Aquasec v0.8.29, Jul 22 24

Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

aquasec.getHostRuntimePolicy

Explore with Pulumi AI

Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aquasec from "@pulumi/aquasec";

const hostRuntimePolicy = aquasec.getHostRuntimePolicy({
    name: "hostRuntimePolicyName",
});
export const hostRuntimePolicyDetails = hostRuntimePolicy;

import pulumi
import pulumi_aquasec as aquasec

host_runtime_policy = aquasec.get_host_runtime_policy(name="hostRuntimePolicyName")
pulumi.export("hostRuntimePolicyDetails", host_runtime_policy)

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-aquasec/sdk/go/aquasec"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		hostRuntimePolicy, err := aquasec.LookupHostRuntimePolicy(ctx, &aquasec.LookupHostRuntimePolicyArgs{
			Name: "hostRuntimePolicyName",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("hostRuntimePolicyDetails", hostRuntimePolicy)
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aquasec = Pulumi.Aquasec;

return await Deployment.RunAsync(() => 
{
    var hostRuntimePolicy = Aquasec.GetHostRuntimePolicy.Invoke(new()
    {
        Name = "hostRuntimePolicyName",
    });

    return new Dictionary<string, object?>
    {
        ["hostRuntimePolicyDetails"] = hostRuntimePolicy,
    };
});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aquasec.AquasecFunctions;
import com.pulumi.aquasec.inputs.GetHostRuntimePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var hostRuntimePolicy = AquasecFunctions.getHostRuntimePolicy(GetHostRuntimePolicyArgs.builder()
            .name("hostRuntimePolicyName")
            .build());

        ctx.export("hostRuntimePolicyDetails", hostRuntimePolicy.applyValue(getHostRuntimePolicyResult -> getHostRuntimePolicyResult));
    }
}

variables:
  hostRuntimePolicy:
    fn::invoke:
      Function: aquasec:getHostRuntimePolicy
      Arguments:
        name: hostRuntimePolicyName
outputs:
  hostRuntimePolicyDetails: ${hostRuntimePolicy}

Using getHostRuntimePolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getHostRuntimePolicy(args: GetHostRuntimePolicyArgs, opts?: InvokeOptions): Promise<GetHostRuntimePolicyResult>
function getHostRuntimePolicyOutput(args: GetHostRuntimePolicyOutputArgs, opts?: InvokeOptions): Output<GetHostRuntimePolicyResult>

def get_host_runtime_policy(auditing: Optional[GetHostRuntimePolicyAuditing] = None,
                            file_integrity_monitorings: Optional[Sequence[GetHostRuntimePolicyFileIntegrityMonitoring]] = None,
                            malware_scan_options: Optional[Sequence[GetHostRuntimePolicyMalwareScanOption]] = None,
                            name: Optional[str] = None,
                            package_blocks: Optional[Sequence[GetHostRuntimePolicyPackageBlock]] = None,
                            opts: Optional[InvokeOptions] = None) -> GetHostRuntimePolicyResult
def get_host_runtime_policy_output(auditing: Optional[pulumi.Input[GetHostRuntimePolicyAuditingArgs]] = None,
                            file_integrity_monitorings: Optional[pulumi.Input[Sequence[pulumi.Input[GetHostRuntimePolicyFileIntegrityMonitoringArgs]]]] = None,
                            malware_scan_options: Optional[pulumi.Input[Sequence[pulumi.Input[GetHostRuntimePolicyMalwareScanOptionArgs]]]] = None,
                            name: Optional[pulumi.Input[str]] = None,
                            package_blocks: Optional[pulumi.Input[Sequence[pulumi.Input[GetHostRuntimePolicyPackageBlockArgs]]]] = None,
                            opts: Optional[InvokeOptions] = None) -> Output[GetHostRuntimePolicyResult]

func LookupHostRuntimePolicy(ctx *Context, args *LookupHostRuntimePolicyArgs, opts ...InvokeOption) (*LookupHostRuntimePolicyResult, error)
func LookupHostRuntimePolicyOutput(ctx *Context, args *LookupHostRuntimePolicyOutputArgs, opts ...InvokeOption) LookupHostRuntimePolicyResultOutput

> Note: This function is named LookupHostRuntimePolicy in the Go SDK.

public static class GetHostRuntimePolicy 
{
    public static Task<GetHostRuntimePolicyResult> InvokeAsync(GetHostRuntimePolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetHostRuntimePolicyResult> Invoke(GetHostRuntimePolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetHostRuntimePolicyResult> getHostRuntimePolicy(GetHostRuntimePolicyArgs args, InvokeOptions options)
public static Output<GetHostRuntimePolicyResult> getHostRuntimePolicy(GetHostRuntimePolicyArgs args, InvokeOptions options)

fn::invoke:
  function: aquasec:index/getHostRuntimePolicy:getHostRuntimePolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string: Name of the host runtime policy
Auditing Pulumiverse.Aquasec.Inputs.GetHostRuntimePolicyAuditing
FileIntegrityMonitorings List<Pulumiverse.Aquasec.Inputs.GetHostRuntimePolicyFileIntegrityMonitoring>: Configuration for file integrity monitoring.
MalwareScanOptions List<Pulumiverse.Aquasec.Inputs.GetHostRuntimePolicyMalwareScanOption>: Configuration for Real-Time Malware Protection.
PackageBlocks List<Pulumiverse.Aquasec.Inputs.GetHostRuntimePolicyPackageBlock>

Name string: Name of the host runtime policy
Auditing GetHostRuntimePolicyAuditing
FileIntegrityMonitorings []GetHostRuntimePolicyFileIntegrityMonitoring: Configuration for file integrity monitoring.
MalwareScanOptions []GetHostRuntimePolicyMalwareScanOption: Configuration for Real-Time Malware Protection.
PackageBlocks []GetHostRuntimePolicyPackageBlock

name String: Name of the host runtime policy
auditing GetHostRuntimePolicyAuditing
fileIntegrityMonitorings List<GetHostRuntimePolicyFileIntegrityMonitoring>: Configuration for file integrity monitoring.
malwareScanOptions List<GetHostRuntimePolicyMalwareScanOption>: Configuration for Real-Time Malware Protection.
packageBlocks List<GetHostRuntimePolicyPackageBlock>

name string: Name of the host runtime policy
auditing GetHostRuntimePolicyAuditing
fileIntegrityMonitorings GetHostRuntimePolicyFileIntegrityMonitoring[]: Configuration for file integrity monitoring.
malwareScanOptions GetHostRuntimePolicyMalwareScanOption[]: Configuration for Real-Time Malware Protection.
packageBlocks GetHostRuntimePolicyPackageBlock[]

name str: Name of the host runtime policy
auditing GetHostRuntimePolicyAuditing
file_integrity_monitorings Sequence[GetHostRuntimePolicyFileIntegrityMonitoring]: Configuration for file integrity monitoring.
malware_scan_options Sequence[GetHostRuntimePolicyMalwareScanOption]: Configuration for Real-Time Malware Protection.
package_blocks Sequence[GetHostRuntimePolicyPackageBlock]

name String: Name of the host runtime policy
auditing Property Map
fileIntegrityMonitorings List<Property Map>: Configuration for file integrity monitoring.
malwareScanOptions List<Property Map>: Configuration for Real-Time Malware Protection.
packageBlocks List<Property Map>

getHostRuntimePolicy Result

The following output properties are available:

ApplicationScopes List<string>: Indicates the application scope of the service.
AuditAllOsUserActivity bool: If true, all process activity will be audited.
AuditBruteForceLogin bool: Detects brute force login attempts
AuditFullCommandArguments bool: If true, full command arguments will be audited.
AuditHostFailedLoginEvents bool: If true, host failed logins will be audited.
AuditHostSuccessfulLoginEvents bool: If true, host successful logins will be audited.
AuditUserAccountManagement bool: If true, account management will be audited.
Author string: Username of the account that created the service.
BlockCryptocurrencyMining bool: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
BlockedFiles List<string>: List of files that are prevented from being read, modified and executed in the containers.
Description string: The description of the host runtime policy
EnableIpReputation bool: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
Enabled bool: Indicates if the runtime policy is enabled or not.
Enforce bool: Indicates that policy should effect container execution (not just for audit).
EnforceAfterDays int: Indicates the number of days after which the runtime policy will be changed to enforce mode.
Id string: The provider-assigned unique ID for this managed resource.
MonitorSystemLogIntegrity bool: If true, system log will be monitored.
MonitorSystemTimeChanges bool: If true, system time changes will be monitored.
MonitorWindowsServices bool: If true, windows service operations will be monitored.
Name string: Name of the host runtime policy
OsGroupsAlloweds List<string>: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
OsGroupsBlockeds List<string>: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
OsUsersAlloweds List<string>: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
OsUsersBlockeds List<string>: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
PortScanningDetection bool: If true, port scanning behaviors will be audited.
ScopeExpression string: Logical expression of how to compute the dependency of the scope variables.
ScopeVariables List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyScopeVariable>: List of scope attributes.
WindowsRegistryMonitorings List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyWindowsRegistryMonitoring>: Configuration for windows registry monitoring.
WindowsRegistryProtections List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyWindowsRegistryProtection>: Configuration for windows registry protection.
Auditing Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyAuditing
FileIntegrityMonitorings List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyFileIntegrityMonitoring>: Configuration for file integrity monitoring.
MalwareScanOptions List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyMalwareScanOption>: Configuration for Real-Time Malware Protection.
PackageBlocks List<Pulumiverse.Aquasec.Outputs.GetHostRuntimePolicyPackageBlock>

ApplicationScopes []string: Indicates the application scope of the service.
AuditAllOsUserActivity bool: If true, all process activity will be audited.
AuditBruteForceLogin bool: Detects brute force login attempts
AuditFullCommandArguments bool: If true, full command arguments will be audited.
AuditHostFailedLoginEvents bool: If true, host failed logins will be audited.
AuditHostSuccessfulLoginEvents bool: If true, host successful logins will be audited.
AuditUserAccountManagement bool: If true, account management will be audited.
Author string: Username of the account that created the service.
BlockCryptocurrencyMining bool: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
BlockedFiles []string: List of files that are prevented from being read, modified and executed in the containers.
Description string: The description of the host runtime policy
EnableIpReputation bool: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
Enabled bool: Indicates if the runtime policy is enabled or not.
Enforce bool: Indicates that policy should effect container execution (not just for audit).
EnforceAfterDays int: Indicates the number of days after which the runtime policy will be changed to enforce mode.
Id string: The provider-assigned unique ID for this managed resource.
MonitorSystemLogIntegrity bool: If true, system log will be monitored.
MonitorSystemTimeChanges bool: If true, system time changes will be monitored.
MonitorWindowsServices bool: If true, windows service operations will be monitored.
Name string: Name of the host runtime policy
OsGroupsAlloweds []string: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
OsGroupsBlockeds []string: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
OsUsersAlloweds []string: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
OsUsersBlockeds []string: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
PortScanningDetection bool: If true, port scanning behaviors will be audited.
ScopeExpression string: Logical expression of how to compute the dependency of the scope variables.
ScopeVariables []GetHostRuntimePolicyScopeVariable: List of scope attributes.
WindowsRegistryMonitorings []GetHostRuntimePolicyWindowsRegistryMonitoring: Configuration for windows registry monitoring.
WindowsRegistryProtections []GetHostRuntimePolicyWindowsRegistryProtection: Configuration for windows registry protection.
Auditing GetHostRuntimePolicyAuditing
FileIntegrityMonitorings []GetHostRuntimePolicyFileIntegrityMonitoring: Configuration for file integrity monitoring.
MalwareScanOptions []GetHostRuntimePolicyMalwareScanOption: Configuration for Real-Time Malware Protection.
PackageBlocks []GetHostRuntimePolicyPackageBlock

applicationScopes List<String>: Indicates the application scope of the service.
auditAllOsUserActivity Boolean: If true, all process activity will be audited.
auditBruteForceLogin Boolean: Detects brute force login attempts
auditFullCommandArguments Boolean: If true, full command arguments will be audited.
auditHostFailedLoginEvents Boolean: If true, host failed logins will be audited.
auditHostSuccessfulLoginEvents Boolean: If true, host successful logins will be audited.
auditUserAccountManagement Boolean: If true, account management will be audited.
author String: Username of the account that created the service.
blockCryptocurrencyMining Boolean: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
blockedFiles List<String>: List of files that are prevented from being read, modified and executed in the containers.
description String: The description of the host runtime policy
enableIpReputation Boolean: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
enabled Boolean: Indicates if the runtime policy is enabled or not.
enforce Boolean: Indicates that policy should effect container execution (not just for audit).
enforceAfterDays Integer: Indicates the number of days after which the runtime policy will be changed to enforce mode.
id String: The provider-assigned unique ID for this managed resource.
monitorSystemLogIntegrity Boolean: If true, system log will be monitored.
monitorSystemTimeChanges Boolean: If true, system time changes will be monitored.
monitorWindowsServices Boolean: If true, windows service operations will be monitored.
name String: Name of the host runtime policy
osGroupsAlloweds List<String>: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osGroupsBlockeds List<String>: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osUsersAlloweds List<String>: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
osUsersBlockeds List<String>: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
portScanningDetection Boolean: If true, port scanning behaviors will be audited.
scopeExpression String: Logical expression of how to compute the dependency of the scope variables.
scopeVariables List<GetHostRuntimePolicyScopeVariable>: List of scope attributes.
windowsRegistryMonitorings List<GetHostRuntimePolicyWindowsRegistryMonitoring>: Configuration for windows registry monitoring.
windowsRegistryProtections List<GetHostRuntimePolicyWindowsRegistryProtection>: Configuration for windows registry protection.
auditing GetHostRuntimePolicyAuditing
fileIntegrityMonitorings List<GetHostRuntimePolicyFileIntegrityMonitoring>: Configuration for file integrity monitoring.
malwareScanOptions List<GetHostRuntimePolicyMalwareScanOption>: Configuration for Real-Time Malware Protection.
packageBlocks List<GetHostRuntimePolicyPackageBlock>

applicationScopes string[]: Indicates the application scope of the service.
auditAllOsUserActivity boolean: If true, all process activity will be audited.
auditBruteForceLogin boolean: Detects brute force login attempts
auditFullCommandArguments boolean: If true, full command arguments will be audited.
auditHostFailedLoginEvents boolean: If true, host failed logins will be audited.
auditHostSuccessfulLoginEvents boolean: If true, host successful logins will be audited.
auditUserAccountManagement boolean: If true, account management will be audited.
author string: Username of the account that created the service.
blockCryptocurrencyMining boolean: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
blockedFiles string[]: List of files that are prevented from being read, modified and executed in the containers.
description string: The description of the host runtime policy
enableIpReputation boolean: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
enabled boolean: Indicates if the runtime policy is enabled or not.
enforce boolean: Indicates that policy should effect container execution (not just for audit).
enforceAfterDays number: Indicates the number of days after which the runtime policy will be changed to enforce mode.
id string: The provider-assigned unique ID for this managed resource.
monitorSystemLogIntegrity boolean: If true, system log will be monitored.
monitorSystemTimeChanges boolean: If true, system time changes will be monitored.
monitorWindowsServices boolean: If true, windows service operations will be monitored.
name string: Name of the host runtime policy
osGroupsAlloweds string[]: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osGroupsBlockeds string[]: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osUsersAlloweds string[]: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
osUsersBlockeds string[]: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
portScanningDetection boolean: If true, port scanning behaviors will be audited.
scopeExpression string: Logical expression of how to compute the dependency of the scope variables.
scopeVariables GetHostRuntimePolicyScopeVariable[]: List of scope attributes.
windowsRegistryMonitorings GetHostRuntimePolicyWindowsRegistryMonitoring[]: Configuration for windows registry monitoring.
windowsRegistryProtections GetHostRuntimePolicyWindowsRegistryProtection[]: Configuration for windows registry protection.
auditing GetHostRuntimePolicyAuditing
fileIntegrityMonitorings GetHostRuntimePolicyFileIntegrityMonitoring[]: Configuration for file integrity monitoring.
malwareScanOptions GetHostRuntimePolicyMalwareScanOption[]: Configuration for Real-Time Malware Protection.
packageBlocks GetHostRuntimePolicyPackageBlock[]

application_scopes Sequence[str]: Indicates the application scope of the service.
audit_all_os_user_activity bool: If true, all process activity will be audited.
audit_brute_force_login bool: Detects brute force login attempts
audit_full_command_arguments bool: If true, full command arguments will be audited.
audit_host_failed_login_events bool: If true, host failed logins will be audited.
audit_host_successful_login_events bool: If true, host successful logins will be audited.
audit_user_account_management bool: If true, account management will be audited.
author str: Username of the account that created the service.
block_cryptocurrency_mining bool: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
blocked_files Sequence[str]: List of files that are prevented from being read, modified and executed in the containers.
description str: The description of the host runtime policy
enable_ip_reputation bool: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
enabled bool: Indicates if the runtime policy is enabled or not.
enforce bool: Indicates that policy should effect container execution (not just for audit).
enforce_after_days int: Indicates the number of days after which the runtime policy will be changed to enforce mode.
id str: The provider-assigned unique ID for this managed resource.
monitor_system_log_integrity bool: If true, system log will be monitored.
monitor_system_time_changes bool: If true, system time changes will be monitored.
monitor_windows_services bool: If true, windows service operations will be monitored.
name str: Name of the host runtime policy
os_groups_alloweds Sequence[str]: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
os_groups_blockeds Sequence[str]: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
os_users_alloweds Sequence[str]: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
os_users_blockeds Sequence[str]: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
port_scanning_detection bool: If true, port scanning behaviors will be audited.
scope_expression str: Logical expression of how to compute the dependency of the scope variables.
scope_variables Sequence[GetHostRuntimePolicyScopeVariable]: List of scope attributes.
windows_registry_monitorings Sequence[GetHostRuntimePolicyWindowsRegistryMonitoring]: Configuration for windows registry monitoring.
windows_registry_protections Sequence[GetHostRuntimePolicyWindowsRegistryProtection]: Configuration for windows registry protection.
auditing GetHostRuntimePolicyAuditing
file_integrity_monitorings Sequence[GetHostRuntimePolicyFileIntegrityMonitoring]: Configuration for file integrity monitoring.
malware_scan_options Sequence[GetHostRuntimePolicyMalwareScanOption]: Configuration for Real-Time Malware Protection.
package_blocks Sequence[GetHostRuntimePolicyPackageBlock]

applicationScopes List<String>: Indicates the application scope of the service.
auditAllOsUserActivity Boolean: If true, all process activity will be audited.
auditBruteForceLogin Boolean: Detects brute force login attempts
auditFullCommandArguments Boolean: If true, full command arguments will be audited.
auditHostFailedLoginEvents Boolean: If true, host failed logins will be audited.
auditHostSuccessfulLoginEvents Boolean: If true, host successful logins will be audited.
auditUserAccountManagement Boolean: If true, account management will be audited.
author String: Username of the account that created the service.
blockCryptocurrencyMining Boolean: Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
blockedFiles List<String>: List of files that are prevented from being read, modified and executed in the containers.
description String: The description of the host runtime policy
enableIpReputation Boolean: If true, detect and prevent communication from containers to IP addresses known to have a bad reputation.
enabled Boolean: Indicates if the runtime policy is enabled or not.
enforce Boolean: Indicates that policy should effect container execution (not just for audit).
enforceAfterDays Number: Indicates the number of days after which the runtime policy will be changed to enforce mode.
id String: The provider-assigned unique ID for this managed resource.
monitorSystemLogIntegrity Boolean: If true, system log will be monitored.
monitorSystemTimeChanges Boolean: If true, system time changes will be monitored.
monitorWindowsServices Boolean: If true, windows service operations will be monitored.
name String: Name of the host runtime policy
osGroupsAlloweds List<String>: List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osGroupsBlockeds List<String>: List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
osUsersAlloweds List<String>: List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
osUsersBlockeds List<String>: List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
portScanningDetection Boolean: If true, port scanning behaviors will be audited.
scopeExpression String: Logical expression of how to compute the dependency of the scope variables.
scopeVariables List<Property Map>: List of scope attributes.
windowsRegistryMonitorings List<Property Map>: Configuration for windows registry monitoring.
windowsRegistryProtections List<Property Map>: Configuration for windows registry protection.
auditing Property Map
fileIntegrityMonitorings List<Property Map>: Configuration for file integrity monitoring.
malwareScanOptions List<Property Map>: Configuration for Real-Time Malware Protection.
packageBlocks List<Property Map>

Supporting Types

AuditAllNetwork bool
AuditAllProcesses bool
AuditFailedLogin bool
AuditOsUserActivity bool
AuditProcessCmdline bool
AuditSuccessLogin bool
AuditUserAccountManagement bool
Enabled bool

auditAllNetwork Boolean
auditAllProcesses Boolean
auditFailedLogin Boolean
auditOsUserActivity Boolean
auditProcessCmdline Boolean
auditSuccessLogin Boolean
auditUserAccountManagement Boolean
enabled Boolean

auditAllNetwork boolean
auditAllProcesses boolean
auditFailedLogin boolean
auditOsUserActivity boolean
auditProcessCmdline boolean
auditSuccessLogin boolean
auditUserAccountManagement boolean
enabled boolean

audit_all_network bool
audit_all_processes bool
audit_failed_login bool
audit_os_user_activity bool
audit_process_cmdline bool
audit_success_login bool
audit_user_account_management bool
enabled bool

auditAllNetwork Boolean
auditAllProcesses Boolean
auditFailedLogin Boolean
auditOsUserActivity Boolean
auditProcessCmdline Boolean
auditSuccessLogin Boolean
auditUserAccountManagement Boolean
enabled Boolean

GetHostRuntimePolicyFileIntegrityMonitoring

Enabled bool: If true, file integrity monitoring is enabled.
ExceptionalMonitoredFiles List<string>: List of paths to be excluded from monitoring.
ExceptionalMonitoredFilesProcesses List<string>: List of processes to be excluded from monitoring.
ExceptionalMonitoredFilesUsers List<string>: List of users to be excluded from monitoring.
MonitoredFiles List<string>: List of paths to be monitored.
MonitoredFilesAttributes bool: Whether to monitor file attribute operations.
MonitoredFilesCreate bool: Whether to monitor file create operations.
MonitoredFilesDelete bool: Whether to monitor file delete operations.
MonitoredFilesModify bool: Whether to monitor file modify operations.
MonitoredFilesProcesses List<string>: List of processes associated with monitored files.
MonitoredFilesRead bool: Whether to monitor file read operations.
MonitoredFilesUsers List<string>: List of users associated with monitored files.

Enabled bool: If true, file integrity monitoring is enabled.
ExceptionalMonitoredFiles []string: List of paths to be excluded from monitoring.
ExceptionalMonitoredFilesProcesses []string: List of processes to be excluded from monitoring.
ExceptionalMonitoredFilesUsers []string: List of users to be excluded from monitoring.
MonitoredFiles []string: List of paths to be monitored.
MonitoredFilesAttributes bool: Whether to monitor file attribute operations.
MonitoredFilesCreate bool: Whether to monitor file create operations.
MonitoredFilesDelete bool: Whether to monitor file delete operations.
MonitoredFilesModify bool: Whether to monitor file modify operations.
MonitoredFilesProcesses []string: List of processes associated with monitored files.
MonitoredFilesRead bool: Whether to monitor file read operations.
MonitoredFilesUsers []string: List of users associated with monitored files.

enabled Boolean: If true, file integrity monitoring is enabled.
exceptionalMonitoredFiles List<String>: List of paths to be excluded from monitoring.
exceptionalMonitoredFilesProcesses List<String>: List of processes to be excluded from monitoring.
exceptionalMonitoredFilesUsers List<String>: List of users to be excluded from monitoring.
monitoredFiles List<String>: List of paths to be monitored.
monitoredFilesAttributes Boolean: Whether to monitor file attribute operations.
monitoredFilesCreate Boolean: Whether to monitor file create operations.
monitoredFilesDelete Boolean: Whether to monitor file delete operations.
monitoredFilesModify Boolean: Whether to monitor file modify operations.
monitoredFilesProcesses List<String>: List of processes associated with monitored files.
monitoredFilesRead Boolean: Whether to monitor file read operations.
monitoredFilesUsers List<String>: List of users associated with monitored files.

enabled boolean: If true, file integrity monitoring is enabled.
exceptionalMonitoredFiles string[]: List of paths to be excluded from monitoring.
exceptionalMonitoredFilesProcesses string[]: List of processes to be excluded from monitoring.
exceptionalMonitoredFilesUsers string[]: List of users to be excluded from monitoring.
monitoredFiles string[]: List of paths to be monitored.
monitoredFilesAttributes boolean: Whether to monitor file attribute operations.
monitoredFilesCreate boolean: Whether to monitor file create operations.
monitoredFilesDelete boolean: Whether to monitor file delete operations.
monitoredFilesModify boolean: Whether to monitor file modify operations.
monitoredFilesProcesses string[]: List of processes associated with monitored files.
monitoredFilesRead boolean: Whether to monitor file read operations.
monitoredFilesUsers string[]: List of users associated with monitored files.

enabled bool: If true, file integrity monitoring is enabled.
exceptional_monitored_files Sequence[str]: List of paths to be excluded from monitoring.
exceptional_monitored_files_processes Sequence[str]: List of processes to be excluded from monitoring.
exceptional_monitored_files_users Sequence[str]: List of users to be excluded from monitoring.
monitored_files Sequence[str]: List of paths to be monitored.
monitored_files_attributes bool: Whether to monitor file attribute operations.
monitored_files_create bool: Whether to monitor file create operations.
monitored_files_delete bool: Whether to monitor file delete operations.
monitored_files_modify bool: Whether to monitor file modify operations.
monitored_files_processes Sequence[str]: List of processes associated with monitored files.
monitored_files_read bool: Whether to monitor file read operations.
monitored_files_users Sequence[str]: List of users associated with monitored files.

enabled Boolean: If true, file integrity monitoring is enabled.
exceptionalMonitoredFiles List<String>: List of paths to be excluded from monitoring.
exceptionalMonitoredFilesProcesses List<String>: List of processes to be excluded from monitoring.
exceptionalMonitoredFilesUsers List<String>: List of users to be excluded from monitoring.
monitoredFiles List<String>: List of paths to be monitored.
monitoredFilesAttributes Boolean: Whether to monitor file attribute operations.
monitoredFilesCreate Boolean: Whether to monitor file create operations.
monitoredFilesDelete Boolean: Whether to monitor file delete operations.
monitoredFilesModify Boolean: Whether to monitor file modify operations.
monitoredFilesProcesses List<String>: List of processes associated with monitored files.
monitoredFilesRead Boolean: Whether to monitor file read operations.
monitoredFilesUsers List<String>: List of users associated with monitored files.

GetHostRuntimePolicyMalwareScanOption

Action string: Set Action, Defaults to 'Alert' when empty
Enabled bool: Defines if enabled or not
ExcludeDirectories List<string>: List of registry paths to be excluded from being protected.
ExcludeProcesses List<string>: List of registry processes to be excluded from being protected.
IncludeDirectories List<string>: List of registry paths to be excluded from being protected.

Action string: Set Action, Defaults to 'Alert' when empty
Enabled bool: Defines if enabled or not
ExcludeDirectories []string: List of registry paths to be excluded from being protected.
ExcludeProcesses []string: List of registry processes to be excluded from being protected.
IncludeDirectories []string: List of registry paths to be excluded from being protected.

action String: Set Action, Defaults to 'Alert' when empty
enabled Boolean: Defines if enabled or not
excludeDirectories List<String>: List of registry paths to be excluded from being protected.
excludeProcesses List<String>: List of registry processes to be excluded from being protected.
includeDirectories List<String>: List of registry paths to be excluded from being protected.

action string: Set Action, Defaults to 'Alert' when empty
enabled boolean: Defines if enabled or not
excludeDirectories string[]: List of registry paths to be excluded from being protected.
excludeProcesses string[]: List of registry processes to be excluded from being protected.
includeDirectories string[]: List of registry paths to be excluded from being protected.

action str: Set Action, Defaults to 'Alert' when empty
enabled bool: Defines if enabled or not
exclude_directories Sequence[str]: List of registry paths to be excluded from being protected.
exclude_processes Sequence[str]: List of registry processes to be excluded from being protected.
include_directories Sequence[str]: List of registry paths to be excluded from being protected.

action String: Set Action, Defaults to 'Alert' when empty
enabled Boolean: Defines if enabled or not
excludeDirectories List<String>: List of registry paths to be excluded from being protected.
excludeProcesses List<String>: List of registry processes to be excluded from being protected.
includeDirectories List<String>: List of registry paths to be excluded from being protected.

GetHostRuntimePolicyPackageBlock

BlockPackagesProcesses List<string>
BlockPackagesUsers List<string>
Enabled bool
ExceptionalBlockPackagesFiles List<string>
ExceptionalBlockPackagesProcesses List<string>
ExceptionalBlockPackagesUsers List<string>
PackagesBlackLists List<string>

BlockPackagesProcesses []string
BlockPackagesUsers []string
Enabled bool
ExceptionalBlockPackagesFiles []string
ExceptionalBlockPackagesProcesses []string
ExceptionalBlockPackagesUsers []string
PackagesBlackLists []string

blockPackagesProcesses List<String>
blockPackagesUsers List<String>
enabled Boolean
exceptionalBlockPackagesFiles List<String>
exceptionalBlockPackagesProcesses List<String>
exceptionalBlockPackagesUsers List<String>
packagesBlackLists List<String>

blockPackagesProcesses string[]
blockPackagesUsers string[]
enabled boolean
exceptionalBlockPackagesFiles string[]
exceptionalBlockPackagesProcesses string[]
exceptionalBlockPackagesUsers string[]
packagesBlackLists string[]

block_packages_processes Sequence[str]
block_packages_users Sequence[str]
enabled bool
exceptional_block_packages_files Sequence[str]
exceptional_block_packages_processes Sequence[str]
exceptional_block_packages_users Sequence[str]
packages_black_lists Sequence[str]

blockPackagesProcesses List<String>
blockPackagesUsers List<String>
enabled Boolean
exceptionalBlockPackagesFiles List<String>
exceptionalBlockPackagesProcesses List<String>
exceptionalBlockPackagesUsers List<String>
packagesBlackLists List<String>

GetHostRuntimePolicyScopeVariable

Attribute string: Class of supported scope.
Name string: Name assigned to the attribute.
Value string: Value assigned to the attribute.

Attribute string: Class of supported scope.
Name string: Name assigned to the attribute.
Value string: Value assigned to the attribute.

attribute String: Class of supported scope.
name String: Name assigned to the attribute.
value String: Value assigned to the attribute.

attribute string: Class of supported scope.
name string: Name assigned to the attribute.
value string: Value assigned to the attribute.

attribute str: Class of supported scope.
name str: Name assigned to the attribute.
value str: Value assigned to the attribute.

attribute String: Class of supported scope.
name String: Name assigned to the attribute.
value String: Value assigned to the attribute.

GetHostRuntimePolicyWindowsRegistryMonitoring

ExcludedPaths List<string>: List of paths to be excluded from being monitored.
ExcludedProcesses List<string>: List of registry processes to be excluded from being monitored.
ExcludedUsers List<string>: List of registry users to be excluded from being monitored.
MonitorAttributes bool: If true, add attributes operations will be monitored.
MonitorCreate bool: If true, create operations will be monitored.
MonitorDelete bool: If true, deletion operations will be monitored.
MonitorModify bool: If true, modification operations will be monitored.
MonitorRead bool: If true, read operations will be monitored.
MonitoredPaths List<string>: List of paths to be monitored.
MonitoredProcesses List<string>: List of registry processes to be monitored.
MonitoredUsers List<string>: List of registry users to be monitored.

ExcludedPaths []string: List of paths to be excluded from being monitored.
ExcludedProcesses []string: List of registry processes to be excluded from being monitored.
ExcludedUsers []string: List of registry users to be excluded from being monitored.
MonitorAttributes bool: If true, add attributes operations will be monitored.
MonitorCreate bool: If true, create operations will be monitored.
MonitorDelete bool: If true, deletion operations will be monitored.
MonitorModify bool: If true, modification operations will be monitored.
MonitorRead bool: If true, read operations will be monitored.
MonitoredPaths []string: List of paths to be monitored.
MonitoredProcesses []string: List of registry processes to be monitored.
MonitoredUsers []string: List of registry users to be monitored.

excludedPaths List<String>: List of paths to be excluded from being monitored.
excludedProcesses List<String>: List of registry processes to be excluded from being monitored.
excludedUsers List<String>: List of registry users to be excluded from being monitored.
monitorAttributes Boolean: If true, add attributes operations will be monitored.
monitorCreate Boolean: If true, create operations will be monitored.
monitorDelete Boolean: If true, deletion operations will be monitored.
monitorModify Boolean: If true, modification operations will be monitored.
monitorRead Boolean: If true, read operations will be monitored.
monitoredPaths List<String>: List of paths to be monitored.
monitoredProcesses List<String>: List of registry processes to be monitored.
monitoredUsers List<String>: List of registry users to be monitored.

excludedPaths string[]: List of paths to be excluded from being monitored.
excludedProcesses string[]: List of registry processes to be excluded from being monitored.
excludedUsers string[]: List of registry users to be excluded from being monitored.
monitorAttributes boolean: If true, add attributes operations will be monitored.
monitorCreate boolean: If true, create operations will be monitored.
monitorDelete boolean: If true, deletion operations will be monitored.
monitorModify boolean: If true, modification operations will be monitored.
monitorRead boolean: If true, read operations will be monitored.
monitoredPaths string[]: List of paths to be monitored.
monitoredProcesses string[]: List of registry processes to be monitored.
monitoredUsers string[]: List of registry users to be monitored.

excluded_paths Sequence[str]: List of paths to be excluded from being monitored.
excluded_processes Sequence[str]: List of registry processes to be excluded from being monitored.
excluded_users Sequence[str]: List of registry users to be excluded from being monitored.
monitor_attributes bool: If true, add attributes operations will be monitored.
monitor_create bool: If true, create operations will be monitored.
monitor_delete bool: If true, deletion operations will be monitored.
monitor_modify bool: If true, modification operations will be monitored.
monitor_read bool: If true, read operations will be monitored.
monitored_paths Sequence[str]: List of paths to be monitored.
monitored_processes Sequence[str]: List of registry processes to be monitored.
monitored_users Sequence[str]: List of registry users to be monitored.

excludedPaths List<String>: List of paths to be excluded from being monitored.
excludedProcesses List<String>: List of registry processes to be excluded from being monitored.
excludedUsers List<String>: List of registry users to be excluded from being monitored.
monitorAttributes Boolean: If true, add attributes operations will be monitored.
monitorCreate Boolean: If true, create operations will be monitored.
monitorDelete Boolean: If true, deletion operations will be monitored.
monitorModify Boolean: If true, modification operations will be monitored.
monitorRead Boolean: If true, read operations will be monitored.
monitoredPaths List<String>: List of paths to be monitored.
monitoredProcesses List<String>: List of registry processes to be monitored.
monitoredUsers List<String>: List of registry users to be monitored.

GetHostRuntimePolicyWindowsRegistryProtection

ExcludedPaths List<string>: List of registry paths to be excluded from being protected.
ExcludedProcesses List<string>: List of registry processes to be excluded from being protected.
ExcludedUsers List<string>: List of registry paths to be users from being protected.
ProtectedPaths List<string>: List of registry paths to be protected.
ProtectedProcesses List<string>: List of registry processes to be protected.
ProtectedUsers List<string>: List of registry users to be protected.

ExcludedPaths []string: List of registry paths to be excluded from being protected.
ExcludedProcesses []string: List of registry processes to be excluded from being protected.
ExcludedUsers []string: List of registry paths to be users from being protected.
ProtectedPaths []string: List of registry paths to be protected.
ProtectedProcesses []string: List of registry processes to be protected.
ProtectedUsers []string: List of registry users to be protected.

excludedPaths List<String>: List of registry paths to be excluded from being protected.
excludedProcesses List<String>: List of registry processes to be excluded from being protected.
excludedUsers List<String>: List of registry paths to be users from being protected.
protectedPaths List<String>: List of registry paths to be protected.
protectedProcesses List<String>: List of registry processes to be protected.
protectedUsers List<String>: List of registry users to be protected.

excludedPaths string[]: List of registry paths to be excluded from being protected.
excludedProcesses string[]: List of registry processes to be excluded from being protected.
excludedUsers string[]: List of registry paths to be users from being protected.
protectedPaths string[]: List of registry paths to be protected.
protectedProcesses string[]: List of registry processes to be protected.
protectedUsers string[]: List of registry users to be protected.

excluded_paths Sequence[str]: List of registry paths to be excluded from being protected.
excluded_processes Sequence[str]: List of registry processes to be excluded from being protected.
excluded_users Sequence[str]: List of registry paths to be users from being protected.
protected_paths Sequence[str]: List of registry paths to be protected.
protected_processes Sequence[str]: List of registry processes to be protected.
protected_users Sequence[str]: List of registry users to be protected.

excludedPaths List<String>: List of registry paths to be excluded from being protected.
excludedProcesses List<String>: List of registry processes to be excluded from being protected.
excludedUsers List<String>: List of registry paths to be users from being protected.
protectedPaths List<String>: List of registry paths to be protected.
protectedProcesses List<String>: List of registry processes to be protected.
protectedUsers List<String>: List of registry users to be protected.

Package Details

Repository: aquasec pulumiverse/pulumi-aquasec
License: Apache-2.0
Notes: This Pulumi package is based on the aquasec Terraform Provider.

Aquasec v0.8.29 published on Monday, Jul 22, 2024 by Pulumiverse

pulumiverse/pulumi-aquasec

aquasec.getHostRuntimePolicy

On this page

On this page

Example Usage

Using getHostRuntimePolicy

getHostRuntimePolicy Result

Supporting Types

GetHostRuntimePolicyAuditing

GetHostRuntimePolicyFileIntegrityMonitoring

GetHostRuntimePolicyMalwareScanOption

GetHostRuntimePolicyPackageBlock

GetHostRuntimePolicyScopeVariable

GetHostRuntimePolicyWindowsRegistryMonitoring

GetHostRuntimePolicyWindowsRegistryProtection

Package Details

On this page

On this page