ALIYUN::ThreatDetection::ClientFileProtect类型用于新建核心文件防护规则。
语法
{
"Type": "ALIYUN::ThreatDetection::ClientFileProtect",
"Properties": {
"FilePaths": List,
"FileOps": List,
"ProcPaths": List,
"RuleAction": String,
"RuleName": String,
"AlertLevel": Integer,
"Platform": String,
"Status": Integer,
"SwitchId": String
}
}属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
FileOps |
List |
是 |
是 |
要对文件执行的操作。 |
无 |
|
FilePaths |
List |
是 |
是 |
监控文件的路径。 |
支持通配符。 |
|
ProcPaths |
List |
是 |
是 |
监控进程的路径。 |
无 |
|
RuleAction |
String |
是 |
是 |
规则的处置方式。 |
取值:
|
|
RuleName |
String |
是 |
是 |
规则名称。 |
无 |
|
AlertLevel |
Integer |
否 |
是 |
告警严重程度。 |
取值:
|
|
Platform |
String |
否 |
否 |
操作系统类型。 |
取值:
|
|
Status |
Integer |
否 |
否 |
规则状态。 |
取值: 1:已启用 0:未启用 |
|
SwitchId |
String |
否 |
否 |
规则的开关ID。 |
无 |
返回值
Fn::GetAtt
-
FilePaths:监控文件的路径。支持通配符。
-
FileOps:要对文件执行的操作。
-
Platform:操作系统类型。
-
RuleId:规则ID。
-
RuleAction:规则的处置方式。
-
ProcPaths:监控进程的路径。
-
SwitchId:规则的开关ID。
-
AlertLevel:告警严重程度。
-
RuleName:规则名称。
示例
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
FileOps:
Description:
en: The operations that you want to perform on the files.
Required: true
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: |-
The operation that you want to perform on the file. Valid values:
* WRITE
* READ
* DELETE
* RENAME
* CHMOD: changes permissions.
AllowedValues:
- WRITE
- READ
- DELETE
- RENAME
- CHMOD
Default: Null
Required: false
RuleName:
Type: String
Description:
en: The name of the rule.
Required: true
Platform:
Type: String
Description:
en: |-
The type of the operating system. Valid values:
* **windows**: Windows
* **linux**: Linux.
AllowedValues:
- windows
- linux
Default: Null
Required: false
Status:
Type: Number
Description:
en: |-
Rule status.
1: Enabled
0: Not enabled
AllowedValues:
- 0
- 1
Default: Null
Required: false
SwitchId:
Type: String
Description:
en: The switch ID of the rule.
Default: Null
Required: false
ProcPaths:
Description:
en: The paths to the monitored processes.
Required: true
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: The path to the monitored process.
Default: Null
Required: false
RuleAction:
Type: String
Description:
en: |-
The handling method of the rule. Valid values:
* pass: allow
* alert.
AllowedValues:
- pass
- alert
Required: true
FilePaths:
Description:
en: The paths to the monitored files. Wildcard characters are supported.
Required: true
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: The path to the monitored file. Wildcard characters are supported.
Default: Null
Required: false
AlertLevel:
Type: Number
Description:
en: |-
The severity of alerts. Valid values:
* 0: does not generate alerts
* 1: sends notifications
* 2: suspicious
* 3: high-risk.
AllowedValues:
- 0
- 1
- 2
- 3
Default: Null
Required: false
Resources:
ExtensionResource:
Type: ALIYUN::ThreatDetection::ClientFileProtect
Properties:
FileOps:
Ref: FileOps
RuleName:
Ref: RuleName
Platform:
Ref: Platform
Status:
Ref: Status
SwitchId:
Ref: SwitchId
ProcPaths:
Ref: ProcPaths
RuleAction:
Ref: RuleAction
FilePaths:
Ref: FilePaths
AlertLevel:
Ref: AlertLevel
Outputs:
FileOps:
Value:
Fn::GetAtt:
- ExtensionResource
- FileOps
Description: The operations that you want to perform on the files.
RuleId:
Value:
Fn::GetAtt:
- ExtensionResource
- RuleId
Description: The ID of the rule.
RuleName:
Value:
Fn::GetAtt:
- ExtensionResource
- RuleName
Description: The name of the rule.
Platform:
Value:
Fn::GetAtt:
- ExtensionResource
- Platform
Description: The type of the operating system.
SwitchId:
Value:
Fn::GetAtt:
- ExtensionResource
- SwitchId
Description: The switch ID of the rule.
ProcPaths:
Value:
Fn::GetAtt:
- ExtensionResource
- ProcPaths
Description: The paths to the monitored processes.
RuleAction:
Value:
Fn::GetAtt:
- ExtensionResource
- RuleAction
Description: The handling method of the rule.
FilePaths:
Value:
Fn::GetAtt:
- ExtensionResource
- FilePaths
Description: The paths to the monitored files. Wildcard characters are supported.
AlertLevel:
Value:
Fn::GetAtt:
- ExtensionResource
- AlertLevel
Description: The severity of alerts.
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"FileOps": {
"Description": {
"en": "The operations that you want to perform on the files."
},
"Required": true,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The operation that you want to perform on the file. Valid values:\n* WRITE\n* READ\n* DELETE\n* RENAME\n* CHMOD: changes permissions."
},
"AllowedValues": [
"WRITE",
"READ",
"DELETE",
"RENAME",
"CHMOD"
],
"Default": null,
"Required": false
}
}
},
"RuleName": {
"Type": "String",
"Description": {
"en": "The name of the rule."
},
"Required": true
},
"Platform": {
"Type": "String",
"Description": {
"en": "The type of the operating system. Valid values:\n* **windows**: Windows\n* **linux**: Linux."
},
"AllowedValues": [
"windows",
"linux"
],
"Default": null,
"Required": false
},
"Status": {
"Type": "Number",
"Description": {
"en": "Rule status.\n1: Enabled\n0: Not enabled"
},
"AllowedValues": [
0,
1
],
"Default": null,
"Required": false
},
"SwitchId": {
"Type": "String",
"Description": {
"en": "The switch ID of the rule."
},
"Default": null,
"Required": false
},
"ProcPaths": {
"Description": {
"en": "The paths to the monitored processes."
},
"Required": true,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The path to the monitored process."
},
"Default": null,
"Required": false
}
}
},
"RuleAction": {
"Type": "String",
"Description": {
"en": "The handling method of the rule. Valid values:\n* pass: allow\n* alert."
},
"AllowedValues": [
"pass",
"alert"
],
"Required": true
},
"FilePaths": {
"Description": {
"en": "The paths to the monitored files. Wildcard characters are supported."
},
"Required": true,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The path to the monitored file. Wildcard characters are supported."
},
"Default": null,
"Required": false
}
}
},
"AlertLevel": {
"Type": "Number",
"Description": {
"en": "The severity of alerts. Valid values:\n* 0: does not generate alerts\n* 1: sends notifications\n* 2: suspicious\n* 3: high-risk."
},
"AllowedValues": [
0,
1,
2,
3
],
"Default": null,
"Required": false
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::ThreatDetection::ClientFileProtect",
"Properties": {
"FileOps": {
"Ref": "FileOps"
},
"RuleName": {
"Ref": "RuleName"
},
"Platform": {
"Ref": "Platform"
},
"Status": {
"Ref": "Status"
},
"SwitchId": {
"Ref": "SwitchId"
},
"ProcPaths": {
"Ref": "ProcPaths"
},
"RuleAction": {
"Ref": "RuleAction"
},
"FilePaths": {
"Ref": "FilePaths"
},
"AlertLevel": {
"Ref": "AlertLevel"
}
}
}
},
"Outputs": {
"FileOps": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"FileOps"
]
},
"Description": "The operations that you want to perform on the files."
},
"RuleId": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RuleId"
]
},
"Description": "The ID of the rule."
},
"RuleName": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RuleName"
]
},
"Description": "The name of the rule."
},
"Platform": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Platform"
]
},
"Description": "The type of the operating system."
},
"SwitchId": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"SwitchId"
]
},
"Description": "The switch ID of the rule."
},
"ProcPaths": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ProcPaths"
]
},
"Description": "The paths to the monitored processes."
},
"RuleAction": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"RuleAction"
]
},
"Description": "The handling method of the rule."
},
"FilePaths": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"FilePaths"
]
},
"Description": "The paths to the monitored files. Wildcard characters are supported."
},
"AlertLevel": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"AlertLevel"
]
},
"Description": "The severity of alerts."
}
}
}该文章对您有帮助吗?