1. Packages
  2. Aquasec
  3. API Docs
  4. HostRuntimePolicy
Aquasec v0.8.27 published on Monday, Jan 29, 2024 by Pulumiverse

aquasec.HostRuntimePolicy

Explore with Pulumi AI

aquasec logo
Aquasec v0.8.27 published on Monday, Jan 29, 2024 by Pulumiverse

    Example Usage

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aquasec.HostRuntimePolicy;
    import com.pulumi.aquasec.HostRuntimePolicyArgs;
    import com.pulumi.aquasec.inputs.HostRuntimePolicyFileIntegrityMonitoringArgs;
    import com.pulumi.aquasec.inputs.HostRuntimePolicyScopeVariableArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hostRuntimePolicy = new HostRuntimePolicy("hostRuntimePolicy", HostRuntimePolicyArgs.builder()        
                .applicationScopes("Global")
                .auditAllOsUserActivity(true)
                .auditBruteForceLogin(true)
                .auditFullCommandArguments(true)
                .auditHostFailedLoginEvents(true)
                .auditHostSuccessfulLoginEvents(true)
                .auditUserAccountManagement(true)
                .blockCryptocurrencyMining(true)
                .blockedFiles("blocked")
                .description("host_runtime_policy")
                .enableIpReputationSecurity(true)
                .enabled(true)
                .enforce(false)
                .fileIntegrityMonitoring(HostRuntimePolicyFileIntegrityMonitoringArgs.builder()
                    .excludedPaths("expaths")
                    .excludedProcesses("exprocess")
                    .excludedUsers("expuser")
                    .monitorAttributes(true)
                    .monitorCreate(true)
                    .monitorDelete(true)
                    .monitorModify(true)
                    .monitorRead(true)
                    .monitoredPaths("paths")
                    .monitoredProcesses("process")
                    .monitoredUsers("user")
                    .build())
                .monitorSystemLogIntegrity(true)
                .monitorSystemTimeChanges(true)
                .monitorWindowsServices(true)
                .osGroupsAlloweds("group1")
                .osGroupsBlockeds("group2")
                .osUsersAlloweds("user1")
                .osUsersBlockeds("user2")
                .packageBlocks("package1")
                .portScanningDetection(true)
                .scopeVariables(            
                    HostRuntimePolicyScopeVariableArgs.builder()
                        .attribute("kubernetes.cluster")
                        .value("default")
                        .build(),
                    HostRuntimePolicyScopeVariableArgs.builder()
                        .attribute("kubernetes.label")
                        .name("app")
                        .value("aqua")
                        .build())
                .windowsRegistryMonitoring(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .windowsRegistryProtection(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      hostRuntimePolicy:
        type: aquasec:HostRuntimePolicy
        properties:
          applicationScopes:
            - Global
          auditAllOsUserActivity: true
          auditBruteForceLogin: true
          auditFullCommandArguments: true
          auditHostFailedLoginEvents: true
          auditHostSuccessfulLoginEvents: true
          auditUserAccountManagement: true
          blockCryptocurrencyMining: true
          blockedFiles:
            - blocked
          description: host_runtime_policy
          enableIpReputationSecurity: true
          enabled: true
          enforce: false
          fileIntegrityMonitoring:
            excludedPaths:
              - expaths
            excludedProcesses:
              - exprocess
            excludedUsers:
              - expuser
            monitorAttributes: true
            monitorCreate: true
            monitorDelete: true
            monitorModify: true
            monitorRead: true
            monitoredPaths:
              - paths
            monitoredProcesses:
              - process
            monitoredUsers:
              - user
          monitorSystemLogIntegrity: true
          monitorSystemTimeChanges: true
          monitorWindowsServices: true
          osGroupsAlloweds:
            - group1
          osGroupsBlockeds:
            - group2
          osUsersAlloweds:
            - user1
          osUsersBlockeds:
            - user2
          packageBlocks:
            - package1
          portScanningDetection: true
          scopeVariables:
            - attribute: kubernetes.cluster
              value: default
            - attribute: kubernetes.label
              name: app
              value: aqua
          windowsRegistryMonitoring:
            - excludedPaths:
                - expaths
              excludedProcesses:
                - exprocess
              excludedUsers:
                - expuser
              monitorAttributes: true
              monitorCreate: true
              monitorDelete: true
              monitorModify: true
              monitorRead: true
              monitoredPaths:
                - paths
              monitoredProcesses:
                - process
              monitoredUsers:
                - user
          windowsRegistryProtection:
            - excludedPaths:
                - expaths
              excludedProcesses:
                - exprocess
              excludedUsers:
                - expuser
              protectedPaths:
                - paths
              protectedProcesses:
                - process
              protectedUsers:
                - user
    

    Create HostRuntimePolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new HostRuntimePolicy(name: string, args?: HostRuntimePolicyArgs, opts?: CustomResourceOptions);
    @overload
    def HostRuntimePolicy(resource_name: str,
                          args: Optional[HostRuntimePolicyArgs] = None,
                          opts: Optional[ResourceOptions] = None)
    
    @overload
    def HostRuntimePolicy(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          allowed_executables: Optional[Sequence[HostRuntimePolicyAllowedExecutableArgs]] = None,
                          allowed_registries: Optional[Sequence[HostRuntimePolicyAllowedRegistryArgs]] = None,
                          application_scopes: Optional[Sequence[str]] = None,
                          audit_brute_force_login: Optional[bool] = None,
                          audit_full_command_arguments: Optional[bool] = None,
                          audit_host_failed_login_events: Optional[bool] = None,
                          audit_host_successful_login_events: Optional[bool] = None,
                          audit_user_account_management: Optional[bool] = None,
                          auditing: Optional[HostRuntimePolicyAuditingArgs] = None,
                          author: Optional[str] = None,
                          blacklisted_os_users: Optional[HostRuntimePolicyBlacklistedOsUsersArgs] = None,
                          block_container_exec: Optional[bool] = None,
                          block_cryptocurrency_mining: Optional[bool] = None,
                          block_disallowed_images: Optional[bool] = None,
                          block_fileless_exec: Optional[bool] = None,
                          block_non_compliant_workloads: Optional[bool] = None,
                          block_non_k8s_containers: Optional[bool] = None,
                          blocked_files: Optional[Sequence[str]] = None,
                          bypass_scopes: Optional[Sequence[HostRuntimePolicyBypassScopeArgs]] = None,
                          container_exec: Optional[HostRuntimePolicyContainerExecArgs] = None,
                          created: Optional[str] = None,
                          cve: Optional[str] = None,
                          default_security_profile: Optional[str] = None,
                          description: Optional[str] = None,
                          digest: Optional[str] = None,
                          drift_preventions: Optional[Sequence[HostRuntimePolicyDriftPreventionArgs]] = None,
                          enable_crypto_mining_dns: Optional[bool] = None,
                          enable_fork_guard: Optional[bool] = None,
                          enable_ip_reputation: Optional[bool] = None,
                          enable_port_scan_protection: Optional[bool] = None,
                          enabled: Optional[bool] = None,
                          enforce: Optional[bool] = None,
                          enforce_after_days: Optional[int] = None,
                          enforce_scheduler_added_on: Optional[int] = None,
                          exclude_application_scopes: Optional[Sequence[str]] = None,
                          executable_blacklists: Optional[Sequence[HostRuntimePolicyExecutableBlacklistArgs]] = None,
                          failed_kubernetes_checks: Optional[HostRuntimePolicyFailedKubernetesChecksArgs] = None,
                          file_block: Optional[HostRuntimePolicyFileBlockArgs] = None,
                          file_integrity_monitoring: Optional[HostRuntimePolicyFileIntegrityMonitoringArgs] = None,
                          fork_guard_process_limit: Optional[int] = None,
                          image_name: Optional[str] = None,
                          is_audit_checked: Optional[bool] = None,
                          is_auto_generated: Optional[bool] = None,
                          is_ootb_policy: Optional[bool] = None,
                          lastupdate: Optional[int] = None,
                          limit_container_privileges: Optional[Sequence[HostRuntimePolicyLimitContainerPrivilegeArgs]] = None,
                          linux_capabilities: Optional[HostRuntimePolicyLinuxCapabilitiesArgs] = None,
                          malware_scan_options: Optional[HostRuntimePolicyMalwareScanOptionsArgs] = None,
                          monitor_system_log_integrity: Optional[bool] = None,
                          monitor_system_time_changes: Optional[bool] = None,
                          monitor_windows_services: Optional[bool] = None,
                          name: Optional[str] = None,
                          no_new_privileges: Optional[bool] = None,
                          only_registered_images: Optional[bool] = None,
                          os_groups_alloweds: Optional[Sequence[str]] = None,
                          os_groups_blockeds: Optional[Sequence[str]] = None,
                          os_users_alloweds: Optional[Sequence[str]] = None,
                          os_users_blockeds: Optional[Sequence[str]] = None,
                          package_blocks: Optional[Sequence[HostRuntimePolicyPackageBlockArgs]] = None,
                          permission: Optional[str] = None,
                          port_block: Optional[HostRuntimePolicyPortBlockArgs] = None,
                          readonly_files: Optional[HostRuntimePolicyReadonlyFilesArgs] = None,
                          readonly_registry: Optional[HostRuntimePolicyReadonlyRegistryArgs] = None,
                          registry: Optional[str] = None,
                          registry_access_monitoring: Optional[HostRuntimePolicyRegistryAccessMonitoringArgs] = None,
                          repo_name: Optional[str] = None,
                          resource_name_: Optional[str] = None,
                          resource_type: Optional[str] = None,
                          restricted_volumes: Optional[Sequence[HostRuntimePolicyRestrictedVolumeArgs]] = None,
                          reverse_shell: Optional[HostRuntimePolicyReverseShellArgs] = None,
                          runtime_mode: Optional[int] = None,
                          runtime_type: Optional[str] = None,
                          scope_expression: Optional[str] = None,
                          scope_variables: Optional[Sequence[HostRuntimePolicyScopeVariableArgs]] = None,
                          scopes: Optional[Sequence[HostRuntimePolicyScopeArgs]] = None,
                          system_integrity_protection: Optional[HostRuntimePolicySystemIntegrityProtectionArgs] = None,
                          tripwire: Optional[HostRuntimePolicyTripwireArgs] = None,
                          type: Optional[str] = None,
                          updated: Optional[str] = None,
                          version: Optional[str] = None,
                          vpatch_version: Optional[str] = None,
                          whitelisted_os_users: Optional[HostRuntimePolicyWhitelistedOsUsersArgs] = None)
    func NewHostRuntimePolicy(ctx *Context, name string, args *HostRuntimePolicyArgs, opts ...ResourceOption) (*HostRuntimePolicy, error)
    public HostRuntimePolicy(string name, HostRuntimePolicyArgs? args = null, CustomResourceOptions? opts = null)
    public HostRuntimePolicy(String name, HostRuntimePolicyArgs args)
    public HostRuntimePolicy(String name, HostRuntimePolicyArgs args, CustomResourceOptions options)
    
    type: aquasec:HostRuntimePolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args HostRuntimePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args HostRuntimePolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args HostRuntimePolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args HostRuntimePolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args HostRuntimePolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var hostRuntimePolicyResource = new Aquasec.HostRuntimePolicy("hostRuntimePolicyResource", new()
    {
        AllowedExecutables = new[]
        {
            new Aquasec.Inputs.HostRuntimePolicyAllowedExecutableArgs
            {
                AllowExecutables = new[]
                {
                    "string",
                },
                AllowRootExecutables = new[]
                {
                    "string",
                },
                Enabled = false,
                SeparateExecutables = false,
            },
        },
        AllowedRegistries = new[]
        {
            new Aquasec.Inputs.HostRuntimePolicyAllowedRegistryArgs
            {
                AllowedRegistries = new[]
                {
                    "string",
                },
                Enabled = false,
            },
        },
        ApplicationScopes = new[]
        {
            "string",
        },
        AuditBruteForceLogin = false,
        AuditFullCommandArguments = false,
        AuditHostFailedLoginEvents = false,
        AuditHostSuccessfulLoginEvents = false,
        AuditUserAccountManagement = false,
        Auditing = new Aquasec.Inputs.HostRuntimePolicyAuditingArgs
        {
            AuditAllNetwork = false,
            AuditAllProcesses = false,
            AuditFailedLogin = false,
            AuditOsUserActivity = false,
            AuditProcessCmdline = false,
            AuditSuccessLogin = false,
            AuditUserAccountManagement = false,
            Enabled = false,
        },
        Author = "string",
        BlacklistedOsUsers = new Aquasec.Inputs.HostRuntimePolicyBlacklistedOsUsersArgs
        {
            Enabled = false,
            GroupBlackLists = new[]
            {
                "string",
            },
            UserBlackLists = new[]
            {
                "string",
            },
        },
        BlockContainerExec = false,
        BlockCryptocurrencyMining = false,
        BlockDisallowedImages = false,
        BlockFilelessExec = false,
        BlockNonCompliantWorkloads = false,
        BlockNonK8sContainers = false,
        BlockedFiles = new[]
        {
            "string",
        },
        BypassScopes = new[]
        {
            new Aquasec.Inputs.HostRuntimePolicyBypassScopeArgs
            {
                Enabled = false,
                Scopes = new[]
                {
                    new Aquasec.Inputs.HostRuntimePolicyBypassScopeScopeArgs
                    {
                        Expression = "string",
                        Variables = new[]
                        {
                            new Aquasec.Inputs.HostRuntimePolicyBypassScopeScopeVariableArgs
                            {
                                Attribute = "string",
                                Value = "string",
                            },
                        },
                    },
                },
            },
        },
        ContainerExec = new Aquasec.Inputs.HostRuntimePolicyContainerExecArgs
        {
            BlockContainerExec = false,
            ContainerExecProcWhiteLists = new[]
            {
                "string",
            },
            Enabled = false,
            ReverseShellIpWhiteLists = new[]
            {
                "string",
            },
        },
        Created = "string",
        Cve = "string",
        DefaultSecurityProfile = "string",
        Description = "string",
        Digest = "string",
        DriftPreventions = new[]
        {
            new Aquasec.Inputs.HostRuntimePolicyDriftPreventionArgs
            {
                Enabled = false,
                ExecLockdown = false,
                ExecLockdownWhiteLists = new[]
                {
                    "string",
                },
                ImageLockdown = false,
            },
        },
        EnableCryptoMiningDns = false,
        EnableForkGuard = false,
        EnableIpReputation = false,
        EnablePortScanProtection = false,
        Enabled = false,
        Enforce = false,
        EnforceAfterDays = 0,
        EnforceSchedulerAddedOn = 0,
        ExcludeApplicationScopes = new[]
        {
            "string",
        },
        ExecutableBlacklists = new[]
        {
            new Aquasec.Inputs.HostRuntimePolicyExecutableBlacklistArgs
            {
                Enabled = false,
                Executables = new[]
                {
                    "string",
                },
            },
        },
        FailedKubernetesChecks = new Aquasec.Inputs.HostRuntimePolicyFailedKubernetesChecksArgs
        {
            Enabled = false,
            FailedChecks = new[]
            {
                "string",
            },
        },
        FileBlock = new Aquasec.Inputs.HostRuntimePolicyFileBlockArgs
        {
            BlockFilesProcesses = new[]
            {
                "string",
            },
            BlockFilesUsers = new[]
            {
                "string",
            },
            Enabled = false,
            ExceptionalBlockFiles = new[]
            {
                "string",
            },
            ExceptionalBlockFilesProcesses = new[]
            {
                "string",
            },
            ExceptionalBlockFilesUsers = new[]
            {
                "string",
            },
            FilenameBlockLists = new[]
            {
                "string",
            },
        },
        FileIntegrityMonitoring = new Aquasec.Inputs.HostRuntimePolicyFileIntegrityMonitoringArgs
        {
            Enabled = false,
            ExceptionalMonitoredFiles = new[]
            {
                "string",
            },
            ExceptionalMonitoredFilesProcesses = new[]
            {
                "string",
            },
            ExceptionalMonitoredFilesUsers = new[]
            {
                "string",
            },
            MonitoredFiles = new[]
            {
                "string",
            },
            MonitoredFilesAttributes = false,
            MonitoredFilesCreate = false,
            MonitoredFilesDelete = false,
            MonitoredFilesModify = false,
            MonitoredFilesProcesses = new[]
            {
                "string",
            },
            MonitoredFilesRead = false,
            MonitoredFilesUsers = new[]
            {
                "string",
            },
        },
        ForkGuardProcessLimit = 0,
        ImageName = "string",
        IsAuditChecked = false,
        IsAutoGenerated = false,
        IsOotbPolicy = false,
        Lastupdate = 0,
        LimitContainerPrivileges = new[]
        {
            new Aquasec.Inputs.HostRuntimePolicyLimitContainerPrivilegeArgs
            {
                BlockAddCapabilities = false,
                Enabled = false,
                Ipcmode = false,
                Netmode = false,
                Pidmode = false,
                PreventLowPortBinding = false,
                PreventRootUser = false,
                Privileged = false,
                UseHostUser = false,
                Usermode = false,
                Utsmode = false,
            },
        },
        LinuxCapabilities = new Aquasec.Inputs.HostRuntimePolicyLinuxCapabilitiesArgs
        {
            Enabled = false,
            RemoveLinuxCapabilities = new[]
            {
                "string",
            },
        },
        MalwareScanOptions = new Aquasec.Inputs.HostRuntimePolicyMalwareScanOptionsArgs
        {
            Action = "string",
            Enabled = false,
            ExcludeDirectories = new[]
            {
                "string",
            },
            ExcludeProcesses = new[]
            {
                "string",
            },
            IncludeDirectories = new[]
            {
                "string",
            },
        },
        MonitorSystemLogIntegrity = false,
        MonitorSystemTimeChanges = false,
        MonitorWindowsServices = false,
        Name = "string",
        NoNewPrivileges = false,
        OnlyRegisteredImages = false,
        OsGroupsAlloweds = new[]
        {
            "string",
        },
        OsGroupsBlockeds = new[]
        {
            "string",
        },
        OsUsersAlloweds = new[]
        {
            "string",
        },
        OsUsersBlockeds = new[]
        {
            "string",
        },
        PackageBlocks = new[]
        {
            new Aquasec.Inputs.HostRuntimePolicyPackageBlockArgs
            {
                BlockPackagesProcesses = new[]
                {
                    "string",
                },
                BlockPackagesUsers = new[]
                {
                    "string",
                },
                Enabled = false,
                ExceptionalBlockPackagesFiles = new[]
                {
                    "string",
                },
                ExceptionalBlockPackagesProcesses = new[]
                {
                    "string",
                },
                ExceptionalBlockPackagesUsers = new[]
                {
                    "string",
                },
                PackagesBlackLists = new[]
                {
                    "string",
                },
            },
        },
        Permission = "string",
        PortBlock = new Aquasec.Inputs.HostRuntimePolicyPortBlockArgs
        {
            BlockInboundPorts = new[]
            {
                "string",
            },
            BlockOutboundPorts = new[]
            {
                "string",
            },
            Enabled = false,
        },
        ReadonlyFiles = new Aquasec.Inputs.HostRuntimePolicyReadonlyFilesArgs
        {
            Enabled = false,
            ExceptionalReadonlyFiles = new[]
            {
                "string",
            },
            ExceptionalReadonlyFilesProcesses = new[]
            {
                "string",
            },
            ExceptionalReadonlyFilesUsers = new[]
            {
                "string",
            },
            ReadonlyFiles = new[]
            {
                "string",
            },
            ReadonlyFilesProcesses = new[]
            {
                "string",
            },
            ReadonlyFilesUsers = new[]
            {
                "string",
            },
        },
        ReadonlyRegistry = new Aquasec.Inputs.HostRuntimePolicyReadonlyRegistryArgs
        {
            Enabled = false,
            ExceptionalReadonlyRegistryPaths = new[]
            {
                "string",
            },
            ExceptionalReadonlyRegistryProcesses = new[]
            {
                "string",
            },
            ExceptionalReadonlyRegistryUsers = new[]
            {
                "string",
            },
            ReadonlyRegistryPaths = new[]
            {
                "string",
            },
            ReadonlyRegistryProcesses = new[]
            {
                "string",
            },
            ReadonlyRegistryUsers = new[]
            {
                "string",
            },
        },
        Registry = "string",
        RegistryAccessMonitoring = new Aquasec.Inputs.HostRuntimePolicyRegistryAccessMonitoringArgs
        {
            Enabled = false,
            ExceptionalMonitoredRegistryPaths = new[]
            {
                "string",
            },
            ExceptionalMonitoredRegistryProcesses = new[]
            {
                "string",
            },
            ExceptionalMonitoredRegistryUsers = new[]
            {
                "string",
            },
            MonitoredRegistryAttributes = false,
            MonitoredRegistryCreate = false,
            MonitoredRegistryDelete = false,
            MonitoredRegistryModify = false,
            MonitoredRegistryPaths = new[]
            {
                "string",
            },
            MonitoredRegistryProcesses = new[]
            {
                "string",
            },
            MonitoredRegistryRead = false,
            MonitoredRegistryUsers = new[]
            {
                "string",
            },
        },
        RepoName = "string",
        ResourceName = "string",
        ResourceType = "string",
        RestrictedVolumes = new[]
        {
            new Aquasec.Inputs.HostRuntimePolicyRestrictedVolumeArgs
            {
                Enabled = false,
                Volumes = new[]
                {
                    "string",
                },
            },
        },
        ReverseShell = new Aquasec.Inputs.HostRuntimePolicyReverseShellArgs
        {
            BlockReverseShell = false,
            Enabled = false,
            ReverseShellIpWhiteLists = new[]
            {
                "string",
            },
            ReverseShellProcWhiteLists = new[]
            {
                "string",
            },
        },
        RuntimeMode = 0,
        RuntimeType = "string",
        ScopeExpression = "string",
        ScopeVariables = new[]
        {
            new Aquasec.Inputs.HostRuntimePolicyScopeVariableArgs
            {
                Attribute = "string",
                Value = "string",
                Name = "string",
            },
        },
        Scopes = new[]
        {
            new Aquasec.Inputs.HostRuntimePolicyScopeArgs
            {
                Expression = "string",
                Variables = new[]
                {
                    new Aquasec.Inputs.HostRuntimePolicyScopeVariableArgs
                    {
                        Attribute = "string",
                        Value = "string",
                        Name = "string",
                    },
                },
            },
        },
        SystemIntegrityProtection = new Aquasec.Inputs.HostRuntimePolicySystemIntegrityProtectionArgs
        {
            AuditSystemtimeChange = false,
            Enabled = false,
            MonitorAuditLogIntegrity = false,
            WindowsServicesMonitoring = false,
        },
        Tripwire = new Aquasec.Inputs.HostRuntimePolicyTripwireArgs
        {
            ApplyOns = new[]
            {
                "string",
            },
            Enabled = false,
            ServerlessApp = "string",
            UserId = "string",
            UserPassword = "string",
        },
        Type = "string",
        Updated = "string",
        Version = "string",
        VpatchVersion = "string",
        WhitelistedOsUsers = new Aquasec.Inputs.HostRuntimePolicyWhitelistedOsUsersArgs
        {
            Enabled = false,
            GroupWhiteLists = new[]
            {
                "string",
            },
            UserWhiteLists = new[]
            {
                "string",
            },
        },
    });
    
    example, err := aquasec.NewHostRuntimePolicy(ctx, "hostRuntimePolicyResource", &aquasec.HostRuntimePolicyArgs{
    	AllowedExecutables: aquasec.HostRuntimePolicyAllowedExecutableArray{
    		&aquasec.HostRuntimePolicyAllowedExecutableArgs{
    			AllowExecutables: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			AllowRootExecutables: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Enabled:             pulumi.Bool(false),
    			SeparateExecutables: pulumi.Bool(false),
    		},
    	},
    	AllowedRegistries: aquasec.HostRuntimePolicyAllowedRegistryArray{
    		&aquasec.HostRuntimePolicyAllowedRegistryArgs{
    			AllowedRegistries: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Enabled: pulumi.Bool(false),
    		},
    	},
    	ApplicationScopes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AuditBruteForceLogin:           pulumi.Bool(false),
    	AuditFullCommandArguments:      pulumi.Bool(false),
    	AuditHostFailedLoginEvents:     pulumi.Bool(false),
    	AuditHostSuccessfulLoginEvents: pulumi.Bool(false),
    	AuditUserAccountManagement:     pulumi.Bool(false),
    	Auditing: &aquasec.HostRuntimePolicyAuditingArgs{
    		AuditAllNetwork:            pulumi.Bool(false),
    		AuditAllProcesses:          pulumi.Bool(false),
    		AuditFailedLogin:           pulumi.Bool(false),
    		AuditOsUserActivity:        pulumi.Bool(false),
    		AuditProcessCmdline:        pulumi.Bool(false),
    		AuditSuccessLogin:          pulumi.Bool(false),
    		AuditUserAccountManagement: pulumi.Bool(false),
    		Enabled:                    pulumi.Bool(false),
    	},
    	Author: pulumi.String("string"),
    	BlacklistedOsUsers: &aquasec.HostRuntimePolicyBlacklistedOsUsersArgs{
    		Enabled: pulumi.Bool(false),
    		GroupBlackLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		UserBlackLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	BlockContainerExec:         pulumi.Bool(false),
    	BlockCryptocurrencyMining:  pulumi.Bool(false),
    	BlockDisallowedImages:      pulumi.Bool(false),
    	BlockFilelessExec:          pulumi.Bool(false),
    	BlockNonCompliantWorkloads: pulumi.Bool(false),
    	BlockNonK8sContainers:      pulumi.Bool(false),
    	BlockedFiles: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	BypassScopes: aquasec.HostRuntimePolicyBypassScopeArray{
    		&aquasec.HostRuntimePolicyBypassScopeArgs{
    			Enabled: pulumi.Bool(false),
    			Scopes: aquasec.HostRuntimePolicyBypassScopeScopeArray{
    				&aquasec.HostRuntimePolicyBypassScopeScopeArgs{
    					Expression: pulumi.String("string"),
    					Variables: aquasec.HostRuntimePolicyBypassScopeScopeVariableArray{
    						&aquasec.HostRuntimePolicyBypassScopeScopeVariableArgs{
    							Attribute: pulumi.String("string"),
    							Value:     pulumi.String("string"),
    						},
    					},
    				},
    			},
    		},
    	},
    	ContainerExec: &aquasec.HostRuntimePolicyContainerExecArgs{
    		BlockContainerExec: pulumi.Bool(false),
    		ContainerExecProcWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    		ReverseShellIpWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Created:                pulumi.String("string"),
    	Cve:                    pulumi.String("string"),
    	DefaultSecurityProfile: pulumi.String("string"),
    	Description:            pulumi.String("string"),
    	Digest:                 pulumi.String("string"),
    	DriftPreventions: aquasec.HostRuntimePolicyDriftPreventionArray{
    		&aquasec.HostRuntimePolicyDriftPreventionArgs{
    			Enabled:      pulumi.Bool(false),
    			ExecLockdown: pulumi.Bool(false),
    			ExecLockdownWhiteLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			ImageLockdown: pulumi.Bool(false),
    		},
    	},
    	EnableCryptoMiningDns:    pulumi.Bool(false),
    	EnableForkGuard:          pulumi.Bool(false),
    	EnableIpReputation:       pulumi.Bool(false),
    	EnablePortScanProtection: pulumi.Bool(false),
    	Enabled:                  pulumi.Bool(false),
    	Enforce:                  pulumi.Bool(false),
    	EnforceAfterDays:         pulumi.Int(0),
    	EnforceSchedulerAddedOn:  pulumi.Int(0),
    	ExcludeApplicationScopes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ExecutableBlacklists: aquasec.HostRuntimePolicyExecutableBlacklistArray{
    		&aquasec.HostRuntimePolicyExecutableBlacklistArgs{
    			Enabled: pulumi.Bool(false),
    			Executables: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	FailedKubernetesChecks: &aquasec.HostRuntimePolicyFailedKubernetesChecksArgs{
    		Enabled: pulumi.Bool(false),
    		FailedChecks: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	FileBlock: &aquasec.HostRuntimePolicyFileBlockArgs{
    		BlockFilesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		BlockFilesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    		ExceptionalBlockFiles: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalBlockFilesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalBlockFilesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		FilenameBlockLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	FileIntegrityMonitoring: &aquasec.HostRuntimePolicyFileIntegrityMonitoringArgs{
    		Enabled: pulumi.Bool(false),
    		ExceptionalMonitoredFiles: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalMonitoredFilesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalMonitoredFilesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MonitoredFiles: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MonitoredFilesAttributes: pulumi.Bool(false),
    		MonitoredFilesCreate:     pulumi.Bool(false),
    		MonitoredFilesDelete:     pulumi.Bool(false),
    		MonitoredFilesModify:     pulumi.Bool(false),
    		MonitoredFilesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MonitoredFilesRead: pulumi.Bool(false),
    		MonitoredFilesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	ForkGuardProcessLimit: pulumi.Int(0),
    	ImageName:             pulumi.String("string"),
    	IsAuditChecked:        pulumi.Bool(false),
    	IsAutoGenerated:       pulumi.Bool(false),
    	IsOotbPolicy:          pulumi.Bool(false),
    	Lastupdate:            pulumi.Int(0),
    	LimitContainerPrivileges: aquasec.HostRuntimePolicyLimitContainerPrivilegeArray{
    		&aquasec.HostRuntimePolicyLimitContainerPrivilegeArgs{
    			BlockAddCapabilities:  pulumi.Bool(false),
    			Enabled:               pulumi.Bool(false),
    			Ipcmode:               pulumi.Bool(false),
    			Netmode:               pulumi.Bool(false),
    			Pidmode:               pulumi.Bool(false),
    			PreventLowPortBinding: pulumi.Bool(false),
    			PreventRootUser:       pulumi.Bool(false),
    			Privileged:            pulumi.Bool(false),
    			UseHostUser:           pulumi.Bool(false),
    			Usermode:              pulumi.Bool(false),
    			Utsmode:               pulumi.Bool(false),
    		},
    	},
    	LinuxCapabilities: &aquasec.HostRuntimePolicyLinuxCapabilitiesArgs{
    		Enabled: pulumi.Bool(false),
    		RemoveLinuxCapabilities: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	MalwareScanOptions: &aquasec.HostRuntimePolicyMalwareScanOptionsArgs{
    		Action:  pulumi.String("string"),
    		Enabled: pulumi.Bool(false),
    		ExcludeDirectories: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExcludeProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		IncludeDirectories: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	MonitorSystemLogIntegrity: pulumi.Bool(false),
    	MonitorSystemTimeChanges:  pulumi.Bool(false),
    	MonitorWindowsServices:    pulumi.Bool(false),
    	Name:                      pulumi.String("string"),
    	NoNewPrivileges:           pulumi.Bool(false),
    	OnlyRegisteredImages:      pulumi.Bool(false),
    	OsGroupsAlloweds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	OsGroupsBlockeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	OsUsersAlloweds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	OsUsersBlockeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	PackageBlocks: aquasec.HostRuntimePolicyPackageBlockArray{
    		&aquasec.HostRuntimePolicyPackageBlockArgs{
    			BlockPackagesProcesses: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			BlockPackagesUsers: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Enabled: pulumi.Bool(false),
    			ExceptionalBlockPackagesFiles: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			ExceptionalBlockPackagesProcesses: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			ExceptionalBlockPackagesUsers: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			PackagesBlackLists: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	Permission: pulumi.String("string"),
    	PortBlock: &aquasec.HostRuntimePolicyPortBlockArgs{
    		BlockInboundPorts: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		BlockOutboundPorts: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled: pulumi.Bool(false),
    	},
    	ReadonlyFiles: &aquasec.HostRuntimePolicyReadonlyFilesArgs{
    		Enabled: pulumi.Bool(false),
    		ExceptionalReadonlyFiles: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalReadonlyFilesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalReadonlyFilesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyFiles: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyFilesProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyFilesUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	ReadonlyRegistry: &aquasec.HostRuntimePolicyReadonlyRegistryArgs{
    		Enabled: pulumi.Bool(false),
    		ExceptionalReadonlyRegistryPaths: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalReadonlyRegistryProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalReadonlyRegistryUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyRegistryPaths: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyRegistryProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReadonlyRegistryUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Registry: pulumi.String("string"),
    	RegistryAccessMonitoring: &aquasec.HostRuntimePolicyRegistryAccessMonitoringArgs{
    		Enabled: pulumi.Bool(false),
    		ExceptionalMonitoredRegistryPaths: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalMonitoredRegistryProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ExceptionalMonitoredRegistryUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MonitoredRegistryAttributes: pulumi.Bool(false),
    		MonitoredRegistryCreate:     pulumi.Bool(false),
    		MonitoredRegistryDelete:     pulumi.Bool(false),
    		MonitoredRegistryModify:     pulumi.Bool(false),
    		MonitoredRegistryPaths: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MonitoredRegistryProcesses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		MonitoredRegistryRead: pulumi.Bool(false),
    		MonitoredRegistryUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	RepoName:     pulumi.String("string"),
    	ResourceName: pulumi.String("string"),
    	ResourceType: pulumi.String("string"),
    	RestrictedVolumes: aquasec.HostRuntimePolicyRestrictedVolumeArray{
    		&aquasec.HostRuntimePolicyRestrictedVolumeArgs{
    			Enabled: pulumi.Bool(false),
    			Volumes: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	ReverseShell: &aquasec.HostRuntimePolicyReverseShellArgs{
    		BlockReverseShell: pulumi.Bool(false),
    		Enabled:           pulumi.Bool(false),
    		ReverseShellIpWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ReverseShellProcWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	RuntimeMode:     pulumi.Int(0),
    	RuntimeType:     pulumi.String("string"),
    	ScopeExpression: pulumi.String("string"),
    	ScopeVariables: aquasec.HostRuntimePolicyScopeVariableArray{
    		&aquasec.HostRuntimePolicyScopeVariableArgs{
    			Attribute: pulumi.String("string"),
    			Value:     pulumi.String("string"),
    			Name:      pulumi.String("string"),
    		},
    	},
    	Scopes: aquasec.HostRuntimePolicyScopeArray{
    		&aquasec.HostRuntimePolicyScopeArgs{
    			Expression: pulumi.String("string"),
    			Variables: aquasec.HostRuntimePolicyScopeVariableArray{
    				&aquasec.HostRuntimePolicyScopeVariableArgs{
    					Attribute: pulumi.String("string"),
    					Value:     pulumi.String("string"),
    					Name:      pulumi.String("string"),
    				},
    			},
    		},
    	},
    	SystemIntegrityProtection: &aquasec.HostRuntimePolicySystemIntegrityProtectionArgs{
    		AuditSystemtimeChange:     pulumi.Bool(false),
    		Enabled:                   pulumi.Bool(false),
    		MonitorAuditLogIntegrity:  pulumi.Bool(false),
    		WindowsServicesMonitoring: pulumi.Bool(false),
    	},
    	Tripwire: &aquasec.HostRuntimePolicyTripwireArgs{
    		ApplyOns: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Enabled:       pulumi.Bool(false),
    		ServerlessApp: pulumi.String("string"),
    		UserId:        pulumi.String("string"),
    		UserPassword:  pulumi.String("string"),
    	},
    	Type:          pulumi.String("string"),
    	Updated:       pulumi.String("string"),
    	Version:       pulumi.String("string"),
    	VpatchVersion: pulumi.String("string"),
    	WhitelistedOsUsers: &aquasec.HostRuntimePolicyWhitelistedOsUsersArgs{
    		Enabled: pulumi.Bool(false),
    		GroupWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		UserWhiteLists: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    })
    
    var hostRuntimePolicyResource = new HostRuntimePolicy("hostRuntimePolicyResource", HostRuntimePolicyArgs.builder()
        .allowedExecutables(HostRuntimePolicyAllowedExecutableArgs.builder()
            .allowExecutables("string")
            .allowRootExecutables("string")
            .enabled(false)
            .separateExecutables(false)
            .build())
        .allowedRegistries(HostRuntimePolicyAllowedRegistryArgs.builder()
            .allowedRegistries("string")
            .enabled(false)
            .build())
        .applicationScopes("string")
        .auditBruteForceLogin(false)
        .auditFullCommandArguments(false)
        .auditHostFailedLoginEvents(false)
        .auditHostSuccessfulLoginEvents(false)
        .auditUserAccountManagement(false)
        .auditing(HostRuntimePolicyAuditingArgs.builder()
            .auditAllNetwork(false)
            .auditAllProcesses(false)
            .auditFailedLogin(false)
            .auditOsUserActivity(false)
            .auditProcessCmdline(false)
            .auditSuccessLogin(false)
            .auditUserAccountManagement(false)
            .enabled(false)
            .build())
        .author("string")
        .blacklistedOsUsers(HostRuntimePolicyBlacklistedOsUsersArgs.builder()
            .enabled(false)
            .groupBlackLists("string")
            .userBlackLists("string")
            .build())
        .blockContainerExec(false)
        .blockCryptocurrencyMining(false)
        .blockDisallowedImages(false)
        .blockFilelessExec(false)
        .blockNonCompliantWorkloads(false)
        .blockNonK8sContainers(false)
        .blockedFiles("string")
        .bypassScopes(HostRuntimePolicyBypassScopeArgs.builder()
            .enabled(false)
            .scopes(HostRuntimePolicyBypassScopeScopeArgs.builder()
                .expression("string")
                .variables(HostRuntimePolicyBypassScopeScopeVariableArgs.builder()
                    .attribute("string")
                    .value("string")
                    .build())
                .build())
            .build())
        .containerExec(HostRuntimePolicyContainerExecArgs.builder()
            .blockContainerExec(false)
            .containerExecProcWhiteLists("string")
            .enabled(false)
            .reverseShellIpWhiteLists("string")
            .build())
        .created("string")
        .cve("string")
        .defaultSecurityProfile("string")
        .description("string")
        .digest("string")
        .driftPreventions(HostRuntimePolicyDriftPreventionArgs.builder()
            .enabled(false)
            .execLockdown(false)
            .execLockdownWhiteLists("string")
            .imageLockdown(false)
            .build())
        .enableCryptoMiningDns(false)
        .enableForkGuard(false)
        .enableIpReputation(false)
        .enablePortScanProtection(false)
        .enabled(false)
        .enforce(false)
        .enforceAfterDays(0)
        .enforceSchedulerAddedOn(0)
        .excludeApplicationScopes("string")
        .executableBlacklists(HostRuntimePolicyExecutableBlacklistArgs.builder()
            .enabled(false)
            .executables("string")
            .build())
        .failedKubernetesChecks(HostRuntimePolicyFailedKubernetesChecksArgs.builder()
            .enabled(false)
            .failedChecks("string")
            .build())
        .fileBlock(HostRuntimePolicyFileBlockArgs.builder()
            .blockFilesProcesses("string")
            .blockFilesUsers("string")
            .enabled(false)
            .exceptionalBlockFiles("string")
            .exceptionalBlockFilesProcesses("string")
            .exceptionalBlockFilesUsers("string")
            .filenameBlockLists("string")
            .build())
        .fileIntegrityMonitoring(HostRuntimePolicyFileIntegrityMonitoringArgs.builder()
            .enabled(false)
            .exceptionalMonitoredFiles("string")
            .exceptionalMonitoredFilesProcesses("string")
            .exceptionalMonitoredFilesUsers("string")
            .monitoredFiles("string")
            .monitoredFilesAttributes(false)
            .monitoredFilesCreate(false)
            .monitoredFilesDelete(false)
            .monitoredFilesModify(false)
            .monitoredFilesProcesses("string")
            .monitoredFilesRead(false)
            .monitoredFilesUsers("string")
            .build())
        .forkGuardProcessLimit(0)
        .imageName("string")
        .isAuditChecked(false)
        .isAutoGenerated(false)
        .isOotbPolicy(false)
        .lastupdate(0)
        .limitContainerPrivileges(HostRuntimePolicyLimitContainerPrivilegeArgs.builder()
            .blockAddCapabilities(false)
            .enabled(false)
            .ipcmode(false)
            .netmode(false)
            .pidmode(false)
            .preventLowPortBinding(false)
            .preventRootUser(false)
            .privileged(false)
            .useHostUser(false)
            .usermode(false)
            .utsmode(false)
            .build())
        .linuxCapabilities(HostRuntimePolicyLinuxCapabilitiesArgs.builder()
            .enabled(false)
            .removeLinuxCapabilities("string")
            .build())
        .malwareScanOptions(HostRuntimePolicyMalwareScanOptionsArgs.builder()
            .action("string")
            .enabled(false)
            .excludeDirectories("string")
            .excludeProcesses("string")
            .includeDirectories("string")
            .build())
        .monitorSystemLogIntegrity(false)
        .monitorSystemTimeChanges(false)
        .monitorWindowsServices(false)
        .name("string")
        .noNewPrivileges(false)
        .onlyRegisteredImages(false)
        .osGroupsAlloweds("string")
        .osGroupsBlockeds("string")
        .osUsersAlloweds("string")
        .osUsersBlockeds("string")
        .packageBlocks(HostRuntimePolicyPackageBlockArgs.builder()
            .blockPackagesProcesses("string")
            .blockPackagesUsers("string")
            .enabled(false)
            .exceptionalBlockPackagesFiles("string")
            .exceptionalBlockPackagesProcesses("string")
            .exceptionalBlockPackagesUsers("string")
            .packagesBlackLists("string")
            .build())
        .permission("string")
        .portBlock(HostRuntimePolicyPortBlockArgs.builder()
            .blockInboundPorts("string")
            .blockOutboundPorts("string")
            .enabled(false)
            .build())
        .readonlyFiles(HostRuntimePolicyReadonlyFilesArgs.builder()
            .enabled(false)
            .exceptionalReadonlyFiles("string")
            .exceptionalReadonlyFilesProcesses("string")
            .exceptionalReadonlyFilesUsers("string")
            .readonlyFiles("string")
            .readonlyFilesProcesses("string")
            .readonlyFilesUsers("string")
            .build())
        .readonlyRegistry(HostRuntimePolicyReadonlyRegistryArgs.builder()
            .enabled(false)
            .exceptionalReadonlyRegistryPaths("string")
            .exceptionalReadonlyRegistryProcesses("string")
            .exceptionalReadonlyRegistryUsers("string")
            .readonlyRegistryPaths("string")
            .readonlyRegistryProcesses("string")
            .readonlyRegistryUsers("string")
            .build())
        .registry("string")
        .registryAccessMonitoring(HostRuntimePolicyRegistryAccessMonitoringArgs.builder()
            .enabled(false)
            .exceptionalMonitoredRegistryPaths("string")
            .exceptionalMonitoredRegistryProcesses("string")
            .exceptionalMonitoredRegistryUsers("string")
            .monitoredRegistryAttributes(false)
            .monitoredRegistryCreate(false)
            .monitoredRegistryDelete(false)
            .monitoredRegistryModify(false)
            .monitoredRegistryPaths("string")
            .monitoredRegistryProcesses("string")
            .monitoredRegistryRead(false)
            .monitoredRegistryUsers("string")
            .build())
        .repoName("string")
        .resourceName("string")
        .resourceType("string")
        .restrictedVolumes(HostRuntimePolicyRestrictedVolumeArgs.builder()
            .enabled(false)
            .volumes("string")
            .build())
        .reverseShell(HostRuntimePolicyReverseShellArgs.builder()
            .blockReverseShell(false)
            .enabled(false)
            .reverseShellIpWhiteLists("string")
            .reverseShellProcWhiteLists("string")
            .build())
        .runtimeMode(0)
        .runtimeType("string")
        .scopeExpression("string")
        .scopeVariables(HostRuntimePolicyScopeVariableArgs.builder()
            .attribute("string")
            .value("string")
            .name("string")
            .build())
        .scopes(HostRuntimePolicyScopeArgs.builder()
            .expression("string")
            .variables(HostRuntimePolicyScopeVariableArgs.builder()
                .attribute("string")
                .value("string")
                .name("string")
                .build())
            .build())
        .systemIntegrityProtection(HostRuntimePolicySystemIntegrityProtectionArgs.builder()
            .auditSystemtimeChange(false)
            .enabled(false)
            .monitorAuditLogIntegrity(false)
            .windowsServicesMonitoring(false)
            .build())
        .tripwire(HostRuntimePolicyTripwireArgs.builder()
            .applyOns("string")
            .enabled(false)
            .serverlessApp("string")
            .userId("string")
            .userPassword("string")
            .build())
        .type("string")
        .updated("string")
        .version("string")
        .vpatchVersion("string")
        .whitelistedOsUsers(HostRuntimePolicyWhitelistedOsUsersArgs.builder()
            .enabled(false)
            .groupWhiteLists("string")
            .userWhiteLists("string")
            .build())
        .build());
    
    host_runtime_policy_resource = aquasec.HostRuntimePolicy("hostRuntimePolicyResource",
        allowed_executables=[aquasec.HostRuntimePolicyAllowedExecutableArgs(
            allow_executables=["string"],
            allow_root_executables=["string"],
            enabled=False,
            separate_executables=False,
        )],
        allowed_registries=[aquasec.HostRuntimePolicyAllowedRegistryArgs(
            allowed_registries=["string"],
            enabled=False,
        )],
        application_scopes=["string"],
        audit_brute_force_login=False,
        audit_full_command_arguments=False,
        audit_host_failed_login_events=False,
        audit_host_successful_login_events=False,
        audit_user_account_management=False,
        auditing=aquasec.HostRuntimePolicyAuditingArgs(
            audit_all_network=False,
            audit_all_processes=False,
            audit_failed_login=False,
            audit_os_user_activity=False,
            audit_process_cmdline=False,
            audit_success_login=False,
            audit_user_account_management=False,
            enabled=False,
        ),
        author="string",
        blacklisted_os_users=aquasec.HostRuntimePolicyBlacklistedOsUsersArgs(
            enabled=False,
            group_black_lists=["string"],
            user_black_lists=["string"],
        ),
        block_container_exec=False,
        block_cryptocurrency_mining=False,
        block_disallowed_images=False,
        block_fileless_exec=False,
        block_non_compliant_workloads=False,
        block_non_k8s_containers=False,
        blocked_files=["string"],
        bypass_scopes=[aquasec.HostRuntimePolicyBypassScopeArgs(
            enabled=False,
            scopes=[aquasec.HostRuntimePolicyBypassScopeScopeArgs(
                expression="string",
                variables=[aquasec.HostRuntimePolicyBypassScopeScopeVariableArgs(
                    attribute="string",
                    value="string",
                )],
            )],
        )],
        container_exec=aquasec.HostRuntimePolicyContainerExecArgs(
            block_container_exec=False,
            container_exec_proc_white_lists=["string"],
            enabled=False,
            reverse_shell_ip_white_lists=["string"],
        ),
        created="string",
        cve="string",
        default_security_profile="string",
        description="string",
        digest="string",
        drift_preventions=[aquasec.HostRuntimePolicyDriftPreventionArgs(
            enabled=False,
            exec_lockdown=False,
            exec_lockdown_white_lists=["string"],
            image_lockdown=False,
        )],
        enable_crypto_mining_dns=False,
        enable_fork_guard=False,
        enable_ip_reputation=False,
        enable_port_scan_protection=False,
        enabled=False,
        enforce=False,
        enforce_after_days=0,
        enforce_scheduler_added_on=0,
        exclude_application_scopes=["string"],
        executable_blacklists=[aquasec.HostRuntimePolicyExecutableBlacklistArgs(
            enabled=False,
            executables=["string"],
        )],
        failed_kubernetes_checks=aquasec.HostRuntimePolicyFailedKubernetesChecksArgs(
            enabled=False,
            failed_checks=["string"],
        ),
        file_block=aquasec.HostRuntimePolicyFileBlockArgs(
            block_files_processes=["string"],
            block_files_users=["string"],
            enabled=False,
            exceptional_block_files=["string"],
            exceptional_block_files_processes=["string"],
            exceptional_block_files_users=["string"],
            filename_block_lists=["string"],
        ),
        file_integrity_monitoring=aquasec.HostRuntimePolicyFileIntegrityMonitoringArgs(
            enabled=False,
            exceptional_monitored_files=["string"],
            exceptional_monitored_files_processes=["string"],
            exceptional_monitored_files_users=["string"],
            monitored_files=["string"],
            monitored_files_attributes=False,
            monitored_files_create=False,
            monitored_files_delete=False,
            monitored_files_modify=False,
            monitored_files_processes=["string"],
            monitored_files_read=False,
            monitored_files_users=["string"],
        ),
        fork_guard_process_limit=0,
        image_name="string",
        is_audit_checked=False,
        is_auto_generated=False,
        is_ootb_policy=False,
        lastupdate=0,
        limit_container_privileges=[aquasec.HostRuntimePolicyLimitContainerPrivilegeArgs(
            block_add_capabilities=False,
            enabled=False,
            ipcmode=False,
            netmode=False,
            pidmode=False,
            prevent_low_port_binding=False,
            prevent_root_user=False,
            privileged=False,
            use_host_user=False,
            usermode=False,
            utsmode=False,
        )],
        linux_capabilities=aquasec.HostRuntimePolicyLinuxCapabilitiesArgs(
            enabled=False,
            remove_linux_capabilities=["string"],
        ),
        malware_scan_options=aquasec.HostRuntimePolicyMalwareScanOptionsArgs(
            action="string",
            enabled=False,
            exclude_directories=["string"],
            exclude_processes=["string"],
            include_directories=["string"],
        ),
        monitor_system_log_integrity=False,
        monitor_system_time_changes=False,
        monitor_windows_services=False,
        name="string",
        no_new_privileges=False,
        only_registered_images=False,
        os_groups_alloweds=["string"],
        os_groups_blockeds=["string"],
        os_users_alloweds=["string"],
        os_users_blockeds=["string"],
        package_blocks=[aquasec.HostRuntimePolicyPackageBlockArgs(
            block_packages_processes=["string"],
            block_packages_users=["string"],
            enabled=False,
            exceptional_block_packages_files=["string"],
            exceptional_block_packages_processes=["string"],
            exceptional_block_packages_users=["string"],
            packages_black_lists=["string"],
        )],
        permission="string",
        port_block=aquasec.HostRuntimePolicyPortBlockArgs(
            block_inbound_ports=["string"],
            block_outbound_ports=["string"],
            enabled=False,
        ),
        readonly_files=aquasec.HostRuntimePolicyReadonlyFilesArgs(
            enabled=False,
            exceptional_readonly_files=["string"],
            exceptional_readonly_files_processes=["string"],
            exceptional_readonly_files_users=["string"],
            readonly_files=["string"],
            readonly_files_processes=["string"],
            readonly_files_users=["string"],
        ),
        readonly_registry=aquasec.HostRuntimePolicyReadonlyRegistryArgs(
            enabled=False,
            exceptional_readonly_registry_paths=["string"],
            exceptional_readonly_registry_processes=["string"],
            exceptional_readonly_registry_users=["string"],
            readonly_registry_paths=["string"],
            readonly_registry_processes=["string"],
            readonly_registry_users=["string"],
        ),
        registry="string",
        registry_access_monitoring=aquasec.HostRuntimePolicyRegistryAccessMonitoringArgs(
            enabled=False,
            exceptional_monitored_registry_paths=["string"],
            exceptional_monitored_registry_processes=["string"],
            exceptional_monitored_registry_users=["string"],
            monitored_registry_attributes=False,
            monitored_registry_create=False,
            monitored_registry_delete=False,
            monitored_registry_modify=False,
            monitored_registry_paths=["string"],
            monitored_registry_processes=["string"],
            monitored_registry_read=False,
            monitored_registry_users=["string"],
        ),
        repo_name="string",
        resource_name_="string",
        resource_type="string",
        restricted_volumes=[aquasec.HostRuntimePolicyRestrictedVolumeArgs(
            enabled=False,
            volumes=["string"],
        )],
        reverse_shell=aquasec.HostRuntimePolicyReverseShellArgs(
            block_reverse_shell=False,
            enabled=False,
            reverse_shell_ip_white_lists=["string"],
            reverse_shell_proc_white_lists=["string"],
        ),
        runtime_mode=0,
        runtime_type="string",
        scope_expression="string",
        scope_variables=[aquasec.HostRuntimePolicyScopeVariableArgs(
            attribute="string",
            value="string",
            name="string",
        )],
        scopes=[aquasec.HostRuntimePolicyScopeArgs(
            expression="string",
            variables=[aquasec.HostRuntimePolicyScopeVariableArgs(
                attribute="string",
                value="string",
                name="string",
            )],
        )],
        system_integrity_protection=aquasec.HostRuntimePolicySystemIntegrityProtectionArgs(
            audit_systemtime_change=False,
            enabled=False,
            monitor_audit_log_integrity=False,
            windows_services_monitoring=False,
        ),
        tripwire=aquasec.HostRuntimePolicyTripwireArgs(
            apply_ons=["string"],
            enabled=False,
            serverless_app="string",
            user_id="string",
            user_password="string",
        ),
        type="string",
        updated="string",
        version="string",
        vpatch_version="string",
        whitelisted_os_users=aquasec.HostRuntimePolicyWhitelistedOsUsersArgs(
            enabled=False,
            group_white_lists=["string"],
            user_white_lists=["string"],
        ))
    
    const hostRuntimePolicyResource = new aquasec.HostRuntimePolicy("hostRuntimePolicyResource", {
        allowedExecutables: [{
            allowExecutables: ["string"],
            allowRootExecutables: ["string"],
            enabled: false,
            separateExecutables: false,
        }],
        allowedRegistries: [{
            allowedRegistries: ["string"],
            enabled: false,
        }],
        applicationScopes: ["string"],
        auditBruteForceLogin: false,
        auditFullCommandArguments: false,
        auditHostFailedLoginEvents: false,
        auditHostSuccessfulLoginEvents: false,
        auditUserAccountManagement: false,
        auditing: {
            auditAllNetwork: false,
            auditAllProcesses: false,
            auditFailedLogin: false,
            auditOsUserActivity: false,
            auditProcessCmdline: false,
            auditSuccessLogin: false,
            auditUserAccountManagement: false,
            enabled: false,
        },
        author: "string",
        blacklistedOsUsers: {
            enabled: false,
            groupBlackLists: ["string"],
            userBlackLists: ["string"],
        },
        blockContainerExec: false,
        blockCryptocurrencyMining: false,
        blockDisallowedImages: false,
        blockFilelessExec: false,
        blockNonCompliantWorkloads: false,
        blockNonK8sContainers: false,
        blockedFiles: ["string"],
        bypassScopes: [{
            enabled: false,
            scopes: [{
                expression: "string",
                variables: [{
                    attribute: "string",
                    value: "string",
                }],
            }],
        }],
        containerExec: {
            blockContainerExec: false,
            containerExecProcWhiteLists: ["string"],
            enabled: false,
            reverseShellIpWhiteLists: ["string"],
        },
        created: "string",
        cve: "string",
        defaultSecurityProfile: "string",
        description: "string",
        digest: "string",
        driftPreventions: [{
            enabled: false,
            execLockdown: false,
            execLockdownWhiteLists: ["string"],
            imageLockdown: false,
        }],
        enableCryptoMiningDns: false,
        enableForkGuard: false,
        enableIpReputation: false,
        enablePortScanProtection: false,
        enabled: false,
        enforce: false,
        enforceAfterDays: 0,
        enforceSchedulerAddedOn: 0,
        excludeApplicationScopes: ["string"],
        executableBlacklists: [{
            enabled: false,
            executables: ["string"],
        }],
        failedKubernetesChecks: {
            enabled: false,
            failedChecks: ["string"],
        },
        fileBlock: {
            blockFilesProcesses: ["string"],
            blockFilesUsers: ["string"],
            enabled: false,
            exceptionalBlockFiles: ["string"],
            exceptionalBlockFilesProcesses: ["string"],
            exceptionalBlockFilesUsers: ["string"],
            filenameBlockLists: ["string"],
        },
        fileIntegrityMonitoring: {
            enabled: false,
            exceptionalMonitoredFiles: ["string"],
            exceptionalMonitoredFilesProcesses: ["string"],
            exceptionalMonitoredFilesUsers: ["string"],
            monitoredFiles: ["string"],
            monitoredFilesAttributes: false,
            monitoredFilesCreate: false,
            monitoredFilesDelete: false,
            monitoredFilesModify: false,
            monitoredFilesProcesses: ["string"],
            monitoredFilesRead: false,
            monitoredFilesUsers: ["string"],
        },
        forkGuardProcessLimit: 0,
        imageName: "string",
        isAuditChecked: false,
        isAutoGenerated: false,
        isOotbPolicy: false,
        lastupdate: 0,
        limitContainerPrivileges: [{
            blockAddCapabilities: false,
            enabled: false,
            ipcmode: false,
            netmode: false,
            pidmode: false,
            preventLowPortBinding: false,
            preventRootUser: false,
            privileged: false,
            useHostUser: false,
            usermode: false,
            utsmode: false,
        }],
        linuxCapabilities: {
            enabled: false,
            removeLinuxCapabilities: ["string"],
        },
        malwareScanOptions: {
            action: "string",
            enabled: false,
            excludeDirectories: ["string"],
            excludeProcesses: ["string"],
            includeDirectories: ["string"],
        },
        monitorSystemLogIntegrity: false,
        monitorSystemTimeChanges: false,
        monitorWindowsServices: false,
        name: "string",
        noNewPrivileges: false,
        onlyRegisteredImages: false,
        osGroupsAlloweds: ["string"],
        osGroupsBlockeds: ["string"],
        osUsersAlloweds: ["string"],
        osUsersBlockeds: ["string"],
        packageBlocks: [{
            blockPackagesProcesses: ["string"],
            blockPackagesUsers: ["string"],
            enabled: false,
            exceptionalBlockPackagesFiles: ["string"],
            exceptionalBlockPackagesProcesses: ["string"],
            exceptionalBlockPackagesUsers: ["string"],
            packagesBlackLists: ["string"],
        }],
        permission: "string",
        portBlock: {
            blockInboundPorts: ["string"],
            blockOutboundPorts: ["string"],
            enabled: false,
        },
        readonlyFiles: {
            enabled: false,
            exceptionalReadonlyFiles: ["string"],
            exceptionalReadonlyFilesProcesses: ["string"],
            exceptionalReadonlyFilesUsers: ["string"],
            readonlyFiles: ["string"],
            readonlyFilesProcesses: ["string"],
            readonlyFilesUsers: ["string"],
        },
        readonlyRegistry: {
            enabled: false,
            exceptionalReadonlyRegistryPaths: ["string"],
            exceptionalReadonlyRegistryProcesses: ["string"],
            exceptionalReadonlyRegistryUsers: ["string"],
            readonlyRegistryPaths: ["string"],
            readonlyRegistryProcesses: ["string"],
            readonlyRegistryUsers: ["string"],
        },
        registry: "string",
        registryAccessMonitoring: {
            enabled: false,
            exceptionalMonitoredRegistryPaths: ["string"],
            exceptionalMonitoredRegistryProcesses: ["string"],
            exceptionalMonitoredRegistryUsers: ["string"],
            monitoredRegistryAttributes: false,
            monitoredRegistryCreate: false,
            monitoredRegistryDelete: false,
            monitoredRegistryModify: false,
            monitoredRegistryPaths: ["string"],
            monitoredRegistryProcesses: ["string"],
            monitoredRegistryRead: false,
            monitoredRegistryUsers: ["string"],
        },
        repoName: "string",
        resourceName: "string",
        resourceType: "string",
        restrictedVolumes: [{
            enabled: false,
            volumes: ["string"],
        }],
        reverseShell: {
            blockReverseShell: false,
            enabled: false,
            reverseShellIpWhiteLists: ["string"],
            reverseShellProcWhiteLists: ["string"],
        },
        runtimeMode: 0,
        runtimeType: "string",
        scopeExpression: "string",
        scopeVariables: [{
            attribute: "string",
            value: "string",
            name: "string",
        }],
        scopes: [{
            expression: "string",
            variables: [{
                attribute: "string",
                value: "string",
                name: "string",
            }],
        }],
        systemIntegrityProtection: {
            auditSystemtimeChange: false,
            enabled: false,
            monitorAuditLogIntegrity: false,
            windowsServicesMonitoring: false,
        },
        tripwire: {
            applyOns: ["string"],
            enabled: false,
            serverlessApp: "string",
            userId: "string",
            userPassword: "string",
        },
        type: "string",
        updated: "string",
        version: "string",
        vpatchVersion: "string",
        whitelistedOsUsers: {
            enabled: false,
            groupWhiteLists: ["string"],
            userWhiteLists: ["string"],
        },
    });
    
    type: aquasec:HostRuntimePolicy
    properties:
        allowedExecutables:
            - allowExecutables:
                - string
              allowRootExecutables:
                - string
              enabled: false
              separateExecutables: false
        allowedRegistries:
            - allowedRegistries:
                - string
              enabled: false
        applicationScopes:
            - string
        auditBruteForceLogin: false
        auditFullCommandArguments: false
        auditHostFailedLoginEvents: false
        auditHostSuccessfulLoginEvents: false
        auditUserAccountManagement: false
        auditing:
            auditAllNetwork: false
            auditAllProcesses: false
            auditFailedLogin: false
            auditOsUserActivity: false
            auditProcessCmdline: false
            auditSuccessLogin: false
            auditUserAccountManagement: false
            enabled: false
        author: string
        blacklistedOsUsers:
            enabled: false
            groupBlackLists:
                - string
            userBlackLists:
                - string
        blockContainerExec: false
        blockCryptocurrencyMining: false
        blockDisallowedImages: false
        blockFilelessExec: false
        blockNonCompliantWorkloads: false
        blockNonK8sContainers: false
        blockedFiles:
            - string
        bypassScopes:
            - enabled: false
              scopes:
                - expression: string
                  variables:
                    - attribute: string
                      value: string
        containerExec:
            blockContainerExec: false
            containerExecProcWhiteLists:
                - string
            enabled: false
            reverseShellIpWhiteLists:
                - string
        created: string
        cve: string
        defaultSecurityProfile: string
        description: string
        digest: string
        driftPreventions:
            - enabled: false
              execLockdown: false
              execLockdownWhiteLists:
                - string
              imageLockdown: false
        enableCryptoMiningDns: false
        enableForkGuard: false
        enableIpReputation: false
        enablePortScanProtection: false
        enabled: false
        enforce: false
        enforceAfterDays: 0
        enforceSchedulerAddedOn: 0
        excludeApplicationScopes:
            - string
        executableBlacklists:
            - enabled: false
              executables:
                - string
        failedKubernetesChecks:
            enabled: false
            failedChecks:
                - string
        fileBlock:
            blockFilesProcesses:
                - string
            blockFilesUsers:
                - string
            enabled: false
            exceptionalBlockFiles:
                - string
            exceptionalBlockFilesProcesses:
                - string
            exceptionalBlockFilesUsers:
                - string
            filenameBlockLists:
                - string
        fileIntegrityMonitoring:
            enabled: false
            exceptionalMonitoredFiles:
                - string
            exceptionalMonitoredFilesProcesses:
                - string
            exceptionalMonitoredFilesUsers:
                - string
            monitoredFiles:
                - string
            monitoredFilesAttributes: false
            monitoredFilesCreate: false
            monitoredFilesDelete: false
            monitoredFilesModify: false
            monitoredFilesProcesses:
                - string
            monitoredFilesRead: false
            monitoredFilesUsers:
                - string
        forkGuardProcessLimit: 0
        imageName: string
        isAuditChecked: false
        isAutoGenerated: false
        isOotbPolicy: false
        lastupdate: 0
        limitContainerPrivileges:
            - blockAddCapabilities: false
              enabled: false
              ipcmode: false
              netmode: false
              pidmode: false
              preventLowPortBinding: false
              preventRootUser: false
              privileged: false
              useHostUser: false
              usermode: false
              utsmode: false
        linuxCapabilities:
            enabled: false
            removeLinuxCapabilities:
                - string
        malwareScanOptions:
            action: string
            enabled: false
            excludeDirectories:
                - string
            excludeProcesses:
                - string
            includeDirectories:
                - string
        monitorSystemLogIntegrity: false
        monitorSystemTimeChanges: false
        monitorWindowsServices: false
        name: string
        noNewPrivileges: false
        onlyRegisteredImages: false
        osGroupsAlloweds:
            - string
        osGroupsBlockeds:
            - string
        osUsersAlloweds:
            - string
        osUsersBlockeds:
            - string
        packageBlocks:
            - blockPackagesProcesses:
                - string
              blockPackagesUsers:
                - string
              enabled: false
              exceptionalBlockPackagesFiles:
                - string
              exceptionalBlockPackagesProcesses:
                - string
              exceptionalBlockPackagesUsers:
                - string
              packagesBlackLists:
                - string
        permission: string
        portBlock:
            blockInboundPorts:
                - string
            blockOutboundPorts:
                - string
            enabled: false
        readonlyFiles:
            enabled: false
            exceptionalReadonlyFiles:
                - string
            exceptionalReadonlyFilesProcesses:
                - string
            exceptionalReadonlyFilesUsers:
                - string
            readonlyFiles:
                - string
            readonlyFilesProcesses:
                - string
            readonlyFilesUsers:
                - string
        readonlyRegistry:
            enabled: false
            exceptionalReadonlyRegistryPaths:
                - string
            exceptionalReadonlyRegistryProcesses:
                - string
            exceptionalReadonlyRegistryUsers:
                - string
            readonlyRegistryPaths:
                - string
            readonlyRegistryProcesses:
                - string
            readonlyRegistryUsers:
                - string
        registry: string
        registryAccessMonitoring:
            enabled: false
            exceptionalMonitoredRegistryPaths:
                - string
            exceptionalMonitoredRegistryProcesses:
                - string
            exceptionalMonitoredRegistryUsers:
                - string
            monitoredRegistryAttributes: false
            monitoredRegistryCreate: false
            monitoredRegistryDelete: false
            monitoredRegistryModify: false
            monitoredRegistryPaths:
                - string
            monitoredRegistryProcesses:
                - string
            monitoredRegistryRead: false
            monitoredRegistryUsers:
                - string
        repoName: string
        resourceName: string
        resourceType: string
        restrictedVolumes:
            - enabled: false
              volumes:
                - string
        reverseShell:
            blockReverseShell: false
            enabled: false
            reverseShellIpWhiteLists:
                - string
            reverseShellProcWhiteLists:
                - string
        runtimeMode: 0
        runtimeType: string
        scopeExpression: string
        scopeVariables:
            - attribute: string
              name: string
              value: string
        scopes:
            - expression: string
              variables:
                - attribute: string
                  name: string
                  value: string
        systemIntegrityProtection:
            auditSystemtimeChange: false
            enabled: false
            monitorAuditLogIntegrity: false
            windowsServicesMonitoring: false
        tripwire:
            applyOns:
                - string
            enabled: false
            serverlessApp: string
            userId: string
            userPassword: string
        type: string
        updated: string
        version: string
        vpatchVersion: string
        whitelistedOsUsers:
            enabled: false
            groupWhiteLists:
                - string
            userWhiteLists:
                - string
    

    HostRuntimePolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The HostRuntimePolicy resource accepts the following input properties:

    AllowedExecutables List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    AllowedRegistries List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyAllowedRegistry>
    List of allowed registries.
    ApplicationScopes List<string>
    Indicates the application scope of the service.
    AuditBruteForceLogin bool
    Detects brute force login attempts
    AuditFullCommandArguments bool
    If true, full command arguments will be audited.
    AuditHostFailedLoginEvents bool
    If true, host failed logins will be audited.
    AuditHostSuccessfulLoginEvents bool
    If true, host successful logins will be audited.
    AuditUserAccountManagement bool
    If true, account management will be audited.
    Auditing Pulumiverse.Aquasec.Inputs.HostRuntimePolicyAuditing
    Author string
    Username of the account that created the service.
    BlacklistedOsUsers Pulumiverse.Aquasec.Inputs.HostRuntimePolicyBlacklistedOsUsers
    BlockContainerExec bool
    BlockCryptocurrencyMining bool
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    BlockDisallowedImages bool
    BlockFilelessExec bool
    BlockNonCompliantWorkloads bool
    BlockNonK8sContainers bool
    BlockedFiles List<string>
    List of files that are prevented from being read, modified and executed in the containers.
    BypassScopes List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyBypassScope>
    Bypass scope configuration.
    ContainerExec Pulumiverse.Aquasec.Inputs.HostRuntimePolicyContainerExec
    Created string
    Cve string
    DefaultSecurityProfile string
    Description string
    The description of the host runtime policy
    Digest string
    DriftPreventions List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyDriftPrevention>
    Drift prevention configuration.
    EnableCryptoMiningDns bool
    EnableForkGuard bool
    EnableIpReputation bool
    EnablePortScanProtection bool
    Enabled bool
    Whether allowed executables configuration is enabled.
    Enforce bool
    Indicates that policy should effect container execution (not just for audit).
    EnforceAfterDays int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    EnforceSchedulerAddedOn int
    ExcludeApplicationScopes List<string>
    List of excluded application scopes.
    ExecutableBlacklists List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyExecutableBlacklist>
    Executable blacklist configuration.
    FailedKubernetesChecks Pulumiverse.Aquasec.Inputs.HostRuntimePolicyFailedKubernetesChecks
    FileBlock Pulumiverse.Aquasec.Inputs.HostRuntimePolicyFileBlock
    FileIntegrityMonitoring Pulumiverse.Aquasec.Inputs.HostRuntimePolicyFileIntegrityMonitoring
    Configuration for file integrity monitoring.
    ForkGuardProcessLimit int
    ImageName string
    IsAuditChecked bool
    IsAutoGenerated bool
    IsOotbPolicy bool
    Lastupdate int
    LimitContainerPrivileges List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    LinuxCapabilities Pulumiverse.Aquasec.Inputs.HostRuntimePolicyLinuxCapabilities
    MalwareScanOptions Pulumiverse.Aquasec.Inputs.HostRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    MonitorSystemLogIntegrity bool
    If true, system log will be monitored.
    MonitorSystemTimeChanges bool
    If true, system time changes will be monitored.
    MonitorWindowsServices bool
    If true, windows service operations will be monitored.
    Name string
    Name assigned to the attribute.
    NoNewPrivileges bool
    OnlyRegisteredImages bool
    OsGroupsAlloweds List<string>
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    OsGroupsBlockeds List<string>
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    OsUsersAlloweds List<string>
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    OsUsersBlockeds List<string>
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    PackageBlocks List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyPackageBlock>
    Permission string
    PortBlock Pulumiverse.Aquasec.Inputs.HostRuntimePolicyPortBlock
    ReadonlyFiles Pulumiverse.Aquasec.Inputs.HostRuntimePolicyReadonlyFiles
    ReadonlyRegistry Pulumiverse.Aquasec.Inputs.HostRuntimePolicyReadonlyRegistry
    Registry string
    RegistryAccessMonitoring Pulumiverse.Aquasec.Inputs.HostRuntimePolicyRegistryAccessMonitoring
    RepoName string
    ResourceName string
    ResourceType string
    RestrictedVolumes List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    ReverseShell Pulumiverse.Aquasec.Inputs.HostRuntimePolicyReverseShell
    RuntimeMode int
    RuntimeType string
    ScopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    ScopeVariables List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyScopeVariable>
    List of scope attributes.
    Scopes List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyScope>
    Scope configuration.
    SystemIntegrityProtection Pulumiverse.Aquasec.Inputs.HostRuntimePolicySystemIntegrityProtection
    Tripwire Pulumiverse.Aquasec.Inputs.HostRuntimePolicyTripwire
    Type string
    Updated string
    Version string
    VpatchVersion string
    WhitelistedOsUsers Pulumiverse.Aquasec.Inputs.HostRuntimePolicyWhitelistedOsUsers
    AllowedExecutables []HostRuntimePolicyAllowedExecutableArgs
    Allowed executables configuration.
    AllowedRegistries []HostRuntimePolicyAllowedRegistryArgs
    List of allowed registries.
    ApplicationScopes []string
    Indicates the application scope of the service.
    AuditBruteForceLogin bool
    Detects brute force login attempts
    AuditFullCommandArguments bool
    If true, full command arguments will be audited.
    AuditHostFailedLoginEvents bool
    If true, host failed logins will be audited.
    AuditHostSuccessfulLoginEvents bool
    If true, host successful logins will be audited.
    AuditUserAccountManagement bool
    If true, account management will be audited.
    Auditing HostRuntimePolicyAuditingArgs
    Author string
    Username of the account that created the service.
    BlacklistedOsUsers HostRuntimePolicyBlacklistedOsUsersArgs
    BlockContainerExec bool
    BlockCryptocurrencyMining bool
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    BlockDisallowedImages bool
    BlockFilelessExec bool
    BlockNonCompliantWorkloads bool
    BlockNonK8sContainers bool
    BlockedFiles []string
    List of files that are prevented from being read, modified and executed in the containers.
    BypassScopes []HostRuntimePolicyBypassScopeArgs
    Bypass scope configuration.
    ContainerExec HostRuntimePolicyContainerExecArgs
    Created string
    Cve string
    DefaultSecurityProfile string
    Description string
    The description of the host runtime policy
    Digest string
    DriftPreventions []HostRuntimePolicyDriftPreventionArgs
    Drift prevention configuration.
    EnableCryptoMiningDns bool
    EnableForkGuard bool
    EnableIpReputation bool
    EnablePortScanProtection bool
    Enabled bool
    Whether allowed executables configuration is enabled.
    Enforce bool
    Indicates that policy should effect container execution (not just for audit).
    EnforceAfterDays int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    EnforceSchedulerAddedOn int
    ExcludeApplicationScopes []string
    List of excluded application scopes.
    ExecutableBlacklists []HostRuntimePolicyExecutableBlacklistArgs
    Executable blacklist configuration.
    FailedKubernetesChecks HostRuntimePolicyFailedKubernetesChecksArgs
    FileBlock HostRuntimePolicyFileBlockArgs
    FileIntegrityMonitoring HostRuntimePolicyFileIntegrityMonitoringArgs
    Configuration for file integrity monitoring.
    ForkGuardProcessLimit int
    ImageName string
    IsAuditChecked bool
    IsAutoGenerated bool
    IsOotbPolicy bool
    Lastupdate int
    LimitContainerPrivileges []HostRuntimePolicyLimitContainerPrivilegeArgs
    Container privileges configuration.
    LinuxCapabilities HostRuntimePolicyLinuxCapabilitiesArgs
    MalwareScanOptions HostRuntimePolicyMalwareScanOptionsArgs
    Configuration for Real-Time Malware Protection.
    MonitorSystemLogIntegrity bool
    If true, system log will be monitored.
    MonitorSystemTimeChanges bool
    If true, system time changes will be monitored.
    MonitorWindowsServices bool
    If true, windows service operations will be monitored.
    Name string
    Name assigned to the attribute.
    NoNewPrivileges bool
    OnlyRegisteredImages bool
    OsGroupsAlloweds []string
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    OsGroupsBlockeds []string
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    OsUsersAlloweds []string
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    OsUsersBlockeds []string
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    PackageBlocks []HostRuntimePolicyPackageBlockArgs
    Permission string
    PortBlock HostRuntimePolicyPortBlockArgs
    ReadonlyFiles HostRuntimePolicyReadonlyFilesArgs
    ReadonlyRegistry HostRuntimePolicyReadonlyRegistryArgs
    Registry string
    RegistryAccessMonitoring HostRuntimePolicyRegistryAccessMonitoringArgs
    RepoName string
    ResourceName string
    ResourceType string
    RestrictedVolumes []HostRuntimePolicyRestrictedVolumeArgs
    Restricted volumes configuration.
    ReverseShell HostRuntimePolicyReverseShellArgs
    RuntimeMode int
    RuntimeType string
    ScopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    ScopeVariables []HostRuntimePolicyScopeVariableArgs
    List of scope attributes.
    Scopes []HostRuntimePolicyScopeArgs
    Scope configuration.
    SystemIntegrityProtection HostRuntimePolicySystemIntegrityProtectionArgs
    Tripwire HostRuntimePolicyTripwireArgs
    Type string
    Updated string
    Version string
    VpatchVersion string
    WhitelistedOsUsers HostRuntimePolicyWhitelistedOsUsersArgs
    allowedExecutables List<HostRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    allowedRegistries List<HostRuntimePolicyAllowedRegistry>
    List of allowed registries.
    applicationScopes List<String>
    Indicates the application scope of the service.
    auditBruteForceLogin Boolean
    Detects brute force login attempts
    auditFullCommandArguments Boolean
    If true, full command arguments will be audited.
    auditHostFailedLoginEvents Boolean
    If true, host failed logins will be audited.
    auditHostSuccessfulLoginEvents Boolean
    If true, host successful logins will be audited.
    auditUserAccountManagement Boolean
    If true, account management will be audited.
    auditing HostRuntimePolicyAuditing
    author String
    Username of the account that created the service.
    blacklistedOsUsers HostRuntimePolicyBlacklistedOsUsers
    blockContainerExec Boolean
    blockCryptocurrencyMining Boolean
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    blockDisallowedImages Boolean
    blockFilelessExec Boolean
    blockNonCompliantWorkloads Boolean
    blockNonK8sContainers Boolean
    blockedFiles List<String>
    List of files that are prevented from being read, modified and executed in the containers.
    bypassScopes List<HostRuntimePolicyBypassScope>
    Bypass scope configuration.
    containerExec HostRuntimePolicyContainerExec
    created String
    cve String
    defaultSecurityProfile String
    description String
    The description of the host runtime policy
    digest String
    driftPreventions List<HostRuntimePolicyDriftPrevention>
    Drift prevention configuration.
    enableCryptoMiningDns Boolean
    enableForkGuard Boolean
    enableIpReputation Boolean
    enablePortScanProtection Boolean
    enabled Boolean
    Whether allowed executables configuration is enabled.
    enforce Boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays Integer
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn Integer
    excludeApplicationScopes List<String>
    List of excluded application scopes.
    executableBlacklists List<HostRuntimePolicyExecutableBlacklist>
    Executable blacklist configuration.
    failedKubernetesChecks HostRuntimePolicyFailedKubernetesChecks
    fileBlock HostRuntimePolicyFileBlock
    fileIntegrityMonitoring HostRuntimePolicyFileIntegrityMonitoring
    Configuration for file integrity monitoring.
    forkGuardProcessLimit Integer
    imageName String
    isAuditChecked Boolean
    isAutoGenerated Boolean
    isOotbPolicy Boolean
    lastupdate Integer
    limitContainerPrivileges List<HostRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    linuxCapabilities HostRuntimePolicyLinuxCapabilities
    malwareScanOptions HostRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    monitorSystemLogIntegrity Boolean
    If true, system log will be monitored.
    monitorSystemTimeChanges Boolean
    If true, system time changes will be monitored.
    monitorWindowsServices Boolean
    If true, windows service operations will be monitored.
    name String
    Name assigned to the attribute.
    noNewPrivileges Boolean
    onlyRegisteredImages Boolean
    osGroupsAlloweds List<String>
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osGroupsBlockeds List<String>
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osUsersAlloweds List<String>
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    osUsersBlockeds List<String>
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    packageBlocks List<HostRuntimePolicyPackageBlock>
    permission String
    portBlock HostRuntimePolicyPortBlock
    readonlyFiles HostRuntimePolicyReadonlyFiles
    readonlyRegistry HostRuntimePolicyReadonlyRegistry
    registry String
    registryAccessMonitoring HostRuntimePolicyRegistryAccessMonitoring
    repoName String
    resourceName String
    resourceType String
    restrictedVolumes List<HostRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    reverseShell HostRuntimePolicyReverseShell
    runtimeMode Integer
    runtimeType String
    scopeExpression String
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables List<HostRuntimePolicyScopeVariable>
    List of scope attributes.
    scopes List<HostRuntimePolicyScope>
    Scope configuration.
    systemIntegrityProtection HostRuntimePolicySystemIntegrityProtection
    tripwire HostRuntimePolicyTripwire
    type String
    updated String
    version String
    vpatchVersion String
    whitelistedOsUsers HostRuntimePolicyWhitelistedOsUsers
    allowedExecutables HostRuntimePolicyAllowedExecutable[]
    Allowed executables configuration.
    allowedRegistries HostRuntimePolicyAllowedRegistry[]
    List of allowed registries.
    applicationScopes string[]
    Indicates the application scope of the service.
    auditBruteForceLogin boolean
    Detects brute force login attempts
    auditFullCommandArguments boolean
    If true, full command arguments will be audited.
    auditHostFailedLoginEvents boolean
    If true, host failed logins will be audited.
    auditHostSuccessfulLoginEvents boolean
    If true, host successful logins will be audited.
    auditUserAccountManagement boolean
    If true, account management will be audited.
    auditing HostRuntimePolicyAuditing
    author string
    Username of the account that created the service.
    blacklistedOsUsers HostRuntimePolicyBlacklistedOsUsers
    blockContainerExec boolean
    blockCryptocurrencyMining boolean
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    blockDisallowedImages boolean
    blockFilelessExec boolean
    blockNonCompliantWorkloads boolean
    blockNonK8sContainers boolean
    blockedFiles string[]
    List of files that are prevented from being read, modified and executed in the containers.
    bypassScopes HostRuntimePolicyBypassScope[]
    Bypass scope configuration.
    containerExec HostRuntimePolicyContainerExec
    created string
    cve string
    defaultSecurityProfile string
    description string
    The description of the host runtime policy
    digest string
    driftPreventions HostRuntimePolicyDriftPrevention[]
    Drift prevention configuration.
    enableCryptoMiningDns boolean
    enableForkGuard boolean
    enableIpReputation boolean
    enablePortScanProtection boolean
    enabled boolean
    Whether allowed executables configuration is enabled.
    enforce boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays number
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn number
    excludeApplicationScopes string[]
    List of excluded application scopes.
    executableBlacklists HostRuntimePolicyExecutableBlacklist[]
    Executable blacklist configuration.
    failedKubernetesChecks HostRuntimePolicyFailedKubernetesChecks
    fileBlock HostRuntimePolicyFileBlock
    fileIntegrityMonitoring HostRuntimePolicyFileIntegrityMonitoring
    Configuration for file integrity monitoring.
    forkGuardProcessLimit number
    imageName string
    isAuditChecked boolean
    isAutoGenerated boolean
    isOotbPolicy boolean
    lastupdate number
    limitContainerPrivileges HostRuntimePolicyLimitContainerPrivilege[]
    Container privileges configuration.
    linuxCapabilities HostRuntimePolicyLinuxCapabilities
    malwareScanOptions HostRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    monitorSystemLogIntegrity boolean
    If true, system log will be monitored.
    monitorSystemTimeChanges boolean
    If true, system time changes will be monitored.
    monitorWindowsServices boolean
    If true, windows service operations will be monitored.
    name string
    Name assigned to the attribute.
    noNewPrivileges boolean
    onlyRegisteredImages boolean
    osGroupsAlloweds string[]
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osGroupsBlockeds string[]
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osUsersAlloweds string[]
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    osUsersBlockeds string[]
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    packageBlocks HostRuntimePolicyPackageBlock[]
    permission string
    portBlock HostRuntimePolicyPortBlock
    readonlyFiles HostRuntimePolicyReadonlyFiles
    readonlyRegistry HostRuntimePolicyReadonlyRegistry
    registry string
    registryAccessMonitoring HostRuntimePolicyRegistryAccessMonitoring
    repoName string
    resourceName string
    resourceType string
    restrictedVolumes HostRuntimePolicyRestrictedVolume[]
    Restricted volumes configuration.
    reverseShell HostRuntimePolicyReverseShell
    runtimeMode number
    runtimeType string
    scopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables HostRuntimePolicyScopeVariable[]
    List of scope attributes.
    scopes HostRuntimePolicyScope[]
    Scope configuration.
    systemIntegrityProtection HostRuntimePolicySystemIntegrityProtection
    tripwire HostRuntimePolicyTripwire
    type string
    updated string
    version string
    vpatchVersion string
    whitelistedOsUsers HostRuntimePolicyWhitelistedOsUsers
    allowed_executables Sequence[HostRuntimePolicyAllowedExecutableArgs]
    Allowed executables configuration.
    allowed_registries Sequence[HostRuntimePolicyAllowedRegistryArgs]
    List of allowed registries.
    application_scopes Sequence[str]
    Indicates the application scope of the service.
    audit_brute_force_login bool
    Detects brute force login attempts
    audit_full_command_arguments bool
    If true, full command arguments will be audited.
    audit_host_failed_login_events bool
    If true, host failed logins will be audited.
    audit_host_successful_login_events bool
    If true, host successful logins will be audited.
    audit_user_account_management bool
    If true, account management will be audited.
    auditing HostRuntimePolicyAuditingArgs
    author str
    Username of the account that created the service.
    blacklisted_os_users HostRuntimePolicyBlacklistedOsUsersArgs
    block_container_exec bool
    block_cryptocurrency_mining bool
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    block_disallowed_images bool
    block_fileless_exec bool
    block_non_compliant_workloads bool
    block_non_k8s_containers bool
    blocked_files Sequence[str]
    List of files that are prevented from being read, modified and executed in the containers.
    bypass_scopes Sequence[HostRuntimePolicyBypassScopeArgs]
    Bypass scope configuration.
    container_exec HostRuntimePolicyContainerExecArgs
    created str
    cve str
    default_security_profile str
    description str
    The description of the host runtime policy
    digest str
    drift_preventions Sequence[HostRuntimePolicyDriftPreventionArgs]
    Drift prevention configuration.
    enable_crypto_mining_dns bool
    enable_fork_guard bool
    enable_ip_reputation bool
    enable_port_scan_protection bool
    enabled bool
    Whether allowed executables configuration is enabled.
    enforce bool
    Indicates that policy should effect container execution (not just for audit).
    enforce_after_days int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforce_scheduler_added_on int
    exclude_application_scopes Sequence[str]
    List of excluded application scopes.
    executable_blacklists Sequence[HostRuntimePolicyExecutableBlacklistArgs]
    Executable blacklist configuration.
    failed_kubernetes_checks HostRuntimePolicyFailedKubernetesChecksArgs
    file_block HostRuntimePolicyFileBlockArgs
    file_integrity_monitoring HostRuntimePolicyFileIntegrityMonitoringArgs
    Configuration for file integrity monitoring.
    fork_guard_process_limit int
    image_name str
    is_audit_checked bool
    is_auto_generated bool
    is_ootb_policy bool
    lastupdate int
    limit_container_privileges Sequence[HostRuntimePolicyLimitContainerPrivilegeArgs]
    Container privileges configuration.
    linux_capabilities HostRuntimePolicyLinuxCapabilitiesArgs
    malware_scan_options HostRuntimePolicyMalwareScanOptionsArgs
    Configuration for Real-Time Malware Protection.
    monitor_system_log_integrity bool
    If true, system log will be monitored.
    monitor_system_time_changes bool
    If true, system time changes will be monitored.
    monitor_windows_services bool
    If true, windows service operations will be monitored.
    name str
    Name assigned to the attribute.
    no_new_privileges bool
    only_registered_images bool
    os_groups_alloweds Sequence[str]
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    os_groups_blockeds Sequence[str]
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    os_users_alloweds Sequence[str]
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    os_users_blockeds Sequence[str]
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    package_blocks Sequence[HostRuntimePolicyPackageBlockArgs]
    permission str
    port_block HostRuntimePolicyPortBlockArgs
    readonly_files HostRuntimePolicyReadonlyFilesArgs
    readonly_registry HostRuntimePolicyReadonlyRegistryArgs
    registry str
    registry_access_monitoring HostRuntimePolicyRegistryAccessMonitoringArgs
    repo_name str
    resource_name str
    resource_type str
    restricted_volumes Sequence[HostRuntimePolicyRestrictedVolumeArgs]
    Restricted volumes configuration.
    reverse_shell HostRuntimePolicyReverseShellArgs
    runtime_mode int
    runtime_type str
    scope_expression str
    Logical expression of how to compute the dependency of the scope variables.
    scope_variables Sequence[HostRuntimePolicyScopeVariableArgs]
    List of scope attributes.
    scopes Sequence[HostRuntimePolicyScopeArgs]
    Scope configuration.
    system_integrity_protection HostRuntimePolicySystemIntegrityProtectionArgs
    tripwire HostRuntimePolicyTripwireArgs
    type str
    updated str
    version str
    vpatch_version str
    whitelisted_os_users HostRuntimePolicyWhitelistedOsUsersArgs
    allowedExecutables List<Property Map>
    Allowed executables configuration.
    allowedRegistries List<Property Map>
    List of allowed registries.
    applicationScopes List<String>
    Indicates the application scope of the service.
    auditBruteForceLogin Boolean
    Detects brute force login attempts
    auditFullCommandArguments Boolean
    If true, full command arguments will be audited.
    auditHostFailedLoginEvents Boolean
    If true, host failed logins will be audited.
    auditHostSuccessfulLoginEvents Boolean
    If true, host successful logins will be audited.
    auditUserAccountManagement Boolean
    If true, account management will be audited.
    auditing Property Map
    author String
    Username of the account that created the service.
    blacklistedOsUsers Property Map
    blockContainerExec Boolean
    blockCryptocurrencyMining Boolean
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    blockDisallowedImages Boolean
    blockFilelessExec Boolean
    blockNonCompliantWorkloads Boolean
    blockNonK8sContainers Boolean
    blockedFiles List<String>
    List of files that are prevented from being read, modified and executed in the containers.
    bypassScopes List<Property Map>
    Bypass scope configuration.
    containerExec Property Map
    created String
    cve String
    defaultSecurityProfile String
    description String
    The description of the host runtime policy
    digest String
    driftPreventions List<Property Map>
    Drift prevention configuration.
    enableCryptoMiningDns Boolean
    enableForkGuard Boolean
    enableIpReputation Boolean
    enablePortScanProtection Boolean
    enabled Boolean
    Whether allowed executables configuration is enabled.
    enforce Boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays Number
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn Number
    excludeApplicationScopes List<String>
    List of excluded application scopes.
    executableBlacklists List<Property Map>
    Executable blacklist configuration.
    failedKubernetesChecks Property Map
    fileBlock Property Map
    fileIntegrityMonitoring Property Map
    Configuration for file integrity monitoring.
    forkGuardProcessLimit Number
    imageName String
    isAuditChecked Boolean
    isAutoGenerated Boolean
    isOotbPolicy Boolean
    lastupdate Number
    limitContainerPrivileges List<Property Map>
    Container privileges configuration.
    linuxCapabilities Property Map
    malwareScanOptions Property Map
    Configuration for Real-Time Malware Protection.
    monitorSystemLogIntegrity Boolean
    If true, system log will be monitored.
    monitorSystemTimeChanges Boolean
    If true, system time changes will be monitored.
    monitorWindowsServices Boolean
    If true, windows service operations will be monitored.
    name String
    Name assigned to the attribute.
    noNewPrivileges Boolean
    onlyRegisteredImages Boolean
    osGroupsAlloweds List<String>
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osGroupsBlockeds List<String>
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osUsersAlloweds List<String>
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    osUsersBlockeds List<String>
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    packageBlocks List<Property Map>
    permission String
    portBlock Property Map
    readonlyFiles Property Map
    readonlyRegistry Property Map
    registry String
    registryAccessMonitoring Property Map
    repoName String
    resourceName String
    resourceType String
    restrictedVolumes List<Property Map>
    Restricted volumes configuration.
    reverseShell Property Map
    runtimeMode Number
    runtimeType String
    scopeExpression String
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables List<Property Map>
    List of scope attributes.
    scopes List<Property Map>
    Scope configuration.
    systemIntegrityProtection Property Map
    tripwire Property Map
    type String
    updated String
    version String
    vpatchVersion String
    whitelistedOsUsers Property Map

    Outputs

    All input properties are implicitly available as output properties. Additionally, the HostRuntimePolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing HostRuntimePolicy Resource

    Get an existing HostRuntimePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: HostRuntimePolicyState, opts?: CustomResourceOptions): HostRuntimePolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allowed_executables: Optional[Sequence[HostRuntimePolicyAllowedExecutableArgs]] = None,
            allowed_registries: Optional[Sequence[HostRuntimePolicyAllowedRegistryArgs]] = None,
            application_scopes: Optional[Sequence[str]] = None,
            audit_brute_force_login: Optional[bool] = None,
            audit_full_command_arguments: Optional[bool] = None,
            audit_host_failed_login_events: Optional[bool] = None,
            audit_host_successful_login_events: Optional[bool] = None,
            audit_user_account_management: Optional[bool] = None,
            auditing: Optional[HostRuntimePolicyAuditingArgs] = None,
            author: Optional[str] = None,
            blacklisted_os_users: Optional[HostRuntimePolicyBlacklistedOsUsersArgs] = None,
            block_container_exec: Optional[bool] = None,
            block_cryptocurrency_mining: Optional[bool] = None,
            block_disallowed_images: Optional[bool] = None,
            block_fileless_exec: Optional[bool] = None,
            block_non_compliant_workloads: Optional[bool] = None,
            block_non_k8s_containers: Optional[bool] = None,
            blocked_files: Optional[Sequence[str]] = None,
            bypass_scopes: Optional[Sequence[HostRuntimePolicyBypassScopeArgs]] = None,
            container_exec: Optional[HostRuntimePolicyContainerExecArgs] = None,
            created: Optional[str] = None,
            cve: Optional[str] = None,
            default_security_profile: Optional[str] = None,
            description: Optional[str] = None,
            digest: Optional[str] = None,
            drift_preventions: Optional[Sequence[HostRuntimePolicyDriftPreventionArgs]] = None,
            enable_crypto_mining_dns: Optional[bool] = None,
            enable_fork_guard: Optional[bool] = None,
            enable_ip_reputation: Optional[bool] = None,
            enable_port_scan_protection: Optional[bool] = None,
            enabled: Optional[bool] = None,
            enforce: Optional[bool] = None,
            enforce_after_days: Optional[int] = None,
            enforce_scheduler_added_on: Optional[int] = None,
            exclude_application_scopes: Optional[Sequence[str]] = None,
            executable_blacklists: Optional[Sequence[HostRuntimePolicyExecutableBlacklistArgs]] = None,
            failed_kubernetes_checks: Optional[HostRuntimePolicyFailedKubernetesChecksArgs] = None,
            file_block: Optional[HostRuntimePolicyFileBlockArgs] = None,
            file_integrity_monitoring: Optional[HostRuntimePolicyFileIntegrityMonitoringArgs] = None,
            fork_guard_process_limit: Optional[int] = None,
            image_name: Optional[str] = None,
            is_audit_checked: Optional[bool] = None,
            is_auto_generated: Optional[bool] = None,
            is_ootb_policy: Optional[bool] = None,
            lastupdate: Optional[int] = None,
            limit_container_privileges: Optional[Sequence[HostRuntimePolicyLimitContainerPrivilegeArgs]] = None,
            linux_capabilities: Optional[HostRuntimePolicyLinuxCapabilitiesArgs] = None,
            malware_scan_options: Optional[HostRuntimePolicyMalwareScanOptionsArgs] = None,
            monitor_system_log_integrity: Optional[bool] = None,
            monitor_system_time_changes: Optional[bool] = None,
            monitor_windows_services: Optional[bool] = None,
            name: Optional[str] = None,
            no_new_privileges: Optional[bool] = None,
            only_registered_images: Optional[bool] = None,
            os_groups_alloweds: Optional[Sequence[str]] = None,
            os_groups_blockeds: Optional[Sequence[str]] = None,
            os_users_alloweds: Optional[Sequence[str]] = None,
            os_users_blockeds: Optional[Sequence[str]] = None,
            package_blocks: Optional[Sequence[HostRuntimePolicyPackageBlockArgs]] = None,
            permission: Optional[str] = None,
            port_block: Optional[HostRuntimePolicyPortBlockArgs] = None,
            readonly_files: Optional[HostRuntimePolicyReadonlyFilesArgs] = None,
            readonly_registry: Optional[HostRuntimePolicyReadonlyRegistryArgs] = None,
            registry: Optional[str] = None,
            registry_access_monitoring: Optional[HostRuntimePolicyRegistryAccessMonitoringArgs] = None,
            repo_name: Optional[str] = None,
            resource_name: Optional[str] = None,
            resource_type: Optional[str] = None,
            restricted_volumes: Optional[Sequence[HostRuntimePolicyRestrictedVolumeArgs]] = None,
            reverse_shell: Optional[HostRuntimePolicyReverseShellArgs] = None,
            runtime_mode: Optional[int] = None,
            runtime_type: Optional[str] = None,
            scope_expression: Optional[str] = None,
            scope_variables: Optional[Sequence[HostRuntimePolicyScopeVariableArgs]] = None,
            scopes: Optional[Sequence[HostRuntimePolicyScopeArgs]] = None,
            system_integrity_protection: Optional[HostRuntimePolicySystemIntegrityProtectionArgs] = None,
            tripwire: Optional[HostRuntimePolicyTripwireArgs] = None,
            type: Optional[str] = None,
            updated: Optional[str] = None,
            version: Optional[str] = None,
            vpatch_version: Optional[str] = None,
            whitelisted_os_users: Optional[HostRuntimePolicyWhitelistedOsUsersArgs] = None) -> HostRuntimePolicy
    func GetHostRuntimePolicy(ctx *Context, name string, id IDInput, state *HostRuntimePolicyState, opts ...ResourceOption) (*HostRuntimePolicy, error)
    public static HostRuntimePolicy Get(string name, Input<string> id, HostRuntimePolicyState? state, CustomResourceOptions? opts = null)
    public static HostRuntimePolicy get(String name, Output<String> id, HostRuntimePolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowedExecutables List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    AllowedRegistries List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyAllowedRegistry>
    List of allowed registries.
    ApplicationScopes List<string>
    Indicates the application scope of the service.
    AuditBruteForceLogin bool
    Detects brute force login attempts
    AuditFullCommandArguments bool
    If true, full command arguments will be audited.
    AuditHostFailedLoginEvents bool
    If true, host failed logins will be audited.
    AuditHostSuccessfulLoginEvents bool
    If true, host successful logins will be audited.
    AuditUserAccountManagement bool
    If true, account management will be audited.
    Auditing Pulumiverse.Aquasec.Inputs.HostRuntimePolicyAuditing
    Author string
    Username of the account that created the service.
    BlacklistedOsUsers Pulumiverse.Aquasec.Inputs.HostRuntimePolicyBlacklistedOsUsers
    BlockContainerExec bool
    BlockCryptocurrencyMining bool
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    BlockDisallowedImages bool
    BlockFilelessExec bool
    BlockNonCompliantWorkloads bool
    BlockNonK8sContainers bool
    BlockedFiles List<string>
    List of files that are prevented from being read, modified and executed in the containers.
    BypassScopes List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyBypassScope>
    Bypass scope configuration.
    ContainerExec Pulumiverse.Aquasec.Inputs.HostRuntimePolicyContainerExec
    Created string
    Cve string
    DefaultSecurityProfile string
    Description string
    The description of the host runtime policy
    Digest string
    DriftPreventions List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyDriftPrevention>
    Drift prevention configuration.
    EnableCryptoMiningDns bool
    EnableForkGuard bool
    EnableIpReputation bool
    EnablePortScanProtection bool
    Enabled bool
    Whether allowed executables configuration is enabled.
    Enforce bool
    Indicates that policy should effect container execution (not just for audit).
    EnforceAfterDays int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    EnforceSchedulerAddedOn int
    ExcludeApplicationScopes List<string>
    List of excluded application scopes.
    ExecutableBlacklists List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyExecutableBlacklist>
    Executable blacklist configuration.
    FailedKubernetesChecks Pulumiverse.Aquasec.Inputs.HostRuntimePolicyFailedKubernetesChecks
    FileBlock Pulumiverse.Aquasec.Inputs.HostRuntimePolicyFileBlock
    FileIntegrityMonitoring Pulumiverse.Aquasec.Inputs.HostRuntimePolicyFileIntegrityMonitoring
    Configuration for file integrity monitoring.
    ForkGuardProcessLimit int
    ImageName string
    IsAuditChecked bool
    IsAutoGenerated bool
    IsOotbPolicy bool
    Lastupdate int
    LimitContainerPrivileges List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    LinuxCapabilities Pulumiverse.Aquasec.Inputs.HostRuntimePolicyLinuxCapabilities
    MalwareScanOptions Pulumiverse.Aquasec.Inputs.HostRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    MonitorSystemLogIntegrity bool
    If true, system log will be monitored.
    MonitorSystemTimeChanges bool
    If true, system time changes will be monitored.
    MonitorWindowsServices bool
    If true, windows service operations will be monitored.
    Name string
    Name assigned to the attribute.
    NoNewPrivileges bool
    OnlyRegisteredImages bool
    OsGroupsAlloweds List<string>
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    OsGroupsBlockeds List<string>
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    OsUsersAlloweds List<string>
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    OsUsersBlockeds List<string>
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    PackageBlocks List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyPackageBlock>
    Permission string
    PortBlock Pulumiverse.Aquasec.Inputs.HostRuntimePolicyPortBlock
    ReadonlyFiles Pulumiverse.Aquasec.Inputs.HostRuntimePolicyReadonlyFiles
    ReadonlyRegistry Pulumiverse.Aquasec.Inputs.HostRuntimePolicyReadonlyRegistry
    Registry string
    RegistryAccessMonitoring Pulumiverse.Aquasec.Inputs.HostRuntimePolicyRegistryAccessMonitoring
    RepoName string
    ResourceName string
    ResourceType string
    RestrictedVolumes List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    ReverseShell Pulumiverse.Aquasec.Inputs.HostRuntimePolicyReverseShell
    RuntimeMode int
    RuntimeType string
    ScopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    ScopeVariables List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyScopeVariable>
    List of scope attributes.
    Scopes List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyScope>
    Scope configuration.
    SystemIntegrityProtection Pulumiverse.Aquasec.Inputs.HostRuntimePolicySystemIntegrityProtection
    Tripwire Pulumiverse.Aquasec.Inputs.HostRuntimePolicyTripwire
    Type string
    Updated string
    Version string
    VpatchVersion string
    WhitelistedOsUsers Pulumiverse.Aquasec.Inputs.HostRuntimePolicyWhitelistedOsUsers
    AllowedExecutables []HostRuntimePolicyAllowedExecutableArgs
    Allowed executables configuration.
    AllowedRegistries []HostRuntimePolicyAllowedRegistryArgs
    List of allowed registries.
    ApplicationScopes []string
    Indicates the application scope of the service.
    AuditBruteForceLogin bool
    Detects brute force login attempts
    AuditFullCommandArguments bool
    If true, full command arguments will be audited.
    AuditHostFailedLoginEvents bool
    If true, host failed logins will be audited.
    AuditHostSuccessfulLoginEvents bool
    If true, host successful logins will be audited.
    AuditUserAccountManagement bool
    If true, account management will be audited.
    Auditing HostRuntimePolicyAuditingArgs
    Author string
    Username of the account that created the service.
    BlacklistedOsUsers HostRuntimePolicyBlacklistedOsUsersArgs
    BlockContainerExec bool
    BlockCryptocurrencyMining bool
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    BlockDisallowedImages bool
    BlockFilelessExec bool
    BlockNonCompliantWorkloads bool
    BlockNonK8sContainers bool
    BlockedFiles []string
    List of files that are prevented from being read, modified and executed in the containers.
    BypassScopes []HostRuntimePolicyBypassScopeArgs
    Bypass scope configuration.
    ContainerExec HostRuntimePolicyContainerExecArgs
    Created string
    Cve string
    DefaultSecurityProfile string
    Description string
    The description of the host runtime policy
    Digest string
    DriftPreventions []HostRuntimePolicyDriftPreventionArgs
    Drift prevention configuration.
    EnableCryptoMiningDns bool
    EnableForkGuard bool
    EnableIpReputation bool
    EnablePortScanProtection bool
    Enabled bool
    Whether allowed executables configuration is enabled.
    Enforce bool
    Indicates that policy should effect container execution (not just for audit).
    EnforceAfterDays int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    EnforceSchedulerAddedOn int
    ExcludeApplicationScopes []string
    List of excluded application scopes.
    ExecutableBlacklists []HostRuntimePolicyExecutableBlacklistArgs
    Executable blacklist configuration.
    FailedKubernetesChecks HostRuntimePolicyFailedKubernetesChecksArgs
    FileBlock HostRuntimePolicyFileBlockArgs
    FileIntegrityMonitoring HostRuntimePolicyFileIntegrityMonitoringArgs
    Configuration for file integrity monitoring.
    ForkGuardProcessLimit int
    ImageName string
    IsAuditChecked bool
    IsAutoGenerated bool
    IsOotbPolicy bool
    Lastupdate int
    LimitContainerPrivileges []HostRuntimePolicyLimitContainerPrivilegeArgs
    Container privileges configuration.
    LinuxCapabilities HostRuntimePolicyLinuxCapabilitiesArgs
    MalwareScanOptions HostRuntimePolicyMalwareScanOptionsArgs
    Configuration for Real-Time Malware Protection.
    MonitorSystemLogIntegrity bool
    If true, system log will be monitored.
    MonitorSystemTimeChanges bool
    If true, system time changes will be monitored.
    MonitorWindowsServices bool
    If true, windows service operations will be monitored.
    Name string
    Name assigned to the attribute.
    NoNewPrivileges bool
    OnlyRegisteredImages bool
    OsGroupsAlloweds []string
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    OsGroupsBlockeds []string
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    OsUsersAlloweds []string
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    OsUsersBlockeds []string
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    PackageBlocks []HostRuntimePolicyPackageBlockArgs
    Permission string
    PortBlock HostRuntimePolicyPortBlockArgs
    ReadonlyFiles HostRuntimePolicyReadonlyFilesArgs
    ReadonlyRegistry HostRuntimePolicyReadonlyRegistryArgs
    Registry string
    RegistryAccessMonitoring HostRuntimePolicyRegistryAccessMonitoringArgs
    RepoName string
    ResourceName string
    ResourceType string
    RestrictedVolumes []HostRuntimePolicyRestrictedVolumeArgs
    Restricted volumes configuration.
    ReverseShell HostRuntimePolicyReverseShellArgs
    RuntimeMode int
    RuntimeType string
    ScopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    ScopeVariables []HostRuntimePolicyScopeVariableArgs
    List of scope attributes.
    Scopes []HostRuntimePolicyScopeArgs
    Scope configuration.
    SystemIntegrityProtection HostRuntimePolicySystemIntegrityProtectionArgs
    Tripwire HostRuntimePolicyTripwireArgs
    Type string
    Updated string
    Version string
    VpatchVersion string
    WhitelistedOsUsers HostRuntimePolicyWhitelistedOsUsersArgs
    allowedExecutables List<HostRuntimePolicyAllowedExecutable>
    Allowed executables configuration.
    allowedRegistries List<HostRuntimePolicyAllowedRegistry>
    List of allowed registries.
    applicationScopes List<String>
    Indicates the application scope of the service.
    auditBruteForceLogin Boolean
    Detects brute force login attempts
    auditFullCommandArguments Boolean
    If true, full command arguments will be audited.
    auditHostFailedLoginEvents Boolean
    If true, host failed logins will be audited.
    auditHostSuccessfulLoginEvents Boolean
    If true, host successful logins will be audited.
    auditUserAccountManagement Boolean
    If true, account management will be audited.
    auditing HostRuntimePolicyAuditing
    author String
    Username of the account that created the service.
    blacklistedOsUsers HostRuntimePolicyBlacklistedOsUsers
    blockContainerExec Boolean
    blockCryptocurrencyMining Boolean
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    blockDisallowedImages Boolean
    blockFilelessExec Boolean
    blockNonCompliantWorkloads Boolean
    blockNonK8sContainers Boolean
    blockedFiles List<String>
    List of files that are prevented from being read, modified and executed in the containers.
    bypassScopes List<HostRuntimePolicyBypassScope>
    Bypass scope configuration.
    containerExec HostRuntimePolicyContainerExec
    created String
    cve String
    defaultSecurityProfile String
    description String
    The description of the host runtime policy
    digest String
    driftPreventions List<HostRuntimePolicyDriftPrevention>
    Drift prevention configuration.
    enableCryptoMiningDns Boolean
    enableForkGuard Boolean
    enableIpReputation Boolean
    enablePortScanProtection Boolean
    enabled Boolean
    Whether allowed executables configuration is enabled.
    enforce Boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays Integer
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn Integer
    excludeApplicationScopes List<String>
    List of excluded application scopes.
    executableBlacklists List<HostRuntimePolicyExecutableBlacklist>
    Executable blacklist configuration.
    failedKubernetesChecks HostRuntimePolicyFailedKubernetesChecks
    fileBlock HostRuntimePolicyFileBlock
    fileIntegrityMonitoring HostRuntimePolicyFileIntegrityMonitoring
    Configuration for file integrity monitoring.
    forkGuardProcessLimit Integer
    imageName String
    isAuditChecked Boolean
    isAutoGenerated Boolean
    isOotbPolicy Boolean
    lastupdate Integer
    limitContainerPrivileges List<HostRuntimePolicyLimitContainerPrivilege>
    Container privileges configuration.
    linuxCapabilities HostRuntimePolicyLinuxCapabilities
    malwareScanOptions HostRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    monitorSystemLogIntegrity Boolean
    If true, system log will be monitored.
    monitorSystemTimeChanges Boolean
    If true, system time changes will be monitored.
    monitorWindowsServices Boolean
    If true, windows service operations will be monitored.
    name String
    Name assigned to the attribute.
    noNewPrivileges Boolean
    onlyRegisteredImages Boolean
    osGroupsAlloweds List<String>
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osGroupsBlockeds List<String>
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osUsersAlloweds List<String>
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    osUsersBlockeds List<String>
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    packageBlocks List<HostRuntimePolicyPackageBlock>
    permission String
    portBlock HostRuntimePolicyPortBlock
    readonlyFiles HostRuntimePolicyReadonlyFiles
    readonlyRegistry HostRuntimePolicyReadonlyRegistry
    registry String
    registryAccessMonitoring HostRuntimePolicyRegistryAccessMonitoring
    repoName String
    resourceName String
    resourceType String
    restrictedVolumes List<HostRuntimePolicyRestrictedVolume>
    Restricted volumes configuration.
    reverseShell HostRuntimePolicyReverseShell
    runtimeMode Integer
    runtimeType String
    scopeExpression String
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables List<HostRuntimePolicyScopeVariable>
    List of scope attributes.
    scopes List<HostRuntimePolicyScope>
    Scope configuration.
    systemIntegrityProtection HostRuntimePolicySystemIntegrityProtection
    tripwire HostRuntimePolicyTripwire
    type String
    updated String
    version String
    vpatchVersion String
    whitelistedOsUsers HostRuntimePolicyWhitelistedOsUsers
    allowedExecutables HostRuntimePolicyAllowedExecutable[]
    Allowed executables configuration.
    allowedRegistries HostRuntimePolicyAllowedRegistry[]
    List of allowed registries.
    applicationScopes string[]
    Indicates the application scope of the service.
    auditBruteForceLogin boolean
    Detects brute force login attempts
    auditFullCommandArguments boolean
    If true, full command arguments will be audited.
    auditHostFailedLoginEvents boolean
    If true, host failed logins will be audited.
    auditHostSuccessfulLoginEvents boolean
    If true, host successful logins will be audited.
    auditUserAccountManagement boolean
    If true, account management will be audited.
    auditing HostRuntimePolicyAuditing
    author string
    Username of the account that created the service.
    blacklistedOsUsers HostRuntimePolicyBlacklistedOsUsers
    blockContainerExec boolean
    blockCryptocurrencyMining boolean
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    blockDisallowedImages boolean
    blockFilelessExec boolean
    blockNonCompliantWorkloads boolean
    blockNonK8sContainers boolean
    blockedFiles string[]
    List of files that are prevented from being read, modified and executed in the containers.
    bypassScopes HostRuntimePolicyBypassScope[]
    Bypass scope configuration.
    containerExec HostRuntimePolicyContainerExec
    created string
    cve string
    defaultSecurityProfile string
    description string
    The description of the host runtime policy
    digest string
    driftPreventions HostRuntimePolicyDriftPrevention[]
    Drift prevention configuration.
    enableCryptoMiningDns boolean
    enableForkGuard boolean
    enableIpReputation boolean
    enablePortScanProtection boolean
    enabled boolean
    Whether allowed executables configuration is enabled.
    enforce boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays number
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn number
    excludeApplicationScopes string[]
    List of excluded application scopes.
    executableBlacklists HostRuntimePolicyExecutableBlacklist[]
    Executable blacklist configuration.
    failedKubernetesChecks HostRuntimePolicyFailedKubernetesChecks
    fileBlock HostRuntimePolicyFileBlock
    fileIntegrityMonitoring HostRuntimePolicyFileIntegrityMonitoring
    Configuration for file integrity monitoring.
    forkGuardProcessLimit number
    imageName string
    isAuditChecked boolean
    isAutoGenerated boolean
    isOotbPolicy boolean
    lastupdate number
    limitContainerPrivileges HostRuntimePolicyLimitContainerPrivilege[]
    Container privileges configuration.
    linuxCapabilities HostRuntimePolicyLinuxCapabilities
    malwareScanOptions HostRuntimePolicyMalwareScanOptions
    Configuration for Real-Time Malware Protection.
    monitorSystemLogIntegrity boolean
    If true, system log will be monitored.
    monitorSystemTimeChanges boolean
    If true, system time changes will be monitored.
    monitorWindowsServices boolean
    If true, windows service operations will be monitored.
    name string
    Name assigned to the attribute.
    noNewPrivileges boolean
    onlyRegisteredImages boolean
    osGroupsAlloweds string[]
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osGroupsBlockeds string[]
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osUsersAlloweds string[]
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    osUsersBlockeds string[]
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    packageBlocks HostRuntimePolicyPackageBlock[]
    permission string
    portBlock HostRuntimePolicyPortBlock
    readonlyFiles HostRuntimePolicyReadonlyFiles
    readonlyRegistry HostRuntimePolicyReadonlyRegistry
    registry string
    registryAccessMonitoring HostRuntimePolicyRegistryAccessMonitoring
    repoName string
    resourceName string
    resourceType string
    restrictedVolumes HostRuntimePolicyRestrictedVolume[]
    Restricted volumes configuration.
    reverseShell HostRuntimePolicyReverseShell
    runtimeMode number
    runtimeType string
    scopeExpression string
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables HostRuntimePolicyScopeVariable[]
    List of scope attributes.
    scopes HostRuntimePolicyScope[]
    Scope configuration.
    systemIntegrityProtection HostRuntimePolicySystemIntegrityProtection
    tripwire HostRuntimePolicyTripwire
    type string
    updated string
    version string
    vpatchVersion string
    whitelistedOsUsers HostRuntimePolicyWhitelistedOsUsers
    allowed_executables Sequence[HostRuntimePolicyAllowedExecutableArgs]
    Allowed executables configuration.
    allowed_registries Sequence[HostRuntimePolicyAllowedRegistryArgs]
    List of allowed registries.
    application_scopes Sequence[str]
    Indicates the application scope of the service.
    audit_brute_force_login bool
    Detects brute force login attempts
    audit_full_command_arguments bool
    If true, full command arguments will be audited.
    audit_host_failed_login_events bool
    If true, host failed logins will be audited.
    audit_host_successful_login_events bool
    If true, host successful logins will be audited.
    audit_user_account_management bool
    If true, account management will be audited.
    auditing HostRuntimePolicyAuditingArgs
    author str
    Username of the account that created the service.
    blacklisted_os_users HostRuntimePolicyBlacklistedOsUsersArgs
    block_container_exec bool
    block_cryptocurrency_mining bool
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    block_disallowed_images bool
    block_fileless_exec bool
    block_non_compliant_workloads bool
    block_non_k8s_containers bool
    blocked_files Sequence[str]
    List of files that are prevented from being read, modified and executed in the containers.
    bypass_scopes Sequence[HostRuntimePolicyBypassScopeArgs]
    Bypass scope configuration.
    container_exec HostRuntimePolicyContainerExecArgs
    created str
    cve str
    default_security_profile str
    description str
    The description of the host runtime policy
    digest str
    drift_preventions Sequence[HostRuntimePolicyDriftPreventionArgs]
    Drift prevention configuration.
    enable_crypto_mining_dns bool
    enable_fork_guard bool
    enable_ip_reputation bool
    enable_port_scan_protection bool
    enabled bool
    Whether allowed executables configuration is enabled.
    enforce bool
    Indicates that policy should effect container execution (not just for audit).
    enforce_after_days int
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforce_scheduler_added_on int
    exclude_application_scopes Sequence[str]
    List of excluded application scopes.
    executable_blacklists Sequence[HostRuntimePolicyExecutableBlacklistArgs]
    Executable blacklist configuration.
    failed_kubernetes_checks HostRuntimePolicyFailedKubernetesChecksArgs
    file_block HostRuntimePolicyFileBlockArgs
    file_integrity_monitoring HostRuntimePolicyFileIntegrityMonitoringArgs
    Configuration for file integrity monitoring.
    fork_guard_process_limit int
    image_name str
    is_audit_checked bool
    is_auto_generated bool
    is_ootb_policy bool
    lastupdate int
    limit_container_privileges Sequence[HostRuntimePolicyLimitContainerPrivilegeArgs]
    Container privileges configuration.
    linux_capabilities HostRuntimePolicyLinuxCapabilitiesArgs
    malware_scan_options HostRuntimePolicyMalwareScanOptionsArgs
    Configuration for Real-Time Malware Protection.
    monitor_system_log_integrity bool
    If true, system log will be monitored.
    monitor_system_time_changes bool
    If true, system time changes will be monitored.
    monitor_windows_services bool
    If true, windows service operations will be monitored.
    name str
    Name assigned to the attribute.
    no_new_privileges bool
    only_registered_images bool
    os_groups_alloweds Sequence[str]
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    os_groups_blockeds Sequence[str]
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    os_users_alloweds Sequence[str]
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    os_users_blockeds Sequence[str]
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    package_blocks Sequence[HostRuntimePolicyPackageBlockArgs]
    permission str
    port_block HostRuntimePolicyPortBlockArgs
    readonly_files HostRuntimePolicyReadonlyFilesArgs
    readonly_registry HostRuntimePolicyReadonlyRegistryArgs
    registry str
    registry_access_monitoring HostRuntimePolicyRegistryAccessMonitoringArgs
    repo_name str
    resource_name str
    resource_type str
    restricted_volumes Sequence[HostRuntimePolicyRestrictedVolumeArgs]
    Restricted volumes configuration.
    reverse_shell HostRuntimePolicyReverseShellArgs
    runtime_mode int
    runtime_type str
    scope_expression str
    Logical expression of how to compute the dependency of the scope variables.
    scope_variables Sequence[HostRuntimePolicyScopeVariableArgs]
    List of scope attributes.
    scopes Sequence[HostRuntimePolicyScopeArgs]
    Scope configuration.
    system_integrity_protection HostRuntimePolicySystemIntegrityProtectionArgs
    tripwire HostRuntimePolicyTripwireArgs
    type str
    updated str
    version str
    vpatch_version str
    whitelisted_os_users HostRuntimePolicyWhitelistedOsUsersArgs
    allowedExecutables List<Property Map>
    Allowed executables configuration.
    allowedRegistries List<Property Map>
    List of allowed registries.
    applicationScopes List<String>
    Indicates the application scope of the service.
    auditBruteForceLogin Boolean
    Detects brute force login attempts
    auditFullCommandArguments Boolean
    If true, full command arguments will be audited.
    auditHostFailedLoginEvents Boolean
    If true, host failed logins will be audited.
    auditHostSuccessfulLoginEvents Boolean
    If true, host successful logins will be audited.
    auditUserAccountManagement Boolean
    If true, account management will be audited.
    auditing Property Map
    author String
    Username of the account that created the service.
    blacklistedOsUsers Property Map
    blockContainerExec Boolean
    blockCryptocurrencyMining Boolean
    Detect and prevent communication to DNS/IP addresses known to be used for Cryptocurrency Mining
    blockDisallowedImages Boolean
    blockFilelessExec Boolean
    blockNonCompliantWorkloads Boolean
    blockNonK8sContainers Boolean
    blockedFiles List<String>
    List of files that are prevented from being read, modified and executed in the containers.
    bypassScopes List<Property Map>
    Bypass scope configuration.
    containerExec Property Map
    created String
    cve String
    defaultSecurityProfile String
    description String
    The description of the host runtime policy
    digest String
    driftPreventions List<Property Map>
    Drift prevention configuration.
    enableCryptoMiningDns Boolean
    enableForkGuard Boolean
    enableIpReputation Boolean
    enablePortScanProtection Boolean
    enabled Boolean
    Whether allowed executables configuration is enabled.
    enforce Boolean
    Indicates that policy should effect container execution (not just for audit).
    enforceAfterDays Number
    Indicates the number of days after which the runtime policy will be changed to enforce mode.
    enforceSchedulerAddedOn Number
    excludeApplicationScopes List<String>
    List of excluded application scopes.
    executableBlacklists List<Property Map>
    Executable blacklist configuration.
    failedKubernetesChecks Property Map
    fileBlock Property Map
    fileIntegrityMonitoring Property Map
    Configuration for file integrity monitoring.
    forkGuardProcessLimit Number
    imageName String
    isAuditChecked Boolean
    isAutoGenerated Boolean
    isOotbPolicy Boolean
    lastupdate Number
    limitContainerPrivileges List<Property Map>
    Container privileges configuration.
    linuxCapabilities Property Map
    malwareScanOptions Property Map
    Configuration for Real-Time Malware Protection.
    monitorSystemLogIntegrity Boolean
    If true, system log will be monitored.
    monitorSystemTimeChanges Boolean
    If true, system time changes will be monitored.
    monitorWindowsServices Boolean
    If true, windows service operations will be monitored.
    name String
    Name assigned to the attribute.
    noNewPrivileges Boolean
    onlyRegisteredImages Boolean
    osGroupsAlloweds List<String>
    List of OS (Linux or Windows) groups that are allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osGroupsBlockeds List<String>
    List of OS (Linux or Windows) groups that are not allowed to authenticate to the host, and block authentication requests from all others. Groups can be either Linux groups or Windows AD groups.
    osUsersAlloweds List<String>
    List of OS (Linux or Windows) users that are allowed to authenticate to the host, and block authentication requests from all others.
    osUsersBlockeds List<String>
    List of OS (Linux or Windows) users that are not allowed to authenticate to the host, and block authentication requests from all others.
    packageBlocks List<Property Map>
    permission String
    portBlock Property Map
    readonlyFiles Property Map
    readonlyRegistry Property Map
    registry String
    registryAccessMonitoring Property Map
    repoName String
    resourceName String
    resourceType String
    restrictedVolumes List<Property Map>
    Restricted volumes configuration.
    reverseShell Property Map
    runtimeMode Number
    runtimeType String
    scopeExpression String
    Logical expression of how to compute the dependency of the scope variables.
    scopeVariables List<Property Map>
    List of scope attributes.
    scopes List<Property Map>
    Scope configuration.
    systemIntegrityProtection Property Map
    tripwire Property Map
    type String
    updated String
    version String
    vpatchVersion String
    whitelistedOsUsers Property Map

    Supporting Types

    HostRuntimePolicyAllowedExecutable, HostRuntimePolicyAllowedExecutableArgs

    AllowExecutables List<string>
    List of allowed executables.
    AllowRootExecutables List<string>
    List of allowed root executables.
    Enabled bool
    Whether allowed executables configuration is enabled.
    SeparateExecutables bool
    Whether to treat executables separately.
    AllowExecutables []string
    List of allowed executables.
    AllowRootExecutables []string
    List of allowed root executables.
    Enabled bool
    Whether allowed executables configuration is enabled.
    SeparateExecutables bool
    Whether to treat executables separately.
    allowExecutables List<String>
    List of allowed executables.
    allowRootExecutables List<String>
    List of allowed root executables.
    enabled Boolean
    Whether allowed executables configuration is enabled.
    separateExecutables Boolean
    Whether to treat executables separately.
    allowExecutables string[]
    List of allowed executables.
    allowRootExecutables string[]
    List of allowed root executables.
    enabled boolean
    Whether allowed executables configuration is enabled.
    separateExecutables boolean
    Whether to treat executables separately.
    allow_executables Sequence[str]
    List of allowed executables.
    allow_root_executables Sequence[str]
    List of allowed root executables.
    enabled bool
    Whether allowed executables configuration is enabled.
    separate_executables bool
    Whether to treat executables separately.
    allowExecutables List<String>
    List of allowed executables.
    allowRootExecutables List<String>
    List of allowed root executables.
    enabled Boolean
    Whether allowed executables configuration is enabled.
    separateExecutables Boolean
    Whether to treat executables separately.

    HostRuntimePolicyAllowedRegistry, HostRuntimePolicyAllowedRegistryArgs

    AllowedRegistries List<string>
    List of allowed registries.
    Enabled bool
    Whether allowed registries are enabled.
    AllowedRegistries []string
    List of allowed registries.
    Enabled bool
    Whether allowed registries are enabled.
    allowedRegistries List<String>
    List of allowed registries.
    enabled Boolean
    Whether allowed registries are enabled.
    allowedRegistries string[]
    List of allowed registries.
    enabled boolean
    Whether allowed registries are enabled.
    allowed_registries Sequence[str]
    List of allowed registries.
    enabled bool
    Whether allowed registries are enabled.
    allowedRegistries List<String>
    List of allowed registries.
    enabled Boolean
    Whether allowed registries are enabled.

    HostRuntimePolicyAuditing, HostRuntimePolicyAuditingArgs

    HostRuntimePolicyBlacklistedOsUsers, HostRuntimePolicyBlacklistedOsUsersArgs

    Enabled bool
    GroupBlackLists List<string>
    UserBlackLists List<string>
    enabled Boolean
    groupBlackLists List<String>
    userBlackLists List<String>
    enabled boolean
    groupBlackLists string[]
    userBlackLists string[]
    enabled bool
    group_black_lists Sequence[str]
    user_black_lists Sequence[str]
    enabled Boolean
    groupBlackLists List<String>
    userBlackLists List<String>

    HostRuntimePolicyBypassScope, HostRuntimePolicyBypassScopeArgs

    Enabled bool
    Whether bypassing the scope is enabled.
    Scopes List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyBypassScopeScope>
    Scope configuration.
    Enabled bool
    Whether bypassing the scope is enabled.
    Scopes []HostRuntimePolicyBypassScopeScope
    Scope configuration.
    enabled Boolean
    Whether bypassing the scope is enabled.
    scopes List<HostRuntimePolicyBypassScopeScope>
    Scope configuration.
    enabled boolean
    Whether bypassing the scope is enabled.
    scopes HostRuntimePolicyBypassScopeScope[]
    Scope configuration.
    enabled bool
    Whether bypassing the scope is enabled.
    scopes Sequence[HostRuntimePolicyBypassScopeScope]
    Scope configuration.
    enabled Boolean
    Whether bypassing the scope is enabled.
    scopes List<Property Map>
    Scope configuration.

    HostRuntimePolicyBypassScopeScope, HostRuntimePolicyBypassScopeScopeArgs

    Expression string
    Scope expression.
    Variables []HostRuntimePolicyBypassScopeScopeVariable
    List of variables in the scope.
    expression String
    Scope expression.
    variables List<HostRuntimePolicyBypassScopeScopeVariable>
    List of variables in the scope.
    expression string
    Scope expression.
    variables HostRuntimePolicyBypassScopeScopeVariable[]
    List of variables in the scope.
    expression str
    Scope expression.
    variables Sequence[HostRuntimePolicyBypassScopeScopeVariable]
    List of variables in the scope.
    expression String
    Scope expression.
    variables List<Property Map>
    List of variables in the scope.

    HostRuntimePolicyBypassScopeScopeVariable, HostRuntimePolicyBypassScopeScopeVariableArgs

    Attribute string
    Variable attribute.
    Value string
    Variable value.
    Attribute string
    Variable attribute.
    Value string
    Variable value.
    attribute String
    Variable attribute.
    value String
    Variable value.
    attribute string
    Variable attribute.
    value string
    Variable value.
    attribute str
    Variable attribute.
    value str
    Variable value.
    attribute String
    Variable attribute.
    value String
    Variable value.

    HostRuntimePolicyContainerExec, HostRuntimePolicyContainerExecArgs

    HostRuntimePolicyDriftPrevention, HostRuntimePolicyDriftPreventionArgs

    Enabled bool
    Whether drift prevention is enabled.
    ExecLockdown bool
    Whether to lockdown execution drift.
    ExecLockdownWhiteLists List<string>
    List of items in the execution lockdown white list.
    ImageLockdown bool
    Whether to lockdown image drift.
    Enabled bool
    Whether drift prevention is enabled.
    ExecLockdown bool
    Whether to lockdown execution drift.
    ExecLockdownWhiteLists []string
    List of items in the execution lockdown white list.
    ImageLockdown bool
    Whether to lockdown image drift.
    enabled Boolean
    Whether drift prevention is enabled.
    execLockdown Boolean
    Whether to lockdown execution drift.
    execLockdownWhiteLists List<String>
    List of items in the execution lockdown white list.
    imageLockdown Boolean
    Whether to lockdown image drift.
    enabled boolean
    Whether drift prevention is enabled.
    execLockdown boolean
    Whether to lockdown execution drift.
    execLockdownWhiteLists string[]
    List of items in the execution lockdown white list.
    imageLockdown boolean
    Whether to lockdown image drift.
    enabled bool
    Whether drift prevention is enabled.
    exec_lockdown bool
    Whether to lockdown execution drift.
    exec_lockdown_white_lists Sequence[str]
    List of items in the execution lockdown white list.
    image_lockdown bool
    Whether to lockdown image drift.
    enabled Boolean
    Whether drift prevention is enabled.
    execLockdown Boolean
    Whether to lockdown execution drift.
    execLockdownWhiteLists List<String>
    List of items in the execution lockdown white list.
    imageLockdown Boolean
    Whether to lockdown image drift.

    HostRuntimePolicyExecutableBlacklist, HostRuntimePolicyExecutableBlacklistArgs

    Enabled bool
    Whether the executable blacklist is enabled.
    Executables List<string>
    List of blacklisted executables.
    Enabled bool
    Whether the executable blacklist is enabled.
    Executables []string
    List of blacklisted executables.
    enabled Boolean
    Whether the executable blacklist is enabled.
    executables List<String>
    List of blacklisted executables.
    enabled boolean
    Whether the executable blacklist is enabled.
    executables string[]
    List of blacklisted executables.
    enabled bool
    Whether the executable blacklist is enabled.
    executables Sequence[str]
    List of blacklisted executables.
    enabled Boolean
    Whether the executable blacklist is enabled.
    executables List<String>
    List of blacklisted executables.

    HostRuntimePolicyFailedKubernetesChecks, HostRuntimePolicyFailedKubernetesChecksArgs

    Enabled bool
    FailedChecks List<string>
    Enabled bool
    FailedChecks []string
    enabled Boolean
    failedChecks List<String>
    enabled boolean
    failedChecks string[]
    enabled bool
    failed_checks Sequence[str]
    enabled Boolean
    failedChecks List<String>

    HostRuntimePolicyFileBlock, HostRuntimePolicyFileBlockArgs

    HostRuntimePolicyFileIntegrityMonitoring, HostRuntimePolicyFileIntegrityMonitoringArgs

    Enabled bool
    If true, file integrity monitoring is enabled.
    ExceptionalMonitoredFiles List<string>
    List of paths to be excluded from monitoring.
    ExceptionalMonitoredFilesProcesses List<string>
    List of processes to be excluded from monitoring.
    ExceptionalMonitoredFilesUsers List<string>
    List of users to be excluded from monitoring.
    MonitoredFiles List<string>
    List of paths to be monitored.
    MonitoredFilesAttributes bool
    Whether to monitor file attribute operations.
    MonitoredFilesCreate bool
    Whether to monitor file create operations.
    MonitoredFilesDelete bool
    Whether to monitor file delete operations.
    MonitoredFilesModify bool
    Whether to monitor file modify operations.
    MonitoredFilesProcesses List<string>
    List of processes associated with monitored files.
    MonitoredFilesRead bool
    Whether to monitor file read operations.
    MonitoredFilesUsers List<string>
    List of users associated with monitored files.
    Enabled bool
    If true, file integrity monitoring is enabled.
    ExceptionalMonitoredFiles []string
    List of paths to be excluded from monitoring.
    ExceptionalMonitoredFilesProcesses []string
    List of processes to be excluded from monitoring.
    ExceptionalMonitoredFilesUsers []string
    List of users to be excluded from monitoring.
    MonitoredFiles []string
    List of paths to be monitored.
    MonitoredFilesAttributes bool
    Whether to monitor file attribute operations.
    MonitoredFilesCreate bool
    Whether to monitor file create operations.
    MonitoredFilesDelete bool
    Whether to monitor file delete operations.
    MonitoredFilesModify bool
    Whether to monitor file modify operations.
    MonitoredFilesProcesses []string
    List of processes associated with monitored files.
    MonitoredFilesRead bool
    Whether to monitor file read operations.
    MonitoredFilesUsers []string
    List of users associated with monitored files.
    enabled Boolean
    If true, file integrity monitoring is enabled.
    exceptionalMonitoredFiles List<String>
    List of paths to be excluded from monitoring.
    exceptionalMonitoredFilesProcesses List<String>
    List of processes to be excluded from monitoring.
    exceptionalMonitoredFilesUsers List<String>
    List of users to be excluded from monitoring.
    monitoredFiles List<String>
    List of paths to be monitored.
    monitoredFilesAttributes Boolean
    Whether to monitor file attribute operations.
    monitoredFilesCreate Boolean
    Whether to monitor file create operations.
    monitoredFilesDelete Boolean
    Whether to monitor file delete operations.
    monitoredFilesModify Boolean
    Whether to monitor file modify operations.
    monitoredFilesProcesses List<String>
    List of processes associated with monitored files.
    monitoredFilesRead Boolean
    Whether to monitor file read operations.
    monitoredFilesUsers List<String>
    List of users associated with monitored files.
    enabled boolean
    If true, file integrity monitoring is enabled.
    exceptionalMonitoredFiles string[]
    List of paths to be excluded from monitoring.
    exceptionalMonitoredFilesProcesses string[]
    List of processes to be excluded from monitoring.
    exceptionalMonitoredFilesUsers string[]
    List of users to be excluded from monitoring.
    monitoredFiles string[]
    List of paths to be monitored.
    monitoredFilesAttributes boolean
    Whether to monitor file attribute operations.
    monitoredFilesCreate boolean
    Whether to monitor file create operations.
    monitoredFilesDelete boolean
    Whether to monitor file delete operations.
    monitoredFilesModify boolean
    Whether to monitor file modify operations.
    monitoredFilesProcesses string[]
    List of processes associated with monitored files.
    monitoredFilesRead boolean
    Whether to monitor file read operations.
    monitoredFilesUsers string[]
    List of users associated with monitored files.
    enabled bool
    If true, file integrity monitoring is enabled.
    exceptional_monitored_files Sequence[str]
    List of paths to be excluded from monitoring.
    exceptional_monitored_files_processes Sequence[str]
    List of processes to be excluded from monitoring.
    exceptional_monitored_files_users Sequence[str]
    List of users to be excluded from monitoring.
    monitored_files Sequence[str]
    List of paths to be monitored.
    monitored_files_attributes bool
    Whether to monitor file attribute operations.
    monitored_files_create bool
    Whether to monitor file create operations.
    monitored_files_delete bool
    Whether to monitor file delete operations.
    monitored_files_modify bool
    Whether to monitor file modify operations.
    monitored_files_processes Sequence[str]
    List of processes associated with monitored files.
    monitored_files_read bool
    Whether to monitor file read operations.
    monitored_files_users Sequence[str]
    List of users associated with monitored files.
    enabled Boolean
    If true, file integrity monitoring is enabled.
    exceptionalMonitoredFiles List<String>
    List of paths to be excluded from monitoring.
    exceptionalMonitoredFilesProcesses List<String>
    List of processes to be excluded from monitoring.
    exceptionalMonitoredFilesUsers List<String>
    List of users to be excluded from monitoring.
    monitoredFiles List<String>
    List of paths to be monitored.
    monitoredFilesAttributes Boolean
    Whether to monitor file attribute operations.
    monitoredFilesCreate Boolean
    Whether to monitor file create operations.
    monitoredFilesDelete Boolean
    Whether to monitor file delete operations.
    monitoredFilesModify Boolean
    Whether to monitor file modify operations.
    monitoredFilesProcesses List<String>
    List of processes associated with monitored files.
    monitoredFilesRead Boolean
    Whether to monitor file read operations.
    monitoredFilesUsers List<String>
    List of users associated with monitored files.

    HostRuntimePolicyLimitContainerPrivilege, HostRuntimePolicyLimitContainerPrivilegeArgs

    BlockAddCapabilities bool
    Whether to block adding capabilities.
    Enabled bool
    Whether container privilege limitations are enabled.
    Ipcmode bool
    Whether to limit IPC-related capabilities.
    Netmode bool
    Whether to limit network-related capabilities.
    Pidmode bool
    Whether to limit process-related capabilities.
    PreventLowPortBinding bool
    Whether to prevent low port binding.
    PreventRootUser bool
    Whether to prevent the use of the root user.
    Privileged bool
    Whether the container is run in privileged mode.
    UseHostUser bool
    Whether to use the host user.
    Usermode bool
    Whether to limit user-related capabilities.
    Utsmode bool
    Whether to limit UTS-related capabilities.
    BlockAddCapabilities bool
    Whether to block adding capabilities.
    Enabled bool
    Whether container privilege limitations are enabled.
    Ipcmode bool
    Whether to limit IPC-related capabilities.
    Netmode bool
    Whether to limit network-related capabilities.
    Pidmode bool
    Whether to limit process-related capabilities.
    PreventLowPortBinding bool
    Whether to prevent low port binding.
    PreventRootUser bool
    Whether to prevent the use of the root user.
    Privileged bool
    Whether the container is run in privileged mode.
    UseHostUser bool
    Whether to use the host user.
    Usermode bool
    Whether to limit user-related capabilities.
    Utsmode bool
    Whether to limit UTS-related capabilities.
    blockAddCapabilities Boolean
    Whether to block adding capabilities.
    enabled Boolean
    Whether container privilege limitations are enabled.
    ipcmode Boolean
    Whether to limit IPC-related capabilities.
    netmode Boolean
    Whether to limit network-related capabilities.
    pidmode Boolean
    Whether to limit process-related capabilities.
    preventLowPortBinding Boolean
    Whether to prevent low port binding.
    preventRootUser Boolean
    Whether to prevent the use of the root user.
    privileged Boolean
    Whether the container is run in privileged mode.
    useHostUser Boolean
    Whether to use the host user.
    usermode Boolean
    Whether to limit user-related capabilities.
    utsmode Boolean
    Whether to limit UTS-related capabilities.
    blockAddCapabilities boolean
    Whether to block adding capabilities.
    enabled boolean
    Whether container privilege limitations are enabled.
    ipcmode boolean
    Whether to limit IPC-related capabilities.
    netmode boolean
    Whether to limit network-related capabilities.
    pidmode boolean
    Whether to limit process-related capabilities.
    preventLowPortBinding boolean
    Whether to prevent low port binding.
    preventRootUser boolean
    Whether to prevent the use of the root user.
    privileged boolean
    Whether the container is run in privileged mode.
    useHostUser boolean
    Whether to use the host user.
    usermode boolean
    Whether to limit user-related capabilities.
    utsmode boolean
    Whether to limit UTS-related capabilities.
    block_add_capabilities bool
    Whether to block adding capabilities.
    enabled bool
    Whether container privilege limitations are enabled.
    ipcmode bool
    Whether to limit IPC-related capabilities.
    netmode bool
    Whether to limit network-related capabilities.
    pidmode bool
    Whether to limit process-related capabilities.
    prevent_low_port_binding bool
    Whether to prevent low port binding.
    prevent_root_user bool
    Whether to prevent the use of the root user.
    privileged bool
    Whether the container is run in privileged mode.
    use_host_user bool
    Whether to use the host user.
    usermode bool
    Whether to limit user-related capabilities.
    utsmode bool
    Whether to limit UTS-related capabilities.
    blockAddCapabilities Boolean
    Whether to block adding capabilities.
    enabled Boolean
    Whether container privilege limitations are enabled.
    ipcmode Boolean
    Whether to limit IPC-related capabilities.
    netmode Boolean
    Whether to limit network-related capabilities.
    pidmode Boolean
    Whether to limit process-related capabilities.
    preventLowPortBinding Boolean
    Whether to prevent low port binding.
    preventRootUser Boolean
    Whether to prevent the use of the root user.
    privileged Boolean
    Whether the container is run in privileged mode.
    useHostUser Boolean
    Whether to use the host user.
    usermode Boolean
    Whether to limit user-related capabilities.
    utsmode Boolean
    Whether to limit UTS-related capabilities.

    HostRuntimePolicyLinuxCapabilities, HostRuntimePolicyLinuxCapabilitiesArgs

    enabled Boolean
    removeLinuxCapabilities List<String>
    enabled Boolean
    removeLinuxCapabilities List<String>

    HostRuntimePolicyMalwareScanOptions, HostRuntimePolicyMalwareScanOptionsArgs

    Action string
    Set Action, Defaults to 'Alert' when empty
    Enabled bool
    Defines if enabled or not
    ExcludeDirectories List<string>
    List of registry paths to be excluded from being protected.
    ExcludeProcesses List<string>
    List of registry processes to be excluded from being protected.
    IncludeDirectories List<string>
    List of registry paths to be excluded from being protected.
    Action string
    Set Action, Defaults to 'Alert' when empty
    Enabled bool
    Defines if enabled or not
    ExcludeDirectories []string
    List of registry paths to be excluded from being protected.
    ExcludeProcesses []string
    List of registry processes to be excluded from being protected.
    IncludeDirectories []string
    List of registry paths to be excluded from being protected.
    action String
    Set Action, Defaults to 'Alert' when empty
    enabled Boolean
    Defines if enabled or not
    excludeDirectories List<String>
    List of registry paths to be excluded from being protected.
    excludeProcesses List<String>
    List of registry processes to be excluded from being protected.
    includeDirectories List<String>
    List of registry paths to be excluded from being protected.
    action string
    Set Action, Defaults to 'Alert' when empty
    enabled boolean
    Defines if enabled or not
    excludeDirectories string[]
    List of registry paths to be excluded from being protected.
    excludeProcesses string[]
    List of registry processes to be excluded from being protected.
    includeDirectories string[]
    List of registry paths to be excluded from being protected.
    action str
    Set Action, Defaults to 'Alert' when empty
    enabled bool
    Defines if enabled or not
    exclude_directories Sequence[str]
    List of registry paths to be excluded from being protected.
    exclude_processes Sequence[str]
    List of registry processes to be excluded from being protected.
    include_directories Sequence[str]
    List of registry paths to be excluded from being protected.
    action String
    Set Action, Defaults to 'Alert' when empty
    enabled Boolean
    Defines if enabled or not
    excludeDirectories List<String>
    List of registry paths to be excluded from being protected.
    excludeProcesses List<String>
    List of registry processes to be excluded from being protected.
    includeDirectories List<String>
    List of registry paths to be excluded from being protected.

    HostRuntimePolicyPackageBlock, HostRuntimePolicyPackageBlockArgs

    HostRuntimePolicyPortBlock, HostRuntimePolicyPortBlockArgs

    BlockInboundPorts List<string>
    BlockOutboundPorts List<string>
    Enabled bool
    blockInboundPorts List<String>
    blockOutboundPorts List<String>
    enabled Boolean
    block_inbound_ports Sequence[str]
    block_outbound_ports Sequence[str]
    enabled bool
    blockInboundPorts List<String>
    blockOutboundPorts List<String>
    enabled Boolean

    HostRuntimePolicyReadonlyFiles, HostRuntimePolicyReadonlyFilesArgs

    HostRuntimePolicyReadonlyRegistry, HostRuntimePolicyReadonlyRegistryArgs

    HostRuntimePolicyRegistryAccessMonitoring, HostRuntimePolicyRegistryAccessMonitoringArgs

    HostRuntimePolicyRestrictedVolume, HostRuntimePolicyRestrictedVolumeArgs

    Enabled bool
    Whether restricted volumes are enabled.
    Volumes List<string>
    List of restricted volumes.
    Enabled bool
    Whether restricted volumes are enabled.
    Volumes []string
    List of restricted volumes.
    enabled Boolean
    Whether restricted volumes are enabled.
    volumes List<String>
    List of restricted volumes.
    enabled boolean
    Whether restricted volumes are enabled.
    volumes string[]
    List of restricted volumes.
    enabled bool
    Whether restricted volumes are enabled.
    volumes Sequence[str]
    List of restricted volumes.
    enabled Boolean
    Whether restricted volumes are enabled.
    volumes List<String>
    List of restricted volumes.

    HostRuntimePolicyReverseShell, HostRuntimePolicyReverseShellArgs

    HostRuntimePolicyScope, HostRuntimePolicyScopeArgs

    Expression string
    Scope expression.
    Variables List<Pulumiverse.Aquasec.Inputs.HostRuntimePolicyScopeVariable>
    List of variables in the scope.
    Expression string
    Scope expression.
    Variables []HostRuntimePolicyScopeVariable
    List of variables in the scope.
    expression String
    Scope expression.
    variables List<HostRuntimePolicyScopeVariable>
    List of variables in the scope.
    expression string
    Scope expression.
    variables HostRuntimePolicyScopeVariable[]
    List of variables in the scope.
    expression str
    Scope expression.
    variables Sequence[HostRuntimePolicyScopeVariable]
    List of variables in the scope.
    expression String
    Scope expression.
    variables List<Property Map>
    List of variables in the scope.

    HostRuntimePolicyScopeVariable, HostRuntimePolicyScopeVariableArgs

    Attribute string
    Class of supported scope.
    Value string
    Value assigned to the attribute.
    Name string
    Name assigned to the attribute.
    Attribute string
    Class of supported scope.
    Value string
    Value assigned to the attribute.
    Name string
    Name assigned to the attribute.
    attribute String
    Class of supported scope.
    value String
    Value assigned to the attribute.
    name String
    Name assigned to the attribute.
    attribute string
    Class of supported scope.
    value string
    Value assigned to the attribute.
    name string
    Name assigned to the attribute.
    attribute str
    Class of supported scope.
    value str
    Value assigned to the attribute.
    name str
    Name assigned to the attribute.
    attribute String
    Class of supported scope.
    value String
    Value assigned to the attribute.
    name String
    Name assigned to the attribute.

    HostRuntimePolicySystemIntegrityProtection, HostRuntimePolicySystemIntegrityProtectionArgs

    HostRuntimePolicyTripwire, HostRuntimePolicyTripwireArgs

    ApplyOns List<string>
    Enabled bool
    ServerlessApp string
    UserId string
    UserPassword string
    ApplyOns []string
    Enabled bool
    ServerlessApp string
    UserId string
    UserPassword string
    applyOns List<String>
    enabled Boolean
    serverlessApp String
    userId String
    userPassword String
    applyOns string[]
    enabled boolean
    serverlessApp string
    userId string
    userPassword string
    applyOns List<String>
    enabled Boolean
    serverlessApp String
    userId String
    userPassword String

    HostRuntimePolicyWhitelistedOsUsers, HostRuntimePolicyWhitelistedOsUsersArgs

    Enabled bool
    GroupWhiteLists List<string>
    UserWhiteLists List<string>
    enabled Boolean
    groupWhiteLists List<String>
    userWhiteLists List<String>
    enabled boolean
    groupWhiteLists string[]
    userWhiteLists string[]
    enabled bool
    group_white_lists Sequence[str]
    user_white_lists Sequence[str]
    enabled Boolean
    groupWhiteLists List<String>
    userWhiteLists List<String>

    Package Details

    Repository
    aquasec pulumiverse/pulumi-aquasec
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aquasec Terraform Provider.
    aquasec logo
    Aquasec v0.8.27 published on Monday, Jan 29, 2024 by Pulumiverse