelete - Whether to monitor file delete operations.
- monitored
Files BooleanModify - Whether to monitor file modify operations.
- monitored
Files List<String>Processes - List of processes associated with monitored files.
- monitored
Files BooleanRead - Whether to monitor file read operations.
- monitored
Files List<String>Users - List of users associated with monitored files.
HostRuntimePolicyLimitContainerPrivilege, HostRuntimePolicyLimitContainerPrivilegeArgs
- Block
Add boolCapabilities - Whether to block adding capabilities.
- Enabled bool
- Whether container privilege limitations are enabled.
- Ipcmode bool
- Whether to limit IPC-related capabilities.
- Netmode bool
- Whether to limit network-related capabilities.
- Pidmode bool
- Whether to limit process-related capabilities.
- Prevent
Low boolPort Binding - Whether to prevent low port binding.
- Prevent
Root boolUser - Whether to prevent the use of the root user.
- Privileged bool
- Whether the container is run in privileged mode.
- Use
Host boolUser - Whether to use the host user.
- Usermode bool
- Whether to limit user-related capabilities.
- Utsmode bool
- Whether to limit UTS-related capabilities.
- Block
Add boolCapabilities - Whether to block adding capabilities.
- Enabled bool
- Whether container privilege limitations are enabled.
- Ipcmode bool
- Whether to limit IPC-related capabilities.
- Netmode bool
- Whether to limit network-related capabilities.
- Pidmode bool
- Whether to limit process-related capabilities.
- Prevent
Low boolPort Binding - Whether to prevent low port binding.
- Prevent
Root boolUser - Whether to prevent the use of the root user.
- Privileged bool
- Whether the container is run in privileged mode.
- Use
Host boolUser - Whether to use the host user.
- Usermode bool
- Whether to limit user-related capabilities.
- Utsmode bool
- Whether to limit UTS-related capabilities.
- block
Add BooleanCapabilities - Whether to block adding capabilities.
- enabled Boolean
- Whether container privilege limitations are enabled.
- ipcmode Boolean
- Whether to limit IPC-related capabilities.
- netmode Boolean
- Whether to limit network-related capabilities.
- pidmode Boolean
- Whether to limit process-related capabilities.
- prevent
Low BooleanPort Binding - Whether to prevent low port binding.
- prevent
Root BooleanUser - Whether to prevent the use of the root user.
- privileged Boolean
- Whether the container is run in privileged mode.
- use
Host BooleanUser - Whether to use the host user.
- usermode Boolean
- Whether to limit user-related capabilities.
- utsmode Boolean
- Whether to limit UTS-related capabilities.
- block
Add booleanCapabilities - Whether to block adding capabilities.
- enabled boolean
- Whether container privilege limitations are enabled.
- ipcmode boolean
- Whether to limit IPC-related capabilities.
- netmode boolean
- Whether to limit network-related capabilities.
- pidmode boolean
- Whether to limit process-related capabilities.
- prevent
Low booleanPort Binding - Whether to prevent low port binding.
- prevent
Root booleanUser - Whether to prevent the use of the root user.
- privileged boolean
- Whether the container is run in privileged mode.
- use
Host booleanUser - Whether to use the host user.
- usermode boolean
- Whether to limit user-related capabilities.
- utsmode boolean
- Whether to limit UTS-related capabilities.
- block_
add_ boolcapabilities - Whether to block adding capabilities.
- enabled bool
- Whether container privilege limitations are enabled.
- ipcmode bool
- Whether to limit IPC-related capabilities.
- netmode bool
- Whether to limit network-related capabilities.
- pidmode bool
- Whether to limit process-related capabilities.
- prevent_
low_ boolport_ binding - Whether to prevent low port binding.
- prevent_
root_ booluser - Whether to prevent the use of the root user.
- privileged bool
- Whether the container is run in privileged mode.
- use_
host_ booluser - Whether to use the host user.
- usermode bool
- Whether to limit user-related capabilities.
- utsmode bool
- Whether to limit UTS-related capabilities.
- block
Add BooleanCapabilities - Whether to block adding capabilities.
- enabled Boolean
- Whether container privilege limitations are enabled.
- ipcmode Boolean
- Whether to limit IPC-related capabilities.
- netmode Boolean
- Whether to limit network-related capabilities.
- pidmode Boolean
- Whether to limit process-related capabilities.
- prevent
Low BooleanPort Binding - Whether to prevent low port binding.
- prevent
Root BooleanUser - Whether to prevent the use of the root user.
- privileged Boolean
- Whether the container is run in privileged mode.
- use
Host BooleanUser - Whether to use the host user.
- usermode Boolean
- Whether to limit user-related capabilities.
- utsmode Boolean
- Whether to limit UTS-related capabilities.
HostRuntimePolicyLinuxCapabilities, HostRuntimePolicyLinuxCapabilitiesArgs
- Enabled bool
- Remove
Linux List<string>Capabilities
- Enabled bool
- Remove
Linux []stringCapabilities
- enabled Boolean
- remove
Linux List<String>Capabilities
- enabled boolean
- remove
Linux string[]Capabilities
- enabled bool
- remove_
linux_ Sequence[str]capabilities
- enabled Boolean
- remove
Linux List<String>Capabilities
HostRuntimePolicyMalwareScanOptions, HostRuntimePolicyMalwareScanOptionsArgs
- Action string
- Set Action, Defaults to 'Alert' when empty
- Enabled bool
- Defines if enabled or not
- Exclude
Directories List<string> - List of registry paths to be excluded from being protected.
- Exclude
Processes List<string> - List of registry processes to be excluded from being protected.
- Include
Directories List<string> - List of registry paths to be excluded from being protected.
- Action string
- Set Action, Defaults to 'Alert' when empty
- Enabled bool
- Defines if enabled or not
- Exclude
Directories []string - List of registry paths to be excluded from being protected.
- Exclude
Processes []string - List of registry processes to be excluded from being protected.
- Include
Directories []string - List of registry paths to be excluded from being protected.
- action String
- Set Action, Defaults to 'Alert' when empty
- enabled Boolean
- Defines if enabled or not
- exclude
Directories List<String> - List of registry paths to be excluded from being protected.
- exclude
Processes List<String> - List of registry processes to be excluded from being protected.
- include
Directories List<String> - List of registry paths to be excluded from being protected.
- action string
- Set Action, Defaults to 'Alert' when empty
- enabled boolean
- Defines if enabled or not
- exclude
Directories string[] - List of registry paths to be excluded from being protected.
- exclude
Processes string[] - List of registry processes to be excluded from being protected.
- include
Directories string[] - List of registry paths to be excluded from being protected.
- action str
- Set Action, Defaults to 'Alert' when empty
- enabled bool
- Defines if enabled or not
- exclude_
directories Sequence[str] - List of registry paths to be excluded from being protected.
- exclude_
processes Sequence[str] - List of registry processes to be excluded from being protected.
- include_
directories Sequence[str] - List of registry paths to be excluded from being protected.
- action String
- Set Action, Defaults to 'Alert' when empty
- enabled Boolean
- Defines if enabled or not
- exclude
Directories List<String> - List of registry paths to be excluded from being protected.
- exclude
Processes List<String> - List of registry processes to be excluded from being protected.
- include
Directories List<String> - List of registry paths to be excluded from being protected.
HostRuntimePolicyPackageBlock, HostRuntimePolicyPackageBlockArgs
- Block
Packages List<string>Processes - Block
Packages List<string>Users - Enabled bool
- Exceptional
Block List<string>Packages Files - Exceptional
Block List<string>Packages Processes - Exceptional
Block List<string>Packages Users - Packages
Black List<string>Lists
- Block
Packages []stringProcesses - Block
Packages []stringUsers - Enabled bool
- Exceptional
Block []stringPackages Files - Exceptional
Block []stringPackages Processes - Exceptional
Block []stringPackages Users - Packages
Black []stringLists
- block
Packages List<String>Processes - block
Packages List<String>Users - enabled Boolean
- exceptional
Block List<String>Packages Files - exceptional
Block List<String>Packages Processes - exceptional
Block List<String>Packages Users - packages
Black List<String>Lists
- block
Packages string[]Processes - block
Packages string[]Users - enabled boolean
- exceptional
Block string[]Packages Files - exceptional
Block string[]Packages Processes - exceptional
Block string[]Packages Users - packages
Black string[]Lists
- block_
packages_ Sequence[str]processes - block_
packages_ Sequence[str]users - enabled bool
- exceptional_
block_ Sequence[str]packages_ files - exceptional_
block_ Sequence[str]packages_ processes - exceptional_
block_ Sequence[str]packages_ users - packages_
black_ Sequence[str]lists
- block
Packages List<String>Processes - block
Packages List<String>Users - enabled Boolean
- exceptional
Block List<String>Packages Files - exceptional
Block List<String>Packages Processes - exceptional
Block List<String>Packages Users - packages
Black List<String>Lists
HostRuntimePolicyPortBlock, HostRuntimePolicyPortBlockArgs
- Block
Inbound List<string>Ports - Block
Outbound List<string>Ports - Enabled bool
- Block
Inbound []stringPorts - Block
Outbound []stringPorts - Enabled bool
- block
Inbound List<String>Ports - block
Outbound List<String>Ports - enabled Boolean
- block
Inbound string[]Ports - block
Outbound string[]Ports - enabled boolean
- block_
inbound_ Sequence[str]ports - block_
outbound_ Sequence[str]ports - enabled bool
- block
Inbound List<String>Ports - block
Outbound List<String>Ports - enabled Boolean
HostRuntimePolicyReadonlyFiles, HostRuntimePolicyReadonlyFilesArgs
- Enabled bool
- Exceptional
Readonly List<string>Files - Exceptional
Readonly List<string>Files Processes - Exceptional
Readonly List<string>Files Users - Readonly
Files List<string> - Readonly
Files List<string>Processes - Readonly
Files List<string>Users
- Enabled bool
- Exceptional
Readonly []stringFiles - Exceptional
Readonly []stringFiles Processes - Exceptional
Readonly []stringFiles Users - Readonly
Files []string - Readonly
Files []stringProcesses - Readonly
Files []stringUsers
- enabled Boolean
- exceptional
Readonly List<String>Files - exceptional
Readonly List<String>Files Processes - exceptional
Readonly List<String>Files Users - readonly
Files List<String> - readonly
Files List<String>Processes - readonly
Files List<String>Users
- enabled boolean
- exceptional
Readonly string[]Files - exceptional
Readonly string[]Files Processes - exceptional
Readonly string[]Files Users - readonly
Files string[] - readonly
Files string[]Processes - readonly
Files string[]Users
- enabled bool
- exceptional_
readonly_ Sequence[str]files - exceptional_
readonly_ Sequence[str]files_ processes - exceptional_
readonly_ Sequence[str]files_ users - readonly_
files Sequence[str] - readonly_
files_ Sequence[str]processes - readonly_
files_ Sequence[str]users
- enabled Boolean
- exceptional
Readonly List<String>Files - exceptional
Readonly List<String>Files Processes - exceptional
Readonly List<String>Files Users - readonly
Files List<String> - readonly
Files List<String>Processes - readonly
Files List<String>Users
HostRuntimePolicyReadonlyRegistry, HostRuntimePolicyReadonlyRegistryArgs
- Enabled bool
- Exceptional
Readonly List<string>Registry Paths - Exceptional
Readonly List<string>Registry Processes - Exceptional
Readonly List<string>Registry Users - Readonly
Registry List<string>Paths - Readonly
Registry List<string>Processes - Readonly
Registry List<string>Users
- Enabled bool
- Exceptional
Readonly []stringRegistry Paths - Exceptional
Readonly []stringRegistry Processes - Exceptional
Readonly []stringRegistry Users - Readonly
Registry []stringPaths - Readonly
Registry []stringProcesses - Readonly
Registry []stringUsers
- enabled Boolean
- exceptional
Readonly List<String>Registry Paths - exceptional
Readonly List<String>Registry Processes - exceptional
Readonly List<String>Registry Users - readonly
Registry List<String>Paths - readonly
Registry List<String>Processes - readonly
Registry List<String>Users
- enabled boolean
- exceptional
Readonly string[]Registry Paths - exceptional
Readonly string[]Registry Processes - exceptional
Readonly string[]Registry Users - readonly
Registry string[]Paths - readonly
Registry string[]Processes - readonly
Registry string[]Users
- enabled bool
- exceptional_
readonly_ Sequence[str]registry_ paths - exceptional_
readonly_ Sequence[str]registry_ processes - exceptional_
readonly_ Sequence[str]registry_ users - readonly_
registry_ Sequence[str]paths - readonly_
registry_ Sequence[str]processes - readonly_
registry_ Sequence[str]users
- enabled Boolean
- exceptional
Readonly List<String>Registry Paths - exceptional
Readonly List<String>Registry Processes - exceptional
Readonly List<String>Registry Users - readonly
Registry List<String>Paths - readonly
Registry List<String>Processes - readonly
Registry List<String>Users
HostRuntimePolicyRegistryAccessMonitoring, HostRuntimePolicyRegistryAccessMonitoringArgs
- Enabled bool
- Exceptional
Monitored List<string>Registry Paths - Exceptional
Monitored List<string>Registry Processes - Exceptional
Monitored List<string>Registry Users - Monitored
Registry boolAttributes - Monitored
Registry boolCreate - Monitored
Registry boolDelete - Monitored
Registry boolModify - Monitored
Registry List<string>Paths - Monitored
Registry List<string>Processes - Monitored
Registry boolRead - Monitored
Registry List<string>Users
- Enabled bool
- Exceptional
Monitored []stringRegistry Paths - Exceptional
Monitored []stringRegistry Processes - Exceptional
Monitored []stringRegistry Users - Monitored
Registry boolAttributes - Monitored
Registry boolCreate - Monitored
Registry boolDelete - Monitored
Registry boolModify - Monitored
Registry []stringPaths - Monitored
Registry []stringProcesses - Monitored
Registry boolRead - Monitored
Registry []stringUsers
- enabled Boolean
- exceptional
Monitored List<String>Registry Paths - exceptional
Monitored List<String>Registry Processes - exceptional
Monitored List<String>Registry Users - monitored
Registry BooleanAttributes - monitored
Registry BooleanCreate - monitored
Registry BooleanDelete - monitored
Registry BooleanModify - monitored
Registry List<String>Paths - monitored
Registry List<String>Processes - monitored
Registry BooleanRead - monitored
Registry List<String>Users
- enabled boolean
- exceptional
Monitored string[]Registry Paths - exceptional
Monitored string[]Registry Processes - exceptional
Monitored string[]Registry Users - monitored
Registry booleanAttributes - monitored
Registry booleanCreate - monitored
Registry booleanDelete - monitored
Registry booleanModify - monitored
Registry string[]Paths - monitored
Registry string[]Processes - monitored
Registry booleanRead - monitored
Registry string[]Users
- enabled bool
- exceptional_
monitored_ Sequence[str]registry_ paths - exceptional_
monitored_ Sequence[str]registry_ processes - exceptional_
monitored_ Sequence[str]registry_ users - monitored_
registry_ boolattributes - monitored_
registry_ boolcreate - monitored_
registry_ booldelete - monitored_
registry_ boolmodify - monitored_
registry_ Sequence[str]paths - monitored_
registry_ Sequence[str]processes - monitored_
registry_ boolread - monitored_
registry_ Sequence[str]users
- enabled Boolean
- exceptional
Monitored List<String>Registry Paths - exceptional
Monitored List<String>Registry Processes - exceptional
Monitored List<String>Registry Users - monitored
Registry BooleanAttributes - monitored
Registry BooleanCreate - monitored
Registry BooleanDelete - monitored
Registry BooleanModify - monitored
Registry List<String>Paths - monitored
Registry List<String>Processes - monitored
Registry BooleanRead - monitored
Registry List<String>Users
HostRuntimePolicyRestrictedVolume, HostRuntimePolicyRestrictedVolumeArgs
HostRuntimePolicyReverseShell, HostRuntimePolicyReverseShellArgs
- Block
Reverse boolShell - Enabled bool
- Reverse
Shell List<string>Ip White Lists - Reverse
Shell List<string>Proc White Lists
- Block
Reverse boolShell - Enabled bool
- Reverse
Shell []stringIp White Lists - Reverse
Shell []stringProc White Lists
- block
Reverse BooleanShell - enabled Boolean
- reverse
Shell List<String>Ip White Lists - reverse
Shell List<String>Proc White Lists
- block
Reverse booleanShell - enabled boolean
- reverse
Shell string[]Ip White Lists - reverse
Shell string[]Proc White Lists
- block_
reverse_ boolshell - enabled bool
- reverse_
shell_ Sequence[str]ip_ white_ lists - reverse_
shell_ Sequence[str]proc_ white_ lists
- block
Reverse BooleanShell - enabled Boolean
- reverse
Shell List<String>Ip White Lists - reverse
Shell List<String>Proc White Lists
HostRuntimePolicyScope, HostRuntimePolicyScopeArgs
- Expression string
- Scope expression.
- Variables
List<Pulumiverse.
Aquasec. Inputs. Host Runtime Policy Scope Variable> - List of variables in the scope.
- Expression string
- Scope expression.
- Variables
[]Host
Runtime Policy Scope Variable - List of variables in the scope.
- expression String
- Scope expression.
- variables
List<Host
Runtime Policy Scope Variable> - List of variables in the scope.
- expression string
- Scope expression.
- variables
Host
Runtime Policy Scope Variable[] - List of variables in the scope.
- expression str
- Scope expression.
- variables
Sequence[Host
Runtime Policy Scope Variable] - List of variables in the scope.
- expression String
- Scope expression.
- variables List<Property Map>
- List of variables in the scope.
HostRuntimePolicyScopeVariable, HostRuntimePolicyScopeVariableArgs
HostRuntimePolicySystemIntegrityProtection, HostRuntimePolicySystemIntegrityProtectionArgs
- Audit
Systemtime boolChange - Enabled bool
- Monitor
Audit boolLog Integrity - Windows
Services boolMonitoring
- Audit
Systemtime boolChange - Enabled bool
- Monitor
Audit boolLog Integrity - Windows
Services boolMonitoring
- audit
Systemtime BooleanChange - enabled Boolean
- monitor
Audit BooleanLog Integrity - windows
Services BooleanMonitoring
- audit
Systemtime booleanChange - enabled boolean
- monitor
Audit booleanLog Integrity - windows
Services booleanMonitoring
- audit
Systemtime BooleanChange - enabled Boolean
- monitor
Audit BooleanLog Integrity - windows
Services BooleanMonitoring
HostRuntimePolicyTripwire, HostRuntimePolicyTripwireArgs
- Apply
Ons List<string> - Enabled bool
- Serverless
App string - User
Id string - User
Password string
- Apply
Ons []string - Enabled bool
- Serverless
App string - User
Id string - User
Password string
- apply
Ons List<String> - enabled Boolean
- serverless
App String - user
Id String - user
Password String
- apply
Ons string[] - enabled boolean
- serverless
App string - user
Id string - user
Password string
- apply_
ons Sequence[str] - enabled bool
- serverless_
app str - user_
id str - user_
password str
- apply
Ons List<String> - enabled Boolean
- serverless
App String - user
Id String - user
Password String
HostRuntimePolicyWhitelistedOsUsers, HostRuntimePolicyWhitelistedOsUsersArgs
- Enabled bool
- Group
White List<string>Lists - User
White List<string>Lists
- Enabled bool
- Group
White []stringLists - User
White []stringLists
- enabled Boolean
- group
White List<String>Lists - user
White List<String>Lists
- enabled boolean
- group
White string[]Lists - user
White string[]Lists
- enabled bool
- group_
white_ Sequence[str]lists - user_
white_ Sequence[str]lists
- enabled Boolean
- group
White List<String>Lists - user
White List<String>Lists
Package Details
- Repository
- aquasec pulumiverse/pulumi-aquasec
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aquasecTerraform Provider.