Class CfnRuleGroup.RulesSourceProperty
The stateless or stateful rules definitions for use in a single rule group.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.NetworkFirewall
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class RulesSourceProperty : Object, CfnRuleGroup.IRulesSourceProperty
Syntax (vb)
Public Class RulesSourceProperty
Inherits Object
Implements CfnRuleGroup.IRulesSourceProperty
Remarks
Each rule group requires a single RulesSource
. You can use an instance of this for either stateless rules or stateful rules.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.NetworkFirewall;
var rulesSourceProperty = new RulesSourceProperty {
RulesSourceList = new RulesSourceListProperty {
GeneratedRulesType = "generatedRulesType",
Targets = new [] { "targets" },
TargetTypes = new [] { "targetTypes" }
},
RulesString = "rulesString",
StatefulRules = new [] { new StatefulRuleProperty {
Action = "action",
Header = new HeaderProperty {
Destination = "destination",
DestinationPort = "destinationPort",
Direction = "direction",
Protocol = "protocol",
Source = "source",
SourcePort = "sourcePort"
},
RuleOptions = new [] { new RuleOptionProperty {
Keyword = "keyword",
// the properties below are optional
Settings = new [] { "settings" }
} }
} },
StatelessRulesAndCustomActions = new StatelessRulesAndCustomActionsProperty {
StatelessRules = new [] { new StatelessRuleProperty {
Priority = 123,
RuleDefinition = new RuleDefinitionProperty {
Actions = new [] { "actions" },
MatchAttributes = new MatchAttributesProperty {
DestinationPorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Destinations = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
Protocols = new [] { 123 },
SourcePorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Sources = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
TcpFlags = new [] { new TCPFlagFieldProperty {
Flags = new [] { "flags" },
// the properties below are optional
Masks = new [] { "masks" }
} }
}
}
} },
// the properties below are optional
CustomActions = new [] { new CustomActionProperty {
ActionDefinition = new ActionDefinitionProperty {
PublishMetricAction = new PublishMetricActionProperty {
Dimensions = new [] { new DimensionProperty {
Value = "value"
} }
}
},
ActionName = "actionName"
} }
}
};
Synopsis
Constructors
RulesSourceProperty() |
Properties
RulesSourceList | Stateful inspection criteria for a domain list rule group. |
RulesString | Stateful inspection criteria, provided in Suricata compatible rules. |
StatefulRules | An array of individual stateful rules inspection criteria to be used together in a stateful rule group. |
StatelessRulesAndCustomActions | Stateless inspection criteria to be used in a stateless rule group. |
Constructors
RulesSourceProperty()
public RulesSourceProperty()
Properties
RulesSourceList
Stateful inspection criteria for a domain list rule group.
public object RulesSourceList { get; set; }
Property Value
System.Object
Remarks
RulesString
Stateful inspection criteria, provided in Suricata compatible rules.
public string RulesString { get; set; }
Property Value
System.String
Remarks
Suricata is an open-source threat detection framework that includes a standard rule-based language for network traffic inspection.
These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.
You can't use the priority
keyword if the RuleOrder
option in StatefulRuleOptions
is set to STRICT_ORDER
.
StatefulRules
An array of individual stateful rules inspection criteria to be used together in a stateful rule group.
public object StatefulRules { get; set; }
Property Value
System.Object
Remarks
Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules
format, see Rules Format .
StatelessRulesAndCustomActions
Stateless inspection criteria to be used in a stateless rule group.
public object StatelessRulesAndCustomActions { get; set; }
Property Value
System.Object