CrowdStrike v0.0.10, Mar 3 25

CrowdStrike v0.0.10 published on Monday, Mar 3, 2025 by CrowdStrike

crowdstrike.PreventionPolicyMac

Explore with Pulumi AI

CrowdStrike v0.0.10 published on Monday, Mar 3, 2025 by CrowdStrike

crowdstrike/pulumi-crowdstrike

API Scopes

The following API scopes are required:

Prevention policies | Read & Write

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as crowdstrike from "@crowdstrike/pulumi";

const example = new crowdstrike.PreventionPolicyMac("example", {
    enabled: false,
    description: "Made with Pulumi",
    hostGroups: [],
    ioaRuleGroups: [],
    cloudAdwareAndPup: {
        detection: "MODERATE",
        prevention: "CAUTIOUS",
    },
    cloudAntiMalware: {
        detection: "MODERATE",
        prevention: "CAUTIOUS",
    },
    sensorAntiMalware: {
        detection: "MODERATE",
        prevention: "CAUTIOUS",
    },
    sensorAdwareAndPup: {
        detection: "MODERATE",
        prevention: "CAUTIOUS",
    },
    notifyEndUsers: true,
    customBlocking: true,
    detectOnWrite: true,
    intelligenceSourcedThreats: true,
    preventSuspiciousProcesses: true,
    quarantine: true,
    quarantineOnWrite: true,
    scriptBasedExecutionMonitoring: true,
    sensorTamperingProtection: true,
    uploadUnknownExecutables: true,
    uploadUnknownDetectionRelatedExecutables: true,
    xpcomShell: true,
    kcPasswordDecoded: true,
    hashCollector: true,
    empyreBackdoor: true,
    chopperWebshell: true,
});
export const preventionPolicyMac = example;

import pulumi
import crowdstrike_pulumi as crowdstrike

example = crowdstrike.PreventionPolicyMac("example",
    enabled=False,
    description="Made with Pulumi",
    host_groups=[],
    ioa_rule_groups=[],
    cloud_adware_and_pup={
        "detection": "MODERATE",
        "prevention": "CAUTIOUS",
    },
    cloud_anti_malware={
        "detection": "MODERATE",
        "prevention": "CAUTIOUS",
    },
    sensor_anti_malware={
        "detection": "MODERATE",
        "prevention": "CAUTIOUS",
    },
    sensor_adware_and_pup={
        "detection": "MODERATE",
        "prevention": "CAUTIOUS",
    },
    notify_end_users=True,
    custom_blocking=True,
    detect_on_write=True,
    intelligence_sourced_threats=True,
    prevent_suspicious_processes=True,
    quarantine=True,
    quarantine_on_write=True,
    script_based_execution_monitoring=True,
    sensor_tampering_protection=True,
    upload_unknown_executables=True,
    upload_unknown_detection_related_executables=True,
    xpcom_shell=True,
    kc_password_decoded=True,
    hash_collector=True,
    empyre_backdoor=True,
    chopper_webshell=True)
pulumi.export("preventionPolicyMac", example)

package main

import (
	"github.com/crowdstrike/pulumi-crowdstrike/sdk/go/crowdstrike"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := crowdstrike.NewPreventionPolicyMac(ctx, "example", &crowdstrike.PreventionPolicyMacArgs{
			Enabled:       pulumi.Bool(false),
			Description:   pulumi.String("Made with Pulumi"),
			HostGroups:    pulumi.StringArray{},
			IoaRuleGroups: pulumi.StringArray{},
			CloudAdwareAndPup: &crowdstrike.PreventionPolicyMacCloudAdwareAndPupArgs{
				Detection:  pulumi.String("MODERATE"),
				Prevention: pulumi.String("CAUTIOUS"),
			},
			CloudAntiMalware: &crowdstrike.PreventionPolicyMacCloudAntiMalwareArgs{
				Detection:  pulumi.String("MODERATE"),
				Prevention: pulumi.String("CAUTIOUS"),
			},
			SensorAntiMalware: &crowdstrike.PreventionPolicyMacSensorAntiMalwareArgs{
				Detection:  pulumi.String("MODERATE"),
				Prevention: pulumi.String("CAUTIOUS"),
			},
			SensorAdwareAndPup: &crowdstrike.PreventionPolicyMacSensorAdwareAndPupArgs{
				Detection:  pulumi.String("MODERATE"),
				Prevention: pulumi.String("CAUTIOUS"),
			},
			NotifyEndUsers:                           pulumi.Bool(true),
			CustomBlocking:                           pulumi.Bool(true),
			DetectOnWrite:                            pulumi.Bool(true),
			IntelligenceSourcedThreats:               pulumi.Bool(true),
			PreventSuspiciousProcesses:               pulumi.Bool(true),
			Quarantine:                               pulumi.Bool(true),
			QuarantineOnWrite:                        pulumi.Bool(true),
			ScriptBasedExecutionMonitoring:           pulumi.Bool(true),
			SensorTamperingProtection:                pulumi.Bool(true),
			UploadUnknownExecutables:                 pulumi.Bool(true),
			UploadUnknownDetectionRelatedExecutables: pulumi.Bool(true),
			XpcomShell:                               pulumi.Bool(true),
			KcPasswordDecoded:                        pulumi.Bool(true),
			HashCollector:                            pulumi.Bool(true),
			EmpyreBackdoor:                           pulumi.Bool(true),
			ChopperWebshell:                          pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ctx.Export("preventionPolicyMac", example)
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Crowdstrike = CrowdStrike.Crowdstrike;

return await Deployment.RunAsync(() => 
{
    var example = new Crowdstrike.PreventionPolicyMac("example", new()
    {
        Enabled = false,
        Description = "Made with Pulumi",
        HostGroups = new[] {},
        IoaRuleGroups = new[] {},
        CloudAdwareAndPup = new Crowdstrike.Inputs.PreventionPolicyMacCloudAdwareAndPupArgs
        {
            Detection = "MODERATE",
            Prevention = "CAUTIOUS",
        },
        CloudAntiMalware = new Crowdstrike.Inputs.PreventionPolicyMacCloudAntiMalwareArgs
        {
            Detection = "MODERATE",
            Prevention = "CAUTIOUS",
        },
        SensorAntiMalware = new Crowdstrike.Inputs.PreventionPolicyMacSensorAntiMalwareArgs
        {
            Detection = "MODERATE",
            Prevention = "CAUTIOUS",
        },
        SensorAdwareAndPup = new Crowdstrike.Inputs.PreventionPolicyMacSensorAdwareAndPupArgs
        {
            Detection = "MODERATE",
            Prevention = "CAUTIOUS",
        },
        NotifyEndUsers = true,
        CustomBlocking = true,
        DetectOnWrite = true,
        IntelligenceSourcedThreats = true,
        PreventSuspiciousProcesses = true,
        Quarantine = true,
        QuarantineOnWrite = true,
        ScriptBasedExecutionMonitoring = true,
        SensorTamperingProtection = true,
        UploadUnknownExecutables = true,
        UploadUnknownDetectionRelatedExecutables = true,
        XpcomShell = true,
        KcPasswordDecoded = true,
        HashCollector = true,
        EmpyreBackdoor = true,
        ChopperWebshell = true,
    });

    return new Dictionary<string, object?>
    {
        ["preventionPolicyMac"] = example,
    };
});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.crowdstrike.PreventionPolicyMac;
import com.pulumi.crowdstrike.PreventionPolicyMacArgs;
import com.pulumi.crowdstrike.inputs.PreventionPolicyMacCloudAdwareAndPupArgs;
import com.pulumi.crowdstrike.inputs.PreventionPolicyMacCloudAntiMalwareArgs;
import com.pulumi.crowdstrike.inputs.PreventionPolicyMacSensorAntiMalwareArgs;
import com.pulumi.crowdstrike.inputs.PreventionPolicyMacSensorAdwareAndPupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new PreventionPolicyMac("example", PreventionPolicyMacArgs.builder()
            .enabled(false)
            .description("Made with Pulumi")
            .hostGroups()
            .ioaRuleGroups()
            .cloudAdwareAndPup(PreventionPolicyMacCloudAdwareAndPupArgs.builder()
%!v(PANIC=Format method: interface conversion: model.Expression is *model.TemplateExpression, not *model.LiteralValueExpression))
                .cloudAntiMalware(PreventionPolicyMacCloudAntiMalwareArgs.builder()
%!v(PANIC=Format method: interface conversion: model.Expression is *model.TemplateExpression, not *model.LiteralValueExpression))
                    .sensorAntiMalware(PreventionPolicyMacSensorAntiMalwareArgs.builder()
%!v(PANIC=Format method: interface conversion: model.Expression is *model.TemplateExpression, not *model.LiteralValueExpression))
                        .sensorAdwareAndPup(PreventionPolicyMacSensorAdwareAndPupArgs.builder()
%!v(PANIC=Format method: interface conversion: model.Expression is *model.TemplateExpression, not *model.LiteralValueExpression))
                            .notifyEndUsers(true)
                            .customBlocking(true)
                            .detectOnWrite(true)
                            .intelligenceSourcedThreats(true)
                            .preventSuspiciousProcesses(true)
                            .quarantine(true)
                            .quarantineOnWrite(true)
                            .scriptBasedExecutionMonitoring(true)
                            .sensorTamperingProtection(true)
                            .uploadUnknownExecutables(true)
                            .uploadUnknownDetectionRelatedExecutables(true)
                            .xpcomShell(true)
                            .kcPasswordDecoded(true)
                            .hashCollector(true)
                            .empyreBackdoor(true)
                            .chopperWebshell(true)
                            .build());

                        ctx.export("preventionPolicyMac", example);
                    }
}

resources:
  example:
    type: crowdstrike:PreventionPolicyMac
    properties:
      enabled: false
      description: Made with Pulumi
      hostGroups: []
      ioaRuleGroups: []
      cloudAdwareAndPup:
        detection: MODERATE
        prevention: CAUTIOUS
      cloudAntiMalware:
        detection: MODERATE
        prevention: CAUTIOUS
      sensorAntiMalware:
        detection: MODERATE
        prevention: CAUTIOUS
      sensorAdwareAndPup:
        detection: MODERATE
        prevention: CAUTIOUS
      notifyEndUsers: true
      customBlocking: true
      detectOnWrite: true
      intelligenceSourcedThreats: true
      preventSuspiciousProcesses: true
      quarantine: true
      quarantineOnWrite: true
      scriptBasedExecutionMonitoring: true
      sensorTamperingProtection: true
      uploadUnknownExecutables: true
      uploadUnknownDetectionRelatedExecutables: true
      xpcomShell: true
      kcPasswordDecoded: true
      hashCollector: true
      empyreBackdoor: true
      chopperWebshell: true
outputs:
  preventionPolicyMac: ${example}

Create PreventionPolicyMac Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PreventionPolicyMac(name: string, args: PreventionPolicyMacArgs, opts?: CustomResourceOptions);

@overload
def PreventionPolicyMac(resource_name: str,
                        args: PreventionPolicyMacArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def PreventionPolicyMac(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        host_groups: Optional[Sequence[str]] = None,
                        ioa_rule_groups: Optional[Sequence[str]] = None,
                        kc_password_decoded: Optional[bool] = None,
                        xpcom_shell: Optional[bool] = None,
                        chopper_webshell: Optional[bool] = None,
                        detect_on_write: Optional[bool] = None,
                        empyre_backdoor: Optional[bool] = None,
                        enabled: Optional[bool] = None,
                        hash_collector: Optional[bool] = None,
                        cloud_anti_malware: Optional[PreventionPolicyMacCloudAntiMalwareArgs] = None,
                        intelligence_sourced_threats: Optional[bool] = None,
                        notify_end_users: Optional[bool] = None,
                        description: Optional[str] = None,
                        custom_blocking: Optional[bool] = None,
                        cloud_adware_and_pup: Optional[PreventionPolicyMacCloudAdwareAndPupArgs] = None,
                        prevent_suspicious_processes: Optional[bool] = None,
                        quarantine: Optional[bool] = None,
                        quarantine_on_write: Optional[bool] = None,
                        script_based_execution_monitoring: Optional[bool] = None,
                        sensor_adware_and_pup: Optional[PreventionPolicyMacSensorAdwareAndPupArgs] = None,
                        sensor_anti_malware: Optional[PreventionPolicyMacSensorAntiMalwareArgs] = None,
                        sensor_tampering_protection: Optional[bool] = None,
                        upload_unknown_detection_related_executables: Optional[bool] = None,
                        upload_unknown_executables: Optional[bool] = None,
                        name: Optional[str] = None)

func NewPreventionPolicyMac(ctx *Context, name string, args PreventionPolicyMacArgs, opts ...ResourceOption) (*PreventionPolicyMac, error)

public PreventionPolicyMac(string name, PreventionPolicyMacArgs args, CustomResourceOptions? opts = null)

public PreventionPolicyMac(String name, PreventionPolicyMacArgs args)
public PreventionPolicyMac(String name, PreventionPolicyMacArgs args, CustomResourceOptions options)

type: crowdstrike:PreventionPolicyMac
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PreventionPolicyMacArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PreventionPolicyMacArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PreventionPolicyMacArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PreventionPolicyMacArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PreventionPolicyMacArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var preventionPolicyMacResource = new Crowdstrike.PreventionPolicyMac("preventionPolicyMacResource", new()
{
    HostGroups = new[]
    {
        "string",
    },
    IoaRuleGroups = new[]
    {
        "string",
    },
    KcPasswordDecoded = false,
    XpcomShell = false,
    ChopperWebshell = false,
    DetectOnWrite = false,
    EmpyreBackdoor = false,
    Enabled = false,
    HashCollector = false,
    CloudAntiMalware = new Crowdstrike.Inputs.PreventionPolicyMacCloudAntiMalwareArgs
    {
        Detection = "string",
        Prevention = "string",
    },
    IntelligenceSourcedThreats = false,
    NotifyEndUsers = false,
    Description = "string",
    CustomBlocking = false,
    CloudAdwareAndPup = new Crowdstrike.Inputs.PreventionPolicyMacCloudAdwareAndPupArgs
    {
        Detection = "string",
        Prevention = "string",
    },
    PreventSuspiciousProcesses = false,
    Quarantine = false,
    QuarantineOnWrite = false,
    ScriptBasedExecutionMonitoring = false,
    SensorAdwareAndPup = new Crowdstrike.Inputs.PreventionPolicyMacSensorAdwareAndPupArgs
    {
        Detection = "string",
        Prevention = "string",
    },
    SensorAntiMalware = new Crowdstrike.Inputs.PreventionPolicyMacSensorAntiMalwareArgs
    {
        Detection = "string",
        Prevention = "string",
    },
    SensorTamperingProtection = false,
    UploadUnknownDetectionRelatedExecutables = false,
    UploadUnknownExecutables = false,
    Name = "string",
});

example, err := crowdstrike.NewPreventionPolicyMac(ctx, "preventionPolicyMacResource", &crowdstrike.PreventionPolicyMacArgs{
	HostGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	IoaRuleGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	KcPasswordDecoded: pulumi.Bool(false),
	XpcomShell:        pulumi.Bool(false),
	ChopperWebshell:   pulumi.Bool(false),
	DetectOnWrite:     pulumi.Bool(false),
	EmpyreBackdoor:    pulumi.Bool(false),
	Enabled:           pulumi.Bool(false),
	HashCollector:     pulumi.Bool(false),
	CloudAntiMalware: &crowdstrike.PreventionPolicyMacCloudAntiMalwareArgs{
		Detection:  pulumi.String("string"),
		Prevention: pulumi.String("string"),
	},
	IntelligenceSourcedThreats: pulumi.Bool(false),
	NotifyEndUsers:             pulumi.Bool(false),
	Description:                pulumi.String("string"),
	CustomBlocking:             pulumi.Bool(false),
	CloudAdwareAndPup: &crowdstrike.PreventionPolicyMacCloudAdwareAndPupArgs{
		Detection:  pulumi.String("string"),
		Prevention: pulumi.String("string"),
	},
	PreventSuspiciousProcesses:     pulumi.Bool(false),
	Quarantine:                     pulumi.Bool(false),
	QuarantineOnWrite:              pulumi.Bool(false),
	ScriptBasedExecutionMonitoring: pulumi.Bool(false),
	SensorAdwareAndPup: &crowdstrike.PreventionPolicyMacSensorAdwareAndPupArgs{
		Detection:  pulumi.String("string"),
		Prevention: pulumi.String("string"),
	},
	SensorAntiMalware: &crowdstrike.PreventionPolicyMacSensorAntiMalwareArgs{
		Detection:  pulumi.String("string"),
		Prevention: pulumi.String("string"),
	},
	SensorTamperingProtection:                pulumi.Bool(false),
	UploadUnknownDetectionRelatedExecutables: pulumi.Bool(false),
	UploadUnknownExecutables:                 pulumi.Bool(false),
	Name:                                     pulumi.String("string"),
})

var preventionPolicyMacResource = new PreventionPolicyMac("preventionPolicyMacResource", PreventionPolicyMacArgs.builder()
    .hostGroups("string")
    .ioaRuleGroups("string")
    .kcPasswordDecoded(false)
    .xpcomShell(false)
    .chopperWebshell(false)
    .detectOnWrite(false)
    .empyreBackdoor(false)
    .enabled(false)
    .hashCollector(false)
    .cloudAntiMalware(PreventionPolicyMacCloudAntiMalwareArgs.builder()
        .detection("string")
        .prevention("string")
        .build())
    .intelligenceSourcedThreats(false)
    .notifyEndUsers(false)
    .description("string")
    .customBlocking(false)
    .cloudAdwareAndPup(PreventionPolicyMacCloudAdwareAndPupArgs.builder()
        .detection("string")
        .prevention("string")
        .build())
    .preventSuspiciousProcesses(false)
    .quarantine(false)
    .quarantineOnWrite(false)
    .scriptBasedExecutionMonitoring(false)
    .sensorAdwareAndPup(PreventionPolicyMacSensorAdwareAndPupArgs.builder()
        .detection("string")
        .prevention("string")
        .build())
    .sensorAntiMalware(PreventionPolicyMacSensorAntiMalwareArgs.builder()
        .detection("string")
        .prevention("string")
        .build())
    .sensorTamperingProtection(false)
    .uploadUnknownDetectionRelatedExecutables(false)
    .uploadUnknownExecutables(false)
    .name("string")
    .build());

prevention_policy_mac_resource = crowdstrike.PreventionPolicyMac("preventionPolicyMacResource",
    host_groups=["string"],
    ioa_rule_groups=["string"],
    kc_password_decoded=False,
    xpcom_shell=False,
    chopper_webshell=False,
    detect_on_write=False,
    empyre_backdoor=False,
    enabled=False,
    hash_collector=False,
    cloud_anti_malware={
        "detection": "string",
        "prevention": "string",
    },
    intelligence_sourced_threats=False,
    notify_end_users=False,
    description="string",
    custom_blocking=False,
    cloud_adware_and_pup={
        "detection": "string",
        "prevention": "string",
    },
    prevent_suspicious_processes=False,
    quarantine=False,
    quarantine_on_write=False,
    script_based_execution_monitoring=False,
    sensor_adware_and_pup={
        "detection": "string",
        "prevention": "string",
    },
    sensor_anti_malware={
        "detection": "string",
        "prevention": "string",
    },
    sensor_tampering_protection=False,
    upload_unknown_detection_related_executables=False,
    upload_unknown_executables=False,
    name="string")

const preventionPolicyMacResource = new crowdstrike.PreventionPolicyMac("preventionPolicyMacResource", {
    hostGroups: ["string"],
    ioaRuleGroups: ["string"],
    kcPasswordDecoded: false,
    xpcomShell: false,
    chopperWebshell: false,
    detectOnWrite: false,
    empyreBackdoor: false,
    enabled: false,
    hashCollector: false,
    cloudAntiMalware: {
        detection: "string",
        prevention: "string",
    },
    intelligenceSourcedThreats: false,
    notifyEndUsers: false,
    description: "string",
    customBlocking: false,
    cloudAdwareAndPup: {
        detection: "string",
        prevention: "string",
    },
    preventSuspiciousProcesses: false,
    quarantine: false,
    quarantineOnWrite: false,
    scriptBasedExecutionMonitoring: false,
    sensorAdwareAndPup: {
        detection: "string",
        prevention: "string",
    },
    sensorAntiMalware: {
        detection: "string",
        prevention: "string",
    },
    sensorTamperingProtection: false,
    uploadUnknownDetectionRelatedExecutables: false,
    uploadUnknownExecutables: false,
    name: "string",
});

type: crowdstrike:PreventionPolicyMac
properties:
    chopperWebshell: false
    cloudAdwareAndPup:
        detection: string
        prevention: string
    cloudAntiMalware:
        detection: string
        prevention: string
    customBlocking: false
    description: string
    detectOnWrite: false
    empyreBackdoor: false
    enabled: false
    hashCollector: false
    hostGroups:
        - string
    intelligenceSourcedThreats: false
    ioaRuleGroups:
        - string
    kcPasswordDecoded: false
    name: string
    notifyEndUsers: false
    preventSuspiciousProcesses: false
    quarantine: false
    quarantineOnWrite: false
    scriptBasedExecutionMonitoring: false
    sensorAdwareAndPup:
        detection: string
        prevention: string
    sensorAntiMalware:
        detection: string
        prevention: string
    sensorTamperingProtection: false
    uploadUnknownDetectionRelatedExecutables: false
    uploadUnknownExecutables: false
    xpcomShell: false

PreventionPolicyMac Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PreventionPolicyMac resource accepts the following input properties:

HostGroups List<string>: Host Group ids to attach to the prevention policy.
IoaRuleGroups List<string>: IOA Rule Group to attach to the prevention policy.
ChopperWebshell bool: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
CloudAdwareAndPup CrowdStrike.Crowdstrike.Inputs.PreventionPolicyMacCloudAdwareAndPup: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
CloudAntiMalware CrowdStrike.Crowdstrike.Inputs.PreventionPolicyMacCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DetectOnWrite bool: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
EmpyreBackdoor bool: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
Enabled bool: Enable the prevention policy.
HashCollector bool: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
IntelligenceSourcedThreats bool: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
KcPasswordDecoded bool: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
Name string: Name of the prevention policy.
NotifyEndUsers bool: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
QuarantineOnWrite bool: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAdwareAndPup CrowdStrike.Crowdstrike.Inputs.PreventionPolicyMacSensorAdwareAndPup: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
SensorAntiMalware CrowdStrike.Crowdstrike.Inputs.PreventionPolicyMacSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
XpcomShell bool: Whether to enable the setting. The execution of an XPCOM shell was blocked.

HostGroups []string: Host Group ids to attach to the prevention policy.
IoaRuleGroups []string: IOA Rule Group to attach to the prevention policy.
ChopperWebshell bool: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
CloudAdwareAndPup PreventionPolicyMacCloudAdwareAndPupArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
CloudAntiMalware PreventionPolicyMacCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DetectOnWrite bool: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
EmpyreBackdoor bool: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
Enabled bool: Enable the prevention policy.
HashCollector bool: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
IntelligenceSourcedThreats bool: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
KcPasswordDecoded bool: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
Name string: Name of the prevention policy.
NotifyEndUsers bool: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
QuarantineOnWrite bool: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAdwareAndPup PreventionPolicyMacSensorAdwareAndPupArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
SensorAntiMalware PreventionPolicyMacSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
XpcomShell bool: Whether to enable the setting. The execution of an XPCOM shell was blocked.

hostGroups List<String>: Host Group ids to attach to the prevention policy.
ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
chopperWebshell Boolean: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
cloudAdwareAndPup PreventionPolicyMacCloudAdwareAndPup: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
cloudAntiMalware PreventionPolicyMacCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
detectOnWrite Boolean: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
empyreBackdoor Boolean: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
enabled Boolean: Enable the prevention policy.
hashCollector Boolean: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
intelligenceSourcedThreats Boolean: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
kcPasswordDecoded Boolean: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
name String: Name of the prevention policy.
notifyEndUsers Boolean: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
quarantineOnWrite Boolean: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAdwareAndPup PreventionPolicyMacSensorAdwareAndPup: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
sensorAntiMalware PreventionPolicyMacSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
xpcomShell Boolean: Whether to enable the setting. The execution of an XPCOM shell was blocked.

hostGroups string[]: Host Group ids to attach to the prevention policy.
ioaRuleGroups string[]: IOA Rule Group to attach to the prevention policy.
chopperWebshell boolean: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
cloudAdwareAndPup PreventionPolicyMacCloudAdwareAndPup: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
cloudAntiMalware PreventionPolicyMacCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description string: Description of the prevention policy.
detectOnWrite boolean: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
empyreBackdoor boolean: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
enabled boolean: Enable the prevention policy.
hashCollector boolean: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
intelligenceSourcedThreats boolean: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
kcPasswordDecoded boolean: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
name string: Name of the prevention policy.
notifyEndUsers boolean: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
preventSuspiciousProcesses boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
quarantineOnWrite boolean: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
scriptBasedExecutionMonitoring boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAdwareAndPup PreventionPolicyMacSensorAdwareAndPup: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
sensorAntiMalware PreventionPolicyMacSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection boolean: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
uploadUnknownDetectionRelatedExecutables boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
xpcomShell boolean: Whether to enable the setting. The execution of an XPCOM shell was blocked.

host_groups Sequence[str]: Host Group ids to attach to the prevention policy.
ioa_rule_groups Sequence[str]: IOA Rule Group to attach to the prevention policy.
chopper_webshell bool: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
cloud_adware_and_pup PreventionPolicyMacCloudAdwareAndPupArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
cloud_anti_malware PreventionPolicyMacCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
custom_blocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description str: Description of the prevention policy.
detect_on_write bool: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
empyre_backdoor bool: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
enabled bool: Enable the prevention policy.
hash_collector bool: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
intelligence_sourced_threats bool: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
kc_password_decoded bool: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
name str: Name of the prevention policy.
notify_end_users bool: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
prevent_suspicious_processes bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
quarantine_on_write bool: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
script_based_execution_monitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensor_adware_and_pup PreventionPolicyMacSensorAdwareAndPupArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
sensor_anti_malware PreventionPolicyMacSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensor_tampering_protection bool: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
upload_unknown_detection_related_executables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
upload_unknown_executables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
xpcom_shell bool: Whether to enable the setting. The execution of an XPCOM shell was blocked.

hostGroups List<String>: Host Group ids to attach to the prevention policy.
ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
chopperWebshell Boolean: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
cloudAdwareAndPup Property Map: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
cloudAntiMalware Property Map: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
detectOnWrite Boolean: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
empyreBackdoor Boolean: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
enabled Boolean: Enable the prevention policy.
hashCollector Boolean: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
intelligenceSourcedThreats Boolean: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
kcPasswordDecoded Boolean: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
name String: Name of the prevention policy.
notifyEndUsers Boolean: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
quarantineOnWrite Boolean: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAdwareAndPup Property Map: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
sensorAntiMalware Property Map: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
xpcomShell Boolean: Whether to enable the setting. The execution of an XPCOM shell was blocked.

Outputs

All input properties are implicitly available as output properties. Additionally, the PreventionPolicyMac resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
LastUpdated string

Id string: The provider-assigned unique ID for this managed resource.
LastUpdated string

id String: The provider-assigned unique ID for this managed resource.
lastUpdated String

id string: The provider-assigned unique ID for this managed resource.
lastUpdated string

id str: The provider-assigned unique ID for this managed resource.
last_updated str

id String: The provider-assigned unique ID for this managed resource.
lastUpdated String

Look up Existing PreventionPolicyMac Resource

Get an existing PreventionPolicyMac resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PreventionPolicyMacState, opts?: CustomResourceOptions): PreventionPolicyMac

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        chopper_webshell: Optional[bool] = None,
        cloud_adware_and_pup: Optional[PreventionPolicyMacCloudAdwareAndPupArgs] = None,
        cloud_anti_malware: Optional[PreventionPolicyMacCloudAntiMalwareArgs] = None,
        custom_blocking: Optional[bool] = None,
        description: Optional[str] = None,
        detect_on_write: Optional[bool] = None,
        empyre_backdoor: Optional[bool] = None,
        enabled: Optional[bool] = None,
        hash_collector: Optional[bool] = None,
        host_groups: Optional[Sequence[str]] = None,
        intelligence_sourced_threats: Optional[bool] = None,
        ioa_rule_groups: Optional[Sequence[str]] = None,
        kc_password_decoded: Optional[bool] = None,
        last_updated: Optional[str] = None,
        name: Optional[str] = None,
        notify_end_users: Optional[bool] = None,
        prevent_suspicious_processes: Optional[bool] = None,
        quarantine: Optional[bool] = None,
        quarantine_on_write: Optional[bool] = None,
        script_based_execution_monitoring: Optional[bool] = None,
        sensor_adware_and_pup: Optional[PreventionPolicyMacSensorAdwareAndPupArgs] = None,
        sensor_anti_malware: Optional[PreventionPolicyMacSensorAntiMalwareArgs] = None,
        sensor_tampering_protection: Optional[bool] = None,
        upload_unknown_detection_related_executables: Optional[bool] = None,
        upload_unknown_executables: Optional[bool] = None,
        xpcom_shell: Optional[bool] = None) -> PreventionPolicyMac

func GetPreventionPolicyMac(ctx *Context, name string, id IDInput, state *PreventionPolicyMacState, opts ...ResourceOption) (*PreventionPolicyMac, error)

public static PreventionPolicyMac Get(string name, Input<string> id, PreventionPolicyMacState? state, CustomResourceOptions? opts = null)

public static PreventionPolicyMac get(String name, Output<String> id, PreventionPolicyMacState state, CustomResourceOptions options)

resources:  _:    type: crowdstrike:PreventionPolicyMac    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ChopperWebshell bool: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
CloudAdwareAndPup CrowdStrike.Crowdstrike.Inputs.PreventionPolicyMacCloudAdwareAndPup: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
CloudAntiMalware CrowdStrike.Crowdstrike.Inputs.PreventionPolicyMacCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DetectOnWrite bool: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
EmpyreBackdoor bool: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
Enabled bool: Enable the prevention policy.
HashCollector bool: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
HostGroups List<string>: Host Group ids to attach to the prevention policy.
IntelligenceSourcedThreats bool: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
IoaRuleGroups List<string>: IOA Rule Group to attach to the prevention policy.
KcPasswordDecoded bool: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
LastUpdated string
Name string: Name of the prevention policy.
NotifyEndUsers bool: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
QuarantineOnWrite bool: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAdwareAndPup CrowdStrike.Crowdstrike.Inputs.PreventionPolicyMacSensorAdwareAndPup: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
SensorAntiMalware CrowdStrike.Crowdstrike.Inputs.PreventionPolicyMacSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
XpcomShell bool: Whether to enable the setting. The execution of an XPCOM shell was blocked.

ChopperWebshell bool: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
CloudAdwareAndPup PreventionPolicyMacCloudAdwareAndPupArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
CloudAntiMalware PreventionPolicyMacCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
CustomBlocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
Description string: Description of the prevention policy.
DetectOnWrite bool: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
EmpyreBackdoor bool: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
Enabled bool: Enable the prevention policy.
HashCollector bool: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
HostGroups []string: Host Group ids to attach to the prevention policy.
IntelligenceSourcedThreats bool: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
IoaRuleGroups []string: IOA Rule Group to attach to the prevention policy.
KcPasswordDecoded bool: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
LastUpdated string
Name string: Name of the prevention policy.
NotifyEndUsers bool: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
PreventSuspiciousProcesses bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
Quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
QuarantineOnWrite bool: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
ScriptBasedExecutionMonitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
SensorAdwareAndPup PreventionPolicyMacSensorAdwareAndPupArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
SensorAntiMalware PreventionPolicyMacSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
SensorTamperingProtection bool: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
UploadUnknownDetectionRelatedExecutables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
UploadUnknownExecutables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
XpcomShell bool: Whether to enable the setting. The execution of an XPCOM shell was blocked.

chopperWebshell Boolean: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
cloudAdwareAndPup PreventionPolicyMacCloudAdwareAndPup: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
cloudAntiMalware PreventionPolicyMacCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
detectOnWrite Boolean: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
empyreBackdoor Boolean: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
enabled Boolean: Enable the prevention policy.
hashCollector Boolean: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
hostGroups List<String>: Host Group ids to attach to the prevention policy.
intelligenceSourcedThreats Boolean: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
kcPasswordDecoded Boolean: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
lastUpdated String
name String: Name of the prevention policy.
notifyEndUsers Boolean: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
quarantineOnWrite Boolean: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAdwareAndPup PreventionPolicyMacSensorAdwareAndPup: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
sensorAntiMalware PreventionPolicyMacSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
xpcomShell Boolean: Whether to enable the setting. The execution of an XPCOM shell was blocked.

chopperWebshell boolean: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
cloudAdwareAndPup PreventionPolicyMacCloudAdwareAndPup: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
cloudAntiMalware PreventionPolicyMacCloudAntiMalware: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description string: Description of the prevention policy.
detectOnWrite boolean: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
empyreBackdoor boolean: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
enabled boolean: Enable the prevention policy.
hashCollector boolean: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
hostGroups string[]: Host Group ids to attach to the prevention policy.
intelligenceSourcedThreats boolean: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
ioaRuleGroups string[]: IOA Rule Group to attach to the prevention policy.
kcPasswordDecoded boolean: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
lastUpdated string
name string: Name of the prevention policy.
notifyEndUsers boolean: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
preventSuspiciousProcesses boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
quarantineOnWrite boolean: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
scriptBasedExecutionMonitoring boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAdwareAndPup PreventionPolicyMacSensorAdwareAndPup: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
sensorAntiMalware PreventionPolicyMacSensorAntiMalware: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection boolean: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
uploadUnknownDetectionRelatedExecutables boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
xpcomShell boolean: Whether to enable the setting. The execution of an XPCOM shell was blocked.

chopper_webshell bool: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
cloud_adware_and_pup PreventionPolicyMacCloudAdwareAndPupArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
cloud_anti_malware PreventionPolicyMacCloudAntiMalwareArgs: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
custom_blocking bool: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description str: Description of the prevention policy.
detect_on_write bool: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
empyre_backdoor bool: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
enabled bool: Enable the prevention policy.
hash_collector bool: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
host_groups Sequence[str]: Host Group ids to attach to the prevention policy.
intelligence_sourced_threats bool: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
ioa_rule_groups Sequence[str]: IOA Rule Group to attach to the prevention policy.
kc_password_decoded bool: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
last_updated str
name str: Name of the prevention policy.
notify_end_users bool: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
prevent_suspicious_processes bool: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine bool: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
quarantine_on_write bool: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
script_based_execution_monitoring bool: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensor_adware_and_pup PreventionPolicyMacSensorAdwareAndPupArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
sensor_anti_malware PreventionPolicyMacSensorAntiMalwareArgs: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensor_tampering_protection bool: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
upload_unknown_detection_related_executables bool: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
upload_unknown_executables bool: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
xpcom_shell bool: Whether to enable the setting. The execution of an XPCOM shell was blocked.

chopperWebshell Boolean: Whether to enable the setting. Execution of a command shell was blocked and is indicative of the system hosting a Chopper web page.
cloudAdwareAndPup Property Map: Use cloud-based machine learning informed by global analysis of executables to detect and prevent adware and potentially unwanted programs (PUP) for your online hosts.
cloudAntiMalware Property Map: Use cloud-based machine learning informed by global analysis of executables to detect and prevent known malware for your online hosts.
customBlocking Boolean: Whether to enable the setting. Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
description String: Description of the prevention policy.
detectOnWrite Boolean: Whether to enable the setting. Use machine learning to analyze suspicious files when they're written to disk. To adjust detection sensitivity, change Anti-malware Detection levels in Sensor Machine Learning and Cloud Machine Learning.
empyreBackdoor Boolean: Whether to enable the setting. A process with behaviors indicative of the Empyre Backdoor was terminated.
enabled Boolean: Enable the prevention policy.
hashCollector Boolean: Whether to enable the setting. An attempt to dump a user’s hashed password was blocked.
hostGroups List<String>: Host Group ids to attach to the prevention policy.
intelligenceSourcedThreats Boolean: Whether to enable the setting. Block processes that CrowdStrike Intelligence analysts classify as malicious. These are focused on static hash-based IOCs.
ioaRuleGroups List<String>: IOA Rule Group to attach to the prevention policy.
kcPasswordDecoded Boolean: Whether to enable the setting. An attempt to recover a plaintext password via the kcpassword file was blocked.
lastUpdated String
name String: Name of the prevention policy.
notifyEndUsers Boolean: Whether to enable the setting. Show a pop-up notification to the end user when the Falcon sensor blocks, kills, or quarantines. See these messages in Console.app by searching for Process: Falcon Notifications.
preventSuspiciousProcesses Boolean: Whether to enable the setting. Block processes that CrowdStrike analysts classify as suspicious. These are focused on dynamic IOAs, such as malware, exploits and other threats.
quarantine Boolean: Whether to enable the setting. Quarantine executable files after they’re prevented by NGAV. When this is enabled, we recommend setting anti-malware prevention levels to Moderate or higher and not using other antivirus solutions.
quarantineOnWrite Boolean: Whether to enable the setting. Use machine learning to quarantine suspicious files when they're written to disk. To adjust quarantine sensitivity, change Anti-malware Prevention levels in Sensor Machine Learning and Cloud Machine Learning.
scriptBasedExecutionMonitoring Boolean: Whether to enable the setting. Provides visibility into suspicious scripts, including shell and other scripting languages.
sensorAdwareAndPup Property Map: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent adware and potentially unwanted programs (PUP).
sensorAntiMalware Property Map: For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
sensorTamperingProtection Boolean: Whether to enable the setting. Blocks attempts to tamper with the sensor. If disabled, the sensor still creates detections for tampering attempts but doesn’t block them. Disabling not recommended.
uploadUnknownDetectionRelatedExecutables Boolean: Whether to enable the setting. Upload all unknown detection-related executables for advanced analysis in the cloud.
uploadUnknownExecutables Boolean: Whether to enable the setting. Upload all unknown executables for advanced analysis in the cloud.
xpcomShell Boolean: Whether to enable the setting. The execution of an XPCOM shell was blocked.

Supporting Types

PreventionPolicyMacCloudAdwareAndPup, PreventionPolicyMacCloudAdwareAndPupArgs

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

detection string: Machine learning level for detection.
prevention string: Machine learning level for prevention.

detection str: Machine learning level for detection.
prevention str: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

PreventionPolicyMacCloudAntiMalware, PreventionPolicyMacCloudAntiMalwareArgs

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

detection string: Machine learning level for detection.
prevention string: Machine learning level for prevention.

detection str: Machine learning level for detection.
prevention str: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

PreventionPolicyMacSensorAdwareAndPup, PreventionPolicyMacSensorAdwareAndPupArgs

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

detection string: Machine learning level for detection.
prevention string: Machine learning level for prevention.

detection str: Machine learning level for detection.
prevention str: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

PreventionPolicyMacSensorAntiMalware, PreventionPolicyMacSensorAntiMalwareArgs

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

Detection string: Machine learning level for detection.
Prevention string: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

detection string: Machine learning level for detection.
prevention string: Machine learning level for prevention.

detection str: Machine learning level for detection.
prevention str: Machine learning level for prevention.

detection String: Machine learning level for detection.
prevention String: Machine learning level for prevention.

Import

prevention policy can be imported by specifying the policy id.

$ pulumi import crowdstrike:index/preventionPolicyMac:PreventionPolicyMac example 7fb858a949034a0cbca175f660f1e769

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: crowdstrike crowdstrike/pulumi-crowdstrike
License: Apache-2.0
Notes: This Pulumi package is based on the crowdstrike Terraform Provider.

CrowdStrike v0.0.10 published on Monday, Mar 3, 2025 by CrowdStrike

crowdstrike/pulumi-crowdstrike

crowdstrike.PreventionPolicyMac

On this page

On this page

API Scopes

Example Usage

Create PreventionPolicyMac Resource

Constructor syntax

Parameters

Constructor example

PreventionPolicyMac Resource Properties

Inputs

Outputs

Look up Existing PreventionPolicyMac Resource

Supporting Types

PreventionPolicyMacCloudAdwareAndPup, PreventionPolicyMacCloudAdwareAndPupArgs

PreventionPolicyMacCloudAntiMalware, PreventionPolicyMacCloudAntiMalwareArgs

PreventionPolicyMacSensorAdwareAndPup, PreventionPolicyMacSensorAdwareAndPupArgs

PreventionPolicyMacSensorAntiMalware, PreventionPolicyMacSensorAntiMalwareArgs

Import

Package Details

On this page

On this page