f5xc_malicious_user_mitigation Resource - terraform-provider-f5xc
f5xc_malicious_user_mitigation (Resource)
Section titled “f5xc_malicious_user_mitigation (Resource)”Manages malicious_user_mitigation creates a new object in the storage backend for metadata.namespace. in F5 Distributed Cloud.
~> Note For more information about this resource, please refer to the F5 XC API Documentation.
Example Usage
Section titled “Example Usage”# Malicious User Mitigation Resource Example# Manages malicious_user_mitigation creates a new object in the storage backend for metadata.namespace. in F5 Distributed Cloud.
terraform { required_version = ">= 1.0"
required_providers { f5xc = { source = "f5xc-salesdemos/f5xc" version = ">= 0.1.0" } }}
# Basic Malicious User Mitigation configurationresource "f5xc_malicious_user_mitigation" "example" { name = "example-malicious-user-mitigation" namespace = "staging"
labels = { environment = "production" managed_by = "terraform" }
annotations = { "owner" = "platform-team" }
# Malicious User Mitigation configuration # Detection rules rules { threat_level = "HIGH" mitigation_action { block { body = "Access denied" status = "403" } } }}
# The following optional fields have server-applied defaults and can be omitted:# - mitigation_typeVerified Configuration Examples
Section titled “Verified Configuration Examples”These configurations are extracted from acceptance tests verified against the live F5 XC API.
All Attributes
Section titled “All Attributes”resource "f5xc_namespace" "test" { name = "example"}
resource "time_sleep" "wait_for_namespace" { depends_on = [f5xc_namespace.test] create_duration = "5s"}
resource "f5xc_malicious_user_mitigation" "test" { depends_on = [time_sleep.wait_for_namespace] name = "example-value" namespace = f5xc_namespace.test.name description = "Test malicious user mitigation with all attributes" disable = false
labels = { environment = "test" team = "security" }
annotations = { purpose = "testing" }}resource "f5xc_malicious_user_mitigation" "test" { name = "example" namespace = "system"
mitigation_type { rules { threat_level { high {} } mitigation_action { block_temporarily {} } } }}Captcha
Section titled “Captcha”resource "f5xc_malicious_user_mitigation" "test" { name = "example" namespace = "system"
mitigation_type { rules { threat_level { high {} } mitigation_action { captcha_challenge {} } } }}Js Challenge
Section titled “Js Challenge”resource "f5xc_malicious_user_mitigation" "test" { name = "example" namespace = "system"
mitigation_type { rules { threat_level { medium {} } mitigation_action { JavaScript_challenge {} } } }}With Annotations
Section titled “With Annotations”resource "f5xc_namespace" "test" { name = "example"}
resource "time_sleep" "wait_for_namespace" { depends_on = [f5xc_namespace.test] create_duration = "5s"}
resource "f5xc_malicious_user_mitigation" "test" { depends_on = [time_sleep.wait_for_namespace] name = "example-value" namespace = f5xc_namespace.test.name
annotations = { example-key = "example-value" }}With Description
Section titled “With Description”resource "f5xc_namespace" "test" { name = "example"}
resource "time_sleep" "wait_for_namespace" { depends_on = [f5xc_namespace.test] create_duration = "5s"}
resource "f5xc_malicious_user_mitigation" "test" { depends_on = [time_sleep.wait_for_namespace] name = "example-value" namespace = f5xc_namespace.test.name description = "example-description"}With Labels
Section titled “With Labels”resource "f5xc_namespace" "test" { name = "example"}
resource "time_sleep" "wait_for_namespace" { depends_on = [f5xc_namespace.test] create_duration = "5s"}
resource "f5xc_malicious_user_mitigation" "test" { depends_on = [time_sleep.wait_for_namespace] name = "example-value" namespace = f5xc_namespace.test.name
labels = { example-key = "example-value" }}With Mitigation Type
Section titled “With Mitigation Type”resource "f5xc_namespace" "test" { name = "example"}
resource "time_sleep" "wait_for_namespace" { depends_on = [f5xc_namespace.test] create_duration = "5s"}
resource "f5xc_malicious_user_mitigation" "test" { depends_on = [time_sleep.wait_for_namespace] name = "example-value" namespace = f5xc_namespace.test.name description = "Malicious user mitigation with mitigation type configuration"
mitigation_type { rules { threat_level { high {} } mitigation_action { block_temporarily {} } } }}Argument Reference
Section titled “Argument Reference”🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.
Minimum Configuration
Section titled “Minimum Configuration”Required fields:
namenamespace
Example (API format):
apiVersion: v1kind: malicious_user_mitigationmetadata: name: example-mitigation namespace: defaultspec: {}Metadata Argument Reference
Section titled “Metadata Argument Reference”• name - Required String
Name of the Malicious User Mitigation. Must be unique within the namespace
• namespace - Required String
Namespace where the Malicious User Mitigation will be created
• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
• description - Optional String
Human readable description for the object
• disable - Optional Bool
A value of true will administratively disable the object
• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering
Spec Argument Reference
Section titled “Spec Argument Reference”• mitigation_type - Optional Block
Settings that specify the actions to be taken when malicious users are determined to be at different threat levels. User’s activity is monitored and continuously analyzed for malicious behavior. From this analysis, a threat-level is assigned to each user. Server applies default when omitted
See
Mitigation Type below for details.
• timeouts - Optional Block
See Timeouts below for details.
Attributes Reference
Section titled “Attributes Reference”In addition to all arguments above, the following attributes are exported:
• id - Optional String
Unique identifier for the resource
Mitigation Type
Section titled “Mitigation Type”A mitigation_type block supports the following:
• rules - Optional Block
Define the threat levels and the corresponding mitigation actions to be taken
See Rules below.
Mitigation Type Rules
Section titled “Mitigation Type Rules”A rules block (within mitigation_type) supports the following:
• mitigation_action - Optional Block
Supported actions that can be taken to mitigate malicious activity from a user
See Mitigation Action below.
• threat_level - Optional Block
Threat level estimated for each user based on the user’s activity and reputation
See Threat Level below.
Mitigation Type Rules Mitigation Action
Section titled “Mitigation Type Rules Mitigation Action”A mitigation_action block (within mitigation_type.rules) supports the following:
• block_temporarily - Optional Block
Enable this option
• captcha_challenge - Optional Block
Configuration parameter for captcha challenge
• JavaScript_challenge - Optional Block
Enable this option
Mitigation Type Rules Threat Level
Section titled “Mitigation Type Rules Threat Level”A threat_level block (within mitigation_type.rules) supports the following:
• high - Optional Block
Enable this option
• low - Optional Block
Enable this option
• medium - Optional Block
Enable this option
Timeouts
Section titled “Timeouts”A timeouts block supports the following:
• create - Optional String (Defaults to 10 minutes)
Used when creating the resource
• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource
• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource
• update - Optional String (Defaults to 10 minutes)
Used when updating the resource
Common Types
Section titled “Common Types”The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
Object Reference {#common-object-reference}
Section titled “Object Reference {#common-object-reference}”Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.
| Field | Type | Description |
|---|---|---|
name | String | Name of the referenced object |
namespace | String | Namespace containing the referenced object |
tenant | String | Tenant of the referenced object (system-managed) |
Transformers {#common-transformers}
Section titled “Transformers {#common-transformers}”Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
| Value | Description |
|---|---|
LOWER_CASE | Convert to lowercase |
UPPER_CASE | Convert to uppercase |
BASE64_DECODE | Decodebase64 content |
NORMALIZE_PATH | Normalize URL path |
REMOVE_WHITESPACE | Remove whitespace characters |
URL_DECODE | Decode URL-encoded characters |
TRIM_LEFT | Trim leading whitespace |
TRIM_RIGHT | Trim trailing whitespace |
TRIM | Trim both leading and trailing whitespace |
HTTP Methods {#common-http-methods}
Section titled “HTTP Methods {#common-http-methods}”HTTP methods used for request matching.
| Value | Description |
|---|---|
ANY | Match any HTTP method |
GET | HTTP GET request |
HEAD | HTTP HEAD request |
POST | HTTP POST request |
PUT | HTTP PUT request |
DELETE | HTTP DELETE request |
CONNECT | HTTP CONNECT request |
OPTIONS | HTTP OPTIONS request |
TRACE | HTTP TRACE request |
PATCH | HTTP PATCH request |
COPY | HTTP COPY request (WebDAV) |
TLS Fingerprints {#common-tls-fingerprints}
Section titled “TLS Fingerprints {#common-tls-fingerprints}”TLS fingerprint categories for malicious client detection.
| Value | Description |
|---|---|
TLS_FINGERPRINT_NONE | No fingerprint matching |
ANY_MALICIOUS_FINGERPRINT | Match any known malicious fingerprint |
ADWARE | Adware-associated fingerprints |
DRIDEX | Dridex malware fingerprints |
GOOTKIT | Gootkit malware fingerprints |
RANSOMWARE | Ransomware-associated fingerprints |
TRICKBOT | Trickbot malware fingerprints |
IP Threat Categories {#common-ip-threat-categories}
Section titled “IP Threat Categories {#common-ip-threat-categories}”IP address threat categories for security filtering.
| Value | Description |
|---|---|
SPAM_SOURCES | Known spam sources |
WINDOWS_EXPLOITS | Windows exploit sources |
WEB_ATTACKS | Web attack sources |
BOTNETS | Known botnet IPs |
SCANNERS | Network scanner IPs |
REPUTATION | Poor reputation IPs |
PHISHING | Phishing-related IPs |
PROXY | Anonymous proxy IPs |
MOBILE_THREATS | Mobile threat sources |
TOR_PROXY | Tor exit nodes |
DENIAL_OF_SERVICE | DoS attack sources |
NETWORK | Known bad network ranges |
Import
Section titled “Import”Import is supported using the following syntax:
# Import using namespace/name formatterraform import f5xc_malicious_user_mitigation.example system/example