Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Packages
  2. Zscaler Internet Access (ZIA)
  3. API Docs
  4. CasbDlpRule
Zscaler Internet Access v1.1.1 published on Tuesday, Jun 24, 2025 by Zscaler
zscaler/pulumi-zia

zia.CasbDlpRule

Explore with Pulumi AI

zia logo
Zscaler Internet Access v1.1.1 published on Tuesday, Jun 24, 2025 by Zscaler
zscaler/pulumi-zia

    The zia_casb_dlp_rules resource Adds a new SaaS Security Data at Rest Scanning DLP rule in the Zscaler Internet Access.

    Example Usage

    data "zia_casb_tenant" "this" {
  tenant_name = "Jira_Tenant01"
}

data "zia_dlp_incident_receiver_servers" "this" {
  name = "ZS_Incident_Receiver"
}

data "zia_rule_labels" "this" {
    name = "RuleLabel01
}

data "zia_dlp_engines" "this" {
    name = "PCI"
}

data "zia_admin_users" "this" {
    username = auditor01
}

resource "zia_casb_dlp_rules" "this" {
  name = "SaaS_ITSM_App_Rule"
  description = "SaaS_ITSM_App_Rule"
  order = 1
  rank = 7
  type = "OFLCASB_DLP_ITSM"
  action = "OFLCASB_DLP_REPORT_INCIDENT"
  severity = "RULE_SEVERITY_HIGH"
  without_content_inspection = false
  external_auditor_email = "jdoe@acme.com"
  file_types = [
        "FTCATEGORY_APPX",
        "FTCATEGORY_SQL",
  ]
  collaboration_scope = [
        "ANY",
  ]
  components = [
        "COMPONENT_ITSM_OBJECTS",
        "COMPONENT_ITSM_ATTACHMENTS",
  ]
 cloud_app_tenants {
    id = [data.zia_casb_tenant.this.tenant_id]
  }
 dlp_engines {
    id = [data.zia_dlp_engines.this.id]
  }
  object_types {
    id = [32, 33, 34]
  }
 labels {
    id = [data.zia_rule_labels.this.id]
  }
  zscaler_incident_receiver {
    id = data.zia_dlp_incident_receiver_servers.this.id
  }
  auditor_notification {
    id = data.zia_admin_users.this.id
  }
}

    Create CasbDlpRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new CasbDlpRule(name: string, args?: CasbDlpRuleArgs, opts?: CustomResourceOptions);
    @overload
def CasbDlpRule(resource_name: str,
                args: Optional[CasbDlpRuleArgs] = None,
                opts: Optional[ResourceOptions] = None)

@overload
def CasbDlpRule(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                action: Optional[str] = None,
                auditor_notifications: Optional[Sequence[CasbDlpRuleAuditorNotificationArgs]] = None,
                bucket_owner: Optional[str] = None,
                buckets: Optional[CasbDlpRuleBucketsArgs] = None,
                casb_email_labels: Optional[Sequence[CasbDlpRuleCasbEmailLabelArgs]] = None,
                casb_tombstone_templates: Optional[Sequence[CasbDlpRuleCasbTombstoneTemplateArgs]] = None,
                cloud_app_tenants: Optional[CasbDlpRuleCloudAppTenantsArgs] = None,
                collaboration_scopes: Optional[Sequence[str]] = None,
                components: Optional[Sequence[str]] = None,
                content_location: Optional[str] = None,
                criteria_domain_profiles: Optional[CasbDlpRuleCriteriaDomainProfilesArgs] = None,
                departments: Optional[CasbDlpRuleDepartmentsArgs] = None,
                description: Optional[str] = None,
                dlp_engines: Optional[CasbDlpRuleDlpEnginesArgs] = None,
                domains: Optional[Sequence[str]] = None,
                email_recipient_profiles: Optional[CasbDlpRuleEmailRecipientProfilesArgs] = None,
                entity_groups: Optional[CasbDlpRuleEntityGroupsArgs] = None,
                excluded_domain_profiles: Optional[CasbDlpRuleExcludedDomainProfilesArgs] = None,
                external_auditor_email: Optional[str] = None,
                file_types: Optional[Sequence[str]] = None,
                groups: Optional[CasbDlpRuleGroupsArgs] = None,
                include_criteria_domain_profile: Optional[bool] = None,
                include_email_recipient_profile: Optional[bool] = None,
                include_entity_groups: Optional[bool] = None,
                included_domain_profiles: Optional[CasbDlpRuleIncludedDomainProfilesArgs] = None,
                labels: Optional[CasbDlpRuleLabelsArgs] = None,
                name: Optional[str] = None,
                object_types: Optional[CasbDlpRuleObjectTypesArgs] = None,
                order: Optional[int] = None,
                quarantine_location: Optional[str] = None,
                rank: Optional[int] = None,
                recipient: Optional[str] = None,
                redaction_profiles: Optional[Sequence[CasbDlpRuleRedactionProfileArgs]] = None,
                severity: Optional[str] = None,
                state: Optional[str] = None,
                tags: Optional[Sequence[CasbDlpRuleTagArgs]] = None,
                type: Optional[str] = None,
                users: Optional[CasbDlpRuleUsersArgs] = None,
                watermark_delete_old_version: Optional[bool] = None,
                watermark_profiles: Optional[Sequence[CasbDlpRuleWatermarkProfileArgs]] = None,
                without_content_inspection: Optional[bool] = None,
                zscaler_incident_receivers: Optional[Sequence[CasbDlpRuleZscalerIncidentReceiverArgs]] = None)
    func NewCasbDlpRule(ctx *Context, name string, args *CasbDlpRuleArgs, opts ...ResourceOption) (*CasbDlpRule, error)
    public CasbDlpRule(string name, CasbDlpRuleArgs? args = null, CustomResourceOptions? opts = null)
    public CasbDlpRule(String name, CasbDlpRuleArgs args)
public CasbDlpRule(String name, CasbDlpRuleArgs args, CustomResourceOptions options)

    type: zia:CasbDlpRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args CasbDlpRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CasbDlpRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CasbDlpRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CasbDlpRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CasbDlpRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var casbDlpRuleResource = new Zia.CasbDlpRule("casbDlpRuleResource", new()
{
    Action = "string",
    AuditorNotifications = new[]
    {
        new Zia.Inputs.CasbDlpRuleAuditorNotificationArgs
        {
            Id = 0,
        },
    },
    BucketOwner = "string",
    Buckets = new Zia.Inputs.CasbDlpRuleBucketsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    CasbEmailLabels = new[]
    {
        new Zia.Inputs.CasbDlpRuleCasbEmailLabelArgs
        {
            Id = 0,
        },
    },
    CasbTombstoneTemplates = new[]
    {
        new Zia.Inputs.CasbDlpRuleCasbTombstoneTemplateArgs
        {
            Id = 0,
        },
    },
    CloudAppTenants = new Zia.Inputs.CasbDlpRuleCloudAppTenantsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    CollaborationScopes = new[]
    {
        "string",
    },
    Components = new[]
    {
        "string",
    },
    ContentLocation = "string",
    CriteriaDomainProfiles = new Zia.Inputs.CasbDlpRuleCriteriaDomainProfilesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Departments = new Zia.Inputs.CasbDlpRuleDepartmentsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Description = "string",
    DlpEngines = new Zia.Inputs.CasbDlpRuleDlpEnginesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Domains = new[]
    {
        "string",
    },
    EmailRecipientProfiles = new Zia.Inputs.CasbDlpRuleEmailRecipientProfilesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    EntityGroups = new Zia.Inputs.CasbDlpRuleEntityGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExcludedDomainProfiles = new Zia.Inputs.CasbDlpRuleExcludedDomainProfilesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExternalAuditorEmail = "string",
    FileTypes = new[]
    {
        "string",
    },
    Groups = new Zia.Inputs.CasbDlpRuleGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    IncludeCriteriaDomainProfile = false,
    IncludeEmailRecipientProfile = false,
    IncludeEntityGroups = false,
    IncludedDomainProfiles = new Zia.Inputs.CasbDlpRuleIncludedDomainProfilesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Labels = new Zia.Inputs.CasbDlpRuleLabelsArgs
    {
        Id = 0,
    },
    Name = "string",
    ObjectTypes = new Zia.Inputs.CasbDlpRuleObjectTypesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Order = 0,
    QuarantineLocation = "string",
    Rank = 0,
    Recipient = "string",
    RedactionProfiles = new[]
    {
        new Zia.Inputs.CasbDlpRuleRedactionProfileArgs
        {
            Id = 0,
        },
    },
    Severity = "string",
    State = "string",
    Tags = new[]
    {
        new Zia.Inputs.CasbDlpRuleTagArgs
        {
            Id = 0,
        },
    },
    Type = "string",
    Users = new Zia.Inputs.CasbDlpRuleUsersArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    WatermarkDeleteOldVersion = false,
    WatermarkProfiles = new[]
    {
        new Zia.Inputs.CasbDlpRuleWatermarkProfileArgs
        {
            Id = 0,
        },
    },
    WithoutContentInspection = false,
    ZscalerIncidentReceivers = new[]
    {
        new Zia.Inputs.CasbDlpRuleZscalerIncidentReceiverArgs
        {
            Id = 0,
        },
    },
});

    example, err := zia.NewCasbDlpRule(ctx, "casbDlpRuleResource", &zia.CasbDlpRuleArgs{
	Action: pulumi.String("string"),
	AuditorNotifications: zia.CasbDlpRuleAuditorNotificationArray{
		&zia.CasbDlpRuleAuditorNotificationArgs{
			Id: pulumi.Int(0),
		},
	},
	BucketOwner: pulumi.String("string"),
	Buckets: &zia.CasbDlpRuleBucketsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	CasbEmailLabels: zia.CasbDlpRuleCasbEmailLabelArray{
		&zia.CasbDlpRuleCasbEmailLabelArgs{
			Id: pulumi.Int(0),
		},
	},
	CasbTombstoneTemplates: zia.CasbDlpRuleCasbTombstoneTemplateArray{
		&zia.CasbDlpRuleCasbTombstoneTemplateArgs{
			Id: pulumi.Int(0),
		},
	},
	CloudAppTenants: &zia.CasbDlpRuleCloudAppTenantsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	CollaborationScopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Components: pulumi.StringArray{
		pulumi.String("string"),
	},
	ContentLocation: pulumi.String("string"),
	CriteriaDomainProfiles: &zia.CasbDlpRuleCriteriaDomainProfilesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Departments: &zia.CasbDlpRuleDepartmentsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Description: pulumi.String("string"),
	DlpEngines: &zia.CasbDlpRuleDlpEnginesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Domains: pulumi.StringArray{
		pulumi.String("string"),
	},
	EmailRecipientProfiles: &zia.CasbDlpRuleEmailRecipientProfilesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	EntityGroups: &zia.CasbDlpRuleEntityGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExcludedDomainProfiles: &zia.CasbDlpRuleExcludedDomainProfilesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExternalAuditorEmail: pulumi.String("string"),
	FileTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Groups: &zia.CasbDlpRuleGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	IncludeCriteriaDomainProfile: pulumi.Bool(false),
	IncludeEmailRecipientProfile: pulumi.Bool(false),
	IncludeEntityGroups:          pulumi.Bool(false),
	IncludedDomainProfiles: &zia.CasbDlpRuleIncludedDomainProfilesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Labels: &zia.CasbDlpRuleLabelsArgs{
		Id: pulumi.Int(0),
	},
	Name: pulumi.String("string"),
	ObjectTypes: &zia.CasbDlpRuleObjectTypesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Order:              pulumi.Int(0),
	QuarantineLocation: pulumi.String("string"),
	Rank:               pulumi.Int(0),
	Recipient:          pulumi.String("string"),
	RedactionProfiles: zia.CasbDlpRuleRedactionProfileArray{
		&zia.CasbDlpRuleRedactionProfileArgs{
			Id: pulumi.Int(0),
		},
	},
	Severity: pulumi.String("string"),
	State:    pulumi.String("string"),
	Tags: zia.CasbDlpRuleTagArray{
		&zia.CasbDlpRuleTagArgs{
			Id: pulumi.Int(0),
		},
	},
	Type: pulumi.String("string"),
	Users: &zia.CasbDlpRuleUsersArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	WatermarkDeleteOldVersion: pulumi.Bool(false),
	WatermarkProfiles: zia.CasbDlpRuleWatermarkProfileArray{
		&zia.CasbDlpRuleWatermarkProfileArgs{
			Id: pulumi.Int(0),
		},
	},
	WithoutContentInspection: pulumi.Bool(false),
	ZscalerIncidentReceivers: zia.CasbDlpRuleZscalerIncidentReceiverArray{
		&zia.CasbDlpRuleZscalerIncidentReceiverArgs{
			Id: pulumi.Int(0),
		},
	},
})

    var casbDlpRuleResource = new CasbDlpRule("casbDlpRuleResource", CasbDlpRuleArgs.builder()
    .action("string")
    .auditorNotifications(CasbDlpRuleAuditorNotificationArgs.builder()
        .id(0)
        .build())
    .bucketOwner("string")
    .buckets(CasbDlpRuleBucketsArgs.builder()
        .ids(0)
        .build())
    .casbEmailLabels(CasbDlpRuleCasbEmailLabelArgs.builder()
        .id(0)
        .build())
    .casbTombstoneTemplates(CasbDlpRuleCasbTombstoneTemplateArgs.builder()
        .id(0)
        .build())
    .cloudAppTenants(CasbDlpRuleCloudAppTenantsArgs.builder()
        .ids(0)
        .build())
    .collaborationScopes("string")
    .components("string")
    .contentLocation("string")
    .criteriaDomainProfiles(CasbDlpRuleCriteriaDomainProfilesArgs.builder()
        .ids(0)
        .build())
    .departments(CasbDlpRuleDepartmentsArgs.builder()
        .ids(0)
        .build())
    .description("string")
    .dlpEngines(CasbDlpRuleDlpEnginesArgs.builder()
        .ids(0)
        .build())
    .domains("string")
    .emailRecipientProfiles(CasbDlpRuleEmailRecipientProfilesArgs.builder()
        .ids(0)
        .build())
    .entityGroups(CasbDlpRuleEntityGroupsArgs.builder()
        .ids(0)
        .build())
    .excludedDomainProfiles(CasbDlpRuleExcludedDomainProfilesArgs.builder()
        .ids(0)
        .build())
    .externalAuditorEmail("string")
    .fileTypes("string")
    .groups(CasbDlpRuleGroupsArgs.builder()
        .ids(0)
        .build())
    .includeCriteriaDomainProfile(false)
    .includeEmailRecipientProfile(false)
    .includeEntityGroups(false)
    .includedDomainProfiles(CasbDlpRuleIncludedDomainProfilesArgs.builder()
        .ids(0)
        .build())
    .labels(CasbDlpRuleLabelsArgs.builder()
        .id(0)
        .build())
    .name("string")
    .objectTypes(CasbDlpRuleObjectTypesArgs.builder()
        .ids(0)
        .build())
    .order(0)
    .quarantineLocation("string")
    .rank(0)
    .recipient("string")
    .redactionProfiles(CasbDlpRuleRedactionProfileArgs.builder()
        .id(0)
        .build())
    .severity("string")
    .state("string")
    .tags(CasbDlpRuleTagArgs.builder()
        .id(0)
        .build())
    .type("string")
    .users(CasbDlpRuleUsersArgs.builder()
        .ids(0)
        .build())
    .watermarkDeleteOldVersion(false)
    .watermarkProfiles(CasbDlpRuleWatermarkProfileArgs.builder()
        .id(0)
        .build())
    .withoutContentInspection(false)
    .zscalerIncidentReceivers(CasbDlpRuleZscalerIncidentReceiverArgs.builder()
        .id(0)
        .build())
    .build());

    casb_dlp_rule_resource = zia.CasbDlpRule("casbDlpRuleResource",
    action="string",
    auditor_notifications=[{
        "id": 0,
    }],
    bucket_owner="string",
    buckets={
        "ids": [0],
    },
    casb_email_labels=[{
        "id": 0,
    }],
    casb_tombstone_templates=[{
        "id": 0,
    }],
    cloud_app_tenants={
        "ids": [0],
    },
    collaboration_scopes=["string"],
    components=["string"],
    content_location="string",
    criteria_domain_profiles={
        "ids": [0],
    },
    departments={
        "ids": [0],
    },
    description="string",
    dlp_engines={
        "ids": [0],
    },
    domains=["string"],
    email_recipient_profiles={
        "ids": [0],
    },
    entity_groups={
        "ids": [0],
    },
    excluded_domain_profiles={
        "ids": [0],
    },
    external_auditor_email="string",
    file_types=["string"],
    groups={
        "ids": [0],
    },
    include_criteria_domain_profile=False,
    include_email_recipient_profile=False,
    include_entity_groups=False,
    included_domain_profiles={
        "ids": [0],
    },
    labels={
        "id": 0,
    },
    name="string",
    object_types={
        "ids": [0],
    },
    order=0,
    quarantine_location="string",
    rank=0,
    recipient="string",
    redaction_profiles=[{
        "id": 0,
    }],
    severity="string",
    state="string",
    tags=[{
        "id": 0,
    }],
    type="string",
    users={
        "ids": [0],
    },
    watermark_delete_old_version=False,
    watermark_profiles=[{
        "id": 0,
    }],
    without_content_inspection=False,
    zscaler_incident_receivers=[{
        "id": 0,
    }])

    const casbDlpRuleResource = new zia.CasbDlpRule("casbDlpRuleResource", {
    action: "string",
    auditorNotifications: [{
        id: 0,
    }],
    bucketOwner: "string",
    buckets: {
        ids: [0],
    },
    casbEmailLabels: [{
        id: 0,
    }],
    casbTombstoneTemplates: [{
        id: 0,
    }],
    cloudAppTenants: {
        ids: [0],
    },
    collaborationScopes: ["string"],
    components: ["string"],
    contentLocation: "string",
    criteriaDomainProfiles: {
        ids: [0],
    },
    departments: {
        ids: [0],
    },
    description: "string",
    dlpEngines: {
        ids: [0],
    },
    domains: ["string"],
    emailRecipientProfiles: {
        ids: [0],
    },
    entityGroups: {
        ids: [0],
    },
    excludedDomainProfiles: {
        ids: [0],
    },
    externalAuditorEmail: "string",
    fileTypes: ["string"],
    groups: {
        ids: [0],
    },
    includeCriteriaDomainProfile: false,
    includeEmailRecipientProfile: false,
    includeEntityGroups: false,
    includedDomainProfiles: {
        ids: [0],
    },
    labels: {
        id: 0,
    },
    name: "string",
    objectTypes: {
        ids: [0],
    },
    order: 0,
    quarantineLocation: "string",
    rank: 0,
    recipient: "string",
    redactionProfiles: [{
        id: 0,
    }],
    severity: "string",
    state: "string",
    tags: [{
        id: 0,
    }],
    type: "string",
    users: {
        ids: [0],
    },
    watermarkDeleteOldVersion: false,
    watermarkProfiles: [{
        id: 0,
    }],
    withoutContentInspection: false,
    zscalerIncidentReceivers: [{
        id: 0,
    }],
});

    type: zia:CasbDlpRule
properties:
    action: string
    auditorNotifications:
        - id: 0
    bucketOwner: string
    buckets:
        ids:
            - 0
    casbEmailLabels:
        - id: 0
    casbTombstoneTemplates:
        - id: 0
    cloudAppTenants:
        ids:
            - 0
    collaborationScopes:
        - string
    components:
        - string
    contentLocation: string
    criteriaDomainProfiles:
        ids:
            - 0
    departments:
        ids:
            - 0
    description: string
    dlpEngines:
        ids:
            - 0
    domains:
        - string
    emailRecipientProfiles:
        ids:
            - 0
    entityGroups:
        ids:
            - 0
    excludedDomainProfiles:
        ids:
            - 0
    externalAuditorEmail: string
    fileTypes:
        - string
    groups:
        ids:
            - 0
    includeCriteriaDomainProfile: false
    includeEmailRecipientProfile: false
    includeEntityGroups: false
    includedDomainProfiles:
        ids:
            - 0
    labels:
        id: 0
    name: string
    objectTypes:
        ids:
            - 0
    order: 0
    quarantineLocation: string
    rank: 0
    recipient: string
    redactionProfiles:
        - id: 0
    severity: string
    state: string
    tags:
        - id: 0
    type: string
    users:
        ids:
            - 0
    watermarkDeleteOldVersion: false
    watermarkProfiles:
        - id: 0
    withoutContentInspection: false
    zscalerIncidentReceivers:
        - id: 0

    CasbDlpRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The CasbDlpRule resource accepts the following input properties:

    Action string
    The configured action for the policy rule
    AuditorNotifications List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleAuditorNotification>
    Notification template used for DLP email alerts sent to the auditor
    BucketOwner string
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    Buckets zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleBuckets
    The buckets for the Zscaler service to inspect for sensitive data
    CasbEmailLabels List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleCasbEmailLabel>
    Name-ID of the email label associated with the rule
    CasbTombstoneTemplates List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleCasbTombstoneTemplate>
    Name-ID of the quarantine tombstone template associated with the rule
    CloudAppTenants zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleCloudAppTenants
    Name-ID pairs of the cloud application tenants for which the rule is applied
    CollaborationScopes List<string>
    Collaboration scope for the rule
    Components List<string>
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    ContentLocation string
    The location for the content that the Zscaler service inspects for sensitive data
    CriteriaDomainProfiles zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleCriteriaDomainProfiles
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    Departments zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleDepartments
    Name-ID pairs of departments for which rule must be applied
    Description string
    An admin editable text-based description of the rule
    DlpEngines zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied
    Domains List<string>
    The domain for the external organization sharing the channel
    EmailRecipientProfiles zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleEmailRecipientProfiles
    Name-ID pairs of recipient profiles for which the rule is applied
    EntityGroups zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleEntityGroups
    Name-ID pairs of entity groups that are part of the rule criteria
    ExcludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleExcludedDomainProfiles
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    ExternalAuditorEmail string
    Email address of the external auditor to whom the DLP email alerts are sent
    FileTypes List<string>
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    Groups zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleGroups
    Name-ID pairs of groups for which the rule is applied
    IncludeCriteriaDomainProfile bool
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    IncludeEmailRecipientProfile bool
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    IncludeEntityGroups bool
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    IncludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleIncludedDomainProfiles
    Name-ID pairs of domain profiles included in the criteria for the rule
    Labels zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleLabels
    Name-ID pairs of rule labels associated with the rule
    Name string
    Rule name
    ObjectTypes zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleObjectTypes
    List of object types for which the rule is applied
    Order int
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    QuarantineLocation string
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    Rank int
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    Recipient string
    Specifies if the email recipient is internal or external
    RedactionProfiles List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleRedactionProfile>
    Name-ID of the redaction profile in the criteria
    Severity string
    The severity level of the incidents that match the policy rule
    State string
    Administrative state of the rule
    Tags List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleTag>
    Tag applied to the rule
    Type string
    The type of SaaS Security Data at Rest Scanning DLP rule
    Users zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleUsers
    Name-ID pairs of users for which rule must be applied
    WatermarkDeleteOldVersion bool
    Specifies whether to delete an old version of the watermarked file
    WatermarkProfiles List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleWatermarkProfile>
    Watermark profile applied to the rule
    WithoutContentInspection bool
    If true, Content Matching is set to None
    ZscalerIncidentReceivers List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleZscalerIncidentReceiver>
    The Zscaler Incident Receiver details
    Action string
    The configured action for the policy rule
    AuditorNotifications []CasbDlpRuleAuditorNotificationArgs
    Notification template used for DLP email alerts sent to the auditor
    BucketOwner string
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    Buckets CasbDlpRuleBucketsArgs
    The buckets for the Zscaler service to inspect for sensitive data
    CasbEmailLabels []CasbDlpRuleCasbEmailLabelArgs
    Name-ID of the email label associated with the rule
    CasbTombstoneTemplates []CasbDlpRuleCasbTombstoneTemplateArgs
    Name-ID of the quarantine tombstone template associated with the rule
    CloudAppTenants CasbDlpRuleCloudAppTenantsArgs
    Name-ID pairs of the cloud application tenants for which the rule is applied
    CollaborationScopes []string
    Collaboration scope for the rule
    Components []string
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    ContentLocation string
    The location for the content that the Zscaler service inspects for sensitive data
    CriteriaDomainProfiles CasbDlpRuleCriteriaDomainProfilesArgs
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    Departments CasbDlpRuleDepartmentsArgs
    Name-ID pairs of departments for which rule must be applied
    Description string
    An admin editable text-based description of the rule
    DlpEngines CasbDlpRuleDlpEnginesArgs
    The list of DLP engines to which the DLP policy rule must be applied
    Domains []string
    The domain for the external organization sharing the channel
    EmailRecipientProfiles CasbDlpRuleEmailRecipientProfilesArgs
    Name-ID pairs of recipient profiles for which the rule is applied
    EntityGroups CasbDlpRuleEntityGroupsArgs
    Name-ID pairs of entity groups that are part of the rule criteria
    ExcludedDomainProfiles CasbDlpRuleExcludedDomainProfilesArgs
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    ExternalAuditorEmail string
    Email address of the external auditor to whom the DLP email alerts are sent
    FileTypes []string
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    Groups CasbDlpRuleGroupsArgs
    Name-ID pairs of groups for which the rule is applied
    IncludeCriteriaDomainProfile bool
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    IncludeEmailRecipientProfile bool
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    IncludeEntityGroups bool
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    IncludedDomainProfiles CasbDlpRuleIncludedDomainProfilesArgs
    Name-ID pairs of domain profiles included in the criteria for the rule
    Labels CasbDlpRuleLabelsArgs
    Name-ID pairs of rule labels associated with the rule
    Name string
    Rule name
    ObjectTypes CasbDlpRuleObjectTypesArgs
    List of object types for which the rule is applied
    Order int
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    QuarantineLocation string
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    Rank int
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    Recipient string
    Specifies if the email recipient is internal or external
    RedactionProfiles []CasbDlpRuleRedactionProfileArgs
    Name-ID of the redaction profile in the criteria
    Severity string
    The severity level of the incidents that match the policy rule
    State string
    Administrative state of the rule
    Tags []CasbDlpRuleTagArgs
    Tag applied to the rule
    Type string
    The type of SaaS Security Data at Rest Scanning DLP rule
    Users CasbDlpRuleUsersArgs
    Name-ID pairs of users for which rule must be applied
    WatermarkDeleteOldVersion bool
    Specifies whether to delete an old version of the watermarked file
    WatermarkProfiles []CasbDlpRuleWatermarkProfileArgs
    Watermark profile applied to the rule
    WithoutContentInspection bool
    If true, Content Matching is set to None
    ZscalerIncidentReceivers []CasbDlpRuleZscalerIncidentReceiverArgs
    The Zscaler Incident Receiver details
    action String
    The configured action for the policy rule
    auditorNotifications List<CasbDlpRuleAuditorNotification>
    Notification template used for DLP email alerts sent to the auditor
    bucketOwner String
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    buckets CasbDlpRuleBuckets
    The buckets for the Zscaler service to inspect for sensitive data
    casbEmailLabels List<CasbDlpRuleCasbEmailLabel>
    Name-ID of the email label associated with the rule
    casbTombstoneTemplates List<CasbDlpRuleCasbTombstoneTemplate>
    Name-ID of the quarantine tombstone template associated with the rule
    cloudAppTenants CasbDlpRuleCloudAppTenants
    Name-ID pairs of the cloud application tenants for which the rule is applied
    collaborationScopes List<String>
    Collaboration scope for the rule
    components List<String>
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    contentLocation String
    The location for the content that the Zscaler service inspects for sensitive data
    criteriaDomainProfiles CasbDlpRuleCriteriaDomainProfiles
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    departments CasbDlpRuleDepartments
    Name-ID pairs of departments for which rule must be applied
    description String
    An admin editable text-based description of the rule
    dlpEngines CasbDlpRuleDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied
    domains List<String>
    The domain for the external organization sharing the channel
    emailRecipientProfiles CasbDlpRuleEmailRecipientProfiles
    Name-ID pairs of recipient profiles for which the rule is applied
    entityGroups CasbDlpRuleEntityGroups
    Name-ID pairs of entity groups that are part of the rule criteria
    excludedDomainProfiles CasbDlpRuleExcludedDomainProfiles
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    externalAuditorEmail String
    Email address of the external auditor to whom the DLP email alerts are sent
    fileTypes List<String>
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    groups CasbDlpRuleGroups
    Name-ID pairs of groups for which the rule is applied
    includeCriteriaDomainProfile Boolean
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEmailRecipientProfile Boolean
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEntityGroups Boolean
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    includedDomainProfiles CasbDlpRuleIncludedDomainProfiles
    Name-ID pairs of domain profiles included in the criteria for the rule
    labels CasbDlpRuleLabels
    Name-ID pairs of rule labels associated with the rule
    name String
    Rule name
    objectTypes CasbDlpRuleObjectTypes
    List of object types for which the rule is applied
    order Integer
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    quarantineLocation String
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    rank Integer
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    recipient String
    Specifies if the email recipient is internal or external
    redactionProfiles List<CasbDlpRuleRedactionProfile>
    Name-ID of the redaction profile in the criteria
    severity String
    The severity level of the incidents that match the policy rule
    state String
    Administrative state of the rule
    tags List<CasbDlpRuleTag>
    Tag applied to the rule
    type String
    The type of SaaS Security Data at Rest Scanning DLP rule
    users CasbDlpRuleUsers
    Name-ID pairs of users for which rule must be applied
    watermarkDeleteOldVersion Boolean
    Specifies whether to delete an old version of the watermarked file
    watermarkProfiles List<CasbDlpRuleWatermarkProfile>
    Watermark profile applied to the rule
    withoutContentInspection Boolean
    If true, Content Matching is set to None
    zscalerIncidentReceivers List<CasbDlpRuleZscalerIncidentReceiver>
    The Zscaler Incident Receiver details
    action string
    The configured action for the policy rule
    auditorNotifications CasbDlpRuleAuditorNotification[]
    Notification template used for DLP email alerts sent to the auditor
    bucketOwner string
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    buckets CasbDlpRuleBuckets
    The buckets for the Zscaler service to inspect for sensitive data
    casbEmailLabels CasbDlpRuleCasbEmailLabel[]
    Name-ID of the email label associated with the rule
    casbTombstoneTemplates CasbDlpRuleCasbTombstoneTemplate[]
    Name-ID of the quarantine tombstone template associated with the rule
    cloudAppTenants CasbDlpRuleCloudAppTenants
    Name-ID pairs of the cloud application tenants for which the rule is applied
    collaborationScopes string[]
    Collaboration scope for the rule
    components string[]
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    contentLocation string
    The location for the content that the Zscaler service inspects for sensitive data
    criteriaDomainProfiles CasbDlpRuleCriteriaDomainProfiles
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    departments CasbDlpRuleDepartments
    Name-ID pairs of departments for which rule must be applied
    description string
    An admin editable text-based description of the rule
    dlpEngines CasbDlpRuleDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied
    domains string[]
    The domain for the external organization sharing the channel
    emailRecipientProfiles CasbDlpRuleEmailRecipientProfiles
    Name-ID pairs of recipient profiles for which the rule is applied
    entityGroups CasbDlpRuleEntityGroups
    Name-ID pairs of entity groups that are part of the rule criteria
    excludedDomainProfiles CasbDlpRuleExcludedDomainProfiles
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    externalAuditorEmail string
    Email address of the external auditor to whom the DLP email alerts are sent
    fileTypes string[]
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    groups CasbDlpRuleGroups
    Name-ID pairs of groups for which the rule is applied
    includeCriteriaDomainProfile boolean
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEmailRecipientProfile boolean
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEntityGroups boolean
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    includedDomainProfiles CasbDlpRuleIncludedDomainProfiles
    Name-ID pairs of domain profiles included in the criteria for the rule
    labels CasbDlpRuleLabels
    Name-ID pairs of rule labels associated with the rule
    name string
    Rule name
    objectTypes CasbDlpRuleObjectTypes
    List of object types for which the rule is applied
    order number
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    quarantineLocation string
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    rank number
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    recipient string
    Specifies if the email recipient is internal or external
    redactionProfiles CasbDlpRuleRedactionProfile[]
    Name-ID of the redaction profile in the criteria
    severity string
    The severity level of the incidents that match the policy rule
    state string
    Administrative state of the rule
    tags CasbDlpRuleTag[]
    Tag applied to the rule
    type string
    The type of SaaS Security Data at Rest Scanning DLP rule
    users CasbDlpRuleUsers
    Name-ID pairs of users for which rule must be applied
    watermarkDeleteOldVersion boolean
    Specifies whether to delete an old version of the watermarked file
    watermarkProfiles CasbDlpRuleWatermarkProfile[]
    Watermark profile applied to the rule
    withoutContentInspection boolean
    If true, Content Matching is set to None
    zscalerIncidentReceivers CasbDlpRuleZscalerIncidentReceiver[]
    The Zscaler Incident Receiver details
    action str
    The configured action for the policy rule
    auditor_notifications Sequence[CasbDlpRuleAuditorNotificationArgs]
    Notification template used for DLP email alerts sent to the auditor
    bucket_owner str
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    buckets CasbDlpRuleBucketsArgs
    The buckets for the Zscaler service to inspect for sensitive data
    casb_email_labels Sequence[CasbDlpRuleCasbEmailLabelArgs]
    Name-ID of the email label associated with the rule
    casb_tombstone_templates Sequence[CasbDlpRuleCasbTombstoneTemplateArgs]
    Name-ID of the quarantine tombstone template associated with the rule
    cloud_app_tenants CasbDlpRuleCloudAppTenantsArgs
    Name-ID pairs of the cloud application tenants for which the rule is applied
    collaboration_scopes Sequence[str]
    Collaboration scope for the rule
    components Sequence[str]
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    content_location str
    The location for the content that the Zscaler service inspects for sensitive data
    criteria_domain_profiles CasbDlpRuleCriteriaDomainProfilesArgs
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    departments CasbDlpRuleDepartmentsArgs
    Name-ID pairs of departments for which rule must be applied
    description str
    An admin editable text-based description of the rule
    dlp_engines CasbDlpRuleDlpEnginesArgs
    The list of DLP engines to which the DLP policy rule must be applied
    domains Sequence[str]
    The domain for the external organization sharing the channel
    email_recipient_profiles CasbDlpRuleEmailRecipientProfilesArgs
    Name-ID pairs of recipient profiles for which the rule is applied
    entity_groups CasbDlpRuleEntityGroupsArgs
    Name-ID pairs of entity groups that are part of the rule criteria
    excluded_domain_profiles CasbDlpRuleExcludedDomainProfilesArgs
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    external_auditor_email str
    Email address of the external auditor to whom the DLP email alerts are sent
    file_types Sequence[str]
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    groups CasbDlpRuleGroupsArgs
    Name-ID pairs of groups for which the rule is applied
    include_criteria_domain_profile bool
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    include_email_recipient_profile bool
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    include_entity_groups bool
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    included_domain_profiles CasbDlpRuleIncludedDomainProfilesArgs
    Name-ID pairs of domain profiles included in the criteria for the rule
    labels CasbDlpRuleLabelsArgs
    Name-ID pairs of rule labels associated with the rule
    name str
    Rule name
    object_types CasbDlpRuleObjectTypesArgs
    List of object types for which the rule is applied
    order int
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    quarantine_location str
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    rank int
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    recipient str
    Specifies if the email recipient is internal or external
    redaction_profiles Sequence[CasbDlpRuleRedactionProfileArgs]
    Name-ID of the redaction profile in the criteria
    severity str
    The severity level of the incidents that match the policy rule
    state str
    Administrative state of the rule
    tags Sequence[CasbDlpRuleTagArgs]
    Tag applied to the rule
    type str
    The type of SaaS Security Data at Rest Scanning DLP rule
    users CasbDlpRuleUsersArgs
    Name-ID pairs of users for which rule must be applied
    watermark_delete_old_version bool
    Specifies whether to delete an old version of the watermarked file
    watermark_profiles Sequence[CasbDlpRuleWatermarkProfileArgs]
    Watermark profile applied to the rule
    without_content_inspection bool
    If true, Content Matching is set to None
    zscaler_incident_receivers Sequence[CasbDlpRuleZscalerIncidentReceiverArgs]
    The Zscaler Incident Receiver details
    action String
    The configured action for the policy rule
    auditorNotifications List<Property Map>
    Notification template used for DLP email alerts sent to the auditor
    bucketOwner String
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    buckets Property Map
    The buckets for the Zscaler service to inspect for sensitive data
    casbEmailLabels List<Property Map>
    Name-ID of the email label associated with the rule
    casbTombstoneTemplates List<Property Map>
    Name-ID of the quarantine tombstone template associated with the rule
    cloudAppTenants Property Map
    Name-ID pairs of the cloud application tenants for which the rule is applied
    collaborationScopes List<String>
    Collaboration scope for the rule
    components List<String>
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    contentLocation String
    The location for the content that the Zscaler service inspects for sensitive data
    criteriaDomainProfiles Property Map
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    departments Property Map
    Name-ID pairs of departments for which rule must be applied
    description String
    An admin editable text-based description of the rule
    dlpEngines Property Map
    The list of DLP engines to which the DLP policy rule must be applied
    domains List<String>
    The domain for the external organization sharing the channel
    emailRecipientProfiles Property Map
    Name-ID pairs of recipient profiles for which the rule is applied
    entityGroups Property Map
    Name-ID pairs of entity groups that are part of the rule criteria
    excludedDomainProfiles Property Map
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    externalAuditorEmail String
    Email address of the external auditor to whom the DLP email alerts are sent
    fileTypes List<String>
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    groups Property Map
    Name-ID pairs of groups for which the rule is applied
    includeCriteriaDomainProfile Boolean
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEmailRecipientProfile Boolean
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEntityGroups Boolean
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    includedDomainProfiles Property Map
    Name-ID pairs of domain profiles included in the criteria for the rule
    labels Property Map
    Name-ID pairs of rule labels associated with the rule
    name String
    Rule name
    objectTypes Property Map
    List of object types for which the rule is applied
    order Number
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    quarantineLocation String
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    rank Number
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    recipient String
    Specifies if the email recipient is internal or external
    redactionProfiles List<Property Map>
    Name-ID of the redaction profile in the criteria
    severity String
    The severity level of the incidents that match the policy rule
    state String
    Administrative state of the rule
    tags List<Property Map>
    Tag applied to the rule
    type String
    The type of SaaS Security Data at Rest Scanning DLP rule
    users Property Map
    Name-ID pairs of users for which rule must be applied
    watermarkDeleteOldVersion Boolean
    Specifies whether to delete an old version of the watermarked file
    watermarkProfiles List<Property Map>
    Watermark profile applied to the rule
    withoutContentInspection Boolean
    If true, Content Matching is set to None
    zscalerIncidentReceivers List<Property Map>
    The Zscaler Incident Receiver details

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CasbDlpRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    RuleId int
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    Id string
    The provider-assigned unique ID for this managed resource.
    RuleId int
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    id String
    The provider-assigned unique ID for this managed resource.
    ruleId Integer
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    id string
    The provider-assigned unique ID for this managed resource.
    ruleId number
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    id str
    The provider-assigned unique ID for this managed resource.
    rule_id int
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    id String
    The provider-assigned unique ID for this managed resource.
    ruleId Number
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule

    Look up Existing CasbDlpRule Resource

    Get an existing CasbDlpRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CasbDlpRuleState, opts?: CustomResourceOptions): CasbDlpRule
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        auditor_notifications: Optional[Sequence[CasbDlpRuleAuditorNotificationArgs]] = None,
        bucket_owner: Optional[str] = None,
        buckets: Optional[CasbDlpRuleBucketsArgs] = None,
        casb_email_labels: Optional[Sequence[CasbDlpRuleCasbEmailLabelArgs]] = None,
        casb_tombstone_templates: Optional[Sequence[CasbDlpRuleCasbTombstoneTemplateArgs]] = None,
        cloud_app_tenants: Optional[CasbDlpRuleCloudAppTenantsArgs] = None,
        collaboration_scopes: Optional[Sequence[str]] = None,
        components: Optional[Sequence[str]] = None,
        content_location: Optional[str] = None,
        criteria_domain_profiles: Optional[CasbDlpRuleCriteriaDomainProfilesArgs] = None,
        departments: Optional[CasbDlpRuleDepartmentsArgs] = None,
        description: Optional[str] = None,
        dlp_engines: Optional[CasbDlpRuleDlpEnginesArgs] = None,
        domains: Optional[Sequence[str]] = None,
        email_recipient_profiles: Optional[CasbDlpRuleEmailRecipientProfilesArgs] = None,
        entity_groups: Optional[CasbDlpRuleEntityGroupsArgs] = None,
        excluded_domain_profiles: Optional[CasbDlpRuleExcludedDomainProfilesArgs] = None,
        external_auditor_email: Optional[str] = None,
        file_types: Optional[Sequence[str]] = None,
        groups: Optional[CasbDlpRuleGroupsArgs] = None,
        include_criteria_domain_profile: Optional[bool] = None,
        include_email_recipient_profile: Optional[bool] = None,
        include_entity_groups: Optional[bool] = None,
        included_domain_profiles: Optional[CasbDlpRuleIncludedDomainProfilesArgs] = None,
        labels: Optional[CasbDlpRuleLabelsArgs] = None,
        name: Optional[str] = None,
        object_types: Optional[CasbDlpRuleObjectTypesArgs] = None,
        order: Optional[int] = None,
        quarantine_location: Optional[str] = None,
        rank: Optional[int] = None,
        recipient: Optional[str] = None,
        redaction_profiles: Optional[Sequence[CasbDlpRuleRedactionProfileArgs]] = None,
        rule_id: Optional[int] = None,
        severity: Optional[str] = None,
        state: Optional[str] = None,
        tags: Optional[Sequence[CasbDlpRuleTagArgs]] = None,
        type: Optional[str] = None,
        users: Optional[CasbDlpRuleUsersArgs] = None,
        watermark_delete_old_version: Optional[bool] = None,
        watermark_profiles: Optional[Sequence[CasbDlpRuleWatermarkProfileArgs]] = None,
        without_content_inspection: Optional[bool] = None,
        zscaler_incident_receivers: Optional[Sequence[CasbDlpRuleZscalerIncidentReceiverArgs]] = None) -> CasbDlpRule
    func GetCasbDlpRule(ctx *Context, name string, id IDInput, state *CasbDlpRuleState, opts ...ResourceOption) (*CasbDlpRule, error)
    public static CasbDlpRule Get(string name, Input<string> id, CasbDlpRuleState? state, CustomResourceOptions? opts = null)
    public static CasbDlpRule get(String name, Output<String> id, CasbDlpRuleState state, CustomResourceOptions options)
    resources:  _:    type: zia:CasbDlpRule    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    The configured action for the policy rule
    AuditorNotifications List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleAuditorNotification>
    Notification template used for DLP email alerts sent to the auditor
    BucketOwner string
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    Buckets zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleBuckets
    The buckets for the Zscaler service to inspect for sensitive data
    CasbEmailLabels List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleCasbEmailLabel>
    Name-ID of the email label associated with the rule
    CasbTombstoneTemplates List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleCasbTombstoneTemplate>
    Name-ID of the quarantine tombstone template associated with the rule
    CloudAppTenants zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleCloudAppTenants
    Name-ID pairs of the cloud application tenants for which the rule is applied
    CollaborationScopes List<string>
    Collaboration scope for the rule
    Components List<string>
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    ContentLocation string
    The location for the content that the Zscaler service inspects for sensitive data
    CriteriaDomainProfiles zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleCriteriaDomainProfiles
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    Departments zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleDepartments
    Name-ID pairs of departments for which rule must be applied
    Description string
    An admin editable text-based description of the rule
    DlpEngines zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied
    Domains List<string>
    The domain for the external organization sharing the channel
    EmailRecipientProfiles zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleEmailRecipientProfiles
    Name-ID pairs of recipient profiles for which the rule is applied
    EntityGroups zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleEntityGroups
    Name-ID pairs of entity groups that are part of the rule criteria
    ExcludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleExcludedDomainProfiles
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    ExternalAuditorEmail string
    Email address of the external auditor to whom the DLP email alerts are sent
    FileTypes List<string>
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    Groups zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleGroups
    Name-ID pairs of groups for which the rule is applied
    IncludeCriteriaDomainProfile bool
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    IncludeEmailRecipientProfile bool
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    IncludeEntityGroups bool
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    IncludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleIncludedDomainProfiles
    Name-ID pairs of domain profiles included in the criteria for the rule
    Labels zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleLabels
    Name-ID pairs of rule labels associated with the rule
    Name string
    Rule name
    ObjectTypes zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleObjectTypes
    List of object types for which the rule is applied
    Order int
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    QuarantineLocation string
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    Rank int
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    Recipient string
    Specifies if the email recipient is internal or external
    RedactionProfiles List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleRedactionProfile>
    Name-ID of the redaction profile in the criteria
    RuleId int
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    Severity string
    The severity level of the incidents that match the policy rule
    State string
    Administrative state of the rule
    Tags List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleTag>
    Tag applied to the rule
    Type string
    The type of SaaS Security Data at Rest Scanning DLP rule
    Users zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleUsers
    Name-ID pairs of users for which rule must be applied
    WatermarkDeleteOldVersion bool
    Specifies whether to delete an old version of the watermarked file
    WatermarkProfiles List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleWatermarkProfile>
    Watermark profile applied to the rule
    WithoutContentInspection bool
    If true, Content Matching is set to None
    ZscalerIncidentReceivers List<zscaler.PulumiPackage.Zia.Inputs.CasbDlpRuleZscalerIncidentReceiver>
    The Zscaler Incident Receiver details
    Action string
    The configured action for the policy rule
    AuditorNotifications []CasbDlpRuleAuditorNotificationArgs
    Notification template used for DLP email alerts sent to the auditor
    BucketOwner string
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    Buckets CasbDlpRuleBucketsArgs
    The buckets for the Zscaler service to inspect for sensitive data
    CasbEmailLabels []CasbDlpRuleCasbEmailLabelArgs
    Name-ID of the email label associated with the rule
    CasbTombstoneTemplates []CasbDlpRuleCasbTombstoneTemplateArgs
    Name-ID of the quarantine tombstone template associated with the rule
    CloudAppTenants CasbDlpRuleCloudAppTenantsArgs
    Name-ID pairs of the cloud application tenants for which the rule is applied
    CollaborationScopes []string
    Collaboration scope for the rule
    Components []string
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    ContentLocation string
    The location for the content that the Zscaler service inspects for sensitive data
    CriteriaDomainProfiles CasbDlpRuleCriteriaDomainProfilesArgs
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    Departments CasbDlpRuleDepartmentsArgs
    Name-ID pairs of departments for which rule must be applied
    Description string
    An admin editable text-based description of the rule
    DlpEngines CasbDlpRuleDlpEnginesArgs
    The list of DLP engines to which the DLP policy rule must be applied
    Domains []string
    The domain for the external organization sharing the channel
    EmailRecipientProfiles CasbDlpRuleEmailRecipientProfilesArgs
    Name-ID pairs of recipient profiles for which the rule is applied
    EntityGroups CasbDlpRuleEntityGroupsArgs
    Name-ID pairs of entity groups that are part of the rule criteria
    ExcludedDomainProfiles CasbDlpRuleExcludedDomainProfilesArgs
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    ExternalAuditorEmail string
    Email address of the external auditor to whom the DLP email alerts are sent
    FileTypes []string
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    Groups CasbDlpRuleGroupsArgs
    Name-ID pairs of groups for which the rule is applied
    IncludeCriteriaDomainProfile bool
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    IncludeEmailRecipientProfile bool
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    IncludeEntityGroups bool
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    IncludedDomainProfiles CasbDlpRuleIncludedDomainProfilesArgs
    Name-ID pairs of domain profiles included in the criteria for the rule
    Labels CasbDlpRuleLabelsArgs
    Name-ID pairs of rule labels associated with the rule
    Name string
    Rule name
    ObjectTypes CasbDlpRuleObjectTypesArgs
    List of object types for which the rule is applied
    Order int
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    QuarantineLocation string
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    Rank int
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    Recipient string
    Specifies if the email recipient is internal or external
    RedactionProfiles []CasbDlpRuleRedactionProfileArgs
    Name-ID of the redaction profile in the criteria
    RuleId int
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    Severity string
    The severity level of the incidents that match the policy rule
    State string
    Administrative state of the rule
    Tags []CasbDlpRuleTagArgs
    Tag applied to the rule
    Type string
    The type of SaaS Security Data at Rest Scanning DLP rule
    Users CasbDlpRuleUsersArgs
    Name-ID pairs of users for which rule must be applied
    WatermarkDeleteOldVersion bool
    Specifies whether to delete an old version of the watermarked file
    WatermarkProfiles []CasbDlpRuleWatermarkProfileArgs
    Watermark profile applied to the rule
    WithoutContentInspection bool
    If true, Content Matching is set to None
    ZscalerIncidentReceivers []CasbDlpRuleZscalerIncidentReceiverArgs
    The Zscaler Incident Receiver details
    action String
    The configured action for the policy rule
    auditorNotifications List<CasbDlpRuleAuditorNotification>
    Notification template used for DLP email alerts sent to the auditor
    bucketOwner String
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    buckets CasbDlpRuleBuckets
    The buckets for the Zscaler service to inspect for sensitive data
    casbEmailLabels List<CasbDlpRuleCasbEmailLabel>
    Name-ID of the email label associated with the rule
    casbTombstoneTemplates List<CasbDlpRuleCasbTombstoneTemplate>
    Name-ID of the quarantine tombstone template associated with the rule
    cloudAppTenants CasbDlpRuleCloudAppTenants
    Name-ID pairs of the cloud application tenants for which the rule is applied
    collaborationScopes List<String>
    Collaboration scope for the rule
    components List<String>
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    contentLocation String
    The location for the content that the Zscaler service inspects for sensitive data
    criteriaDomainProfiles CasbDlpRuleCriteriaDomainProfiles
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    departments CasbDlpRuleDepartments
    Name-ID pairs of departments for which rule must be applied
    description String
    An admin editable text-based description of the rule
    dlpEngines CasbDlpRuleDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied
    domains List<String>
    The domain for the external organization sharing the channel
    emailRecipientProfiles CasbDlpRuleEmailRecipientProfiles
    Name-ID pairs of recipient profiles for which the rule is applied
    entityGroups CasbDlpRuleEntityGroups
    Name-ID pairs of entity groups that are part of the rule criteria
    excludedDomainProfiles CasbDlpRuleExcludedDomainProfiles
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    externalAuditorEmail String
    Email address of the external auditor to whom the DLP email alerts are sent
    fileTypes List<String>
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    groups CasbDlpRuleGroups
    Name-ID pairs of groups for which the rule is applied
    includeCriteriaDomainProfile Boolean
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEmailRecipientProfile Boolean
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEntityGroups Boolean
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    includedDomainProfiles CasbDlpRuleIncludedDomainProfiles
    Name-ID pairs of domain profiles included in the criteria for the rule
    labels CasbDlpRuleLabels
    Name-ID pairs of rule labels associated with the rule
    name String
    Rule name
    objectTypes CasbDlpRuleObjectTypes
    List of object types for which the rule is applied
    order Integer
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    quarantineLocation String
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    rank Integer
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    recipient String
    Specifies if the email recipient is internal or external
    redactionProfiles List<CasbDlpRuleRedactionProfile>
    Name-ID of the redaction profile in the criteria
    ruleId Integer
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    severity String
    The severity level of the incidents that match the policy rule
    state String
    Administrative state of the rule
    tags List<CasbDlpRuleTag>
    Tag applied to the rule
    type String
    The type of SaaS Security Data at Rest Scanning DLP rule
    users CasbDlpRuleUsers
    Name-ID pairs of users for which rule must be applied
    watermarkDeleteOldVersion Boolean
    Specifies whether to delete an old version of the watermarked file
    watermarkProfiles List<CasbDlpRuleWatermarkProfile>
    Watermark profile applied to the rule
    withoutContentInspection Boolean
    If true, Content Matching is set to None
    zscalerIncidentReceivers List<CasbDlpRuleZscalerIncidentReceiver>
    The Zscaler Incident Receiver details
    action string
    The configured action for the policy rule
    auditorNotifications CasbDlpRuleAuditorNotification[]
    Notification template used for DLP email alerts sent to the auditor
    bucketOwner string
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    buckets CasbDlpRuleBuckets
    The buckets for the Zscaler service to inspect for sensitive data
    casbEmailLabels CasbDlpRuleCasbEmailLabel[]
    Name-ID of the email label associated with the rule
    casbTombstoneTemplates CasbDlpRuleCasbTombstoneTemplate[]
    Name-ID of the quarantine tombstone template associated with the rule
    cloudAppTenants CasbDlpRuleCloudAppTenants
    Name-ID pairs of the cloud application tenants for which the rule is applied
    collaborationScopes string[]
    Collaboration scope for the rule
    components string[]
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    contentLocation string
    The location for the content that the Zscaler service inspects for sensitive data
    criteriaDomainProfiles CasbDlpRuleCriteriaDomainProfiles
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    departments CasbDlpRuleDepartments
    Name-ID pairs of departments for which rule must be applied
    description string
    An admin editable text-based description of the rule
    dlpEngines CasbDlpRuleDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied
    domains string[]
    The domain for the external organization sharing the channel
    emailRecipientProfiles CasbDlpRuleEmailRecipientProfiles
    Name-ID pairs of recipient profiles for which the rule is applied
    entityGroups CasbDlpRuleEntityGroups
    Name-ID pairs of entity groups that are part of the rule criteria
    excludedDomainProfiles CasbDlpRuleExcludedDomainProfiles
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    externalAuditorEmail string
    Email address of the external auditor to whom the DLP email alerts are sent
    fileTypes string[]
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    groups CasbDlpRuleGroups
    Name-ID pairs of groups for which the rule is applied
    includeCriteriaDomainProfile boolean
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEmailRecipientProfile boolean
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEntityGroups boolean
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    includedDomainProfiles CasbDlpRuleIncludedDomainProfiles
    Name-ID pairs of domain profiles included in the criteria for the rule
    labels CasbDlpRuleLabels
    Name-ID pairs of rule labels associated with the rule
    name string
    Rule name
    objectTypes CasbDlpRuleObjectTypes
    List of object types for which the rule is applied
    order number
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    quarantineLocation string
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    rank number
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    recipient string
    Specifies if the email recipient is internal or external
    redactionProfiles CasbDlpRuleRedactionProfile[]
    Name-ID of the redaction profile in the criteria
    ruleId number
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    severity string
    The severity level of the incidents that match the policy rule
    state string
    Administrative state of the rule
    tags CasbDlpRuleTag[]
    Tag applied to the rule
    type string
    The type of SaaS Security Data at Rest Scanning DLP rule
    users CasbDlpRuleUsers
    Name-ID pairs of users for which rule must be applied
    watermarkDeleteOldVersion boolean
    Specifies whether to delete an old version of the watermarked file
    watermarkProfiles CasbDlpRuleWatermarkProfile[]
    Watermark profile applied to the rule
    withoutContentInspection boolean
    If true, Content Matching is set to None
    zscalerIncidentReceivers CasbDlpRuleZscalerIncidentReceiver[]
    The Zscaler Incident Receiver details
    action str
    The configured action for the policy rule
    auditor_notifications Sequence[CasbDlpRuleAuditorNotificationArgs]
    Notification template used for DLP email alerts sent to the auditor
    bucket_owner str
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    buckets CasbDlpRuleBucketsArgs
    The buckets for the Zscaler service to inspect for sensitive data
    casb_email_labels Sequence[CasbDlpRuleCasbEmailLabelArgs]
    Name-ID of the email label associated with the rule
    casb_tombstone_templates Sequence[CasbDlpRuleCasbTombstoneTemplateArgs]
    Name-ID of the quarantine tombstone template associated with the rule
    cloud_app_tenants CasbDlpRuleCloudAppTenantsArgs
    Name-ID pairs of the cloud application tenants for which the rule is applied
    collaboration_scopes Sequence[str]
    Collaboration scope for the rule
    components Sequence[str]
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    content_location str
    The location for the content that the Zscaler service inspects for sensitive data
    criteria_domain_profiles CasbDlpRuleCriteriaDomainProfilesArgs
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    departments CasbDlpRuleDepartmentsArgs
    Name-ID pairs of departments for which rule must be applied
    description str
    An admin editable text-based description of the rule
    dlp_engines CasbDlpRuleDlpEnginesArgs
    The list of DLP engines to which the DLP policy rule must be applied
    domains Sequence[str]
    The domain for the external organization sharing the channel
    email_recipient_profiles CasbDlpRuleEmailRecipientProfilesArgs
    Name-ID pairs of recipient profiles for which the rule is applied
    entity_groups CasbDlpRuleEntityGroupsArgs
    Name-ID pairs of entity groups that are part of the rule criteria
    excluded_domain_profiles CasbDlpRuleExcludedDomainProfilesArgs
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    external_auditor_email str
    Email address of the external auditor to whom the DLP email alerts are sent
    file_types Sequence[str]
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    groups CasbDlpRuleGroupsArgs
    Name-ID pairs of groups for which the rule is applied
    include_criteria_domain_profile bool
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    include_email_recipient_profile bool
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    include_entity_groups bool
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    included_domain_profiles CasbDlpRuleIncludedDomainProfilesArgs
    Name-ID pairs of domain profiles included in the criteria for the rule
    labels CasbDlpRuleLabelsArgs
    Name-ID pairs of rule labels associated with the rule
    name str
    Rule name
    object_types CasbDlpRuleObjectTypesArgs
    List of object types for which the rule is applied
    order int
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    quarantine_location str
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    rank int
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    recipient str
    Specifies if the email recipient is internal or external
    redaction_profiles Sequence[CasbDlpRuleRedactionProfileArgs]
    Name-ID of the redaction profile in the criteria
    rule_id int
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    severity str
    The severity level of the incidents that match the policy rule
    state str
    Administrative state of the rule
    tags Sequence[CasbDlpRuleTagArgs]
    Tag applied to the rule
    type str
    The type of SaaS Security Data at Rest Scanning DLP rule
    users CasbDlpRuleUsersArgs
    Name-ID pairs of users for which rule must be applied
    watermark_delete_old_version bool
    Specifies whether to delete an old version of the watermarked file
    watermark_profiles Sequence[CasbDlpRuleWatermarkProfileArgs]
    Watermark profile applied to the rule
    without_content_inspection bool
    If true, Content Matching is set to None
    zscaler_incident_receivers Sequence[CasbDlpRuleZscalerIncidentReceiverArgs]
    The Zscaler Incident Receiver details
    action String
    The configured action for the policy rule
    auditorNotifications List<Property Map>
    Notification template used for DLP email alerts sent to the auditor
    bucketOwner String
    A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
    buckets Property Map
    The buckets for the Zscaler service to inspect for sensitive data
    casbEmailLabels List<Property Map>
    Name-ID of the email label associated with the rule
    casbTombstoneTemplates List<Property Map>
    Name-ID of the quarantine tombstone template associated with the rule
    cloudAppTenants Property Map
    Name-ID pairs of the cloud application tenants for which the rule is applied
    collaborationScopes List<String>
    Collaboration scope for the rule
    components List<String>
    List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
    contentLocation String
    The location for the content that the Zscaler service inspects for sensitive data
    criteriaDomainProfiles Property Map
    Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
    departments Property Map
    Name-ID pairs of departments for which rule must be applied
    description String
    An admin editable text-based description of the rule
    dlpEngines Property Map
    The list of DLP engines to which the DLP policy rule must be applied
    domains List<String>
    The domain for the external organization sharing the channel
    emailRecipientProfiles Property Map
    Name-ID pairs of recipient profiles for which the rule is applied
    entityGroups Property Map
    Name-ID pairs of entity groups that are part of the rule criteria
    excludedDomainProfiles Property Map
    Name-ID pairs of domain profiles excluded in the criteria for the rule
    externalAuditorEmail String
    Email address of the external auditor to whom the DLP email alerts are sent
    fileTypes List<String>
    File type categories for which the policy is applied. If not set, the rule is applied across all file types.
    groups Property Map
    Name-ID pairs of groups for which the rule is applied
    includeCriteriaDomainProfile Boolean
    If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEmailRecipientProfile Boolean
    If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
    includeEntityGroups Boolean
    If true, entityGroups is included as part of the criteria, else are excluded from the criteria
    includedDomainProfiles Property Map
    Name-ID pairs of domain profiles included in the criteria for the rule
    labels Property Map
    Name-ID pairs of rule labels associated with the rule
    name String
    Rule name
    objectTypes Property Map
    List of object types for which the rule is applied
    order Number
    Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
    quarantineLocation String
    Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
    rank Number
    Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
    recipient String
    Specifies if the email recipient is internal or external
    redactionProfiles List<Property Map>
    Name-ID of the redaction profile in the criteria
    ruleId Number
    System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
    severity String
    The severity level of the incidents that match the policy rule
    state String
    Administrative state of the rule
    tags List<Property Map>
    Tag applied to the rule
    type String
    The type of SaaS Security Data at Rest Scanning DLP rule
    users Property Map
    Name-ID pairs of users for which rule must be applied
    watermarkDeleteOldVersion Boolean
    Specifies whether to delete an old version of the watermarked file
    watermarkProfiles List<Property Map>
    Watermark profile applied to the rule
    withoutContentInspection Boolean
    If true, Content Matching is set to None
    zscalerIncidentReceivers List<Property Map>
    The Zscaler Incident Receiver details

    Supporting Types

    CasbDlpRuleAuditorNotification, CasbDlpRuleAuditorNotificationArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    CasbDlpRuleBuckets, CasbDlpRuleBucketsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleCasbEmailLabel, CasbDlpRuleCasbEmailLabelArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    CasbDlpRuleCasbTombstoneTemplate, CasbDlpRuleCasbTombstoneTemplateArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    CasbDlpRuleCloudAppTenants, CasbDlpRuleCloudAppTenantsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleCriteriaDomainProfiles, CasbDlpRuleCriteriaDomainProfilesArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleDepartments, CasbDlpRuleDepartmentsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleDlpEngines, CasbDlpRuleDlpEnginesArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleEmailRecipientProfiles, CasbDlpRuleEmailRecipientProfilesArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleEntityGroups, CasbDlpRuleEntityGroupsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleExcludedDomainProfiles, CasbDlpRuleExcludedDomainProfilesArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleGroups, CasbDlpRuleGroupsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleIncludedDomainProfiles, CasbDlpRuleIncludedDomainProfilesArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleLabels, CasbDlpRuleLabelsArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    CasbDlpRuleObjectTypes, CasbDlpRuleObjectTypesArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleRedactionProfile, CasbDlpRuleRedactionProfileArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    CasbDlpRuleTag, CasbDlpRuleTagArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    CasbDlpRuleUsers, CasbDlpRuleUsersArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    CasbDlpRuleWatermarkProfile, CasbDlpRuleWatermarkProfileArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    CasbDlpRuleZscalerIncidentReceiver, CasbDlpRuleZscalerIncidentReceiverArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    Import

    Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.

    Visit

    zia_casb_dlp_rules can be imported by using <RULE_TYPE:RULE_ID> or <RULE_TYPE:RULE_NAME> as the import ID.

    For example:

    $ pulumi import zia:index/casbDlpRule:CasbDlpRule this <rule_type:rule_id>

    $ pulumi import zia:index/casbDlpRule:CasbDlpRule this <"rule_type:rule_name">

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    zia zscaler/pulumi-zia
    License
    MIT
    Notes
    This Pulumi package is based on the zia Terraform Provider.
    zia logo
    Zscaler Internet Access v1.1.1 published on Tuesday, Jun 24, 2025 by Zscaler
    zscaler/pulumi-zia