sumologic.CseMatchRule
Explore with Pulumi AI
Provides a Sumo Logic CSE Match Rule.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using SumoLogic = Pulumi.SumoLogic;
return await Deployment.RunAsync(() =>
{
var matchRule = new SumoLogic.CseMatchRule("matchRule", new()
{
DescriptionExpression = "Signal description",
Enabled = true,
EntitySelectors = new[]
{
new SumoLogic.Inputs.CseMatchRuleEntitySelectorArgs
{
EntityType = "_ip",
Expression = "srcDevice_ip",
},
},
Expression = "objectType = \"Network\"",
IsPrototype = false,
NameExpression = "Signal name",
SeverityMapping = new SumoLogic.Inputs.CseMatchRuleSeverityMappingArgs
{
Default = 5,
Type = "constant",
},
SummaryExpression = "Signal summary",
Tags = new[]
{
"_mitreAttackTactic:TA0009",
},
});
});
package main
import (
"github.com/pulumi/pulumi-sumologic/sdk/go/sumologic"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sumologic.NewCseMatchRule(ctx, "matchRule", &sumologic.CseMatchRuleArgs{
DescriptionExpression: pulumi.String("Signal description"),
Enabled: pulumi.Bool(true),
EntitySelectors: sumologic.CseMatchRuleEntitySelectorArray{
&sumologic.CseMatchRuleEntitySelectorArgs{
EntityType: pulumi.String("_ip"),
Expression: pulumi.String("srcDevice_ip"),
},
},
Expression: pulumi.String("objectType = \"Network\""),
IsPrototype: pulumi.Bool(false),
NameExpression: pulumi.String("Signal name"),
SeverityMapping: &sumologic.CseMatchRuleSeverityMappingArgs{
Default: pulumi.Int(5),
Type: pulumi.String("constant"),
},
SummaryExpression: pulumi.String("Signal summary"),
Tags: pulumi.StringArray{
pulumi.String("_mitreAttackTactic:TA0009"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.CseMatchRule;
import com.pulumi.sumologic.CseMatchRuleArgs;
import com.pulumi.sumologic.inputs.CseMatchRuleEntitySelectorArgs;
import com.pulumi.sumologic.inputs.CseMatchRuleSeverityMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var matchRule = new CseMatchRule("matchRule", CseMatchRuleArgs.builder()
.descriptionExpression("Signal description")
.enabled(true)
.entitySelectors(CseMatchRuleEntitySelectorArgs.builder()
.entityType("_ip")
.expression("srcDevice_ip")
.build())
.expression("objectType = \"Network\"")
.isPrototype(false)
.nameExpression("Signal name")
.severityMapping(CseMatchRuleSeverityMappingArgs.builder()
.default_(5)
.type("constant")
.build())
.summaryExpression("Signal summary")
.tags("_mitreAttackTactic:TA0009")
.build());
}
}
import pulumi
import pulumi_sumologic as sumologic
match_rule = sumologic.CseMatchRule("matchRule",
description_expression="Signal description",
enabled=True,
entity_selectors=[sumologic.CseMatchRuleEntitySelectorArgs(
entity_type="_ip",
expression="srcDevice_ip",
)],
expression="objectType = \"Network\"",
is_prototype=False,
name_expression="Signal name",
severity_mapping=sumologic.CseMatchRuleSeverityMappingArgs(
default=5,
type="constant",
),
summary_expression="Signal summary",
tags=["_mitreAttackTactic:TA0009"])
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";
const matchRule = new sumologic.CseMatchRule("matchRule", {
descriptionExpression: "Signal description",
enabled: true,
entitySelectors: [{
entityType: "_ip",
expression: "srcDevice_ip",
}],
expression: "objectType = \"Network\"",
isPrototype: false,
nameExpression: "Signal name",
severityMapping: {
"default": 5,
type: "constant",
},
summaryExpression: "Signal summary",
tags: ["_mitreAttackTactic:TA0009"],
});
resources:
matchRule:
type: sumologic:CseMatchRule
properties:
descriptionExpression: Signal description
enabled: true
entitySelectors:
- entityType: _ip
expression: srcDevice_ip
expression: objectType = "Network"
isPrototype: false
nameExpression: Signal name
severityMapping:
default: 5
type: constant
summaryExpression: Signal summary
tags:
- _mitreAttackTactic:TA0009
Create CseMatchRule Resource
new CseMatchRule(name: string, args: CseMatchRuleArgs, opts?: CustomResourceOptions);
@overload
def CseMatchRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
description_expression: Optional[str] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
expression: Optional[str] = None,
is_prototype: Optional[bool] = None,
name: Optional[str] = None,
name_expression: Optional[str] = None,
severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
summary_expression: Optional[str] = None,
tags: Optional[Sequence[str]] = None)
@overload
def CseMatchRule(resource_name: str,
args: CseMatchRuleArgs,
opts: Optional[ResourceOptions] = None)
func NewCseMatchRule(ctx *Context, name string, args CseMatchRuleArgs, opts ...ResourceOption) (*CseMatchRule, error)
public CseMatchRule(string name, CseMatchRuleArgs args, CustomResourceOptions? opts = null)
public CseMatchRule(String name, CseMatchRuleArgs args)
public CseMatchRule(String name, CseMatchRuleArgs args, CustomResourceOptions options)
type: sumologic:CseMatchRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CseMatchRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CseMatchRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CseMatchRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CseMatchRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CseMatchRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CseMatchRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CseMatchRule resource accepts the following input properties:
- Description
Expression string The description of the generated Signals
- Enabled bool
Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Match Rule Entity Selector> The entities to generate Signals on
- Expression string
The expression for which records to match on
- Name
Expression string The name of the generated Signals
- Severity
Mapping Pulumi.Sumo Logic. Inputs. Cse Match Rule Severity Mapping The configuration of how the severity of the Signals should be mapped from the Records
- Is
Prototype bool Whether the generated Signals should be prototype Signals
- Name string
The name of the Rule
- Summary
Expression string The summary of the generated Signals
- List<string>
The tags of the generated Signals
The following attributes are exported:
- Description
Expression string The description of the generated Signals
- Enabled bool
Whether the rule should generate Signals
- Entity
Selectors []CseMatch Rule Entity Selector Args The entities to generate Signals on
- Expression string
The expression for which records to match on
- Name
Expression string The name of the generated Signals
- Severity
Mapping CseMatch Rule Severity Mapping Args The configuration of how the severity of the Signals should be mapped from the Records
- Is
Prototype bool Whether the generated Signals should be prototype Signals
- Name string
The name of the Rule
- Summary
Expression string The summary of the generated Signals
- []string
The tags of the generated Signals
The following attributes are exported:
- description
Expression String The description of the generated Signals
- enabled Boolean
Whether the rule should generate Signals
- entity
Selectors List<CseMatch Rule Entity Selector> The entities to generate Signals on
- expression String
The expression for which records to match on
- name
Expression String The name of the generated Signals
- severity
Mapping CseMatch Rule Severity Mapping The configuration of how the severity of the Signals should be mapped from the Records
- is
Prototype Boolean Whether the generated Signals should be prototype Signals
- name String
The name of the Rule
- summary
Expression String The summary of the generated Signals
- List<String>
The tags of the generated Signals
The following attributes are exported:
- description
Expression string The description of the generated Signals
- enabled boolean
Whether the rule should generate Signals
- entity
Selectors CseMatch Rule Entity Selector[] The entities to generate Signals on
- expression string
The expression for which records to match on
- name
Expression string The name of the generated Signals
- severity
Mapping CseMatch Rule Severity Mapping The configuration of how the severity of the Signals should be mapped from the Records
- is
Prototype boolean Whether the generated Signals should be prototype Signals
- name string
The name of the Rule
- summary
Expression string The summary of the generated Signals
- string[]
The tags of the generated Signals
The following attributes are exported:
- description_
expression str The description of the generated Signals
- enabled bool
Whether the rule should generate Signals
- entity_
selectors Sequence[CseMatch Rule Entity Selector Args] The entities to generate Signals on
- expression str
The expression for which records to match on
- name_
expression str The name of the generated Signals
- severity_
mapping CseMatch Rule Severity Mapping Args The configuration of how the severity of the Signals should be mapped from the Records
- is_
prototype bool Whether the generated Signals should be prototype Signals
- name str
The name of the Rule
- summary_
expression str The summary of the generated Signals
- Sequence[str]
The tags of the generated Signals
The following attributes are exported:
- description
Expression String The description of the generated Signals
- enabled Boolean
Whether the rule should generate Signals
- entity
Selectors List<Property Map> The entities to generate Signals on
- expression String
The expression for which records to match on
- name
Expression String The name of the generated Signals
- severity
Mapping Property Map The configuration of how the severity of the Signals should be mapped from the Records
- is
Prototype Boolean Whether the generated Signals should be prototype Signals
- name String
The name of the Rule
- summary
Expression String The summary of the generated Signals
- List<String>
The tags of the generated Signals
The following attributes are exported:
Outputs
All input properties are implicitly available as output properties. Additionally, the CseMatchRule resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing CseMatchRule Resource
Get an existing CseMatchRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CseMatchRuleState, opts?: CustomResourceOptions): CseMatchRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description_expression: Optional[str] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
expression: Optional[str] = None,
is_prototype: Optional[bool] = None,
name: Optional[str] = None,
name_expression: Optional[str] = None,
severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
summary_expression: Optional[str] = None,
tags: Optional[Sequence[str]] = None) -> CseMatchRule
func GetCseMatchRule(ctx *Context, name string, id IDInput, state *CseMatchRuleState, opts ...ResourceOption) (*CseMatchRule, error)
public static CseMatchRule Get(string name, Input<string> id, CseMatchRuleState? state, CustomResourceOptions? opts = null)
public static CseMatchRule get(String name, Output<String> id, CseMatchRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description
Expression string The description of the generated Signals
- Enabled bool
Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Match Rule Entity Selector> The entities to generate Signals on
- Expression string
The expression for which records to match on
- Is
Prototype bool Whether the generated Signals should be prototype Signals
- Name string
The name of the Rule
- Name
Expression string The name of the generated Signals
- Severity
Mapping Pulumi.Sumo Logic. Inputs. Cse Match Rule Severity Mapping The configuration of how the severity of the Signals should be mapped from the Records
- Summary
Expression string The summary of the generated Signals
- List<string>
The tags of the generated Signals
The following attributes are exported:
- Description
Expression string The description of the generated Signals
- Enabled bool
Whether the rule should generate Signals
- Entity
Selectors []CseMatch Rule Entity Selector Args The entities to generate Signals on
- Expression string
The expression for which records to match on
- Is
Prototype bool Whether the generated Signals should be prototype Signals
- Name string
The name of the Rule
- Name
Expression string The name of the generated Signals
- Severity
Mapping CseMatch Rule Severity Mapping Args The configuration of how the severity of the Signals should be mapped from the Records
- Summary
Expression string The summary of the generated Signals
- []string
The tags of the generated Signals
The following attributes are exported:
- description
Expression String The description of the generated Signals
- enabled Boolean
Whether the rule should generate Signals
- entity
Selectors List<CseMatch Rule Entity Selector> The entities to generate Signals on
- expression String
The expression for which records to match on
- is
Prototype Boolean Whether the generated Signals should be prototype Signals
- name String
The name of the Rule
- name
Expression String The name of the generated Signals
- severity
Mapping CseMatch Rule Severity Mapping The configuration of how the severity of the Signals should be mapped from the Records
- summary
Expression String The summary of the generated Signals
- List<String>
The tags of the generated Signals
The following attributes are exported:
- description
Expression string The description of the generated Signals
- enabled boolean
Whether the rule should generate Signals
- entity
Selectors CseMatch Rule Entity Selector[] The entities to generate Signals on
- expression string
The expression for which records to match on
- is
Prototype boolean Whether the generated Signals should be prototype Signals
- name string
The name of the Rule
- name
Expression string The name of the generated Signals
- severity
Mapping CseMatch Rule Severity Mapping The configuration of how the severity of the Signals should be mapped from the Records
- summary
Expression string The summary of the generated Signals
- string[]
The tags of the generated Signals
The following attributes are exported:
- description_
expression str The description of the generated Signals
- enabled bool
Whether the rule should generate Signals
- entity_
selectors Sequence[CseMatch Rule Entity Selector Args] The entities to generate Signals on
- expression str
The expression for which records to match on
- is_
prototype bool Whether the generated Signals should be prototype Signals
- name str
The name of the Rule
- name_
expression str The name of the generated Signals
- severity_
mapping CseMatch Rule Severity Mapping Args The configuration of how the severity of the Signals should be mapped from the Records
- summary_
expression str The summary of the generated Signals
- Sequence[str]
The tags of the generated Signals
The following attributes are exported:
- description
Expression String The description of the generated Signals
- enabled Boolean
Whether the rule should generate Signals
- entity
Selectors List<Property Map> The entities to generate Signals on
- expression String
The expression for which records to match on
- is
Prototype Boolean Whether the generated Signals should be prototype Signals
- name String
The name of the Rule
- name
Expression String The name of the generated Signals
- severity
Mapping Property Map The configuration of how the severity of the Signals should be mapped from the Records
- summary
Expression String The summary of the generated Signals
- List<String>
The tags of the generated Signals
The following attributes are exported:
Supporting Types
CseMatchRuleEntitySelector, CseMatchRuleEntitySelectorArgs
- Entity
Type string - Expression string
The expression for which records to match on
- Entity
Type string - Expression string
The expression for which records to match on
- entity
Type String - expression String
The expression for which records to match on
- entity
Type string - expression string
The expression for which records to match on
- entity_
type str - expression str
The expression for which records to match on
- entity
Type String - expression String
The expression for which records to match on
CseMatchRuleSeverityMapping, CseMatchRuleSeverityMappingArgs
- Type string
Must be set to "eq" currently
- Default int
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- Field string
The field to use in the "fieldValue"/"fieldValueMapping" cases.
- Mappings
List<Pulumi.
Sumo Logic. Inputs. Cse Match Rule Severity Mapping Mapping> The map of record values to severities to use in the "fieldValueMapping" case
- Type string
Must be set to "eq" currently
- Default int
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- Field string
The field to use in the "fieldValue"/"fieldValueMapping" cases.
- Mappings
[]Cse
Match Rule Severity Mapping Mapping The map of record values to severities to use in the "fieldValueMapping" case
- type String
Must be set to "eq" currently
- default_ Integer
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field String
The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings
List<Cse
Match Rule Severity Mapping Mapping> The map of record values to severities to use in the "fieldValueMapping" case
- type string
Must be set to "eq" currently
- default number
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field string
The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings
Cse
Match Rule Severity Mapping Mapping[] The map of record values to severities to use in the "fieldValueMapping" case
- type str
Must be set to "eq" currently
- default int
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field str
The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings
Sequence[Cse
Match Rule Severity Mapping Mapping] The map of record values to severities to use in the "fieldValueMapping" case
- type String
Must be set to "eq" currently
- default Number
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field String
The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings List<Property Map>
The map of record values to severities to use in the "fieldValueMapping" case
CseMatchRuleSeverityMappingMapping, CseMatchRuleSeverityMappingMappingArgs
Import
Match Rules can be imported using the field id, e.g.hcl
$ pulumi import sumologic:index/cseMatchRule:CseMatchRule match_rule id
Package Details
- Repository
- Sumo Logic pulumi/pulumi-sumologic
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
sumologic
Terraform Provider.