sysdig.getSecureCustomPolicy

sysdig 3.5.0, Mar 6 26

Viewing docs for sysdig 3.5.0
published on Friday, Mar 6, 2026 by sysdiglabs

Schema (JSON)

sysdiglabs/terraform-provider-sysdig

Viewing docs for sysdig 3.5.0
published on Friday, Mar 6, 2026 by sysdiglabs

Schema (JSON)

sysdiglabs/terraform-provider-sysdig

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";

const example = sysdig.getSecureCustomPolicy({
    name: "Write apt database",
    type: "falco",
});

import pulumi
import pulumi_sysdig as sysdig

example = sysdig.get_secure_custom_policy(name="Write apt database",
    type="falco")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/v3/sysdig"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sysdig.LookupSecureCustomPolicy(ctx, &sysdig.LookupSecureCustomPolicyArgs{
			Name: "Write apt database",
			Type: pulumi.StringRef("falco"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;

return await Deployment.RunAsync(() => 
{
    var example = Sysdig.GetSecureCustomPolicy.Invoke(new()
    {
        Name = "Write apt database",
        Type = "falco",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SysdigFunctions;
import com.pulumi.sysdig.inputs.GetSecureCustomPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = SysdigFunctions.getSecureCustomPolicy(GetSecureCustomPolicyArgs.builder()
            .name("Write apt database")
            .type("falco")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: sysdig:getSecureCustomPolicy
      arguments:
        name: Write apt database
        type: falco

Using getSecureCustomPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSecureCustomPolicy(args: GetSecureCustomPolicyArgs, opts?: InvokeOptions): Promise<GetSecureCustomPolicyResult>
function getSecureCustomPolicyOutput(args: GetSecureCustomPolicyOutputArgs, opts?: InvokeOptions): Output<GetSecureCustomPolicyResult>

def get_secure_custom_policy(actions: Optional[Sequence[GetSecureCustomPolicyAction]] = None,
                             name: Optional[str] = None,
                             runbook: Optional[str] = None,
                             timeouts: Optional[GetSecureCustomPolicyTimeouts] = None,
                             type: Optional[str] = None,
                             opts: Optional[InvokeOptions] = None) -> GetSecureCustomPolicyResult
def get_secure_custom_policy_output(actions: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecureCustomPolicyActionArgs]]]] = None,
                             name: Optional[pulumi.Input[str]] = None,
                             runbook: Optional[pulumi.Input[str]] = None,
                             timeouts: Optional[pulumi.Input[GetSecureCustomPolicyTimeoutsArgs]] = None,
                             type: Optional[pulumi.Input[str]] = None,
                             opts: Optional[InvokeOptions] = None) -> Output[GetSecureCustomPolicyResult]

func LookupSecureCustomPolicy(ctx *Context, args *LookupSecureCustomPolicyArgs, opts ...InvokeOption) (*LookupSecureCustomPolicyResult, error)
func LookupSecureCustomPolicyOutput(ctx *Context, args *LookupSecureCustomPolicyOutputArgs, opts ...InvokeOption) LookupSecureCustomPolicyResultOutput

> Note: This function is named LookupSecureCustomPolicy in the Go SDK.

public static class GetSecureCustomPolicy 
{
    public static Task<GetSecureCustomPolicyResult> InvokeAsync(GetSecureCustomPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetSecureCustomPolicyResult> Invoke(GetSecureCustomPolicyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecureCustomPolicyResult> getSecureCustomPolicy(GetSecureCustomPolicyArgs args, InvokeOptions options)
public static Output<GetSecureCustomPolicyResult> getSecureCustomPolicy(GetSecureCustomPolicyArgs args, InvokeOptions options)

fn::invoke:
  function: sysdig:index/getSecureCustomPolicy:getSecureCustomPolicy
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string: The name of the Secure custom policy.
Actions List<GetSecureCustomPolicyAction>
Runbook string: Customer provided url that provides a runbook for a given policy.
Timeouts GetSecureCustomPolicyTimeouts
Type string: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

Name string: The name of the Secure custom policy.
Actions []GetSecureCustomPolicyAction
Runbook string: Customer provided url that provides a runbook for a given policy.
Timeouts GetSecureCustomPolicyTimeouts
Type string: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

name String: The name of the Secure custom policy.
actions List<GetSecureCustomPolicyAction>
runbook String: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureCustomPolicyTimeouts
type String: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

name string: The name of the Secure custom policy.
actions GetSecureCustomPolicyAction[]
runbook string: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureCustomPolicyTimeouts
type string: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

name str: The name of the Secure custom policy.
actions Sequence[GetSecureCustomPolicyAction]
runbook str: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureCustomPolicyTimeouts
type str: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

name String: The name of the Secure custom policy.
actions List<Property Map>
runbook String: Customer provided url that provides a runbook for a given policy.
timeouts Property Map
type String: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

getSecureCustomPolicy Result

The following output properties are available:

Description string: The description for the custom policy.
Enabled bool: Whether the policy is enabled or not.
Id double: The id for the custom policy.
Name string: (Required) The name of the capture file
NotificationChannels List<double>: IDs of the notification channels to send alerts to when the policy is fired.
Rules List<GetSecureCustomPolicyRule>: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
Scope string: The application scope for the policy.
Severity double: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
Actions List<GetSecureCustomPolicyAction>
Runbook string: Customer provided url that provides a runbook for a given policy.
Timeouts GetSecureCustomPolicyTimeouts
Type string

Description string: The description for the custom policy.
Enabled bool: Whether the policy is enabled or not.
Id float64: The id for the custom policy.
Name string: (Required) The name of the capture file
NotificationChannels []float64: IDs of the notification channels to send alerts to when the policy is fired.
Rules []GetSecureCustomPolicyRule: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
Scope string: The application scope for the policy.
Severity float64: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
Actions []GetSecureCustomPolicyAction
Runbook string: Customer provided url that provides a runbook for a given policy.
Timeouts GetSecureCustomPolicyTimeouts
Type string

description String: The description for the custom policy.
enabled Boolean: Whether the policy is enabled or not.
id Double: The id for the custom policy.
name String: (Required) The name of the capture file
notificationChannels List<Double>: IDs of the notification channels to send alerts to when the policy is fired.
rules List<GetSecureCustomPolicyRule>: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
scope String: The application scope for the policy.
severity Double: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
actions List<GetSecureCustomPolicyAction>
runbook String: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureCustomPolicyTimeouts
type String

description string: The description for the custom policy.
enabled boolean: Whether the policy is enabled or not.
id number: The id for the custom policy.
name string: (Required) The name of the capture file
notificationChannels number[]: IDs of the notification channels to send alerts to when the policy is fired.
rules GetSecureCustomPolicyRule[]: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
scope string: The application scope for the policy.
severity number: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
actions GetSecureCustomPolicyAction[]
runbook string: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureCustomPolicyTimeouts
type string

description str: The description for the custom policy.
enabled bool: Whether the policy is enabled or not.
id float: The id for the custom policy.
name str: (Required) The name of the capture file
notification_channels Sequence[float]: IDs of the notification channels to send alerts to when the policy is fired.
rules Sequence[GetSecureCustomPolicyRule]: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
scope str: The application scope for the policy.
severity float: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
actions Sequence[GetSecureCustomPolicyAction]
runbook str: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureCustomPolicyTimeouts
type str

description String: The description for the custom policy.
enabled Boolean: Whether the policy is enabled or not.
id Number: The id for the custom policy.
name String: (Required) The name of the capture file
notificationChannels List<Number>: IDs of the notification channels to send alerts to when the policy is fired.
rules List<Property Map>: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
scope String: The application scope for the policy.
severity Number: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
actions List<Property Map>
runbook String: Customer provided url that provides a runbook for a given policy.
timeouts Property Map
type String

Supporting Types

GetSecureCustomPolicyAction

Container string: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
KillProcess string: (Optional) Whether to kill the process that triggered the rule. If this is not specified, no action will be applied at the process level.
Captures List<GetSecureCustomPolicyActionCapture>: (Optional) Captures with Sysdig the stream of system calls:

Container string: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
KillProcess string: (Optional) Whether to kill the process that triggered the rule. If this is not specified, no action will be applied at the process level.
Captures []GetSecureCustomPolicyActionCapture: (Optional) Captures with Sysdig the stream of system calls:

container String: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
killProcess String: (Optional) Whether to kill the process that triggered the rule. If this is not specified, no action will be applied at the process level.
captures List<GetSecureCustomPolicyActionCapture>: (Optional) Captures with Sysdig the stream of system calls:

container string: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
killProcess string: (Optional) Whether to kill the process that triggered the rule. If this is not specified, no action will be applied at the process level.
captures GetSecureCustomPolicyActionCapture[]: (Optional) Captures with Sysdig the stream of system calls:

container str: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
kill_process str: (Optional) Whether to kill the process that triggered the rule. If this is not specified, no action will be applied at the process level.
captures Sequence[GetSecureCustomPolicyActionCapture]: (Optional) Captures with Sysdig the stream of system calls:

container String: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
killProcess String: (Optional) Whether to kill the process that triggered the rule. If this is not specified, no action will be applied at the process level.
captures List<Property Map>: (Optional) Captures with Sysdig the stream of system calls:

GetSecureCustomPolicyActionCapture

BucketName string: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
Filter string: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
Folder string: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
Name string: The name of the Secure custom policy.
SecondsAfterEvent double: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
SecondsBeforeEvent double: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

BucketName string: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
Filter string: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
Folder string: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
Name string: The name of the Secure custom policy.
SecondsAfterEvent float64: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
SecondsBeforeEvent float64: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

bucketName String: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
filter String: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
folder String: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
name String: The name of the Secure custom policy.
secondsAfterEvent Double: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
secondsBeforeEvent Double: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

bucketName string: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
filter string: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
folder string: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
name string: The name of the Secure custom policy.
secondsAfterEvent number: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
secondsBeforeEvent number: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

bucket_name str: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
filter str: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
folder str: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
name str: The name of the Secure custom policy.
seconds_after_event float: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
seconds_before_event float: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

bucketName String: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
filter String: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
folder String: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
name String: The name of the Secure custom policy.
secondsAfterEvent Number: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
secondsBeforeEvent Number: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

GetSecureCustomPolicyRule

Enabled bool: Whether the policy is enabled or not.
Name string: The name of the Secure custom policy.

Enabled bool: Whether the policy is enabled or not.
Name string: The name of the Secure custom policy.

enabled Boolean: Whether the policy is enabled or not.
name String: The name of the Secure custom policy.

enabled boolean: Whether the policy is enabled or not.
name string: The name of the Secure custom policy.

enabled bool: Whether the policy is enabled or not.
name str: The name of the Secure custom policy.

enabled Boolean: Whether the policy is enabled or not.
name String: The name of the Secure custom policy.

GetSecureCustomPolicyTimeouts

Read string

Read string

read String

read string

read str

read String

Package Details

Repository: sysdig sysdiglabs/terraform-provider-sysdig
License
Notes: This Pulumi package is based on the sysdig Terraform Provider.

Viewing docs for sysdig 3.5.0
published on Friday, Mar 6, 2026 by sysdiglabs

Schema (JSON)

sysdiglabs/terraform-provider-sysdig

sysdig.getSecureCustomPolicy

On this page

On this page

Example Usage

Using getSecureCustomPolicy

getSecureCustomPolicy Result

Supporting Types

GetSecureCustomPolicyAction

GetSecureCustomPolicyActionCapture

GetSecureCustomPolicyRule

GetSecureCustomPolicyTimeouts

Package Details

On this page

On this page