search

PaloAltoNetworks / terraform-provider-prismacloudcompute

Terraform provider for Prisma Cloud Compute
https://registry.terraform.io/providers/PaloAltoNetworks/prismacloudcompute/latest
Mozilla Public License 2.0
24 stars 28 forks source link

Add resource for custom rules #35

Closed hi-artem closed 2 years ago

hi-artem commented 2 years ago

Description

Add custom rules resource to provider. This requires an update to pcc client, tracked by this pr https://github.com/PaloAltoNetworks/prisma-cloud-compute-go/pull/27

Motivation and Context

This feature is requested in #29

How Has This Been Tested?

I used the following resource to test changes:


resource "prismacloudcompute_custom_rule" "test" {
  name        = "basic-rule"
  description = "this is basic rule"
  message     = "%proc.name doing stuff"
  type        = "processes"
  script      = "proc.name = \"cat\""
}

resource "prismacloudcompute_custom_rule" "test_heredoc" {
  name        = "less-basic-rule"
  description = "this is less basic rule"
  message     = "%proc.name wrote to path"
  type        = "filesystem"
  script      = <<EOT
                  // Example:
                  // user modifies a sensitive file under /etc or its subfolders
                  // proc.user != "root" and file.path startswith "/etc"

                  proc.user != "crond" and file.path startswith "/var/spool"
                EOT
}

Types of changes

Checklist