Provides a Cloudflare Device Posture Rule resource. Device posture rules configure security policies for device posture checks.
resource "cloudflare_device_posture_rule" "eaxmple" {
account_id = "f037e56e89293a057740de681ac9abbe"
name = "Corporate devices posture rule"
type = "os_version"
description = "Device posture rule for corporate devices."
schedule = "24h"
expiration = "24h"
match {
platform = "linux"
}
input {
id = cloudflare_teams_list.corporate_devices.id
version = "1.0.0"
operator = "<"
os_distro_name = "ubuntu"
os_distro_revision = "1.0.0"
}
}
account_id
(String) The account identifier to target for the resource.type
(String) The device posture rule type. Available values: serial_number
, file
, application
, gateway
, warp
, domain_joined
, os_version
, disk_encryption
, firewall
, client_certificate
, workspace_one
, unique_client_id
, crowdstrike_s2s
, sentinelone
, kolide
, tanium_s2s
, intune
, sentinelone_s2s
.description
(String)expiration
(String) Expire posture results after the specified amount of time. Must be in the format 1h
or 30m
. Valid units are h
and m
.input
(Block List) Required for all rule types except warp
, gateway
, and tanium
. (see below for nested schema)match
(Block List) The conditions that the client must match to run the rule. (see below for nested schema)name
(String) Name of the device posture rule.schedule
(String) Tells the client when to run the device posture check. Must be in the format 1h
or 30m
. Valid units are h
and m
.id
(String) The ID of this resource.input
Optional:
active_threats
(Number) The number of active threats from SentinelOne.certificate_id
(String) The UUID of a Cloudflare managed certificate.check_disks
(Set of String) Specific volume(s) to check for encryption.cn
(String) The common name for a certificate.compliance_status
(String) The workspace one device compliance status. Available values: compliant
, noncompliant
.connection_id
(String) The workspace one connection id.count_operator
(String) The count comparison operator for kolide. Available values: >
, >=
, <
, <=
, ==
.domain
(String) The domain that the client must join.eid_last_seen
(String) The datetime a device last seen in RFC 3339 format from Tanium.enabled
(Boolean) True if the firewall must be enabled.exists
(Boolean) Checks if the file should exist.id
(String) The Teams List id. Required for serial_number
and unique_client_id
rule types.infected
(Boolean) True if SentinelOne device is infected.is_active
(Boolean) True if SentinelOne device is active.issue_count
(String) The number of issues for kolide.last_seen
(String) The duration of time that the host was last seen from Crowdstrike. Must be in the format 1h
or 30m
. Valid units are d
, h
and m
.network_status
(String) The network status from SentinelOne. Available values: connected
, disconnected
, disconnecting
, connecting
.operator
(String) The version comparison operator. Available values: >
, >=
, <
, <=
, ==
.os
(String) OS signal score from Crowdstrike. Value must be between 1 and 100.os_distro_name
(String) The operating system excluding version information.os_distro_revision
(String) The operating system version excluding OS name information or release name.overall
(String) Overall ZTA score from Crowdstrike. Value must be between 1 and 100.path
(String) The path to the file.require_all
(Boolean) True if all drives must be encrypted.risk_level
(String) The risk level from Tanium. Available values: low
, medium
, high
, critical
.running
(Boolean) Checks if the application should be running.sensor_config
(String) Sensor signal score from Crowdstrike. Value must be between 1 and 100.sha256
(String) The sha256 hash of the file.state
(String) The host’s current online status from Crowdstrike. Available values: online
, offline
, unknown
.thumbprint
(String) The thumbprint of the file certificate.total_score
(Number) The total score from Tanium.version
(String) The operating system semantic version.version_operator
(String) The version comparison operator for crowdstrike. Available values: >
, >=
, <
, <=
, ==
.os_version_extra
(String) Extra operating system version details following the semantic version value.match
Optional:
platform
(String) The platform of the device. Available values: windows
, mac
, linux
, android
, ios
, chromeos
.Import is supported using the following syntax:
$ terraform import cloudflare_device_posture_rule.example <account_id>/<device_posture_rule_id>