1. Packages
  2. CrowdStrike
  3. API Docs
  4. FilevantageRuleGroup
CrowdStrike v0.0.12 published on Thursday, Apr 3, 2025 by CrowdStrike

crowdstrike.FilevantageRuleGroup

Explore with Pulumi AI

This resource allows management of a FileVantage rule group. A FileVantage rule group is a collection of file integrity rules that can be assigned to a FileVantge policy.

API Scopes

The following API scopes are required:

  • Falcon FileVantage | Read & Write

Example Usage

Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.crowdstrike.FilevantageRuleGroup;
import com.pulumi.crowdstrike.FilevantageRuleGroupArgs;
import com.pulumi.crowdstrike.inputs.FilevantageRuleGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new FilevantageRuleGroup("example", FilevantageRuleGroupArgs.builder()
            .description("Made with Pulumi")
            .type("WindowsRegistry")
            .rules(            
                FilevantageRuleGroupRuleArgs.builder()
                    .description("first rule")
                    .path("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\")
                    .severity("High")
                    .depth("ANY")
                    .registry_values(                    
                        "first",
                        "rule")
                    .watch_key_value_set_changes(true)
                    .enable_content_capture(true)
                    .build(),
                FilevantageRuleGroupRuleArgs.builder()
                    .description("second rule")
                    .path("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\")
                    .severity("High")
                    .depth("ANY")
                    .registry_values(                    
                        "Value1",
                        "Value2")
                    .watch_key_value_set_changes(true)
                    .enable_content_capture(true)
                    .build())
            .build());

        ctx.export("filevantageRuleGroup", example);
    }
}
Copy
resources:
  example:
    type: crowdstrike:FilevantageRuleGroup
    properties:
      description: Made with Pulumi
      type: WindowsRegistry
      rules:
        - description: first rule
          path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
          severity: High
          depth: ANY
          registry_values:
            - first
            - rule
          watch_key_value_set_changes: true
          enable_content_capture: true
        - description: second rule
          path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
          severity: High
          depth: ANY
          registry_values:
            - Value1
            - Value2
          watch_key_value_set_changes: true
          enable_content_capture: true
outputs:
  filevantageRuleGroup: ${example}
Copy

Create FilevantageRuleGroup Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FilevantageRuleGroup(name: string, args?: FilevantageRuleGroupArgs, opts?: CustomResourceOptions);
@overload
def FilevantageRuleGroup(resource_name: str,
                         args: Optional[FilevantageRuleGroupArgs] = None,
                         opts: Optional[ResourceOptions] = None)

@overload
def FilevantageRuleGroup(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         description: Optional[str] = None,
                         name: Optional[str] = None,
                         rules: Optional[Sequence[FilevantageRuleGroupRuleArgs]] = None,
                         type: Optional[str] = None)
func NewFilevantageRuleGroup(ctx *Context, name string, args *FilevantageRuleGroupArgs, opts ...ResourceOption) (*FilevantageRuleGroup, error)
public FilevantageRuleGroup(string name, FilevantageRuleGroupArgs? args = null, CustomResourceOptions? opts = null)
public FilevantageRuleGroup(String name, FilevantageRuleGroupArgs args)
public FilevantageRuleGroup(String name, FilevantageRuleGroupArgs args, CustomResourceOptions options)
type: crowdstrike:FilevantageRuleGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args FilevantageRuleGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args FilevantageRuleGroupArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args FilevantageRuleGroupArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args FilevantageRuleGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FilevantageRuleGroupArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var filevantageRuleGroupResource = new Crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource", new()
{
    Description = "string",
    Name = "string",
    Rules = new[]
    {
        new Crowdstrike.Inputs.FilevantageRuleGroupRuleArgs
        {
            Path = "string",
            Description = "string",
            Severity = "string",
            WatchDirectoryCreateChanges = false,
            WatchFileDeleteChanges = false,
            ExcludeUsers = "string",
            FileNames = new[]
            {
                "string",
            },
            Id = "string",
            Include = "string",
            IncludeProcesses = "string",
            IncludeUsers = "string",
            Exclude = "string",
            Precedence = 0,
            RegistryValues = new[]
            {
                "string",
            },
            EnableContentCapture = false,
            WatchDirectoryAttributeChanges = false,
            Depth = "string",
            ExcludeProcesses = "string",
            WatchDirectoryRenameChanges = false,
            WatchDirectoryDeleteChanges = false,
            WatchFileAttributeChanges = false,
            WatchFileCreateChanges = false,
            WatchDirectoryPermissionChanges = false,
            WatchFilePermissionChanges = false,
            WatchFileRenameChanges = false,
            WatchFileWriteChanges = false,
            WatchKeyCreateChanges = false,
            WatchKeyDeleteChanges = false,
            WatchKeyPermissionsChanges = false,
            WatchKeyRenameChanges = false,
            WatchKeyValueDeleteChanges = false,
            WatchKeyValueSetChanges = false,
        },
    },
    Type = "string",
});
Copy
example, err := crowdstrike.NewFilevantageRuleGroup(ctx, "filevantageRuleGroupResource", &crowdstrike.FilevantageRuleGroupArgs{
	Description: pulumi.String("string"),
	Name:        pulumi.String("string"),
	Rules: crowdstrike.FilevantageRuleGroupRuleArray{
		&crowdstrike.FilevantageRuleGroupRuleArgs{
			Path:                        pulumi.String("string"),
			Description:                 pulumi.String("string"),
			Severity:                    pulumi.String("string"),
			WatchDirectoryCreateChanges: pulumi.Bool(false),
			WatchFileDeleteChanges:      pulumi.Bool(false),
			ExcludeUsers:                pulumi.String("string"),
			FileNames: pulumi.StringArray{
				pulumi.String("string"),
			},
			Id:               pulumi.String("string"),
			Include:          pulumi.String("string"),
			IncludeProcesses: pulumi.String("string"),
			IncludeUsers:     pulumi.String("string"),
			Exclude:          pulumi.String("string"),
			Precedence:       pulumi.Int(0),
			RegistryValues: pulumi.StringArray{
				pulumi.String("string"),
			},
			EnableContentCapture:            pulumi.Bool(false),
			WatchDirectoryAttributeChanges:  pulumi.Bool(false),
			Depth:                           pulumi.String("string"),
			ExcludeProcesses:                pulumi.String("string"),
			WatchDirectoryRenameChanges:     pulumi.Bool(false),
			WatchDirectoryDeleteChanges:     pulumi.Bool(false),
			WatchFileAttributeChanges:       pulumi.Bool(false),
			WatchFileCreateChanges:          pulumi.Bool(false),
			WatchDirectoryPermissionChanges: pulumi.Bool(false),
			WatchFilePermissionChanges:      pulumi.Bool(false),
			WatchFileRenameChanges:          pulumi.Bool(false),
			WatchFileWriteChanges:           pulumi.Bool(false),
			WatchKeyCreateChanges:           pulumi.Bool(false),
			WatchKeyDeleteChanges:           pulumi.Bool(false),
			WatchKeyPermissionsChanges:      pulumi.Bool(false),
			WatchKeyRenameChanges:           pulumi.Bool(false),
			WatchKeyValueDeleteChanges:      pulumi.Bool(false),
			WatchKeyValueSetChanges:         pulumi.Bool(false),
		},
	},
	Type: pulumi.String("string"),
})
Copy
var filevantageRuleGroupResource = new FilevantageRuleGroup("filevantageRuleGroupResource", FilevantageRuleGroupArgs.builder()
    .description("string")
    .name("string")
    .rules(FilevantageRuleGroupRuleArgs.builder()
        .path("string")
        .description("string")
        .severity("string")
        .watchDirectoryCreateChanges(false)
        .watchFileDeleteChanges(false)
        .excludeUsers("string")
        .fileNames("string")
        .id("string")
        .include("string")
        .includeProcesses("string")
        .includeUsers("string")
        .exclude("string")
        .precedence(0)
        .registryValues("string")
        .enableContentCapture(false)
        .watchDirectoryAttributeChanges(false)
        .depth("string")
        .excludeProcesses("string")
        .watchDirectoryRenameChanges(false)
        .watchDirectoryDeleteChanges(false)
        .watchFileAttributeChanges(false)
        .watchFileCreateChanges(false)
        .watchDirectoryPermissionChanges(false)
        .watchFilePermissionChanges(false)
        .watchFileRenameChanges(false)
        .watchFileWriteChanges(false)
        .watchKeyCreateChanges(false)
        .watchKeyDeleteChanges(false)
        .watchKeyPermissionsChanges(false)
        .watchKeyRenameChanges(false)
        .watchKeyValueDeleteChanges(false)
        .watchKeyValueSetChanges(false)
        .build())
    .type("string")
    .build());
Copy
filevantage_rule_group_resource = crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource",
    description="string",
    name="string",
    rules=[{
        "path": "string",
        "description": "string",
        "severity": "string",
        "watch_directory_create_changes": False,
        "watch_file_delete_changes": False,
        "exclude_users": "string",
        "file_names": ["string"],
        "id": "string",
        "include": "string",
        "include_processes": "string",
        "include_users": "string",
        "exclude": "string",
        "precedence": 0,
        "registry_values": ["string"],
        "enable_content_capture": False,
        "watch_directory_attribute_changes": False,
        "depth": "string",
        "exclude_processes": "string",
        "watch_directory_rename_changes": False,
        "watch_directory_delete_changes": False,
        "watch_file_attribute_changes": False,
        "watch_file_create_changes": False,
        "watch_directory_permission_changes": False,
        "watch_file_permission_changes": False,
        "watch_file_rename_changes": False,
        "watch_file_write_changes": False,
        "watch_key_create_changes": False,
        "watch_key_delete_changes": False,
        "watch_key_permissions_changes": False,
        "watch_key_rename_changes": False,
        "watch_key_value_delete_changes": False,
        "watch_key_value_set_changes": False,
    }],
    type="string")
Copy
const filevantageRuleGroupResource = new crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource", {
    description: "string",
    name: "string",
    rules: [{
        path: "string",
        description: "string",
        severity: "string",
        watchDirectoryCreateChanges: false,
        watchFileDeleteChanges: false,
        excludeUsers: "string",
        fileNames: ["string"],
        id: "string",
        include: "string",
        includeProcesses: "string",
        includeUsers: "string",
        exclude: "string",
        precedence: 0,
        registryValues: ["string"],
        enableContentCapture: false,
        watchDirectoryAttributeChanges: false,
        depth: "string",
        excludeProcesses: "string",
        watchDirectoryRenameChanges: false,
        watchDirectoryDeleteChanges: false,
        watchFileAttributeChanges: false,
        watchFileCreateChanges: false,
        watchDirectoryPermissionChanges: false,
        watchFilePermissionChanges: false,
        watchFileRenameChanges: false,
        watchFileWriteChanges: false,
        watchKeyCreateChanges: false,
        watchKeyDeleteChanges: false,
        watchKeyPermissionsChanges: false,
        watchKeyRenameChanges: false,
        watchKeyValueDeleteChanges: false,
        watchKeyValueSetChanges: false,
    }],
    type: "string",
});
Copy
type: crowdstrike:FilevantageRuleGroup
properties:
    description: string
    name: string
    rules:
        - depth: string
          description: string
          enableContentCapture: false
          exclude: string
          excludeProcesses: string
          excludeUsers: string
          fileNames:
            - string
          id: string
          include: string
          includeProcesses: string
          includeUsers: string
          path: string
          precedence: 0
          registryValues:
            - string
          severity: string
          watchDirectoryAttributeChanges: false
          watchDirectoryCreateChanges: false
          watchDirectoryDeleteChanges: false
          watchDirectoryPermissionChanges: false
          watchDirectoryRenameChanges: false
          watchFileAttributeChanges: false
          watchFileCreateChanges: false
          watchFileDeleteChanges: false
          watchFilePermissionChanges: false
          watchFileRenameChanges: false
          watchFileWriteChanges: false
          watchKeyCreateChanges: false
          watchKeyDeleteChanges: false
          watchKeyPermissionsChanges: false
          watchKeyRenameChanges: false
          watchKeyValueDeleteChanges: false
          watchKeyValueSetChanges: false
    type: string
Copy

FilevantageRuleGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FilevantageRuleGroup resource accepts the following input properties:

Description string
Description of the filevantage rule group.
Name string
Name of the filevantage rule group.
Rules List<CrowdStrike.Crowdstrike.Inputs.FilevantageRuleGroupRule>
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
Type string
The type of filevantage rule group.
Description string
Description of the filevantage rule group.
Name string
Name of the filevantage rule group.
Rules []FilevantageRuleGroupRuleArgs
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
Type string
The type of filevantage rule group.
description String
Description of the filevantage rule group.
name String
Name of the filevantage rule group.
rules List<FilevantageRuleGroupRule>
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type String
The type of filevantage rule group.
description string
Description of the filevantage rule group.
name string
Name of the filevantage rule group.
rules FilevantageRuleGroupRule[]
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type string
The type of filevantage rule group.
description str
Description of the filevantage rule group.
name str
Name of the filevantage rule group.
rules Sequence[FilevantageRuleGroupRuleArgs]
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type str
The type of filevantage rule group.
description String
Description of the filevantage rule group.
name String
Name of the filevantage rule group.
rules List<Property Map>
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type String
The type of filevantage rule group.

Outputs

All input properties are implicitly available as output properties. Additionally, the FilevantageRuleGroup resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
LastUpdated string
Id string
The provider-assigned unique ID for this managed resource.
LastUpdated string
id String
The provider-assigned unique ID for this managed resource.
lastUpdated String
id string
The provider-assigned unique ID for this managed resource.
lastUpdated string
id str
The provider-assigned unique ID for this managed resource.
last_updated str
id String
The provider-assigned unique ID for this managed resource.
lastUpdated String

Look up Existing FilevantageRuleGroup Resource

Get an existing FilevantageRuleGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FilevantageRuleGroupState, opts?: CustomResourceOptions): FilevantageRuleGroup
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        last_updated: Optional[str] = None,
        name: Optional[str] = None,
        rules: Optional[Sequence[FilevantageRuleGroupRuleArgs]] = None,
        type: Optional[str] = None) -> FilevantageRuleGroup
func GetFilevantageRuleGroup(ctx *Context, name string, id IDInput, state *FilevantageRuleGroupState, opts ...ResourceOption) (*FilevantageRuleGroup, error)
public static FilevantageRuleGroup Get(string name, Input<string> id, FilevantageRuleGroupState? state, CustomResourceOptions? opts = null)
public static FilevantageRuleGroup get(String name, Output<String> id, FilevantageRuleGroupState state, CustomResourceOptions options)
resources:  _:    type: crowdstrike:FilevantageRuleGroup    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Description string
Description of the filevantage rule group.
LastUpdated string
Name string
Name of the filevantage rule group.
Rules List<CrowdStrike.Crowdstrike.Inputs.FilevantageRuleGroupRule>
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
Type string
The type of filevantage rule group.
Description string
Description of the filevantage rule group.
LastUpdated string
Name string
Name of the filevantage rule group.
Rules []FilevantageRuleGroupRuleArgs
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
Type string
The type of filevantage rule group.
description String
Description of the filevantage rule group.
lastUpdated String
name String
Name of the filevantage rule group.
rules List<FilevantageRuleGroupRule>
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type String
The type of filevantage rule group.
description string
Description of the filevantage rule group.
lastUpdated string
name string
Name of the filevantage rule group.
rules FilevantageRuleGroupRule[]
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type string
The type of filevantage rule group.
description str
Description of the filevantage rule group.
last_updated str
name str
Name of the filevantage rule group.
rules Sequence[FilevantageRuleGroupRuleArgs]
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type str
The type of filevantage rule group.
description String
Description of the filevantage rule group.
lastUpdated String
name String
Name of the filevantage rule group.
rules List<Property Map>
Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type String
The type of filevantage rule group.

Supporting Types

FilevantageRuleGroupRule
, FilevantageRuleGroupRuleArgs

Description This property is required. string
Description of the filevantage rule.
Path This property is required. string
Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
Severity This property is required. string
Severity to categorize change events produced by this rule.
Depth string
Depth below the base path to monitor.
EnableContentCapture bool
Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
Exclude string
Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
ExcludeProcesses string
Represents the changes performed by specific processes that will be excluded from monitoring.
ExcludeUsers string
Represents the changes performed by specific users that will be excluded from monitoring.
FileNames List<string>
List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
Id string
Identifier for the filevantage rule.
Include string
Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
IncludeProcesses string
Represents the changes performed by specific processes that will be monitored.
IncludeUsers string
Represents the changes performed by specific users that will be monitored.
Precedence int
Precedence of the rule in the rule group.
RegistryValues List<string>
List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
WatchDirectoryAttributeChanges bool
Monitor directory attribute change events.
WatchDirectoryCreateChanges bool
Monitor directory creation events.
WatchDirectoryDeleteChanges bool
Monitor directory deletion events.
WatchDirectoryPermissionChanges bool
Monitor directory permission change events.
WatchDirectoryRenameChanges bool
Monitor directory rename events.
WatchFileAttributeChanges bool
Monitor file attribute change events.
WatchFileCreateChanges bool
Monitor file creation events.
WatchFileDeleteChanges bool
Monitor file deletion events.
WatchFilePermissionChanges bool
Monitor file permission change events.
WatchFileRenameChanges bool
Monitor file rename events.
WatchFileWriteChanges bool
Monitor file write events.
WatchKeyCreateChanges bool
Monitor registry key creation events.
WatchKeyDeleteChanges bool
Monitor registry key deletion events.
WatchKeyPermissionsChanges bool
Monitor registry key permission change events.
WatchKeyRenameChanges bool
Monitor registry key rename events.
WatchKeyValueDeleteChanges bool
Monitor registry value deletion events.
WatchKeyValueSetChanges bool
Monitor registry value set events.
Description This property is required. string
Description of the filevantage rule.
Path This property is required. string
Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
Severity This property is required. string
Severity to categorize change events produced by this rule.
Depth string
Depth below the base path to monitor.
EnableContentCapture bool
Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
Exclude string
Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
ExcludeProcesses string
Represents the changes performed by specific processes that will be excluded from monitoring.
ExcludeUsers string
Represents the changes performed by specific users that will be excluded from monitoring.
FileNames []string
List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
Id string
Identifier for the filevantage rule.
Include string
Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
IncludeProcesses string
Represents the changes performed by specific processes that will be monitored.
IncludeUsers string
Represents the changes performed by specific users that will be monitored.
Precedence int
Precedence of the rule in the rule group.
RegistryValues []string
List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
WatchDirectoryAttributeChanges bool
Monitor directory attribute change events.
WatchDirectoryCreateChanges bool
Monitor directory creation events.
WatchDirectoryDeleteChanges bool
Monitor directory deletion events.
WatchDirectoryPermissionChanges bool
Monitor directory permission change events.
WatchDirectoryRenameChanges bool
Monitor directory rename events.
WatchFileAttributeChanges bool
Monitor file attribute change events.
WatchFileCreateChanges bool
Monitor file creation events.
WatchFileDeleteChanges bool
Monitor file deletion events.
WatchFilePermissionChanges bool
Monitor file permission change events.
WatchFileRenameChanges bool
Monitor file rename events.
WatchFileWriteChanges bool
Monitor file write events.
WatchKeyCreateChanges bool
Monitor registry key creation events.
WatchKeyDeleteChanges bool
Monitor registry key deletion events.
WatchKeyPermissionsChanges bool
Monitor registry key permission change events.
WatchKeyRenameChanges bool
Monitor registry key rename events.
WatchKeyValueDeleteChanges bool
Monitor registry value deletion events.
WatchKeyValueSetChanges bool
Monitor registry value set events.
description This property is required. String
Description of the filevantage rule.
path This property is required. String
Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
severity This property is required. String
Severity to categorize change events produced by this rule.
depth String
Depth below the base path to monitor.
enableContentCapture Boolean
Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
exclude String
Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
excludeProcesses String
Represents the changes performed by specific processes that will be excluded from monitoring.
excludeUsers String
Represents the changes performed by specific users that will be excluded from monitoring.
fileNames List<String>
List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
id String
Identifier for the filevantage rule.
include String
Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
includeProcesses String
Represents the changes performed by specific processes that will be monitored.
includeUsers String
Represents the changes performed by specific users that will be monitored.
precedence Integer
Precedence of the rule in the rule group.
registryValues List<String>
List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
watchDirectoryAttributeChanges Boolean
Monitor directory attribute change events.
watchDirectoryCreateChanges Boolean
Monitor directory creation events.
watchDirectoryDeleteChanges Boolean
Monitor directory deletion events.
watchDirectoryPermissionChanges Boolean
Monitor directory permission change events.
watchDirectoryRenameChanges Boolean
Monitor directory rename events.
watchFileAttributeChanges Boolean
Monitor file attribute change events.
watchFileCreateChanges Boolean
Monitor file creation events.
watchFileDeleteChanges Boolean
Monitor file deletion events.
watchFilePermissionChanges Boolean
Monitor file permission change events.
watchFileRenameChanges Boolean
Monitor file rename events.
watchFileWriteChanges Boolean
Monitor file write events.
watchKeyCreateChanges Boolean
Monitor registry key creation events.
watchKeyDeleteChanges Boolean
Monitor registry key deletion events.
watchKeyPermissionsChanges Boolean
Monitor registry key permission change events.
watchKeyRenameChanges Boolean
Monitor registry key rename events.
watchKeyValueDeleteChanges Boolean
Monitor registry value deletion events.
watchKeyValueSetChanges Boolean
Monitor registry value set events.
description This property is required. string
Description of the filevantage rule.
path This property is required. string
Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
severity This property is required. string
Severity to categorize change events produced by this rule.
depth string
Depth below the base path to monitor.
enableContentCapture boolean
Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
exclude string
Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
excludeProcesses string
Represents the changes performed by specific processes that will be excluded from monitoring.
excludeUsers string
Represents the changes performed by specific users that will be excluded from monitoring.
fileNames string[]
List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
id string
Identifier for the filevantage rule.
include string
Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
includeProcesses string
Represents the changes performed by specific processes that will be monitored.
includeUsers string
Represents the changes performed by specific users that will be monitored.
precedence number
Precedence of the rule in the rule group.
registryValues string[]
List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
watchDirectoryAttributeChanges boolean
Monitor directory attribute change events.
watchDirectoryCreateChanges boolean
Monitor directory creation events.
watchDirectoryDeleteChanges boolean
Monitor directory deletion events.
watchDirectoryPermissionChanges boolean
Monitor directory permission change events.
watchDirectoryRenameChanges boolean
Monitor directory rename events.
watchFileAttributeChanges boolean
Monitor file attribute change events.
watchFileCreateChanges boolean
Monitor file creation events.
watchFileDeleteChanges boolean
Monitor file deletion events.
watchFilePermissionChanges boolean
Monitor file permission change events.
watchFileRenameChanges boolean
Monitor file rename events.
watchFileWriteChanges boolean
Monitor file write events.
watchKeyCreateChanges boolean
Monitor registry key creation events.
watchKeyDeleteChanges boolean
Monitor registry key deletion events.
watchKeyPermissionsChanges boolean
Monitor registry key permission change events.
watchKeyRenameChanges boolean
Monitor registry key rename events.
watchKeyValueDeleteChanges boolean
Monitor registry value deletion events.
watchKeyValueSetChanges boolean
Monitor registry value set events.
description This property is required. str
Description of the filevantage rule.
path This property is required. str
Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
severity This property is required. str
Severity to categorize change events produced by this rule.
depth str
Depth below the base path to monitor.
enable_content_capture bool
Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
exclude str
Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
exclude_processes str
Represents the changes performed by specific processes that will be excluded from monitoring.
exclude_users str
Represents the changes performed by specific users that will be excluded from monitoring.
file_names Sequence[str]
List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
id str
Identifier for the filevantage rule.
include str
Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
include_processes str
Represents the changes performed by specific processes that will be monitored.
include_users str
Represents the changes performed by specific users that will be monitored.
precedence int
Precedence of the rule in the rule group.
registry_values Sequence[str]
List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
watch_directory_attribute_changes bool
Monitor directory attribute change events.
watch_directory_create_changes bool
Monitor directory creation events.
watch_directory_delete_changes bool
Monitor directory deletion events.
watch_directory_permission_changes bool
Monitor directory permission change events.
watch_directory_rename_changes bool
Monitor directory rename events.
watch_file_attribute_changes bool
Monitor file attribute change events.
watch_file_create_changes bool
Monitor file creation events.
watch_file_delete_changes bool
Monitor file deletion events.
watch_file_permission_changes bool
Monitor file permission change events.
watch_file_rename_changes bool
Monitor file rename events.
watch_file_write_changes bool
Monitor file write events.
watch_key_create_changes bool
Monitor registry key creation events.
watch_key_delete_changes bool
Monitor registry key deletion events.
watch_key_permissions_changes bool
Monitor registry key permission change events.
watch_key_rename_changes bool
Monitor registry key rename events.
watch_key_value_delete_changes bool
Monitor registry value deletion events.
watch_key_value_set_changes bool
Monitor registry value set events.
description This property is required. String
Description of the filevantage rule.
path This property is required. String
Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
severity This property is required. String
Severity to categorize change events produced by this rule.
depth String
Depth below the base path to monitor.
enableContentCapture Boolean
Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
exclude String
Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
excludeProcesses String
Represents the changes performed by specific processes that will be excluded from monitoring.
excludeUsers String
Represents the changes performed by specific users that will be excluded from monitoring.
fileNames List<String>
List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
id String
Identifier for the filevantage rule.
include String
Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
includeProcesses String
Represents the changes performed by specific processes that will be monitored.
includeUsers String
Represents the changes performed by specific users that will be monitored.
precedence Number
Precedence of the rule in the rule group.
registryValues List<String>
List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
watchDirectoryAttributeChanges Boolean
Monitor directory attribute change events.
watchDirectoryCreateChanges Boolean
Monitor directory creation events.
watchDirectoryDeleteChanges Boolean
Monitor directory deletion events.
watchDirectoryPermissionChanges Boolean
Monitor directory permission change events.
watchDirectoryRenameChanges Boolean
Monitor directory rename events.
watchFileAttributeChanges Boolean
Monitor file attribute change events.
watchFileCreateChanges Boolean
Monitor file creation events.
watchFileDeleteChanges Boolean
Monitor file deletion events.
watchFilePermissionChanges Boolean
Monitor file permission change events.
watchFileRenameChanges Boolean
Monitor file rename events.
watchFileWriteChanges Boolean
Monitor file write events.
watchKeyCreateChanges Boolean
Monitor registry key creation events.
watchKeyDeleteChanges Boolean
Monitor registry key deletion events.
watchKeyPermissionsChanges Boolean
Monitor registry key permission change events.
watchKeyRenameChanges Boolean
Monitor registry key rename events.
watchKeyValueDeleteChanges Boolean
Monitor registry value deletion events.
watchKeyValueSetChanges Boolean
Monitor registry value set events.

Import

filevantage rule group can be imported by specifying the policy id.

$ pulumi import crowdstrike:index/filevantageRuleGroup:FilevantageRuleGroup example 7fb858a949034a0cbca175f660f1e769
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
crowdstrike crowdstrike/pulumi-crowdstrike
License
Apache-2.0
Notes
This Pulumi package is based on the crowdstrike Terraform Provider.