1. Packages
  2. Datadog
  3. API Docs
  4. SecurityMonitoringDefaultRule
Datadog v4.23.0 published on Wednesday, Sep 27, 2023 by Pulumi

datadog.SecurityMonitoringDefaultRule

Explore with Pulumi AI

datadog logo
Datadog v4.23.0 published on Wednesday, Sep 27, 2023 by Pulumi

    Provides a Datadog Security Monitoring Rule API resource for default rules. It can only be imported, you can’t create a default rule.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Datadog = Pulumi.Datadog;
    
    return await Deployment.RunAsync(() => 
    {
        var adefaultrule = new Datadog.SecurityMonitoringDefaultRule("adefaultrule", new()
        {
            Cases = new[]
            {
                new Datadog.Inputs.SecurityMonitoringDefaultRuleCaseArgs
                {
                    Notifications = new[]
                    {
                        "@me",
                    },
                    Status = "high",
                },
            },
            Enabled = true,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-datadog/sdk/v4/go/datadog"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := datadog.NewSecurityMonitoringDefaultRule(ctx, "adefaultrule", &datadog.SecurityMonitoringDefaultRuleArgs{
    			Cases: datadog.SecurityMonitoringDefaultRuleCaseArray{
    				&datadog.SecurityMonitoringDefaultRuleCaseArgs{
    					Notifications: pulumi.StringArray{
    						pulumi.String("@me"),
    					},
    					Status: pulumi.String("high"),
    				},
    			},
    			Enabled: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.datadog.SecurityMonitoringDefaultRule;
    import com.pulumi.datadog.SecurityMonitoringDefaultRuleArgs;
    import com.pulumi.datadog.inputs.SecurityMonitoringDefaultRuleCaseArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var adefaultrule = new SecurityMonitoringDefaultRule("adefaultrule", SecurityMonitoringDefaultRuleArgs.builder()        
                .cases(SecurityMonitoringDefaultRuleCaseArgs.builder()
                    .notifications("@me")
                    .status("high")
                    .build())
                .enabled(true)
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_datadog as datadog
    
    adefaultrule = datadog.SecurityMonitoringDefaultRule("adefaultrule",
        cases=[datadog.SecurityMonitoringDefaultRuleCaseArgs(
            notifications=["@me"],
            status="high",
        )],
        enabled=True)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as datadog from "@pulumi/datadog";
    
    const adefaultrule = new datadog.SecurityMonitoringDefaultRule("adefaultrule", {
        cases: [{
            notifications: ["@me"],
            status: "high",
        }],
        enabled: true,
    });
    
    resources:
      adefaultrule:
        type: datadog:SecurityMonitoringDefaultRule
        properties:
          # Change the notifications for the high case
          cases:
            - notifications:
                - '@me'
              status: high
          enabled: true
    

    Create SecurityMonitoringDefaultRule Resource

    new SecurityMonitoringDefaultRule(name: string, args?: SecurityMonitoringDefaultRuleArgs, opts?: CustomResourceOptions);
    @overload
    def SecurityMonitoringDefaultRule(resource_name: str,
                                      opts: Optional[ResourceOptions] = None,
                                      cases: Optional[Sequence[SecurityMonitoringDefaultRuleCaseArgs]] = None,
                                      enabled: Optional[bool] = None,
                                      filters: Optional[Sequence[SecurityMonitoringDefaultRuleFilterArgs]] = None,
                                      options: Optional[SecurityMonitoringDefaultRuleOptionsArgs] = None)
    @overload
    def SecurityMonitoringDefaultRule(resource_name: str,
                                      args: Optional[SecurityMonitoringDefaultRuleArgs] = None,
                                      opts: Optional[ResourceOptions] = None)
    func NewSecurityMonitoringDefaultRule(ctx *Context, name string, args *SecurityMonitoringDefaultRuleArgs, opts ...ResourceOption) (*SecurityMonitoringDefaultRule, error)
    public SecurityMonitoringDefaultRule(string name, SecurityMonitoringDefaultRuleArgs? args = null, CustomResourceOptions? opts = null)
    public SecurityMonitoringDefaultRule(String name, SecurityMonitoringDefaultRuleArgs args)
    public SecurityMonitoringDefaultRule(String name, SecurityMonitoringDefaultRuleArgs args, CustomResourceOptions options)
    
    type: datadog:SecurityMonitoringDefaultRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SecurityMonitoringDefaultRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecurityMonitoringDefaultRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecurityMonitoringDefaultRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecurityMonitoringDefaultRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecurityMonitoringDefaultRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SecurityMonitoringDefaultRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SecurityMonitoringDefaultRule resource accepts the following input properties:

    Cases List<SecurityMonitoringDefaultRuleCase>

    Cases of the rule, this is used to update notifications.

    Enabled bool

    Enable the rule.

    Filters List<SecurityMonitoringDefaultRuleFilter>

    Additional queries to filter matched events before they are processed.

    Options SecurityMonitoringDefaultRuleOptions

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    Cases []SecurityMonitoringDefaultRuleCaseArgs

    Cases of the rule, this is used to update notifications.

    Enabled bool

    Enable the rule.

    Filters []SecurityMonitoringDefaultRuleFilterArgs

    Additional queries to filter matched events before they are processed.

    Options SecurityMonitoringDefaultRuleOptionsArgs

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    cases List<SecurityMonitoringDefaultRuleCase>

    Cases of the rule, this is used to update notifications.

    enabled Boolean

    Enable the rule.

    filters List<SecurityMonitoringDefaultRuleFilter>

    Additional queries to filter matched events before they are processed.

    options SecurityMonitoringDefaultRuleOptions

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    cases SecurityMonitoringDefaultRuleCase[]

    Cases of the rule, this is used to update notifications.

    enabled boolean

    Enable the rule.

    filters SecurityMonitoringDefaultRuleFilter[]

    Additional queries to filter matched events before they are processed.

    options SecurityMonitoringDefaultRuleOptions

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    cases Sequence[SecurityMonitoringDefaultRuleCaseArgs]

    Cases of the rule, this is used to update notifications.

    enabled bool

    Enable the rule.

    filters Sequence[SecurityMonitoringDefaultRuleFilterArgs]

    Additional queries to filter matched events before they are processed.

    options SecurityMonitoringDefaultRuleOptionsArgs

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    cases List<Property Map>

    Cases of the rule, this is used to update notifications.

    enabled Boolean

    Enable the rule.

    filters List<Property Map>

    Additional queries to filter matched events before they are processed.

    options Property Map

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecurityMonitoringDefaultRule resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Type string

    The rule type.

    Id string

    The provider-assigned unique ID for this managed resource.

    Type string

    The rule type.

    id String

    The provider-assigned unique ID for this managed resource.

    type String

    The rule type.

    id string

    The provider-assigned unique ID for this managed resource.

    type string

    The rule type.

    id str

    The provider-assigned unique ID for this managed resource.

    type str

    The rule type.

    id String

    The provider-assigned unique ID for this managed resource.

    type String

    The rule type.

    Look up Existing SecurityMonitoringDefaultRule Resource

    Get an existing SecurityMonitoringDefaultRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecurityMonitoringDefaultRuleState, opts?: CustomResourceOptions): SecurityMonitoringDefaultRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            cases: Optional[Sequence[SecurityMonitoringDefaultRuleCaseArgs]] = None,
            enabled: Optional[bool] = None,
            filters: Optional[Sequence[SecurityMonitoringDefaultRuleFilterArgs]] = None,
            options: Optional[SecurityMonitoringDefaultRuleOptionsArgs] = None,
            type: Optional[str] = None) -> SecurityMonitoringDefaultRule
    func GetSecurityMonitoringDefaultRule(ctx *Context, name string, id IDInput, state *SecurityMonitoringDefaultRuleState, opts ...ResourceOption) (*SecurityMonitoringDefaultRule, error)
    public static SecurityMonitoringDefaultRule Get(string name, Input<string> id, SecurityMonitoringDefaultRuleState? state, CustomResourceOptions? opts = null)
    public static SecurityMonitoringDefaultRule get(String name, Output<String> id, SecurityMonitoringDefaultRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Cases List<SecurityMonitoringDefaultRuleCase>

    Cases of the rule, this is used to update notifications.

    Enabled bool

    Enable the rule.

    Filters List<SecurityMonitoringDefaultRuleFilter>

    Additional queries to filter matched events before they are processed.

    Options SecurityMonitoringDefaultRuleOptions

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    Type string

    The rule type.

    Cases []SecurityMonitoringDefaultRuleCaseArgs

    Cases of the rule, this is used to update notifications.

    Enabled bool

    Enable the rule.

    Filters []SecurityMonitoringDefaultRuleFilterArgs

    Additional queries to filter matched events before they are processed.

    Options SecurityMonitoringDefaultRuleOptionsArgs

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    Type string

    The rule type.

    cases List<SecurityMonitoringDefaultRuleCase>

    Cases of the rule, this is used to update notifications.

    enabled Boolean

    Enable the rule.

    filters List<SecurityMonitoringDefaultRuleFilter>

    Additional queries to filter matched events before they are processed.

    options SecurityMonitoringDefaultRuleOptions

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    type String

    The rule type.

    cases SecurityMonitoringDefaultRuleCase[]

    Cases of the rule, this is used to update notifications.

    enabled boolean

    Enable the rule.

    filters SecurityMonitoringDefaultRuleFilter[]

    Additional queries to filter matched events before they are processed.

    options SecurityMonitoringDefaultRuleOptions

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    type string

    The rule type.

    cases Sequence[SecurityMonitoringDefaultRuleCaseArgs]

    Cases of the rule, this is used to update notifications.

    enabled bool

    Enable the rule.

    filters Sequence[SecurityMonitoringDefaultRuleFilterArgs]

    Additional queries to filter matched events before they are processed.

    options SecurityMonitoringDefaultRuleOptionsArgs

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    type str

    The rule type.

    cases List<Property Map>

    Cases of the rule, this is used to update notifications.

    enabled Boolean

    Enable the rule.

    filters List<Property Map>

    Additional queries to filter matched events before they are processed.

    options Property Map

    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    type String

    The rule type.

    Supporting Types

    SecurityMonitoringDefaultRuleCase, SecurityMonitoringDefaultRuleCaseArgs

    Notifications List<string>

    Notification targets for each rule case.

    Status string

    Status of the rule case to match. Valid values are info, low, medium, high, critical.

    Notifications []string

    Notification targets for each rule case.

    Status string

    Status of the rule case to match. Valid values are info, low, medium, high, critical.

    notifications List<String>

    Notification targets for each rule case.

    status String

    Status of the rule case to match. Valid values are info, low, medium, high, critical.

    notifications string[]

    Notification targets for each rule case.

    status string

    Status of the rule case to match. Valid values are info, low, medium, high, critical.

    notifications Sequence[str]

    Notification targets for each rule case.

    status str

    Status of the rule case to match. Valid values are info, low, medium, high, critical.

    notifications List<String>

    Notification targets for each rule case.

    status String

    Status of the rule case to match. Valid values are info, low, medium, high, critical.

    SecurityMonitoringDefaultRuleFilter, SecurityMonitoringDefaultRuleFilterArgs

    Action string

    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.

    Query string

    Query for selecting logs to apply the filtering action.

    Action string

    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.

    Query string

    Query for selecting logs to apply the filtering action.

    action String

    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.

    query String

    Query for selecting logs to apply the filtering action.

    action string

    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.

    query string

    Query for selecting logs to apply the filtering action.

    action str

    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.

    query str

    Query for selecting logs to apply the filtering action.

    action String

    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.

    query String

    Query for selecting logs to apply the filtering action.

    SecurityMonitoringDefaultRuleOptions, SecurityMonitoringDefaultRuleOptionsArgs

    DecreaseCriticalityBasedOnEnv bool

    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection.

    DecreaseCriticalityBasedOnEnv bool

    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection.

    decreaseCriticalityBasedOnEnv Boolean

    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection.

    decreaseCriticalityBasedOnEnv boolean

    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection.

    decrease_criticality_based_on_env bool

    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection.

    decreaseCriticalityBasedOnEnv Boolean

    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection.

    Import

    Default rules need to be imported using their ID before applying. resource “datadog_security_monitoring_default_rule” “adefaultrule” { }

     $ pulumi import datadog:index/securityMonitoringDefaultRule:SecurityMonitoringDefaultRule adefaultrule m0o-hto-lkb
    

    Package Details

    Repository
    Datadog pulumi/pulumi-datadog
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the datadog Terraform Provider.

    datadog logo
    Datadog v4.23.0 published on Wednesday, Sep 27, 2023 by Pulumi