Provides a Threat Detection Client User Define Rule resource. Malicious Behavior Defense Custom Rules.
For information about Threat Detection Client User Define Rule and how to use it, see What is Client User Define Rule.
Basic Usage
variable "name" {
default = "terraform-example"
}
provider "alicloud" {
region = "cn-hangzhou"
}
resource "alicloud_threat_detection_client_user_define_rule" "default" {
action_type = "0"
platform = "windows"
registry_content = "123"
client_user_define_rule_name = var.name
parent_proc_path = "/root/bash"
type = "5"
cmdline = "bash"
proc_path = "/root/bash"
parent_cmdline = "bash"
registry_key = "123"
}
The following arguments are supported:
action_type
- (Required) The operation type. Value:
client_user_define_rule_name
- (Required) The custom rule name.cmdline
- (Optional) Command line. When the value of the Type attribute is 2, 3, 4, 5, 6, or 7, the command line field is required.file_path
- (Optional) The file path. When the value of the Type attribute is 4 or 6, 7, the FilePath field is required.hash
- (Optional) Process hash list. When the value of the Type attribute is 1, the Hash attribute is required.ip
- (Optional) IP address. When the value of the Type attribute is 3, the Ip attribute is required.new_file_path
- (Optional) The new file path to rename the file. When the value of the Type attribute is 7, the NewFilePath attribute is required.parent_cmdline
- (Optional) The parent command line.parent_proc_path
- (Optional) Parent process path.platform
- (Required) The operating system type. Value:
port_str
- (Optional, Computed) The port number. When the value of the Type attribute is 3, the PortStr attribute is required. Value range: 1-65535.proc_path
- (Optional) The process path. When the Type attribute is set to 2, 3, 4, 5, 6, or 7, the ProcPath attribute is required.registry_content
- (Optional) The registry value. When the value of the Type attribute is 5, the RegistryKey attribute is required.registry_key
- (Optional) The registry key. When the value of the Type attribute is 5, the RegistryKey attribute is required.type
- (Required, ForceNew) The rule type. Value:
The following attributes are exported:
id
- The ID of the resource supplied above.create_time
- The creation time of the resource.The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 5 mins) Used when create the Client User Define Rule.delete
- (Defaults to 5 mins) Used when delete the Client User Define Rule.update
- (Defaults to 5 mins) Used when update the Client User Define Rule.Threat Detection Client User Define Rule can be imported using the id, e.g.
$ terraform import alicloud_threat_detection_client_user_define_rule.example <id>