Docs Home
sysdig 1.56.0 published on Wednesday, Apr 30, 2025 by sysdiglabs
sysdig.SecureDriftPolicy
Explore with Pulumi AI
sysdig 1.56.0 published on Wednesday, Apr 30, 2025 by sysdiglabs
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const emailNotificationChannel = sysdig.getSecureNotificationChannel({
name: "Test Email Channel",
});
const policy = new sysdig.SecureDriftPolicy("policy", {
description: "<Description>",
severity: 4,
enabled: true,
runbook: "https://runbook.com",
scope: "container.id != \"\"",
rules: [{
description: "Test Drift Rule Description",
enabled: true,
exceptions: {
items: ["/usr/bin/curl"],
matchItems: false,
},
prohibitedBinaries: {
items: ["/usr/bin/sh"],
matchItems: true,
},
}],
actions: [{
preventDrift: true,
container: "stop",
captures: [{
secondsBeforeEvent: 5,
secondsAfterEvent: 10,
}],
}],
notificationChannels: [emailNotificationChannel.then(emailNotificationChannel => emailNotificationChannel.id)],
});
import pulumi
import pulumi_sysdig as sysdig
email_notification_channel = sysdig.get_secure_notification_channel(name="Test Email Channel")
policy = sysdig.SecureDriftPolicy("policy",
description="<Description>",
severity=4,
enabled=True,
runbook="https://runbook.com",
scope="container.id != \"\"",
rules=[{
"description": "Test Drift Rule Description",
"enabled": True,
"exceptions": {
"items": ["/usr/bin/curl"],
"match_items": False,
},
"prohibited_binaries": {
"items": ["/usr/bin/sh"],
"match_items": True,
},
}],
actions=[{
"prevent_drift": True,
"container": "stop",
"captures": [{
"seconds_before_event": 5,
"seconds_after_event": 10,
}],
}],
notification_channels=[email_notification_channel.id])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
emailNotificationChannel, err := sysdig.GetSecureNotificationChannel(ctx, &sysdig.GetSecureNotificationChannelArgs{
Name: "Test Email Channel",
}, nil)
if err != nil {
return err
}
_, err = sysdig.NewSecureDriftPolicy(ctx, "policy", &sysdig.SecureDriftPolicyArgs{
Description: pulumi.String("<Description>"),
Severity: pulumi.Float64(4),
Enabled: pulumi.Bool(true),
Runbook: pulumi.String("https://runbook.com"),
Scope: pulumi.String("container.id != \"\""),
Rules: sysdig.SecureDriftPolicyRuleArray{
&sysdig.SecureDriftPolicyRuleArgs{
Description: pulumi.String("Test Drift Rule Description"),
Enabled: pulumi.Bool(true),
Exceptions: &sysdig.SecureDriftPolicyRuleExceptionsArgs{
Items: pulumi.StringArray{
pulumi.String("/usr/bin/curl"),
},
MatchItems: pulumi.Bool(false),
},
ProhibitedBinaries: &sysdig.SecureDriftPolicyRuleProhibitedBinariesArgs{
Items: pulumi.StringArray{
pulumi.String("/usr/bin/sh"),
},
MatchItems: pulumi.Bool(true),
},
},
},
Actions: sysdig.SecureDriftPolicyActionArray{
&sysdig.SecureDriftPolicyActionArgs{
PreventDrift: pulumi.Bool(true),
Container: pulumi.String("stop"),
Captures: sysdig.SecureDriftPolicyActionCaptureArray{
&sysdig.SecureDriftPolicyActionCaptureArgs{
SecondsBeforeEvent: pulumi.Float64(5),
SecondsAfterEvent: pulumi.Float64(10),
},
},
},
},
NotificationChannels: pulumi.Float64Array{
pulumi.String(emailNotificationChannel.Id),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var emailNotificationChannel = Sysdig.GetSecureNotificationChannel.Invoke(new()
{
Name = "Test Email Channel",
});
var policy = new Sysdig.SecureDriftPolicy("policy", new()
{
Description = "<Description>",
Severity = 4,
Enabled = true,
Runbook = "https://runbook.com",
Scope = "container.id != \"\"",
Rules = new[]
{
new Sysdig.Inputs.SecureDriftPolicyRuleArgs
{
Description = "Test Drift Rule Description",
Enabled = true,
Exceptions = new Sysdig.Inputs.SecureDriftPolicyRuleExceptionsArgs
{
Items = new[]
{
"/usr/bin/curl",
},
MatchItems = false,
},
ProhibitedBinaries = new Sysdig.Inputs.SecureDriftPolicyRuleProhibitedBinariesArgs
{
Items = new[]
{
"/usr/bin/sh",
},
MatchItems = true,
},
},
},
Actions = new[]
{
new Sysdig.Inputs.SecureDriftPolicyActionArgs
{
PreventDrift = true,
Container = "stop",
Captures = new[]
{
new Sysdig.Inputs.SecureDriftPolicyActionCaptureArgs
{
SecondsBeforeEvent = 5,
SecondsAfterEvent = 10,
},
},
},
},
NotificationChannels = new[]
{
emailNotificationChannel.Apply(getSecureNotificationChannelResult => getSecureNotificationChannelResult.Id),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SysdigFunctions;
import com.pulumi.sysdig.inputs.GetSecureNotificationChannelArgs;
import com.pulumi.sysdig.SecureDriftPolicy;
import com.pulumi.sysdig.SecureDriftPolicyArgs;
import com.pulumi.sysdig.inputs.SecureDriftPolicyRuleArgs;
import com.pulumi.sysdig.inputs.SecureDriftPolicyRuleExceptionsArgs;
import com.pulumi.sysdig.inputs.SecureDriftPolicyRuleProhibitedBinariesArgs;
import com.pulumi.sysdig.inputs.SecureDriftPolicyActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var emailNotificationChannel = SysdigFunctions.getSecureNotificationChannel(GetSecureNotificationChannelArgs.builder()
.name("Test Email Channel")
.build());
var policy = new SecureDriftPolicy("policy", SecureDriftPolicyArgs.builder()
.description("<Description>")
.severity(4)
.enabled(true)
.runbook("https://runbook.com")
.scope("container.id != \"\"")
.rules(SecureDriftPolicyRuleArgs.builder()
.description("Test Drift Rule Description")
.enabled(true)
.exceptions(SecureDriftPolicyRuleExceptionsArgs.builder()
.items("/usr/bin/curl")
.matchItems(false)
.build())
.prohibitedBinaries(SecureDriftPolicyRuleProhibitedBinariesArgs.builder()
.items("/usr/bin/sh")
.matchItems(true)
.build())
.build())
.actions(SecureDriftPolicyActionArgs.builder()
.preventDrift(true)
.container("stop")
.captures(SecureDriftPolicyActionCaptureArgs.builder()
.secondsBeforeEvent(5)
.secondsAfterEvent(10)
.build())
.build())
.notificationChannels(emailNotificationChannel.applyValue(getSecureNotificationChannelResult -> getSecureNotificationChannelResult.id()))
.build());
}
}
resources:
policy:
type: sysdig:SecureDriftPolicy
properties:
description: <Description>
severity: 4
enabled: true
runbook: https://runbook.com
# Scope selection
scope: container.id != ""
# Rule selection
rules:
- description: Test Drift Rule Description
enabled: true
exceptions:
items:
- /usr/bin/curl
matchItems: false
prohibitedBinaries:
items:
- /usr/bin/sh
matchItems: true
actions:
- preventDrift: true
container: stop
captures:
- secondsBeforeEvent: 5
secondsAfterEvent: 10
notificationChannels:
- ${emailNotificationChannel.id}
variables:
emailNotificationChannel:
fn::invoke:
function: sysdig:getSecureNotificationChannel
arguments:
name: Test Email Channel
Create SecureDriftPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecureDriftPolicy(name: string, args: SecureDriftPolicyArgs, opts?: CustomResourceOptions);@overload
def SecureDriftPolicy(resource_name: str,
args: SecureDriftPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecureDriftPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
rules: Optional[Sequence[SecureDriftPolicyRuleArgs]] = None,
actions: Optional[Sequence[SecureDriftPolicyActionArgs]] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
notification_channels: Optional[Sequence[float]] = None,
runbook: Optional[str] = None,
scope: Optional[str] = None,
secure_drift_policy_id: Optional[str] = None,
severity: Optional[float] = None,
timeouts: Optional[SecureDriftPolicyTimeoutsArgs] = None,
type: Optional[str] = None)func NewSecureDriftPolicy(ctx *Context, name string, args SecureDriftPolicyArgs, opts ...ResourceOption) (*SecureDriftPolicy, error)public SecureDriftPolicy(string name, SecureDriftPolicyArgs args, CustomResourceOptions? opts = null)
public SecureDriftPolicy(String name, SecureDriftPolicyArgs args)
public SecureDriftPolicy(String name, SecureDriftPolicyArgs args, CustomResourceOptions options)
type: sysdig:SecureDriftPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecureDriftPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecureDriftPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecureDriftPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecureDriftPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecureDriftPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secureDriftPolicyResource = new Sysdig.SecureDriftPolicy("secureDriftPolicyResource", new()
{
Description = "string",
Rules = new[]
{
new Sysdig.Inputs.SecureDriftPolicyRuleArgs
{
Description = "string",
Enabled = false,
Exceptions = new Sysdig.Inputs.SecureDriftPolicyRuleExceptionsArgs
{
Items = new[]
{
"string",
},
MatchItems = false,
},
Id = 0,
MountedVolumeDriftEnabled = false,
Name = "string",
ProcessBasedExceptions = new Sysdig.Inputs.SecureDriftPolicyRuleProcessBasedExceptionsArgs
{
Items = new[]
{
"string",
},
MatchItems = false,
},
ProcessBasedProhibitedBinaries = new Sysdig.Inputs.SecureDriftPolicyRuleProcessBasedProhibitedBinariesArgs
{
Items = new[]
{
"string",
},
MatchItems = false,
},
ProhibitedBinaries = new Sysdig.Inputs.SecureDriftPolicyRuleProhibitedBinariesArgs
{
Items = new[]
{
"string",
},
MatchItems = false,
},
Tags = new[]
{
"string",
},
Version = 0,
},
},
Actions = new[]
{
new Sysdig.Inputs.SecureDriftPolicyActionArgs
{
Captures = new[]
{
new Sysdig.Inputs.SecureDriftPolicyActionCaptureArgs
{
Name = "string",
SecondsAfterEvent = 0,
SecondsBeforeEvent = 0,
BucketName = "string",
Filter = "string",
Folder = "string",
},
},
Container = "string",
PreventDrift = false,
},
},
Enabled = false,
Name = "string",
NotificationChannels = new[]
{
0,
},
Runbook = "string",
Scope = "string",
SecureDriftPolicyId = "string",
Severity = 0,
Timeouts = new Sysdig.Inputs.SecureDriftPolicyTimeoutsArgs
{
Create = "string",
Delete = "string",
Read = "string",
Update = "string",
},
Type = "string",
});
example, err := sysdig.NewSecureDriftPolicy(ctx, "secureDriftPolicyResource", &sysdig.SecureDriftPolicyArgs{
Description: pulumi.String("string"),
Rules: sysdig.SecureDriftPolicyRuleArray{
&sysdig.SecureDriftPolicyRuleArgs{
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Exceptions: &sysdig.SecureDriftPolicyRuleExceptionsArgs{
Items: pulumi.StringArray{
pulumi.String("string"),
},
MatchItems: pulumi.Bool(false),
},
Id: pulumi.Float64(0),
MountedVolumeDriftEnabled: pulumi.Bool(false),
Name: pulumi.String("string"),
ProcessBasedExceptions: &sysdig.SecureDriftPolicyRuleProcessBasedExceptionsArgs{
Items: pulumi.StringArray{
pulumi.String("string"),
},
MatchItems: pulumi.Bool(false),
},
ProcessBasedProhibitedBinaries: &sysdig.SecureDriftPolicyRuleProcessBasedProhibitedBinariesArgs{
Items: pulumi.StringArray{
pulumi.String("string"),
},
MatchItems: pulumi.Bool(false),
},
ProhibitedBinaries: &sysdig.SecureDriftPolicyRuleProhibitedBinariesArgs{
Items: pulumi.StringArray{
pulumi.String("string"),
},
MatchItems: pulumi.Bool(false),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
Version: pulumi.Float64(0),
},
},
Actions: sysdig.SecureDriftPolicyActionArray{
&sysdig.SecureDriftPolicyActionArgs{
Captures: sysdig.SecureDriftPolicyActionCaptureArray{
&sysdig.SecureDriftPolicyActionCaptureArgs{
Name: pulumi.String("string"),
SecondsAfterEvent: pulumi.Float64(0),
SecondsBeforeEvent: pulumi.Float64(0),
BucketName: pulumi.String("string"),
Filter: pulumi.String("string"),
Folder: pulumi.String("string"),
},
},
Container: pulumi.String("string"),
PreventDrift: pulumi.Bool(false),
},
},
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
NotificationChannels: pulumi.Float64Array{
pulumi.Float64(0),
},
Runbook: pulumi.String("string"),
Scope: pulumi.String("string"),
SecureDriftPolicyId: pulumi.String("string"),
Severity: pulumi.Float64(0),
Timeouts: &sysdig.SecureDriftPolicyTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Read: pulumi.String("string"),
Update: pulumi.String("string"),
},
Type: pulumi.String("string"),
})
var secureDriftPolicyResource = new SecureDriftPolicy("secureDriftPolicyResource", SecureDriftPolicyArgs.builder()
.description("string")
.rules(SecureDriftPolicyRuleArgs.builder()
.description("string")
.enabled(false)
.exceptions(SecureDriftPolicyRuleExceptionsArgs.builder()
.items("string")
.matchItems(false)
.build())
.id(0)
.mountedVolumeDriftEnabled(false)
.name("string")
.processBasedExceptions(SecureDriftPolicyRuleProcessBasedExceptionsArgs.builder()
.items("string")
.matchItems(false)
.build())
.processBasedProhibitedBinaries(SecureDriftPolicyRuleProcessBasedProhibitedBinariesArgs.builder()
.items("string")
.matchItems(false)
.build())
.prohibitedBinaries(SecureDriftPolicyRuleProhibitedBinariesArgs.builder()
.items("string")
.matchItems(false)
.build())
.tags("string")
.version(0)
.build())
.actions(SecureDriftPolicyActionArgs.builder()
.captures(SecureDriftPolicyActionCaptureArgs.builder()
.name("string")
.secondsAfterEvent(0)
.secondsBeforeEvent(0)
.bucketName("string")
.filter("string")
.folder("string")
.build())
.container("string")
.preventDrift(false)
.build())
.enabled(false)
.name("string")
.notificationChannels(0)
.runbook("string")
.scope("string")
.secureDriftPolicyId("string")
.severity(0)
.timeouts(SecureDriftPolicyTimeoutsArgs.builder()
.create("string")
.delete("string")
.read("string")
.update("string")
.build())
.type("string")
.build());
secure_drift_policy_resource = sysdig.SecureDriftPolicy("secureDriftPolicyResource",
description="string",
rules=[{
"description": "string",
"enabled": False,
"exceptions": {
"items": ["string"],
"match_items": False,
},
"id": 0,
"mounted_volume_drift_enabled": False,
"name": "string",
"process_based_exceptions": {
"items": ["string"],
"match_items": False,
},
"process_based_prohibited_binaries": {
"items": ["string"],
"match_items": False,
},
"prohibited_binaries": {
"items": ["string"],
"match_items": False,
},
"tags": ["string"],
"version": 0,
}],
actions=[{
"captures": [{
"name": "string",
"seconds_after_event": 0,
"seconds_before_event": 0,
"bucket_name": "string",
"filter": "string",
"folder": "string",
}],
"container": "string",
"prevent_drift": False,
}],
enabled=False,
name="string",
notification_channels=[0],
runbook="string",
scope="string",
secure_drift_policy_id="string",
severity=0,
timeouts={
"create": "string",
"delete": "string",
"read": "string",
"update": "string",
},
type="string")
const secureDriftPolicyResource = new sysdig.SecureDriftPolicy("secureDriftPolicyResource", {
description: "string",
rules: [{
description: "string",
enabled: false,
exceptions: {
items: ["string"],
matchItems: false,
},
id: 0,
mountedVolumeDriftEnabled: false,
name: "string",
processBasedExceptions: {
items: ["string"],
matchItems: false,
},
processBasedProhibitedBinaries: {
items: ["string"],
matchItems: false,
},
prohibitedBinaries: {
items: ["string"],
matchItems: false,
},
tags: ["string"],
version: 0,
}],
actions: [{
captures: [{
name: "string",
secondsAfterEvent: 0,
secondsBeforeEvent: 0,
bucketName: "string",
filter: "string",
folder: "string",
}],
container: "string",
preventDrift: false,
}],
enabled: false,
name: "string",
notificationChannels: [0],
runbook: "string",
scope: "string",
secureDriftPolicyId: "string",
severity: 0,
timeouts: {
create: "string",
"delete": "string",
read: "string",
update: "string",
},
type: "string",
});
type: sysdig:SecureDriftPolicy
properties:
actions:
- captures:
- bucketName: string
filter: string
folder: string
name: string
secondsAfterEvent: 0
secondsBeforeEvent: 0
container: string
preventDrift: false
description: string
enabled: false
name: string
notificationChannels:
- 0
rules:
- description: string
enabled: false
exceptions:
items:
- string
matchItems: false
id: 0
mountedVolumeDriftEnabled: false
name: string
processBasedExceptions:
items:
- string
matchItems: false
processBasedProhibitedBinaries:
items:
- string
matchItems: false
prohibitedBinaries:
items:
- string
matchItems: false
tags:
- string
version: 0
runbook: string
scope: string
secureDriftPolicyId: string
severity: 0
timeouts:
create: string
delete: string
read: string
update: string
type: string
SecureDriftPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecureDriftPolicy resource accepts the following input properties:
- Description string
- (Required) The description of the drift rule.
- Rules
List<Secure
Drift Policy Rule> - Actions
List<Secure
Drift Policy Action> - Enabled bool
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- Name string
- The name of the Secure managed policy.
- Notification
Channels List<double> - IDs of the notification channels to send alerts to when the policy is fired.
- Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- The application scope for the policy.
- Secure
Drift stringPolicy Id - The id for the policy.
- Severity double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- Timeouts
Secure
Drift Policy Timeouts - Type string
- Description string
- (Required) The description of the drift rule.
- Rules
[]Secure
Drift Policy Rule Args - Actions
[]Secure
Drift Policy Action Args - Enabled bool
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- Name string
- The name of the Secure managed policy.
- Notification
Channels []float64 - IDs of the notification channels to send alerts to when the policy is fired.
- Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- The application scope for the policy.
- Secure
Drift stringPolicy Id - The id for the policy.
- Severity float64
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- Timeouts
Secure
Drift Policy Timeouts Args - Type string
- description String
- (Required) The description of the drift rule.
- rules
List<Secure
Drift Policy Rule> - actions
List<Secure
Drift Policy Action> - enabled Boolean
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- name String
- The name of the Secure managed policy.
- notification
Channels List<Double> - IDs of the notification channels to send alerts to when the policy is fired.
- runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- The application scope for the policy.
- secure
Drift StringPolicy Id - The id for the policy.
- severity Double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Drift Policy Timeouts - type String
- description string
- (Required) The description of the drift rule.
- rules
Secure
Drift Policy Rule[] - actions
Secure
Drift Policy Action[] - enabled boolean
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- name string
- The name of the Secure managed policy.
- notification
Channels number[] - IDs of the notification channels to send alerts to when the policy is fired.
- runbook string
- Customer provided url that provides a runbook for a given policy.
- scope string
- The application scope for the policy.
- secure
Drift stringPolicy Id - The id for the policy.
- severity number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Drift Policy Timeouts - type string
- description str
- (Required) The description of the drift rule.
- rules
Sequence[Secure
Drift Policy Rule Args] - actions
Sequence[Secure
Drift Policy Action Args] - enabled bool
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- name str
- The name of the Secure managed policy.
- notification_
channels Sequence[float] - IDs of the notification channels to send alerts to when the policy is fired.
- runbook str
- Customer provided url that provides a runbook for a given policy.
- scope str
- The application scope for the policy.
- secure_
drift_ strpolicy_ id - The id for the policy.
- severity float
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Drift Policy Timeouts Args - type str
- description String
- (Required) The description of the drift rule.
- rules List<Property Map>
- actions List<Property Map>
- enabled Boolean
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- name String
- The name of the Secure managed policy.
- notification
Channels List<Number> - IDs of the notification channels to send alerts to when the policy is fired.
- runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- The application scope for the policy.
- secure
Drift StringPolicy Id - The id for the policy.
- severity Number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts Property Map
- type String
Outputs
All input properties are implicitly available as output properties. Additionally, the SecureDriftPolicy resource produces the following output properties:
Look up Existing SecureDriftPolicy Resource
Get an existing SecureDriftPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecureDriftPolicyState, opts?: CustomResourceOptions): SecureDriftPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[SecureDriftPolicyActionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
notification_channels: Optional[Sequence[float]] = None,
rules: Optional[Sequence[SecureDriftPolicyRuleArgs]] = None,
runbook: Optional[str] = None,
scope: Optional[str] = None,
secure_drift_policy_id: Optional[str] = None,
severity: Optional[float] = None,
timeouts: Optional[SecureDriftPolicyTimeoutsArgs] = None,
type: Optional[str] = None,
version: Optional[float] = None) -> SecureDriftPolicyfunc GetSecureDriftPolicy(ctx *Context, name string, id IDInput, state *SecureDriftPolicyState, opts ...ResourceOption) (*SecureDriftPolicy, error)public static SecureDriftPolicy Get(string name, Input<string> id, SecureDriftPolicyState? state, CustomResourceOptions? opts = null)public static SecureDriftPolicy get(String name, Output<String> id, SecureDriftPolicyState state, CustomResourceOptions options)resources: _: type: sysdig:SecureDriftPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions
List<Secure
Drift Policy Action> - Description string
- (Required) The description of the drift rule.
- Enabled bool
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- Name string
- The name of the Secure managed policy.
- Notification
Channels List<double> - IDs of the notification channels to send alerts to when the policy is fired.
- Rules
List<Secure
Drift Policy Rule> - Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- The application scope for the policy.
- Secure
Drift stringPolicy Id - The id for the policy.
- Severity double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- Timeouts
Secure
Drift Policy Timeouts - Type string
- Version double
- Actions
[]Secure
Drift Policy Action Args - Description string
- (Required) The description of the drift rule.
- Enabled bool
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- Name string
- The name of the Secure managed policy.
- Notification
Channels []float64 - IDs of the notification channels to send alerts to when the policy is fired.
- Rules
[]Secure
Drift Policy Rule Args - Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- The application scope for the policy.
- Secure
Drift stringPolicy Id - The id for the policy.
- Severity float64
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- Timeouts
Secure
Drift Policy Timeouts Args - Type string
- Version float64
- actions
List<Secure
Drift Policy Action> - description String
- (Required) The description of the drift rule.
- enabled Boolean
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- name String
- The name of the Secure managed policy.
- notification
Channels List<Double> - IDs of the notification channels to send alerts to when the policy is fired.
- rules
List<Secure
Drift Policy Rule> - runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- The application scope for the policy.
- secure
Drift StringPolicy Id - The id for the policy.
- severity Double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Drift Policy Timeouts - type String
- version Double
- actions
Secure
Drift Policy Action[] - description string
- (Required) The description of the drift rule.
- enabled boolean
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- name string
- The name of the Secure managed policy.
- notification
Channels number[] - IDs of the notification channels to send alerts to when the policy is fired.
- rules
Secure
Drift Policy Rule[] - runbook string
- Customer provided url that provides a runbook for a given policy.
- scope string
- The application scope for the policy.
- secure
Drift stringPolicy Id - The id for the policy.
- severity number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Drift Policy Timeouts - type string
- version number
- actions
Sequence[Secure
Drift Policy Action Args] - description str
- (Required) The description of the drift rule.
- enabled bool
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- name str
- The name of the Secure managed policy.
- notification_
channels Sequence[float] - IDs of the notification channels to send alerts to when the policy is fired.
- rules
Sequence[Secure
Drift Policy Rule Args] - runbook str
- Customer provided url that provides a runbook for a given policy.
- scope str
- The application scope for the policy.
- secure_
drift_ strpolicy_ id - The id for the policy.
- severity float
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts
Secure
Drift Policy Timeouts Args - type str
- version float
- actions List<Property Map>
- description String
- (Required) The description of the drift rule.
- enabled Boolean
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- name String
- The name of the Secure managed policy.
- notification
Channels List<Number> - IDs of the notification channels to send alerts to when the policy is fired.
- rules List<Property Map>
- runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- The application scope for the policy.
- secure
Drift StringPolicy Id - The id for the policy.
- severity Number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
- timeouts Property Map
- type String
- version Number
Supporting Types
SecureDriftPolicyAction, SecureDriftPolicyActionArgs
- Captures
List<Secure
Drift Policy Action Capture> - (Optional) Captures with Sysdig the stream of system calls:
- Container string
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- Prevent
Drift bool - (Optional) Prevent the execution of drifted binaries and specified prohibited binaries.
- Captures
[]Secure
Drift Policy Action Capture - (Optional) Captures with Sysdig the stream of system calls:
- Container string
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- Prevent
Drift bool - (Optional) Prevent the execution of drifted binaries and specified prohibited binaries.
- captures
List<Secure
Drift Policy Action Capture> - (Optional) Captures with Sysdig the stream of system calls:
- container String
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- prevent
Drift Boolean - (Optional) Prevent the execution of drifted binaries and specified prohibited binaries.
- captures
Secure
Drift Policy Action Capture[] - (Optional) Captures with Sysdig the stream of system calls:
- container string
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- prevent
Drift boolean - (Optional) Prevent the execution of drifted binaries and specified prohibited binaries.
- captures
Sequence[Secure
Drift Policy Action Capture] - (Optional) Captures with Sysdig the stream of system calls:
- container str
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- prevent_
drift bool - (Optional) Prevent the execution of drifted binaries and specified prohibited binaries.
- captures List<Property Map>
- (Optional) Captures with Sysdig the stream of system calls:
- container String
- (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- prevent
Drift Boolean - (Optional) Prevent the execution of drifted binaries and specified prohibited binaries.
SecureDriftPolicyActionCapture, SecureDriftPolicyActionCaptureArgs
- Name string
- The name of the Secure managed policy.
- Seconds
After doubleEvent - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- Seconds
Before doubleEvent - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- Bucket
Name string - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- Filter string
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - Folder string
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
- Name string
- The name of the Secure managed policy.
- Seconds
After float64Event - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- Seconds
Before float64Event - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- Bucket
Name string - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- Filter string
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - Folder string
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
- name String
- The name of the Secure managed policy.
- seconds
After DoubleEvent - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- seconds
Before DoubleEvent - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- bucket
Name String - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter String
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - folder String
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
- name string
- The name of the Secure managed policy.
- seconds
After numberEvent - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- seconds
Before numberEvent - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- bucket
Name string - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter string
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - folder string
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
- name str
- The name of the Secure managed policy.
- seconds_
after_ floatevent - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- seconds_
before_ floatevent - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- bucket_
name str - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter str
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - folder str
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
- name String
- The name of the Secure managed policy.
- seconds
After NumberEvent - (Required) Captures the system calls for the amount of seconds after the policy was triggered.
- seconds
Before NumberEvent - (Required) Captures the system calls during the amount of seconds before the policy was triggered.
- bucket
Name String - (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter String
- (Optional) Additional filter to apply to the capture. For example:
proc.name=cat - folder String
- (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
SecureDriftPolicyRule, SecureDriftPolicyRuleArgs
- Description string
- (Required) The description of the drift rule.
- Enabled bool
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- Exceptions
Secure
Drift Policy Rule Exceptions - (Optional) Specify comma separated list of exceptions.
- Id double
- The id for the policy.
- Mounted
Volume boolDrift Enabled - (Optional) Treat all binaries from mounted volumes as drifted. Default value is false/disabled.
- Name string
- The name of the Secure managed policy.
- Process
Based SecureExceptions Drift Policy Rule Process Based Exceptions - (Optional) List of processes that will be able to execute a drifted file
- Process
Based SecureProhibited Binaries Drift Policy Rule Process Based Prohibited Binaries - (Optional) List of processes that will be prohibited to execute a drifted file
- Prohibited
Binaries SecureDrift Policy Rule Prohibited Binaries - (Optional) A prohibited binary can be a known harmful binary or one that facilitates discovery of your environment.
- List<string>
- Version double
- Description string
- (Required) The description of the drift rule.
- Enabled bool
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- Exceptions
Secure
Drift Policy Rule Exceptions - (Optional) Specify comma separated list of exceptions.
- Id float64
- The id for the policy.
- Mounted
Volume boolDrift Enabled - (Optional) Treat all binaries from mounted volumes as drifted. Default value is false/disabled.
- Name string
- The name of the Secure managed policy.
- Process
Based SecureExceptions Drift Policy Rule Process Based Exceptions - (Optional) List of processes that will be able to execute a drifted file
- Process
Based SecureProhibited Binaries Drift Policy Rule Process Based Prohibited Binaries - (Optional) List of processes that will be prohibited to execute a drifted file
- Prohibited
Binaries SecureDrift Policy Rule Prohibited Binaries - (Optional) A prohibited binary can be a known harmful binary or one that facilitates discovery of your environment.
- []string
- Version float64
- description String
- (Required) The description of the drift rule.
- enabled Boolean
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- exceptions
Secure
Drift Policy Rule Exceptions - (Optional) Specify comma separated list of exceptions.
- id Double
- The id for the policy.
- mounted
Volume BooleanDrift Enabled - (Optional) Treat all binaries from mounted volumes as drifted. Default value is false/disabled.
- name String
- The name of the Secure managed policy.
- process
Based SecureExceptions Drift Policy Rule Process Based Exceptions - (Optional) List of processes that will be able to execute a drifted file
- process
Based SecureProhibited Binaries Drift Policy Rule Process Based Prohibited Binaries - (Optional) List of processes that will be prohibited to execute a drifted file
- prohibited
Binaries SecureDrift Policy Rule Prohibited Binaries - (Optional) A prohibited binary can be a known harmful binary or one that facilitates discovery of your environment.
- List<String>
- version Double
- description string
- (Required) The description of the drift rule.
- enabled boolean
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- exceptions
Secure
Drift Policy Rule Exceptions - (Optional) Specify comma separated list of exceptions.
- id number
- The id for the policy.
- mounted
Volume booleanDrift Enabled - (Optional) Treat all binaries from mounted volumes as drifted. Default value is false/disabled.
- name string
- The name of the Secure managed policy.
- process
Based SecureExceptions Drift Policy Rule Process Based Exceptions - (Optional) List of processes that will be able to execute a drifted file
- process
Based SecureProhibited Binaries Drift Policy Rule Process Based Prohibited Binaries - (Optional) List of processes that will be prohibited to execute a drifted file
- prohibited
Binaries SecureDrift Policy Rule Prohibited Binaries - (Optional) A prohibited binary can be a known harmful binary or one that facilitates discovery of your environment.
- string[]
- version number
- description str
- (Required) The description of the drift rule.
- enabled bool
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- exceptions
Secure
Drift Policy Rule Exceptions - (Optional) Specify comma separated list of exceptions.
- id float
- The id for the policy.
- mounted_
volume_ booldrift_ enabled - (Optional) Treat all binaries from mounted volumes as drifted. Default value is false/disabled.
- name str
- The name of the Secure managed policy.
- process_
based_ Secureexceptions Drift Policy Rule Process Based Exceptions - (Optional) List of processes that will be able to execute a drifted file
- process_
based_ Secureprohibited_ binaries Drift Policy Rule Process Based Prohibited Binaries - (Optional) List of processes that will be prohibited to execute a drifted file
- prohibited_
binaries SecureDrift Policy Rule Prohibited Binaries - (Optional) A prohibited binary can be a known harmful binary or one that facilitates discovery of your environment.
- Sequence[str]
- version float
- description String
- (Required) The description of the drift rule.
- enabled Boolean
- (Required) Toggle to dynamically detect execution of drifted binaries. A drifted binary is any binary that was not part of the original image of the container. It is typically downloaded or compiled into a running container.
- exceptions Property Map
- (Optional) Specify comma separated list of exceptions.
- id Number
- The id for the policy.
- mounted
Volume BooleanDrift Enabled - (Optional) Treat all binaries from mounted volumes as drifted. Default value is false/disabled.
- name String
- The name of the Secure managed policy.
- process
Based Property MapExceptions - (Optional) List of processes that will be able to execute a drifted file
- process
Based Property MapProhibited Binaries - (Optional) List of processes that will be prohibited to execute a drifted file
- prohibited
Binaries Property Map - (Optional) A prohibited binary can be a known harmful binary or one that facilitates discovery of your environment.
- List<String>
- version Number
SecureDriftPolicyRuleExceptions, SecureDriftPolicyRuleExceptionsArgs
- Items List<string>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - Match
Items bool
- Items []string
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - Match
Items bool
- items List<String>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items Boolean
- items string[]
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items boolean
- items Sequence[str]
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match_
items bool
- items List<String>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items Boolean
SecureDriftPolicyRuleProcessBasedExceptions, SecureDriftPolicyRuleProcessBasedExceptionsArgs
- Items List<string>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - Match
Items bool
- Items []string
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - Match
Items bool
- items List<String>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items Boolean
- items string[]
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items boolean
- items Sequence[str]
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match_
items bool
- items List<String>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items Boolean
SecureDriftPolicyRuleProcessBasedProhibitedBinaries, SecureDriftPolicyRuleProcessBasedProhibitedBinariesArgs
- Items List<string>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - Match
Items bool
- Items []string
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - Match
Items bool
- items List<String>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items Boolean
- items string[]
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items boolean
- items Sequence[str]
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match_
items bool
- items List<String>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items Boolean
SecureDriftPolicyRuleProhibitedBinaries, SecureDriftPolicyRuleProhibitedBinariesArgs
- Items List<string>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - Match
Items bool
- Items []string
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - Match
Items bool
- items List<String>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items Boolean
- items string[]
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items boolean
- items Sequence[str]
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match_
items bool
- items List<String>
- (Required) Specify comma separated list of processes, e.g.
/usr/bin/rm, /usr/bin/curl. - match
Items Boolean
SecureDriftPolicyTimeouts, SecureDriftPolicyTimeoutsArgs
Package Details
- Repository
- sysdig sysdiglabs/terraform-provider-sysdig
- License
- Notes
- This Pulumi package is based on the
sysdigTerraform Provider.
sysdig 1.56.0 published on Wednesday, Apr 30, 2025 by sysdiglabs