Docs Home
lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework
lacework.AlertRule
Explore with Pulumi AI
Use this resource to create a Lacework Alert Rule in order to route events to the appropriate people or tools. For more information, see the Alert Rules documentation.
Example Usage
Alert Rule with Slack Alert Channel
import * as pulumi from "@pulumi/pulumi";
import * as lacework from "@pulumi/lacework";
const opsCritical = new lacework.AlertChannelSlack("opsCritical", {slackUrl: "https://hooks.slack.com/services/ABCD/12345/abcd1234"});
const example = new lacework.AlertRule("example", {
description: "This is an example alert rule",
alertChannels: [opsCritical.alertChannelSlackId],
severities: ["Critical"],
alertSubcategories: ["Compliance"],
alertCategories: ["Policy"],
alertSources: ["AWS"],
});
import pulumi
import pulumi_lacework as lacework
ops_critical = lacework.AlertChannelSlack("opsCritical", slack_url="https://hooks.slack.com/services/ABCD/12345/abcd1234")
example = lacework.AlertRule("example",
description="This is an example alert rule",
alert_channels=[ops_critical.alert_channel_slack_id],
severities=["Critical"],
alert_subcategories=["Compliance"],
alert_categories=["Policy"],
alert_sources=["AWS"])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/lacework/v2/lacework"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
opsCritical, err := lacework.NewAlertChannelSlack(ctx, "opsCritical", &lacework.AlertChannelSlackArgs{
SlackUrl: pulumi.String("https://hooks.slack.com/services/ABCD/12345/abcd1234"),
})
if err != nil {
return err
}
_, err = lacework.NewAlertRule(ctx, "example", &lacework.AlertRuleArgs{
Description: pulumi.String("This is an example alert rule"),
AlertChannels: pulumi.StringArray{
opsCritical.AlertChannelSlackId,
},
Severities: pulumi.StringArray{
pulumi.String("Critical"),
},
AlertSubcategories: pulumi.StringArray{
pulumi.String("Compliance"),
},
AlertCategories: pulumi.StringArray{
pulumi.String("Policy"),
},
AlertSources: pulumi.StringArray{
pulumi.String("AWS"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Lacework = Pulumi.Lacework;
return await Deployment.RunAsync(() =>
{
var opsCritical = new Lacework.AlertChannelSlack("opsCritical", new()
{
SlackUrl = "https://hooks.slack.com/services/ABCD/12345/abcd1234",
});
var example = new Lacework.AlertRule("example", new()
{
Description = "This is an example alert rule",
AlertChannels = new[]
{
opsCritical.AlertChannelSlackId,
},
Severities = new[]
{
"Critical",
},
AlertSubcategories = new[]
{
"Compliance",
},
AlertCategories = new[]
{
"Policy",
},
AlertSources = new[]
{
"AWS",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.lacework.AlertChannelSlack;
import com.pulumi.lacework.AlertChannelSlackArgs;
import com.pulumi.lacework.AlertRule;
import com.pulumi.lacework.AlertRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var opsCritical = new AlertChannelSlack("opsCritical", AlertChannelSlackArgs.builder()
.slackUrl("https://hooks.slack.com/services/ABCD/12345/abcd1234")
.build());
var example = new AlertRule("example", AlertRuleArgs.builder()
.description("This is an example alert rule")
.alertChannels(opsCritical.alertChannelSlackId())
.severities("Critical")
.alertSubcategories("Compliance")
.alertCategories("Policy")
.alertSources("AWS")
.build());
}
}
resources:
opsCritical:
type: lacework:AlertChannelSlack
properties:
slackUrl: https://hooks.slack.com/services/ABCD/12345/abcd1234
example:
type: lacework:AlertRule
properties:
description: This is an example alert rule
alertChannels:
- ${opsCritical.alertChannelSlackId}
severities:
- Critical
alertSubcategories:
- Compliance
alertCategories:
- Policy
alertSources:
- AWS
Create AlertRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AlertRule(name: string, args: AlertRuleArgs, opts?: CustomResourceOptions);@overload
def AlertRule(resource_name: str,
args: AlertRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AlertRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
severities: Optional[Sequence[str]] = None,
alert_categories: Optional[Sequence[str]] = None,
alert_channels: Optional[Sequence[str]] = None,
alert_rule_id: Optional[str] = None,
alert_sources: Optional[Sequence[str]] = None,
alert_subcategories: Optional[Sequence[str]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
event_categories: Optional[Sequence[str]] = None,
name: Optional[str] = None,
resource_groups: Optional[Sequence[str]] = None)func NewAlertRule(ctx *Context, name string, args AlertRuleArgs, opts ...ResourceOption) (*AlertRule, error)public AlertRule(string name, AlertRuleArgs args, CustomResourceOptions? opts = null)
public AlertRule(String name, AlertRuleArgs args)
public AlertRule(String name, AlertRuleArgs args, CustomResourceOptions options)
type: lacework:AlertRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AlertRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AlertRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AlertRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AlertRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var alertRuleResource = new Lacework.AlertRule("alertRuleResource", new()
{
Severities = new[]
{
"string",
},
AlertCategories = new[]
{
"string",
},
AlertChannels = new[]
{
"string",
},
AlertRuleId = "string",
AlertSources = new[]
{
"string",
},
AlertSubcategories = new[]
{
"string",
},
Description = "string",
Enabled = false,
Name = "string",
ResourceGroups = new[]
{
"string",
},
});
example, err := lacework.NewAlertRule(ctx, "alertRuleResource", &lacework.AlertRuleArgs{
Severities: pulumi.StringArray{
pulumi.String("string"),
},
AlertCategories: pulumi.StringArray{
pulumi.String("string"),
},
AlertChannels: pulumi.StringArray{
pulumi.String("string"),
},
AlertRuleId: pulumi.String("string"),
AlertSources: pulumi.StringArray{
pulumi.String("string"),
},
AlertSubcategories: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
ResourceGroups: pulumi.StringArray{
pulumi.String("string"),
},
})
var alertRuleResource = new AlertRule("alertRuleResource", AlertRuleArgs.builder()
.severities("string")
.alertCategories("string")
.alertChannels("string")
.alertRuleId("string")
.alertSources("string")
.alertSubcategories("string")
.description("string")
.enabled(false)
.name("string")
.resourceGroups("string")
.build());
alert_rule_resource = lacework.AlertRule("alertRuleResource",
severities=["string"],
alert_categories=["string"],
alert_channels=["string"],
alert_rule_id="string",
alert_sources=["string"],
alert_subcategories=["string"],
description="string",
enabled=False,
name="string",
resource_groups=["string"])
const alertRuleResource = new lacework.AlertRule("alertRuleResource", {
severities: ["string"],
alertCategories: ["string"],
alertChannels: ["string"],
alertRuleId: "string",
alertSources: ["string"],
alertSubcategories: ["string"],
description: "string",
enabled: false,
name: "string",
resourceGroups: ["string"],
});
type: lacework:AlertRule
properties:
alertCategories:
- string
alertChannels:
- string
alertRuleId: string
alertSources:
- string
alertSubcategories:
- string
description: string
enabled: false
name: string
resourceGroups:
- string
severities:
- string
AlertRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AlertRule resource accepts the following input properties:
- Severities List<string>
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - Alert
Categories List<string> - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - Alert
Channels List<string> - The list of alert channels for the rule to use.
- Alert
Rule stringId - Alert
Sources List<string> - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - Alert
Subcategories List<string> - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - Description string
- The description of the alert rule.
- Enabled bool
- The state of the external integration. Defaults to
true. - Event
Categories List<string> - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - Name string
- The alert rule name.
- Resource
Groups List<string> - The list of resource groups the rule will apply to.
- Severities []string
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - Alert
Categories []string - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - Alert
Channels []string - The list of alert channels for the rule to use.
- Alert
Rule stringId - Alert
Sources []string - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - Alert
Subcategories []string - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - Description string
- The description of the alert rule.
- Enabled bool
- The state of the external integration. Defaults to
true. - Event
Categories []string - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - Name string
- The alert rule name.
- Resource
Groups []string - The list of resource groups the rule will apply to.
- severities List<String>
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - alert
Categories List<String> - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - alert
Channels List<String> - The list of alert channels for the rule to use.
- alert
Rule StringId - alert
Sources List<String> - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - alert
Subcategories List<String> - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - description String
- The description of the alert rule.
- enabled Boolean
- The state of the external integration. Defaults to
true. - event
Categories List<String> - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - name String
- The alert rule name.
- resource
Groups List<String> - The list of resource groups the rule will apply to.
- severities string[]
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - alert
Categories string[] - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - alert
Channels string[] - The list of alert channels for the rule to use.
- alert
Rule stringId - alert
Sources string[] - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - alert
Subcategories string[] - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - description string
- The description of the alert rule.
- enabled boolean
- The state of the external integration. Defaults to
true. - event
Categories string[] - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - name string
- The alert rule name.
- resource
Groups string[] - The list of resource groups the rule will apply to.
- severities Sequence[str]
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - alert_
categories Sequence[str] - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - alert_
channels Sequence[str] - The list of alert channels for the rule to use.
- alert_
rule_ strid - alert_
sources Sequence[str] - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - alert_
subcategories Sequence[str] - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - description str
- The description of the alert rule.
- enabled bool
- The state of the external integration. Defaults to
true. - event_
categories Sequence[str] - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - name str
- The alert rule name.
- resource_
groups Sequence[str] - The list of resource groups the rule will apply to.
- severities List<String>
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - alert
Categories List<String> - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - alert
Channels List<String> - The list of alert channels for the rule to use.
- alert
Rule StringId - alert
Sources List<String> - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - alert
Subcategories List<String> - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - description String
- The description of the alert rule.
- enabled Boolean
- The state of the external integration. Defaults to
true. - event
Categories List<String> - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - name String
- The alert rule name.
- resource
Groups List<String> - The list of resource groups the rule will apply to.
Outputs
All input properties are implicitly available as output properties. Additionally, the AlertRule resource produces the following output properties:
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Guid string
- Id string
- The provider-assigned unique ID for this managed resource.
- Type string
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Guid string
- Id string
- The provider-assigned unique ID for this managed resource.
- Type string
- created
Or StringUpdated By - created
Or StringUpdated Time - guid String
- id String
- The provider-assigned unique ID for this managed resource.
- type String
- created
Or stringUpdated By - created
Or stringUpdated Time - guid string
- id string
- The provider-assigned unique ID for this managed resource.
- type string
- created_
or_ strupdated_ by - created_
or_ strupdated_ time - guid str
- id str
- The provider-assigned unique ID for this managed resource.
- type str
- created
Or StringUpdated By - created
Or StringUpdated Time - guid String
- id String
- The provider-assigned unique ID for this managed resource.
- type String
Look up Existing AlertRule Resource
Get an existing AlertRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AlertRuleState, opts?: CustomResourceOptions): AlertRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alert_categories: Optional[Sequence[str]] = None,
alert_channels: Optional[Sequence[str]] = None,
alert_rule_id: Optional[str] = None,
alert_sources: Optional[Sequence[str]] = None,
alert_subcategories: Optional[Sequence[str]] = None,
created_or_updated_by: Optional[str] = None,
created_or_updated_time: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
event_categories: Optional[Sequence[str]] = None,
guid: Optional[str] = None,
name: Optional[str] = None,
resource_groups: Optional[Sequence[str]] = None,
severities: Optional[Sequence[str]] = None,
type: Optional[str] = None) -> AlertRulefunc GetAlertRule(ctx *Context, name string, id IDInput, state *AlertRuleState, opts ...ResourceOption) (*AlertRule, error)public static AlertRule Get(string name, Input<string> id, AlertRuleState? state, CustomResourceOptions? opts = null)public static AlertRule get(String name, Output<String> id, AlertRuleState state, CustomResourceOptions options)resources: _: type: lacework:AlertRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alert
Categories List<string> - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - Alert
Channels List<string> - The list of alert channels for the rule to use.
- Alert
Rule stringId - Alert
Sources List<string> - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - Alert
Subcategories List<string> - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - Created
Or stringUpdated By - Created
Or stringUpdated Time - Description string
- The description of the alert rule.
- Enabled bool
- The state of the external integration. Defaults to
true. - Event
Categories List<string> - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - Guid string
- Name string
- The alert rule name.
- Resource
Groups List<string> - The list of resource groups the rule will apply to.
- Severities List<string>
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - Type string
- Alert
Categories []string - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - Alert
Channels []string - The list of alert channels for the rule to use.
- Alert
Rule stringId - Alert
Sources []string - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - Alert
Subcategories []string - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - Created
Or stringUpdated By - Created
Or stringUpdated Time - Description string
- The description of the alert rule.
- Enabled bool
- The state of the external integration. Defaults to
true. - Event
Categories []string - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - Guid string
- Name string
- The alert rule name.
- Resource
Groups []string - The list of resource groups the rule will apply to.
- Severities []string
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - Type string
- alert
Categories List<String> - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - alert
Channels List<String> - The list of alert channels for the rule to use.
- alert
Rule StringId - alert
Sources List<String> - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - alert
Subcategories List<String> - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - created
Or StringUpdated By - created
Or StringUpdated Time - description String
- The description of the alert rule.
- enabled Boolean
- The state of the external integration. Defaults to
true. - event
Categories List<String> - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - guid String
- name String
- The alert rule name.
- resource
Groups List<String> - The list of resource groups the rule will apply to.
- severities List<String>
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - type String
- alert
Categories string[] - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - alert
Channels string[] - The list of alert channels for the rule to use.
- alert
Rule stringId - alert
Sources string[] - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - alert
Subcategories string[] - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - created
Or stringUpdated By - created
Or stringUpdated Time - description string
- The description of the alert rule.
- enabled boolean
- The state of the external integration. Defaults to
true. - event
Categories string[] - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - guid string
- name string
- The alert rule name.
- resource
Groups string[] - The list of resource groups the rule will apply to.
- severities string[]
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - type string
- alert_
categories Sequence[str] - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - alert_
channels Sequence[str] - The list of alert channels for the rule to use.
- alert_
rule_ strid - alert_
sources Sequence[str] - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - alert_
subcategories Sequence[str] - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - created_
or_ strupdated_ by - created_
or_ strupdated_ time - description str
- The description of the alert rule.
- enabled bool
- The state of the external integration. Defaults to
true. - event_
categories Sequence[str] - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - guid str
- name str
- The alert rule name.
- resource_
groups Sequence[str] - The list of resource groups the rule will apply to.
- severities Sequence[str]
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - type str
- alert
Categories List<String> - The alert categories that will use this rule for alert routing. Valid categories include:
Anomaly,Policy,Composite. - alert
Channels List<String> - The list of alert channels for the rule to use.
- alert
Rule StringId - alert
Sources List<String> - The alert sources that will use this rule for alert routing. Valid sources include:
Agent,AWS,Azure,GCP,K8s. - alert
Subcategories List<String> - The list of alert subcategories the rule will apply to. Valid categories include:
Compliance,Application,Cloud Activity,File,Machine,User,Platform,Kubernetes Activity,Registry,SystemCall,Host Vulnerability,Container Vulnerability,Threat Intel. - created
Or StringUpdated By - created
Or StringUpdated Time - description String
- The description of the alert rule.
- enabled Boolean
- The state of the external integration. Defaults to
true. - event
Categories List<String> - The list of event categories the rule will apply to. Valid categories include:
Compliance,App,Cloud,File,Machine,User,Platform,K8sActivity,Registry,SystemCall. This attribute is deprecated usealert_subcategoriesinstead. - guid String
- name String
- The alert rule name.
- resource
Groups List<String> - The list of resource groups the rule will apply to.
- severities List<String>
- The list of the severities that the rule will apply. Valid severities include:
Critical,High,Medium,LowandInfo. - type String
Import
A Lacework Alert Rule can be imported using a GUID, e.g.
$ pulumi import lacework:index/alertRule:AlertRule example EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- lacework lacework/terraform-provider-lacework
- License
- Notes
- This Pulumi package is based on the
laceworkTerraform Provider.