checkpoint.ManagementThreatRule

checkpoint 3.0.0, Mar 30 26

Viewing docs for checkpoint 3.0.0
published on Monday, Mar 30, 2026 by checkpointsw

Schema (JSON)

checkpointsw/terraform-provider-checkpoint

Viewing docs for checkpoint 3.0.0
published on Monday, Mar 30, 2026 by checkpointsw

Schema (JSON)

checkpointsw/terraform-provider-checkpoint

Create ManagementThreatRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ManagementThreatRule(name: string, args: ManagementThreatRuleArgs, opts?: CustomResourceOptions);

@overload
def ManagementThreatRule(resource_name: str,
                         args: ManagementThreatRuleArgs,
                         opts: Optional[ResourceOptions] = None)

@overload
def ManagementThreatRule(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         layer: Optional[str] = None,
                         position: Optional[ManagementThreatRulePositionArgs] = None,
                         name: Optional[str] = None,
                         comments: Optional[str] = None,
                         enabled: Optional[bool] = None,
                         ignore_errors: Optional[bool] = None,
                         ignore_warnings: Optional[bool] = None,
                         install_ons: Optional[Sequence[str]] = None,
                         destination_negate: Optional[bool] = None,
                         management_threat_rule_id: Optional[str] = None,
                         action: Optional[str] = None,
                         destinations: Optional[Sequence[str]] = None,
                         protected_scope_negate: Optional[bool] = None,
                         protected_scopes: Optional[Sequence[str]] = None,
                         service_negate: Optional[bool] = None,
                         services: Optional[Sequence[str]] = None,
                         source_negate: Optional[bool] = None,
                         sources: Optional[Sequence[str]] = None,
                         track: Optional[str] = None,
                         track_settings: Optional[ManagementThreatRuleTrackSettingsArgs] = None)

func NewManagementThreatRule(ctx *Context, name string, args ManagementThreatRuleArgs, opts ...ResourceOption) (*ManagementThreatRule, error)

public ManagementThreatRule(string name, ManagementThreatRuleArgs args, CustomResourceOptions? opts = null)

public ManagementThreatRule(String name, ManagementThreatRuleArgs args)
public ManagementThreatRule(String name, ManagementThreatRuleArgs args, CustomResourceOptions options)

type: checkpoint:ManagementThreatRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ManagementThreatRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ManagementThreatRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ManagementThreatRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ManagementThreatRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ManagementThreatRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var managementThreatRuleResource = new Checkpoint.Index.ManagementThreatRule("managementThreatRuleResource", new()
{
    Layer = "string",
    Position = new Checkpoint.Inputs.ManagementThreatRulePositionArgs
    {
        Above = "string",
        Below = "string",
        Bottom = "string",
        Top = "string",
    },
    Name = "string",
    Comments = "string",
    Enabled = false,
    IgnoreErrors = false,
    IgnoreWarnings = false,
    InstallOns = new[]
    {
        "string",
    },
    DestinationNegate = false,
    ManagementThreatRuleId = "string",
    Action = "string",
    Destinations = new[]
    {
        "string",
    },
    ProtectedScopeNegate = false,
    ProtectedScopes = new[]
    {
        "string",
    },
    ServiceNegate = false,
    Services = new[]
    {
        "string",
    },
    SourceNegate = false,
    Sources = new[]
    {
        "string",
    },
    Track = "string",
    TrackSettings = new Checkpoint.Inputs.ManagementThreatRuleTrackSettingsArgs
    {
        PacketCapture = false,
    },
});

example, err := checkpoint.NewManagementThreatRule(ctx, "managementThreatRuleResource", &checkpoint.ManagementThreatRuleArgs{
	Layer: pulumi.String("string"),
	Position: &checkpoint.ManagementThreatRulePositionArgs{
		Above:  pulumi.String("string"),
		Below:  pulumi.String("string"),
		Bottom: pulumi.String("string"),
		Top:    pulumi.String("string"),
	},
	Name:           pulumi.String("string"),
	Comments:       pulumi.String("string"),
	Enabled:        pulumi.Bool(false),
	IgnoreErrors:   pulumi.Bool(false),
	IgnoreWarnings: pulumi.Bool(false),
	InstallOns: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestinationNegate:      pulumi.Bool(false),
	ManagementThreatRuleId: pulumi.String("string"),
	Action:                 pulumi.String("string"),
	Destinations: pulumi.StringArray{
		pulumi.String("string"),
	},
	ProtectedScopeNegate: pulumi.Bool(false),
	ProtectedScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	ServiceNegate: pulumi.Bool(false),
	Services: pulumi.StringArray{
		pulumi.String("string"),
	},
	SourceNegate: pulumi.Bool(false),
	Sources: pulumi.StringArray{
		pulumi.String("string"),
	},
	Track: pulumi.String("string"),
	TrackSettings: &checkpoint.ManagementThreatRuleTrackSettingsArgs{
		PacketCapture: pulumi.Bool(false),
	},
})

var managementThreatRuleResource = new ManagementThreatRule("managementThreatRuleResource", ManagementThreatRuleArgs.builder()
    .layer("string")
    .position(ManagementThreatRulePositionArgs.builder()
        .above("string")
        .below("string")
        .bottom("string")
        .top("string")
        .build())
    .name("string")
    .comments("string")
    .enabled(false)
    .ignoreErrors(false)
    .ignoreWarnings(false)
    .installOns("string")
    .destinationNegate(false)
    .managementThreatRuleId("string")
    .action("string")
    .destinations("string")
    .protectedScopeNegate(false)
    .protectedScopes("string")
    .serviceNegate(false)
    .services("string")
    .sourceNegate(false)
    .sources("string")
    .track("string")
    .trackSettings(ManagementThreatRuleTrackSettingsArgs.builder()
        .packetCapture(false)
        .build())
    .build());

management_threat_rule_resource = checkpoint.ManagementThreatRule("managementThreatRuleResource",
    layer="string",
    position={
        "above": "string",
        "below": "string",
        "bottom": "string",
        "top": "string",
    },
    name="string",
    comments="string",
    enabled=False,
    ignore_errors=False,
    ignore_warnings=False,
    install_ons=["string"],
    destination_negate=False,
    management_threat_rule_id="string",
    action="string",
    destinations=["string"],
    protected_scope_negate=False,
    protected_scopes=["string"],
    service_negate=False,
    services=["string"],
    source_negate=False,
    sources=["string"],
    track="string",
    track_settings={
        "packet_capture": False,
    })

const managementThreatRuleResource = new checkpoint.ManagementThreatRule("managementThreatRuleResource", {
    layer: "string",
    position: {
        above: "string",
        below: "string",
        bottom: "string",
        top: "string",
    },
    name: "string",
    comments: "string",
    enabled: false,
    ignoreErrors: false,
    ignoreWarnings: false,
    installOns: ["string"],
    destinationNegate: false,
    managementThreatRuleId: "string",
    action: "string",
    destinations: ["string"],
    protectedScopeNegate: false,
    protectedScopes: ["string"],
    serviceNegate: false,
    services: ["string"],
    sourceNegate: false,
    sources: ["string"],
    track: "string",
    trackSettings: {
        packetCapture: false,
    },
});

type: checkpoint:ManagementThreatRule
properties:
    action: string
    comments: string
    destinationNegate: false
    destinations:
        - string
    enabled: false
    ignoreErrors: false
    ignoreWarnings: false
    installOns:
        - string
    layer: string
    managementThreatRuleId: string
    name: string
    position:
        above: string
        below: string
        bottom: string
        top: string
    protectedScopeNegate: false
    protectedScopes:
        - string
    serviceNegate: false
    services:
        - string
    sourceNegate: false
    sources:
        - string
    track: string
    trackSettings:
        packetCapture: false

ManagementThreatRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ManagementThreatRule resource accepts the following input properties:

Layer string: Layer that the rule belongs to identified by the name or UID.
Position ManagementThreatRulePosition: Position in the rulebase. Position blocks are documented below.
Action string: Action-the enforced profile.
Comments string: Comments string.
DestinationNegate bool: True if negate is set for destination.
Destinations List<string>: Collection of Network objects identified by the name or UID.
Enabled bool: Enable/Disable the rule.
IgnoreErrors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
IgnoreWarnings bool: Apply changes ignoring warnings.
InstallOns List<string>: Which Gateways identified by the name or UID to install the policy on.
ManagementThreatRuleId string
Name string: Rule name.
ProtectedScopeNegate bool: True if negate is set for Protected Scope.
ProtectedScopes List<string>: Collection of objects defining Protected Scope identified by the name or UID.
ServiceNegate bool: True if negate is set for service.
Services List<string>: Collection of Network objects identified by the name or UID.
SourceNegate bool: True if negate is set for source.
Sources List<string>: Collection of Network objects identified by the name or UID.
Track string: Packet tracking.
TrackSettings ManagementThreatRuleTrackSettings: Threat rule track settings. track_settings block are documented below.

Layer string: Layer that the rule belongs to identified by the name or UID.
Position ManagementThreatRulePositionArgs: Position in the rulebase. Position blocks are documented below.
Action string: Action-the enforced profile.
Comments string: Comments string.
DestinationNegate bool: True if negate is set for destination.
Destinations []string: Collection of Network objects identified by the name or UID.
Enabled bool: Enable/Disable the rule.
IgnoreErrors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
IgnoreWarnings bool: Apply changes ignoring warnings.
InstallOns []string: Which Gateways identified by the name or UID to install the policy on.
ManagementThreatRuleId string
Name string: Rule name.
ProtectedScopeNegate bool: True if negate is set for Protected Scope.
ProtectedScopes []string: Collection of objects defining Protected Scope identified by the name or UID.
ServiceNegate bool: True if negate is set for service.
Services []string: Collection of Network objects identified by the name or UID.
SourceNegate bool: True if negate is set for source.
Sources []string: Collection of Network objects identified by the name or UID.
Track string: Packet tracking.
TrackSettings ManagementThreatRuleTrackSettingsArgs: Threat rule track settings. track_settings block are documented below.

layer String: Layer that the rule belongs to identified by the name or UID.
position ManagementThreatRulePosition: Position in the rulebase. Position blocks are documented below.
action String: Action-the enforced profile.
comments String: Comments string.
destinationNegate Boolean: True if negate is set for destination.
destinations List<String>: Collection of Network objects identified by the name or UID.
enabled Boolean: Enable/Disable the rule.
ignoreErrors Boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings Boolean: Apply changes ignoring warnings.
installOns List<String>: Which Gateways identified by the name or UID to install the policy on.
managementThreatRuleId String
name String: Rule name.
protectedScopeNegate Boolean: True if negate is set for Protected Scope.
protectedScopes List<String>: Collection of objects defining Protected Scope identified by the name or UID.
serviceNegate Boolean: True if negate is set for service.
services List<String>: Collection of Network objects identified by the name or UID.
sourceNegate Boolean: True if negate is set for source.
sources List<String>: Collection of Network objects identified by the name or UID.
track String: Packet tracking.
trackSettings ManagementThreatRuleTrackSettings: Threat rule track settings. track_settings block are documented below.

layer string: Layer that the rule belongs to identified by the name or UID.
position ManagementThreatRulePosition: Position in the rulebase. Position blocks are documented below.
action string: Action-the enforced profile.
comments string: Comments string.
destinationNegate boolean: True if negate is set for destination.
destinations string[]: Collection of Network objects identified by the name or UID.
enabled boolean: Enable/Disable the rule.
ignoreErrors boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings boolean: Apply changes ignoring warnings.
installOns string[]: Which Gateways identified by the name or UID to install the policy on.
managementThreatRuleId string
name string: Rule name.
protectedScopeNegate boolean: True if negate is set for Protected Scope.
protectedScopes string[]: Collection of objects defining Protected Scope identified by the name or UID.
serviceNegate boolean: True if negate is set for service.
services string[]: Collection of Network objects identified by the name or UID.
sourceNegate boolean: True if negate is set for source.
sources string[]: Collection of Network objects identified by the name or UID.
track string: Packet tracking.
trackSettings ManagementThreatRuleTrackSettings: Threat rule track settings. track_settings block are documented below.

layer str: Layer that the rule belongs to identified by the name or UID.
position ManagementThreatRulePositionArgs: Position in the rulebase. Position blocks are documented below.
action str: Action-the enforced profile.
comments str: Comments string.
destination_negate bool: True if negate is set for destination.
destinations Sequence[str]: Collection of Network objects identified by the name or UID.
enabled bool: Enable/Disable the rule.
ignore_errors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings bool: Apply changes ignoring warnings.
install_ons Sequence[str]: Which Gateways identified by the name or UID to install the policy on.
management_threat_rule_id str
name str: Rule name.
protected_scope_negate bool: True if negate is set for Protected Scope.
protected_scopes Sequence[str]: Collection of objects defining Protected Scope identified by the name or UID.
service_negate bool: True if negate is set for service.
services Sequence[str]: Collection of Network objects identified by the name or UID.
source_negate bool: True if negate is set for source.
sources Sequence[str]: Collection of Network objects identified by the name or UID.
track str: Packet tracking.
track_settings ManagementThreatRuleTrackSettingsArgs: Threat rule track settings. track_settings block are documented below.

layer String: Layer that the rule belongs to identified by the name or UID.
position Property Map: Position in the rulebase. Position blocks are documented below.
action String: Action-the enforced profile.
comments String: Comments string.
destinationNegate Boolean: True if negate is set for destination.
destinations List<String>: Collection of Network objects identified by the name or UID.
enabled Boolean: Enable/Disable the rule.
ignoreErrors Boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings Boolean: Apply changes ignoring warnings.
installOns List<String>: Which Gateways identified by the name or UID to install the policy on.
managementThreatRuleId String
name String: Rule name.
protectedScopeNegate Boolean: True if negate is set for Protected Scope.
protectedScopes List<String>: Collection of objects defining Protected Scope identified by the name or UID.
serviceNegate Boolean: True if negate is set for service.
services List<String>: Collection of Network objects identified by the name or UID.
sourceNegate Boolean: True if negate is set for source.
sources List<String>: Collection of Network objects identified by the name or UID.
track String: Packet tracking.
trackSettings Property Map: Threat rule track settings. track_settings block are documented below.

Outputs

All input properties are implicitly available as output properties. Additionally, the ManagementThreatRule resource produces the following output properties:

Exceptions List<string>: Collection of the rule's exceptions identified by UID.
Id string: The provider-assigned unique ID for this managed resource.

Exceptions []string: Collection of the rule's exceptions identified by UID.
Id string: The provider-assigned unique ID for this managed resource.

exceptions List<String>: Collection of the rule's exceptions identified by UID.
id String: The provider-assigned unique ID for this managed resource.

exceptions string[]: Collection of the rule's exceptions identified by UID.
id string: The provider-assigned unique ID for this managed resource.

exceptions Sequence[str]: Collection of the rule's exceptions identified by UID.
id str: The provider-assigned unique ID for this managed resource.

exceptions List<String>: Collection of the rule's exceptions identified by UID.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing ManagementThreatRule Resource

Get an existing ManagementThreatRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ManagementThreatRuleState, opts?: CustomResourceOptions): ManagementThreatRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        comments: Optional[str] = None,
        destination_negate: Optional[bool] = None,
        destinations: Optional[Sequence[str]] = None,
        enabled: Optional[bool] = None,
        exceptions: Optional[Sequence[str]] = None,
        ignore_errors: Optional[bool] = None,
        ignore_warnings: Optional[bool] = None,
        install_ons: Optional[Sequence[str]] = None,
        layer: Optional[str] = None,
        management_threat_rule_id: Optional[str] = None,
        name: Optional[str] = None,
        position: Optional[ManagementThreatRulePositionArgs] = None,
        protected_scope_negate: Optional[bool] = None,
        protected_scopes: Optional[Sequence[str]] = None,
        service_negate: Optional[bool] = None,
        services: Optional[Sequence[str]] = None,
        source_negate: Optional[bool] = None,
        sources: Optional[Sequence[str]] = None,
        track: Optional[str] = None,
        track_settings: Optional[ManagementThreatRuleTrackSettingsArgs] = None) -> ManagementThreatRule

func GetManagementThreatRule(ctx *Context, name string, id IDInput, state *ManagementThreatRuleState, opts ...ResourceOption) (*ManagementThreatRule, error)

public static ManagementThreatRule Get(string name, Input<string> id, ManagementThreatRuleState? state, CustomResourceOptions? opts = null)

public static ManagementThreatRule get(String name, Output<String> id, ManagementThreatRuleState state, CustomResourceOptions options)

resources:  _:    type: checkpoint:ManagementThreatRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: Action-the enforced profile.
Comments string: Comments string.
DestinationNegate bool: True if negate is set for destination.
Destinations List<string>: Collection of Network objects identified by the name or UID.
Enabled bool: Enable/Disable the rule.
Exceptions List<string>: Collection of the rule's exceptions identified by UID.
IgnoreErrors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
IgnoreWarnings bool: Apply changes ignoring warnings.
InstallOns List<string>: Which Gateways identified by the name or UID to install the policy on.
Layer string: Layer that the rule belongs to identified by the name or UID.
ManagementThreatRuleId string
Name string: Rule name.
Position ManagementThreatRulePosition: Position in the rulebase. Position blocks are documented below.
ProtectedScopeNegate bool: True if negate is set for Protected Scope.
ProtectedScopes List<string>: Collection of objects defining Protected Scope identified by the name or UID.
ServiceNegate bool: True if negate is set for service.
Services List<string>: Collection of Network objects identified by the name or UID.
SourceNegate bool: True if negate is set for source.
Sources List<string>: Collection of Network objects identified by the name or UID.
Track string: Packet tracking.
TrackSettings ManagementThreatRuleTrackSettings: Threat rule track settings. track_settings block are documented below.

Action string: Action-the enforced profile.
Comments string: Comments string.
DestinationNegate bool: True if negate is set for destination.
Destinations []string: Collection of Network objects identified by the name or UID.
Enabled bool: Enable/Disable the rule.
Exceptions []string: Collection of the rule's exceptions identified by UID.
IgnoreErrors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
IgnoreWarnings bool: Apply changes ignoring warnings.
InstallOns []string: Which Gateways identified by the name or UID to install the policy on.
Layer string: Layer that the rule belongs to identified by the name or UID.
ManagementThreatRuleId string
Name string: Rule name.
Position ManagementThreatRulePositionArgs: Position in the rulebase. Position blocks are documented below.
ProtectedScopeNegate bool: True if negate is set for Protected Scope.
ProtectedScopes []string: Collection of objects defining Protected Scope identified by the name or UID.
ServiceNegate bool: True if negate is set for service.
Services []string: Collection of Network objects identified by the name or UID.
SourceNegate bool: True if negate is set for source.
Sources []string: Collection of Network objects identified by the name or UID.
Track string: Packet tracking.
TrackSettings ManagementThreatRuleTrackSettingsArgs: Threat rule track settings. track_settings block are documented below.

action String: Action-the enforced profile.
comments String: Comments string.
destinationNegate Boolean: True if negate is set for destination.
destinations List<String>: Collection of Network objects identified by the name or UID.
enabled Boolean: Enable/Disable the rule.
exceptions List<String>: Collection of the rule's exceptions identified by UID.
ignoreErrors Boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings Boolean: Apply changes ignoring warnings.
installOns List<String>: Which Gateways identified by the name or UID to install the policy on.
layer String: Layer that the rule belongs to identified by the name or UID.
managementThreatRuleId String
name String: Rule name.
position ManagementThreatRulePosition: Position in the rulebase. Position blocks are documented below.
protectedScopeNegate Boolean: True if negate is set for Protected Scope.
protectedScopes List<String>: Collection of objects defining Protected Scope identified by the name or UID.
serviceNegate Boolean: True if negate is set for service.
services List<String>: Collection of Network objects identified by the name or UID.
sourceNegate Boolean: True if negate is set for source.
sources List<String>: Collection of Network objects identified by the name or UID.
track String: Packet tracking.
trackSettings ManagementThreatRuleTrackSettings: Threat rule track settings. track_settings block are documented below.

action string: Action-the enforced profile.
comments string: Comments string.
destinationNegate boolean: True if negate is set for destination.
destinations string[]: Collection of Network objects identified by the name or UID.
enabled boolean: Enable/Disable the rule.
exceptions string[]: Collection of the rule's exceptions identified by UID.
ignoreErrors boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings boolean: Apply changes ignoring warnings.
installOns string[]: Which Gateways identified by the name or UID to install the policy on.
layer string: Layer that the rule belongs to identified by the name or UID.
managementThreatRuleId string
name string: Rule name.
position ManagementThreatRulePosition: Position in the rulebase. Position blocks are documented below.
protectedScopeNegate boolean: True if negate is set for Protected Scope.
protectedScopes string[]: Collection of objects defining Protected Scope identified by the name or UID.
serviceNegate boolean: True if negate is set for service.
services string[]: Collection of Network objects identified by the name or UID.
sourceNegate boolean: True if negate is set for source.
sources string[]: Collection of Network objects identified by the name or UID.
track string: Packet tracking.
trackSettings ManagementThreatRuleTrackSettings: Threat rule track settings. track_settings block are documented below.

action str: Action-the enforced profile.
comments str: Comments string.
destination_negate bool: True if negate is set for destination.
destinations Sequence[str]: Collection of Network objects identified by the name or UID.
enabled bool: Enable/Disable the rule.
exceptions Sequence[str]: Collection of the rule's exceptions identified by UID.
ignore_errors bool: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings bool: Apply changes ignoring warnings.
install_ons Sequence[str]: Which Gateways identified by the name or UID to install the policy on.
layer str: Layer that the rule belongs to identified by the name or UID.
management_threat_rule_id str
name str: Rule name.
position ManagementThreatRulePositionArgs: Position in the rulebase. Position blocks are documented below.
protected_scope_negate bool: True if negate is set for Protected Scope.
protected_scopes Sequence[str]: Collection of objects defining Protected Scope identified by the name or UID.
service_negate bool: True if negate is set for service.
services Sequence[str]: Collection of Network objects identified by the name or UID.
source_negate bool: True if negate is set for source.
sources Sequence[str]: Collection of Network objects identified by the name or UID.
track str: Packet tracking.
track_settings ManagementThreatRuleTrackSettingsArgs: Threat rule track settings. track_settings block are documented below.

action String: Action-the enforced profile.
comments String: Comments string.
destinationNegate Boolean: True if negate is set for destination.
destinations List<String>: Collection of Network objects identified by the name or UID.
enabled Boolean: Enable/Disable the rule.
exceptions List<String>: Collection of the rule's exceptions identified by UID.
ignoreErrors Boolean: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignoreWarnings Boolean: Apply changes ignoring warnings.
installOns List<String>: Which Gateways identified by the name or UID to install the policy on.
layer String: Layer that the rule belongs to identified by the name or UID.
managementThreatRuleId String
name String: Rule name.
position Property Map: Position in the rulebase. Position blocks are documented below.
protectedScopeNegate Boolean: True if negate is set for Protected Scope.
protectedScopes List<String>: Collection of objects defining Protected Scope identified by the name or UID.
serviceNegate Boolean: True if negate is set for service.
services List<String>: Collection of Network objects identified by the name or UID.
sourceNegate Boolean: True if negate is set for source.
sources List<String>: Collection of Network objects identified by the name or UID.
track String: Packet tracking.
trackSettings Property Map: Threat rule track settings. track_settings block are documented below.

Supporting Types

ManagementThreatRulePosition, ManagementThreatRulePositionArgs

Above string: Add rule above specific section/rule identified by uid or name.
Below string: Add rule below specific section/rule identified by uid or name.
Bottom string: Add rule at the bottom of the rulebase.
Top string: Add rule at the top of the rulebase.

Above string: Add rule above specific section/rule identified by uid or name.
Below string: Add rule below specific section/rule identified by uid or name.
Bottom string: Add rule at the bottom of the rulebase.
Top string: Add rule at the top of the rulebase.

above String: Add rule above specific section/rule identified by uid or name.
below String: Add rule below specific section/rule identified by uid or name.
bottom String: Add rule at the bottom of the rulebase.
top String: Add rule at the top of the rulebase.

above string: Add rule above specific section/rule identified by uid or name.
below string: Add rule below specific section/rule identified by uid or name.
bottom string: Add rule at the bottom of the rulebase.
top string: Add rule at the top of the rulebase.

above str: Add rule above specific section/rule identified by uid or name.
below str: Add rule below specific section/rule identified by uid or name.
bottom str: Add rule at the bottom of the rulebase.
top str: Add rule at the top of the rulebase.

above String: Add rule above specific section/rule identified by uid or name.
below String: Add rule below specific section/rule identified by uid or name.
bottom String: Add rule at the bottom of the rulebase.
top String: Add rule at the top of the rulebase.

ManagementThreatRuleTrackSettings, ManagementThreatRuleTrackSettingsArgs

PacketCapture bool: Packet capture.

PacketCapture bool: Packet capture.

packetCapture Boolean: Packet capture.

packetCapture boolean: Packet capture.

packet_capture bool: Packet capture.

packetCapture Boolean: Packet capture.

Import

checkpoint_management_threat_rule can be imported by using the following format: LAYER_NAME;RULE_UID

$ pulumi import checkpoint:index/managementThreatRule:ManagementThreatRule example "Layer_Name;9423d36f-2d66-4754-b9e2-e9f4493751d3"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: checkpoint checkpointsw/terraform-provider-checkpoint
License
Notes: This Pulumi package is based on the checkpoint Terraform Provider.

Viewing docs for checkpoint 3.0.0
published on Monday, Mar 30, 2026 by checkpointsw

Schema (JSON)

checkpointsw/terraform-provider-checkpoint

checkpoint.ManagementThreatRule

On this page

On this page

Create ManagementThreatRule Resource

Constructor syntax

Parameters

Constructor example

ManagementThreatRule Resource Properties

Inputs

Outputs

Look up Existing ManagementThreatRule Resource

Supporting Types

ManagementThreatRulePosition, ManagementThreatRulePositionArgs

ManagementThreatRuleTrackSettings, ManagementThreatRuleTrackSettingsArgs

Import

Package Details

On this page

On this page