Docs Home
Datadog v4.52.0 published on Monday, Jul 14, 2025 by Pulumi
datadog.CsmThreatsAgentRule
Explore with Pulumi AI
Provides a Datadog CSM Threats Agent Rule API resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as datadog from "@pulumi/datadog";
const myAgentRule = new datadog.CsmThreatsAgentRule("my_agent_rule", {
name: "my_agent_rule",
enabled: true,
description: "im a rule",
expression: "open.file.name == \"etc/shadow/password\"",
});
import pulumi
import pulumi_datadog as datadog
my_agent_rule = datadog.CsmThreatsAgentRule("my_agent_rule",
name="my_agent_rule",
enabled=True,
description="im a rule",
expression="open.file.name == \"etc/shadow/password\"")
package main
import (
"github.com/pulumi/pulumi-datadog/sdk/v4/go/datadog"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := datadog.NewCsmThreatsAgentRule(ctx, "my_agent_rule", &datadog.CsmThreatsAgentRuleArgs{
Name: pulumi.String("my_agent_rule"),
Enabled: pulumi.Bool(true),
Description: pulumi.String("im a rule"),
Expression: pulumi.String("open.file.name == \"etc/shadow/password\""),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Datadog = Pulumi.Datadog;
return await Deployment.RunAsync(() =>
{
var myAgentRule = new Datadog.CsmThreatsAgentRule("my_agent_rule", new()
{
Name = "my_agent_rule",
Enabled = true,
Description = "im a rule",
Expression = "open.file.name == \"etc/shadow/password\"",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.datadog.CsmThreatsAgentRule;
import com.pulumi.datadog.CsmThreatsAgentRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myAgentRule = new CsmThreatsAgentRule("myAgentRule", CsmThreatsAgentRuleArgs.builder()
.name("my_agent_rule")
.enabled(true)
.description("im a rule")
.expression("open.file.name == \"etc/shadow/password\"")
.build());
}
}
resources:
myAgentRule:
type: datadog:CsmThreatsAgentRule
name: my_agent_rule
properties:
name: my_agent_rule
enabled: true
description: im a rule
expression: open.file.name == "etc/shadow/password"
Create CsmThreatsAgentRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CsmThreatsAgentRule(name: string, args: CsmThreatsAgentRuleArgs, opts?: CustomResourceOptions);@overload
def CsmThreatsAgentRule(resource_name: str,
args: CsmThreatsAgentRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CsmThreatsAgentRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
expression: Optional[str] = None,
name: Optional[str] = None,
actions: Optional[Sequence[CsmThreatsAgentRuleActionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
policy_id: Optional[str] = None,
product_tags: Optional[Sequence[str]] = None)func NewCsmThreatsAgentRule(ctx *Context, name string, args CsmThreatsAgentRuleArgs, opts ...ResourceOption) (*CsmThreatsAgentRule, error)public CsmThreatsAgentRule(string name, CsmThreatsAgentRuleArgs args, CustomResourceOptions? opts = null)
public CsmThreatsAgentRule(String name, CsmThreatsAgentRuleArgs args)
public CsmThreatsAgentRule(String name, CsmThreatsAgentRuleArgs args, CustomResourceOptions options)
type: datadog:CsmThreatsAgentRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CsmThreatsAgentRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CsmThreatsAgentRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CsmThreatsAgentRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CsmThreatsAgentRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CsmThreatsAgentRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var csmThreatsAgentRuleResource = new Datadog.CsmThreatsAgentRule("csmThreatsAgentRuleResource", new()
{
Expression = "string",
Name = "string",
Actions = new[]
{
new Datadog.Inputs.CsmThreatsAgentRuleActionArgs
{
Hash = null,
Set = new Datadog.Inputs.CsmThreatsAgentRuleActionSetArgs
{
Name = "string",
Append = false,
Field = "string",
Scope = "string",
Size = 0,
Ttl = 0,
Value = "string",
},
},
},
Description = "string",
Enabled = false,
PolicyId = "string",
ProductTags = new[]
{
"string",
},
});
example, err := datadog.NewCsmThreatsAgentRule(ctx, "csmThreatsAgentRuleResource", &datadog.CsmThreatsAgentRuleArgs{
Expression: pulumi.String("string"),
Name: pulumi.String("string"),
Actions: datadog.CsmThreatsAgentRuleActionArray{
&datadog.CsmThreatsAgentRuleActionArgs{
Hash: &datadog.CsmThreatsAgentRuleActionHashArgs{},
Set: &datadog.CsmThreatsAgentRuleActionSetArgs{
Name: pulumi.String("string"),
Append: pulumi.Bool(false),
Field: pulumi.String("string"),
Scope: pulumi.String("string"),
Size: pulumi.Int(0),
Ttl: pulumi.Int(0),
Value: pulumi.String("string"),
},
},
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
PolicyId: pulumi.String("string"),
ProductTags: pulumi.StringArray{
pulumi.String("string"),
},
})
var csmThreatsAgentRuleResource = new CsmThreatsAgentRule("csmThreatsAgentRuleResource", CsmThreatsAgentRuleArgs.builder()
.expression("string")
.name("string")
.actions(CsmThreatsAgentRuleActionArgs.builder()
.hash(CsmThreatsAgentRuleActionHashArgs.builder()
.build())
.set(CsmThreatsAgentRuleActionSetArgs.builder()
.name("string")
.append(false)
.field("string")
.scope("string")
.size(0)
.ttl(0)
.value("string")
.build())
.build())
.description("string")
.enabled(false)
.policyId("string")
.productTags("string")
.build());
csm_threats_agent_rule_resource = datadog.CsmThreatsAgentRule("csmThreatsAgentRuleResource",
expression="string",
name="string",
actions=[{
"hash": {},
"set": {
"name": "string",
"append": False,
"field": "string",
"scope": "string",
"size": 0,
"ttl": 0,
"value": "string",
},
}],
description="string",
enabled=False,
policy_id="string",
product_tags=["string"])
const csmThreatsAgentRuleResource = new datadog.CsmThreatsAgentRule("csmThreatsAgentRuleResource", {
expression: "string",
name: "string",
actions: [{
hash: {},
set: {
name: "string",
append: false,
field: "string",
scope: "string",
size: 0,
ttl: 0,
value: "string",
},
}],
description: "string",
enabled: false,
policyId: "string",
productTags: ["string"],
});
type: datadog:CsmThreatsAgentRule
properties:
actions:
- hash: {}
set:
append: false
field: string
name: string
scope: string
size: 0
ttl: 0
value: string
description: string
enabled: false
expression: string
name: string
policyId: string
productTags:
- string
CsmThreatsAgentRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CsmThreatsAgentRule resource accepts the following input properties:
- Expression string
- The SECL expression of the Agent rule
- Name string
- The name of the Agent rule.
- Actions
List<Csm
Threats Agent Rule Action> - The list of actions the rule can perform
- Description string
- A description for the Agent rule.
- Enabled bool
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- Policy
Id string - The ID of the agent policy in which the rule is saved
- List<string>
- The list of product tags associated with the rule
- Expression string
- The SECL expression of the Agent rule
- Name string
- The name of the Agent rule.
- Actions
[]Csm
Threats Agent Rule Action Args - The list of actions the rule can perform
- Description string
- A description for the Agent rule.
- Enabled bool
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- Policy
Id string - The ID of the agent policy in which the rule is saved
- []string
- The list of product tags associated with the rule
- expression String
- The SECL expression of the Agent rule
- name String
- The name of the Agent rule.
- actions
List<Csm
Threats Agent Rule Action> - The list of actions the rule can perform
- description String
- A description for the Agent rule.
- enabled Boolean
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- policy
Id String - The ID of the agent policy in which the rule is saved
- List<String>
- The list of product tags associated with the rule
- expression string
- The SECL expression of the Agent rule
- name string
- The name of the Agent rule.
- actions
Csm
Threats Agent Rule Action[] - The list of actions the rule can perform
- description string
- A description for the Agent rule.
- enabled boolean
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- policy
Id string - The ID of the agent policy in which the rule is saved
- string[]
- The list of product tags associated with the rule
- expression str
- The SECL expression of the Agent rule
- name str
- The name of the Agent rule.
- actions
Sequence[Csm
Threats Agent Rule Action Args] - The list of actions the rule can perform
- description str
- A description for the Agent rule.
- enabled bool
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- policy_
id str - The ID of the agent policy in which the rule is saved
- Sequence[str]
- The list of product tags associated with the rule
- expression String
- The SECL expression of the Agent rule
- name String
- The name of the Agent rule.
- actions List<Property Map>
- The list of actions the rule can perform
- description String
- A description for the Agent rule.
- enabled Boolean
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- policy
Id String - The ID of the agent policy in which the rule is saved
- List<String>
- The list of product tags associated with the rule
Outputs
All input properties are implicitly available as output properties. Additionally, the CsmThreatsAgentRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing CsmThreatsAgentRule Resource
Get an existing CsmThreatsAgentRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CsmThreatsAgentRuleState, opts?: CustomResourceOptions): CsmThreatsAgentRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[CsmThreatsAgentRuleActionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
expression: Optional[str] = None,
name: Optional[str] = None,
policy_id: Optional[str] = None,
product_tags: Optional[Sequence[str]] = None) -> CsmThreatsAgentRulefunc GetCsmThreatsAgentRule(ctx *Context, name string, id IDInput, state *CsmThreatsAgentRuleState, opts ...ResourceOption) (*CsmThreatsAgentRule, error)public static CsmThreatsAgentRule Get(string name, Input<string> id, CsmThreatsAgentRuleState? state, CustomResourceOptions? opts = null)public static CsmThreatsAgentRule get(String name, Output<String> id, CsmThreatsAgentRuleState state, CustomResourceOptions options)resources: _: type: datadog:CsmThreatsAgentRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions
List<Csm
Threats Agent Rule Action> - The list of actions the rule can perform
- Description string
- A description for the Agent rule.
- Enabled bool
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- Expression string
- The SECL expression of the Agent rule
- Name string
- The name of the Agent rule.
- Policy
Id string - The ID of the agent policy in which the rule is saved
- List<string>
- The list of product tags associated with the rule
- Actions
[]Csm
Threats Agent Rule Action Args - The list of actions the rule can perform
- Description string
- A description for the Agent rule.
- Enabled bool
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- Expression string
- The SECL expression of the Agent rule
- Name string
- The name of the Agent rule.
- Policy
Id string - The ID of the agent policy in which the rule is saved
- []string
- The list of product tags associated with the rule
- actions
List<Csm
Threats Agent Rule Action> - The list of actions the rule can perform
- description String
- A description for the Agent rule.
- enabled Boolean
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- expression String
- The SECL expression of the Agent rule
- name String
- The name of the Agent rule.
- policy
Id String - The ID of the agent policy in which the rule is saved
- List<String>
- The list of product tags associated with the rule
- actions
Csm
Threats Agent Rule Action[] - The list of actions the rule can perform
- description string
- A description for the Agent rule.
- enabled boolean
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- expression string
- The SECL expression of the Agent rule
- name string
- The name of the Agent rule.
- policy
Id string - The ID of the agent policy in which the rule is saved
- string[]
- The list of product tags associated with the rule
- actions
Sequence[Csm
Threats Agent Rule Action Args] - The list of actions the rule can perform
- description str
- A description for the Agent rule.
- enabled bool
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- expression str
- The SECL expression of the Agent rule
- name str
- The name of the Agent rule.
- policy_
id str - The ID of the agent policy in which the rule is saved
- Sequence[str]
- The list of product tags associated with the rule
- actions List<Property Map>
- The list of actions the rule can perform
- description String
- A description for the Agent rule.
- enabled Boolean
- Indicates whether the Agent rule is enabled. Must not be used without policy_id.
- expression String
- The SECL expression of the Agent rule
- name String
- The name of the Agent rule.
- policy
Id String - The ID of the agent policy in which the rule is saved
- List<String>
- The list of product tags associated with the rule
Supporting Types
CsmThreatsAgentRuleAction, CsmThreatsAgentRuleActionArgs
- Hash
Csm
Threats Agent Rule Action Hash - Hash action configuration
- Set
Csm
Threats Agent Rule Action Set - Set action configuration
- Hash
Csm
Threats Agent Rule Action Hash - Hash action configuration
- Set
Csm
Threats Agent Rule Action Set - Set action configuration
- hash
Csm
Threats Agent Rule Action Hash - Hash action configuration
- set
Csm
Threats Agent Rule Action Set - Set action configuration
- hash
Csm
Threats Agent Rule Action Hash - Hash action configuration
- set
Csm
Threats Agent Rule Action Set - Set action configuration
- hash
Csm
Threats Agent Rule Action Hash - Hash action configuration
- set
Csm
Threats Agent Rule Action Set - Set action configuration
- hash Property Map
- Hash action configuration
- set Property Map
- Set action configuration
CsmThreatsAgentRuleActionSet, CsmThreatsAgentRuleActionSetArgs
- Name string
- The name of the set action
- Append bool
- Whether to append to the set
- Field string
- The field to get the value from
- Scope string
- The scope of the set action (process, container, cgroup, or empty)
- Size int
- The maximum size of the set
- Ttl int
- The time to live for the set in nanoseconds
- Value string
- The value to set
- Name string
- The name of the set action
- Append bool
- Whether to append to the set
- Field string
- The field to get the value from
- Scope string
- The scope of the set action (process, container, cgroup, or empty)
- Size int
- The maximum size of the set
- Ttl int
- The time to live for the set in nanoseconds
- Value string
- The value to set
- name String
- The name of the set action
- append Boolean
- Whether to append to the set
- field String
- The field to get the value from
- scope String
- The scope of the set action (process, container, cgroup, or empty)
- size Integer
- The maximum size of the set
- ttl Integer
- The time to live for the set in nanoseconds
- value String
- The value to set
- name string
- The name of the set action
- append boolean
- Whether to append to the set
- field string
- The field to get the value from
- scope string
- The scope of the set action (process, container, cgroup, or empty)
- size number
- The maximum size of the set
- ttl number
- The time to live for the set in nanoseconds
- value string
- The value to set
- name String
- The name of the set action
- append Boolean
- Whether to append to the set
- field String
- The field to get the value from
- scope String
- The scope of the set action (process, container, cgroup, or empty)
- size Number
- The maximum size of the set
- ttl Number
- The time to live for the set in nanoseconds
- value String
- The value to set
Import
The pulumi import command can be used, for example:
CSM Agent Rules can be imported using ID. For example:
$ pulumi import datadog:index/csmThreatsAgentRule:CsmThreatsAgentRule my_agent_rule m0o-hto-lkb
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Datadog pulumi/pulumi-datadog
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
datadogTerraform Provider.