1. Packages
  2. Lacework Provider
  3. API Docs
  4. VulnerabilityExceptionHost
lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework

lacework.VulnerabilityExceptionHost

Explore with Pulumi AI

Use this resource to manage Lacework vulnerability exceptions to control and customize your alert profile for hosts, such as for a known package on a specific host. Customize your exceptions by defining the resource scope, vulnerability criteria, and context for each exception.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as lacework from "@pulumi/lacework";

const example = new lacework.VulnerabilityExceptionHost("example", {
    description: "This is a host vulnerability exception",
    enabled: true,
    expiry: "2023-06-06T15:55:15Z",
    reason: "Accepted Risk",
    resourceScope: {
        clusterNames: [
            "cluster1",
            "cluster2",
        ],
        hostnames: [
            "host1",
            "host2",
        ],
        namespaces: [
            "namespace1",
            "namespace2",
        ],
    },
    vulnerabilityCriteria: {
        cves: [
            "cve-2021-11111",
            "cve-2021-22222",
        ],
        fixableVuln: "true",
        packages: [
            {
                name: "myPackage",
                version: "1.0.0",
            },
            {
                name: "myOtherPackage",
                version: "1.0.0",
            },
        ],
        severities: ["Critical"],
    },
});
Copy
import pulumi
import pulumi_lacework as lacework

example = lacework.VulnerabilityExceptionHost("example",
    description="This is a host vulnerability exception",
    enabled=True,
    expiry="2023-06-06T15:55:15Z",
    reason="Accepted Risk",
    resource_scope={
        "cluster_names": [
            "cluster1",
            "cluster2",
        ],
        "hostnames": [
            "host1",
            "host2",
        ],
        "namespaces": [
            "namespace1",
            "namespace2",
        ],
    },
    vulnerability_criteria={
        "cves": [
            "cve-2021-11111",
            "cve-2021-22222",
        ],
        "fixable_vuln": "true",
        "packages": [
            {
                "name": "myPackage",
                "version": "1.0.0",
            },
            {
                "name": "myOtherPackage",
                "version": "1.0.0",
            },
        ],
        "severities": ["Critical"],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/lacework/v2/lacework"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lacework.NewVulnerabilityExceptionHost(ctx, "example", &lacework.VulnerabilityExceptionHostArgs{
			Description: pulumi.String("This is a host vulnerability exception"),
			Enabled:     pulumi.Bool(true),
			Expiry:      pulumi.String("2023-06-06T15:55:15Z"),
			Reason:      pulumi.String("Accepted Risk"),
			ResourceScope: &lacework.VulnerabilityExceptionHostResourceScopeArgs{
				ClusterNames: pulumi.StringArray{
					pulumi.String("cluster1"),
					pulumi.String("cluster2"),
				},
				Hostnames: pulumi.StringArray{
					pulumi.String("host1"),
					pulumi.String("host2"),
				},
				Namespaces: pulumi.StringArray{
					pulumi.String("namespace1"),
					pulumi.String("namespace2"),
				},
			},
			VulnerabilityCriteria: &lacework.VulnerabilityExceptionHostVulnerabilityCriteriaArgs{
				Cves: pulumi.StringArray{
					pulumi.String("cve-2021-11111"),
					pulumi.String("cve-2021-22222"),
				},
				FixableVuln: pulumi.String("true"),
				Packages: lacework.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArray{
					&lacework.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs{
						Name:    pulumi.String("myPackage"),
						Version: pulumi.String("1.0.0"),
					},
					&lacework.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs{
						Name:    pulumi.String("myOtherPackage"),
						Version: pulumi.String("1.0.0"),
					},
				},
				Severities: pulumi.StringArray{
					pulumi.String("Critical"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Lacework = Pulumi.Lacework;

return await Deployment.RunAsync(() => 
{
    var example = new Lacework.VulnerabilityExceptionHost("example", new()
    {
        Description = "This is a host vulnerability exception",
        Enabled = true,
        Expiry = "2023-06-06T15:55:15Z",
        Reason = "Accepted Risk",
        ResourceScope = new Lacework.Inputs.VulnerabilityExceptionHostResourceScopeArgs
        {
            ClusterNames = new[]
            {
                "cluster1",
                "cluster2",
            },
            Hostnames = new[]
            {
                "host1",
                "host2",
            },
            Namespaces = new[]
            {
                "namespace1",
                "namespace2",
            },
        },
        VulnerabilityCriteria = new Lacework.Inputs.VulnerabilityExceptionHostVulnerabilityCriteriaArgs
        {
            Cves = new[]
            {
                "cve-2021-11111",
                "cve-2021-22222",
            },
            FixableVuln = "true",
            Packages = new[]
            {
                new Lacework.Inputs.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs
                {
                    Name = "myPackage",
                    Version = "1.0.0",
                },
                new Lacework.Inputs.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs
                {
                    Name = "myOtherPackage",
                    Version = "1.0.0",
                },
            },
            Severities = new[]
            {
                "Critical",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.lacework.VulnerabilityExceptionHost;
import com.pulumi.lacework.VulnerabilityExceptionHostArgs;
import com.pulumi.lacework.inputs.VulnerabilityExceptionHostResourceScopeArgs;
import com.pulumi.lacework.inputs.VulnerabilityExceptionHostVulnerabilityCriteriaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new VulnerabilityExceptionHost("example", VulnerabilityExceptionHostArgs.builder()
            .description("This is a host vulnerability exception")
            .enabled(true)
            .expiry("2023-06-06T15:55:15Z")
            .reason("Accepted Risk")
            .resourceScope(VulnerabilityExceptionHostResourceScopeArgs.builder()
                .clusterNames(                
                    "cluster1",
                    "cluster2")
                .hostnames(                
                    "host1",
                    "host2")
                .namespaces(                
                    "namespace1",
                    "namespace2")
                .build())
            .vulnerabilityCriteria(VulnerabilityExceptionHostVulnerabilityCriteriaArgs.builder()
                .cves(                
                    "cve-2021-11111",
                    "cve-2021-22222")
                .fixableVuln("true")
                .packages(                
                    VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs.builder()
                        .name("myPackage")
                        .version("1.0.0")
                        .build(),
                    VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs.builder()
                        .name("myOtherPackage")
                        .version("1.0.0")
                        .build())
                .severities("Critical")
                .build())
            .build());

    }
}
Copy
resources:
  example:
    type: lacework:VulnerabilityExceptionHost
    properties:
      description: This is a host vulnerability exception
      enabled: true
      expiry: 2023-06-06T15:55:15Z
      reason: Accepted Risk
      resourceScope:
        clusterNames:
          - cluster1
          - cluster2
        hostnames:
          - host1
          - host2
        namespaces:
          - namespace1
          - namespace2
      vulnerabilityCriteria:
        cves:
          - cve-2021-11111
          - cve-2021-22222
        fixableVuln: 'true'
        packages:
          - name: myPackage
            version: 1.0.0
          - name: myOtherPackage
            version: 1.0.0
        severities:
          - Critical
Copy

Create VulnerabilityExceptionHost Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new VulnerabilityExceptionHost(name: string, args: VulnerabilityExceptionHostArgs, opts?: CustomResourceOptions);
@overload
def VulnerabilityExceptionHost(resource_name: str,
                               args: VulnerabilityExceptionHostArgs,
                               opts: Optional[ResourceOptions] = None)

@overload
def VulnerabilityExceptionHost(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               vulnerability_criteria: Optional[VulnerabilityExceptionHostVulnerabilityCriteriaArgs] = None,
                               description: Optional[str] = None,
                               enabled: Optional[bool] = None,
                               expiry: Optional[str] = None,
                               name: Optional[str] = None,
                               reason: Optional[str] = None,
                               resource_scope: Optional[VulnerabilityExceptionHostResourceScopeArgs] = None,
                               vulnerability_exception_host_id: Optional[str] = None)
func NewVulnerabilityExceptionHost(ctx *Context, name string, args VulnerabilityExceptionHostArgs, opts ...ResourceOption) (*VulnerabilityExceptionHost, error)
public VulnerabilityExceptionHost(string name, VulnerabilityExceptionHostArgs args, CustomResourceOptions? opts = null)
public VulnerabilityExceptionHost(String name, VulnerabilityExceptionHostArgs args)
public VulnerabilityExceptionHost(String name, VulnerabilityExceptionHostArgs args, CustomResourceOptions options)
type: lacework:VulnerabilityExceptionHost
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. VulnerabilityExceptionHostArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. VulnerabilityExceptionHostArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. VulnerabilityExceptionHostArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. VulnerabilityExceptionHostArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. VulnerabilityExceptionHostArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var vulnerabilityExceptionHostResource = new Lacework.VulnerabilityExceptionHost("vulnerabilityExceptionHostResource", new()
{
    VulnerabilityCriteria = new Lacework.Inputs.VulnerabilityExceptionHostVulnerabilityCriteriaArgs
    {
        Cves = new[]
        {
            "string",
        },
        FixableVuln = "string",
        Packages = new[]
        {
            new Lacework.Inputs.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs
            {
                Name = "string",
                Version = "string",
            },
        },
        Severities = new[]
        {
            "string",
        },
    },
    Description = "string",
    Enabled = false,
    Expiry = "string",
    Name = "string",
    Reason = "string",
    ResourceScope = new Lacework.Inputs.VulnerabilityExceptionHostResourceScopeArgs
    {
        ClusterNames = new[]
        {
            "string",
        },
        ExternalIps = new[]
        {
            "string",
        },
        Hostnames = new[]
        {
            "string",
        },
        Namespaces = new[]
        {
            "string",
        },
    },
    VulnerabilityExceptionHostId = "string",
});
Copy
example, err := lacework.NewVulnerabilityExceptionHost(ctx, "vulnerabilityExceptionHostResource", &lacework.VulnerabilityExceptionHostArgs{
VulnerabilityCriteria: &.VulnerabilityExceptionHostVulnerabilityCriteriaArgs{
Cves: pulumi.StringArray{
pulumi.String("string"),
},
FixableVuln: pulumi.String("string"),
Packages: .VulnerabilityExceptionHostVulnerabilityCriteriaPackageArray{
&.VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs{
Name: pulumi.String("string"),
Version: pulumi.String("string"),
},
},
Severities: pulumi.StringArray{
pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Expiry: pulumi.String("string"),
Name: pulumi.String("string"),
Reason: pulumi.String("string"),
ResourceScope: &.VulnerabilityExceptionHostResourceScopeArgs{
ClusterNames: pulumi.StringArray{
pulumi.String("string"),
},
ExternalIps: pulumi.StringArray{
pulumi.String("string"),
},
Hostnames: pulumi.StringArray{
pulumi.String("string"),
},
Namespaces: pulumi.StringArray{
pulumi.String("string"),
},
},
VulnerabilityExceptionHostId: pulumi.String("string"),
})
Copy
var vulnerabilityExceptionHostResource = new VulnerabilityExceptionHost("vulnerabilityExceptionHostResource", VulnerabilityExceptionHostArgs.builder()
    .vulnerabilityCriteria(VulnerabilityExceptionHostVulnerabilityCriteriaArgs.builder()
        .cves("string")
        .fixableVuln("string")
        .packages(VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs.builder()
            .name("string")
            .version("string")
            .build())
        .severities("string")
        .build())
    .description("string")
    .enabled(false)
    .expiry("string")
    .name("string")
    .reason("string")
    .resourceScope(VulnerabilityExceptionHostResourceScopeArgs.builder()
        .clusterNames("string")
        .externalIps("string")
        .hostnames("string")
        .namespaces("string")
        .build())
    .vulnerabilityExceptionHostId("string")
    .build());
Copy
vulnerability_exception_host_resource = lacework.VulnerabilityExceptionHost("vulnerabilityExceptionHostResource",
    vulnerability_criteria={
        "cves": ["string"],
        "fixable_vuln": "string",
        "packages": [{
            "name": "string",
            "version": "string",
        }],
        "severities": ["string"],
    },
    description="string",
    enabled=False,
    expiry="string",
    name="string",
    reason="string",
    resource_scope={
        "cluster_names": ["string"],
        "external_ips": ["string"],
        "hostnames": ["string"],
        "namespaces": ["string"],
    },
    vulnerability_exception_host_id="string")
Copy
const vulnerabilityExceptionHostResource = new lacework.VulnerabilityExceptionHost("vulnerabilityExceptionHostResource", {
    vulnerabilityCriteria: {
        cves: ["string"],
        fixableVuln: "string",
        packages: [{
            name: "string",
            version: "string",
        }],
        severities: ["string"],
    },
    description: "string",
    enabled: false,
    expiry: "string",
    name: "string",
    reason: "string",
    resourceScope: {
        clusterNames: ["string"],
        externalIps: ["string"],
        hostnames: ["string"],
        namespaces: ["string"],
    },
    vulnerabilityExceptionHostId: "string",
});
Copy
type: lacework:VulnerabilityExceptionHost
properties:
    description: string
    enabled: false
    expiry: string
    name: string
    reason: string
    resourceScope:
        clusterNames:
            - string
        externalIps:
            - string
        hostnames:
            - string
        namespaces:
            - string
    vulnerabilityCriteria:
        cves:
            - string
        fixableVuln: string
        packages:
            - name: string
              version: string
        severities:
            - string
    vulnerabilityExceptionHostId: string
Copy

VulnerabilityExceptionHost Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The VulnerabilityExceptionHost resource accepts the following input properties:

VulnerabilityCriteria This property is required. VulnerabilityExceptionHostVulnerabilityCriteria
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
Description string
The description of the vulnerability exception.
Enabled bool
The state of the vulnerability exception. Defaults to true.
Expiry string
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
Name string
The vulnerability exception name.
Reason string
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
ResourceScope VulnerabilityExceptionHostResourceScope
Define which resources will be affected by the exclusion. See Resource Scope below for details.
VulnerabilityExceptionHostId string
VulnerabilityCriteria This property is required. VulnerabilityExceptionHostVulnerabilityCriteriaArgs
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
Description string
The description of the vulnerability exception.
Enabled bool
The state of the vulnerability exception. Defaults to true.
Expiry string
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
Name string
The vulnerability exception name.
Reason string
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
ResourceScope VulnerabilityExceptionHostResourceScopeArgs
Define which resources will be affected by the exclusion. See Resource Scope below for details.
VulnerabilityExceptionHostId string
vulnerabilityCriteria This property is required. VulnerabilityExceptionHostVulnerabilityCriteria
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
description String
The description of the vulnerability exception.
enabled Boolean
The state of the vulnerability exception. Defaults to true.
expiry String
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
name String
The vulnerability exception name.
reason String
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
resourceScope VulnerabilityExceptionHostResourceScope
Define which resources will be affected by the exclusion. See Resource Scope below for details.
vulnerabilityExceptionHostId String
vulnerabilityCriteria This property is required. VulnerabilityExceptionHostVulnerabilityCriteria
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
description string
The description of the vulnerability exception.
enabled boolean
The state of the vulnerability exception. Defaults to true.
expiry string
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
name string
The vulnerability exception name.
reason string
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
resourceScope VulnerabilityExceptionHostResourceScope
Define which resources will be affected by the exclusion. See Resource Scope below for details.
vulnerabilityExceptionHostId string
vulnerability_criteria This property is required. VulnerabilityExceptionHostVulnerabilityCriteriaArgs
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
description str
The description of the vulnerability exception.
enabled bool
The state of the vulnerability exception. Defaults to true.
expiry str
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
name str
The vulnerability exception name.
reason str
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
resource_scope VulnerabilityExceptionHostResourceScopeArgs
Define which resources will be affected by the exclusion. See Resource Scope below for details.
vulnerability_exception_host_id str
vulnerabilityCriteria This property is required. Property Map
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
description String
The description of the vulnerability exception.
enabled Boolean
The state of the vulnerability exception. Defaults to true.
expiry String
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
name String
The vulnerability exception name.
reason String
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
resourceScope Property Map
Define which resources will be affected by the exclusion. See Resource Scope below for details.
vulnerabilityExceptionHostId String

Outputs

All input properties are implicitly available as output properties. Additionally, the VulnerabilityExceptionHost resource produces the following output properties:

CreatedBy string
CreatedTime string
Guid string
Id string
The provider-assigned unique ID for this managed resource.
Type string
UpdatedBy string
UpdatedTime string
CreatedBy string
CreatedTime string
Guid string
Id string
The provider-assigned unique ID for this managed resource.
Type string
UpdatedBy string
UpdatedTime string
createdBy String
createdTime String
guid String
id String
The provider-assigned unique ID for this managed resource.
type String
updatedBy String
updatedTime String
createdBy string
createdTime string
guid string
id string
The provider-assigned unique ID for this managed resource.
type string
updatedBy string
updatedTime string
created_by str
created_time str
guid str
id str
The provider-assigned unique ID for this managed resource.
type str
updated_by str
updated_time str
createdBy String
createdTime String
guid String
id String
The provider-assigned unique ID for this managed resource.
type String
updatedBy String
updatedTime String

Look up Existing VulnerabilityExceptionHost Resource

Get an existing VulnerabilityExceptionHost resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VulnerabilityExceptionHostState, opts?: CustomResourceOptions): VulnerabilityExceptionHost
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        created_by: Optional[str] = None,
        created_time: Optional[str] = None,
        description: Optional[str] = None,
        enabled: Optional[bool] = None,
        expiry: Optional[str] = None,
        guid: Optional[str] = None,
        name: Optional[str] = None,
        reason: Optional[str] = None,
        resource_scope: Optional[VulnerabilityExceptionHostResourceScopeArgs] = None,
        type: Optional[str] = None,
        updated_by: Optional[str] = None,
        updated_time: Optional[str] = None,
        vulnerability_criteria: Optional[VulnerabilityExceptionHostVulnerabilityCriteriaArgs] = None,
        vulnerability_exception_host_id: Optional[str] = None) -> VulnerabilityExceptionHost
func GetVulnerabilityExceptionHost(ctx *Context, name string, id IDInput, state *VulnerabilityExceptionHostState, opts ...ResourceOption) (*VulnerabilityExceptionHost, error)
public static VulnerabilityExceptionHost Get(string name, Input<string> id, VulnerabilityExceptionHostState? state, CustomResourceOptions? opts = null)
public static VulnerabilityExceptionHost get(String name, Output<String> id, VulnerabilityExceptionHostState state, CustomResourceOptions options)
resources:  _:    type: lacework:VulnerabilityExceptionHost    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
CreatedBy string
CreatedTime string
Description string
The description of the vulnerability exception.
Enabled bool
The state of the vulnerability exception. Defaults to true.
Expiry string
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
Guid string
Name string
The vulnerability exception name.
Reason string
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
ResourceScope VulnerabilityExceptionHostResourceScope
Define which resources will be affected by the exclusion. See Resource Scope below for details.
Type string
UpdatedBy string
UpdatedTime string
VulnerabilityCriteria VulnerabilityExceptionHostVulnerabilityCriteria
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
VulnerabilityExceptionHostId string
CreatedBy string
CreatedTime string
Description string
The description of the vulnerability exception.
Enabled bool
The state of the vulnerability exception. Defaults to true.
Expiry string
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
Guid string
Name string
The vulnerability exception name.
Reason string
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
ResourceScope VulnerabilityExceptionHostResourceScopeArgs
Define which resources will be affected by the exclusion. See Resource Scope below for details.
Type string
UpdatedBy string
UpdatedTime string
VulnerabilityCriteria VulnerabilityExceptionHostVulnerabilityCriteriaArgs
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
VulnerabilityExceptionHostId string
createdBy String
createdTime String
description String
The description of the vulnerability exception.
enabled Boolean
The state of the vulnerability exception. Defaults to true.
expiry String
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
guid String
name String
The vulnerability exception name.
reason String
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
resourceScope VulnerabilityExceptionHostResourceScope
Define which resources will be affected by the exclusion. See Resource Scope below for details.
type String
updatedBy String
updatedTime String
vulnerabilityCriteria VulnerabilityExceptionHostVulnerabilityCriteria
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
vulnerabilityExceptionHostId String
createdBy string
createdTime string
description string
The description of the vulnerability exception.
enabled boolean
The state of the vulnerability exception. Defaults to true.
expiry string
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
guid string
name string
The vulnerability exception name.
reason string
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
resourceScope VulnerabilityExceptionHostResourceScope
Define which resources will be affected by the exclusion. See Resource Scope below for details.
type string
updatedBy string
updatedTime string
vulnerabilityCriteria VulnerabilityExceptionHostVulnerabilityCriteria
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
vulnerabilityExceptionHostId string
created_by str
created_time str
description str
The description of the vulnerability exception.
enabled bool
The state of the vulnerability exception. Defaults to true.
expiry str
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
guid str
name str
The vulnerability exception name.
reason str
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
resource_scope VulnerabilityExceptionHostResourceScopeArgs
Define which resources will be affected by the exclusion. See Resource Scope below for details.
type str
updated_by str
updated_time str
vulnerability_criteria VulnerabilityExceptionHostVulnerabilityCriteriaArgs
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
vulnerability_exception_host_id str
createdBy String
createdTime String
description String
The description of the vulnerability exception.
enabled Boolean
The state of the vulnerability exception. Defaults to true.
expiry String
The expiration date of the vulnerability exception. Example: 2022-06-01T16:35:00Z.
guid String
name String
The vulnerability exception name.
reason String
The reason for the exception to exist. Valid reasons include: Accepted Risk, False Positive, Compensating Controls, Fix Pending and Other. See Vulnerability Exceptions Use Cases for more details.
resourceScope Property Map
Define which resources will be affected by the exclusion. See Resource Scope below for details.
type String
updatedBy String
updatedTime String
vulnerabilityCriteria Property Map
The criteria of the vulnerability to be excluded. See Vulnerability Criteria below for details.
vulnerabilityExceptionHostId String

Supporting Types

VulnerabilityExceptionHostResourceScope
, VulnerabilityExceptionHostResourceScopeArgs

ClusterNames List<string>
The list of cluster names.
ExternalIps List<string>
The list of external IP addresses.
Hostnames List<string>
The list of hostnames.
Namespaces List<string>
The list of namespace for the package distribution (for example, an operating system or language package).
ClusterNames []string
The list of cluster names.
ExternalIps []string
The list of external IP addresses.
Hostnames []string
The list of hostnames.
Namespaces []string
The list of namespace for the package distribution (for example, an operating system or language package).
clusterNames List<String>
The list of cluster names.
externalIps List<String>
The list of external IP addresses.
hostnames List<String>
The list of hostnames.
namespaces List<String>
The list of namespace for the package distribution (for example, an operating system or language package).
clusterNames string[]
The list of cluster names.
externalIps string[]
The list of external IP addresses.
hostnames string[]
The list of hostnames.
namespaces string[]
The list of namespace for the package distribution (for example, an operating system or language package).
cluster_names Sequence[str]
The list of cluster names.
external_ips Sequence[str]
The list of external IP addresses.
hostnames Sequence[str]
The list of hostnames.
namespaces Sequence[str]
The list of namespace for the package distribution (for example, an operating system or language package).
clusterNames List<String>
The list of cluster names.
externalIps List<String>
The list of external IP addresses.
hostnames List<String>
The list of hostnames.
namespaces List<String>
The list of namespace for the package distribution (for example, an operating system or language package).

VulnerabilityExceptionHostVulnerabilityCriteria
, VulnerabilityExceptionHostVulnerabilityCriteriaArgs

Cves List<string>
The list of vulnerability (CVE) IDs.
FixableVuln string
Whether to filter on fixable or non-fixable vulnerability. This argument is of type string. Valid values are: "true", "false".
Packages List<VulnerabilityExceptionHostVulnerabilityCriteriaPackage>
The list of package names (for example, an operating system or language package) to constraint.
Severities List<string>
The list of severities to which the exception will be constraint. Valid severities include: Critical, High, Medium, Low and Info.
Cves []string
The list of vulnerability (CVE) IDs.
FixableVuln string
Whether to filter on fixable or non-fixable vulnerability. This argument is of type string. Valid values are: "true", "false".
Packages []VulnerabilityExceptionHostVulnerabilityCriteriaPackage
The list of package names (for example, an operating system or language package) to constraint.
Severities []string
The list of severities to which the exception will be constraint. Valid severities include: Critical, High, Medium, Low and Info.
cves List<String>
The list of vulnerability (CVE) IDs.
fixableVuln String
Whether to filter on fixable or non-fixable vulnerability. This argument is of type string. Valid values are: "true", "false".
packages List<VulnerabilityExceptionHostVulnerabilityCriteriaPackage>
The list of package names (for example, an operating system or language package) to constraint.
severities List<String>
The list of severities to which the exception will be constraint. Valid severities include: Critical, High, Medium, Low and Info.
cves string[]
The list of vulnerability (CVE) IDs.
fixableVuln string
Whether to filter on fixable or non-fixable vulnerability. This argument is of type string. Valid values are: "true", "false".
packages VulnerabilityExceptionHostVulnerabilityCriteriaPackage[]
The list of package names (for example, an operating system or language package) to constraint.
severities string[]
The list of severities to which the exception will be constraint. Valid severities include: Critical, High, Medium, Low and Info.
cves Sequence[str]
The list of vulnerability (CVE) IDs.
fixable_vuln str
Whether to filter on fixable or non-fixable vulnerability. This argument is of type string. Valid values are: "true", "false".
packages Sequence[VulnerabilityExceptionHostVulnerabilityCriteriaPackage]
The list of package names (for example, an operating system or language package) to constraint.
severities Sequence[str]
The list of severities to which the exception will be constraint. Valid severities include: Critical, High, Medium, Low and Info.
cves List<String>
The list of vulnerability (CVE) IDs.
fixableVuln String
Whether to filter on fixable or non-fixable vulnerability. This argument is of type string. Valid values are: "true", "false".
packages List<Property Map>
The list of package names (for example, an operating system or language package) to constraint.
severities List<String>
The list of severities to which the exception will be constraint. Valid severities include: Critical, High, Medium, Low and Info.

VulnerabilityExceptionHostVulnerabilityCriteriaPackage
, VulnerabilityExceptionHostVulnerabilityCriteriaPackageArgs

Name This property is required. string
The vulnerability exception name.
Version This property is required. string
The version of the package
Name This property is required. string
The vulnerability exception name.
Version This property is required. string
The version of the package
name This property is required. String
The vulnerability exception name.
version This property is required. String
The version of the package
name This property is required. string
The vulnerability exception name.
version This property is required. string
The version of the package
name This property is required. str
The vulnerability exception name.
version This property is required. str
The version of the package
name This property is required. String
The vulnerability exception name.
version This property is required. String
The version of the package

Import

A Lacework vulnerability exception for hosts can be imported using a GUID, e.g.

$ pulumi import lacework:index/vulnerabilityExceptionHost:VulnerabilityExceptionHost example EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5
Copy

-> Note: To retrieve the GUID from existing vulnerability exception in your account, use the Lacework CLI command lacework vulnerability-exception list. To install this tool follow this documentation.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
lacework lacework/terraform-provider-lacework
License
Notes
This Pulumi package is based on the lacework Terraform Provider.