CrowdStrike v0.0.10, Mar 3 25

CrowdStrike v0.0.10 published on Monday, Mar 3, 2025 by CrowdStrike

crowdstrike.PreventionPolicyLinux

Explore with Pulumi AI

CrowdStrike v0.0.10 published on Monday, Mar 3, 2025 by CrowdStrike

crowdstrike/pulumi-crowdstrike

API Scopes

The following API scopes are required:

Prevention policies | Read & Write

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as crowdstrike from "@crowdstrike/pulumi";

const example = new crowdstrike.PreventionPolicyLinux("example", {
    enabled: true,
    description: "Made with Pulumi",
    hostGroups: [],
    ioaRuleGroups: [],
    cloudAntiMalware: {
        detection: "MODERATE",
        prevention: "CAUTIOUS",
    },
    sensorAntiMalware: {
        detection: "MODERATE",
        prevention: "CAUTIOUS",
    },
    quarantine: true,
    customBlocking: true,
    preventSuspiciousProcesses: true,
    scriptBasedExecutionMonitoring: true,
    uploadUnknownExecutables: true,
    uploadUnknownDetectionRelatedExecutables: true,
    driftPrevention: true,
    emailProtocolVisibility: true,
    filesystemVisibility: true,
    ftpVisibility: true,
    httpVisibility: true,
    networkVisibility: true,
    tlsVisibility: true,
    sensorTamperingProtection: true,
    onWriteScriptFileVisibility: true,
    memoryVisibility: true,
});
export const preventionPolicyLinux = example;

import pulumi
import crowdstrike_pulumi as crowdstrike

example = crowdstrike.PreventionPolicyLinux("example",
    enabled=True,
    description="Made with Pulumi",
    host_groups=[],
    ioa_rule_groups=[],
    cloud_anti_malware={
        "detection": "MODERATE",
        "prevention": "CAUTIOUS",
    },
    sensor_anti_malware={
        "detection": "MODERATE",
        "prevention": "CAUTIOUS",
    },
    quarantine=True,
    custom_blocking=True,
    prevent_suspicious_processes=True,
    script_based_execution_monitoring=True,
    upload_unknown_executables=True,
    upload_unknown_detection_related_executables=True,
    drift_prevention=True,
    email_protocol_visibility=True,
    filesystem_visibility=True,
    ftp_visibility=True,
    http_visibility=True,
    network_visibility=True,
    tls_visibility=True,
    sensor_tampering_protection=True,
    on_write_script_file_visibility=True,
    memory_visibility=True)
pulumi.export("preventionPolicyLinux", example)

package main

import (
	"github.com/crowdstrike/pulumi-crowdstrike/sdk/go/crowdstrike"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := crowdstrike.NewPreventionPolicyLinux(ctx, "example", &crowdstrike.PreventionPolicyLinuxArgs{
			Enabled:       pulumi.Bool(true),
			Description:   pulumi.String("Made with Pulumi"),
			HostGroups:    pulumi.StringArray{},
			IoaRuleGroups: pulumi.StringArray{},
			CloudAntiMalware: &crowdstrike.PreventionPolicyLinuxCloudAntiMalwareArgs{
				Detection:  pulumi.String("MODERATE"),
				Prevention: pulumi.String("CAUTIOUS"),
			},
			SensorAntiMalware: &crowdstrike.PreventionPolicyLinuxSensorAntiMalwareArgs{
				Detection:  pulumi.String("MODERATE"),
				Prevention: pulumi.String("CAUTIOUS"),
			},
			Quarantine:                               pulumi.Bool(true),
			CustomBlocking:                           pulumi.Bool(true),
			PreventSuspiciousProcesses:               pulumi.Bool(true),
			ScriptBasedExecutionMonitoring:           pulumi.Bool(true),
			UploadUnknownExecutables:                 pulumi.Bool(true),
			UploadUnknownDetectionRelatedExecutables: pulumi.Bool(true),
			DriftPrevention:                          pulumi.Bool(true),
			EmailProtocolVisibility:                  pulumi.Bool(true),
			FilesystemVisibility:                     pulumi.Bool(true),
			FtpVisibility:                            pulumi.Bool(true),
			HttpVisibility:                           pulumi.Bool(true),
			NetworkVisibility:                        pulumi.Bool(true),
			TlsVisibility:                            pulumi.Bool(true),
			SensorTamperingProtection:                pulumi.Bool(true),
			OnWriteScriptFileVisibility:              pulumi.Bool(true),
			MemoryVisibility:                         pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ctx.Export("preventionPolicyLinux", example)
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Crowdstrike = CrowdStrike.Crowdstrike;

return await Deployment.RunAsync(() => 
{
    var example = new Crowdstrike.PreventionPolicyLinux("example", new()
    {
        Enabled = true,
        Description = "Made with Pulumi",
        HostGroups = new[] {},
        IoaRuleGroups = new[] {},
        CloudAntiMalware = new Crowdstrike.Inputs.PreventionPolicyLinuxCloudAntiMalwareArgs
        {
            Detection = "MODERATE",
            Prevention = "CAUTIOUS",
        },
        SensorAntiMalware = new Crowdstrike.Inputs.PreventionPolicyLinuxSensorAntiMalwareArgs
        {
            Detection = "MODERATE",
            Prevention = "CAUTIOUS",
        },
        Quarantine = true,
        CustomBlocking = true,
        PreventSuspiciousProcesses = true,
        ScriptBasedExecutionMonitoring = true,
        UploadUnknownExecutables = true,
        UploadUnknownDetectionRelatedExecutables = true,
        DriftPrevention = true,
        EmailProtocolVisibility = true,
        FilesystemVisibility = true,
        FtpVisibility = true,
        HttpVisibility = true,
        NetworkVisibility = true,
        TlsVisibility = true,
        SensorTamperingProtection = true,
        OnWriteScriptFileVisibility = true,
        MemoryVisibility = true,
    });

    return new Dictionary<string, object?>
    {
        ["preventionPolicyLinux"] = example,
    };
});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.crowdstrike.PreventionPolicyLinux;
import com.pulumi.crowdstrike.PreventionPolicyLinuxArgs;
import com.pulumi.crowdstrike.inputs.PreventionPolicyLinuxCloudAntiMalwareArgs;
import com.pulumi.crowdstrike.inputs.PreventionPolicyLinuxSensorAntiMalwareArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new PreventionPolicyLinux("example", PreventionPolicyLinuxArgs.builder()
            .enabled(true)
            .description("Made with Pulumi")
            .hostGroups()
            .ioaRuleGroups()
            .cloudAntiMalware(PreventionPolicyLinuxCloudAntiMalwareArgs.builder()
%!v(PANIC=Format method: interface conversion: model.Expression is *model.TemplateExpression, not *model.LiteralValueExpression))
                .sensorAntiMalware(PreventionPolicyLinuxSensorAntiMalwareArgs.builder()
%!v(PANIC=Format method: interface conversion: model.Expression is *model.TemplateExpression, not *model.LiteralValueExpression))
                    .quarantine(true)
                    .customBlocking(true)
                    .preventSuspiciousProcesses(true)
                    .scriptBasedExecutionMonitoring(true)
                    .uploadUnknownExecutables(true)
                    .uploadUnknownDetectionRelatedExecutables(true)
                    .driftPrevention(true)
                    .emailProtocolVisibility(true)
                    .filesystemVisibility(true)
                    .ftpVisibility(true)
                    .httpVisibility(true)
                    .networkVisibility(true)
                    .tlsVisibility(true)
                    .sensorTamperingProtection(true)
                    .onWriteScriptFileVisibility(true)
                    .memoryVisibility(true)
                    .build());

                ctx.export("preventionPolicyLinux", example);
            }
}

resources:
  example:
    type: crowdstrike:PreventionPolicyLinux
    properties:
      enabled: true
      description: Made with Pulumi
      hostGroups: []
      ioaRuleGroups: []
      cloudAntiMalware:
        detection: MODERATE
        prevention: CAUTIOUS
      sensorAntiMalware:
        detection: MODERATE
        prevention: CAUTIOUS
      quarantine: true
      customBlocking: true
      preventSuspiciousProcesses: true
      scriptBasedExecutionMonitoring: true
      uploadUnknownExecutables: true
      uploadUnknownDetectionRelatedExecutables: true
      driftPrevention: true
      emailProtocolVisibility: true
      filesystemVisibility: true
      ftpVisibility: true
      httpVisibility: true
      networkVisibility: true
      tlsVisibility: true
      sensorTamperingProtection: true
      onWriteScriptFileVisibility: true
      memoryVisibility: true
outputs:
  preventionPolicyLinux: ${example}

Create PreventionPolicyLinux Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PreventionPolicyLinux(name: string, args: PreventionPolicyLinuxArgs, opts?: CustomResourceOptions);

@overload
def PreventionPolicyLinux(resource_name: str,
                          args: PreventionPolicyLinuxArgs,
                          opts: Optional[ResourceOptions] = None)

@overload
def PreventionPolicyLinux(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          host_groups: Optional[Sequence[str]] = None,
                          ioa_rule_groups: Optional[Sequence[str]] = None,
                          enabled: Optional[bool] = None,
                          network_visibility: Optional[bool] = None,
                          email_protocol_visibility: Optional[bool] = None,
                          cloud_anti_malware: Optional[PreventionPolicyLinuxCloudAntiMalwareArgs] = None,
                          filesystem_visibility: Optional[bool] = None,
                          ftp_visibility: Optional[bool] = None,
                          description: Optional[str] = None,
                          http_visibility: Optional[bool] = None,
                          custom_blocking: Optional[bool] = None,
                          memory_visibility: Optional[bool] = None,
                          name: Optional[str] = None,
                          drift_prevention: Optional[bool] = None,
                          on_write_script_file_visibility: Optional[bool] = None,
                          prevent_suspicious_processes: Optional[bool] = None,
                          quarantine: Optional[bool] = None,
                          script_based_execution_monitoring: Optional[bool] = None,
                          sensor_anti_malware: Optional[PreventionPolicyLinuxSensorAntiMalwareArgs] = None,
                          sensor_tampering_protection: Optional[bool] = None,
                          tls_visibility: Optional[bool] = None,
                          upload_unknown_detection_related_executables: Optional[bool] = None,
                          upload_unknown_executables: Optional[bool] = None)

func NewPreventionPolicyLinux(ctx *Context, name string, args PreventionPolicyLinuxArgs, opts ...ResourceOption) (*PreventionPolicyLinux, error)

public PreventionPolicyLinux(string name, PreventionPolicyLinuxArgs args, CustomResourceOptions? opts = null)

public PreventionPolicyLinux(String name, PreventionPolicyLinuxArgs args)
public PreventionPolicyLinux(String name, PreventionPolicyLinuxArgs args, CustomResourceOptions options)

type: crowdstrike:PreventionPolicyLinux
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PreventionPolicyLinuxArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PreventionPolicyLinuxArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PreventionPolicyLinuxArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PreventionPolicyLinuxArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PreventionPolicyLinuxArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var preventionPolicyLinuxResource = new Crowdstrike.PreventionPolicyLinux("preventionPolicyLinuxResource", new()
{
    HostGroups = new[]
    {
        "string",
    },
    IoaRuleGroups = new[]
    {
        "string",
    },
    Enabled = false,
    NetworkVisibility = false,
    EmailProtocolVisibility = false,
    CloudAntiMalware = new Crowdstrike.Inputs.PreventionPolicyLinuxCloudAntiMalwareArgs
    {
        Detection = "string",
        Prevention = "string",
    },
    FilesystemVisibility = false,
    FtpVisibility = false,
    Description = "string",
    HttpVisibility = false,
    CustomBlocking = false,
    MemoryVisibility = false,
    Name = "string",
    DriftPrevention = false,
    OnWriteScriptFileVisibility = false,
    PreventSuspiciousProcesses = false,
    Quarantine = false,
    ScriptBasedExecutionMonitoring = false,
    SensorAntiMalware = new Crowdstrike.Inputs.PreventionPolicyLinuxSensorAntiMalwareArgs
    {
        Detection = "string",
        Prevention = "string",
    },
    SensorTamperingProtection = false,
    TlsVisibility = false,
    UploadUnknownDetectionRelatedExecutables = false,
    UploadUnknownExecutables = false,
});

example, err := crowdstrike.NewPreventionPolicyLinux(ctx, "preventionPolicyLinuxResource", &crowdstrike.PreventionPolicyLinuxArgs{
	HostGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	IoaRuleGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	Enabled:                 pulumi.Bool(false),
	NetworkVisibility:       pulumi.Bool(false),
	EmailProtocolVisibility: pulumi.Bool(false),
	CloudAntiMalware: &crowdstrike.PreventionPolicyLinuxCloudAntiMalwareArgs{
		Detection:  pulumi.String("string"),
		Prevention: pulumi.String("string"),
	},
	FilesystemVisibility:           pulumi.Bool(false),
	FtpVisibility:                  pulumi.Bool(false),
	Description:                    pulumi.String("string"),
	HttpVisibility:                 pulumi.Bool(false),
	CustomBlocking:                 pulumi.Bool(false),
	MemoryVisibility:               pulumi.Bool(false),
	Name:                           pulumi.String("string"),
	DriftPrevention:                pulumi.Bool(false),
	OnWriteScriptFileVisibility:    pulumi.Bool(false),
	PreventSuspiciousProcesses:     pulumi.Bool(false),
	Quarantine:                     pulumi.Bool(false),
	ScriptBasedExecutionMonitoring: pulumi.Bool(false),
	SensorAntiMalware: &crowdstrike.PreventionPolicyLinuxSensorAntiMalwareArgs{
		Detection:  pulumi.String("string"),
		Prevention: pulumi.String("string"),
	},
	SensorTamperingProtection:                pulumi.Bool(false),
	TlsVisibility:                            pulumi.Bool(false),
	UploadUnknownDetectionRelatedExecutables: pulumi.Bool(false),
	UploadUnknownExecutables:                 pulumi.Bool(false),
})

var preventionPolicyLinuxResource = new PreventionPolicyLinux("preventionPolicyLinuxResource", PreventionPolicyLinuxArgs.builder()
    .hostGroups("string")
    .ioaRuleGroups("string")
    .enabled(false)
    .networkVisibility(false)
    .emailProtocolVisibility(false)
    .cloudAntiMalware(PreventionPolicyLinuxCloudAntiMalwareArgs.builder()
        .detection("string")
        .prevention("string")
        .build())
    .filesystemVisibility(false)
    .ftpVisibility(false)
    .description("string")
    .httpVisibility(false)
    .customBlocking(false)
    .memoryVisibility(false)
    .name("string")
    .driftPrevention(false)
    .onWriteScriptFileVisibility(false)
    .preventSuspiciousProcesses(false)
    .quarantine(false)
    .scriptBasedExecutionMonitoring(false)
    .sensorAntiMalware(PreventionPolicyLinuxSensorAntiMalwareArgs.builder()
        .detection("string")
        .prevention("string")
        .build())
    .sensorTamperingProtection(false)
    .tlsVisibility(false)
    .uploadUnknownDetectionRelatedExecutables(false)
    .uploadUnknownExecutables(false)
    .build());

prevention_policy_linux_resource = crowdstrike.PreventionPolicyLinux("preventionPolicyLinuxResource",
    host_groups=["string"],
    ioa_rule_groups=["string"],
    enabled=False,
    network_visibility=False,
    email_protocol_visibility=False,
    cloud_anti_malware={
        "detection": "string",
        "prevention": "string",
    },
    filesystem_visibility=False,
    ftp_visibility=False,
    description="string",
    http_visibility=False,
    custom_blocking=False,
    memory_visibility=False,
    name="string",
    drift_prevention=False,
    on_write_script_file_visibility=False,
    prevent_suspicious_processes=False,
    quarantine=False,
    script_based_execution_monitoring=False,
    sensor_anti_malware={
        "detection": "string",
        "prevention": "string",
    },
    sensor_tampering_protection=False,
    tls_visibility=False,
    upload_unknown_detection_related_executables=False,
    upload_unknown_executables=False)

const preventionPolicyLinuxResource = new crowdstrike.PreventionPolicyLinux("preventionPolicyLinuxResource", {
    hostGroups: ["string"],
    ioaRuleGroups: ["string"],
    enabled: false,
    networkVisibility: false,
    emailProtocolVisibility: false,
    cloudAntiMalware: {
        detection: "string",
        prevention: "string",
    },
    filesystemVisibility: false,
    ftpVisibility: false,
    description: "string",
    httpVisibility: false,
    customBlocking: false,
    memoryVisibility: false,
    name: "string",
    driftPrevention: false,
    onWriteScriptFileVisibility: false,
    preventSuspiciousProcesses: false,
    quarantine: false,
    scriptBasedExecutionMonitoring: false,
    sensorAntiMalware: {
        detection: "string",
        prevention: "string",
    },
    sensorTamperingProtection: false,
    tlsVisibility: false,
    uploadUnknownDetectionRelatedExecutables: false,
    uploadUnknownExecutables: false,
});

type: crowdstrike:PreventionPolicyLinux
properties:
    cloudAntiMalware:
        detection: string
        prevention: string
    customBlocking: false
    description: string
    driftPrevention: false
    emailProtocolVisibility: false
    enabled: false
    filesystemVisibility: false
    ftpVisibility: false
    hostGroups:
        - string
    httpVisibility: false
    ioaRuleGroups:
        - string
    memoryVisibility: false
    name: string
    networkVisibility: false
    onWriteScriptFileVisibility: false
    preventSuspiciousProcesses: false
    quarantine: false
    scriptBasedExecutionMonitoring: false
    sensorAntiMalware:
        detection: string
        prevention: string
    sensorTamperingProtection: false
    tlsVisibility: false
    uploadUnknownDetectionRelatedExecutables: false
    uploadUnknownExecutables: false

PreventionPolicyLinux Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PreventionPolicyLinux resource accepts the following input properties:

HostGroups List<string>: Host Group ids to attach to the prevention policy.
IoaRuleGroups List<string>: IOA Rule Group to attach to the prevention policy.
CloudAntiMalware CrowdStrike.Crowdstrike.Inputs.PreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DriftPrevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
EmailProtocolVisibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
Enabled bool: Enable the prevention policy.
FilesystemVisibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
FtpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
HttpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
MemoryVisibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
Name string: Name of the prevention policy.
NetworkVisibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
OnWriteScriptFileVisibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAntiMalware CrowdStrike.Crowdstrike.Inputs.PreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
TlsVisibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

HostGroups []string: Host Group ids to attach to the prevention policy.
IoaRuleGroups []string: IOA Rule Group to attach to the prevention policy.
CloudAntiMalware PreventionPolicyLinuxCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DriftPrevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
EmailProtocolVisibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
Enabled bool: Enable the prevention policy.
FilesystemVisibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
FtpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
HttpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
MemoryVisibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
Name string: Name of the prevention policy.
NetworkVisibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
OnWriteScriptFileVisibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAntiMalware PreventionPolicyLinuxSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
TlsVisibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

hostGroups List<String>: Host Group ids to attach to the prevention policy.
ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
cloudAntiMalware PreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
driftPrevention Boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
enabled Boolean: Enable the prevention policy.
filesystemVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
httpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
memoryVisibility Boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
name String: Name of the prevention policy.
networkVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility Boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware PreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

hostGroups string[]: Host Group ids to attach to the prevention policy.
ioaRuleGroups string[]: IOA Rule Group to attach to the prevention policy.
cloudAntiMalware PreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description string: Description of the prevention policy.
driftPrevention boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
enabled boolean: Enable the prevention policy.
filesystemVisibility boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
httpVisibility boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
memoryVisibility boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
name string: Name of the prevention policy.
networkVisibility boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware PreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

host_groups Sequence[str]: Host Group ids to attach to the prevention policy.
ioa_rule_groups Sequence[str]: IOA Rule Group to attach to the prevention policy.
cloud_anti_malware PreventionPolicyLinuxCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
custom_blocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description str: Description of the prevention policy.
drift_prevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
email_protocol_visibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
enabled bool: Enable the prevention policy.
filesystem_visibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftp_visibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
http_visibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
memory_visibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
name str: Name of the prevention policy.
network_visibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
on_write_script_file_visibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
prevent_suspicious_processes bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
script_based_execution_monitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensor_anti_malware PreventionPolicyLinuxSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensor_tampering_protection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tls_visibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
upload_unknown_detection_related_executables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
upload_unknown_executables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

hostGroups List<String>: Host Group ids to attach to the prevention policy.
ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
cloudAntiMalware Property Map: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
driftPrevention Boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
enabled Boolean: Enable the prevention policy.
filesystemVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
httpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
memoryVisibility Boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
name String: Name of the prevention policy.
networkVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility Boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware Property Map: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

Outputs

All input properties are implicitly available as output properties. Additionally, the PreventionPolicyLinux resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
LastUpdated string

Id string: The provider-assigned unique ID for this managed resource.
LastUpdated string

id String: The provider-assigned unique ID for this managed resource.
lastUpdated String

id string: The provider-assigned unique ID for this managed resource.
lastUpdated string

id str: The provider-assigned unique ID for this managed resource.
last_updated str

id String: The provider-assigned unique ID for this managed resource.
lastUpdated String

Look up Existing PreventionPolicyLinux Resource

Get an existing PreventionPolicyLinux resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PreventionPolicyLinuxState, opts?: CustomResourceOptions): PreventionPolicyLinux

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        cloud_anti_malware: Optional[PreventionPolicyLinuxCloudAntiMalwareArgs] = None,
        custom_blocking: Optional[bool] = None,
        description: Optional[str] = None,
        drift_prevention: Optional[bool] = None,
        email_protocol_visibility: Optional[bool] = None,
        enabled: Optional[bool] = None,
        filesystem_visibility: Optional[bool] = None,
        ftp_visibility: Optional[bool] = None,
        host_groups: Optional[Sequence[str]] = None,
        http_visibility: Optional[bool] = None,
        ioa_rule_groups: Optional[Sequence[str]] = None,
        last_updated: Optional[str] = None,
        memory_visibility: Optional[bool] = None,
        name: Optional[str] = None,
        network_visibility: Optional[bool] = None,
        on_write_script_file_visibility: Optional[bool] = None,
        prevent_suspicious_processes: Optional[bool] = None,
        quarantine: Optional[bool] = None,
        script_based_execution_monitoring: Optional[bool] = None,
        sensor_anti_malware: Optional[PreventionPolicyLinuxSensorAntiMalwareArgs] = None,
        sensor_tampering_protection: Optional[bool] = None,
        tls_visibility: Optional[bool] = None,
        upload_unknown_detection_related_executables: Optional[bool] = None,
        upload_unknown_executables: Optional[bool] = None) -> PreventionPolicyLinux

func GetPreventionPolicyLinux(ctx *Context, name string, id IDInput, state *PreventionPolicyLinuxState, opts ...ResourceOption) (*PreventionPolicyLinux, error)

public static PreventionPolicyLinux Get(string name, Input<string> id, PreventionPolicyLinuxState? state, CustomResourceOptions? opts = null)

public static PreventionPolicyLinux get(String name, Output<String> id, PreventionPolicyLinuxState state, CustomResourceOptions options)

resources:  _:    type: crowdstrike:PreventionPolicyLinux    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CloudAntiMalware CrowdStrike.Crowdstrike.Inputs.PreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DriftPrevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
EmailProtocolVisibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
Enabled bool: Enable the prevention policy.
FilesystemVisibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
FtpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
HostGroups List<string>: Host Group ids to attach to the prevention policy.
HttpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
IoaRuleGroups List<string>: IOA Rule Group to attach to the prevention policy.
LastUpdated string
MemoryVisibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
Name string: Name of the prevention policy.
NetworkVisibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
OnWriteScriptFileVisibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAntiMalware CrowdStrike.Crowdstrike.Inputs.PreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
TlsVisibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

CloudAntiMalware PreventionPolicyLinuxCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DriftPrevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
EmailProtocolVisibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
Enabled bool: Enable the prevention policy.
FilesystemVisibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
FtpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
HostGroups []string: Host Group ids to attach to the prevention policy.
HttpVisibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
IoaRuleGroups []string: IOA Rule Group to attach to the prevention policy.
LastUpdated string
MemoryVisibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
Name string: Name of the prevention policy.
NetworkVisibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
OnWriteScriptFileVisibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAntiMalware PreventionPolicyLinuxSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
TlsVisibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

cloudAntiMalware PreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
driftPrevention Boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
enabled Boolean: Enable the prevention policy.
filesystemVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
hostGroups List<String>: Host Group ids to attach to the prevention policy.
httpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
lastUpdated String
memoryVisibility Boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
name String: Name of the prevention policy.
networkVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility Boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware PreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

cloudAntiMalware PreventionPolicyLinuxCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description string: Description of the prevention policy.
driftPrevention boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
enabled boolean: Enable the prevention policy.
filesystemVisibility boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
hostGroups string[]: Host Group ids to attach to the prevention policy.
httpVisibility boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
ioaRuleGroups string[]: IOA Rule Group to attach to the prevention policy.
lastUpdated string
memoryVisibility boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
name string: Name of the prevention policy.
networkVisibility boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware PreventionPolicyLinuxSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

cloud_anti_malware PreventionPolicyLinuxCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
custom_blocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description str: Description of the prevention policy.
drift_prevention bool: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
email_protocol_visibility bool: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
enabled bool: Enable the prevention policy.
filesystem_visibility bool: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftp_visibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
host_groups Sequence[str]: Host Group ids to attach to the prevention policy.
http_visibility bool: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
ioa_rule_groups Sequence[str]: IOA Rule Group to attach to the prevention policy.
last_updated str
memory_visibility bool: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
name str: Name of the prevention policy.
network_visibility bool: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
on_write_script_file_visibility bool: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
prevent_suspicious_processes bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
script_based_execution_monitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensor_anti_malware PreventionPolicyLinuxSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensor_tampering_protection bool: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tls_visibility bool: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
upload_unknown_detection_related_executables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
upload_unknown_executables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

cloudAntiMalware Property Map: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
driftPrevention Boolean: Whether to enable the setting. Block new processes originating from files written in a container. This prevents a container from drifting from its immutable runtime state.
emailProtocolVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor SMTP, IMAP, and POP3 traffic for malicious patterns and improved detections.
enabled Boolean: Enable the prevention policy.
filesystemVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor filesystem activity for additional telemetry and improved detections.
ftpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted FTP traffic for malicious patterns and improved detections.
hostGroups List<String>: Host Group ids to attach to the prevention policy.
httpVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor unencrypted HTTP traffic for malicious patterns and improved detections.
ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
lastUpdated String
memoryVisibility Boolean: Whether to enable the setting. When enabled, the sensor will inspect memory-related operations: mmap, mprotect, ptrace and reading/writing remote process memory and produce events.
name String: Name of the prevention policy.
networkVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor network activity for additional telemetry and improved detections.
onWriteScriptFileVisibility Boolean: Whether to enable the setting. Provides improved visibility into various script files being written to disk in addition to clouding a portion of their content.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAntiMalware Property Map: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Block attempts to tamper with the sensor by protecting critical components and resources. If disabled, the sensor still creates detections for tampering attempts but will not prevent the activity from occurring. Disabling is not recommended.
tlsVisibility Boolean: Whether to enable the setting. Allows the sensor to monitor TLS traffic for malicious patterns and improved detections.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.

Supporting Types

PreventionPolicyLinuxCloudAntiMalware, PreventionPolicyLinuxCloudAntiMalwareArgs

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

detection string: Machine learning level for detection.
prevention string: Machine learning level for prevention.

detection str: Machine learning level for detection.
prevention str: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

PreventionPolicyLinuxSensorAntiMalware, PreventionPolicyLinuxSensorAntiMalwareArgs

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

detection string: Machine learning level for detection.
prevention string: Machine learning level for prevention.

detection str: Machine learning level for detection.
prevention str: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

Import

prevention policy can be imported by specifying the policy id.

$ pulumi import crowdstrike:index/preventionPolicyLinux:PreventionPolicyLinux example 7fb858a949034a0cbca175f660f1e769

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: crowdstrike crowdstrike/pulumi-crowdstrike
License: Apache-2.0
Notes: This Pulumi package is based on the crowdstrike Terraform Provider.

CrowdStrike v0.0.10 published on Monday, Mar 3, 2025 by CrowdStrike

crowdstrike/pulumi-crowdstrike

crowdstrike.PreventionPolicyLinux

On this page

On this page

API Scopes

Example Usage

Create PreventionPolicyLinux Resource

Constructor syntax

Parameters

Constructor example

PreventionPolicyLinux Resource Properties

Inputs

Outputs

Look up Existing PreventionPolicyLinux Resource

Supporting Types

PreventionPolicyLinuxCloudAntiMalware, PreventionPolicyLinuxCloudAntiMalwareArgs

PreventionPolicyLinuxSensorAntiMalware, PreventionPolicyLinuxSensorAntiMalwareArgs

Import

Package Details

On this page

On this page