Docs Home
sysdig 1.56.0 published on Wednesday, Apr 30, 2025 by sysdiglabs
sysdig.getSecureRuleFalco
Explore with Pulumi AI
sysdig 1.56.0 published on Wednesday, Apr 30, 2025 by sysdiglabs
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const example = sysdig.getSecureRuleFalco({
name: "Terminal shell in container",
});
import pulumi
import pulumi_sysdig as sysdig
example = sysdig.get_secure_rule_falco(name="Terminal shell in container")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sysdig.LookupSecureRuleFalco(ctx, &sysdig.LookupSecureRuleFalcoArgs{
Name: "Terminal shell in container",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var example = Sysdig.GetSecureRuleFalco.Invoke(new()
{
Name = "Terminal shell in container",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SysdigFunctions;
import com.pulumi.sysdig.inputs.GetSecureRuleFalcoArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = SysdigFunctions.getSecureRuleFalco(GetSecureRuleFalcoArgs.builder()
.name("Terminal shell in container")
.build());
}
}
variables:
example:
fn::invoke:
function: sysdig:getSecureRuleFalco
arguments:
name: Terminal shell in container
Rules with Appended Rules
In the event that a rule has appended rules, the data source can return the default rule and its appended rules using
the index argument. This can be combined with the sysdig.getSecureRuleFalcoCount data source to easily retrieve all
of the rules in the rule group.
An example of how this could be used follows:
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const disallowedContainerSecureRuleFalcoCount = sysdig.getSecureRuleFalcoCount({
name: "Launch Disallowed Container",
source: "syscall",
});
const disallowedContainerSecureRuleFalco = .map(__index => (sysdig.getSecureRuleFalco({
name: "Launch Disallowed Container",
source: "syscall",
index: __index,
})));
export const disallowedContainerRuleGroup = [disallowedContainerSecureRuleFalco.then(disallowedContainerSecureRuleFalco => disallowedContainerSecureRuleFalco.map(__item => __item))];
import pulumi
import pulumi_sysdig as sysdig
disallowed_container_secure_rule_falco_count = sysdig.get_secure_rule_falco_count(name="Launch Disallowed Container",
source="syscall")
disallowed_container_secure_rule_falco = [sysdig.get_secure_rule_falco(name="Launch Disallowed Container",
source="syscall",
index=__index) for __index in range(disallowed_container_secure_rule_falco_count.rule_count)]
pulumi.export("disallowedContainerRuleGroup", [[__item for __item in disallowed_container_secure_rule_falco]])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
disallowedContainerSecureRuleFalcoCount, err := sysdig.GetSecureRuleFalcoCount(ctx, &sysdig.GetSecureRuleFalcoCountArgs{
Name: "Launch Disallowed Container",
Source: pulumi.StringRef("syscall"),
}, nil);
if err != nil {
return err
}
disallowedContainerSecureRuleFalco := "TODO: For expression";
ctx.Export("disallowedContainerRuleGroup", [][]sysdig.GetSecureRuleFalcoResult{
[]sysdig.GetSecureRuleFalcoResult(%!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ #-functions-%ssysdig:index-getSecureRuleFalco:getSecureRuleFalco.pp:11,12-48)),
})
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var disallowedContainerSecureRuleFalcoCount = Sysdig.GetSecureRuleFalcoCount.Invoke(new()
{
Name = "Launch Disallowed Container",
Source = "syscall",
});
var disallowedContainerSecureRuleFalco = ;
return new Dictionary<string, object?>
{
["disallowedContainerRuleGroup"] = new[]
{
disallowedContainerSecureRuleFalco.Apply(disallowedContainerSecureRuleFalco => disallowedContainerSecureRuleFalco.Select(__item => __item).ToList()),
},
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SysdigFunctions;
import com.pulumi.sysdig.inputs.GetSecureRuleFalcoCountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var disallowedContainerSecureRuleFalcoCount = SysdigFunctions.getSecureRuleFalcoCount(GetSecureRuleFalcoCountArgs.builder()
.name("Launch Disallowed Container")
.source("syscall")
.build());
final var disallowedContainerSecureRuleFalco = "TODO: ForExpression";
ctx.export("disallowedContainerRuleGroup", disallowedContainerSecureRuleFalco.stream().map(element -> element).collect(toList()));
}
}
Coming soon!
Using getSecureRuleFalco
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecureRuleFalco(args: GetSecureRuleFalcoArgs, opts?: InvokeOptions): Promise<GetSecureRuleFalcoResult>
function getSecureRuleFalcoOutput(args: GetSecureRuleFalcoOutputArgs, opts?: InvokeOptions): Output<GetSecureRuleFalcoResult>def get_secure_rule_falco(index: Optional[float] = None,
minimum_engine_version: Optional[float] = None,
name: Optional[str] = None,
source: Optional[str] = None,
timeouts: Optional[GetSecureRuleFalcoTimeouts] = None,
opts: Optional[InvokeOptions] = None) -> GetSecureRuleFalcoResult
def get_secure_rule_falco_output(index: Optional[pulumi.Input[float]] = None,
minimum_engine_version: Optional[pulumi.Input[float]] = None,
name: Optional[pulumi.Input[str]] = None,
source: Optional[pulumi.Input[str]] = None,
timeouts: Optional[pulumi.Input[GetSecureRuleFalcoTimeoutsArgs]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecureRuleFalcoResult]func LookupSecureRuleFalco(ctx *Context, args *LookupSecureRuleFalcoArgs, opts ...InvokeOption) (*LookupSecureRuleFalcoResult, error)
func LookupSecureRuleFalcoOutput(ctx *Context, args *LookupSecureRuleFalcoOutputArgs, opts ...InvokeOption) LookupSecureRuleFalcoResultOutput> Note: This function is named LookupSecureRuleFalco in the Go SDK.
public static class GetSecureRuleFalco
{
public static Task<GetSecureRuleFalcoResult> InvokeAsync(GetSecureRuleFalcoArgs args, InvokeOptions? opts = null)
public static Output<GetSecureRuleFalcoResult> Invoke(GetSecureRuleFalcoInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecureRuleFalcoResult> getSecureRuleFalco(GetSecureRuleFalcoArgs args, InvokeOptions options)
public static Output<GetSecureRuleFalcoResult> getSecureRuleFalco(GetSecureRuleFalcoArgs args, InvokeOptions options)
fn::invoke:
function: sysdig:index/getSecureRuleFalco:getSecureRuleFalco
arguments:
# arguments dictionaryThe following arguments are supported:
- Name string
- The name of the Secure rule to retrieve.
- Index double
- The index of the Secure rule to retrieve in the event of multiple rules. The default value is 0. see section on rules with appended rules.
- Minimum
Engine doubleVersion - This is used to indicate that the rule requires a minimum engine version.
- Source string
- The source of the Secure rule to retrieve. This is required if a rule with this name exists in multiple sources.
- Timeouts
Get
Secure Rule Falco Timeouts
- Name string
- The name of the Secure rule to retrieve.
- Index float64
- The index of the Secure rule to retrieve in the event of multiple rules. The default value is 0. see section on rules with appended rules.
- Minimum
Engine float64Version - This is used to indicate that the rule requires a minimum engine version.
- Source string
- The source of the Secure rule to retrieve. This is required if a rule with this name exists in multiple sources.
- Timeouts
Get
Secure Rule Falco Timeouts
- name String
- The name of the Secure rule to retrieve.
- index Double
- The index of the Secure rule to retrieve in the event of multiple rules. The default value is 0. see section on rules with appended rules.
- minimum
Engine DoubleVersion - This is used to indicate that the rule requires a minimum engine version.
- source String
- The source of the Secure rule to retrieve. This is required if a rule with this name exists in multiple sources.
- timeouts
Get
Secure Rule Falco Timeouts
- name string
- The name of the Secure rule to retrieve.
- index number
- The index of the Secure rule to retrieve in the event of multiple rules. The default value is 0. see section on rules with appended rules.
- minimum
Engine numberVersion - This is used to indicate that the rule requires a minimum engine version.
- source string
- The source of the Secure rule to retrieve. This is required if a rule with this name exists in multiple sources.
- timeouts
Get
Secure Rule Falco Timeouts
- name str
- The name of the Secure rule to retrieve.
- index float
- The index of the Secure rule to retrieve in the event of multiple rules. The default value is 0. see section on rules with appended rules.
- minimum_
engine_ floatversion - This is used to indicate that the rule requires a minimum engine version.
- source str
- The source of the Secure rule to retrieve. This is required if a rule with this name exists in multiple sources.
- timeouts
Get
Secure Rule Falco Timeouts
- name String
- The name of the Secure rule to retrieve.
- index Number
- The index of the Secure rule to retrieve in the event of multiple rules. The default value is 0. see section on rules with appended rules.
- minimum
Engine NumberVersion - This is used to indicate that the rule requires a minimum engine version.
- source String
- The source of the Secure rule to retrieve. This is required if a rule with this name exists in multiple sources.
- timeouts Property Map
getSecureRuleFalco Result
The following output properties are available:
- Append bool
- This indicates that the rule being created appends the condition to an existing Sysdig-provided rule
- Condition string
- A Falco condition is simply a Boolean predicate on Sysdig events expressed using the Sysdig filter syntax and macro terms.
- Description string
- The description of Secure rule.
- Exceptions
List<Get
Secure Rule Falco Exception> - The exceptions key is a list of identifier plus list of tuples of filtercheck fields. See below for details.
- Id double
- Minimum
Engine doubleVersion - This is used to indicate that the rule requires a minimum engine version.
- Name string
- The name of the exception.
- Output string
- Add additional information to each Falco notification's output.
- Priority string
- The priority of the Falco rule. It can be: "emergency", "alert", "critical", "error", "warning", "notice", "info" or "debug". By default is "warning".
- List<string>
- A list of tags for this rule.
- Version double
- Current version of the resource in Sysdig Secure.
- Index double
- Source string
- Timeouts
Get
Secure Rule Falco Timeouts
- Append bool
- This indicates that the rule being created appends the condition to an existing Sysdig-provided rule
- Condition string
- A Falco condition is simply a Boolean predicate on Sysdig events expressed using the Sysdig filter syntax and macro terms.
- Description string
- The description of Secure rule.
- Exceptions
[]Get
Secure Rule Falco Exception - The exceptions key is a list of identifier plus list of tuples of filtercheck fields. See below for details.
- Id float64
- Minimum
Engine float64Version - This is used to indicate that the rule requires a minimum engine version.
- Name string
- The name of the exception.
- Output string
- Add additional information to each Falco notification's output.
- Priority string
- The priority of the Falco rule. It can be: "emergency", "alert", "critical", "error", "warning", "notice", "info" or "debug". By default is "warning".
- []string
- A list of tags for this rule.
- Version float64
- Current version of the resource in Sysdig Secure.
- Index float64
- Source string
- Timeouts
Get
Secure Rule Falco Timeouts
- append Boolean
- This indicates that the rule being created appends the condition to an existing Sysdig-provided rule
- condition String
- A Falco condition is simply a Boolean predicate on Sysdig events expressed using the Sysdig filter syntax and macro terms.
- description String
- The description of Secure rule.
- exceptions
List<Get
Secure Rule Falco Exception> - The exceptions key is a list of identifier plus list of tuples of filtercheck fields. See below for details.
- id Double
- minimum
Engine DoubleVersion - This is used to indicate that the rule requires a minimum engine version.
- name String
- The name of the exception.
- output String
- Add additional information to each Falco notification's output.
- priority String
- The priority of the Falco rule. It can be: "emergency", "alert", "critical", "error", "warning", "notice", "info" or "debug". By default is "warning".
- List<String>
- A list of tags for this rule.
- version Double
- Current version of the resource in Sysdig Secure.
- index Double
- source String
- timeouts
Get
Secure Rule Falco Timeouts
- append boolean
- This indicates that the rule being created appends the condition to an existing Sysdig-provided rule
- condition string
- A Falco condition is simply a Boolean predicate on Sysdig events expressed using the Sysdig filter syntax and macro terms.
- description string
- The description of Secure rule.
- exceptions
Get
Secure Rule Falco Exception[] - The exceptions key is a list of identifier plus list of tuples of filtercheck fields. See below for details.
- id number
- minimum
Engine numberVersion - This is used to indicate that the rule requires a minimum engine version.
- name string
- The name of the exception.
- output string
- Add additional information to each Falco notification's output.
- priority string
- The priority of the Falco rule. It can be: "emergency", "alert", "critical", "error", "warning", "notice", "info" or "debug". By default is "warning".
- string[]
- A list of tags for this rule.
- version number
- Current version of the resource in Sysdig Secure.
- index number
- source string
- timeouts
Get
Secure Rule Falco Timeouts
- append bool
- This indicates that the rule being created appends the condition to an existing Sysdig-provided rule
- condition str
- A Falco condition is simply a Boolean predicate on Sysdig events expressed using the Sysdig filter syntax and macro terms.
- description str
- The description of Secure rule.
- exceptions
Sequence[Get
Secure Rule Falco Exception] - The exceptions key is a list of identifier plus list of tuples of filtercheck fields. See below for details.
- id float
- minimum_
engine_ floatversion - This is used to indicate that the rule requires a minimum engine version.
- name str
- The name of the exception.
- output str
- Add additional information to each Falco notification's output.
- priority str
- The priority of the Falco rule. It can be: "emergency", "alert", "critical", "error", "warning", "notice", "info" or "debug". By default is "warning".
- Sequence[str]
- A list of tags for this rule.
- version float
- Current version of the resource in Sysdig Secure.
- index float
- source str
- timeouts
Get
Secure Rule Falco Timeouts
- append Boolean
- This indicates that the rule being created appends the condition to an existing Sysdig-provided rule
- condition String
- A Falco condition is simply a Boolean predicate on Sysdig events expressed using the Sysdig filter syntax and macro terms.
- description String
- The description of Secure rule.
- exceptions List<Property Map>
- The exceptions key is a list of identifier plus list of tuples of filtercheck fields. See below for details.
- id Number
- minimum
Engine NumberVersion - This is used to indicate that the rule requires a minimum engine version.
- name String
- The name of the exception.
- output String
- Add additional information to each Falco notification's output.
- priority String
- The priority of the Falco rule. It can be: "emergency", "alert", "critical", "error", "warning", "notice", "info" or "debug". By default is "warning".
- List<String>
- A list of tags for this rule.
- version Number
- Current version of the resource in Sysdig Secure.
- index Number
- source String
- timeouts Property Map
Supporting Types
GetSecureRuleFalcoException
- Comps List<string>
- Contains comparison operators that align 1-1 with the items in the fields property.
- Fields List<string>
- Contains one or more fields that will extract a value from the syscall/k8s_audit events.
- Name string
- The name of the Secure rule to retrieve.
- Values string
- Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field and comparison operator.
- Comps []string
- Contains comparison operators that align 1-1 with the items in the fields property.
- Fields []string
- Contains one or more fields that will extract a value from the syscall/k8s_audit events.
- Name string
- The name of the Secure rule to retrieve.
- Values string
- Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field and comparison operator.
- comps List<String>
- Contains comparison operators that align 1-1 with the items in the fields property.
- fields List<String>
- Contains one or more fields that will extract a value from the syscall/k8s_audit events.
- name String
- The name of the Secure rule to retrieve.
- values String
- Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field and comparison operator.
- comps string[]
- Contains comparison operators that align 1-1 with the items in the fields property.
- fields string[]
- Contains one or more fields that will extract a value from the syscall/k8s_audit events.
- name string
- The name of the Secure rule to retrieve.
- values string
- Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field and comparison operator.
- comps Sequence[str]
- Contains comparison operators that align 1-1 with the items in the fields property.
- fields Sequence[str]
- Contains one or more fields that will extract a value from the syscall/k8s_audit events.
- name str
- The name of the Secure rule to retrieve.
- values str
- Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field and comparison operator.
- comps List<String>
- Contains comparison operators that align 1-1 with the items in the fields property.
- fields List<String>
- Contains one or more fields that will extract a value from the syscall/k8s_audit events.
- name String
- The name of the Secure rule to retrieve.
- values String
- Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field and comparison operator.
GetSecureRuleFalcoTimeouts
- Read string
- Read string
- read String
- read string
- read str
- read String
Package Details
- Repository
- sysdig sysdiglabs/terraform-provider-sysdig
- License
- Notes
- This Pulumi package is based on the
sysdigTerraform Provider.
sysdig 1.56.0 published on Wednesday, Apr 30, 2025 by sysdiglabs