SumoLogic

Pulumi Official
Package maintained by Pulumi
v0.9.0 published on Tuesday, Aug 16, 2022 by Pulumi

CseMatchRule

Provides a Sumo Logic CSE Match Rule.

Example Usage

using System.Collections.Generic;
using Pulumi;
using SumoLogic = Pulumi.SumoLogic;

return await Deployment.RunAsync(() => 
{
    var matchRule = new SumoLogic.CseMatchRule("matchRule", new()
    {
        DescriptionExpression = "Signal description",
        Enabled = true,
        EntitySelectors = new[]
        {
            new SumoLogic.Inputs.CseMatchRuleEntitySelectorArgs
            {
                EntityType = "_ip",
                Expression = "srcDevice_ip",
            },
        },
        Expression = "objectType = \"Network\"",
        IsPrototype = false,
        NameExpression = "Signal name",
        SeverityMapping = new SumoLogic.Inputs.CseMatchRuleSeverityMappingArgs
        {
            Default = 5,
            Type = "constant",
        },
        SummaryExpression = "Signal summary",
        Tags = new[]
        {
            "_mitreAttackTactic:TA0009",
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-sumologic/sdk/go/sumologic"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sumologic.NewCseMatchRule(ctx, "matchRule", &sumologic.CseMatchRuleArgs{
			DescriptionExpression: pulumi.String("Signal description"),
			Enabled:               pulumi.Bool(true),
			EntitySelectors: CseMatchRuleEntitySelectorArray{
				&CseMatchRuleEntitySelectorArgs{
					EntityType: pulumi.String("_ip"),
					Expression: pulumi.String("srcDevice_ip"),
				},
			},
			Expression:     pulumi.String("objectType = \"Network\""),
			IsPrototype:    pulumi.Bool(false),
			NameExpression: pulumi.String("Signal name"),
			SeverityMapping: &CseMatchRuleSeverityMappingArgs{
				Default: pulumi.Int(5),
				Type:    pulumi.String("constant"),
			},
			SummaryExpression: pulumi.String("Signal summary"),
			Tags: pulumi.StringArray{
				pulumi.String("_mitreAttackTactic:TA0009"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.CseMatchRule;
import com.pulumi.sumologic.CseMatchRuleArgs;
import com.pulumi.sumologic.inputs.CseMatchRuleEntitySelectorArgs;
import com.pulumi.sumologic.inputs.CseMatchRuleSeverityMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var matchRule = new CseMatchRule("matchRule", CseMatchRuleArgs.builder()        
            .descriptionExpression("Signal description")
            .enabled(true)
            .entitySelectors(CseMatchRuleEntitySelectorArgs.builder()
                .entityType("_ip")
                .expression("srcDevice_ip")
                .build())
            .expression("objectType = \"Network\"")
            .isPrototype(false)
            .nameExpression("Signal name")
            .severityMapping(CseMatchRuleSeverityMappingArgs.builder()
                .default_(5)
                .type("constant")
                .build())
            .summaryExpression("Signal summary")
            .tags("_mitreAttackTactic:TA0009")
            .build());

    }
}
import pulumi
import pulumi_sumologic as sumologic

match_rule = sumologic.CseMatchRule("matchRule",
    description_expression="Signal description",
    enabled=True,
    entity_selectors=[sumologic.CseMatchRuleEntitySelectorArgs(
        entity_type="_ip",
        expression="srcDevice_ip",
    )],
    expression="objectType = \"Network\"",
    is_prototype=False,
    name_expression="Signal name",
    severity_mapping=sumologic.CseMatchRuleSeverityMappingArgs(
        default=5,
        type="constant",
    ),
    summary_expression="Signal summary",
    tags=["_mitreAttackTactic:TA0009"])
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";

const matchRule = new sumologic.CseMatchRule("match_rule", {
    descriptionExpression: "Signal description",
    enabled: true,
    entitySelectors: [{
        entityType: "_ip",
        expression: "srcDevice_ip",
    }],
    expression: "objectType = \"Network\"",
    isPrototype: false,
    nameExpression: "Signal name",
    severityMapping: {
        default: 5,
        type: "constant",
    },
    summaryExpression: "Signal summary",
    tags: ["_mitreAttackTactic:TA0009"],
});
resources:
  matchRule:
    type: sumologic:CseMatchRule
    properties:
      descriptionExpression: Signal description
      enabled: true
      entitySelectors:
        - entityType: _ip
          expression: srcDevice_ip
      expression: objectType = "Network"
      isPrototype: false
      nameExpression: Signal name
      severityMapping:
        default: 5
        type: constant
      summaryExpression: Signal summary
      tags:
        - _mitreAttackTactic:TA0009

Create a CseMatchRule Resource

new CseMatchRule(name: string, args: CseMatchRuleArgs, opts?: CustomResourceOptions);
@overload
def CseMatchRule(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 description_expression: Optional[str] = None,
                 enabled: Optional[bool] = None,
                 entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
                 expression: Optional[str] = None,
                 is_prototype: Optional[bool] = None,
                 name: Optional[str] = None,
                 name_expression: Optional[str] = None,
                 severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
                 summary_expression: Optional[str] = None,
                 tags: Optional[Sequence[str]] = None)
@overload
def CseMatchRule(resource_name: str,
                 args: CseMatchRuleArgs,
                 opts: Optional[ResourceOptions] = None)
func NewCseMatchRule(ctx *Context, name string, args CseMatchRuleArgs, opts ...ResourceOption) (*CseMatchRule, error)
public CseMatchRule(string name, CseMatchRuleArgs args, CustomResourceOptions? opts = null)
public CseMatchRule(String name, CseMatchRuleArgs args)
public CseMatchRule(String name, CseMatchRuleArgs args, CustomResourceOptions options)
type: sumologic:CseMatchRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args CseMatchRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args CseMatchRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CseMatchRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CseMatchRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args CseMatchRuleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

CseMatchRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CseMatchRule resource accepts the following input properties:

DescriptionExpression string

The description of the generated Signals

Enabled bool

Whether the rule should generate Signals

EntitySelectors List<Pulumi.SumoLogic.Inputs.CseMatchRuleEntitySelectorArgs>

The entities to generate Signals on

Expression string

The expression for which records to match on

NameExpression string

The name of the generated Signals

SeverityMapping Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMappingArgs

The configuration of how the severity of the Signals should be mapped from the Records

IsPrototype bool

Whether the generated Signals should be prototype Signals

Name string

The name of the Rule

SummaryExpression string

The summary of the generated Signals

Tags List<string>

The tags of the generated Signals

DescriptionExpression string

The description of the generated Signals

Enabled bool

Whether the rule should generate Signals

EntitySelectors []CseMatchRuleEntitySelectorArgs

The entities to generate Signals on

Expression string

The expression for which records to match on

NameExpression string

The name of the generated Signals

SeverityMapping CseMatchRuleSeverityMappingArgs

The configuration of how the severity of the Signals should be mapped from the Records

IsPrototype bool

Whether the generated Signals should be prototype Signals

Name string

The name of the Rule

SummaryExpression string

The summary of the generated Signals

Tags []string

The tags of the generated Signals

descriptionExpression String

The description of the generated Signals

enabled Boolean

Whether the rule should generate Signals

entitySelectors List<CseMatchRuleEntitySelectorArgs>

The entities to generate Signals on

expression String

The expression for which records to match on

nameExpression String

The name of the generated Signals

severityMapping CseMatchRuleSeverityMappingArgs

The configuration of how the severity of the Signals should be mapped from the Records

isPrototype Boolean

Whether the generated Signals should be prototype Signals

name String

The name of the Rule

summaryExpression String

The summary of the generated Signals

tags List<String>

The tags of the generated Signals

descriptionExpression string

The description of the generated Signals

enabled boolean

Whether the rule should generate Signals

entitySelectors CseMatchRuleEntitySelectorArgs[]

The entities to generate Signals on

expression string

The expression for which records to match on

nameExpression string

The name of the generated Signals

severityMapping CseMatchRuleSeverityMappingArgs

The configuration of how the severity of the Signals should be mapped from the Records

isPrototype boolean

Whether the generated Signals should be prototype Signals

name string

The name of the Rule

summaryExpression string

The summary of the generated Signals

tags string[]

The tags of the generated Signals

description_expression str

The description of the generated Signals

enabled bool

Whether the rule should generate Signals

entity_selectors Sequence[CseMatchRuleEntitySelectorArgs]

The entities to generate Signals on

expression str

The expression for which records to match on

name_expression str

The name of the generated Signals

severity_mapping CseMatchRuleSeverityMappingArgs

The configuration of how the severity of the Signals should be mapped from the Records

is_prototype bool

Whether the generated Signals should be prototype Signals

name str

The name of the Rule

summary_expression str

The summary of the generated Signals

tags Sequence[str]

The tags of the generated Signals

descriptionExpression String

The description of the generated Signals

enabled Boolean

Whether the rule should generate Signals

entitySelectors List<Property Map>

The entities to generate Signals on

expression String

The expression for which records to match on

nameExpression String

The name of the generated Signals

severityMapping Property Map

The configuration of how the severity of the Signals should be mapped from the Records

isPrototype Boolean

Whether the generated Signals should be prototype Signals

name String

The name of the Rule

summaryExpression String

The summary of the generated Signals

tags List<String>

The tags of the generated Signals

Outputs

All input properties are implicitly available as output properties. Additionally, the CseMatchRule resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing CseMatchRule Resource

Get an existing CseMatchRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CseMatchRuleState, opts?: CustomResourceOptions): CseMatchRule
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description_expression: Optional[str] = None,
        enabled: Optional[bool] = None,
        entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
        expression: Optional[str] = None,
        is_prototype: Optional[bool] = None,
        name: Optional[str] = None,
        name_expression: Optional[str] = None,
        severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
        summary_expression: Optional[str] = None,
        tags: Optional[Sequence[str]] = None) -> CseMatchRule
func GetCseMatchRule(ctx *Context, name string, id IDInput, state *CseMatchRuleState, opts ...ResourceOption) (*CseMatchRule, error)
public static CseMatchRule Get(string name, Input<string> id, CseMatchRuleState? state, CustomResourceOptions? opts = null)
public static CseMatchRule get(String name, Output<String> id, CseMatchRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
DescriptionExpression string

The description of the generated Signals

Enabled bool

Whether the rule should generate Signals

EntitySelectors List<Pulumi.SumoLogic.Inputs.CseMatchRuleEntitySelectorArgs>

The entities to generate Signals on

Expression string

The expression for which records to match on

IsPrototype bool

Whether the generated Signals should be prototype Signals

Name string

The name of the Rule

NameExpression string

The name of the generated Signals

SeverityMapping Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMappingArgs

The configuration of how the severity of the Signals should be mapped from the Records

SummaryExpression string

The summary of the generated Signals

Tags List<string>

The tags of the generated Signals

DescriptionExpression string

The description of the generated Signals

Enabled bool

Whether the rule should generate Signals

EntitySelectors []CseMatchRuleEntitySelectorArgs

The entities to generate Signals on

Expression string

The expression for which records to match on

IsPrototype bool

Whether the generated Signals should be prototype Signals

Name string

The name of the Rule

NameExpression string

The name of the generated Signals

SeverityMapping CseMatchRuleSeverityMappingArgs

The configuration of how the severity of the Signals should be mapped from the Records

SummaryExpression string

The summary of the generated Signals

Tags []string

The tags of the generated Signals

descriptionExpression String

The description of the generated Signals

enabled Boolean

Whether the rule should generate Signals

entitySelectors List<CseMatchRuleEntitySelectorArgs>

The entities to generate Signals on

expression String

The expression for which records to match on

isPrototype Boolean

Whether the generated Signals should be prototype Signals

name String

The name of the Rule

nameExpression String

The name of the generated Signals

severityMapping CseMatchRuleSeverityMappingArgs

The configuration of how the severity of the Signals should be mapped from the Records

summaryExpression String

The summary of the generated Signals

tags List<String>

The tags of the generated Signals

descriptionExpression string

The description of the generated Signals

enabled boolean

Whether the rule should generate Signals

entitySelectors CseMatchRuleEntitySelectorArgs[]

The entities to generate Signals on

expression string

The expression for which records to match on

isPrototype boolean

Whether the generated Signals should be prototype Signals

name string

The name of the Rule

nameExpression string

The name of the generated Signals

severityMapping CseMatchRuleSeverityMappingArgs

The configuration of how the severity of the Signals should be mapped from the Records

summaryExpression string

The summary of the generated Signals

tags string[]

The tags of the generated Signals

description_expression str

The description of the generated Signals

enabled bool

Whether the rule should generate Signals

entity_selectors Sequence[CseMatchRuleEntitySelectorArgs]

The entities to generate Signals on

expression str

The expression for which records to match on

is_prototype bool

Whether the generated Signals should be prototype Signals

name str

The name of the Rule

name_expression str

The name of the generated Signals

severity_mapping CseMatchRuleSeverityMappingArgs

The configuration of how the severity of the Signals should be mapped from the Records

summary_expression str

The summary of the generated Signals

tags Sequence[str]

The tags of the generated Signals

descriptionExpression String

The description of the generated Signals

enabled Boolean

Whether the rule should generate Signals

entitySelectors List<Property Map>

The entities to generate Signals on

expression String

The expression for which records to match on

isPrototype Boolean

Whether the generated Signals should be prototype Signals

name String

The name of the Rule

nameExpression String

The name of the generated Signals

severityMapping Property Map

The configuration of how the severity of the Signals should be mapped from the Records

summaryExpression String

The summary of the generated Signals

tags List<String>

The tags of the generated Signals

Supporting Types

CseMatchRuleEntitySelector

EntityType string
Expression string

The expression for which records to match on

EntityType string
Expression string

The expression for which records to match on

entityType String
expression String

The expression for which records to match on

entityType string
expression string

The expression for which records to match on

entity_type str
expression str

The expression for which records to match on

entityType String
expression String

The expression for which records to match on

CseMatchRuleSeverityMapping

Type string

Must be set to "eq" currently

Default int

The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

Field string

The field to use in the "fieldValue"/"fieldValueMapping" cases.

Mappings List<Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMappingMapping>

The map of record values to severities to use in the "fieldValueMapping" case

Type string

Must be set to "eq" currently

Default int

The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

Field string

The field to use in the "fieldValue"/"fieldValueMapping" cases.

Mappings []CseMatchRuleSeverityMappingMapping

The map of record values to severities to use in the "fieldValueMapping" case

type String

Must be set to "eq" currently

default_ Integer

The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

field String

The field to use in the "fieldValue"/"fieldValueMapping" cases.

mappings List<CseMatchRuleSeverityMappingMapping>

The map of record values to severities to use in the "fieldValueMapping" case

type string

Must be set to "eq" currently

default number

The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

field string

The field to use in the "fieldValue"/"fieldValueMapping" cases.

mappings CseMatchRuleSeverityMappingMapping[]

The map of record values to severities to use in the "fieldValueMapping" case

type str

Must be set to "eq" currently

default int

The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

field str

The field to use in the "fieldValue"/"fieldValueMapping" cases.

mappings Sequence[CseMatchRuleSeverityMappingMapping]

The map of record values to severities to use in the "fieldValueMapping" case

type String

Must be set to "eq" currently

default Number

The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.

field String

The field to use in the "fieldValue"/"fieldValueMapping" cases.

mappings List<Property Map>

The map of record values to severities to use in the "fieldValueMapping" case

CseMatchRuleSeverityMappingMapping

From string

The record value to map from

To int

The severity value to map to

Type string

Must be set to "eq" currently

From string

The record value to map from

To int

The severity value to map to

Type string

Must be set to "eq" currently

from String

The record value to map from

to Integer

The severity value to map to

type String

Must be set to "eq" currently

from string

The record value to map from

to number

The severity value to map to

type string

Must be set to "eq" currently

from_ str

The record value to map from

to int

The severity value to map to

type str

Must be set to "eq" currently

from String

The record value to map from

to Number

The severity value to map to

type String

Must be set to "eq" currently

Import

Match Rules can be imported using the field id, e.g.hcl

 $ pulumi import sumologic:index/cseMatchRule:CseMatchRule match_rule id

Package Details

Repository
https://github.com/pulumi/pulumi-sumologic
License
Apache-2.0
Notes

This Pulumi package is based on the sumologic Terraform Provider.