1. Packages
  2. Sumo Logic
  3. API Docs
  4. CseMatchRule
Sumo Logic v0.18.0 published on Thursday, Sep 7, 2023 by Pulumi

sumologic.CseMatchRule

Explore with Pulumi AI

sumologic logo
Sumo Logic v0.18.0 published on Thursday, Sep 7, 2023 by Pulumi

    Provides a Sumo Logic CSE Match Rule.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using SumoLogic = Pulumi.SumoLogic;
    
    return await Deployment.RunAsync(() => 
    {
        var matchRule = new SumoLogic.CseMatchRule("matchRule", new()
        {
            DescriptionExpression = "Signal description",
            Enabled = true,
            EntitySelectors = new[]
            {
                new SumoLogic.Inputs.CseMatchRuleEntitySelectorArgs
                {
                    EntityType = "_ip",
                    Expression = "srcDevice_ip",
                },
            },
            Expression = "objectType = \"Network\"",
            IsPrototype = false,
            NameExpression = "Signal name",
            SeverityMapping = new SumoLogic.Inputs.CseMatchRuleSeverityMappingArgs
            {
                Default = 5,
                Type = "constant",
            },
            SummaryExpression = "Signal summary",
            Tags = new[]
            {
                "_mitreAttackTactic:TA0009",
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-sumologic/sdk/go/sumologic"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := sumologic.NewCseMatchRule(ctx, "matchRule", &sumologic.CseMatchRuleArgs{
    			DescriptionExpression: pulumi.String("Signal description"),
    			Enabled:               pulumi.Bool(true),
    			EntitySelectors: sumologic.CseMatchRuleEntitySelectorArray{
    				&sumologic.CseMatchRuleEntitySelectorArgs{
    					EntityType: pulumi.String("_ip"),
    					Expression: pulumi.String("srcDevice_ip"),
    				},
    			},
    			Expression:     pulumi.String("objectType = \"Network\""),
    			IsPrototype:    pulumi.Bool(false),
    			NameExpression: pulumi.String("Signal name"),
    			SeverityMapping: &sumologic.CseMatchRuleSeverityMappingArgs{
    				Default: pulumi.Int(5),
    				Type:    pulumi.String("constant"),
    			},
    			SummaryExpression: pulumi.String("Signal summary"),
    			Tags: pulumi.StringArray{
    				pulumi.String("_mitreAttackTactic:TA0009"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.sumologic.CseMatchRule;
    import com.pulumi.sumologic.CseMatchRuleArgs;
    import com.pulumi.sumologic.inputs.CseMatchRuleEntitySelectorArgs;
    import com.pulumi.sumologic.inputs.CseMatchRuleSeverityMappingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var matchRule = new CseMatchRule("matchRule", CseMatchRuleArgs.builder()        
                .descriptionExpression("Signal description")
                .enabled(true)
                .entitySelectors(CseMatchRuleEntitySelectorArgs.builder()
                    .entityType("_ip")
                    .expression("srcDevice_ip")
                    .build())
                .expression("objectType = \"Network\"")
                .isPrototype(false)
                .nameExpression("Signal name")
                .severityMapping(CseMatchRuleSeverityMappingArgs.builder()
                    .default_(5)
                    .type("constant")
                    .build())
                .summaryExpression("Signal summary")
                .tags("_mitreAttackTactic:TA0009")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_sumologic as sumologic
    
    match_rule = sumologic.CseMatchRule("matchRule",
        description_expression="Signal description",
        enabled=True,
        entity_selectors=[sumologic.CseMatchRuleEntitySelectorArgs(
            entity_type="_ip",
            expression="srcDevice_ip",
        )],
        expression="objectType = \"Network\"",
        is_prototype=False,
        name_expression="Signal name",
        severity_mapping=sumologic.CseMatchRuleSeverityMappingArgs(
            default=5,
            type="constant",
        ),
        summary_expression="Signal summary",
        tags=["_mitreAttackTactic:TA0009"])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as sumologic from "@pulumi/sumologic";
    
    const matchRule = new sumologic.CseMatchRule("matchRule", {
        descriptionExpression: "Signal description",
        enabled: true,
        entitySelectors: [{
            entityType: "_ip",
            expression: "srcDevice_ip",
        }],
        expression: "objectType = \"Network\"",
        isPrototype: false,
        nameExpression: "Signal name",
        severityMapping: {
            "default": 5,
            type: "constant",
        },
        summaryExpression: "Signal summary",
        tags: ["_mitreAttackTactic:TA0009"],
    });
    
    resources:
      matchRule:
        type: sumologic:CseMatchRule
        properties:
          descriptionExpression: Signal description
          enabled: true
          entitySelectors:
            - entityType: _ip
              expression: srcDevice_ip
          expression: objectType = "Network"
          isPrototype: false
          nameExpression: Signal name
          severityMapping:
            default: 5
            type: constant
          summaryExpression: Signal summary
          tags:
            - _mitreAttackTactic:TA0009
    

    Create CseMatchRule Resource

    new CseMatchRule(name: string, args: CseMatchRuleArgs, opts?: CustomResourceOptions);
    @overload
    def CseMatchRule(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     description_expression: Optional[str] = None,
                     enabled: Optional[bool] = None,
                     entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
                     expression: Optional[str] = None,
                     is_prototype: Optional[bool] = None,
                     name: Optional[str] = None,
                     name_expression: Optional[str] = None,
                     severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
                     summary_expression: Optional[str] = None,
                     tags: Optional[Sequence[str]] = None)
    @overload
    def CseMatchRule(resource_name: str,
                     args: CseMatchRuleArgs,
                     opts: Optional[ResourceOptions] = None)
    func NewCseMatchRule(ctx *Context, name string, args CseMatchRuleArgs, opts ...ResourceOption) (*CseMatchRule, error)
    public CseMatchRule(string name, CseMatchRuleArgs args, CustomResourceOptions? opts = null)
    public CseMatchRule(String name, CseMatchRuleArgs args)
    public CseMatchRule(String name, CseMatchRuleArgs args, CustomResourceOptions options)
    
    type: sumologic:CseMatchRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CseMatchRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CseMatchRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CseMatchRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CseMatchRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CseMatchRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    CseMatchRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The CseMatchRule resource accepts the following input properties:

    DescriptionExpression string

    The description of the generated Signals

    Enabled bool

    Whether the rule should generate Signals

    EntitySelectors List<Pulumi.SumoLogic.Inputs.CseMatchRuleEntitySelector>

    The entities to generate Signals on

    Expression string

    The expression for which records to match on

    NameExpression string

    The name of the generated Signals

    SeverityMapping Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMapping

    The configuration of how the severity of the Signals should be mapped from the Records

    IsPrototype bool

    Whether the generated Signals should be prototype Signals

    Name string

    The name of the Rule

    SummaryExpression string

    The summary of the generated Signals

    Tags List<string>

    The tags of the generated Signals

    The following attributes are exported:

    DescriptionExpression string

    The description of the generated Signals

    Enabled bool

    Whether the rule should generate Signals

    EntitySelectors []CseMatchRuleEntitySelectorArgs

    The entities to generate Signals on

    Expression string

    The expression for which records to match on

    NameExpression string

    The name of the generated Signals

    SeverityMapping CseMatchRuleSeverityMappingArgs

    The configuration of how the severity of the Signals should be mapped from the Records

    IsPrototype bool

    Whether the generated Signals should be prototype Signals

    Name string

    The name of the Rule

    SummaryExpression string

    The summary of the generated Signals

    Tags []string

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression String

    The description of the generated Signals

    enabled Boolean

    Whether the rule should generate Signals

    entitySelectors List<CseMatchRuleEntitySelector>

    The entities to generate Signals on

    expression String

    The expression for which records to match on

    nameExpression String

    The name of the generated Signals

    severityMapping CseMatchRuleSeverityMapping

    The configuration of how the severity of the Signals should be mapped from the Records

    isPrototype Boolean

    Whether the generated Signals should be prototype Signals

    name String

    The name of the Rule

    summaryExpression String

    The summary of the generated Signals

    tags List<String>

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression string

    The description of the generated Signals

    enabled boolean

    Whether the rule should generate Signals

    entitySelectors CseMatchRuleEntitySelector[]

    The entities to generate Signals on

    expression string

    The expression for which records to match on

    nameExpression string

    The name of the generated Signals

    severityMapping CseMatchRuleSeverityMapping

    The configuration of how the severity of the Signals should be mapped from the Records

    isPrototype boolean

    Whether the generated Signals should be prototype Signals

    name string

    The name of the Rule

    summaryExpression string

    The summary of the generated Signals

    tags string[]

    The tags of the generated Signals

    The following attributes are exported:

    description_expression str

    The description of the generated Signals

    enabled bool

    Whether the rule should generate Signals

    entity_selectors Sequence[CseMatchRuleEntitySelectorArgs]

    The entities to generate Signals on

    expression str

    The expression for which records to match on

    name_expression str

    The name of the generated Signals

    severity_mapping CseMatchRuleSeverityMappingArgs

    The configuration of how the severity of the Signals should be mapped from the Records

    is_prototype bool

    Whether the generated Signals should be prototype Signals

    name str

    The name of the Rule

    summary_expression str

    The summary of the generated Signals

    tags Sequence[str]

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression String

    The description of the generated Signals

    enabled Boolean

    Whether the rule should generate Signals

    entitySelectors List<Property Map>

    The entities to generate Signals on

    expression String

    The expression for which records to match on

    nameExpression String

    The name of the generated Signals

    severityMapping Property Map

    The configuration of how the severity of the Signals should be mapped from the Records

    isPrototype Boolean

    Whether the generated Signals should be prototype Signals

    name String

    The name of the Rule

    summaryExpression String

    The summary of the generated Signals

    tags List<String>

    The tags of the generated Signals

    The following attributes are exported:

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CseMatchRule resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing CseMatchRule Resource

    Get an existing CseMatchRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CseMatchRuleState, opts?: CustomResourceOptions): CseMatchRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            description_expression: Optional[str] = None,
            enabled: Optional[bool] = None,
            entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
            expression: Optional[str] = None,
            is_prototype: Optional[bool] = None,
            name: Optional[str] = None,
            name_expression: Optional[str] = None,
            severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
            summary_expression: Optional[str] = None,
            tags: Optional[Sequence[str]] = None) -> CseMatchRule
    func GetCseMatchRule(ctx *Context, name string, id IDInput, state *CseMatchRuleState, opts ...ResourceOption) (*CseMatchRule, error)
    public static CseMatchRule Get(string name, Input<string> id, CseMatchRuleState? state, CustomResourceOptions? opts = null)
    public static CseMatchRule get(String name, Output<String> id, CseMatchRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DescriptionExpression string

    The description of the generated Signals

    Enabled bool

    Whether the rule should generate Signals

    EntitySelectors List<Pulumi.SumoLogic.Inputs.CseMatchRuleEntitySelector>

    The entities to generate Signals on

    Expression string

    The expression for which records to match on

    IsPrototype bool

    Whether the generated Signals should be prototype Signals

    Name string

    The name of the Rule

    NameExpression string

    The name of the generated Signals

    SeverityMapping Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMapping

    The configuration of how the severity of the Signals should be mapped from the Records

    SummaryExpression string

    The summary of the generated Signals

    Tags List<string>

    The tags of the generated Signals

    The following attributes are exported:

    DescriptionExpression string

    The description of the generated Signals

    Enabled bool

    Whether the rule should generate Signals

    EntitySelectors []CseMatchRuleEntitySelectorArgs

    The entities to generate Signals on

    Expression string

    The expression for which records to match on

    IsPrototype bool

    Whether the generated Signals should be prototype Signals

    Name string

    The name of the Rule

    NameExpression string

    The name of the generated Signals

    SeverityMapping CseMatchRuleSeverityMappingArgs

    The configuration of how the severity of the Signals should be mapped from the Records

    SummaryExpression string

    The summary of the generated Signals

    Tags []string

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression String

    The description of the generated Signals

    enabled Boolean

    Whether the rule should generate Signals

    entitySelectors List<CseMatchRuleEntitySelector>

    The entities to generate Signals on

    expression String

    The expression for which records to match on

    isPrototype Boolean

    Whether the generated Signals should be prototype Signals

    name String

    The name of the Rule

    nameExpression String

    The name of the generated Signals

    severityMapping CseMatchRuleSeverityMapping

    The configuration of how the severity of the Signals should be mapped from the Records

    summaryExpression String

    The summary of the generated Signals

    tags List<String>

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression string

    The description of the generated Signals

    enabled boolean

    Whether the rule should generate Signals

    entitySelectors CseMatchRuleEntitySelector[]

    The entities to generate Signals on

    expression string

    The expression for which records to match on

    isPrototype boolean

    Whether the generated Signals should be prototype Signals

    name string

    The name of the Rule

    nameExpression string

    The name of the generated Signals

    severityMapping CseMatchRuleSeverityMapping

    The configuration of how the severity of the Signals should be mapped from the Records

    summaryExpression string

    The summary of the generated Signals

    tags string[]

    The tags of the generated Signals

    The following attributes are exported:

    description_expression str

    The description of the generated Signals

    enabled bool

    Whether the rule should generate Signals

    entity_selectors Sequence[CseMatchRuleEntitySelectorArgs]

    The entities to generate Signals on

    expression str

    The expression for which records to match on

    is_prototype bool

    Whether the generated Signals should be prototype Signals

    name str

    The name of the Rule

    name_expression str

    The name of the generated Signals

    severity_mapping CseMatchRuleSeverityMappingArgs

    The configuration of how the severity of the Signals should be mapped from the Records

    summary_expression str

    The summary of the generated Signals

    tags Sequence[str]

    The tags of the generated Signals

    The following attributes are exported:

    descriptionExpression String

    The description of the generated Signals

    enabled Boolean

    Whether the rule should generate Signals

    entitySelectors List<Property Map>

    The entities to generate Signals on

    expression String

    The expression for which records to match on

    isPrototype Boolean

    Whether the generated Signals should be prototype Signals

    name String

    The name of the Rule

    nameExpression String

    The name of the generated Signals

    severityMapping Property Map

    The configuration of how the severity of the Signals should be mapped from the Records

    summaryExpression String

    The summary of the generated Signals

    tags List<String>

    The tags of the generated Signals

    The following attributes are exported:

    Supporting Types

    CseMatchRuleEntitySelector, CseMatchRuleEntitySelectorArgs

    EntityType string
    Expression string

    The expression for which records to match on

    EntityType string
    Expression string

    The expression for which records to match on

    entityType String
    expression String

    The expression for which records to match on

    entityType string
    expression string

    The expression for which records to match on

    entity_type str
    expression str

    The expression for which records to match on

    entityType String
    expression String

    The expression for which records to match on

    CseMatchRuleSeverityMapping, CseMatchRuleSeverityMappingArgs

    Type string

    Must be set to "eq" currently

    Default int

    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

    Field string

    The field to use in the "fieldValue"/"fieldValueMapping" cases.

    Mappings List<Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMappingMapping>

    The map of record values to severities to use in the "fieldValueMapping" case

    Type string

    Must be set to "eq" currently

    Default int

    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

    Field string

    The field to use in the "fieldValue"/"fieldValueMapping" cases.

    Mappings []CseMatchRuleSeverityMappingMapping

    The map of record values to severities to use in the "fieldValueMapping" case

    type String

    Must be set to "eq" currently

    default_ Integer

    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

    field String

    The field to use in the "fieldValue"/"fieldValueMapping" cases.

    mappings List<CseMatchRuleSeverityMappingMapping>

    The map of record values to severities to use in the "fieldValueMapping" case

    type string

    Must be set to "eq" currently

    default number

    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

    field string

    The field to use in the "fieldValue"/"fieldValueMapping" cases.

    mappings CseMatchRuleSeverityMappingMapping[]

    The map of record values to severities to use in the "fieldValueMapping" case

    type str

    Must be set to "eq" currently

    default int

    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

    field str

    The field to use in the "fieldValue"/"fieldValueMapping" cases.

    mappings Sequence[CseMatchRuleSeverityMappingMapping]

    The map of record values to severities to use in the "fieldValueMapping" case

    type String

    Must be set to "eq" currently

    default Number

    The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

    field String

    The field to use in the "fieldValue"/"fieldValueMapping" cases.

    mappings List<Property Map>

    The map of record values to severities to use in the "fieldValueMapping" case

    CseMatchRuleSeverityMappingMapping, CseMatchRuleSeverityMappingMappingArgs

    From string

    The record value to map from

    To int

    The severity value to map to

    Type string

    Must be set to "eq" currently

    From string

    The record value to map from

    To int

    The severity value to map to

    Type string

    Must be set to "eq" currently

    from String

    The record value to map from

    to Integer

    The severity value to map to

    type String

    Must be set to "eq" currently

    from string

    The record value to map from

    to number

    The severity value to map to

    type string

    Must be set to "eq" currently

    from_ str

    The record value to map from

    to int

    The severity value to map to

    type str

    Must be set to "eq" currently

    from String

    The record value to map from

    to Number

    The severity value to map to

    type String

    Must be set to "eq" currently

    Import

    Match Rules can be imported using the field id, e.g.hcl

     $ pulumi import sumologic:index/cseMatchRule:CseMatchRule match_rule id
    

    Package Details

    Repository
    Sumo Logic pulumi/pulumi-sumologic
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the sumologic Terraform Provider.

    sumologic logo
    Sumo Logic v0.18.0 published on Thursday, Sep 7, 2023 by Pulumi