Docs Home
Datadog v4.49.0 published on Thursday, Apr 17, 2025 by Pulumi
datadog.SecurityMonitoringDefaultRule
Explore with Pulumi AI
Provides a Datadog Security Monitoring Rule API resource for default rules. It can only be imported, you can’t create a default rule.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as datadog from "@pulumi/datadog";
const adefaultrule = new datadog.SecurityMonitoringDefaultRule("adefaultrule", {
enabled: true,
cases: [{
status: "high",
notifications: ["@me"],
}],
});
import pulumi
import pulumi_datadog as datadog
adefaultrule = datadog.SecurityMonitoringDefaultRule("adefaultrule",
enabled=True,
cases=[{
"status": "high",
"notifications": ["@me"],
}])
package main
import (
"github.com/pulumi/pulumi-datadog/sdk/v4/go/datadog"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := datadog.NewSecurityMonitoringDefaultRule(ctx, "adefaultrule", &datadog.SecurityMonitoringDefaultRuleArgs{
Enabled: pulumi.Bool(true),
Cases: datadog.SecurityMonitoringDefaultRuleCaseArray{
&datadog.SecurityMonitoringDefaultRuleCaseArgs{
Status: pulumi.String("high"),
Notifications: pulumi.StringArray{
pulumi.String("@me"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Datadog = Pulumi.Datadog;
return await Deployment.RunAsync(() =>
{
var adefaultrule = new Datadog.SecurityMonitoringDefaultRule("adefaultrule", new()
{
Enabled = true,
Cases = new[]
{
new Datadog.Inputs.SecurityMonitoringDefaultRuleCaseArgs
{
Status = "high",
Notifications = new[]
{
"@me",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.datadog.SecurityMonitoringDefaultRule;
import com.pulumi.datadog.SecurityMonitoringDefaultRuleArgs;
import com.pulumi.datadog.inputs.SecurityMonitoringDefaultRuleCaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var adefaultrule = new SecurityMonitoringDefaultRule("adefaultrule", SecurityMonitoringDefaultRuleArgs.builder()
.enabled(true)
.cases(SecurityMonitoringDefaultRuleCaseArgs.builder()
.status("high")
.notifications("@me")
.build())
.build());
}
}
resources:
adefaultrule:
type: datadog:SecurityMonitoringDefaultRule
properties:
enabled: true # Change the notifications for the high case
cases:
- status: high
notifications:
- '@me'
Create SecurityMonitoringDefaultRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecurityMonitoringDefaultRule(name: string, args?: SecurityMonitoringDefaultRuleArgs, opts?: CustomResourceOptions);@overload
def SecurityMonitoringDefaultRule(resource_name: str,
args: Optional[SecurityMonitoringDefaultRuleArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def SecurityMonitoringDefaultRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
cases: Optional[Sequence[SecurityMonitoringDefaultRuleCaseArgs]] = None,
custom_tags: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
filters: Optional[Sequence[SecurityMonitoringDefaultRuleFilterArgs]] = None,
options: Optional[SecurityMonitoringDefaultRuleOptionsArgs] = None)func NewSecurityMonitoringDefaultRule(ctx *Context, name string, args *SecurityMonitoringDefaultRuleArgs, opts ...ResourceOption) (*SecurityMonitoringDefaultRule, error)public SecurityMonitoringDefaultRule(string name, SecurityMonitoringDefaultRuleArgs? args = null, CustomResourceOptions? opts = null)
public SecurityMonitoringDefaultRule(String name, SecurityMonitoringDefaultRuleArgs args)
public SecurityMonitoringDefaultRule(String name, SecurityMonitoringDefaultRuleArgs args, CustomResourceOptions options)
type: datadog:SecurityMonitoringDefaultRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecurityMonitoringDefaultRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecurityMonitoringDefaultRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecurityMonitoringDefaultRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecurityMonitoringDefaultRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecurityMonitoringDefaultRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var securityMonitoringDefaultRuleResource = new Datadog.SecurityMonitoringDefaultRule("securityMonitoringDefaultRuleResource", new()
{
Cases = new[]
{
new Datadog.Inputs.SecurityMonitoringDefaultRuleCaseArgs
{
Notifications = new[]
{
"string",
},
Status = "string",
},
},
CustomTags = new[]
{
"string",
},
Enabled = false,
Filters = new[]
{
new Datadog.Inputs.SecurityMonitoringDefaultRuleFilterArgs
{
Action = "string",
Query = "string",
},
},
Options = new Datadog.Inputs.SecurityMonitoringDefaultRuleOptionsArgs
{
DecreaseCriticalityBasedOnEnv = false,
},
});
example, err := datadog.NewSecurityMonitoringDefaultRule(ctx, "securityMonitoringDefaultRuleResource", &datadog.SecurityMonitoringDefaultRuleArgs{
Cases: datadog.SecurityMonitoringDefaultRuleCaseArray{
&datadog.SecurityMonitoringDefaultRuleCaseArgs{
Notifications: pulumi.StringArray{
pulumi.String("string"),
},
Status: pulumi.String("string"),
},
},
CustomTags: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
Filters: datadog.SecurityMonitoringDefaultRuleFilterArray{
&datadog.SecurityMonitoringDefaultRuleFilterArgs{
Action: pulumi.String("string"),
Query: pulumi.String("string"),
},
},
Options: &datadog.SecurityMonitoringDefaultRuleOptionsArgs{
DecreaseCriticalityBasedOnEnv: pulumi.Bool(false),
},
})
var securityMonitoringDefaultRuleResource = new SecurityMonitoringDefaultRule("securityMonitoringDefaultRuleResource", SecurityMonitoringDefaultRuleArgs.builder()
.cases(SecurityMonitoringDefaultRuleCaseArgs.builder()
.notifications("string")
.status("string")
.build())
.customTags("string")
.enabled(false)
.filters(SecurityMonitoringDefaultRuleFilterArgs.builder()
.action("string")
.query("string")
.build())
.options(SecurityMonitoringDefaultRuleOptionsArgs.builder()
.decreaseCriticalityBasedOnEnv(false)
.build())
.build());
security_monitoring_default_rule_resource = datadog.SecurityMonitoringDefaultRule("securityMonitoringDefaultRuleResource",
cases=[{
"notifications": ["string"],
"status": "string",
}],
custom_tags=["string"],
enabled=False,
filters=[{
"action": "string",
"query": "string",
}],
options={
"decrease_criticality_based_on_env": False,
})
const securityMonitoringDefaultRuleResource = new datadog.SecurityMonitoringDefaultRule("securityMonitoringDefaultRuleResource", {
cases: [{
notifications: ["string"],
status: "string",
}],
customTags: ["string"],
enabled: false,
filters: [{
action: "string",
query: "string",
}],
options: {
decreaseCriticalityBasedOnEnv: false,
},
});
type: datadog:SecurityMonitoringDefaultRule
properties:
cases:
- notifications:
- string
status: string
customTags:
- string
enabled: false
filters:
- action: string
query: string
options:
decreaseCriticalityBasedOnEnv: false
SecurityMonitoringDefaultRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecurityMonitoringDefaultRule resource accepts the following input properties:
- Cases
List<Security
Monitoring Default Rule Case> - Cases of the rule, this is used to update notifications.
- List<string>
- Custom tags for generated signals.
- Enabled bool
- Enable the rule. Defaults to
true. - Filters
List<Security
Monitoring Default Rule Filter> - Additional queries to filter matched events before they are processed.
- Options
Security
Monitoring Default Rule Options - Options on default rules. Note that only a subset of fields can be updated on default rule options.
- Cases
[]Security
Monitoring Default Rule Case Args - Cases of the rule, this is used to update notifications.
- []string
- Custom tags for generated signals.
- Enabled bool
- Enable the rule. Defaults to
true. - Filters
[]Security
Monitoring Default Rule Filter Args - Additional queries to filter matched events before they are processed.
- Options
Security
Monitoring Default Rule Options Args - Options on default rules. Note that only a subset of fields can be updated on default rule options.
- cases
List<Security
Monitoring Default Rule Case> - Cases of the rule, this is used to update notifications.
- List<String>
- Custom tags for generated signals.
- enabled Boolean
- Enable the rule. Defaults to
true. - filters
List<Security
Monitoring Default Rule Filter> - Additional queries to filter matched events before they are processed.
- options
Security
Monitoring Default Rule Options - Options on default rules. Note that only a subset of fields can be updated on default rule options.
- cases
Security
Monitoring Default Rule Case[] - Cases of the rule, this is used to update notifications.
- string[]
- Custom tags for generated signals.
- enabled boolean
- Enable the rule. Defaults to
true. - filters
Security
Monitoring Default Rule Filter[] - Additional queries to filter matched events before they are processed.
- options
Security
Monitoring Default Rule Options - Options on default rules. Note that only a subset of fields can be updated on default rule options.
- cases
Sequence[Security
Monitoring Default Rule Case Args] - Cases of the rule, this is used to update notifications.
- Sequence[str]
- Custom tags for generated signals.
- enabled bool
- Enable the rule. Defaults to
true. - filters
Sequence[Security
Monitoring Default Rule Filter Args] - Additional queries to filter matched events before they are processed.
- options
Security
Monitoring Default Rule Options Args - Options on default rules. Note that only a subset of fields can be updated on default rule options.
- cases List<Property Map>
- Cases of the rule, this is used to update notifications.
- List<String>
- Custom tags for generated signals.
- enabled Boolean
- Enable the rule. Defaults to
true. - filters List<Property Map>
- Additional queries to filter matched events before they are processed.
- options Property Map
- Options on default rules. Note that only a subset of fields can be updated on default rule options.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecurityMonitoringDefaultRule resource produces the following output properties:
Look up Existing SecurityMonitoringDefaultRule Resource
Get an existing SecurityMonitoringDefaultRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecurityMonitoringDefaultRuleState, opts?: CustomResourceOptions): SecurityMonitoringDefaultRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cases: Optional[Sequence[SecurityMonitoringDefaultRuleCaseArgs]] = None,
custom_tags: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
filters: Optional[Sequence[SecurityMonitoringDefaultRuleFilterArgs]] = None,
options: Optional[SecurityMonitoringDefaultRuleOptionsArgs] = None,
type: Optional[str] = None) -> SecurityMonitoringDefaultRulefunc GetSecurityMonitoringDefaultRule(ctx *Context, name string, id IDInput, state *SecurityMonitoringDefaultRuleState, opts ...ResourceOption) (*SecurityMonitoringDefaultRule, error)public static SecurityMonitoringDefaultRule Get(string name, Input<string> id, SecurityMonitoringDefaultRuleState? state, CustomResourceOptions? opts = null)public static SecurityMonitoringDefaultRule get(String name, Output<String> id, SecurityMonitoringDefaultRuleState state, CustomResourceOptions options)resources: _: type: datadog:SecurityMonitoringDefaultRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cases
List<Security
Monitoring Default Rule Case> - Cases of the rule, this is used to update notifications.
- List<string>
- Custom tags for generated signals.
- Enabled bool
- Enable the rule. Defaults to
true. - Filters
List<Security
Monitoring Default Rule Filter> - Additional queries to filter matched events before they are processed.
- Options
Security
Monitoring Default Rule Options - Options on default rules. Note that only a subset of fields can be updated on default rule options.
- Type string
- The rule type.
- Cases
[]Security
Monitoring Default Rule Case Args - Cases of the rule, this is used to update notifications.
- []string
- Custom tags for generated signals.
- Enabled bool
- Enable the rule. Defaults to
true. - Filters
[]Security
Monitoring Default Rule Filter Args - Additional queries to filter matched events before they are processed.
- Options
Security
Monitoring Default Rule Options Args - Options on default rules. Note that only a subset of fields can be updated on default rule options.
- Type string
- The rule type.
- cases
List<Security
Monitoring Default Rule Case> - Cases of the rule, this is used to update notifications.
- List<String>
- Custom tags for generated signals.
- enabled Boolean
- Enable the rule. Defaults to
true. - filters
List<Security
Monitoring Default Rule Filter> - Additional queries to filter matched events before they are processed.
- options
Security
Monitoring Default Rule Options - Options on default rules. Note that only a subset of fields can be updated on default rule options.
- type String
- The rule type.
- cases
Security
Monitoring Default Rule Case[] - Cases of the rule, this is used to update notifications.
- string[]
- Custom tags for generated signals.
- enabled boolean
- Enable the rule. Defaults to
true. - filters
Security
Monitoring Default Rule Filter[] - Additional queries to filter matched events before they are processed.
- options
Security
Monitoring Default Rule Options - Options on default rules. Note that only a subset of fields can be updated on default rule options.
- type string
- The rule type.
- cases
Sequence[Security
Monitoring Default Rule Case Args] - Cases of the rule, this is used to update notifications.
- Sequence[str]
- Custom tags for generated signals.
- enabled bool
- Enable the rule. Defaults to
true. - filters
Sequence[Security
Monitoring Default Rule Filter Args] - Additional queries to filter matched events before they are processed.
- options
Security
Monitoring Default Rule Options Args - Options on default rules. Note that only a subset of fields can be updated on default rule options.
- type str
- The rule type.
- cases List<Property Map>
- Cases of the rule, this is used to update notifications.
- List<String>
- Custom tags for generated signals.
- enabled Boolean
- Enable the rule. Defaults to
true. - filters List<Property Map>
- Additional queries to filter matched events before they are processed.
- options Property Map
- Options on default rules. Note that only a subset of fields can be updated on default rule options.
- type String
- The rule type.
Supporting Types
SecurityMonitoringDefaultRuleCase, SecurityMonitoringDefaultRuleCaseArgs
- Notifications List<string>
- Notification targets for each rule case.
- Status string
- Status of the rule case to match. Valid values are
info,low,medium,high,critical.
- Notifications []string
- Notification targets for each rule case.
- Status string
- Status of the rule case to match. Valid values are
info,low,medium,high,critical.
- notifications List<String>
- Notification targets for each rule case.
- status String
- Status of the rule case to match. Valid values are
info,low,medium,high,critical.
- notifications string[]
- Notification targets for each rule case.
- status string
- Status of the rule case to match. Valid values are
info,low,medium,high,critical.
- notifications Sequence[str]
- Notification targets for each rule case.
- status str
- Status of the rule case to match. Valid values are
info,low,medium,high,critical.
- notifications List<String>
- Notification targets for each rule case.
- status String
- Status of the rule case to match. Valid values are
info,low,medium,high,critical.
SecurityMonitoringDefaultRuleFilter, SecurityMonitoringDefaultRuleFilterArgs
SecurityMonitoringDefaultRuleOptions, SecurityMonitoringDefaultRuleOptionsArgs
- Decrease
Criticality boolBased On Env - If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with
staging,test, ordev. Only available when the rule type islog_detection. Defaults tofalse.
- Decrease
Criticality boolBased On Env - If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with
staging,test, ordev. Only available when the rule type islog_detection. Defaults tofalse.
- decrease
Criticality BooleanBased On Env - If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with
staging,test, ordev. Only available when the rule type islog_detection. Defaults tofalse.
- decrease
Criticality booleanBased On Env - If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with
staging,test, ordev. Only available when the rule type islog_detection. Defaults tofalse.
- decrease_
criticality_ boolbased_ on_ env - If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with
staging,test, ordev. Only available when the rule type islog_detection. Defaults tofalse.
- decrease
Criticality BooleanBased On Env - If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with
staging,test, ordev. Only available when the rule type islog_detection. Defaults tofalse.
Import
Default rules need to be imported using their ID before applying.
resource “datadog_security_monitoring_default_rule” “adefaultrule” {
}
$ pulumi import datadog:index/securityMonitoringDefaultRule:SecurityMonitoringDefaultRule adefaultrule m0o-hto-lkb
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Datadog pulumi/pulumi-datadog
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
datadogTerraform Provider.