Docs Home
Zscaler Internet Access v1.1.1 published on Tuesday, Jun 24, 2025 by Zscaler
zia.CasbDlpRules
Explore with Pulumi AI
Deprecated: zia.index/casbdlprules.CasbDlpRules has been deprecated in favor of zia.index/casbdlprule.CasbDlpRule
The zia_casb_dlp_rules resource Adds a new SaaS Security Data at Rest Scanning DLP rule in the Zscaler Internet Access.
Example Usage
data "zia_casb_tenant" "this" {
tenant_name = "Jira_Tenant01"
}
data "zia_dlp_incident_receiver_servers" "this" {
name = "ZS_Incident_Receiver"
}
data "zia_rule_labels" "this" {
name = "RuleLabel01
}
data "zia_dlp_engines" "this" {
name = "PCI"
}
data "zia_admin_users" "this" {
username = auditor01
}
resource "zia_casb_dlp_rules" "this" {
name = "SaaS_ITSM_App_Rule"
description = "SaaS_ITSM_App_Rule"
order = 1
rank = 7
type = "OFLCASB_DLP_ITSM"
action = "OFLCASB_DLP_REPORT_INCIDENT"
severity = "RULE_SEVERITY_HIGH"
without_content_inspection = false
external_auditor_email = "jdoe@acme.com"
file_types = [
"FTCATEGORY_APPX",
"FTCATEGORY_SQL",
]
collaboration_scope = [
"ANY",
]
components = [
"COMPONENT_ITSM_OBJECTS",
"COMPONENT_ITSM_ATTACHMENTS",
]
cloud_app_tenants {
id = [data.zia_casb_tenant.this.tenant_id]
}
dlp_engines {
id = [data.zia_dlp_engines.this.id]
}
object_types {
id = [32, 33, 34]
}
labels {
id = [data.zia_rule_labels.this.id]
}
zscaler_incident_receiver {
id = data.zia_dlp_incident_receiver_servers.this.id
}
auditor_notification {
id = data.zia_admin_users.this.id
}
}
Create CasbDlpRules Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CasbDlpRules(name: string, args?: CasbDlpRulesArgs, opts?: CustomResourceOptions);@overload
def CasbDlpRules(resource_name: str,
args: Optional[CasbDlpRulesArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def CasbDlpRules(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
auditor_notifications: Optional[Sequence[CasbDlpRulesAuditorNotificationArgs]] = None,
bucket_owner: Optional[str] = None,
buckets: Optional[CasbDlpRulesBucketsArgs] = None,
casb_email_labels: Optional[Sequence[CasbDlpRulesCasbEmailLabelArgs]] = None,
casb_tombstone_templates: Optional[Sequence[CasbDlpRulesCasbTombstoneTemplateArgs]] = None,
cloud_app_tenants: Optional[CasbDlpRulesCloudAppTenantsArgs] = None,
collaboration_scopes: Optional[Sequence[str]] = None,
components: Optional[Sequence[str]] = None,
content_location: Optional[str] = None,
criteria_domain_profiles: Optional[CasbDlpRulesCriteriaDomainProfilesArgs] = None,
departments: Optional[CasbDlpRulesDepartmentsArgs] = None,
description: Optional[str] = None,
dlp_engines: Optional[CasbDlpRulesDlpEnginesArgs] = None,
domains: Optional[Sequence[str]] = None,
email_recipient_profiles: Optional[CasbDlpRulesEmailRecipientProfilesArgs] = None,
entity_groups: Optional[CasbDlpRulesEntityGroupsArgs] = None,
excluded_domain_profiles: Optional[CasbDlpRulesExcludedDomainProfilesArgs] = None,
external_auditor_email: Optional[str] = None,
file_types: Optional[Sequence[str]] = None,
groups: Optional[CasbDlpRulesGroupsArgs] = None,
include_criteria_domain_profile: Optional[bool] = None,
include_email_recipient_profile: Optional[bool] = None,
include_entity_groups: Optional[bool] = None,
included_domain_profiles: Optional[CasbDlpRulesIncludedDomainProfilesArgs] = None,
labels: Optional[CasbDlpRulesLabelsArgs] = None,
name: Optional[str] = None,
object_types: Optional[CasbDlpRulesObjectTypesArgs] = None,
order: Optional[int] = None,
quarantine_location: Optional[str] = None,
rank: Optional[int] = None,
recipient: Optional[str] = None,
redaction_profiles: Optional[Sequence[CasbDlpRulesRedactionProfileArgs]] = None,
severity: Optional[str] = None,
state: Optional[str] = None,
tags: Optional[Sequence[CasbDlpRulesTagArgs]] = None,
type: Optional[str] = None,
users: Optional[CasbDlpRulesUsersArgs] = None,
watermark_delete_old_version: Optional[bool] = None,
watermark_profiles: Optional[Sequence[CasbDlpRulesWatermarkProfileArgs]] = None,
without_content_inspection: Optional[bool] = None,
zscaler_incident_receivers: Optional[Sequence[CasbDlpRulesZscalerIncidentReceiverArgs]] = None)func NewCasbDlpRules(ctx *Context, name string, args *CasbDlpRulesArgs, opts ...ResourceOption) (*CasbDlpRules, error)public CasbDlpRules(string name, CasbDlpRulesArgs? args = null, CustomResourceOptions? opts = null)
public CasbDlpRules(String name, CasbDlpRulesArgs args)
public CasbDlpRules(String name, CasbDlpRulesArgs args, CustomResourceOptions options)
type: zia:CasbDlpRules
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CasbDlpRulesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CasbDlpRulesArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CasbDlpRulesArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CasbDlpRulesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CasbDlpRulesArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CasbDlpRules Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CasbDlpRules resource accepts the following input properties:
- Action string
- The configured action for the policy rule
- Auditor
Notifications List<zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Auditor Notification> - Notification template used for DLP email alerts sent to the auditor
- Bucket
Owner string - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- Buckets
zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Buckets - The buckets for the Zscaler service to inspect for sensitive data
- Casb
Email List<zscaler.Labels Pulumi Package. Zia. Inputs. Casb Dlp Rules Casb Email Label> - Name-ID of the email label associated with the rule
- Casb
Tombstone List<zscaler.Templates Pulumi Package. Zia. Inputs. Casb Dlp Rules Casb Tombstone Template> - Name-ID of the quarantine tombstone template associated with the rule
- Cloud
App zscaler.Tenants Pulumi Package. Zia. Inputs. Casb Dlp Rules Cloud App Tenants - Name-ID pairs of the cloud application tenants for which the rule is applied
- Collaboration
Scopes List<string> - Collaboration scope for the rule
- Components List<string>
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- Content
Location string - The location for the content that the Zscaler service inspects for sensitive data
- Criteria
Domain zscaler.Profiles Pulumi Package. Zia. Inputs. Casb Dlp Rules Criteria Domain Profiles - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- Departments
zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Departments - Name-ID pairs of departments for which rule must be applied
- Description string
- An admin editable text-based description of the rule
- Dlp
Engines zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Dlp Engines - The list of DLP engines to which the DLP policy rule must be applied
- Domains List<string>
- The domain for the external organization sharing the channel
- Email
Recipient zscaler.Profiles Pulumi Package. Zia. Inputs. Casb Dlp Rules Email Recipient Profiles - Name-ID pairs of recipient profiles for which the rule is applied
- Entity
Groups zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Entity Groups - Name-ID pairs of entity groups that are part of the rule criteria
- Excluded
Domain zscaler.Profiles Pulumi Package. Zia. Inputs. Casb Dlp Rules Excluded Domain Profiles - Name-ID pairs of domain profiles excluded in the criteria for the rule
- External
Auditor stringEmail - Email address of the external auditor to whom the DLP email alerts are sent
- File
Types List<string> - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- Groups
zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Groups - Name-ID pairs of groups for which the rule is applied
- Include
Criteria boolDomain Profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- Include
Email boolRecipient Profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- Include
Entity boolGroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- Included
Domain zscaler.Profiles Pulumi Package. Zia. Inputs. Casb Dlp Rules Included Domain Profiles - Name-ID pairs of domain profiles included in the criteria for the rule
- Labels
zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Labels - Name-ID pairs of rule labels associated with the rule
- Name string
- Rule name
- Object
Types zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Object Types - List of object types for which the rule is applied
- Order int
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- Quarantine
Location string - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- Rank int
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- Recipient string
- Specifies if the email recipient is internal or external
- Redaction
Profiles List<zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Redaction Profile> - Name-ID of the redaction profile in the criteria
- Severity string
- The severity level of the incidents that match the policy rule
- State string
- Administrative state of the rule
-
List<zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Tag> - Tag applied to the rule
- Type string
- The type of SaaS Security Data at Rest Scanning DLP rule
- Users
zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Users - Name-ID pairs of users for which rule must be applied
- Watermark
Delete boolOld Version - Specifies whether to delete an old version of the watermarked file
- Watermark
Profiles List<zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Watermark Profile> - Watermark profile applied to the rule
- Without
Content boolInspection - If true, Content Matching is set to None
- Zscaler
Incident List<zscaler.Receivers Pulumi Package. Zia. Inputs. Casb Dlp Rules Zscaler Incident Receiver> - The Zscaler Incident Receiver details
- Action string
- The configured action for the policy rule
- Auditor
Notifications []CasbDlp Rules Auditor Notification Args - Notification template used for DLP email alerts sent to the auditor
- Bucket
Owner string - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- Buckets
Casb
Dlp Rules Buckets Args - The buckets for the Zscaler service to inspect for sensitive data
- Casb
Email []CasbLabels Dlp Rules Casb Email Label Args - Name-ID of the email label associated with the rule
- Casb
Tombstone []CasbTemplates Dlp Rules Casb Tombstone Template Args - Name-ID of the quarantine tombstone template associated with the rule
- Cloud
App CasbTenants Dlp Rules Cloud App Tenants Args - Name-ID pairs of the cloud application tenants for which the rule is applied
- Collaboration
Scopes []string - Collaboration scope for the rule
- Components []string
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- Content
Location string - The location for the content that the Zscaler service inspects for sensitive data
- Criteria
Domain CasbProfiles Dlp Rules Criteria Domain Profiles Args - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- Departments
Casb
Dlp Rules Departments Args - Name-ID pairs of departments for which rule must be applied
- Description string
- An admin editable text-based description of the rule
- Dlp
Engines CasbDlp Rules Dlp Engines Args - The list of DLP engines to which the DLP policy rule must be applied
- Domains []string
- The domain for the external organization sharing the channel
- Email
Recipient CasbProfiles Dlp Rules Email Recipient Profiles Args - Name-ID pairs of recipient profiles for which the rule is applied
- Entity
Groups CasbDlp Rules Entity Groups Args - Name-ID pairs of entity groups that are part of the rule criteria
- Excluded
Domain CasbProfiles Dlp Rules Excluded Domain Profiles Args - Name-ID pairs of domain profiles excluded in the criteria for the rule
- External
Auditor stringEmail - Email address of the external auditor to whom the DLP email alerts are sent
- File
Types []string - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- Groups
Casb
Dlp Rules Groups Args - Name-ID pairs of groups for which the rule is applied
- Include
Criteria boolDomain Profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- Include
Email boolRecipient Profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- Include
Entity boolGroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- Included
Domain CasbProfiles Dlp Rules Included Domain Profiles Args - Name-ID pairs of domain profiles included in the criteria for the rule
- Labels
Casb
Dlp Rules Labels Args - Name-ID pairs of rule labels associated with the rule
- Name string
- Rule name
- Object
Types CasbDlp Rules Object Types Args - List of object types for which the rule is applied
- Order int
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- Quarantine
Location string - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- Rank int
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- Recipient string
- Specifies if the email recipient is internal or external
- Redaction
Profiles []CasbDlp Rules Redaction Profile Args - Name-ID of the redaction profile in the criteria
- Severity string
- The severity level of the incidents that match the policy rule
- State string
- Administrative state of the rule
-
[]Casb
Dlp Rules Tag Args - Tag applied to the rule
- Type string
- The type of SaaS Security Data at Rest Scanning DLP rule
- Users
Casb
Dlp Rules Users Args - Name-ID pairs of users for which rule must be applied
- Watermark
Delete boolOld Version - Specifies whether to delete an old version of the watermarked file
- Watermark
Profiles []CasbDlp Rules Watermark Profile Args - Watermark profile applied to the rule
- Without
Content boolInspection - If true, Content Matching is set to None
- Zscaler
Incident []CasbReceivers Dlp Rules Zscaler Incident Receiver Args - The Zscaler Incident Receiver details
- action String
- The configured action for the policy rule
- auditor
Notifications List<CasbDlp Rules Auditor Notification> - Notification template used for DLP email alerts sent to the auditor
- bucket
Owner String - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- buckets
Casb
Dlp Rules Buckets - The buckets for the Zscaler service to inspect for sensitive data
- casb
Email List<CasbLabels Dlp Rules Casb Email Label> - Name-ID of the email label associated with the rule
- casb
Tombstone List<CasbTemplates Dlp Rules Casb Tombstone Template> - Name-ID of the quarantine tombstone template associated with the rule
- cloud
App CasbTenants Dlp Rules Cloud App Tenants - Name-ID pairs of the cloud application tenants for which the rule is applied
- collaboration
Scopes List<String> - Collaboration scope for the rule
- components List<String>
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- content
Location String - The location for the content that the Zscaler service inspects for sensitive data
- criteria
Domain CasbProfiles Dlp Rules Criteria Domain Profiles - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- departments
Casb
Dlp Rules Departments - Name-ID pairs of departments for which rule must be applied
- description String
- An admin editable text-based description of the rule
- dlp
Engines CasbDlp Rules Dlp Engines - The list of DLP engines to which the DLP policy rule must be applied
- domains List<String>
- The domain for the external organization sharing the channel
- email
Recipient CasbProfiles Dlp Rules Email Recipient Profiles - Name-ID pairs of recipient profiles for which the rule is applied
- entity
Groups CasbDlp Rules Entity Groups - Name-ID pairs of entity groups that are part of the rule criteria
- excluded
Domain CasbProfiles Dlp Rules Excluded Domain Profiles - Name-ID pairs of domain profiles excluded in the criteria for the rule
- external
Auditor StringEmail - Email address of the external auditor to whom the DLP email alerts are sent
- file
Types List<String> - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- groups
Casb
Dlp Rules Groups - Name-ID pairs of groups for which the rule is applied
- include
Criteria BooleanDomain Profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Email BooleanRecipient Profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Entity BooleanGroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- included
Domain CasbProfiles Dlp Rules Included Domain Profiles - Name-ID pairs of domain profiles included in the criteria for the rule
- labels
Casb
Dlp Rules Labels - Name-ID pairs of rule labels associated with the rule
- name String
- Rule name
- object
Types CasbDlp Rules Object Types - List of object types for which the rule is applied
- order Integer
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- quarantine
Location String - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- rank Integer
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- recipient String
- Specifies if the email recipient is internal or external
- redaction
Profiles List<CasbDlp Rules Redaction Profile> - Name-ID of the redaction profile in the criteria
- severity String
- The severity level of the incidents that match the policy rule
- state String
- Administrative state of the rule
-
List<Casb
Dlp Rules Tag> - Tag applied to the rule
- type String
- The type of SaaS Security Data at Rest Scanning DLP rule
- users
Casb
Dlp Rules Users - Name-ID pairs of users for which rule must be applied
- watermark
Delete BooleanOld Version - Specifies whether to delete an old version of the watermarked file
- watermark
Profiles List<CasbDlp Rules Watermark Profile> - Watermark profile applied to the rule
- without
Content BooleanInspection - If true, Content Matching is set to None
- zscaler
Incident List<CasbReceivers Dlp Rules Zscaler Incident Receiver> - The Zscaler Incident Receiver details
- action string
- The configured action for the policy rule
- auditor
Notifications CasbDlp Rules Auditor Notification[] - Notification template used for DLP email alerts sent to the auditor
- bucket
Owner string - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- buckets
Casb
Dlp Rules Buckets - The buckets for the Zscaler service to inspect for sensitive data
- casb
Email CasbLabels Dlp Rules Casb Email Label[] - Name-ID of the email label associated with the rule
- casb
Tombstone CasbTemplates Dlp Rules Casb Tombstone Template[] - Name-ID of the quarantine tombstone template associated with the rule
- cloud
App CasbTenants Dlp Rules Cloud App Tenants - Name-ID pairs of the cloud application tenants for which the rule is applied
- collaboration
Scopes string[] - Collaboration scope for the rule
- components string[]
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- content
Location string - The location for the content that the Zscaler service inspects for sensitive data
- criteria
Domain CasbProfiles Dlp Rules Criteria Domain Profiles - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- departments
Casb
Dlp Rules Departments - Name-ID pairs of departments for which rule must be applied
- description string
- An admin editable text-based description of the rule
- dlp
Engines CasbDlp Rules Dlp Engines - The list of DLP engines to which the DLP policy rule must be applied
- domains string[]
- The domain for the external organization sharing the channel
- email
Recipient CasbProfiles Dlp Rules Email Recipient Profiles - Name-ID pairs of recipient profiles for which the rule is applied
- entity
Groups CasbDlp Rules Entity Groups - Name-ID pairs of entity groups that are part of the rule criteria
- excluded
Domain CasbProfiles Dlp Rules Excluded Domain Profiles - Name-ID pairs of domain profiles excluded in the criteria for the rule
- external
Auditor stringEmail - Email address of the external auditor to whom the DLP email alerts are sent
- file
Types string[] - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- groups
Casb
Dlp Rules Groups - Name-ID pairs of groups for which the rule is applied
- include
Criteria booleanDomain Profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Email booleanRecipient Profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Entity booleanGroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- included
Domain CasbProfiles Dlp Rules Included Domain Profiles - Name-ID pairs of domain profiles included in the criteria for the rule
- labels
Casb
Dlp Rules Labels - Name-ID pairs of rule labels associated with the rule
- name string
- Rule name
- object
Types CasbDlp Rules Object Types - List of object types for which the rule is applied
- order number
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- quarantine
Location string - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- rank number
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- recipient string
- Specifies if the email recipient is internal or external
- redaction
Profiles CasbDlp Rules Redaction Profile[] - Name-ID of the redaction profile in the criteria
- severity string
- The severity level of the incidents that match the policy rule
- state string
- Administrative state of the rule
-
Casb
Dlp Rules Tag[] - Tag applied to the rule
- type string
- The type of SaaS Security Data at Rest Scanning DLP rule
- users
Casb
Dlp Rules Users - Name-ID pairs of users for which rule must be applied
- watermark
Delete booleanOld Version - Specifies whether to delete an old version of the watermarked file
- watermark
Profiles CasbDlp Rules Watermark Profile[] - Watermark profile applied to the rule
- without
Content booleanInspection - If true, Content Matching is set to None
- zscaler
Incident CasbReceivers Dlp Rules Zscaler Incident Receiver[] - The Zscaler Incident Receiver details
- action str
- The configured action for the policy rule
- auditor_
notifications Sequence[CasbDlp Rules Auditor Notification Args] - Notification template used for DLP email alerts sent to the auditor
- bucket_
owner str - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- buckets
Casb
Dlp Rules Buckets Args - The buckets for the Zscaler service to inspect for sensitive data
- casb_
email_ Sequence[Casblabels Dlp Rules Casb Email Label Args] - Name-ID of the email label associated with the rule
- casb_
tombstone_ Sequence[Casbtemplates Dlp Rules Casb Tombstone Template Args] - Name-ID of the quarantine tombstone template associated with the rule
- cloud_
app_ Casbtenants Dlp Rules Cloud App Tenants Args - Name-ID pairs of the cloud application tenants for which the rule is applied
- collaboration_
scopes Sequence[str] - Collaboration scope for the rule
- components Sequence[str]
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- content_
location str - The location for the content that the Zscaler service inspects for sensitive data
- criteria_
domain_ Casbprofiles Dlp Rules Criteria Domain Profiles Args - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- departments
Casb
Dlp Rules Departments Args - Name-ID pairs of departments for which rule must be applied
- description str
- An admin editable text-based description of the rule
- dlp_
engines CasbDlp Rules Dlp Engines Args - The list of DLP engines to which the DLP policy rule must be applied
- domains Sequence[str]
- The domain for the external organization sharing the channel
- email_
recipient_ Casbprofiles Dlp Rules Email Recipient Profiles Args - Name-ID pairs of recipient profiles for which the rule is applied
- entity_
groups CasbDlp Rules Entity Groups Args - Name-ID pairs of entity groups that are part of the rule criteria
- excluded_
domain_ Casbprofiles Dlp Rules Excluded Domain Profiles Args - Name-ID pairs of domain profiles excluded in the criteria for the rule
- external_
auditor_ stremail - Email address of the external auditor to whom the DLP email alerts are sent
- file_
types Sequence[str] - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- groups
Casb
Dlp Rules Groups Args - Name-ID pairs of groups for which the rule is applied
- include_
criteria_ booldomain_ profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- include_
email_ boolrecipient_ profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- include_
entity_ boolgroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- included_
domain_ Casbprofiles Dlp Rules Included Domain Profiles Args - Name-ID pairs of domain profiles included in the criteria for the rule
- labels
Casb
Dlp Rules Labels Args - Name-ID pairs of rule labels associated with the rule
- name str
- Rule name
- object_
types CasbDlp Rules Object Types Args - List of object types for which the rule is applied
- order int
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- quarantine_
location str - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- rank int
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- recipient str
- Specifies if the email recipient is internal or external
- redaction_
profiles Sequence[CasbDlp Rules Redaction Profile Args] - Name-ID of the redaction profile in the criteria
- severity str
- The severity level of the incidents that match the policy rule
- state str
- Administrative state of the rule
-
Sequence[Casb
Dlp Rules Tag Args] - Tag applied to the rule
- type str
- The type of SaaS Security Data at Rest Scanning DLP rule
- users
Casb
Dlp Rules Users Args - Name-ID pairs of users for which rule must be applied
- watermark_
delete_ boolold_ version - Specifies whether to delete an old version of the watermarked file
- watermark_
profiles Sequence[CasbDlp Rules Watermark Profile Args] - Watermark profile applied to the rule
- without_
content_ boolinspection - If true, Content Matching is set to None
- zscaler_
incident_ Sequence[Casbreceivers Dlp Rules Zscaler Incident Receiver Args] - The Zscaler Incident Receiver details
- action String
- The configured action for the policy rule
- auditor
Notifications List<Property Map> - Notification template used for DLP email alerts sent to the auditor
- bucket
Owner String - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- buckets Property Map
- The buckets for the Zscaler service to inspect for sensitive data
- casb
Email List<Property Map>Labels - Name-ID of the email label associated with the rule
- casb
Tombstone List<Property Map>Templates - Name-ID of the quarantine tombstone template associated with the rule
- cloud
App Property MapTenants - Name-ID pairs of the cloud application tenants for which the rule is applied
- collaboration
Scopes List<String> - Collaboration scope for the rule
- components List<String>
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- content
Location String - The location for the content that the Zscaler service inspects for sensitive data
- criteria
Domain Property MapProfiles - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- departments Property Map
- Name-ID pairs of departments for which rule must be applied
- description String
- An admin editable text-based description of the rule
- dlp
Engines Property Map - The list of DLP engines to which the DLP policy rule must be applied
- domains List<String>
- The domain for the external organization sharing the channel
- email
Recipient Property MapProfiles - Name-ID pairs of recipient profiles for which the rule is applied
- entity
Groups Property Map - Name-ID pairs of entity groups that are part of the rule criteria
- excluded
Domain Property MapProfiles - Name-ID pairs of domain profiles excluded in the criteria for the rule
- external
Auditor StringEmail - Email address of the external auditor to whom the DLP email alerts are sent
- file
Types List<String> - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- groups Property Map
- Name-ID pairs of groups for which the rule is applied
- include
Criteria BooleanDomain Profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Email BooleanRecipient Profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Entity BooleanGroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- included
Domain Property MapProfiles - Name-ID pairs of domain profiles included in the criteria for the rule
- labels Property Map
- Name-ID pairs of rule labels associated with the rule
- name String
- Rule name
- object
Types Property Map - List of object types for which the rule is applied
- order Number
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- quarantine
Location String - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- rank Number
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- recipient String
- Specifies if the email recipient is internal or external
- redaction
Profiles List<Property Map> - Name-ID of the redaction profile in the criteria
- severity String
- The severity level of the incidents that match the policy rule
- state String
- Administrative state of the rule
- List<Property Map>
- Tag applied to the rule
- type String
- The type of SaaS Security Data at Rest Scanning DLP rule
- users Property Map
- Name-ID pairs of users for which rule must be applied
- watermark
Delete BooleanOld Version - Specifies whether to delete an old version of the watermarked file
- watermark
Profiles List<Property Map> - Watermark profile applied to the rule
- without
Content BooleanInspection - If true, Content Matching is set to None
- zscaler
Incident List<Property Map>Receivers - The Zscaler Incident Receiver details
Outputs
All input properties are implicitly available as output properties. Additionally, the CasbDlpRules resource produces the following output properties:
Look up Existing CasbDlpRules Resource
Get an existing CasbDlpRules resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CasbDlpRulesState, opts?: CustomResourceOptions): CasbDlpRules@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
auditor_notifications: Optional[Sequence[CasbDlpRulesAuditorNotificationArgs]] = None,
bucket_owner: Optional[str] = None,
buckets: Optional[CasbDlpRulesBucketsArgs] = None,
casb_email_labels: Optional[Sequence[CasbDlpRulesCasbEmailLabelArgs]] = None,
casb_tombstone_templates: Optional[Sequence[CasbDlpRulesCasbTombstoneTemplateArgs]] = None,
cloud_app_tenants: Optional[CasbDlpRulesCloudAppTenantsArgs] = None,
collaboration_scopes: Optional[Sequence[str]] = None,
components: Optional[Sequence[str]] = None,
content_location: Optional[str] = None,
criteria_domain_profiles: Optional[CasbDlpRulesCriteriaDomainProfilesArgs] = None,
departments: Optional[CasbDlpRulesDepartmentsArgs] = None,
description: Optional[str] = None,
dlp_engines: Optional[CasbDlpRulesDlpEnginesArgs] = None,
domains: Optional[Sequence[str]] = None,
email_recipient_profiles: Optional[CasbDlpRulesEmailRecipientProfilesArgs] = None,
entity_groups: Optional[CasbDlpRulesEntityGroupsArgs] = None,
excluded_domain_profiles: Optional[CasbDlpRulesExcludedDomainProfilesArgs] = None,
external_auditor_email: Optional[str] = None,
file_types: Optional[Sequence[str]] = None,
groups: Optional[CasbDlpRulesGroupsArgs] = None,
include_criteria_domain_profile: Optional[bool] = None,
include_email_recipient_profile: Optional[bool] = None,
include_entity_groups: Optional[bool] = None,
included_domain_profiles: Optional[CasbDlpRulesIncludedDomainProfilesArgs] = None,
labels: Optional[CasbDlpRulesLabelsArgs] = None,
name: Optional[str] = None,
object_types: Optional[CasbDlpRulesObjectTypesArgs] = None,
order: Optional[int] = None,
quarantine_location: Optional[str] = None,
rank: Optional[int] = None,
recipient: Optional[str] = None,
redaction_profiles: Optional[Sequence[CasbDlpRulesRedactionProfileArgs]] = None,
rule_id: Optional[int] = None,
severity: Optional[str] = None,
state: Optional[str] = None,
tags: Optional[Sequence[CasbDlpRulesTagArgs]] = None,
type: Optional[str] = None,
users: Optional[CasbDlpRulesUsersArgs] = None,
watermark_delete_old_version: Optional[bool] = None,
watermark_profiles: Optional[Sequence[CasbDlpRulesWatermarkProfileArgs]] = None,
without_content_inspection: Optional[bool] = None,
zscaler_incident_receivers: Optional[Sequence[CasbDlpRulesZscalerIncidentReceiverArgs]] = None) -> CasbDlpRulesfunc GetCasbDlpRules(ctx *Context, name string, id IDInput, state *CasbDlpRulesState, opts ...ResourceOption) (*CasbDlpRules, error)public static CasbDlpRules Get(string name, Input<string> id, CasbDlpRulesState? state, CustomResourceOptions? opts = null)public static CasbDlpRules get(String name, Output<String> id, CasbDlpRulesState state, CustomResourceOptions options)resources: _: type: zia:CasbDlpRules get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The configured action for the policy rule
- Auditor
Notifications List<zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Auditor Notification> - Notification template used for DLP email alerts sent to the auditor
- Bucket
Owner string - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- Buckets
zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Buckets - The buckets for the Zscaler service to inspect for sensitive data
- Casb
Email List<zscaler.Labels Pulumi Package. Zia. Inputs. Casb Dlp Rules Casb Email Label> - Name-ID of the email label associated with the rule
- Casb
Tombstone List<zscaler.Templates Pulumi Package. Zia. Inputs. Casb Dlp Rules Casb Tombstone Template> - Name-ID of the quarantine tombstone template associated with the rule
- Cloud
App zscaler.Tenants Pulumi Package. Zia. Inputs. Casb Dlp Rules Cloud App Tenants - Name-ID pairs of the cloud application tenants for which the rule is applied
- Collaboration
Scopes List<string> - Collaboration scope for the rule
- Components List<string>
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- Content
Location string - The location for the content that the Zscaler service inspects for sensitive data
- Criteria
Domain zscaler.Profiles Pulumi Package. Zia. Inputs. Casb Dlp Rules Criteria Domain Profiles - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- Departments
zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Departments - Name-ID pairs of departments for which rule must be applied
- Description string
- An admin editable text-based description of the rule
- Dlp
Engines zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Dlp Engines - The list of DLP engines to which the DLP policy rule must be applied
- Domains List<string>
- The domain for the external organization sharing the channel
- Email
Recipient zscaler.Profiles Pulumi Package. Zia. Inputs. Casb Dlp Rules Email Recipient Profiles - Name-ID pairs of recipient profiles for which the rule is applied
- Entity
Groups zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Entity Groups - Name-ID pairs of entity groups that are part of the rule criteria
- Excluded
Domain zscaler.Profiles Pulumi Package. Zia. Inputs. Casb Dlp Rules Excluded Domain Profiles - Name-ID pairs of domain profiles excluded in the criteria for the rule
- External
Auditor stringEmail - Email address of the external auditor to whom the DLP email alerts are sent
- File
Types List<string> - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- Groups
zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Groups - Name-ID pairs of groups for which the rule is applied
- Include
Criteria boolDomain Profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- Include
Email boolRecipient Profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- Include
Entity boolGroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- Included
Domain zscaler.Profiles Pulumi Package. Zia. Inputs. Casb Dlp Rules Included Domain Profiles - Name-ID pairs of domain profiles included in the criteria for the rule
- Labels
zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Labels - Name-ID pairs of rule labels associated with the rule
- Name string
- Rule name
- Object
Types zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Object Types - List of object types for which the rule is applied
- Order int
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- Quarantine
Location string - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- Rank int
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- Recipient string
- Specifies if the email recipient is internal or external
- Redaction
Profiles List<zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Redaction Profile> - Name-ID of the redaction profile in the criteria
- Rule
Id int - System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
- Severity string
- The severity level of the incidents that match the policy rule
- State string
- Administrative state of the rule
-
List<zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Tag> - Tag applied to the rule
- Type string
- The type of SaaS Security Data at Rest Scanning DLP rule
- Users
zscaler.
Pulumi Package. Zia. Inputs. Casb Dlp Rules Users - Name-ID pairs of users for which rule must be applied
- Watermark
Delete boolOld Version - Specifies whether to delete an old version of the watermarked file
- Watermark
Profiles List<zscaler.Pulumi Package. Zia. Inputs. Casb Dlp Rules Watermark Profile> - Watermark profile applied to the rule
- Without
Content boolInspection - If true, Content Matching is set to None
- Zscaler
Incident List<zscaler.Receivers Pulumi Package. Zia. Inputs. Casb Dlp Rules Zscaler Incident Receiver> - The Zscaler Incident Receiver details
- Action string
- The configured action for the policy rule
- Auditor
Notifications []CasbDlp Rules Auditor Notification Args - Notification template used for DLP email alerts sent to the auditor
- Bucket
Owner string - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- Buckets
Casb
Dlp Rules Buckets Args - The buckets for the Zscaler service to inspect for sensitive data
- Casb
Email []CasbLabels Dlp Rules Casb Email Label Args - Name-ID of the email label associated with the rule
- Casb
Tombstone []CasbTemplates Dlp Rules Casb Tombstone Template Args - Name-ID of the quarantine tombstone template associated with the rule
- Cloud
App CasbTenants Dlp Rules Cloud App Tenants Args - Name-ID pairs of the cloud application tenants for which the rule is applied
- Collaboration
Scopes []string - Collaboration scope for the rule
- Components []string
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- Content
Location string - The location for the content that the Zscaler service inspects for sensitive data
- Criteria
Domain CasbProfiles Dlp Rules Criteria Domain Profiles Args - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- Departments
Casb
Dlp Rules Departments Args - Name-ID pairs of departments for which rule must be applied
- Description string
- An admin editable text-based description of the rule
- Dlp
Engines CasbDlp Rules Dlp Engines Args - The list of DLP engines to which the DLP policy rule must be applied
- Domains []string
- The domain for the external organization sharing the channel
- Email
Recipient CasbProfiles Dlp Rules Email Recipient Profiles Args - Name-ID pairs of recipient profiles for which the rule is applied
- Entity
Groups CasbDlp Rules Entity Groups Args - Name-ID pairs of entity groups that are part of the rule criteria
- Excluded
Domain CasbProfiles Dlp Rules Excluded Domain Profiles Args - Name-ID pairs of domain profiles excluded in the criteria for the rule
- External
Auditor stringEmail - Email address of the external auditor to whom the DLP email alerts are sent
- File
Types []string - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- Groups
Casb
Dlp Rules Groups Args - Name-ID pairs of groups for which the rule is applied
- Include
Criteria boolDomain Profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- Include
Email boolRecipient Profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- Include
Entity boolGroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- Included
Domain CasbProfiles Dlp Rules Included Domain Profiles Args - Name-ID pairs of domain profiles included in the criteria for the rule
- Labels
Casb
Dlp Rules Labels Args - Name-ID pairs of rule labels associated with the rule
- Name string
- Rule name
- Object
Types CasbDlp Rules Object Types Args - List of object types for which the rule is applied
- Order int
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- Quarantine
Location string - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- Rank int
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- Recipient string
- Specifies if the email recipient is internal or external
- Redaction
Profiles []CasbDlp Rules Redaction Profile Args - Name-ID of the redaction profile in the criteria
- Rule
Id int - System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
- Severity string
- The severity level of the incidents that match the policy rule
- State string
- Administrative state of the rule
-
[]Casb
Dlp Rules Tag Args - Tag applied to the rule
- Type string
- The type of SaaS Security Data at Rest Scanning DLP rule
- Users
Casb
Dlp Rules Users Args - Name-ID pairs of users for which rule must be applied
- Watermark
Delete boolOld Version - Specifies whether to delete an old version of the watermarked file
- Watermark
Profiles []CasbDlp Rules Watermark Profile Args - Watermark profile applied to the rule
- Without
Content boolInspection - If true, Content Matching is set to None
- Zscaler
Incident []CasbReceivers Dlp Rules Zscaler Incident Receiver Args - The Zscaler Incident Receiver details
- action String
- The configured action for the policy rule
- auditor
Notifications List<CasbDlp Rules Auditor Notification> - Notification template used for DLP email alerts sent to the auditor
- bucket
Owner String - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- buckets
Casb
Dlp Rules Buckets - The buckets for the Zscaler service to inspect for sensitive data
- casb
Email List<CasbLabels Dlp Rules Casb Email Label> - Name-ID of the email label associated with the rule
- casb
Tombstone List<CasbTemplates Dlp Rules Casb Tombstone Template> - Name-ID of the quarantine tombstone template associated with the rule
- cloud
App CasbTenants Dlp Rules Cloud App Tenants - Name-ID pairs of the cloud application tenants for which the rule is applied
- collaboration
Scopes List<String> - Collaboration scope for the rule
- components List<String>
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- content
Location String - The location for the content that the Zscaler service inspects for sensitive data
- criteria
Domain CasbProfiles Dlp Rules Criteria Domain Profiles - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- departments
Casb
Dlp Rules Departments - Name-ID pairs of departments for which rule must be applied
- description String
- An admin editable text-based description of the rule
- dlp
Engines CasbDlp Rules Dlp Engines - The list of DLP engines to which the DLP policy rule must be applied
- domains List<String>
- The domain for the external organization sharing the channel
- email
Recipient CasbProfiles Dlp Rules Email Recipient Profiles - Name-ID pairs of recipient profiles for which the rule is applied
- entity
Groups CasbDlp Rules Entity Groups - Name-ID pairs of entity groups that are part of the rule criteria
- excluded
Domain CasbProfiles Dlp Rules Excluded Domain Profiles - Name-ID pairs of domain profiles excluded in the criteria for the rule
- external
Auditor StringEmail - Email address of the external auditor to whom the DLP email alerts are sent
- file
Types List<String> - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- groups
Casb
Dlp Rules Groups - Name-ID pairs of groups for which the rule is applied
- include
Criteria BooleanDomain Profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Email BooleanRecipient Profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Entity BooleanGroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- included
Domain CasbProfiles Dlp Rules Included Domain Profiles - Name-ID pairs of domain profiles included in the criteria for the rule
- labels
Casb
Dlp Rules Labels - Name-ID pairs of rule labels associated with the rule
- name String
- Rule name
- object
Types CasbDlp Rules Object Types - List of object types for which the rule is applied
- order Integer
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- quarantine
Location String - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- rank Integer
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- recipient String
- Specifies if the email recipient is internal or external
- redaction
Profiles List<CasbDlp Rules Redaction Profile> - Name-ID of the redaction profile in the criteria
- rule
Id Integer - System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
- severity String
- The severity level of the incidents that match the policy rule
- state String
- Administrative state of the rule
-
List<Casb
Dlp Rules Tag> - Tag applied to the rule
- type String
- The type of SaaS Security Data at Rest Scanning DLP rule
- users
Casb
Dlp Rules Users - Name-ID pairs of users for which rule must be applied
- watermark
Delete BooleanOld Version - Specifies whether to delete an old version of the watermarked file
- watermark
Profiles List<CasbDlp Rules Watermark Profile> - Watermark profile applied to the rule
- without
Content BooleanInspection - If true, Content Matching is set to None
- zscaler
Incident List<CasbReceivers Dlp Rules Zscaler Incident Receiver> - The Zscaler Incident Receiver details
- action string
- The configured action for the policy rule
- auditor
Notifications CasbDlp Rules Auditor Notification[] - Notification template used for DLP email alerts sent to the auditor
- bucket
Owner string - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- buckets
Casb
Dlp Rules Buckets - The buckets for the Zscaler service to inspect for sensitive data
- casb
Email CasbLabels Dlp Rules Casb Email Label[] - Name-ID of the email label associated with the rule
- casb
Tombstone CasbTemplates Dlp Rules Casb Tombstone Template[] - Name-ID of the quarantine tombstone template associated with the rule
- cloud
App CasbTenants Dlp Rules Cloud App Tenants - Name-ID pairs of the cloud application tenants for which the rule is applied
- collaboration
Scopes string[] - Collaboration scope for the rule
- components string[]
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- content
Location string - The location for the content that the Zscaler service inspects for sensitive data
- criteria
Domain CasbProfiles Dlp Rules Criteria Domain Profiles - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- departments
Casb
Dlp Rules Departments - Name-ID pairs of departments for which rule must be applied
- description string
- An admin editable text-based description of the rule
- dlp
Engines CasbDlp Rules Dlp Engines - The list of DLP engines to which the DLP policy rule must be applied
- domains string[]
- The domain for the external organization sharing the channel
- email
Recipient CasbProfiles Dlp Rules Email Recipient Profiles - Name-ID pairs of recipient profiles for which the rule is applied
- entity
Groups CasbDlp Rules Entity Groups - Name-ID pairs of entity groups that are part of the rule criteria
- excluded
Domain CasbProfiles Dlp Rules Excluded Domain Profiles - Name-ID pairs of domain profiles excluded in the criteria for the rule
- external
Auditor stringEmail - Email address of the external auditor to whom the DLP email alerts are sent
- file
Types string[] - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- groups
Casb
Dlp Rules Groups - Name-ID pairs of groups for which the rule is applied
- include
Criteria booleanDomain Profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Email booleanRecipient Profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Entity booleanGroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- included
Domain CasbProfiles Dlp Rules Included Domain Profiles - Name-ID pairs of domain profiles included in the criteria for the rule
- labels
Casb
Dlp Rules Labels - Name-ID pairs of rule labels associated with the rule
- name string
- Rule name
- object
Types CasbDlp Rules Object Types - List of object types for which the rule is applied
- order number
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- quarantine
Location string - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- rank number
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- recipient string
- Specifies if the email recipient is internal or external
- redaction
Profiles CasbDlp Rules Redaction Profile[] - Name-ID of the redaction profile in the criteria
- rule
Id number - System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
- severity string
- The severity level of the incidents that match the policy rule
- state string
- Administrative state of the rule
-
Casb
Dlp Rules Tag[] - Tag applied to the rule
- type string
- The type of SaaS Security Data at Rest Scanning DLP rule
- users
Casb
Dlp Rules Users - Name-ID pairs of users for which rule must be applied
- watermark
Delete booleanOld Version - Specifies whether to delete an old version of the watermarked file
- watermark
Profiles CasbDlp Rules Watermark Profile[] - Watermark profile applied to the rule
- without
Content booleanInspection - If true, Content Matching is set to None
- zscaler
Incident CasbReceivers Dlp Rules Zscaler Incident Receiver[] - The Zscaler Incident Receiver details
- action str
- The configured action for the policy rule
- auditor_
notifications Sequence[CasbDlp Rules Auditor Notification Args] - Notification template used for DLP email alerts sent to the auditor
- bucket_
owner str - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- buckets
Casb
Dlp Rules Buckets Args - The buckets for the Zscaler service to inspect for sensitive data
- casb_
email_ Sequence[Casblabels Dlp Rules Casb Email Label Args] - Name-ID of the email label associated with the rule
- casb_
tombstone_ Sequence[Casbtemplates Dlp Rules Casb Tombstone Template Args] - Name-ID of the quarantine tombstone template associated with the rule
- cloud_
app_ Casbtenants Dlp Rules Cloud App Tenants Args - Name-ID pairs of the cloud application tenants for which the rule is applied
- collaboration_
scopes Sequence[str] - Collaboration scope for the rule
- components Sequence[str]
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- content_
location str - The location for the content that the Zscaler service inspects for sensitive data
- criteria_
domain_ Casbprofiles Dlp Rules Criteria Domain Profiles Args - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- departments
Casb
Dlp Rules Departments Args - Name-ID pairs of departments for which rule must be applied
- description str
- An admin editable text-based description of the rule
- dlp_
engines CasbDlp Rules Dlp Engines Args - The list of DLP engines to which the DLP policy rule must be applied
- domains Sequence[str]
- The domain for the external organization sharing the channel
- email_
recipient_ Casbprofiles Dlp Rules Email Recipient Profiles Args - Name-ID pairs of recipient profiles for which the rule is applied
- entity_
groups CasbDlp Rules Entity Groups Args - Name-ID pairs of entity groups that are part of the rule criteria
- excluded_
domain_ Casbprofiles Dlp Rules Excluded Domain Profiles Args - Name-ID pairs of domain profiles excluded in the criteria for the rule
- external_
auditor_ stremail - Email address of the external auditor to whom the DLP email alerts are sent
- file_
types Sequence[str] - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- groups
Casb
Dlp Rules Groups Args - Name-ID pairs of groups for which the rule is applied
- include_
criteria_ booldomain_ profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- include_
email_ boolrecipient_ profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- include_
entity_ boolgroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- included_
domain_ Casbprofiles Dlp Rules Included Domain Profiles Args - Name-ID pairs of domain profiles included in the criteria for the rule
- labels
Casb
Dlp Rules Labels Args - Name-ID pairs of rule labels associated with the rule
- name str
- Rule name
- object_
types CasbDlp Rules Object Types Args - List of object types for which the rule is applied
- order int
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- quarantine_
location str - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- rank int
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- recipient str
- Specifies if the email recipient is internal or external
- redaction_
profiles Sequence[CasbDlp Rules Redaction Profile Args] - Name-ID of the redaction profile in the criteria
- rule_
id int - System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
- severity str
- The severity level of the incidents that match the policy rule
- state str
- Administrative state of the rule
-
Sequence[Casb
Dlp Rules Tag Args] - Tag applied to the rule
- type str
- The type of SaaS Security Data at Rest Scanning DLP rule
- users
Casb
Dlp Rules Users Args - Name-ID pairs of users for which rule must be applied
- watermark_
delete_ boolold_ version - Specifies whether to delete an old version of the watermarked file
- watermark_
profiles Sequence[CasbDlp Rules Watermark Profile Args] - Watermark profile applied to the rule
- without_
content_ boolinspection - If true, Content Matching is set to None
- zscaler_
incident_ Sequence[Casbreceivers Dlp Rules Zscaler Incident Receiver Args] - The Zscaler Incident Receiver details
- action String
- The configured action for the policy rule
- auditor
Notifications List<Property Map> - Notification template used for DLP email alerts sent to the auditor
- bucket
Owner String - A user who inspect their buckets for sensitive data. When you choose a user, their buckets are available in the Buckets field
- buckets Property Map
- The buckets for the Zscaler service to inspect for sensitive data
- casb
Email List<Property Map>Labels - Name-ID of the email label associated with the rule
- casb
Tombstone List<Property Map>Templates - Name-ID of the quarantine tombstone template associated with the rule
- cloud
App Property MapTenants - Name-ID pairs of the cloud application tenants for which the rule is applied
- collaboration
Scopes List<String> - Collaboration scope for the rule
- components List<String>
- List of components for which the rule is applied. Zscaler service inspects these components for sensitive data.
- content
Location String - The location for the content that the Zscaler service inspects for sensitive data
- criteria
Domain Property MapProfiles - Name-ID pairs of domain profiles that are mandatory in the criteria for the rule
- departments Property Map
- Name-ID pairs of departments for which rule must be applied
- description String
- An admin editable text-based description of the rule
- dlp
Engines Property Map - The list of DLP engines to which the DLP policy rule must be applied
- domains List<String>
- The domain for the external organization sharing the channel
- email
Recipient Property MapProfiles - Name-ID pairs of recipient profiles for which the rule is applied
- entity
Groups Property Map - Name-ID pairs of entity groups that are part of the rule criteria
- excluded
Domain Property MapProfiles - Name-ID pairs of domain profiles excluded in the criteria for the rule
- external
Auditor StringEmail - Email address of the external auditor to whom the DLP email alerts are sent
- file
Types List<String> - File type categories for which the policy is applied. If not set, the rule is applied across all file types.
- groups Property Map
- Name-ID pairs of groups for which the rule is applied
- include
Criteria BooleanDomain Profile - If true, criteriaDomainProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Email BooleanRecipient Profile - If true, emailRecipientProfiles is included as part of the criteria, else they are excluded from the criteria.
- include
Entity BooleanGroups - If true, entityGroups is included as part of the criteria, else are excluded from the criteria
- included
Domain Property MapProfiles - Name-ID pairs of domain profiles included in the criteria for the rule
- labels Property Map
- Name-ID pairs of rule labels associated with the rule
- name String
- Rule name
- object
Types Property Map - List of object types for which the rule is applied
- order Number
- Order of rule execution with respect to other SaaS Security Data at Rest Scanning DLP rules
- quarantine
Location String - Location where all the quarantined files are moved and necessary actions are taken by either deleting or restoring the data
- rank Number
- Admin rank that is assigned to this rule. Mandatory when admin rank-based access restriction is enabled
- recipient String
- Specifies if the email recipient is internal or external
- redaction
Profiles List<Property Map> - Name-ID of the redaction profile in the criteria
- rule
Id Number - System-generated identifier for the SaaS Security Data at Rest Scanning DLP rule
- severity String
- The severity level of the incidents that match the policy rule
- state String
- Administrative state of the rule
- List<Property Map>
- Tag applied to the rule
- type String
- The type of SaaS Security Data at Rest Scanning DLP rule
- users Property Map
- Name-ID pairs of users for which rule must be applied
- watermark
Delete BooleanOld Version - Specifies whether to delete an old version of the watermarked file
- watermark
Profiles List<Property Map> - Watermark profile applied to the rule
- without
Content BooleanInspection - If true, Content Matching is set to None
- zscaler
Incident List<Property Map>Receivers - The Zscaler Incident Receiver details
Supporting Types
CasbDlpRulesAuditorNotification, CasbDlpRulesAuditorNotificationArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
CasbDlpRulesBuckets, CasbDlpRulesBucketsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesCasbEmailLabel, CasbDlpRulesCasbEmailLabelArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
CasbDlpRulesCasbTombstoneTemplate, CasbDlpRulesCasbTombstoneTemplateArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
CasbDlpRulesCloudAppTenants, CasbDlpRulesCloudAppTenantsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesCriteriaDomainProfiles, CasbDlpRulesCriteriaDomainProfilesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesDepartments, CasbDlpRulesDepartmentsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesDlpEngines, CasbDlpRulesDlpEnginesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesEmailRecipientProfiles, CasbDlpRulesEmailRecipientProfilesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesEntityGroups, CasbDlpRulesEntityGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesExcludedDomainProfiles, CasbDlpRulesExcludedDomainProfilesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesGroups, CasbDlpRulesGroupsArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesIncludedDomainProfiles, CasbDlpRulesIncludedDomainProfilesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesLabels, CasbDlpRulesLabelsArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
CasbDlpRulesObjectTypes, CasbDlpRulesObjectTypesArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesRedactionProfile, CasbDlpRulesRedactionProfileArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
CasbDlpRulesTag, CasbDlpRulesTagArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
CasbDlpRulesUsers, CasbDlpRulesUsersArgs
- Ids List<int>
- Ids []int
- ids List<Integer>
- ids number[]
- ids Sequence[int]
- ids List<Number>
CasbDlpRulesWatermarkProfile, CasbDlpRulesWatermarkProfileArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
CasbDlpRulesZscalerIncidentReceiver, CasbDlpRulesZscalerIncidentReceiverArgs
- Id int
- Id int
- id Integer
- id number
- id int
- id Number
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
zia_casb_dlp_rules can be imported by using <RULE_TYPE:RULE_ID> or <RULE_TYPE:RULE_NAME> as the import ID.
For example:
$ pulumi import zia:index/casbDlpRules:CasbDlpRules this <rule_type:rule_id>
$ pulumi import zia:index/casbDlpRules:CasbDlpRules this <"rule_type:rule_name">
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
- MIT
- Notes
- This Pulumi package is based on the
ziaTerraform Provider.