CrowdStrike v0.0.12, Apr 3 25

CrowdStrike v0.0.12 published on Thursday, Apr 3, 2025 by CrowdStrike

crowdstrike.FilevantageRuleGroup

Explore with Pulumi AI

CrowdStrike v0.0.12 published on Thursday, Apr 3, 2025 by CrowdStrike

crowdstrike/pulumi-crowdstrike

API Scopes

The following API scopes are required:

Falcon FileVantage | Read & Write

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.crowdstrike.FilevantageRuleGroup;
import com.pulumi.crowdstrike.FilevantageRuleGroupArgs;
import com.pulumi.crowdstrike.inputs.FilevantageRuleGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new FilevantageRuleGroup("example", FilevantageRuleGroupArgs.builder()
            .description("Made with Pulumi")
            .type("WindowsRegistry")
            .rules(            
                FilevantageRuleGroupRuleArgs.builder()
                    .description("first rule")
                    .path("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\")
                    .severity("High")
                    .depth("ANY")
                    .registry_values(                    
                        "first",
                        "rule")
                    .watch_key_value_set_changes(true)
                    .enable_content_capture(true)
                    .build(),
                FilevantageRuleGroupRuleArgs.builder()
                    .description("second rule")
                    .path("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\")
                    .severity("High")
                    .depth("ANY")
                    .registry_values(                    
                        "Value1",
                        "Value2")
                    .watch_key_value_set_changes(true)
                    .enable_content_capture(true)
                    .build())
            .build());

        ctx.export("filevantageRuleGroup", example);
    }
}

resources:
  example:
    type: crowdstrike:FilevantageRuleGroup
    properties:
      description: Made with Pulumi
      type: WindowsRegistry
      rules:
        - description: first rule
          path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
          severity: High
          depth: ANY
          registry_values:
            - first
            - rule
          watch_key_value_set_changes: true
          enable_content_capture: true
        - description: second rule
          path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
          severity: High
          depth: ANY
          registry_values:
            - Value1
            - Value2
          watch_key_value_set_changes: true
          enable_content_capture: true
outputs:
  filevantageRuleGroup: ${example}

Create FilevantageRuleGroup Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FilevantageRuleGroup(name: string, args?: FilevantageRuleGroupArgs, opts?: CustomResourceOptions);

@overload
def FilevantageRuleGroup(resource_name: str,
                         args: Optional[FilevantageRuleGroupArgs] = None,
                         opts: Optional[ResourceOptions] = None)

@overload
def FilevantageRuleGroup(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         description: Optional[str] = None,
                         name: Optional[str] = None,
                         rules: Optional[Sequence[FilevantageRuleGroupRuleArgs]] = None,
                         type: Optional[str] = None)

func NewFilevantageRuleGroup(ctx *Context, name string, args *FilevantageRuleGroupArgs, opts ...ResourceOption) (*FilevantageRuleGroup, error)

public FilevantageRuleGroup(string name, FilevantageRuleGroupArgs? args = null, CustomResourceOptions? opts = null)

public FilevantageRuleGroup(String name, FilevantageRuleGroupArgs args)
public FilevantageRuleGroup(String name, FilevantageRuleGroupArgs args, CustomResourceOptions options)

type: crowdstrike:FilevantageRuleGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FilevantageRuleGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FilevantageRuleGroupArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FilevantageRuleGroupArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FilevantageRuleGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FilevantageRuleGroupArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var filevantageRuleGroupResource = new Crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource", new()
{
    Description = "string",
    Name = "string",
    Rules = new[]
    {
        new Crowdstrike.Inputs.FilevantageRuleGroupRuleArgs
        {
            Path = "string",
            Description = "string",
            Severity = "string",
            WatchDirectoryCreateChanges = false,
            WatchFileDeleteChanges = false,
            ExcludeUsers = "string",
            FileNames = new[]
            {
                "string",
            },
            Id = "string",
            Include = "string",
            IncludeProcesses = "string",
            IncludeUsers = "string",
            Exclude = "string",
            Precedence = 0,
            RegistryValues = new[]
            {
                "string",
            },
            EnableContentCapture = false,
            WatchDirectoryAttributeChanges = false,
            Depth = "string",
            ExcludeProcesses = "string",
            WatchDirectoryRenameChanges = false,
            WatchDirectoryDeleteChanges = false,
            WatchFileAttributeChanges = false,
            WatchFileCreateChanges = false,
            WatchDirectoryPermissionChanges = false,
            WatchFilePermissionChanges = false,
            WatchFileRenameChanges = false,
            WatchFileWriteChanges = false,
            WatchKeyCreateChanges = false,
            WatchKeyDeleteChanges = false,
            WatchKeyPermissionsChanges = false,
            WatchKeyRenameChanges = false,
            WatchKeyValueDeleteChanges = false,
            WatchKeyValueSetChanges = false,
        },
    },
    Type = "string",
});

example, err := crowdstrike.NewFilevantageRuleGroup(ctx, "filevantageRuleGroupResource", &crowdstrike.FilevantageRuleGroupArgs{
	Description: pulumi.String("string"),
	Name:        pulumi.String("string"),
	Rules: crowdstrike.FilevantageRuleGroupRuleArray{
		&crowdstrike.FilevantageRuleGroupRuleArgs{
			Path:                        pulumi.String("string"),
			Description:                 pulumi.String("string"),
			Severity:                    pulumi.String("string"),
			WatchDirectoryCreateChanges: pulumi.Bool(false),
			WatchFileDeleteChanges:      pulumi.Bool(false),
			ExcludeUsers:                pulumi.String("string"),
			FileNames: pulumi.StringArray{
				pulumi.String("string"),
			},
			Id:               pulumi.String("string"),
			Include:          pulumi.String("string"),
			IncludeProcesses: pulumi.String("string"),
			IncludeUsers:     pulumi.String("string"),
			Exclude:          pulumi.String("string"),
			Precedence:       pulumi.Int(0),
			RegistryValues: pulumi.StringArray{
				pulumi.String("string"),
			},
			EnableContentCapture:            pulumi.Bool(false),
			WatchDirectoryAttributeChanges:  pulumi.Bool(false),
			Depth:                           pulumi.String("string"),
			ExcludeProcesses:                pulumi.String("string"),
			WatchDirectoryRenameChanges:     pulumi.Bool(false),
			WatchDirectoryDeleteChanges:     pulumi.Bool(false),
			WatchFileAttributeChanges:       pulumi.Bool(false),
			WatchFileCreateChanges:          pulumi.Bool(false),
			WatchDirectoryPermissionChanges: pulumi.Bool(false),
			WatchFilePermissionChanges:      pulumi.Bool(false),
			WatchFileRenameChanges:          pulumi.Bool(false),
			WatchFileWriteChanges:           pulumi.Bool(false),
			WatchKeyCreateChanges:           pulumi.Bool(false),
			WatchKeyDeleteChanges:           pulumi.Bool(false),
			WatchKeyPermissionsChanges:      pulumi.Bool(false),
			WatchKeyRenameChanges:           pulumi.Bool(false),
			WatchKeyValueDeleteChanges:      pulumi.Bool(false),
			WatchKeyValueSetChanges:         pulumi.Bool(false),
		},
	},
	Type: pulumi.String("string"),
})

var filevantageRuleGroupResource = new FilevantageRuleGroup("filevantageRuleGroupResource", FilevantageRuleGroupArgs.builder()
    .description("string")
    .name("string")
    .rules(FilevantageRuleGroupRuleArgs.builder()
        .path("string")
        .description("string")
        .severity("string")
        .watchDirectoryCreateChanges(false)
        .watchFileDeleteChanges(false)
        .excludeUsers("string")
        .fileNames("string")
        .id("string")
        .include("string")
        .includeProcesses("string")
        .includeUsers("string")
        .exclude("string")
        .precedence(0)
        .registryValues("string")
        .enableContentCapture(false)
        .watchDirectoryAttributeChanges(false)
        .depth("string")
        .excludeProcesses("string")
        .watchDirectoryRenameChanges(false)
        .watchDirectoryDeleteChanges(false)
        .watchFileAttributeChanges(false)
        .watchFileCreateChanges(false)
        .watchDirectoryPermissionChanges(false)
        .watchFilePermissionChanges(false)
        .watchFileRenameChanges(false)
        .watchFileWriteChanges(false)
        .watchKeyCreateChanges(false)
        .watchKeyDeleteChanges(false)
        .watchKeyPermissionsChanges(false)
        .watchKeyRenameChanges(false)
        .watchKeyValueDeleteChanges(false)
        .watchKeyValueSetChanges(false)
        .build())
    .type("string")
    .build());

filevantage_rule_group_resource = crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource",
    description="string",
    name="string",
    rules=[{
        "path": "string",
        "description": "string",
        "severity": "string",
        "watch_directory_create_changes": False,
        "watch_file_delete_changes": False,
        "exclude_users": "string",
        "file_names": ["string"],
        "id": "string",
        "include": "string",
        "include_processes": "string",
        "include_users": "string",
        "exclude": "string",
        "precedence": 0,
        "registry_values": ["string"],
        "enable_content_capture": False,
        "watch_directory_attribute_changes": False,
        "depth": "string",
        "exclude_processes": "string",
        "watch_directory_rename_changes": False,
        "watch_directory_delete_changes": False,
        "watch_file_attribute_changes": False,
        "watch_file_create_changes": False,
        "watch_directory_permission_changes": False,
        "watch_file_permission_changes": False,
        "watch_file_rename_changes": False,
        "watch_file_write_changes": False,
        "watch_key_create_changes": False,
        "watch_key_delete_changes": False,
        "watch_key_permissions_changes": False,
        "watch_key_rename_changes": False,
        "watch_key_value_delete_changes": False,
        "watch_key_value_set_changes": False,
    }],
    type="string")

const filevantageRuleGroupResource = new crowdstrike.FilevantageRuleGroup("filevantageRuleGroupResource", {
    description: "string",
    name: "string",
    rules: [{
        path: "string",
        description: "string",
        severity: "string",
        watchDirectoryCreateChanges: false,
        watchFileDeleteChanges: false,
        excludeUsers: "string",
        fileNames: ["string"],
        id: "string",
        include: "string",
        includeProcesses: "string",
        includeUsers: "string",
        exclude: "string",
        precedence: 0,
        registryValues: ["string"],
        enableContentCapture: false,
        watchDirectoryAttributeChanges: false,
        depth: "string",
        excludeProcesses: "string",
        watchDirectoryRenameChanges: false,
        watchDirectoryDeleteChanges: false,
        watchFileAttributeChanges: false,
        watchFileCreateChanges: false,
        watchDirectoryPermissionChanges: false,
        watchFilePermissionChanges: false,
        watchFileRenameChanges: false,
        watchFileWriteChanges: false,
        watchKeyCreateChanges: false,
        watchKeyDeleteChanges: false,
        watchKeyPermissionsChanges: false,
        watchKeyRenameChanges: false,
        watchKeyValueDeleteChanges: false,
        watchKeyValueSetChanges: false,
    }],
    type: "string",
});

type: crowdstrike:FilevantageRuleGroup
properties:
    description: string
    name: string
    rules:
        - depth: string
          description: string
          enableContentCapture: false
          exclude: string
          excludeProcesses: string
          excludeUsers: string
          fileNames:
            - string
          id: string
          include: string
          includeProcesses: string
          includeUsers: string
          path: string
          precedence: 0
          registryValues:
            - string
          severity: string
          watchDirectoryAttributeChanges: false
          watchDirectoryCreateChanges: false
          watchDirectoryDeleteChanges: false
          watchDirectoryPermissionChanges: false
          watchDirectoryRenameChanges: false
          watchFileAttributeChanges: false
          watchFileCreateChanges: false
          watchFileDeleteChanges: false
          watchFilePermissionChanges: false
          watchFileRenameChanges: false
          watchFileWriteChanges: false
          watchKeyCreateChanges: false
          watchKeyDeleteChanges: false
          watchKeyPermissionsChanges: false
          watchKeyRenameChanges: false
          watchKeyValueDeleteChanges: false
          watchKeyValueSetChanges: false
    type: string

FilevantageRuleGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FilevantageRuleGroup resource accepts the following input properties:

Description string: Description of the filevantage rule group.
Name string: Name of the filevantage rule group.
Rules List<CrowdStrike.Crowdstrike.Inputs.FilevantageRuleGroupRule>: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
Type string: The type of filevantage rule group.

Description string: Description of the filevantage rule group.
Name string: Name of the filevantage rule group.
Rules []FilevantageRuleGroupRuleArgs: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
Type string: The type of filevantage rule group.

description String: Description of the filevantage rule group.
name String: Name of the filevantage rule group.
rules List<FilevantageRuleGroupRule>: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type String: The type of filevantage rule group.

description string: Description of the filevantage rule group.
name string: Name of the filevantage rule group.
rules FilevantageRuleGroupRule[]: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type string: The type of filevantage rule group.

description str: Description of the filevantage rule group.
name str: Name of the filevantage rule group.
rules Sequence[FilevantageRuleGroupRuleArgs]: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type str: The type of filevantage rule group.

description String: Description of the filevantage rule group.
name String: Name of the filevantage rule group.
rules List<Property Map>: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type String: The type of filevantage rule group.

Outputs

All input properties are implicitly available as output properties. Additionally, the FilevantageRuleGroup resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
LastUpdated string

Id string: The provider-assigned unique ID for this managed resource.
LastUpdated string

id String: The provider-assigned unique ID for this managed resource.
lastUpdated String

id string: The provider-assigned unique ID for this managed resource.
lastUpdated string

id str: The provider-assigned unique ID for this managed resource.
last_updated str

id String: The provider-assigned unique ID for this managed resource.
lastUpdated String

Look up Existing FilevantageRuleGroup Resource

Get an existing FilevantageRuleGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FilevantageRuleGroupState, opts?: CustomResourceOptions): FilevantageRuleGroup

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        last_updated: Optional[str] = None,
        name: Optional[str] = None,
        rules: Optional[Sequence[FilevantageRuleGroupRuleArgs]] = None,
        type: Optional[str] = None) -> FilevantageRuleGroup

func GetFilevantageRuleGroup(ctx *Context, name string, id IDInput, state *FilevantageRuleGroupState, opts ...ResourceOption) (*FilevantageRuleGroup, error)

public static FilevantageRuleGroup Get(string name, Input<string> id, FilevantageRuleGroupState? state, CustomResourceOptions? opts = null)

public static FilevantageRuleGroup get(String name, Output<String> id, FilevantageRuleGroupState state, CustomResourceOptions options)

resources:  _:    type: crowdstrike:FilevantageRuleGroup    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string: Description of the filevantage rule group.
LastUpdated string
Name string: Name of the filevantage rule group.
Rules List<CrowdStrike.Crowdstrike.Inputs.FilevantageRuleGroupRule>: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
Type string: The type of filevantage rule group.

Description string: Description of the filevantage rule group.
LastUpdated string
Name string: Name of the filevantage rule group.
Rules []FilevantageRuleGroupRuleArgs: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
Type string: The type of filevantage rule group.

description String: Description of the filevantage rule group.
lastUpdated String
name String: Name of the filevantage rule group.
rules List<FilevantageRuleGroupRule>: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type String: The type of filevantage rule group.

description string: Description of the filevantage rule group.
lastUpdated string
name string: Name of the filevantage rule group.
rules FilevantageRuleGroupRule[]: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type string: The type of filevantage rule group.

description str: Description of the filevantage rule group.
last_updated str
name str: Name of the filevantage rule group.
rules Sequence[FilevantageRuleGroupRuleArgs]: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type str: The type of filevantage rule group.

description String: Description of the filevantage rule group.
lastUpdated String
name String: Name of the filevantage rule group.
rules List<Property Map>: Rules to be associated with the rule group. Precedence is determined by the order of the rules in the list.
type String: The type of filevantage rule group.

Supporting Types

FilevantageRuleGroupRule, FilevantageRuleGroupRuleArgs

Description string: Description of the filevantage rule.
Path string: Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
Severity string: Severity to categorize change events produced by this rule.
Depth string: Depth below the base path to monitor.
EnableContentCapture bool: Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
Exclude string: Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
ExcludeProcesses string: Represents the changes performed by specific processes that will be excluded from monitoring.
ExcludeUsers string: Represents the changes performed by specific users that will be excluded from monitoring.
FileNames List<string>: List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
Id string: Identifier for the filevantage rule.
Include string: Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
IncludeProcesses string: Represents the changes performed by specific processes that will be monitored.
IncludeUsers string: Represents the changes performed by specific users that will be monitored.
Precedence int: Precedence of the rule in the rule group.
RegistryValues List<string>: List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
WatchDirectoryAttributeChanges bool: Monitor directory attribute change events.
WatchDirectoryCreateChanges bool: Monitor directory creation events.
WatchDirectoryDeleteChanges bool: Monitor directory deletion events.
WatchDirectoryPermissionChanges bool: Monitor directory permission change events.
WatchDirectoryRenameChanges bool: Monitor directory rename events.
WatchFileAttributeChanges bool: Monitor file attribute change events.
WatchFileCreateChanges bool: Monitor file creation events.
WatchFileDeleteChanges bool: Monitor file deletion events.
WatchFilePermissionChanges bool: Monitor file permission change events.
WatchFileRenameChanges bool: Monitor file rename events.
WatchFileWriteChanges bool: Monitor file write events.
WatchKeyCreateChanges bool: Monitor registry key creation events.
WatchKeyDeleteChanges bool: Monitor registry key deletion events.
WatchKeyPermissionsChanges bool: Monitor registry key permission change events.
WatchKeyRenameChanges bool: Monitor registry key rename events.
WatchKeyValueDeleteChanges bool: Monitor registry value deletion events.
WatchKeyValueSetChanges bool: Monitor registry value set events.

Description string: Description of the filevantage rule.
Path string: Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
Severity string: Severity to categorize change events produced by this rule.
Depth string: Depth below the base path to monitor.
EnableContentCapture bool: Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
Exclude string: Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
ExcludeProcesses string: Represents the changes performed by specific processes that will be excluded from monitoring.
ExcludeUsers string: Represents the changes performed by specific users that will be excluded from monitoring.
FileNames []string: List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
Id string: Identifier for the filevantage rule.
Include string: Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
IncludeProcesses string: Represents the changes performed by specific processes that will be monitored.
IncludeUsers string: Represents the changes performed by specific users that will be monitored.
Precedence int: Precedence of the rule in the rule group.
RegistryValues []string: List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
WatchDirectoryAttributeChanges bool: Monitor directory attribute change events.
WatchDirectoryCreateChanges bool: Monitor directory creation events.
WatchDirectoryDeleteChanges bool: Monitor directory deletion events.
WatchDirectoryPermissionChanges bool: Monitor directory permission change events.
WatchDirectoryRenameChanges bool: Monitor directory rename events.
WatchFileAttributeChanges bool: Monitor file attribute change events.
WatchFileCreateChanges bool: Monitor file creation events.
WatchFileDeleteChanges bool: Monitor file deletion events.
WatchFilePermissionChanges bool: Monitor file permission change events.
WatchFileRenameChanges bool: Monitor file rename events.
WatchFileWriteChanges bool: Monitor file write events.
WatchKeyCreateChanges bool: Monitor registry key creation events.
WatchKeyDeleteChanges bool: Monitor registry key deletion events.
WatchKeyPermissionsChanges bool: Monitor registry key permission change events.
WatchKeyRenameChanges bool: Monitor registry key rename events.
WatchKeyValueDeleteChanges bool: Monitor registry value deletion events.
WatchKeyValueSetChanges bool: Monitor registry value set events.

description String: Description of the filevantage rule.
path String: Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
severity String: Severity to categorize change events produced by this rule.
depth String: Depth below the base path to monitor.
enableContentCapture Boolean: Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
exclude String: Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
excludeProcesses String: Represents the changes performed by specific processes that will be excluded from monitoring.
excludeUsers String: Represents the changes performed by specific users that will be excluded from monitoring.
fileNames List<String>: List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
id String: Identifier for the filevantage rule.
include String: Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
includeProcesses String: Represents the changes performed by specific processes that will be monitored.
includeUsers String: Represents the changes performed by specific users that will be monitored.
precedence Integer: Precedence of the rule in the rule group.
registryValues List<String>: List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
watchDirectoryAttributeChanges Boolean: Monitor directory attribute change events.
watchDirectoryCreateChanges Boolean: Monitor directory creation events.
watchDirectoryDeleteChanges Boolean: Monitor directory deletion events.
watchDirectoryPermissionChanges Boolean: Monitor directory permission change events.
watchDirectoryRenameChanges Boolean: Monitor directory rename events.
watchFileAttributeChanges Boolean: Monitor file attribute change events.
watchFileCreateChanges Boolean: Monitor file creation events.
watchFileDeleteChanges Boolean: Monitor file deletion events.
watchFilePermissionChanges Boolean: Monitor file permission change events.
watchFileRenameChanges Boolean: Monitor file rename events.
watchFileWriteChanges Boolean: Monitor file write events.
watchKeyCreateChanges Boolean: Monitor registry key creation events.
watchKeyDeleteChanges Boolean: Monitor registry key deletion events.
watchKeyPermissionsChanges Boolean: Monitor registry key permission change events.
watchKeyRenameChanges Boolean: Monitor registry key rename events.
watchKeyValueDeleteChanges Boolean: Monitor registry value deletion events.
watchKeyValueSetChanges Boolean: Monitor registry value set events.

description string: Description of the filevantage rule.
path string: Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
severity string: Severity to categorize change events produced by this rule.
depth string: Depth below the base path to monitor.
enableContentCapture boolean: Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
exclude string: Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
excludeProcesses string: Represents the changes performed by specific processes that will be excluded from monitoring.
excludeUsers string: Represents the changes performed by specific users that will be excluded from monitoring.
fileNames string[]: List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
id string: Identifier for the filevantage rule.
include string: Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
includeProcesses string: Represents the changes performed by specific processes that will be monitored.
includeUsers string: Represents the changes performed by specific users that will be monitored.
precedence number: Precedence of the rule in the rule group.
registryValues string[]: List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
watchDirectoryAttributeChanges boolean: Monitor directory attribute change events.
watchDirectoryCreateChanges boolean: Monitor directory creation events.
watchDirectoryDeleteChanges boolean: Monitor directory deletion events.
watchDirectoryPermissionChanges boolean: Monitor directory permission change events.
watchDirectoryRenameChanges boolean: Monitor directory rename events.
watchFileAttributeChanges boolean: Monitor file attribute change events.
watchFileCreateChanges boolean: Monitor file creation events.
watchFileDeleteChanges boolean: Monitor file deletion events.
watchFilePermissionChanges boolean: Monitor file permission change events.
watchFileRenameChanges boolean: Monitor file rename events.
watchFileWriteChanges boolean: Monitor file write events.
watchKeyCreateChanges boolean: Monitor registry key creation events.
watchKeyDeleteChanges boolean: Monitor registry key deletion events.
watchKeyPermissionsChanges boolean: Monitor registry key permission change events.
watchKeyRenameChanges boolean: Monitor registry key rename events.
watchKeyValueDeleteChanges boolean: Monitor registry value deletion events.
watchKeyValueSetChanges boolean: Monitor registry value set events.

description str: Description of the filevantage rule.
path str: Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
severity str: Severity to categorize change events produced by this rule.
depth str: Depth below the base path to monitor.
enable_content_capture bool: Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
exclude str: Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
exclude_processes str: Represents the changes performed by specific processes that will be excluded from monitoring.
exclude_users str: Represents the changes performed by specific users that will be excluded from monitoring.
file_names Sequence[str]: List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
id str: Identifier for the filevantage rule.
include str: Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
include_processes str: Represents the changes performed by specific processes that will be monitored.
include_users str: Represents the changes performed by specific users that will be monitored.
precedence int: Precedence of the rule in the rule group.
registry_values Sequence[str]: List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
watch_directory_attribute_changes bool: Monitor directory attribute change events.
watch_directory_create_changes bool: Monitor directory creation events.
watch_directory_delete_changes bool: Monitor directory deletion events.
watch_directory_permission_changes bool: Monitor directory permission change events.
watch_directory_rename_changes bool: Monitor directory rename events.
watch_file_attribute_changes bool: Monitor file attribute change events.
watch_file_create_changes bool: Monitor file creation events.
watch_file_delete_changes bool: Monitor file deletion events.
watch_file_permission_changes bool: Monitor file permission change events.
watch_file_rename_changes bool: Monitor file rename events.
watch_file_write_changes bool: Monitor file write events.
watch_key_create_changes bool: Monitor registry key creation events.
watch_key_delete_changes bool: Monitor registry key deletion events.
watch_key_permissions_changes bool: Monitor registry key permission change events.
watch_key_rename_changes bool: Monitor registry key rename events.
watch_key_value_delete_changes bool: Monitor registry value deletion events.
watch_key_value_set_changes bool: Monitor registry value set events.

description String: Description of the filevantage rule.
path String: Representing the file system or registry path to monitor. All paths must end with the path separator, e.g. c:\windows\ for windows and /usr/bin/ for linux/mac.
severity String: Severity to categorize change events produced by this rule.
depth String: Depth below the base path to monitor.
enableContentCapture Boolean: Enable content capture for the rule. Requires watchfilewritechanges or watchkeyvalueset_changes to be enabled.
exclude String: Represents the files, directories, registry keys, or registry values that will be excluded from monitoring.
excludeProcesses String: Represents the changes performed by specific processes that will be excluded from monitoring.
excludeUsers String: Represents the changes performed by specific users that will be excluded from monitoring.
fileNames List<String>: List of file names whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
id String: Identifier for the filevantage rule.
include String: Represents the files, directories, registry keys, or registry values that will be monitored. Defaults to all (*)
includeProcesses String: Represents the changes performed by specific processes that will be monitored.
includeUsers String: Represents the changes performed by specific users that will be monitored.
precedence Number: Precedence of the rule in the rule group.
registryValues List<String>: List of registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
watchDirectoryAttributeChanges Boolean: Monitor directory attribute change events.
watchDirectoryCreateChanges Boolean: Monitor directory creation events.
watchDirectoryDeleteChanges Boolean: Monitor directory deletion events.
watchDirectoryPermissionChanges Boolean: Monitor directory permission change events.
watchDirectoryRenameChanges Boolean: Monitor directory rename events.
watchFileAttributeChanges Boolean: Monitor file attribute change events.
watchFileCreateChanges Boolean: Monitor file creation events.
watchFileDeleteChanges Boolean: Monitor file deletion events.
watchFilePermissionChanges Boolean: Monitor file permission change events.
watchFileRenameChanges Boolean: Monitor file rename events.
watchFileWriteChanges Boolean: Monitor file write events.
watchKeyCreateChanges Boolean: Monitor registry key creation events.
watchKeyDeleteChanges Boolean: Monitor registry key deletion events.
watchKeyPermissionsChanges Boolean: Monitor registry key permission change events.
watchKeyRenameChanges Boolean: Monitor registry key rename events.
watchKeyValueDeleteChanges Boolean: Monitor registry value deletion events.
watchKeyValueSetChanges Boolean: Monitor registry value set events.

Import

filevantage rule group can be imported by specifying the policy id.

$ pulumi import crowdstrike:index/filevantageRuleGroup:FilevantageRuleGroup example 7fb858a949034a0cbca175f660f1e769

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: crowdstrike crowdstrike/pulumi-crowdstrike
License: Apache-2.0
Notes: This Pulumi package is based on the crowdstrike Terraform Provider.

CrowdStrike v0.0.12 published on Thursday, Apr 3, 2025 by CrowdStrike

crowdstrike/pulumi-crowdstrike

crowdstrike.FilevantageRuleGroup

On this page

On this page

API Scopes

Example Usage

Create FilevantageRuleGroup Resource

Constructor syntax

Parameters

Constructor example

FilevantageRuleGroup Resource Properties

Inputs

Outputs

Look up Existing FilevantageRuleGroup Resource

Supporting Types

FilevantageRuleGroupRule, FilevantageRuleGroupRuleArgs

Import

Package Details

On this page

On this page