Docs
Packagessumologic.CseOutlierRule
Explore with Pulumi AI
___
layout: “sumologic” page_title: “SumoLogic: sumologic.CseOutlierRule” description: |- Provides a CSE Outlier Rule
sumologic.CseOutlierRule
Provides a Sumo Logic CSE Outlier Rule.
Example Usage
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.CseFirstSeenRule;
import com.pulumi.sumologic.CseFirstSeenRuleArgs;
import com.pulumi.sumologic.inputs.CseFirstSeenRuleEntitySelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var firstSeenRule = new CseFirstSeenRule("firstSeenRule", CseFirstSeenRuleArgs.builder()
.aggregationFunctions(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.baselineWindowSize("1209600000")
.descriptionExpression("Spike in Login Failures - {{ user_username }}")
.deviationThreshold(3)
.enabled(true)
.entitySelectors(CseFirstSeenRuleEntitySelectorArgs.builder()
.entityType("_username")
.expression("user_username")
.build())
.floorValue(0)
.groupByFields("user_username")
.isPrototype(false)
.matchExpression("objectType=\"Authentication\" AND success=false")
.nameExpression("Spike in Login Failures - {{ user_username }}")
.retentionWindowSize("7776000000")
.severity(1)
.summaryExpression("Spike in Login Failures - {{ user_username }}")
.windowSize("T24H")
.build());
}
}
Coming soon!
Coming soon!
resources:
firstSeenRule:
type: sumologic:CseFirstSeenRule
properties:
aggregationFunctions:
- arguments:
- 'true'
function: count
name: total
baselineWindowSize: '1209600000'
# 14 days
descriptionExpression: Spike in Login Failures - {{ user_username }}
deviationThreshold: 3
enabled: true
entitySelectors:
- entityType: _username
expression: user_username
floorValue: 0
groupByFields:
- user_username
isPrototype: false
matchExpression: objectType="Authentication" AND success=false
nameExpression: Spike in Login Failures - {{ user_username }}
retentionWindowSize: '7776000000'
# 90 days
severity: 1
summaryExpression: Spike in Login Failures - {{ user_username }}
windowSize: T24H
Create CseOutlierRule Resource
new CseOutlierRule(name: string, args: CseOutlierRuleArgs, opts?: CustomResourceOptions);@overload
def CseOutlierRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
aggregation_functions: Optional[CseOutlierRuleAggregationFunctionsArgs] = None,
baseline_window_size: Optional[str] = None,
description_expression: Optional[str] = None,
deviation_threshold: Optional[int] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseOutlierRuleEntitySelectorArgs]] = None,
floor_value: Optional[int] = None,
group_by_fields: Optional[Sequence[str]] = None,
is_prototype: Optional[bool] = None,
match_expression: Optional[str] = None,
name: Optional[str] = None,
name_expression: Optional[str] = None,
retention_window_size: Optional[str] = None,
severity: Optional[int] = None,
summary_expression: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
window_size: Optional[str] = None)
@overload
def CseOutlierRule(resource_name: str,
args: CseOutlierRuleArgs,
opts: Optional[ResourceOptions] = None)func NewCseOutlierRule(ctx *Context, name string, args CseOutlierRuleArgs, opts ...ResourceOption) (*CseOutlierRule, error)public CseOutlierRule(string name, CseOutlierRuleArgs args, CustomResourceOptions? opts = null)
public CseOutlierRule(String name, CseOutlierRuleArgs args)
public CseOutlierRule(String name, CseOutlierRuleArgs args, CustomResourceOptions options)
type: sumologic:CseOutlierRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CseOutlierRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CseOutlierRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CseOutlierRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CseOutlierRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CseOutlierRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CseOutlierRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CseOutlierRule resource accepts the following input properties:
- Aggregation
Functions Pulumi.Sumo Logic. Inputs. Cse Outlier Rule Aggregation Functions - Baseline
Window stringSize The baseline window size in milliseconds
- Description
Expression string The description of the generated Signals
- Deviation
Threshold int The deviation threshold used to calculate the threshold to trigger signals
- Enabled bool
Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Outlier Rule Entity Selector> The entities to generate Signals on
- Floor
Value int The minimum threshold to trigger signals
- Match
Expression string The expression for which records to match on
- Name
Expression string The name of the generated Signals
- Retention
Window stringSize The retention window size in milliseconds
- Severity int
The severity of the generated Signals
- Window
Size string The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- Group
By List<string>Fields A list of fields to group records by
- Is
Prototype bool Whether the generated Signals should be prototype Signals
- Name string
The name of the Rule
- Summary
Expression string The summary of the generated Signals
- List<string>
The tags of the generated Signals
- Aggregation
Functions CseOutlier Rule Aggregation Functions Args - Baseline
Window stringSize The baseline window size in milliseconds
- Description
Expression string The description of the generated Signals
- Deviation
Threshold int The deviation threshold used to calculate the threshold to trigger signals
- Enabled bool
Whether the rule should generate Signals
- Entity
Selectors []CseOutlier Rule Entity Selector Args The entities to generate Signals on
- Floor
Value int The minimum threshold to trigger signals
- Match
Expression string The expression for which records to match on
- Name
Expression string The name of the generated Signals
- Retention
Window stringSize The retention window size in milliseconds
- Severity int
The severity of the generated Signals
- Window
Size string The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- Group
By []stringFields A list of fields to group records by
- Is
Prototype bool Whether the generated Signals should be prototype Signals
- Name string
The name of the Rule
- Summary
Expression string The summary of the generated Signals
- []string
The tags of the generated Signals
- aggregation
Functions CseOutlier Rule Aggregation Functions - baseline
Window StringSize The baseline window size in milliseconds
- description
Expression String The description of the generated Signals
- deviation
Threshold Integer The deviation threshold used to calculate the threshold to trigger signals
- enabled Boolean
Whether the rule should generate Signals
- entity
Selectors List<CseOutlier Rule Entity Selector> The entities to generate Signals on
- floor
Value Integer The minimum threshold to trigger signals
- match
Expression String The expression for which records to match on
- name
Expression String The name of the generated Signals
- retention
Window StringSize The retention window size in milliseconds
- severity Integer
The severity of the generated Signals
- window
Size String The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- group
By List<String>Fields A list of fields to group records by
- is
Prototype Boolean Whether the generated Signals should be prototype Signals
- name String
The name of the Rule
- summary
Expression String The summary of the generated Signals
- List<String>
The tags of the generated Signals
- aggregation
Functions CseOutlier Rule Aggregation Functions - baseline
Window stringSize The baseline window size in milliseconds
- description
Expression string The description of the generated Signals
- deviation
Threshold number The deviation threshold used to calculate the threshold to trigger signals
- enabled boolean
Whether the rule should generate Signals
- entity
Selectors CseOutlier Rule Entity Selector[] The entities to generate Signals on
- floor
Value number The minimum threshold to trigger signals
- match
Expression string The expression for which records to match on
- name
Expression string The name of the generated Signals
- retention
Window stringSize The retention window size in milliseconds
- severity number
The severity of the generated Signals
- window
Size string The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- group
By string[]Fields A list of fields to group records by
- is
Prototype boolean Whether the generated Signals should be prototype Signals
- name string
The name of the Rule
- summary
Expression string The summary of the generated Signals
- string[]
The tags of the generated Signals
- aggregation_
functions CseOutlier Rule Aggregation Functions Args - baseline_
window_ strsize The baseline window size in milliseconds
- description_
expression str The description of the generated Signals
- deviation_
threshold int The deviation threshold used to calculate the threshold to trigger signals
- enabled bool
Whether the rule should generate Signals
- entity_
selectors Sequence[CseOutlier Rule Entity Selector Args] The entities to generate Signals on
- floor_
value int The minimum threshold to trigger signals
- match_
expression str The expression for which records to match on
- name_
expression str The name of the generated Signals
- retention_
window_ strsize The retention window size in milliseconds
- severity int
The severity of the generated Signals
- window_
size str The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- group_
by_ Sequence[str]fields A list of fields to group records by
- is_
prototype bool Whether the generated Signals should be prototype Signals
- name str
The name of the Rule
- summary_
expression str The summary of the generated Signals
- Sequence[str]
The tags of the generated Signals
- aggregation
Functions Property Map - baseline
Window StringSize The baseline window size in milliseconds
- description
Expression String The description of the generated Signals
- deviation
Threshold Number The deviation threshold used to calculate the threshold to trigger signals
- enabled Boolean
Whether the rule should generate Signals
- entity
Selectors List<Property Map> The entities to generate Signals on
- floor
Value Number The minimum threshold to trigger signals
- match
Expression String The expression for which records to match on
- name
Expression String The name of the generated Signals
- retention
Window StringSize The retention window size in milliseconds
- severity Number
The severity of the generated Signals
- window
Size String The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- group
By List<String>Fields A list of fields to group records by
- is
Prototype Boolean Whether the generated Signals should be prototype Signals
- name String
The name of the Rule
- summary
Expression String The summary of the generated Signals
- List<String>
The tags of the generated Signals
Outputs
All input properties are implicitly available as output properties. Additionally, the CseOutlierRule resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing CseOutlierRule Resource
Get an existing CseOutlierRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CseOutlierRuleState, opts?: CustomResourceOptions): CseOutlierRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
aggregation_functions: Optional[CseOutlierRuleAggregationFunctionsArgs] = None,
baseline_window_size: Optional[str] = None,
description_expression: Optional[str] = None,
deviation_threshold: Optional[int] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseOutlierRuleEntitySelectorArgs]] = None,
floor_value: Optional[int] = None,
group_by_fields: Optional[Sequence[str]] = None,
is_prototype: Optional[bool] = None,
match_expression: Optional[str] = None,
name: Optional[str] = None,
name_expression: Optional[str] = None,
retention_window_size: Optional[str] = None,
severity: Optional[int] = None,
summary_expression: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
window_size: Optional[str] = None) -> CseOutlierRulefunc GetCseOutlierRule(ctx *Context, name string, id IDInput, state *CseOutlierRuleState, opts ...ResourceOption) (*CseOutlierRule, error)public static CseOutlierRule Get(string name, Input<string> id, CseOutlierRuleState? state, CustomResourceOptions? opts = null)public static CseOutlierRule get(String name, Output<String> id, CseOutlierRuleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Aggregation
Functions Pulumi.Sumo Logic. Inputs. Cse Outlier Rule Aggregation Functions - Baseline
Window stringSize The baseline window size in milliseconds
- Description
Expression string The description of the generated Signals
- Deviation
Threshold int The deviation threshold used to calculate the threshold to trigger signals
- Enabled bool
Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Outlier Rule Entity Selector> The entities to generate Signals on
- Floor
Value int The minimum threshold to trigger signals
- Group
By List<string>Fields A list of fields to group records by
- Is
Prototype bool Whether the generated Signals should be prototype Signals
- Match
Expression string The expression for which records to match on
- Name string
The name of the Rule
- Name
Expression string The name of the generated Signals
- Retention
Window stringSize The retention window size in milliseconds
- Severity int
The severity of the generated Signals
- Summary
Expression string The summary of the generated Signals
- List<string>
The tags of the generated Signals
- Window
Size string The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- Aggregation
Functions CseOutlier Rule Aggregation Functions Args - Baseline
Window stringSize The baseline window size in milliseconds
- Description
Expression string The description of the generated Signals
- Deviation
Threshold int The deviation threshold used to calculate the threshold to trigger signals
- Enabled bool
Whether the rule should generate Signals
- Entity
Selectors []CseOutlier Rule Entity Selector Args The entities to generate Signals on
- Floor
Value int The minimum threshold to trigger signals
- Group
By []stringFields A list of fields to group records by
- Is
Prototype bool Whether the generated Signals should be prototype Signals
- Match
Expression string The expression for which records to match on
- Name string
The name of the Rule
- Name
Expression string The name of the generated Signals
- Retention
Window stringSize The retention window size in milliseconds
- Severity int
The severity of the generated Signals
- Summary
Expression string The summary of the generated Signals
- []string
The tags of the generated Signals
- Window
Size string The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- aggregation
Functions CseOutlier Rule Aggregation Functions - baseline
Window StringSize The baseline window size in milliseconds
- description
Expression String The description of the generated Signals
- deviation
Threshold Integer The deviation threshold used to calculate the threshold to trigger signals
- enabled Boolean
Whether the rule should generate Signals
- entity
Selectors List<CseOutlier Rule Entity Selector> The entities to generate Signals on
- floor
Value Integer The minimum threshold to trigger signals
- group
By List<String>Fields A list of fields to group records by
- is
Prototype Boolean Whether the generated Signals should be prototype Signals
- match
Expression String The expression for which records to match on
- name String
The name of the Rule
- name
Expression String The name of the generated Signals
- retention
Window StringSize The retention window size in milliseconds
- severity Integer
The severity of the generated Signals
- summary
Expression String The summary of the generated Signals
- List<String>
The tags of the generated Signals
- window
Size String The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- aggregation
Functions CseOutlier Rule Aggregation Functions - baseline
Window stringSize The baseline window size in milliseconds
- description
Expression string The description of the generated Signals
- deviation
Threshold number The deviation threshold used to calculate the threshold to trigger signals
- enabled boolean
Whether the rule should generate Signals
- entity
Selectors CseOutlier Rule Entity Selector[] The entities to generate Signals on
- floor
Value number The minimum threshold to trigger signals
- group
By string[]Fields A list of fields to group records by
- is
Prototype boolean Whether the generated Signals should be prototype Signals
- match
Expression string The expression for which records to match on
- name string
The name of the Rule
- name
Expression string The name of the generated Signals
- retention
Window stringSize The retention window size in milliseconds
- severity number
The severity of the generated Signals
- summary
Expression string The summary of the generated Signals
- string[]
The tags of the generated Signals
- window
Size string The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- aggregation_
functions CseOutlier Rule Aggregation Functions Args - baseline_
window_ strsize The baseline window size in milliseconds
- description_
expression str The description of the generated Signals
- deviation_
threshold int The deviation threshold used to calculate the threshold to trigger signals
- enabled bool
Whether the rule should generate Signals
- entity_
selectors Sequence[CseOutlier Rule Entity Selector Args] The entities to generate Signals on
- floor_
value int The minimum threshold to trigger signals
- group_
by_ Sequence[str]fields A list of fields to group records by
- is_
prototype bool Whether the generated Signals should be prototype Signals
- match_
expression str The expression for which records to match on
- name str
The name of the Rule
- name_
expression str The name of the generated Signals
- retention_
window_ strsize The retention window size in milliseconds
- severity int
The severity of the generated Signals
- summary_
expression str The summary of the generated Signals
- Sequence[str]
The tags of the generated Signals
- window_
size str The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
- aggregation
Functions Property Map - baseline
Window StringSize The baseline window size in milliseconds
- description
Expression String The description of the generated Signals
- deviation
Threshold Number The deviation threshold used to calculate the threshold to trigger signals
- enabled Boolean
Whether the rule should generate Signals
- entity
Selectors List<Property Map> The entities to generate Signals on
- floor
Value Number The minimum threshold to trigger signals
- group
By List<String>Fields A list of fields to group records by
- is
Prototype Boolean Whether the generated Signals should be prototype Signals
- match
Expression String The expression for which records to match on
- name String
The name of the Rule
- name
Expression String The name of the generated Signals
- retention
Window StringSize The retention window size in milliseconds
- severity Number
The severity of the generated Signals
- summary
Expression String The summary of the generated Signals
- List<String>
The tags of the generated Signals
- window
Size String The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
The following attributes are exported:
Supporting Types
CseOutlierRuleAggregationFunctions, CseOutlierRuleAggregationFunctionsArgs
CseOutlierRuleEntitySelector, CseOutlierRuleEntitySelectorArgs
- Entity
Type string - Expression string
The expression or field name to generate the Signal on
- Entity
Type string - Expression string
The expression or field name to generate the Signal on
- entity
Type String - expression String
The expression or field name to generate the Signal on
- entity
Type string - expression string
The expression or field name to generate the Signal on
- entity_
type str - expression str
The expression or field name to generate the Signal on
- entity
Type String - expression String
The expression or field name to generate the Signal on
Import
Outlier rules can be imported using the field id, e.g.hcl
$ pulumi import sumologic:index/cseOutlierRule:CseOutlierRule outlier_rule id
Package Details
- Repository
- Sumo Logic pulumi/pulumi-sumologic
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
sumologicTerraform Provider.