alicloud_threat_detection_client_user_define_rule
更新时间:
Provides a Threat Detection Client User Define Rule resource. Malicious Behavior Defense Custom Rules.
For information about Threat Detection Client User Define Rule and how to use it, see What is Client User Define Rule.
-> NOTE: Available since v1.212.0.
Example Usage
Basic Usage
variable "name" {
default = "terraform-example"
}
provider "alicloud" {
region = "cn-hangzhou"
}
resource "alicloud_threat_detection_client_user_define_rule" "default" {
action_type = "0"
platform = "windows"
registry_content = "123"
client_user_define_rule_name = var.name
parent_proc_path = "/root/bash"
type = "5"
cmdline = "bash"
proc_path = "/root/bash"
parent_cmdline = "bash"
registry_key = "123"
}
Argument Reference
The following arguments are supported:
action_type
- (Required) The operation type. Value:- 0: plus White
- 1: Plus Black.
client_user_define_rule_name
- (Required) The custom rule name.cmdline
- (Optional) Command line. When the value of the Type attribute is 2, 3, 4, 5, 6, or 7, the command line field is required.file_path
- (Optional) The file path. When the value of the Type attribute is 4 or 6, 7, the FilePath field is required.hash
- (Optional) Process hash list. When the value of the Type attribute is 1, the Hash attribute is required.ip
- (Optional) IP address. When the value of the Type attribute is 3, the Ip attribute is required.new_file_path
- (Optional) The new file path to rename the file. When the value of the Type attribute is 7, the NewFilePath attribute is required.parent_cmdline
- (Optional) The parent command line.parent_proc_path
- (Optional) Parent process path.platform
- (Required) The operating system type. Value:- windows:widows
- linux:linux
- all: all.
port_str
- (Optional, Computed) The port number. When the value of the Type attribute is 3, the PortStr attribute is required. Value range: 1-65535.proc_path
- (Optional) The process path. When the Type attribute is set to 2, 3, 4, 5, 6, or 7, the ProcPath attribute is required.registry_content
- (Optional) The registry value. When the value of the Type attribute is 5, the RegistryKey attribute is required.registry_key
- (Optional) The registry key. When the value of the Type attribute is 5, the RegistryKey attribute is required.type
- (Required, ForceNew) The rule type. Value:- 1: Process hash
- 2: command line
- 3: Process network
- 4: File reading and writing
- 5: Operate the registry
- 6: Load Dynamic Link Library
- 7: File Rename.
Attributes Reference
The following attributes are exported:
id
- The ID of the resource supplied above.create_time
- The creation time of the resource.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 5 mins) Used when create the Client User Define Rule.delete
- (Defaults to 5 mins) Used when delete the Client User Define Rule.update
- (Defaults to 5 mins) Used when update the Client User Define Rule.
Import
Threat Detection Client User Define Rule can be imported using the id, e.g.
$ terraform import alicloud_threat_detection_client_user_define_rule.example <id>
文档内容是否对您有帮助?