1. Packages
  2. Sumo Logic
  3. API Docs
  4. CseMatchRule
Sumo Logic v0.20.3 published on Wednesday, Mar 6, 2024 by Pulumi

sumologic.CseMatchRule

Explore with Pulumi AI

sumologic logo
Sumo Logic v0.20.3 published on Wednesday, Mar 6, 2024 by Pulumi

    Provides a Sumo Logic CSE Match Rule.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using SumoLogic = Pulumi.SumoLogic;
    
    return await Deployment.RunAsync(() => 
    {
        var matchRule = new SumoLogic.CseMatchRule("matchRule", new()
        {
            DescriptionExpression = "Signal description",
            Enabled = true,
            EntitySelectors = new[]
            {
                new SumoLogic.Inputs.CseMatchRuleEntitySelectorArgs
                {
                    EntityType = "_ip",
                    Expression = "srcDevice_ip",
                },
            },
            Expression = "objectType = \"Network\"",
            IsPrototype = false,
            NameExpression = "Signal name",
            SeverityMapping = new SumoLogic.Inputs.CseMatchRuleSeverityMappingArgs
            {
                Default = 5,
                Type = "constant",
            },
            SummaryExpression = "Signal summary",
            Tags = new[]
            {
                "_mitreAttackTactic:TA0009",
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-sumologic/sdk/go/sumologic"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := sumologic.NewCseMatchRule(ctx, "matchRule", &sumologic.CseMatchRuleArgs{
    			DescriptionExpression: pulumi.String("Signal description"),
    			Enabled:               pulumi.Bool(true),
    			EntitySelectors: sumologic.CseMatchRuleEntitySelectorArray{
    				&sumologic.CseMatchRuleEntitySelectorArgs{
    					EntityType: pulumi.String("_ip"),
    					Expression: pulumi.String("srcDevice_ip"),
    				},
    			},
    			Expression:     pulumi.String("objectType = \"Network\""),
    			IsPrototype:    pulumi.Bool(false),
    			NameExpression: pulumi.String("Signal name"),
    			SeverityMapping: &sumologic.CseMatchRuleSeverityMappingArgs{
    				Default: pulumi.Int(5),
    				Type:    pulumi.String("constant"),
    			},
    			SummaryExpression: pulumi.String("Signal summary"),
    			Tags: pulumi.StringArray{
    				pulumi.String("_mitreAttackTactic:TA0009"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.sumologic.CseMatchRule;
    import com.pulumi.sumologic.CseMatchRuleArgs;
    import com.pulumi.sumologic.inputs.CseMatchRuleEntitySelectorArgs;
    import com.pulumi.sumologic.inputs.CseMatchRuleSeverityMappingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var matchRule = new CseMatchRule("matchRule", CseMatchRuleArgs.builder()        
                .descriptionExpression("Signal description")
                .enabled(true)
                .entitySelectors(CseMatchRuleEntitySelectorArgs.builder()
                    .entityType("_ip")
                    .expression("srcDevice_ip")
                    .build())
                .expression("objectType = \"Network\"")
                .isPrototype(false)
                .nameExpression("Signal name")
                .severityMapping(CseMatchRuleSeverityMappingArgs.builder()
                    .default_(5)
                    .type("constant")
                    .build())
                .summaryExpression("Signal summary")
                .tags("_mitreAttackTactic:TA0009")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_sumologic as sumologic
    
    match_rule = sumologic.CseMatchRule("matchRule",
        description_expression="Signal description",
        enabled=True,
        entity_selectors=[sumologic.CseMatchRuleEntitySelectorArgs(
            entity_type="_ip",
            expression="srcDevice_ip",
        )],
        expression="objectType = \"Network\"",
        is_prototype=False,
        name_expression="Signal name",
        severity_mapping=sumologic.CseMatchRuleSeverityMappingArgs(
            default=5,
            type="constant",
        ),
        summary_expression="Signal summary",
        tags=["_mitreAttackTactic:TA0009"])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as sumologic from "@pulumi/sumologic";
    
    const matchRule = new sumologic.CseMatchRule("matchRule", {
        descriptionExpression: "Signal description",
        enabled: true,
        entitySelectors: [{
            entityType: "_ip",
            expression: "srcDevice_ip",
        }],
        expression: "objectType = \"Network\"",
        isPrototype: false,
        nameExpression: "Signal name",
        severityMapping: {
            "default": 5,
            type: "constant",
        },
        summaryExpression: "Signal summary",
        tags: ["_mitreAttackTactic:TA0009"],
    });
    
    resources:
      matchRule:
        type: sumologic:CseMatchRule
        properties:
          descriptionExpression: Signal description
          enabled: true
          entitySelectors:
            - entityType: _ip
              expression: srcDevice_ip
          expression: objectType = "Network"
          isPrototype: false
          nameExpression: Signal name
          severityMapping:
            default: 5
            type: constant
          summaryExpression: Signal summary
          tags:
            - _mitreAttackTactic:TA0009
    

    Create CseMatchRule Resource

    new CseMatchRule(name: string, args: CseMatchRuleArgs, opts?: CustomResourceOptions);
    @overload
    def CseMatchRule(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     description_expression: Optional[str] = None,
                     enabled: Optional[bool] = None,
                     entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
                     expression: Optional[str] = None,
                     is_prototype: Optional[bool] = None,
                     name: Optional[str] = None,
                     name_expression: Optional[str] = None,
                     severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
                     summary_expression: Optional[str] = None,
                     tags: Optional[Sequence[str]] = None)
    @overload
    def CseMatchRule(resource_name: str,
                     args: CseMatchRuleArgs,
                     opts: Optional[ResourceOptions] = None)
    func NewCseMatchRule(ctx *Context, name string, args CseMatchRuleArgs, opts ...ResourceOption) (*CseMatchRule, error)
    public CseMatchRule(string name, CseMatchRuleArgs args, CustomResourceOptions? opts = null)
    public CseMatchRule(String name, CseMatchRuleArgs args)
    public CseMatchRule(String name, CseMatchRuleArgs args, CustomResourceOptions options)
    
    type: sumologic:CseMatchRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CseMatchRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CseMatchRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CseMatchRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CseMatchRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CseMatchRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    CseMatchRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The CseMatchRule resource accepts the following input properties:

    DescriptionExpression string
    The description of the generated Signals
    Enabled bool
    Whether the rule should generate Signals
    EntitySelectors List<Pulumi.SumoLogic.Inputs.CseMatchRuleEntitySelector>
    The entities to generate Signals on
    Expression string
    The expression for which records to match on
    NameExpression string
    The name of the generated Signals
    SeverityMapping Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMapping
    The configuration of how the severity of the Signals should be mapped from the Records
    IsPrototype bool
    Whether the generated Signals should be prototype Signals
    Name string
    The name of the Rule
    SummaryExpression string
    The summary of the generated Signals
    Tags List<string>

    The tags of the generated Signals

    The following attributes are exported:

    DescriptionExpression string
    The description of the generated Signals
    Enabled bool
    Whether the rule should generate Signals
    EntitySelectors []CseMatchRuleEntitySelectorArgs
    The entities to generate Signals on
    Expression string
    The expression for which records to match on
    NameExpression string
    The name of the generated Signals
    SeverityMapping CseMatchRuleSeverityMappingArgs
    The configuration of how the severity of the Signals should be mapped from the Records
    IsPrototype bool
    Whether the generated Signals should be prototype Signals
    Name string
    The name of the Rule
    SummaryExpression string
    The summary of the generated Signals
    Tags []string

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression String
    The description of the generated Signals
    enabled Boolean
    Whether the rule should generate Signals
    entitySelectors List<CseMatchRuleEntitySelector>
    The entities to generate Signals on
    expression String
    The expression for which records to match on
    nameExpression String
    The name of the generated Signals
    severityMapping CseMatchRuleSeverityMapping
    The configuration of how the severity of the Signals should be mapped from the Records
    isPrototype Boolean
    Whether the generated Signals should be prototype Signals
    name String
    The name of the Rule
    summaryExpression String
    The summary of the generated Signals
    tags List<String>

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression string
    The description of the generated Signals
    enabled boolean
    Whether the rule should generate Signals
    entitySelectors CseMatchRuleEntitySelector[]
    The entities to generate Signals on
    expression string
    The expression for which records to match on
    nameExpression string
    The name of the generated Signals
    severityMapping CseMatchRuleSeverityMapping
    The configuration of how the severity of the Signals should be mapped from the Records
    isPrototype boolean
    Whether the generated Signals should be prototype Signals
    name string
    The name of the Rule
    summaryExpression string
    The summary of the generated Signals
    tags string[]

    The tags of the generated Signals

    The following attributes are exported:

    description_expression str
    The description of the generated Signals
    enabled bool
    Whether the rule should generate Signals
    entity_selectors Sequence[CseMatchRuleEntitySelectorArgs]
    The entities to generate Signals on
    expression str
    The expression for which records to match on
    name_expression str
    The name of the generated Signals
    severity_mapping CseMatchRuleSeverityMappingArgs
    The configuration of how the severity of the Signals should be mapped from the Records
    is_prototype bool
    Whether the generated Signals should be prototype Signals
    name str
    The name of the Rule
    summary_expression str
    The summary of the generated Signals
    tags Sequence[str]

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression String
    The description of the generated Signals
    enabled Boolean
    Whether the rule should generate Signals
    entitySelectors List<Property Map>
    The entities to generate Signals on
    expression String
    The expression for which records to match on
    nameExpression String
    The name of the generated Signals
    severityMapping Property Map
    The configuration of how the severity of the Signals should be mapped from the Records
    isPrototype Boolean
    Whether the generated Signals should be prototype Signals
    name String
    The name of the Rule
    summaryExpression String
    The summary of the generated Signals
    tags List<String>

    The tags of the generated Signals

    The following attributes are exported:

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CseMatchRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing CseMatchRule Resource

    Get an existing CseMatchRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CseMatchRuleState, opts?: CustomResourceOptions): CseMatchRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            description_expression: Optional[str] = None,
            enabled: Optional[bool] = None,
            entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
            expression: Optional[str] = None,
            is_prototype: Optional[bool] = None,
            name: Optional[str] = None,
            name_expression: Optional[str] = None,
            severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
            summary_expression: Optional[str] = None,
            tags: Optional[Sequence[str]] = None) -> CseMatchRule
    func GetCseMatchRule(ctx *Context, name string, id IDInput, state *CseMatchRuleState, opts ...ResourceOption) (*CseMatchRule, error)
    public static CseMatchRule Get(string name, Input<string> id, CseMatchRuleState? state, CustomResourceOptions? opts = null)
    public static CseMatchRule get(String name, Output<String> id, CseMatchRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DescriptionExpression string
    The description of the generated Signals
    Enabled bool
    Whether the rule should generate Signals
    EntitySelectors List<Pulumi.SumoLogic.Inputs.CseMatchRuleEntitySelector>
    The entities to generate Signals on
    Expression string
    The expression for which records to match on
    IsPrototype bool
    Whether the generated Signals should be prototype Signals
    Name string
    The name of the Rule
    NameExpression string
    The name of the generated Signals
    SeverityMapping Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMapping
    The configuration of how the severity of the Signals should be mapped from the Records
    SummaryExpression string
    The summary of the generated Signals
    Tags List<string>

    The tags of the generated Signals

    The following attributes are exported:

    DescriptionExpression string
    The description of the generated Signals
    Enabled bool
    Whether the rule should generate Signals
    EntitySelectors []CseMatchRuleEntitySelectorArgs
    The entities to generate Signals on
    Expression string
    The expression for which records to match on
    IsPrototype bool
    Whether the generated Signals should be prototype Signals
    Name string
    The name of the Rule
    NameExpression string
    The name of the generated Signals
    SeverityMapping CseMatchRuleSeverityMappingArgs
    The configuration of how the severity of the Signals should be mapped from the Records
    SummaryExpression string
    The summary of the generated Signals
    Tags []string

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression String
    The description of the generated Signals
    enabled Boolean
    Whether the rule should generate Signals
    entitySelectors List<CseMatchRuleEntitySelector>
    The entities to generate Signals on
    expression String
    The expression for which records to match on
    isPrototype Boolean
    Whether the generated Signals should be prototype Signals
    name String
    The name of the Rule
    nameExpression String
    The name of the generated Signals
    severityMapping CseMatchRuleSeverityMapping
    The configuration of how the severity of the Signals should be mapped from the Records
    summaryExpression String
    The summary of the generated Signals
    tags List<String>

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression string
    The description of the generated Signals
    enabled boolean
    Whether the rule should generate Signals
    entitySelectors CseMatchRuleEntitySelector[]
    The entities to generate Signals on
    expression string
    The expression for which records to match on
    isPrototype boolean
    Whether the generated Signals should be prototype Signals
    name string
    The name of the Rule
    nameExpression string
    The name of the generated Signals
    severityMapping CseMatchRuleSeverityMapping
    The configuration of how the severity of the Signals should be mapped from the Records
    summaryExpression string
    The summary of the generated Signals
    tags string[]

    The tags of the generated Signals

    The following attributes are exported:

    description_expression str
    The description of the generated Signals
    enabled bool
    Whether the rule should generate Signals
    entity_selectors Sequence[CseMatchRuleEntitySelectorArgs]
    The entities to generate Signals on
    expression str
    The expression for which records to match on
    is_prototype bool
    Whether the generated Signals should be prototype Signals
    name str
    The name of the Rule
    name_expression str
    The name of the generated Signals
    severity_mapping CseMatchRuleSeverityMappingArgs
    The configuration of how the severity of the Signals should be mapped from the Records
    summary_expression str
    The summary of the generated Signals
    tags Sequence[str]

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression String
    The description of the generated Signals
    enabled Boolean
    Whether the rule should generate Signals
    entitySelectors List<Property Map>
    The entities to generate Signals on
    expression String
    The expression for which records to match on
    isPrototype Boolean
    Whether the generated Signals should be prototype Signals
    name String
    The name of the Rule
    nameExpression String
    The name of the generated Signals
    severityMapping Property Map
    The configuration of how the severity of the Signals should be mapped from the Records
    summaryExpression String
    The summary of the generated Signals
    tags List<String>

    The tags of the generated Signals

    The following attributes are exported:

    Supporting Types

    CseMatchRuleEntitySelector, CseMatchRuleEntitySelectorArgs

    EntityType string
    Expression string
    The expression for which records to match on
    EntityType string
    Expression string
    The expression for which records to match on
    entityType String
    expression String
    The expression for which records to match on
    entityType string
    expression string
    The expression for which records to match on
    entity_type str
    expression str
    The expression for which records to match on
    entityType String
    expression String
    The expression for which records to match on

    CseMatchRuleSeverityMapping, CseMatchRuleSeverityMappingArgs

    Type string
    Must be set to "eq" currently
    Default int
    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
    Field string
    The field to use in the "fieldValue"/"fieldValueMapping" cases.
    Mappings List<Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMappingMapping>
    The map of record values to severities to use in the "fieldValueMapping" case
    Type string
    Must be set to "eq" currently
    Default int
    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
    Field string
    The field to use in the "fieldValue"/"fieldValueMapping" cases.
    Mappings []CseMatchRuleSeverityMappingMapping
    The map of record values to severities to use in the "fieldValueMapping" case
    type String
    Must be set to "eq" currently
    default_ Integer
    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
    field String
    The field to use in the "fieldValue"/"fieldValueMapping" cases.
    mappings List<CseMatchRuleSeverityMappingMapping>
    The map of record values to severities to use in the "fieldValueMapping" case
    type string
    Must be set to "eq" currently
    default number
    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
    field string
    The field to use in the "fieldValue"/"fieldValueMapping" cases.
    mappings CseMatchRuleSeverityMappingMapping[]
    The map of record values to severities to use in the "fieldValueMapping" case
    type str
    Must be set to "eq" currently
    default int
    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
    field str
    The field to use in the "fieldValue"/"fieldValueMapping" cases.
    mappings Sequence[CseMatchRuleSeverityMappingMapping]
    The map of record values to severities to use in the "fieldValueMapping" case
    type String
    Must be set to "eq" currently
    default Number
    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
    field String
    The field to use in the "fieldValue"/"fieldValueMapping" cases.
    mappings List<Property Map>
    The map of record values to severities to use in the "fieldValueMapping" case

    CseMatchRuleSeverityMappingMapping, CseMatchRuleSeverityMappingMappingArgs

    From string
    The record value to map from
    To int
    The severity value to map to
    Type string
    Must be set to "eq" currently
    From string
    The record value to map from
    To int
    The severity value to map to
    Type string
    Must be set to "eq" currently
    from String
    The record value to map from
    to Integer
    The severity value to map to
    type String
    Must be set to "eq" currently
    from string
    The record value to map from
    to number
    The severity value to map to
    type string
    Must be set to "eq" currently
    from_ str
    The record value to map from
    to int
    The severity value to map to
    type str
    Must be set to "eq" currently
    from String
    The record value to map from
    to Number
    The severity value to map to
    type String
    Must be set to "eq" currently

    Import

    Match Rules can be imported using the field id, e.g.:

    hcl

    $ pulumi import sumologic:index/cseMatchRule:CseMatchRule match_rule id
    

    Package Details

    Repository
    Sumo Logic pulumi/pulumi-sumologic
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the sumologic Terraform Provider.
    sumologic logo
    Sumo Logic v0.20.3 published on Wednesday, Mar 6, 2024 by Pulumi