Docs Home
sysdig 1.56.1 published on Thursday, May 8, 2025 by sysdiglabs
sysdig.SecureMalwarePolicy
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const emailNotificationChannel = sysdig.getSecureNotificationChannel({
name: "Test Email Channel",
});
const preventMalware = new sysdig.SecureMalwarePolicy("preventMalware", {
description: "an attempt to write to the dpkg database by any non-dpkg related program",
severity: 4,
enabled: true,
runbook: "https://runbook.com",
scope: "container.id != \"\"",
rules: [{
description: "Test Malware Rule Description",
useManagedHashes: true,
additionalHashes: [{
hash: "304ef4cdda3463b24bf53f9cdd69ad3ecdab0842e7e70e2f3cfbb9f14e1c4ae6",
}],
ignoreHashes: [{
hash: "6ac3c336e4094835293a3fed8a4b5fedde1b5e2626d9838fed50693bba00af0e",
}],
}],
actions: [{
preventMalware: true,
container: "stop",
captures: [{
secondsBeforeEvent: 5,
secondsAfterEvent: 10,
}],
}],
notificationChannels: [emailNotificationChannel.then(emailNotificationChannel => emailNotificationChannel.id)],
});
import pulumi
import pulumi_sysdig as sysdig
email_notification_channel = sysdig.get_secure_notification_channel(name="Test Email Channel")
prevent_malware = sysdig.SecureMalwarePolicy("preventMalware",
description="an attempt to write to the dpkg database by any non-dpkg related program",
severity=4,
enabled=True,
runbook="https://runbook.com",
scope="container.id != \"\"",
rules=[{
"description": "Test Malware Rule Description",
"use_managed_hashes": True,
"additional_hashes": [{
"hash": "304ef4cdda3463b24bf53f9cdd69ad3ecdab0842e7e70e2f3cfbb9f14e1c4ae6",
}],
"ignore_hashes": [{
"hash": "6ac3c336e4094835293a3fed8a4b5fedde1b5e2626d9838fed50693bba00af0e",
}],
}],
actions=[{
"prevent_malware": True,
"container": "stop",
"captures": [{
"seconds_before_event": 5,
"seconds_after_event": 10,
}],
}],
notification_channels=[email_notification_channel.id])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
emailNotificationChannel, err := sysdig.GetSecureNotificationChannel(ctx, &sysdig.GetSecureNotificationChannelArgs{
Name: "Test Email Channel",
}, nil)
if err != nil {
return err
}
_, err = sysdig.NewSecureMalwarePolicy(ctx, "preventMalware", &sysdig.SecureMalwarePolicyArgs{
Description: pulumi.String("an attempt to write to the dpkg database by any non-dpkg related program"),
Severity: pulumi.Float64(4),
Enabled: pulumi.Bool(true),
Runbook: pulumi.String("https://runbook.com"),
Scope: pulumi.String("container.id != \"\""),
Rules: sysdig.SecureMalwarePolicyRuleArray{
&sysdig.SecureMalwarePolicyRuleArgs{
Description: pulumi.String("Test Malware Rule Description"),
UseManagedHashes: pulumi.Bool(true),
AdditionalHashes: sysdig.SecureMalwarePolicyRuleAdditionalHashArray{
&sysdig.SecureMalwarePolicyRuleAdditionalHashArgs{
Hash: pulumi.String("304ef4cdda3463b24bf53f9cdd69ad3ecdab0842e7e70e2f3cfbb9f14e1c4ae6"),
},
},
IgnoreHashes: sysdig.SecureMalwarePolicyRuleIgnoreHashArray{
&sysdig.SecureMalwarePolicyRuleIgnoreHashArgs{
Hash: pulumi.String("6ac3c336e4094835293a3fed8a4b5fedde1b5e2626d9838fed50693bba00af0e"),
},
},
},
},
Actions: sysdig.SecureMalwarePolicyActionArray{
&sysdig.SecureMalwarePolicyActionArgs{
PreventMalware: pulumi.Bool(true),
Container: pulumi.String("stop"),
Captures: sysdig.SecureMalwarePolicyActionCaptureArray{
&sysdig.SecureMalwarePolicyActionCaptureArgs{
SecondsBeforeEvent: pulumi.Float64(5),
SecondsAfterEvent: pulumi.Float64(10),
},
},
},
},
NotificationChannels: pulumi.Float64Array{
pulumi.String(emailNotificationChannel.Id),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var emailNotificationChannel = Sysdig.GetSecureNotificationChannel.Invoke(new()
{
Name = "Test Email Channel",
});
var preventMalware = new Sysdig.SecureMalwarePolicy("preventMalware", new()
{
Description = "an attempt to write to the dpkg database by any non-dpkg related program",
Severity = 4,
Enabled = true,
Runbook = "https://runbook.com",
Scope = "container.id != \"\"",
Rules = new[]
{
new Sysdig.Inputs.SecureMalwarePolicyRuleArgs
{
Description = "Test Malware Rule Description",
UseManagedHashes = true,
AdditionalHashes = new[]
{
new Sysdig.Inputs.SecureMalwarePolicyRuleAdditionalHashArgs
{
Hash = "304ef4cdda3463b24bf53f9cdd69ad3ecdab0842e7e70e2f3cfbb9f14e1c4ae6",
},
},
IgnoreHashes = new[]
{
new Sysdig.Inputs.SecureMalwarePolicyRuleIgnoreHashArgs
{
Hash = "6ac3c336e4094835293a3fed8a4b5fedde1b5e2626d9838fed50693bba00af0e",
},
},
},
},
Actions = new[]
{
new Sysdig.Inputs.SecureMalwarePolicyActionArgs
{
PreventMalware = true,
Container = "stop",
Captures = new[]
{
new Sysdig.Inputs.SecureMalwarePolicyActionCaptureArgs
{
SecondsBeforeEvent = 5,
SecondsAfterEvent = 10,
},
},
},
},
NotificationChannels = new[]
{
emailNotificationChannel.Apply(getSecureNotificationChannelResult => getSecureNotificationChannelResult.Id),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SysdigFunctions;
import com.pulumi.sysdig.inputs.GetSecureNotificationChannelArgs;
import com.pulumi.sysdig.SecureMalwarePolicy;
import com.pulumi.sysdig.SecureMalwarePolicyArgs;
import com.pulumi.sysdig.inputs.SecureMalwarePolicyRuleArgs;
import com.pulumi.sysdig.inputs.SecureMalwarePolicyActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var emailNotificationChannel = SysdigFunctions.getSecureNotificationChannel(GetSecureNotificationChannelArgs.builder()
.name("Test Email Channel")
.build());
var preventMalware = new SecureMalwarePolicy("preventMalware", SecureMalwarePolicyArgs.builder()
.description("an attempt to write to the dpkg database by any non-dpkg related program")
.severity(4)
.enabled(true)
.runbook("https://runbook.com")
.scope("container.id != \"\"")
.rules(SecureMalwarePolicyRuleArgs.builder()
.description("Test Malware Rule Description")
.useManagedHashes(true)
.additionalHashes(SecureMalwarePolicyRuleAdditionalHashArgs.builder()
.hash("304ef4cdda3463b24bf53f9cdd69ad3ecdab0842e7e70e2f3cfbb9f14e1c4ae6")
.build())
.ignoreHashes(SecureMalwarePolicyRuleIgnoreHashArgs.builder()
.hash("6ac3c336e4094835293a3fed8a4b5fedde1b5e2626d9838fed50693bba00af0e")
.build())
.build())
.actions(SecureMalwarePolicyActionArgs.builder()
.preventMalware(true)
.container("stop")
.captures(SecureMalwarePolicyActionCaptureArgs.builder()
.secondsBeforeEvent(5)
.secondsAfterEvent(10)
.build())
.build())
.notificationChannels(emailNotificationChannel.applyValue(getSecureNotificationChannelResult -> getSecureNotificationChannelResult.id()))
.build());
}
}
resources:
preventMalware:
type: sysdig:SecureMalwarePolicy
properties:
description: an attempt to write to the dpkg database by any non-dpkg related program
severity: 4
enabled: true
runbook: https://runbook.com
# Scope selection
scope: container.id != ""
# Rule selection
rules:
- description: Test Malware Rule Description
useManagedHashes: true
additionalHashes:
- hash: 304ef4cdda3463b24bf53f9cdd69ad3ecdab0842e7e70e2f3cfbb9f14e1c4ae6
ignoreHashes:
- hash: 6ac3c336e4094835293a3fed8a4b5fedde1b5e2626d9838fed50693bba00af0e
actions:
- preventMalware: true
container: stop
captures:
- secondsBeforeEvent: 5
secondsAfterEvent: 10
notificationChannels:
- ${emailNotificationChannel.id}
variables:
emailNotificationChannel:
fn::invoke:
function: sysdig:getSecureNotificationChannel
arguments:
name: Test Email Channel
Create SecureMalwarePolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecureMalwarePolicy(name: string, args: SecureMalwarePolicyArgs, opts?: CustomResourceOptions);@overload
def SecureMalwarePolicy(resource_name: str,
args: SecureMalwarePolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecureMalwarePolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
rules: Optional[Sequence[SecureMalwarePolicyRuleArgs]] = None,
actions: Optional[Sequence[SecureMalwarePolicyActionArgs]] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
notification_channels: Optional[Sequence[float]] = None,
runbook: Optional[str] = None,
scope: Optional[str] = None,
secure_malware_policy_id: Optional[str] = None,
severity: Optional[float] = None,
timeouts: Optional[SecureMalwarePolicyTimeoutsArgs] = None,
type: Optional[str] = None)func NewSecureMalwarePolicy(ctx *Context, name string, args SecureMalwarePolicyArgs, opts ...ResourceOption) (*SecureMalwarePolicy, error)public SecureMalwarePolicy(string name, SecureMalwarePolicyArgs args, CustomResourceOptions? opts = null)
public SecureMalwarePolicy(String name, SecureMalwarePolicyArgs args)
public SecureMalwarePolicy(String name, SecureMalwarePolicyArgs args, CustomResourceOptions options)
type: sysdig:SecureMalwarePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecureMalwarePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecureMalwarePolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecureMalwarePolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecureMalwarePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecureMalwarePolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secureMalwarePolicyResource = new Sysdig.SecureMalwarePolicy("secureMalwarePolicyResource", new()
{
Description = "string",
Rules = new[]
{
new Sysdig.Inputs.SecureMalwarePolicyRuleArgs
{
Description = "string",
AdditionalHashes = new[]
{
new Sysdig.Inputs.SecureMalwarePolicyRuleAdditionalHashArgs
{
Hash = "string",
},
},
Id = 0,
IgnoreHashes = new[]
{
new Sysdig.Inputs.SecureMalwarePolicyRuleIgnoreHashArgs
{
Hash = "string",
},
},
Name = "string",
Tags = new[]
{
"string",
},
UseManagedHashes = false,
Version = 0,
},
},
Actions = new[]
{
new Sysdig.Inputs.SecureMalwarePolicyActionArgs
{
Captures = new[]
{
new Sysdig.Inputs.SecureMalwarePolicyActionCaptureArgs
{
Name = "string",
SecondsAfterEvent = 0,
SecondsBeforeEvent = 0,
BucketName = "string",
Filter = "string",
Folder = "string",
},
},
Container = "string",
PreventMalware = false,
},
},
Enabled = false,
Name = "string",
NotificationChannels = new[]
{
0,
},
Runbook = "string",
Scope = "string",
SecureMalwarePolicyId = "string",
Severity = 0,
Timeouts = new Sysdig.Inputs.SecureMalwarePolicyTimeoutsArgs
{
Create = "string",
Delete = "string",
Read = "string",
Update = "string",
},
Type = "string",
});
example, err := sysdig.NewSecureMalwarePolicy(ctx, "secureMalwarePolicyResource", &sysdig.SecureMalwarePolicyArgs{
Description: pulumi.String("string"),
Rules: sysdig.SecureMalwarePolicyRuleArray{
&sysdig.SecureMalwarePolicyRuleArgs{
Description: pulumi.String("string"),
AdditionalHashes: sysdig.SecureMalwarePolicyRuleAdditionalHashArray{
&sysdig.SecureMalwarePolicyRuleAdditionalHashArgs{
Hash: pulumi.String("string"),
},
},
Id: pulumi.Float64(0),
IgnoreHashes: sysdig.SecureMalwarePolicyRuleIgnoreHashArray{
&sysdig.SecureMalwarePolicyRuleIgnoreHashArgs{
Hash: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
UseManagedHashes: pulumi.Bool(false),
Version: pulumi.Float64(0),
},
},
Actions: sysdig.SecureMalwarePolicyActionArray{
&sysdig.SecureMalwarePolicyActionArgs{
Captures: sysdig.SecureMalwarePolicyActionCaptureArray{
&sysdig.SecureMalwarePolicyActionCaptureArgs{
Name: pulumi.String("string"),
SecondsAfterEvent: pulumi.Float64(0),
SecondsBeforeEvent: pulumi.Float64(0),
BucketName: pulumi.String("string"),
Filter: pulumi.String("string"),
Folder: pulumi.String("string"),
},
},
Container: pulumi.String("string"),
PreventMalware: pulumi.Bool(false),
},
},
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
NotificationChannels: pulumi.Float64Array{
pulumi.Float64(0),
},
Runbook: pulumi.String("string"),
Scope: pulumi.String("string"),
SecureMalwarePolicyId: pulumi.String("string"),
Severity: pulumi.Float64(0),
Timeouts: &sysdig.SecureMalwarePolicyTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Read: pulumi.String("string"),
Update: pulumi.String("string"),
},
Type: pulumi.String("string"),
})
var secureMalwarePolicyResource = new SecureMalwarePolicy("secureMalwarePolicyResource", SecureMalwarePolicyArgs.builder()
.description("string")
.rules(SecureMalwarePolicyRuleArgs.builder()
.description("string")
.additionalHashes(SecureMalwarePolicyRuleAdditionalHashArgs.builder()
.hash("string")
.build())
.id(0.0)
.ignoreHashes(SecureMalwarePolicyRuleIgnoreHashArgs.builder()
.hash("string")
.build())
.name("string")
.tags("string")
.useManagedHashes(false)
.version(0.0)
.build())
.actions(SecureMalwarePolicyActionArgs.builder()
.captures(SecureMalwarePolicyActionCaptureArgs.builder()
.name("string")
.secondsAfterEvent(0.0)
.secondsBeforeEvent(0.0)
.bucketName("string")
.filter("string")
.folder("string")
.build())
.container("string")
.preventMalware(false)
.build())
.enabled(false)
.name("string")
.notificationChannels(0.0)
.runbook("string")
.scope("string")
.secureMalwarePolicyId("string")
.severity(0.0)
.timeouts(SecureMalwarePolicyTimeoutsArgs.builder()
.create("string")
.delete("string")
.read("string")
.update("string")
.build())
.type("string")
.build());
secure_malware_policy_resource = sysdig.SecureMalwarePolicy("secureMalwarePolicyResource",
description="string",
rules=[{
"description": "string",
"additional_hashes": [{
"hash": "string",
}],
"id": 0,
"ignore_hashes": [{
"hash": "string",
}],
"name": "string",
"tags": ["string"],
"use_managed_hashes": False,
"version": 0,
}],
actions=[{
"captures": [{
"name": "string",
"seconds_after_event": 0,
"seconds_before_event": 0,
"bucket_name": "string",
"filter": "string",
"folder": "string",
}],
"container": "string",
"prevent_malware": False,
}],
enabled=False,
name="string",
notification_channels=[0],
runbook="string",
scope="string",
secure_malware_policy_id="string",
severity=0,
timeouts={
"create": "string",
"delete": "string",
"read": "string",
"update": "string",
},
type="string")
const secureMalwarePolicyResource = new sysdig.SecureMalwarePolicy("secureMalwarePolicyResource", {
description: "string",
rules: [{
description: "string",
additionalHashes: [{
hash: "string",
}],
id: 0,
ignoreHashes: [{
hash: "string",
}],
name: "string",
tags: ["string"],
useManagedHashes: false,
version: 0,
}],
actions: [{
captures: [{
name: "string",
secondsAfterEvent: 0,
secondsBeforeEvent: 0,
bucketName: "string",
filter: "string",
folder: "string",
}],
container: "string",
preventMalware: false,
}],
enabled: false,
name: "string",
notificationChannels: [0],
runbook: "string",
scope: "string",
secureMalwarePolicyId: "string",
severity: 0,
timeouts: {
create: "string",
"delete": "string",
read: "string",
update: "string",
},
type: "string",
});
type: sysdig:SecureMalwarePolicy
properties:
actions:
- captures:
- bucketName: string
filter: string
folder: string
name: string
secondsAfterEvent: 0
secondsBeforeEvent: 0
container: string
preventMalware: false
description: string
enabled: false
name: string
notificationChannels:
- 0
rules:
- additionalHashes:
- hash: string
description: string
id: 0
ignoreHashes:
- hash: string
name: string
tags:
- string
useManagedHashes: false
version: 0
runbook: string
scope: string
secureMalwarePolicyId: string
severity: 0
timeouts:
create: string
delete: string
read: string
update: string
type: string
SecureMalwarePolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecureMalwarePolicy resource accepts the following input properties:
- Description string
- (Required) The description of the malware rule.
- Rules
List<Secure
Malware Policy Rule> - Actions
List<Secure
Malware Policy Action> - Enabled bool
- Whether the policy is enabled or not.
- Name string
- The name of the Secure managed policy.
- Notification
Channels List<double> - IDs of the notification channels to send alerts to when the policy is fired.
- Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- The application scope for the policy.
- Secure
Malware stringPolicy Id - The id for the policy.
- Severity double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- Timeouts
Secure
Malware Policy Timeouts - Type string
- Description string
- (Required) The description of the malware rule.
- Rules
[]Secure
Malware Policy Rule Args - Actions
[]Secure
Malware Policy Action Args - Enabled bool
- Whether the policy is enabled or not.
- Name string
- The name of the Secure managed policy.
- Notification
Channels []float64 - IDs of the notification channels to send alerts to when the policy is fired.
- Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- The application scope for the policy.
- Secure
Malware stringPolicy Id - The id for the policy.
- Severity float64
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- Timeouts
Secure
Malware Policy Timeouts Args - Type string
- description String
- (Required) The description of the malware rule.
- rules
List<Secure
Malware Policy Rule> - actions
List<Secure
Malware Policy Action> - enabled Boolean
- Whether the policy is enabled or not.
- name String
- The name of the Secure managed policy.
- notification
Channels List<Double> - IDs of the notification channels to send alerts to when the policy is fired.
- runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- The application scope for the policy.
- secure
Malware StringPolicy Id - The id for the policy.
- severity Double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Malware Policy Timeouts - type String
- description string
- (Required) The description of the malware rule.
- rules
Secure
Malware Policy Rule[] - actions
Secure
Malware Policy Action[] - enabled boolean
- Whether the policy is enabled or not.
- name string
- The name of the Secure managed policy.
- notification
Channels number[] - IDs of the notification channels to send alerts to when the policy is fired.
- runbook string
- Customer provided url that provides a runbook for a given policy.
- scope string
- The application scope for the policy.
- secure
Malware stringPolicy Id - The id for the policy.
- severity number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Malware Policy Timeouts - type string
- description str
- (Required) The description of the malware rule.
- rules
Sequence[Secure
Malware Policy Rule Args] - actions
Sequence[Secure
Malware Policy Action Args] - enabled bool
- Whether the policy is enabled or not.
- name str
- The name of the Secure managed policy.
- notification_
channels Sequence[float] - IDs of the notification channels to send alerts to when the policy is fired.
- runbook str
- Customer provided url that provides a runbook for a given policy.
- scope str
- The application scope for the policy.
- secure_
malware_ strpolicy_ id - The id for the policy.
- severity float
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Malware Policy Timeouts Args - type str
- description String
- (Required) The description of the malware rule.
- rules List<Property Map>
- actions List<Property Map>
- enabled Boolean
- Whether the policy is enabled or not.
- name String
- The name of the Secure managed policy.
- notification
Channels List<Number> - IDs of the notification channels to send alerts to when the policy is fired.
- runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- The application scope for the policy.
- secure
Malware StringPolicy Id - The id for the policy.
- severity Number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts Property Map
- type String
Outputs
All input properties are implicitly available as output properties. Additionally, the SecureMalwarePolicy resource produces the following output properties:
Look up Existing SecureMalwarePolicy Resource
Get an existing SecureMalwarePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecureMalwarePolicyState, opts?: CustomResourceOptions): SecureMalwarePolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[SecureMalwarePolicyActionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
notification_channels: Optional[Sequence[float]] = None,
rules: Optional[Sequence[SecureMalwarePolicyRuleArgs]] = None,
runbook: Optional[str] = None,
scope: Optional[str] = None,
secure_malware_policy_id: Optional[str] = None,
severity: Optional[float] = None,
timeouts: Optional[SecureMalwarePolicyTimeoutsArgs] = None,
type: Optional[str] = None,
version: Optional[float] = None) -> SecureMalwarePolicyfunc GetSecureMalwarePolicy(ctx *Context, name string, id IDInput, state *SecureMalwarePolicyState, opts ...ResourceOption) (*SecureMalwarePolicy, error)public static SecureMalwarePolicy Get(string name, Input<string> id, SecureMalwarePolicyState? state, CustomResourceOptions? opts = null)public static SecureMalwarePolicy get(String name, Output<String> id, SecureMalwarePolicyState state, CustomResourceOptions options)resources: _: type: sysdig:SecureMalwarePolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions
List<Secure
Malware Policy Action> - Description string
- (Required) The description of the malware rule.
- Enabled bool
- Whether the policy is enabled or not.
- Name string
- The name of the Secure managed policy.
- Notification
Channels List<double> - IDs of the notification channels to send alerts to when the policy is fired.
- Rules
List<Secure
Malware Policy Rule> - Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- The application scope for the policy.
- Secure
Malware stringPolicy Id - The id for the policy.
- Severity double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- Timeouts
Secure
Malware Policy Timeouts - Type string
- Version double
- Actions
[]Secure
Malware Policy Action Args - Description string
- (Required) The description of the malware rule.
- Enabled bool
- Whether the policy is enabled or not.
- Name string
- The name of the Secure managed policy.
- Notification
Channels []float64 - IDs of the notification channels to send alerts to when the policy is fired.
- Rules
[]Secure
Malware Policy Rule Args - Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- The application scope for the policy.
- Secure
Malware stringPolicy Id - The id for the policy.
- Severity float64
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- Timeouts
Secure
Malware Policy Timeouts Args - Type string
- Version float64
- actions
List<Secure
Malware Policy Action> - description String
- (Required) The description of the malware rule.
- enabled Boolean
- Whether the policy is enabled or not.
- name String
- The name of the Secure managed policy.
- notification
Channels List<Double> - IDs of the notification channels to send alerts to when the policy is fired.
- rules
List<Secure
Malware Policy Rule> - runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- The application scope for the policy.
- secure
Malware StringPolicy Id - The id for the policy.
- severity Double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Malware Policy Timeouts - type String
- version Double
- actions
Secure
Malware Policy Action[] - description string
- (Required) The description of the malware rule.
- enabled boolean
- Whether the policy is enabled or not.
- name string
- The name of the Secure managed policy.
- notification
Channels number[] - IDs of the notification channels to send alerts to when the policy is fired.
- rules
Secure
Malware Policy Rule[] - runbook string
- Customer provided url that provides a runbook for a given policy.
- scope string
- The application scope for the policy.
- secure
Malware stringPolicy Id - The id for the policy.
- severity number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Malware Policy Timeouts - type string
- version number
- actions
Sequence[Secure
Malware Policy Action Args] - description str
- (Required) The description of the malware rule.
- enabled bool
- Whether the policy is enabled or not.
- name str
- The name of the Secure managed policy.
- notification_
channels Sequence[float] - IDs of the notification channels to send alerts to when the policy is fired.
- rules
Sequence[Secure
Malware Policy Rule Args] - runbook str
- Customer provided url that provides a runbook for a given policy.
- scope str
- The application scope for the policy.
- secure_
malware_ strpolicy_ id - The id for the policy.
- severity float
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Malware Policy Timeouts Args - type str
- version float
- actions List<Property Map>
- description String
- (Required) The description of the malware rule.
- enabled Boolean
- Whether the policy is enabled or not.
- name String
- The name of the Secure managed policy.
- notification
Channels List<Number> - IDs of the notification channels to send alerts to when the policy is fired.
- rules List<Property Map>
- runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- The application scope for the policy.
- secure
Malware StringPolicy Id - The id for the policy.
- severity Number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts Property Map
- type String
- version Number
Supporting Types
SecureMalwarePolicyAction, SecureMalwarePolicyActionArgs
- Captures
List<Secure
Malware Policy Action Capture> - (Optional) Captures with Sysdig the stream of system calls:
- Container string
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- Prevent
Malware bool - (Optional) Prevent the execution of detected malware and binaries with known hashes.
- Captures
[]Secure
Malware Policy Action Capture - (Optional) Captures with Sysdig the stream of system calls:
- Container string
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- Prevent
Malware bool - (Optional) Prevent the execution of detected malware and binaries with known hashes.
- captures
List<Secure
Malware Policy Action Capture> - (Optional) Captures with Sysdig the stream of system calls:
- container String
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- prevent
Malware Boolean - (Optional) Prevent the execution of detected malware and binaries with known hashes.
- captures
Secure
Malware Policy Action Capture[] - (Optional) Captures with Sysdig the stream of system calls:
- container string
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- prevent
Malware boolean - (Optional) Prevent the execution of detected malware and binaries with known hashes.
- captures
Sequence[Secure
Malware Policy Action Capture] - (Optional) Captures with Sysdig the stream of system calls:
- container str
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- prevent_
malware bool - (Optional) Prevent the execution of detected malware and binaries with known hashes.
- captures List<Property Map>
- (Optional) Captures with Sysdig the stream of system calls:
- container String
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- prevent
Malware Boolean - (Optional) Prevent the execution of detected malware and binaries with known hashes.
SecureMalwarePolicyActionCapture, SecureMalwarePolicyActionCaptureArgs
- Name string
- The name of the Secure managed policy.
- Seconds
After doubleEvent - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- Seconds
Before doubleEvent - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- Bucket
Name string - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- Filter string
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - Folder string
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
- Name string
- The name of the Secure managed policy.
- Seconds
After float64Event - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- Seconds
Before float64Event - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- Bucket
Name string - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- Filter string
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - Folder string
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
- name String
- The name of the Secure managed policy.
- seconds
After DoubleEvent - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- seconds
Before DoubleEvent - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- bucket
Name String - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter String
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - folder String
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
- name string
- The name of the Secure managed policy.
- seconds
After numberEvent - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- seconds
Before numberEvent - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- bucket
Name string - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter string
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - folder string
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
- name str
- The name of the Secure managed policy.
- seconds_
after_ floatevent - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- seconds_
before_ floatevent - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- bucket_
name str - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter str
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - folder str
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
- name String
- The name of the Secure managed policy.
- seconds
After NumberEvent - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- seconds
Before NumberEvent - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- bucket
Name String - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter String
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - folder String
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
SecureMalwarePolicyRule, SecureMalwarePolicyRuleArgs
- Description string
- (Required) The description of the malware rule.
- Additional
Hashes List<SecureMalware Policy Rule Additional Hash> - (Optional) The block contains a single hash that should be matched.
- Id double
- The id for the policy.
- Ignore
Hashes List<SecureMalware Policy Rule Ignore Hash> - (Optional) The block contains a single hash that should be matched.
- Name string
- The name of the Secure managed policy.
- List<string>
- Use
Managed boolHashes - (Required) Should Sysdig's managed hashes be used? The possible values are
trueorfalse. - Version double
- Description string
- (Required) The description of the malware rule.
- Additional
Hashes []SecureMalware Policy Rule Additional Hash - (Optional) The block contains a single hash that should be matched.
- Id float64
- The id for the policy.
- Ignore
Hashes []SecureMalware Policy Rule Ignore Hash - (Optional) The block contains a single hash that should be matched.
- Name string
- The name of the Secure managed policy.
- []string
- Use
Managed boolHashes - (Required) Should Sysdig's managed hashes be used? The possible values are
trueorfalse. - Version float64
- description String
- (Required) The description of the malware rule.
- additional
Hashes List<SecureMalware Policy Rule Additional Hash> - (Optional) The block contains a single hash that should be matched.
- id Double
- The id for the policy.
- ignore
Hashes List<SecureMalware Policy Rule Ignore Hash> - (Optional) The block contains a single hash that should be matched.
- name String
- The name of the Secure managed policy.
- List<String>
- use
Managed BooleanHashes - (Required) Should Sysdig's managed hashes be used? The possible values are
trueorfalse. - version Double
- description string
- (Required) The description of the malware rule.
- additional
Hashes SecureMalware Policy Rule Additional Hash[] - (Optional) The block contains a single hash that should be matched.
- id number
- The id for the policy.
- ignore
Hashes SecureMalware Policy Rule Ignore Hash[] - (Optional) The block contains a single hash that should be matched.
- name string
- The name of the Secure managed policy.
- string[]
- use
Managed booleanHashes - (Required) Should Sysdig's managed hashes be used? The possible values are
trueorfalse. - version number
- description str
- (Required) The description of the malware rule.
- additional_
hashes Sequence[SecureMalware Policy Rule Additional Hash] - (Optional) The block contains a single hash that should be matched.
- id float
- The id for the policy.
- ignore_
hashes Sequence[SecureMalware Policy Rule Ignore Hash] - (Optional) The block contains a single hash that should be matched.
- name str
- The name of the Secure managed policy.
- Sequence[str]
- use_
managed_ boolhashes - (Required) Should Sysdig's managed hashes be used? The possible values are
trueorfalse. - version float
- description String
- (Required) The description of the malware rule.
- additional
Hashes List<Property Map> - (Optional) The block contains a single hash that should be matched.
- id Number
- The id for the policy.
- ignore
Hashes List<Property Map> - (Optional) The block contains a single hash that should be matched.
- name String
- The name of the Secure managed policy.
- List<String>
- use
Managed BooleanHashes - (Required) Should Sysdig's managed hashes be used? The possible values are
trueorfalse. - version Number
SecureMalwarePolicyRuleAdditionalHash, SecureMalwarePolicyRuleAdditionalHashArgs
- Hash string
- (Required) The hash value that should be matched.
- Hash string
- (Required) The hash value that should be matched.
- hash String
- (Required) The hash value that should be matched.
- hash string
- (Required) The hash value that should be matched.
- hash str
- (Required) The hash value that should be matched.
- hash String
- (Required) The hash value that should be matched.
SecureMalwarePolicyRuleIgnoreHash, SecureMalwarePolicyRuleIgnoreHashArgs
- Hash string
- (Required) The hash value that should be matched.
- Hash string
- (Required) The hash value that should be matched.
- hash String
- (Required) The hash value that should be matched.
- hash string
- (Required) The hash value that should be matched.
- hash str
- (Required) The hash value that should be matched.
- hash String
- (Required) The hash value that should be matched.
SecureMalwarePolicyTimeouts, SecureMalwarePolicyTimeoutsArgs
Package Details
- Repository
- sysdig sysdiglabs/terraform-provider-sysdig
- License
- Notes
- This Pulumi package is based on the
sysdigTerraform Provider.