1. Packages
  2. Datadog Provider
  3. API Docs
  4. SecurityMonitoringDefaultRule
Datadog v4.34.0 published on Friday, Oct 4, 2024 by Pulumi

datadog.SecurityMonitoringDefaultRule

Explore with Pulumi AI

datadog logo
Datadog v4.34.0 published on Friday, Oct 4, 2024 by Pulumi

    Provides a Datadog Security Monitoring Rule API resource for default rules. It can only be imported, you can’t create a default rule.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as datadog from "@pulumi/datadog";
    
    const adefaultrule = new datadog.SecurityMonitoringDefaultRule("adefaultrule", {
        enabled: true,
        cases: [{
            status: "high",
            notifications: ["@me"],
        }],
    });
    
    import pulumi
    import pulumi_datadog as datadog
    
    adefaultrule = datadog.SecurityMonitoringDefaultRule("adefaultrule",
        enabled=True,
        cases=[{
            "status": "high",
            "notifications": ["@me"],
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-datadog/sdk/v4/go/datadog"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := datadog.NewSecurityMonitoringDefaultRule(ctx, "adefaultrule", &datadog.SecurityMonitoringDefaultRuleArgs{
    			Enabled: pulumi.Bool(true),
    			Cases: datadog.SecurityMonitoringDefaultRuleCaseArray{
    				&datadog.SecurityMonitoringDefaultRuleCaseArgs{
    					Status: pulumi.String("high"),
    					Notifications: pulumi.StringArray{
    						pulumi.String("@me"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Datadog = Pulumi.Datadog;
    
    return await Deployment.RunAsync(() => 
    {
        var adefaultrule = new Datadog.SecurityMonitoringDefaultRule("adefaultrule", new()
        {
            Enabled = true,
            Cases = new[]
            {
                new Datadog.Inputs.SecurityMonitoringDefaultRuleCaseArgs
                {
                    Status = "high",
                    Notifications = new[]
                    {
                        "@me",
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.datadog.SecurityMonitoringDefaultRule;
    import com.pulumi.datadog.SecurityMonitoringDefaultRuleArgs;
    import com.pulumi.datadog.inputs.SecurityMonitoringDefaultRuleCaseArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var adefaultrule = new SecurityMonitoringDefaultRule("adefaultrule", SecurityMonitoringDefaultRuleArgs.builder()
                .enabled(true)
                .cases(SecurityMonitoringDefaultRuleCaseArgs.builder()
                    .status("high")
                    .notifications("@me")
                    .build())
                .build());
    
        }
    }
    
    resources:
      adefaultrule:
        type: datadog:SecurityMonitoringDefaultRule
        properties:
          enabled: true # Change the notifications for the high case
          cases:
            - status: high
              notifications:
                - '@me'
    

    Create SecurityMonitoringDefaultRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new SecurityMonitoringDefaultRule(name: string, args?: SecurityMonitoringDefaultRuleArgs, opts?: CustomResourceOptions);
    @overload
    def SecurityMonitoringDefaultRule(resource_name: str,
                                      args: Optional[SecurityMonitoringDefaultRuleArgs] = None,
                                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def SecurityMonitoringDefaultRule(resource_name: str,
                                      opts: Optional[ResourceOptions] = None,
                                      cases: Optional[Sequence[SecurityMonitoringDefaultRuleCaseArgs]] = None,
                                      custom_tags: Optional[Sequence[str]] = None,
                                      enabled: Optional[bool] = None,
                                      filters: Optional[Sequence[SecurityMonitoringDefaultRuleFilterArgs]] = None,
                                      options: Optional[SecurityMonitoringDefaultRuleOptionsArgs] = None)
    func NewSecurityMonitoringDefaultRule(ctx *Context, name string, args *SecurityMonitoringDefaultRuleArgs, opts ...ResourceOption) (*SecurityMonitoringDefaultRule, error)
    public SecurityMonitoringDefaultRule(string name, SecurityMonitoringDefaultRuleArgs? args = null, CustomResourceOptions? opts = null)
    public SecurityMonitoringDefaultRule(String name, SecurityMonitoringDefaultRuleArgs args)
    public SecurityMonitoringDefaultRule(String name, SecurityMonitoringDefaultRuleArgs args, CustomResourceOptions options)
    
    type: datadog:SecurityMonitoringDefaultRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SecurityMonitoringDefaultRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecurityMonitoringDefaultRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecurityMonitoringDefaultRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecurityMonitoringDefaultRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecurityMonitoringDefaultRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var securityMonitoringDefaultRuleResource = new Datadog.SecurityMonitoringDefaultRule("securityMonitoringDefaultRuleResource", new()
    {
        Cases = new[]
        {
            new Datadog.Inputs.SecurityMonitoringDefaultRuleCaseArgs
            {
                Notifications = new[]
                {
                    "string",
                },
                Status = "string",
            },
        },
        CustomTags = new[]
        {
            "string",
        },
        Enabled = false,
        Filters = new[]
        {
            new Datadog.Inputs.SecurityMonitoringDefaultRuleFilterArgs
            {
                Action = "string",
                Query = "string",
            },
        },
        Options = new Datadog.Inputs.SecurityMonitoringDefaultRuleOptionsArgs
        {
            DecreaseCriticalityBasedOnEnv = false,
        },
    });
    
    example, err := datadog.NewSecurityMonitoringDefaultRule(ctx, "securityMonitoringDefaultRuleResource", &datadog.SecurityMonitoringDefaultRuleArgs{
    	Cases: datadog.SecurityMonitoringDefaultRuleCaseArray{
    		&datadog.SecurityMonitoringDefaultRuleCaseArgs{
    			Notifications: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Status: pulumi.String("string"),
    		},
    	},
    	CustomTags: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Enabled: pulumi.Bool(false),
    	Filters: datadog.SecurityMonitoringDefaultRuleFilterArray{
    		&datadog.SecurityMonitoringDefaultRuleFilterArgs{
    			Action: pulumi.String("string"),
    			Query:  pulumi.String("string"),
    		},
    	},
    	Options: &datadog.SecurityMonitoringDefaultRuleOptionsArgs{
    		DecreaseCriticalityBasedOnEnv: pulumi.Bool(false),
    	},
    })
    
    var securityMonitoringDefaultRuleResource = new SecurityMonitoringDefaultRule("securityMonitoringDefaultRuleResource", SecurityMonitoringDefaultRuleArgs.builder()
        .cases(SecurityMonitoringDefaultRuleCaseArgs.builder()
            .notifications("string")
            .status("string")
            .build())
        .customTags("string")
        .enabled(false)
        .filters(SecurityMonitoringDefaultRuleFilterArgs.builder()
            .action("string")
            .query("string")
            .build())
        .options(SecurityMonitoringDefaultRuleOptionsArgs.builder()
            .decreaseCriticalityBasedOnEnv(false)
            .build())
        .build());
    
    security_monitoring_default_rule_resource = datadog.SecurityMonitoringDefaultRule("securityMonitoringDefaultRuleResource",
        cases=[datadog.SecurityMonitoringDefaultRuleCaseArgs(
            notifications=["string"],
            status="string",
        )],
        custom_tags=["string"],
        enabled=False,
        filters=[datadog.SecurityMonitoringDefaultRuleFilterArgs(
            action="string",
            query="string",
        )],
        options=datadog.SecurityMonitoringDefaultRuleOptionsArgs(
            decrease_criticality_based_on_env=False,
        ))
    
    const securityMonitoringDefaultRuleResource = new datadog.SecurityMonitoringDefaultRule("securityMonitoringDefaultRuleResource", {
        cases: [{
            notifications: ["string"],
            status: "string",
        }],
        customTags: ["string"],
        enabled: false,
        filters: [{
            action: "string",
            query: "string",
        }],
        options: {
            decreaseCriticalityBasedOnEnv: false,
        },
    });
    
    type: datadog:SecurityMonitoringDefaultRule
    properties:
        cases:
            - notifications:
                - string
              status: string
        customTags:
            - string
        enabled: false
        filters:
            - action: string
              query: string
        options:
            decreaseCriticalityBasedOnEnv: false
    

    SecurityMonitoringDefaultRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SecurityMonitoringDefaultRule resource accepts the following input properties:

    Cases List<SecurityMonitoringDefaultRuleCase>
    Cases of the rule, this is used to update notifications.
    CustomTags List<string>
    Custom tags for generated signals.
    Enabled bool
    Enable the rule. Defaults to true.
    Filters List<SecurityMonitoringDefaultRuleFilter>
    Additional queries to filter matched events before they are processed.
    Options SecurityMonitoringDefaultRuleOptions
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    Cases []SecurityMonitoringDefaultRuleCaseArgs
    Cases of the rule, this is used to update notifications.
    CustomTags []string
    Custom tags for generated signals.
    Enabled bool
    Enable the rule. Defaults to true.
    Filters []SecurityMonitoringDefaultRuleFilterArgs
    Additional queries to filter matched events before they are processed.
    Options SecurityMonitoringDefaultRuleOptionsArgs
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    cases List<SecurityMonitoringDefaultRuleCase>
    Cases of the rule, this is used to update notifications.
    customTags List<String>
    Custom tags for generated signals.
    enabled Boolean
    Enable the rule. Defaults to true.
    filters List<SecurityMonitoringDefaultRuleFilter>
    Additional queries to filter matched events before they are processed.
    options SecurityMonitoringDefaultRuleOptions
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    cases SecurityMonitoringDefaultRuleCase[]
    Cases of the rule, this is used to update notifications.
    customTags string[]
    Custom tags for generated signals.
    enabled boolean
    Enable the rule. Defaults to true.
    filters SecurityMonitoringDefaultRuleFilter[]
    Additional queries to filter matched events before they are processed.
    options SecurityMonitoringDefaultRuleOptions
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    cases Sequence[SecurityMonitoringDefaultRuleCaseArgs]
    Cases of the rule, this is used to update notifications.
    custom_tags Sequence[str]
    Custom tags for generated signals.
    enabled bool
    Enable the rule. Defaults to true.
    filters Sequence[SecurityMonitoringDefaultRuleFilterArgs]
    Additional queries to filter matched events before they are processed.
    options SecurityMonitoringDefaultRuleOptionsArgs
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    cases List<Property Map>
    Cases of the rule, this is used to update notifications.
    customTags List<String>
    Custom tags for generated signals.
    enabled Boolean
    Enable the rule. Defaults to true.
    filters List<Property Map>
    Additional queries to filter matched events before they are processed.
    options Property Map
    Options on default rules. Note that only a subset of fields can be updated on default rule options.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecurityMonitoringDefaultRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Type string
    The rule type.
    Id string
    The provider-assigned unique ID for this managed resource.
    Type string
    The rule type.
    id String
    The provider-assigned unique ID for this managed resource.
    type String
    The rule type.
    id string
    The provider-assigned unique ID for this managed resource.
    type string
    The rule type.
    id str
    The provider-assigned unique ID for this managed resource.
    type str
    The rule type.
    id String
    The provider-assigned unique ID for this managed resource.
    type String
    The rule type.

    Look up Existing SecurityMonitoringDefaultRule Resource

    Get an existing SecurityMonitoringDefaultRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecurityMonitoringDefaultRuleState, opts?: CustomResourceOptions): SecurityMonitoringDefaultRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            cases: Optional[Sequence[SecurityMonitoringDefaultRuleCaseArgs]] = None,
            custom_tags: Optional[Sequence[str]] = None,
            enabled: Optional[bool] = None,
            filters: Optional[Sequence[SecurityMonitoringDefaultRuleFilterArgs]] = None,
            options: Optional[SecurityMonitoringDefaultRuleOptionsArgs] = None,
            type: Optional[str] = None) -> SecurityMonitoringDefaultRule
    func GetSecurityMonitoringDefaultRule(ctx *Context, name string, id IDInput, state *SecurityMonitoringDefaultRuleState, opts ...ResourceOption) (*SecurityMonitoringDefaultRule, error)
    public static SecurityMonitoringDefaultRule Get(string name, Input<string> id, SecurityMonitoringDefaultRuleState? state, CustomResourceOptions? opts = null)
    public static SecurityMonitoringDefaultRule get(String name, Output<String> id, SecurityMonitoringDefaultRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Cases List<SecurityMonitoringDefaultRuleCase>
    Cases of the rule, this is used to update notifications.
    CustomTags List<string>
    Custom tags for generated signals.
    Enabled bool
    Enable the rule. Defaults to true.
    Filters List<SecurityMonitoringDefaultRuleFilter>
    Additional queries to filter matched events before they are processed.
    Options SecurityMonitoringDefaultRuleOptions
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    Type string
    The rule type.
    Cases []SecurityMonitoringDefaultRuleCaseArgs
    Cases of the rule, this is used to update notifications.
    CustomTags []string
    Custom tags for generated signals.
    Enabled bool
    Enable the rule. Defaults to true.
    Filters []SecurityMonitoringDefaultRuleFilterArgs
    Additional queries to filter matched events before they are processed.
    Options SecurityMonitoringDefaultRuleOptionsArgs
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    Type string
    The rule type.
    cases List<SecurityMonitoringDefaultRuleCase>
    Cases of the rule, this is used to update notifications.
    customTags List<String>
    Custom tags for generated signals.
    enabled Boolean
    Enable the rule. Defaults to true.
    filters List<SecurityMonitoringDefaultRuleFilter>
    Additional queries to filter matched events before they are processed.
    options SecurityMonitoringDefaultRuleOptions
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    type String
    The rule type.
    cases SecurityMonitoringDefaultRuleCase[]
    Cases of the rule, this is used to update notifications.
    customTags string[]
    Custom tags for generated signals.
    enabled boolean
    Enable the rule. Defaults to true.
    filters SecurityMonitoringDefaultRuleFilter[]
    Additional queries to filter matched events before they are processed.
    options SecurityMonitoringDefaultRuleOptions
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    type string
    The rule type.
    cases Sequence[SecurityMonitoringDefaultRuleCaseArgs]
    Cases of the rule, this is used to update notifications.
    custom_tags Sequence[str]
    Custom tags for generated signals.
    enabled bool
    Enable the rule. Defaults to true.
    filters Sequence[SecurityMonitoringDefaultRuleFilterArgs]
    Additional queries to filter matched events before they are processed.
    options SecurityMonitoringDefaultRuleOptionsArgs
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    type str
    The rule type.
    cases List<Property Map>
    Cases of the rule, this is used to update notifications.
    customTags List<String>
    Custom tags for generated signals.
    enabled Boolean
    Enable the rule. Defaults to true.
    filters List<Property Map>
    Additional queries to filter matched events before they are processed.
    options Property Map
    Options on default rules. Note that only a subset of fields can be updated on default rule options.
    type String
    The rule type.

    Supporting Types

    SecurityMonitoringDefaultRuleCase, SecurityMonitoringDefaultRuleCaseArgs

    Notifications List<string>
    Notification targets for each rule case.
    Status string
    Status of the rule case to match. Valid values are info, low, medium, high, critical.
    Notifications []string
    Notification targets for each rule case.
    Status string
    Status of the rule case to match. Valid values are info, low, medium, high, critical.
    notifications List<String>
    Notification targets for each rule case.
    status String
    Status of the rule case to match. Valid values are info, low, medium, high, critical.
    notifications string[]
    Notification targets for each rule case.
    status string
    Status of the rule case to match. Valid values are info, low, medium, high, critical.
    notifications Sequence[str]
    Notification targets for each rule case.
    status str
    Status of the rule case to match. Valid values are info, low, medium, high, critical.
    notifications List<String>
    Notification targets for each rule case.
    status String
    Status of the rule case to match. Valid values are info, low, medium, high, critical.

    SecurityMonitoringDefaultRuleFilter, SecurityMonitoringDefaultRuleFilterArgs

    Action string
    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.
    Query string
    Query for selecting logs to apply the filtering action.
    Action string
    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.
    Query string
    Query for selecting logs to apply the filtering action.
    action String
    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.
    query String
    Query for selecting logs to apply the filtering action.
    action string
    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.
    query string
    Query for selecting logs to apply the filtering action.
    action str
    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.
    query str
    Query for selecting logs to apply the filtering action.
    action String
    The type of filtering action. Allowed enum values: require, suppress Valid values are require, suppress.
    query String
    Query for selecting logs to apply the filtering action.

    SecurityMonitoringDefaultRuleOptions, SecurityMonitoringDefaultRuleOptionsArgs

    DecreaseCriticalityBasedOnEnv bool
    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection. Defaults to false.
    DecreaseCriticalityBasedOnEnv bool
    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection. Defaults to false.
    decreaseCriticalityBasedOnEnv Boolean
    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection. Defaults to false.
    decreaseCriticalityBasedOnEnv boolean
    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection. Defaults to false.
    decrease_criticality_based_on_env bool
    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection. Defaults to false.
    decreaseCriticalityBasedOnEnv Boolean
    If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging, test, or dev. Only available when the rule type is log_detection. Defaults to false.

    Import

    Default rules need to be imported using their ID before applying.

    resource “datadog_security_monitoring_default_rule” “adefaultrule” {

    }

    $ pulumi import datadog:index/securityMonitoringDefaultRule:SecurityMonitoringDefaultRule adefaultrule m0o-hto-lkb
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Datadog pulumi/pulumi-datadog
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the datadog Terraform Provider.
    datadog logo
    Datadog v4.34.0 published on Friday, Oct 4, 2024 by Pulumi