Viewing docs for elasticstack 0.14.3
published on Tuesday, Mar 3, 2026 by elastic
published on Tuesday, Mar 3, 2026 by elastic
Viewing docs for elasticstack 0.14.3
published on Tuesday, Mar 3, 2026 by elastic
published on Tuesday, Mar 3, 2026 by elastic
Enables Elastic Security detection rules based on tags.
This resource uses Kibana’s bulk action API to enable all rules matching the specified tag key-value pair.
Requires Elastic Stack version 8.11.0 or higher. See the documentation for more details.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as elasticstack from "@pulumi/elasticstack";
// Enable all Windows rules
const windows = new elasticstack.KibanaSecurityEnableRule("windows", {
spaceId: "default",
key: "OS",
value: "Windows",
});
// Enable rules but don't disable them when the resource is destroyed
const macosPersistent = new elasticstack.KibanaSecurityEnableRule("macos_persistent", {
spaceId: "default",
key: "OS",
value: "macOS",
disableOnDestroy: false,
});
// Enable all Linux rules
const linux = new elasticstack.KibanaSecurityEnableRule("linux", {
spaceId: "default",
key: "OS",
value: "Linux",
});
// Enable rules in a custom space
const customSpace = new elasticstack.KibanaSecurityEnableRule("custom_space", {
spaceId: "security",
key: "Data Source",
value: "Elastic Defend",
});
import pulumi
import pulumi_elasticstack as elasticstack
# Enable all Windows rules
windows = elasticstack.KibanaSecurityEnableRule("windows",
space_id="default",
key="OS",
value="Windows")
# Enable rules but don't disable them when the resource is destroyed
macos_persistent = elasticstack.KibanaSecurityEnableRule("macos_persistent",
space_id="default",
key="OS",
value="macOS",
disable_on_destroy=False)
# Enable all Linux rules
linux = elasticstack.KibanaSecurityEnableRule("linux",
space_id="default",
key="OS",
value="Linux")
# Enable rules in a custom space
custom_space = elasticstack.KibanaSecurityEnableRule("custom_space",
space_id="security",
key="Data Source",
value="Elastic Defend")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/elasticstack/elasticstack"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Enable all Windows rules
_, err := elasticstack.NewKibanaSecurityEnableRule(ctx, "windows", &elasticstack.KibanaSecurityEnableRuleArgs{
SpaceId: pulumi.String("default"),
Key: pulumi.String("OS"),
Value: pulumi.String("Windows"),
})
if err != nil {
return err
}
// Enable rules but don't disable them when the resource is destroyed
_, err = elasticstack.NewKibanaSecurityEnableRule(ctx, "macos_persistent", &elasticstack.KibanaSecurityEnableRuleArgs{
SpaceId: pulumi.String("default"),
Key: pulumi.String("OS"),
Value: pulumi.String("macOS"),
DisableOnDestroy: pulumi.Bool(false),
})
if err != nil {
return err
}
// Enable all Linux rules
_, err = elasticstack.NewKibanaSecurityEnableRule(ctx, "linux", &elasticstack.KibanaSecurityEnableRuleArgs{
SpaceId: pulumi.String("default"),
Key: pulumi.String("OS"),
Value: pulumi.String("Linux"),
})
if err != nil {
return err
}
// Enable rules in a custom space
_, err = elasticstack.NewKibanaSecurityEnableRule(ctx, "custom_space", &elasticstack.KibanaSecurityEnableRuleArgs{
SpaceId: pulumi.String("security"),
Key: pulumi.String("Data Source"),
Value: pulumi.String("Elastic Defend"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Elasticstack = Pulumi.Elasticstack;
return await Deployment.RunAsync(() =>
{
// Enable all Windows rules
var windows = new Elasticstack.KibanaSecurityEnableRule("windows", new()
{
SpaceId = "default",
Key = "OS",
Value = "Windows",
});
// Enable rules but don't disable them when the resource is destroyed
var macosPersistent = new Elasticstack.KibanaSecurityEnableRule("macos_persistent", new()
{
SpaceId = "default",
Key = "OS",
Value = "macOS",
DisableOnDestroy = false,
});
// Enable all Linux rules
var linux = new Elasticstack.KibanaSecurityEnableRule("linux", new()
{
SpaceId = "default",
Key = "OS",
Value = "Linux",
});
// Enable rules in a custom space
var customSpace = new Elasticstack.KibanaSecurityEnableRule("custom_space", new()
{
SpaceId = "security",
Key = "Data Source",
Value = "Elastic Defend",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.elasticstack.KibanaSecurityEnableRule;
import com.pulumi.elasticstack.KibanaSecurityEnableRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Enable all Windows rules
var windows = new KibanaSecurityEnableRule("windows", KibanaSecurityEnableRuleArgs.builder()
.spaceId("default")
.key("OS")
.value("Windows")
.build());
// Enable rules but don't disable them when the resource is destroyed
var macosPersistent = new KibanaSecurityEnableRule("macosPersistent", KibanaSecurityEnableRuleArgs.builder()
.spaceId("default")
.key("OS")
.value("macOS")
.disableOnDestroy(false)
.build());
// Enable all Linux rules
var linux = new KibanaSecurityEnableRule("linux", KibanaSecurityEnableRuleArgs.builder()
.spaceId("default")
.key("OS")
.value("Linux")
.build());
// Enable rules in a custom space
var customSpace = new KibanaSecurityEnableRule("customSpace", KibanaSecurityEnableRuleArgs.builder()
.spaceId("security")
.key("Data Source")
.value("Elastic Defend")
.build());
}
}
resources:
# Enable all Windows rules
windows:
type: elasticstack:KibanaSecurityEnableRule
properties:
spaceId: default
key: OS
value: Windows
# Enable rules but don't disable them when the resource is destroyed
macosPersistent:
type: elasticstack:KibanaSecurityEnableRule
name: macos_persistent
properties:
spaceId: default
key: OS
value: macOS
disableOnDestroy: false
# Enable all Linux rules
linux:
type: elasticstack:KibanaSecurityEnableRule
properties:
spaceId: default
key: OS
value: Linux
# Enable rules in a custom space
customSpace:
type: elasticstack:KibanaSecurityEnableRule
name: custom_space
properties:
spaceId: security
key: Data Source
value: Elastic Defend
Create KibanaSecurityEnableRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KibanaSecurityEnableRule(name: string, args: KibanaSecurityEnableRuleArgs, opts?: CustomResourceOptions);@overload
def KibanaSecurityEnableRule(resource_name: str,
args: KibanaSecurityEnableRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KibanaSecurityEnableRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
key: Optional[str] = None,
value: Optional[str] = None,
disable_on_destroy: Optional[bool] = None,
space_id: Optional[str] = None)func NewKibanaSecurityEnableRule(ctx *Context, name string, args KibanaSecurityEnableRuleArgs, opts ...ResourceOption) (*KibanaSecurityEnableRule, error)public KibanaSecurityEnableRule(string name, KibanaSecurityEnableRuleArgs args, CustomResourceOptions? opts = null)
public KibanaSecurityEnableRule(String name, KibanaSecurityEnableRuleArgs args)
public KibanaSecurityEnableRule(String name, KibanaSecurityEnableRuleArgs args, CustomResourceOptions options)
type: elasticstack:KibanaSecurityEnableRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KibanaSecurityEnableRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KibanaSecurityEnableRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KibanaSecurityEnableRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KibanaSecurityEnableRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KibanaSecurityEnableRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var kibanaSecurityEnableRuleResource = new Elasticstack.KibanaSecurityEnableRule("kibanaSecurityEnableRuleResource", new()
{
Key = "string",
Value = "string",
DisableOnDestroy = false,
SpaceId = "string",
});
example, err := elasticstack.NewKibanaSecurityEnableRule(ctx, "kibanaSecurityEnableRuleResource", &elasticstack.KibanaSecurityEnableRuleArgs{
Key: pulumi.String("string"),
Value: pulumi.String("string"),
DisableOnDestroy: pulumi.Bool(false),
SpaceId: pulumi.String("string"),
})
var kibanaSecurityEnableRuleResource = new KibanaSecurityEnableRule("kibanaSecurityEnableRuleResource", KibanaSecurityEnableRuleArgs.builder()
.key("string")
.value("string")
.disableOnDestroy(false)
.spaceId("string")
.build());
kibana_security_enable_rule_resource = elasticstack.KibanaSecurityEnableRule("kibanaSecurityEnableRuleResource",
key="string",
value="string",
disable_on_destroy=False,
space_id="string")
const kibanaSecurityEnableRuleResource = new elasticstack.KibanaSecurityEnableRule("kibanaSecurityEnableRuleResource", {
key: "string",
value: "string",
disableOnDestroy: false,
spaceId: "string",
});
type: elasticstack:KibanaSecurityEnableRule
properties:
disableOnDestroy: false
key: string
spaceId: string
value: string
KibanaSecurityEnableRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KibanaSecurityEnableRule resource accepts the following input properties:
- Key string
- The tag key to filter rules by (e.g., 'OS').
- Value string
- The tag value to filter rules by (e.g., 'Windows').
- Disable
On boolDestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- Space
Id string - An identifier for the space. If space_id is not provided, the default space is used.
- Key string
- The tag key to filter rules by (e.g., 'OS').
- Value string
- The tag value to filter rules by (e.g., 'Windows').
- Disable
On boolDestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- Space
Id string - An identifier for the space. If space_id is not provided, the default space is used.
- key String
- The tag key to filter rules by (e.g., 'OS').
- value String
- The tag value to filter rules by (e.g., 'Windows').
- disable
On BooleanDestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- space
Id String - An identifier for the space. If space_id is not provided, the default space is used.
- key string
- The tag key to filter rules by (e.g., 'OS').
- value string
- The tag value to filter rules by (e.g., 'Windows').
- disable
On booleanDestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- space
Id string - An identifier for the space. If space_id is not provided, the default space is used.
- key str
- The tag key to filter rules by (e.g., 'OS').
- value str
- The tag value to filter rules by (e.g., 'Windows').
- disable_
on_ booldestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- space_
id str - An identifier for the space. If space_id is not provided, the default space is used.
- key String
- The tag key to filter rules by (e.g., 'OS').
- value String
- The tag value to filter rules by (e.g., 'Windows').
- disable
On BooleanDestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- space
Id String - An identifier for the space. If space_id is not provided, the default space is used.
Outputs
All input properties are implicitly available as output properties. Additionally, the KibanaSecurityEnableRule resource produces the following output properties:
- All
Rules boolEnabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- Id string
- The provider-assigned unique ID for this managed resource.
- All
Rules boolEnabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- Id string
- The provider-assigned unique ID for this managed resource.
- all
Rules BooleanEnabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- id String
- The provider-assigned unique ID for this managed resource.
- all
Rules booleanEnabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- id string
- The provider-assigned unique ID for this managed resource.
- all_
rules_ boolenabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- id str
- The provider-assigned unique ID for this managed resource.
- all
Rules BooleanEnabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing KibanaSecurityEnableRule Resource
Get an existing KibanaSecurityEnableRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KibanaSecurityEnableRuleState, opts?: CustomResourceOptions): KibanaSecurityEnableRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
all_rules_enabled: Optional[bool] = None,
disable_on_destroy: Optional[bool] = None,
key: Optional[str] = None,
space_id: Optional[str] = None,
value: Optional[str] = None) -> KibanaSecurityEnableRulefunc GetKibanaSecurityEnableRule(ctx *Context, name string, id IDInput, state *KibanaSecurityEnableRuleState, opts ...ResourceOption) (*KibanaSecurityEnableRule, error)public static KibanaSecurityEnableRule Get(string name, Input<string> id, KibanaSecurityEnableRuleState? state, CustomResourceOptions? opts = null)public static KibanaSecurityEnableRule get(String name, Output<String> id, KibanaSecurityEnableRuleState state, CustomResourceOptions options)resources: _: type: elasticstack:KibanaSecurityEnableRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- All
Rules boolEnabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- Disable
On boolDestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- Key string
- The tag key to filter rules by (e.g., 'OS').
- Space
Id string - An identifier for the space. If space_id is not provided, the default space is used.
- Value string
- The tag value to filter rules by (e.g., 'Windows').
- All
Rules boolEnabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- Disable
On boolDestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- Key string
- The tag key to filter rules by (e.g., 'OS').
- Space
Id string - An identifier for the space. If space_id is not provided, the default space is used.
- Value string
- The tag value to filter rules by (e.g., 'Windows').
- all
Rules BooleanEnabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- disable
On BooleanDestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- key String
- The tag key to filter rules by (e.g., 'OS').
- space
Id String - An identifier for the space. If space_id is not provided, the default space is used.
- value String
- The tag value to filter rules by (e.g., 'Windows').
- all
Rules booleanEnabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- disable
On booleanDestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- key string
- The tag key to filter rules by (e.g., 'OS').
- space
Id string - An identifier for the space. If space_id is not provided, the default space is used.
- value string
- The tag value to filter rules by (e.g., 'Windows').
- all_
rules_ boolenabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- disable_
on_ booldestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- key str
- The tag key to filter rules by (e.g., 'OS').
- space_
id str - An identifier for the space. If space_id is not provided, the default space is used.
- value str
- The tag value to filter rules by (e.g., 'Windows').
- all
Rules BooleanEnabled - Computed attribute indicating whether all rules matching the tag are currently enabled. Used for drift detection.
- disable
On BooleanDestroy - Whether to disable the rules when this resource is destroyed. Defaults to true.
- key String
- The tag key to filter rules by (e.g., 'OS').
- space
Id String - An identifier for the space. If space_id is not provided, the default space is used.
- value String
- The tag value to filter rules by (e.g., 'Windows').
Package Details
- Repository
- elasticstack elastic/terraform-provider-elasticstack
- License
- Notes
- This Pulumi package is based on the
elasticstackTerraform Provider.
Viewing docs for elasticstack 0.14.3
published on Tuesday, Mar 3, 2026 by elastic
published on Tuesday, Mar 3, 2026 by elastic
