SecurityMonitoringRule
Provides a Datadog Security Monitoring Rule API resource. This can be used to create and manage Datadog security monitoring rules. To change settings for a default rule use datadog_security_default_rule instead.
Example Usage
using Pulumi;
using Datadog = Pulumi.Datadog;
class MyStack : Stack
{
public MyStack()
{
var myrule = new Datadog.SecurityMonitoringRule("myrule", new Datadog.SecurityMonitoringRuleArgs
{
Cases =
{
new Datadog.Inputs.SecurityMonitoringRuleCaseArgs
{
Condition = "errors > 3 && warnings > 10",
Notifications =
{
"@user",
},
Status = "high",
},
},
Enabled = true,
Message = "The rule has triggered.",
Name = "My rule",
Options = new Datadog.Inputs.SecurityMonitoringRuleOptionsArgs
{
EvaluationWindow = 300,
KeepAlive = 600,
MaxSignalDuration = 900,
},
Queries =
{
new Datadog.Inputs.SecurityMonitoringRuleQueryArgs
{
Aggregation = "count",
GroupByFields =
{
"host",
},
Name = "errors",
Query = "status:error",
},
new Datadog.Inputs.SecurityMonitoringRuleQueryArgs
{
Aggregation = "count",
GroupByFields =
{
"host",
},
Name = "warnings",
Query = "status:warning",
},
},
Tags =
{
"type:dos",
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-datadog/sdk/v2/go/datadog"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := datadog.NewSecurityMonitoringRule(ctx, "myrule", &datadog.SecurityMonitoringRuleArgs{
Cases: datadog.SecurityMonitoringRuleCaseArray{
&datadog.SecurityMonitoringRuleCaseArgs{
Condition: pulumi.String("errors > 3 && warnings > 10"),
Notifications: pulumi.StringArray{
pulumi.String("@user"),
},
Status: pulumi.String("high"),
},
},
Enabled: pulumi.Bool(true),
Message: pulumi.String("The rule has triggered."),
Name: pulumi.String("My rule"),
Options: &datadog.SecurityMonitoringRuleOptionsArgs{
EvaluationWindow: pulumi.Int(300),
KeepAlive: pulumi.Int(600),
MaxSignalDuration: pulumi.Int(900),
},
Queries: datadog.SecurityMonitoringRuleQueryArray{
&datadog.SecurityMonitoringRuleQueryArgs{
Aggregation: pulumi.String("count"),
GroupByFields: pulumi.StringArray{
pulumi.String("host"),
},
Name: pulumi.String("errors"),
Query: pulumi.String("status:error"),
},
&datadog.SecurityMonitoringRuleQueryArgs{
Aggregation: pulumi.String("count"),
GroupByFields: pulumi.StringArray{
pulumi.String("host"),
},
Name: pulumi.String("warnings"),
Query: pulumi.String("status:warning"),
},
},
Tags: pulumi.StringArray{
pulumi.String("type:dos"),
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_datadog as datadog
myrule = datadog.SecurityMonitoringRule("myrule",
cases=[datadog.SecurityMonitoringRuleCaseArgs(
condition="errors > 3 && warnings > 10",
notifications=["@user"],
status="high",
)],
enabled=True,
message="The rule has triggered.",
name="My rule",
options=datadog.SecurityMonitoringRuleOptionsArgs(
evaluation_window=300,
keep_alive=600,
max_signal_duration=900,
),
queries=[
datadog.SecurityMonitoringRuleQueryArgs(
aggregation="count",
group_by_fields=["host"],
name="errors",
query="status:error",
),
datadog.SecurityMonitoringRuleQueryArgs(
aggregation="count",
group_by_fields=["host"],
name="warnings",
query="status:warning",
),
],
tags=["type:dos"])import * as pulumi from "@pulumi/pulumi";
import * as datadog from "@pulumi/datadog";
const myrule = new datadog.SecurityMonitoringRule("myrule", {
cases: [{
condition: "errors > 3 && warnings > 10",
notifications: ["@user"],
status: "high",
}],
enabled: true,
message: "The rule has triggered.",
name: "My rule",
options: {
evaluationWindow: 300,
keepAlive: 600,
maxSignalDuration: 900,
},
queries: [
{
aggregation: "count",
groupByFields: ["host"],
name: "errors",
query: "status:error",
},
{
aggregation: "count",
groupByFields: ["host"],
name: "warnings",
query: "status:warning",
},
],
tags: ["type:dos"],
});Create a SecurityMonitoringRule Resource
new SecurityMonitoringRule(name: string, args: SecurityMonitoringRuleArgs, opts?: CustomResourceOptions);def SecurityMonitoringRule(resource_name: str, opts: Optional[ResourceOptions] = None, cases: Optional[Sequence[SecurityMonitoringRuleCaseArgs]] = None, enabled: Optional[bool] = None, message: Optional[str] = None, name: Optional[str] = None, options: Optional[SecurityMonitoringRuleOptionsArgs] = None, queries: Optional[Sequence[SecurityMonitoringRuleQueryArgs]] = None, tags: Optional[Sequence[str]] = None)func NewSecurityMonitoringRule(ctx *Context, name string, args SecurityMonitoringRuleArgs, opts ...ResourceOption) (*SecurityMonitoringRule, error)public SecurityMonitoringRule(string name, SecurityMonitoringRuleArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args SecurityMonitoringRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecurityMonitoringRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecurityMonitoringRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
SecurityMonitoringRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The SecurityMonitoringRule resource accepts the following input properties:
- Cases
List<Security
Monitoring Rule Case Args> Cases for generating signals.
- Message string
Message for generated signals.
- Name string
The name of the rule.
- Queries
List<Security
Monitoring Rule Query Args> Queries for selecting logs which are part of the rule.
- Enabled bool
Whether the rule is enabled.
- Options
Security
Monitoring Rule Options Args Options on rules.
- List<string>
Tags for generated signals.
- Cases
[]Security
Monitoring Rule Case Cases for generating signals.
- Message string
Message for generated signals.
- Name string
The name of the rule.
- Queries
[]Security
Monitoring Rule Query Queries for selecting logs which are part of the rule.
- Enabled bool
Whether the rule is enabled.
- Options
Security
Monitoring Rule Options Options on rules.
- []string
Tags for generated signals.
- cases
Security
Monitoring Rule Case[] Cases for generating signals.
- message string
Message for generated signals.
- name string
The name of the rule.
- queries
Security
Monitoring Rule Query[] Queries for selecting logs which are part of the rule.
- enabled boolean
Whether the rule is enabled.
- options
Security
Monitoring Rule Options Options on rules.
- string[]
Tags for generated signals.
- cases
Sequence[Security
Monitoring Rule Case Args] Cases for generating signals.
- message str
Message for generated signals.
- name str
The name of the rule.
- queries
Sequence[Security
Monitoring Rule Query Args] Queries for selecting logs which are part of the rule.
- enabled bool
Whether the rule is enabled.
- options
Security
Monitoring Rule Options Args Options on rules.
- Sequence[str]
Tags for generated signals.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecurityMonitoringRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
Look up an Existing SecurityMonitoringRule Resource
Get an existing SecurityMonitoringRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecurityMonitoringRuleState, opts?: CustomResourceOptions): SecurityMonitoringRule@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, cases: Optional[Sequence[SecurityMonitoringRuleCaseArgs]] = None, enabled: Optional[bool] = None, message: Optional[str] = None, name: Optional[str] = None, options: Optional[SecurityMonitoringRuleOptionsArgs] = None, queries: Optional[Sequence[SecurityMonitoringRuleQueryArgs]] = None, tags: Optional[Sequence[str]] = None) -> SecurityMonitoringRulefunc GetSecurityMonitoringRule(ctx *Context, name string, id IDInput, state *SecurityMonitoringRuleState, opts ...ResourceOption) (*SecurityMonitoringRule, error)public static SecurityMonitoringRule Get(string name, Input<string> id, SecurityMonitoringRuleState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Cases
List<Security
Monitoring Rule Case Args> Cases for generating signals.
- Enabled bool
Whether the rule is enabled.
- Message string
Message for generated signals.
- Name string
The name of the rule.
- Options
Security
Monitoring Rule Options Args Options on rules.
- Queries
List<Security
Monitoring Rule Query Args> Queries for selecting logs which are part of the rule.
- List<string>
Tags for generated signals.
- Cases
[]Security
Monitoring Rule Case Cases for generating signals.
- Enabled bool
Whether the rule is enabled.
- Message string
Message for generated signals.
- Name string
The name of the rule.
- Options
Security
Monitoring Rule Options Options on rules.
- Queries
[]Security
Monitoring Rule Query Queries for selecting logs which are part of the rule.
- []string
Tags for generated signals.
- cases
Security
Monitoring Rule Case[] Cases for generating signals.
- enabled boolean
Whether the rule is enabled.
- message string
Message for generated signals.
- name string
The name of the rule.
- options
Security
Monitoring Rule Options Options on rules.
- queries
Security
Monitoring Rule Query[] Queries for selecting logs which are part of the rule.
- string[]
Tags for generated signals.
- cases
Sequence[Security
Monitoring Rule Case Args] Cases for generating signals.
- enabled bool
Whether the rule is enabled.
- message str
Message for generated signals.
- name str
The name of the rule.
- options
Security
Monitoring Rule Options Args Options on rules.
- queries
Sequence[Security
Monitoring Rule Query Args] Queries for selecting logs which are part of the rule.
- Sequence[str]
Tags for generated signals.
Supporting Types
SecurityMonitoringRuleCase
- Status string
- Condition string
- Name string
- Notifications List<string>
- Status string
- Condition string
- Name string
- Notifications []string
- status string
- condition string
- name string
- notifications string[]
- status str
- condition str
- name str
- notifications Sequence[str]
SecurityMonitoringRuleOptions
- Evaluation
Window int - Keep
Alive int - Max
Signal intDuration
- Evaluation
Window int - Keep
Alive int - Max
Signal intDuration
- evaluation
Window number - keep
Alive number - max
Signal numberDuration
- evaluation_
window int - keep_
alive int - max_
signal_ intduration
SecurityMonitoringRuleQuery
- Query string
- Aggregation string
- Distinct
Fields List<string> - Group
By List<string>Fields - Metric string
- Name string
- Query string
- Aggregation string
- Distinct
Fields []string - Group
By []stringFields - Metric string
- Name string
- query string
- aggregation string
- distinct
Fields string[] - group
By string[]Fields - metric string
- name string
- query str
- aggregation str
- distinct_
fields Sequence[str] - group_
by_ Sequence[str]fields - metric str
- name str
Import
Security monitoring rules can be imported using ID, e.g. console
$ pulumi import datadog:index/securityMonitoringRule:SecurityMonitoringRule my_monitor m0o-hto-lkbPackage Details
- Repository
- https://github.com/pulumi/pulumi-datadog
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
datadogTerraform Provider.