filevantage_policy
This resource allows management of a FileVantage policy. A FileVantage policy is a collection of file integrity rules and rule groups that you can apply to host groups.
API Scopes
Section titled “API Scopes”The following API scopes are required:
- Falcon FileVantage: READ
- Falcon FileVantage: WRITE
Example Usage
Section titled “Example Usage”terraform { required_providers { crowdstrike = { source = "registry.terraform.io/crowdstrike/crowdstrike" } }}
provider "crowdstrike" { cloud = "us-2"}
resource "crowdstrike_filevantage_rule_group" "example" { name = "example_filevantage_rule_group" description = "made with terraform" type = "MacFiles" rules = [ { description = "first rule" path = "/path/to/example/" severity = "High" depth = "ANY" }, ]}
resource "crowdstrike_filevantage_rule_group" "example2" { name = "example_filevantage_rule_group" description = "made with terraform" type = "MacFiles" rules = [ { description = "first rule" path = "/path/to/example/" severity = "High" depth = "ANY" enable_content_capture = true watch_file_write_changes = true file_names = ["example.exe"] }, ]}
resource "crowdstrike_filevantage_policy" "example" { name = "example_filevantage_policy" enabled = true description = "made with terraform" platform_name = "Mac" # host_groups = ["1232313"] rule_groups = [crowdstrike_filevantage_rule_group.example.id, crowdstrike_filevantage_rule_group.example2.id] scheduled_exclusions = [ { name = "policy1" description = "Run the first 3 days of the month. All day." start_date = "2024-05-21" start_time = "11:09" timezone = "US/Central" processes = "**/example.exe,/path/to/example2.exe" repeated = { all_day = true frequency = "monthly" monthly_occurrence = "Days" days_of_month = [1, 2, 3] } }, { name = "policy2" description = "Run monday, tuesday, wednesday. 11:09 - 12:10." start_date = "2024-05-21" start_time = "11:09" users = "admin*,example" timezone = "US/Central" repeated = { all_day = false start_time = "11:09" end_time = "12:10" frequency = "weekly" days_of_week = ["Monday", "Tuesday", "Wednesday"] } }, ]}
output "filevantage_policy" { value = crowdstrike_filevantage_policy.example}Schema
Section titled “Schema”Required
Section titled “Required”name(String) Name of the filevantage policy.platform_name(String) Platform for the filevantage policy to manage. (Windows, Mac, Linux)
Optional
Section titled “Optional”description(String) Description of the filevantage policy.enabled(Boolean) Enable the filevantage policy.host_groups(Set of String) Host Group ids to attach to the filevantage policy.rule_groups(List of String) Rule Group ids to attach to the filevantage policy. Precedence is based on the order of the list. Rule groups must be the same type as the policy.scheduled_exclusions(Attributes List) Scheduled exclusions for the filevantage policy. (see below for nested schema)
Read-Only
Section titled “Read-Only”id(String) Identifier for the filevantage policy.last_updated(String) Timestamp of the last Terraform update of the resource.
Nested Schema for scheduled_exclusions
Section titled “Nested Schema for scheduled_exclusions”Required:
name(String) Name of the scheduled exclusion.start_date(String) The start date of the scheduled exclusion. Format: YYYY-MM-DDstart_time(String) The start time of the scheduled exclusion in 24 hour format. Format: HH:MMtimezone(String) The timezone to use for the time fields. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.
Optional:
description(String) Description of the scheduled exclusion.end_date(String) The end date of the scheduled exclusion. Format: YYYY-MM-DDend_time(String) The end time of the scheduled exclusion in 24 hour format. Format: HH:MMprocesses(String) A comma separated list of processes to exclude changes from. Example: **/run_me.sh excludes changes made by run_me.sh in any locationrepeated(Attributes) Repeated scheduled exclusion (see below for nested schema)users(String) A comma separated list of users to exclude changes from. Example: user1,user2,admin* excludes changes made by user1, user2, and any user starting with admin
Read-Only:
id(String) Identifier for the scheduled exclusion.
Nested Schema for scheduled_exclusions.repeated
Section titled “Nested Schema for scheduled_exclusions.repeated”Required:
all_day(Boolean) If the exclusion is all day.frequency(String) The frequency of the exclusion. Options: daily, weekly, monthly
Optional:
days_of_month(Set of Number) The days of the month to allow the exclusion. Required if frequency is set to monthly and monthly_occurrence is set to days. Options: 1-31days_of_week(Set of String) The days of the week to allow the exclusion. Required if frequency is set to weekly or set to monthly and monthly_occurrence is set to a week. Options: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturdayend_time(String) The end time to end the scheduled exclusion in 24 hour format. Format: HH:MM required if all_day is falsemonthly_occurrence(String) The monthly occurrence of the exclusion. Either specify a week (first, second, third, fourth) or set to days to specify days of the month. Options: first, second, third, fourth, days. Required if frequency is set to monthlystart_time(String) The start time to allow the scheduled exclusion in 24 hour format. Format: HH:MM required if all_day is false
Import
Section titled “Import”Import is supported using the following syntax:
# filvantage policy can be imported by specifying the policy id.terraform import crowdstrike_filevantage_policy.example 7fb858a949034a0cbca175f660f1e769