Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Packages
  2. Zscaler Internet Access (ZIA)
  3. API Docs
  4. DLPWebRules
Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler
zscaler/pulumi-zia

zia.DLPWebRules

Explore with Pulumi AI

zia logo
Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler
zscaler/pulumi-zia

    The zia_dlp_web_rules resource allows the creation and management of ZIA DLP Web Rules in the Zscaler Internet Access cloud or via the API.

    ⚠️ WARNING: Zscaler Internet Access DLP supports a maximum of 127 Web DLP Rules to be created via API.

    Example Usage

    “FTCATEGORY_ALL_OUTBOUND” File Type"

    data "zia_dlp_engines" "this" {
  predefined_engine_name = "EXTERNAL"
}

resource "zia_dlp_web_rules" "this" {
  name                       = "Example"
  description                = "Example"
  action                     = "BLOCK"
  order                      = 1
  rank                       = 7
  state                      = "ENABLED"
  protocols                  = [ "FTP_RULE", "HTTPS_RULE", "HTTP_RULE" ]
  file_types                 = [ "FTCATEGORY_ALL_OUTBOUND" ]
  zscaler_incident_receiver  = false
  without_content_inspection = true
  user_risk_score_levels     = [ "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
  severity                   = "RULE_SEVERITY_HIGH"
  dlp_engines {
    id = [ data.zia_dlp_engines.this.id ]
  }
}

    // Retrieve a custom URL Category by Name
data "zia_url_categories" "this"{
    configured_name = "Example"
}

// Retrieve an ICAP Server by Name
data "zia_dlp_icap_servers" "this" {
  name = "ZS_ICAP_01"
}

resource "zia_dlp_web_rules" "this" {
  name                      = "Terraform_Test"
  description               = "Terraform_Test"
  action                    = "BLOCK"
  order                     = 1
  protocols                 = ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"]
  rank                      = 7
  state                     = "ENABLED"
  zscaler_incident_receiver = true
  without_content_inspection = false
  url_categories {
    id = [ data.zia_url_categories.this.val ]
  }
  icap_server {
    id = data.zia_dlp_icap_servers.this.id
  }
}

    “Specify Incident Receiver Setting”

    // Retrieve a custom URL Category by Name
data "zia_url_categories" "this"{
    configured_name = "Example"
}

// Retrieve a Incident Receiver by Name
data "zia_dlp_incident_receiver_servers" "this" {
  name = "ZS_INC_RECEIVER_01"
}

resource "zia_dlp_web_rules" "this" {
  name                      = "Terraform_Test"
  description               = "Terraform_Test"
  action                    = "BLOCK"
  order                     = 1
  protocols                 = ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"]
  rank                      = 7
  state                     = "ENABLED"
  zscaler_incident_receiver = true
  without_content_inspection = false
  url_categories {
    id = [ data.zia_url_categories.this.val ]
  }
  icap_server {
    id = data.zia_dlp_incident_receiver_servers.this.id
  }
  notification_template {
    id = data.zia_dlp_notification_templates.this.id
  }
}

    “Creating Parent Rules And SubRules”

    ⚠️ WARNING: Destroying a parent rule will also destroy all subrules

    NOTE Exception rules can be configured only when the inline DLP rule evaluation type is set to evaluate all DLP rules in the DLP Advanced Settings. To learn more, see Configuring DLP Advanced Settings

    resource "zia_dlp_web_rules" "parent_rule" {
  name                       = "ParentRule1"
  description                = "ParentRule1"
  action                     = "ALLOW"
  state                      = "ENABLED"
  order                      = 1
  rank                       = 0
  protocols                  = ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"]
  cloud_applications         = ["GOOGLE_WEBMAIL", "WINDOWS_LIVE_HOTMAIL"]
  without_content_inspection = false
  match_only                 = false
  min_size                   = 20
  zscaler_incident_receiver  = true
}

resource "zia_dlp_web_rules" "subrule1" {
  name                       = "SubRule1"
  description                = "SubRule1"
  action                     = "ALLOW"
  state                      = "ENABLED"
  order                      = 1
  rank                       = 0
  protocols                  = ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"]
  cloud_applications         = ["GOOGLE_WEBMAIL", "WINDOWS_LIVE_HOTMAIL"]
  without_content_inspection = false
  match_only                 = false
  parent_rule = zia_dlp_web_rules.parent_rule.id
}

    Create DLPWebRules Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DLPWebRules(name: string, args: DLPWebRulesArgs, opts?: CustomResourceOptions);
    @overload
def DLPWebRules(resource_name: str,
                args: DLPWebRulesArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def DLPWebRules(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                order: Optional[int] = None,
                match_only: Optional[bool] = None,
                labels: Optional[DLPWebRulesLabelsArgs] = None,
                departments: Optional[DLPWebRulesDepartmentsArgs] = None,
                description: Optional[str] = None,
                dlp_download_scan_enabled: Optional[bool] = None,
                dlp_engines: Optional[DLPWebRulesDlpEnginesArgs] = None,
                excluded_departments: Optional[DLPWebRulesExcludedDepartmentsArgs] = None,
                excluded_domain_profiles: Optional[DLPWebRulesExcludedDomainProfilesArgs] = None,
                excluded_groups: Optional[DLPWebRulesExcludedGroupsArgs] = None,
                excluded_users: Optional[DLPWebRulesExcludedUsersArgs] = None,
                external_auditor_email: Optional[str] = None,
                file_types: Optional[Sequence[str]] = None,
                groups: Optional[DLPWebRulesGroupsArgs] = None,
                icap_servers: Optional[Sequence[DLPWebRulesIcapServerArgs]] = None,
                included_domain_profiles: Optional[DLPWebRulesIncludedDomainProfilesArgs] = None,
                inspect_http_get_enabled: Optional[bool] = None,
                action: Optional[str] = None,
                location_groups: Optional[DLPWebRulesLocationGroupsArgs] = None,
                cloud_applications: Optional[Sequence[str]] = None,
                locations: Optional[DLPWebRulesLocationsArgs] = None,
                auditors: Optional[Sequence[DLPWebRulesAuditorArgs]] = None,
                name: Optional[str] = None,
                notification_templates: Optional[Sequence[DLPWebRulesNotificationTemplateArgs]] = None,
                min_size: Optional[int] = None,
                parent_rule: Optional[int] = None,
                protocols: Optional[Sequence[str]] = None,
                rank: Optional[int] = None,
                severity: Optional[str] = None,
                source_ip_groups: Optional[DLPWebRulesSourceIpGroupsArgs] = None,
                state: Optional[str] = None,
                sub_rules: Optional[Sequence[str]] = None,
                time_windows: Optional[DLPWebRulesTimeWindowsArgs] = None,
                url_categories: Optional[DLPWebRulesUrlCategoriesArgs] = None,
                user_risk_score_levels: Optional[Sequence[str]] = None,
                users: Optional[DLPWebRulesUsersArgs] = None,
                without_content_inspection: Optional[bool] = None,
                workload_groups: Optional[Sequence[DLPWebRulesWorkloadGroupArgs]] = None,
                zcc_notifications_enabled: Optional[bool] = None,
                zscaler_incident_receiver: Optional[bool] = None)
    func NewDLPWebRules(ctx *Context, name string, args DLPWebRulesArgs, opts ...ResourceOption) (*DLPWebRules, error)
    public DLPWebRules(string name, DLPWebRulesArgs args, CustomResourceOptions? opts = null)
    public DLPWebRules(String name, DLPWebRulesArgs args)
public DLPWebRules(String name, DLPWebRulesArgs args, CustomResourceOptions options)

    type: zia:DLPWebRules
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args DLPWebRulesArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DLPWebRulesArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DLPWebRulesArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DLPWebRulesArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DLPWebRulesArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var dlpwebRulesResource = new Zia.DLPWebRules("dlpwebRulesResource", new()
{
    Order = 0,
    MatchOnly = false,
    Labels = new Zia.Inputs.DLPWebRulesLabelsArgs
    {
        Id = 0,
    },
    Departments = new Zia.Inputs.DLPWebRulesDepartmentsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Description = "string",
    DlpDownloadScanEnabled = false,
    DlpEngines = new Zia.Inputs.DLPWebRulesDlpEnginesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExcludedDepartments = new Zia.Inputs.DLPWebRulesExcludedDepartmentsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExcludedDomainProfiles = new Zia.Inputs.DLPWebRulesExcludedDomainProfilesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExcludedGroups = new Zia.Inputs.DLPWebRulesExcludedGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExcludedUsers = new Zia.Inputs.DLPWebRulesExcludedUsersArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExternalAuditorEmail = "string",
    FileTypes = new[]
    {
        "string",
    },
    Groups = new Zia.Inputs.DLPWebRulesGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    IcapServers = new[]
    {
        new Zia.Inputs.DLPWebRulesIcapServerArgs
        {
            Id = 0,
        },
    },
    IncludedDomainProfiles = new Zia.Inputs.DLPWebRulesIncludedDomainProfilesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    InspectHttpGetEnabled = false,
    Action = "string",
    LocationGroups = new Zia.Inputs.DLPWebRulesLocationGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    CloudApplications = new[]
    {
        "string",
    },
    Locations = new Zia.Inputs.DLPWebRulesLocationsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Auditors = new[]
    {
        new Zia.Inputs.DLPWebRulesAuditorArgs
        {
            Id = 0,
        },
    },
    Name = "string",
    NotificationTemplates = new[]
    {
        new Zia.Inputs.DLPWebRulesNotificationTemplateArgs
        {
            Id = 0,
        },
    },
    MinSize = 0,
    ParentRule = 0,
    Protocols = new[]
    {
        "string",
    },
    Rank = 0,
    Severity = "string",
    SourceIpGroups = new Zia.Inputs.DLPWebRulesSourceIpGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    State = "string",
    SubRules = new[]
    {
        "string",
    },
    TimeWindows = new Zia.Inputs.DLPWebRulesTimeWindowsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    UrlCategories = new Zia.Inputs.DLPWebRulesUrlCategoriesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    UserRiskScoreLevels = new[]
    {
        "string",
    },
    Users = new Zia.Inputs.DLPWebRulesUsersArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    WithoutContentInspection = false,
    WorkloadGroups = new[]
    {
        new Zia.Inputs.DLPWebRulesWorkloadGroupArgs
        {
            Id = 0,
            Name = "string",
        },
    },
    ZccNotificationsEnabled = false,
    ZscalerIncidentReceiver = false,
});

    example, err := zia.NewDLPWebRules(ctx, "dlpwebRulesResource", &zia.DLPWebRulesArgs{
	Order:     pulumi.Int(0),
	MatchOnly: pulumi.Bool(false),
	Labels: &zia.DLPWebRulesLabelsArgs{
		Id: pulumi.Int(0),
	},
	Departments: &zia.DLPWebRulesDepartmentsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Description:            pulumi.String("string"),
	DlpDownloadScanEnabled: pulumi.Bool(false),
	DlpEngines: &zia.DLPWebRulesDlpEnginesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExcludedDepartments: &zia.DLPWebRulesExcludedDepartmentsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExcludedDomainProfiles: &zia.DLPWebRulesExcludedDomainProfilesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExcludedGroups: &zia.DLPWebRulesExcludedGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExcludedUsers: &zia.DLPWebRulesExcludedUsersArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExternalAuditorEmail: pulumi.String("string"),
	FileTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Groups: &zia.DLPWebRulesGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	IcapServers: zia.DLPWebRulesIcapServerArray{
		&zia.DLPWebRulesIcapServerArgs{
			Id: pulumi.Int(0),
		},
	},
	IncludedDomainProfiles: &zia.DLPWebRulesIncludedDomainProfilesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	InspectHttpGetEnabled: pulumi.Bool(false),
	Action:                pulumi.String("string"),
	LocationGroups: &zia.DLPWebRulesLocationGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	CloudApplications: pulumi.StringArray{
		pulumi.String("string"),
	},
	Locations: &zia.DLPWebRulesLocationsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Auditors: zia.DLPWebRulesAuditorArray{
		&zia.DLPWebRulesAuditorArgs{
			Id: pulumi.Int(0),
		},
	},
	Name: pulumi.String("string"),
	NotificationTemplates: zia.DLPWebRulesNotificationTemplateArray{
		&zia.DLPWebRulesNotificationTemplateArgs{
			Id: pulumi.Int(0),
		},
	},
	MinSize:    pulumi.Int(0),
	ParentRule: pulumi.Int(0),
	Protocols: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rank:     pulumi.Int(0),
	Severity: pulumi.String("string"),
	SourceIpGroups: &zia.DLPWebRulesSourceIpGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	State: pulumi.String("string"),
	SubRules: pulumi.StringArray{
		pulumi.String("string"),
	},
	TimeWindows: &zia.DLPWebRulesTimeWindowsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	UrlCategories: &zia.DLPWebRulesUrlCategoriesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	UserRiskScoreLevels: pulumi.StringArray{
		pulumi.String("string"),
	},
	Users: &zia.DLPWebRulesUsersArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	WithoutContentInspection: pulumi.Bool(false),
	WorkloadGroups: zia.DLPWebRulesWorkloadGroupArray{
		&zia.DLPWebRulesWorkloadGroupArgs{
			Id:   pulumi.Int(0),
			Name: pulumi.String("string"),
		},
	},
	ZccNotificationsEnabled: pulumi.Bool(false),
	ZscalerIncidentReceiver: pulumi.Bool(false),
})

    var dlpwebRulesResource = new DLPWebRules("dlpwebRulesResource", DLPWebRulesArgs.builder()
    .order(0)
    .matchOnly(false)
    .labels(DLPWebRulesLabelsArgs.builder()
        .id(0)
        .build())
    .departments(DLPWebRulesDepartmentsArgs.builder()
        .ids(0)
        .build())
    .description("string")
    .dlpDownloadScanEnabled(false)
    .dlpEngines(DLPWebRulesDlpEnginesArgs.builder()
        .ids(0)
        .build())
    .excludedDepartments(DLPWebRulesExcludedDepartmentsArgs.builder()
        .ids(0)
        .build())
    .excludedDomainProfiles(DLPWebRulesExcludedDomainProfilesArgs.builder()
        .ids(0)
        .build())
    .excludedGroups(DLPWebRulesExcludedGroupsArgs.builder()
        .ids(0)
        .build())
    .excludedUsers(DLPWebRulesExcludedUsersArgs.builder()
        .ids(0)
        .build())
    .externalAuditorEmail("string")
    .fileTypes("string")
    .groups(DLPWebRulesGroupsArgs.builder()
        .ids(0)
        .build())
    .icapServers(DLPWebRulesIcapServerArgs.builder()
        .id(0)
        .build())
    .includedDomainProfiles(DLPWebRulesIncludedDomainProfilesArgs.builder()
        .ids(0)
        .build())
    .inspectHttpGetEnabled(false)
    .action("string")
    .locationGroups(DLPWebRulesLocationGroupsArgs.builder()
        .ids(0)
        .build())
    .cloudApplications("string")
    .locations(DLPWebRulesLocationsArgs.builder()
        .ids(0)
        .build())
    .auditors(DLPWebRulesAuditorArgs.builder()
        .id(0)
        .build())
    .name("string")
    .notificationTemplates(DLPWebRulesNotificationTemplateArgs.builder()
        .id(0)
        .build())
    .minSize(0)
    .parentRule(0)
    .protocols("string")
    .rank(0)
    .severity("string")
    .sourceIpGroups(DLPWebRulesSourceIpGroupsArgs.builder()
        .ids(0)
        .build())
    .state("string")
    .subRules("string")
    .timeWindows(DLPWebRulesTimeWindowsArgs.builder()
        .ids(0)
        .build())
    .urlCategories(DLPWebRulesUrlCategoriesArgs.builder()
        .ids(0)
        .build())
    .userRiskScoreLevels("string")
    .users(DLPWebRulesUsersArgs.builder()
        .ids(0)
        .build())
    .withoutContentInspection(false)
    .workloadGroups(DLPWebRulesWorkloadGroupArgs.builder()
        .id(0)
        .name("string")
        .build())
    .zccNotificationsEnabled(false)
    .zscalerIncidentReceiver(false)
    .build());

    dlpweb_rules_resource = zia.DLPWebRules("dlpwebRulesResource",
    order=0,
    match_only=False,
    labels={
        "id": 0,
    },
    departments={
        "ids": [0],
    },
    description="string",
    dlp_download_scan_enabled=False,
    dlp_engines={
        "ids": [0],
    },
    excluded_departments={
        "ids": [0],
    },
    excluded_domain_profiles={
        "ids": [0],
    },
    excluded_groups={
        "ids": [0],
    },
    excluded_users={
        "ids": [0],
    },
    external_auditor_email="string",
    file_types=["string"],
    groups={
        "ids": [0],
    },
    icap_servers=[{
        "id": 0,
    }],
    included_domain_profiles={
        "ids": [0],
    },
    inspect_http_get_enabled=False,
    action="string",
    location_groups={
        "ids": [0],
    },
    cloud_applications=["string"],
    locations={
        "ids": [0],
    },
    auditors=[{
        "id": 0,
    }],
    name="string",
    notification_templates=[{
        "id": 0,
    }],
    min_size=0,
    parent_rule=0,
    protocols=["string"],
    rank=0,
    severity="string",
    source_ip_groups={
        "ids": [0],
    },
    state="string",
    sub_rules=["string"],
    time_windows={
        "ids": [0],
    },
    url_categories={
        "ids": [0],
    },
    user_risk_score_levels=["string"],
    users={
        "ids": [0],
    },
    without_content_inspection=False,
    workload_groups=[{
        "id": 0,
        "name": "string",
    }],
    zcc_notifications_enabled=False,
    zscaler_incident_receiver=False)

    const dlpwebRulesResource = new zia.DLPWebRules("dlpwebRulesResource", {
    order: 0,
    matchOnly: false,
    labels: {
        id: 0,
    },
    departments: {
        ids: [0],
    },
    description: "string",
    dlpDownloadScanEnabled: false,
    dlpEngines: {
        ids: [0],
    },
    excludedDepartments: {
        ids: [0],
    },
    excludedDomainProfiles: {
        ids: [0],
    },
    excludedGroups: {
        ids: [0],
    },
    excludedUsers: {
        ids: [0],
    },
    externalAuditorEmail: "string",
    fileTypes: ["string"],
    groups: {
        ids: [0],
    },
    icapServers: [{
        id: 0,
    }],
    includedDomainProfiles: {
        ids: [0],
    },
    inspectHttpGetEnabled: false,
    action: "string",
    locationGroups: {
        ids: [0],
    },
    cloudApplications: ["string"],
    locations: {
        ids: [0],
    },
    auditors: [{
        id: 0,
    }],
    name: "string",
    notificationTemplates: [{
        id: 0,
    }],
    minSize: 0,
    parentRule: 0,
    protocols: ["string"],
    rank: 0,
    severity: "string",
    sourceIpGroups: {
        ids: [0],
    },
    state: "string",
    subRules: ["string"],
    timeWindows: {
        ids: [0],
    },
    urlCategories: {
        ids: [0],
    },
    userRiskScoreLevels: ["string"],
    users: {
        ids: [0],
    },
    withoutContentInspection: false,
    workloadGroups: [{
        id: 0,
        name: "string",
    }],
    zccNotificationsEnabled: false,
    zscalerIncidentReceiver: false,
});

    type: zia:DLPWebRules
properties:
    action: string
    auditors:
        - id: 0
    cloudApplications:
        - string
    departments:
        ids:
            - 0
    description: string
    dlpDownloadScanEnabled: false
    dlpEngines:
        ids:
            - 0
    excludedDepartments:
        ids:
            - 0
    excludedDomainProfiles:
        ids:
            - 0
    excludedGroups:
        ids:
            - 0
    excludedUsers:
        ids:
            - 0
    externalAuditorEmail: string
    fileTypes:
        - string
    groups:
        ids:
            - 0
    icapServers:
        - id: 0
    includedDomainProfiles:
        ids:
            - 0
    inspectHttpGetEnabled: false
    labels:
        id: 0
    locationGroups:
        ids:
            - 0
    locations:
        ids:
            - 0
    matchOnly: false
    minSize: 0
    name: string
    notificationTemplates:
        - id: 0
    order: 0
    parentRule: 0
    protocols:
        - string
    rank: 0
    severity: string
    sourceIpGroups:
        ids:
            - 0
    state: string
    subRules:
        - string
    timeWindows:
        ids:
            - 0
    urlCategories:
        ids:
            - 0
    userRiskScoreLevels:
        - string
    users:
        ids:
            - 0
    withoutContentInspection: false
    workloadGroups:
        - id: 0
          name: string
    zccNotificationsEnabled: false
    zscalerIncidentReceiver: false

    DLPWebRules Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The DLPWebRules resource accepts the following input properties:

    Order int
    The rule order of execution for the DLP policy rule with respect to other rules.
    Action string
    The action taken when traffic matches the DLP policy rule criteria.
    Auditors List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesAuditor>
    The auditor to which the DLP policy rule must be applied.
    CloudApplications List<string>
    The list of cloud applications to which the DLP policy rule must be applied.
    Departments zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesDepartments
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    Description string
    The description of the DLP policy rule.
    DlpDownloadScanEnabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    DlpEngines zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied.
    ExcludedDepartments zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedDepartments
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedGroups
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedUsers zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExternalAuditorEmail string
    The email address of an external auditor to whom DLP email notifications are sent.
    FileTypes List<string>
    The list of file types for which the DLP policy rule must be applied.
    Groups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesGroups
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    IcapServers List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesIcapServer>
    The DLP server, using ICAP, to which the transaction content is forwarded.
    IncludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesIncludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    InspectHttpGetEnabled bool
    Labels zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLabels
    list of Labels that are applicable to the rule.
    LocationGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLocationGroups
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    Locations zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLocations
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    MatchOnly bool
    The match only criteria for DLP engines.
    MinSize int
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    Name string
    The DLP policy rule name.
    NotificationTemplates List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesNotificationTemplate>
    The template used for DLP notification emails.
    ParentRule int
    The unique identifier of the parent rule under which an exception rule is added
    Protocols List<string>
    The protocol criteria specified for the DLP policy rule.
    Rank int
    Admin rank of the admin who creates this rule
    Severity string
    Indicates the severity selected for the DLP rule violation
    SourceIpGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesSourceIpGroups
    list of source ip groups
    State string
    Enables or disables the DLP policy rule.
    SubRules List<string>
    The list of exception rules added to a parent rule
    TimeWindows zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesTimeWindows
    list of time interval during which rule must be enforced.
    UrlCategories zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesUrlCategories
    The list of URL categories to which the DLP policy rule must be applied.
    UserRiskScoreLevels List<string>
    Users zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    WithoutContentInspection bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    WorkloadGroups List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesWorkloadGroup>
    The list of preconfigured workload groups to which the policy must be applied
    ZccNotificationsEnabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    ZscalerIncidentReceiver bool
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
    Order int
    The rule order of execution for the DLP policy rule with respect to other rules.
    Action string
    The action taken when traffic matches the DLP policy rule criteria.
    Auditors []DLPWebRulesAuditorArgs
    The auditor to which the DLP policy rule must be applied.
    CloudApplications []string
    The list of cloud applications to which the DLP policy rule must be applied.
    Departments DLPWebRulesDepartmentsArgs
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    Description string
    The description of the DLP policy rule.
    DlpDownloadScanEnabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    DlpEngines DLPWebRulesDlpEnginesArgs
    The list of DLP engines to which the DLP policy rule must be applied.
    ExcludedDepartments DLPWebRulesExcludedDepartmentsArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedDomainProfiles DLPWebRulesExcludedDomainProfilesArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedGroups DLPWebRulesExcludedGroupsArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedUsers DLPWebRulesExcludedUsersArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExternalAuditorEmail string
    The email address of an external auditor to whom DLP email notifications are sent.
    FileTypes []string
    The list of file types for which the DLP policy rule must be applied.
    Groups DLPWebRulesGroupsArgs
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    IcapServers []DLPWebRulesIcapServerArgs
    The DLP server, using ICAP, to which the transaction content is forwarded.
    IncludedDomainProfiles DLPWebRulesIncludedDomainProfilesArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    InspectHttpGetEnabled bool
    Labels DLPWebRulesLabelsArgs
    list of Labels that are applicable to the rule.
    LocationGroups DLPWebRulesLocationGroupsArgs
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    Locations DLPWebRulesLocationsArgs
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    MatchOnly bool
    The match only criteria for DLP engines.
    MinSize int
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    Name string
    The DLP policy rule name.
    NotificationTemplates []DLPWebRulesNotificationTemplateArgs
    The template used for DLP notification emails.
    ParentRule int
    The unique identifier of the parent rule under which an exception rule is added
    Protocols []string
    The protocol criteria specified for the DLP policy rule.
    Rank int
    Admin rank of the admin who creates this rule
    Severity string
    Indicates the severity selected for the DLP rule violation
    SourceIpGroups DLPWebRulesSourceIpGroupsArgs
    list of source ip groups
    State string
    Enables or disables the DLP policy rule.
    SubRules []string
    The list of exception rules added to a parent rule
    TimeWindows DLPWebRulesTimeWindowsArgs
    list of time interval during which rule must be enforced.
    UrlCategories DLPWebRulesUrlCategoriesArgs
    The list of URL categories to which the DLP policy rule must be applied.
    UserRiskScoreLevels []string
    Users DLPWebRulesUsersArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    WithoutContentInspection bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    WorkloadGroups []DLPWebRulesWorkloadGroupArgs
    The list of preconfigured workload groups to which the policy must be applied
    ZccNotificationsEnabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    ZscalerIncidentReceiver bool
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
    order Integer
    The rule order of execution for the DLP policy rule with respect to other rules.
    action String
    The action taken when traffic matches the DLP policy rule criteria.
    auditors List<DLPWebRulesAuditor>
    The auditor to which the DLP policy rule must be applied.
    cloudApplications List<String>
    The list of cloud applications to which the DLP policy rule must be applied.
    departments DLPWebRulesDepartments
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    description String
    The description of the DLP policy rule.
    dlpDownloadScanEnabled Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    dlpEngines DLPWebRulesDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied.
    excludedDepartments DLPWebRulesExcludedDepartments
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedDomainProfiles DLPWebRulesExcludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedGroups DLPWebRulesExcludedGroups
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedUsers DLPWebRulesExcludedUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    externalAuditorEmail String
    The email address of an external auditor to whom DLP email notifications are sent.
    fileTypes List<String>
    The list of file types for which the DLP policy rule must be applied.
    groups DLPWebRulesGroups
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    icapServers List<DLPWebRulesIcapServer>
    The DLP server, using ICAP, to which the transaction content is forwarded.
    includedDomainProfiles DLPWebRulesIncludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    inspectHttpGetEnabled Boolean
    labels DLPWebRulesLabels
    list of Labels that are applicable to the rule.
    locationGroups DLPWebRulesLocationGroups
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    locations DLPWebRulesLocations
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    matchOnly Boolean
    The match only criteria for DLP engines.
    minSize Integer
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    name String
    The DLP policy rule name.
    notificationTemplates List<DLPWebRulesNotificationTemplate>
    The template used for DLP notification emails.
    parentRule Integer
    The unique identifier of the parent rule under which an exception rule is added
    protocols List<String>
    The protocol criteria specified for the DLP policy rule.
    rank Integer
    Admin rank of the admin who creates this rule
    severity String
    Indicates the severity selected for the DLP rule violation
    sourceIpGroups DLPWebRulesSourceIpGroups
    list of source ip groups
    state String
    Enables or disables the DLP policy rule.
    subRules List<String>
    The list of exception rules added to a parent rule
    timeWindows DLPWebRulesTimeWindows
    list of time interval during which rule must be enforced.
    urlCategories DLPWebRulesUrlCategories
    The list of URL categories to which the DLP policy rule must be applied.
    userRiskScoreLevels List<String>
    users DLPWebRulesUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    withoutContentInspection Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    workloadGroups List<DLPWebRulesWorkloadGroup>
    The list of preconfigured workload groups to which the policy must be applied
    zccNotificationsEnabled Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    zscalerIncidentReceiver Boolean
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
    order number
    The rule order of execution for the DLP policy rule with respect to other rules.
    action string
    The action taken when traffic matches the DLP policy rule criteria.
    auditors DLPWebRulesAuditor[]
    The auditor to which the DLP policy rule must be applied.
    cloudApplications string[]
    The list of cloud applications to which the DLP policy rule must be applied.
    departments DLPWebRulesDepartments
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    description string
    The description of the DLP policy rule.
    dlpDownloadScanEnabled boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    dlpEngines DLPWebRulesDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied.
    excludedDepartments DLPWebRulesExcludedDepartments
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedDomainProfiles DLPWebRulesExcludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedGroups DLPWebRulesExcludedGroups
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedUsers DLPWebRulesExcludedUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    externalAuditorEmail string
    The email address of an external auditor to whom DLP email notifications are sent.
    fileTypes string[]
    The list of file types for which the DLP policy rule must be applied.
    groups DLPWebRulesGroups
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    icapServers DLPWebRulesIcapServer[]
    The DLP server, using ICAP, to which the transaction content is forwarded.
    includedDomainProfiles DLPWebRulesIncludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    inspectHttpGetEnabled boolean
    labels DLPWebRulesLabels
    list of Labels that are applicable to the rule.
    locationGroups DLPWebRulesLocationGroups
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    locations DLPWebRulesLocations
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    matchOnly boolean
    The match only criteria for DLP engines.
    minSize number
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    name string
    The DLP policy rule name.
    notificationTemplates DLPWebRulesNotificationTemplate[]
    The template used for DLP notification emails.
    parentRule number
    The unique identifier of the parent rule under which an exception rule is added
    protocols string[]
    The protocol criteria specified for the DLP policy rule.
    rank number
    Admin rank of the admin who creates this rule
    severity string
    Indicates the severity selected for the DLP rule violation
    sourceIpGroups DLPWebRulesSourceIpGroups
    list of source ip groups
    state string
    Enables or disables the DLP policy rule.
    subRules string[]
    The list of exception rules added to a parent rule
    timeWindows DLPWebRulesTimeWindows
    list of time interval during which rule must be enforced.
    urlCategories DLPWebRulesUrlCategories
    The list of URL categories to which the DLP policy rule must be applied.
    userRiskScoreLevels string[]
    users DLPWebRulesUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    withoutContentInspection boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    workloadGroups DLPWebRulesWorkloadGroup[]
    The list of preconfigured workload groups to which the policy must be applied
    zccNotificationsEnabled boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    zscalerIncidentReceiver boolean
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
    order int
    The rule order of execution for the DLP policy rule with respect to other rules.
    action str
    The action taken when traffic matches the DLP policy rule criteria.
    auditors Sequence[DLPWebRulesAuditorArgs]
    The auditor to which the DLP policy rule must be applied.
    cloud_applications Sequence[str]
    The list of cloud applications to which the DLP policy rule must be applied.
    departments DLPWebRulesDepartmentsArgs
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    description str
    The description of the DLP policy rule.
    dlp_download_scan_enabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    dlp_engines DLPWebRulesDlpEnginesArgs
    The list of DLP engines to which the DLP policy rule must be applied.
    excluded_departments DLPWebRulesExcludedDepartmentsArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excluded_domain_profiles DLPWebRulesExcludedDomainProfilesArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excluded_groups DLPWebRulesExcludedGroupsArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excluded_users DLPWebRulesExcludedUsersArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    external_auditor_email str
    The email address of an external auditor to whom DLP email notifications are sent.
    file_types Sequence[str]
    The list of file types for which the DLP policy rule must be applied.
    groups DLPWebRulesGroupsArgs
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    icap_servers Sequence[DLPWebRulesIcapServerArgs]
    The DLP server, using ICAP, to which the transaction content is forwarded.
    included_domain_profiles DLPWebRulesIncludedDomainProfilesArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    inspect_http_get_enabled bool
    labels DLPWebRulesLabelsArgs
    list of Labels that are applicable to the rule.
    location_groups DLPWebRulesLocationGroupsArgs
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    locations DLPWebRulesLocationsArgs
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    match_only bool
    The match only criteria for DLP engines.
    min_size int
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    name str
    The DLP policy rule name.
    notification_templates Sequence[DLPWebRulesNotificationTemplateArgs]
    The template used for DLP notification emails.
    parent_rule int
    The unique identifier of the parent rule under which an exception rule is added
    protocols Sequence[str]
    The protocol criteria specified for the DLP policy rule.
    rank int
    Admin rank of the admin who creates this rule
    severity str
    Indicates the severity selected for the DLP rule violation
    source_ip_groups DLPWebRulesSourceIpGroupsArgs
    list of source ip groups
    state str
    Enables or disables the DLP policy rule.
    sub_rules Sequence[str]
    The list of exception rules added to a parent rule
    time_windows DLPWebRulesTimeWindowsArgs
    list of time interval during which rule must be enforced.
    url_categories DLPWebRulesUrlCategoriesArgs
    The list of URL categories to which the DLP policy rule must be applied.
    user_risk_score_levels Sequence[str]
    users DLPWebRulesUsersArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    without_content_inspection bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    workload_groups Sequence[DLPWebRulesWorkloadGroupArgs]
    The list of preconfigured workload groups to which the policy must be applied
    zcc_notifications_enabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    zscaler_incident_receiver bool
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
    order Number
    The rule order of execution for the DLP policy rule with respect to other rules.
    action String
    The action taken when traffic matches the DLP policy rule criteria.
    auditors List<Property Map>
    The auditor to which the DLP policy rule must be applied.
    cloudApplications List<String>
    The list of cloud applications to which the DLP policy rule must be applied.
    departments Property Map
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    description String
    The description of the DLP policy rule.
    dlpDownloadScanEnabled Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    dlpEngines Property Map
    The list of DLP engines to which the DLP policy rule must be applied.
    excludedDepartments Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedDomainProfiles Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedGroups Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedUsers Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    externalAuditorEmail String
    The email address of an external auditor to whom DLP email notifications are sent.
    fileTypes List<String>
    The list of file types for which the DLP policy rule must be applied.
    groups Property Map
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    icapServers List<Property Map>
    The DLP server, using ICAP, to which the transaction content is forwarded.
    includedDomainProfiles Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    inspectHttpGetEnabled Boolean
    labels Property Map
    list of Labels that are applicable to the rule.
    locationGroups Property Map
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    locations Property Map
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    matchOnly Boolean
    The match only criteria for DLP engines.
    minSize Number
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    name String
    The DLP policy rule name.
    notificationTemplates List<Property Map>
    The template used for DLP notification emails.
    parentRule Number
    The unique identifier of the parent rule under which an exception rule is added
    protocols List<String>
    The protocol criteria specified for the DLP policy rule.
    rank Number
    Admin rank of the admin who creates this rule
    severity String
    Indicates the severity selected for the DLP rule violation
    sourceIpGroups Property Map
    list of source ip groups
    state String
    Enables or disables the DLP policy rule.
    subRules List<String>
    The list of exception rules added to a parent rule
    timeWindows Property Map
    list of time interval during which rule must be enforced.
    urlCategories Property Map
    The list of URL categories to which the DLP policy rule must be applied.
    userRiskScoreLevels List<String>
    users Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    withoutContentInspection Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    workloadGroups List<Property Map>
    The list of preconfigured workload groups to which the policy must be applied
    zccNotificationsEnabled Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    zscalerIncidentReceiver Boolean
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DLPWebRules resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    RuleId int
    Id string
    The provider-assigned unique ID for this managed resource.
    RuleId int
    id String
    The provider-assigned unique ID for this managed resource.
    ruleId Integer
    id string
    The provider-assigned unique ID for this managed resource.
    ruleId number
    id str
    The provider-assigned unique ID for this managed resource.
    rule_id int
    id String
    The provider-assigned unique ID for this managed resource.
    ruleId Number

    Look up Existing DLPWebRules Resource

    Get an existing DLPWebRules resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DLPWebRulesState, opts?: CustomResourceOptions): DLPWebRules
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        auditors: Optional[Sequence[DLPWebRulesAuditorArgs]] = None,
        cloud_applications: Optional[Sequence[str]] = None,
        departments: Optional[DLPWebRulesDepartmentsArgs] = None,
        description: Optional[str] = None,
        dlp_download_scan_enabled: Optional[bool] = None,
        dlp_engines: Optional[DLPWebRulesDlpEnginesArgs] = None,
        excluded_departments: Optional[DLPWebRulesExcludedDepartmentsArgs] = None,
        excluded_domain_profiles: Optional[DLPWebRulesExcludedDomainProfilesArgs] = None,
        excluded_groups: Optional[DLPWebRulesExcludedGroupsArgs] = None,
        excluded_users: Optional[DLPWebRulesExcludedUsersArgs] = None,
        external_auditor_email: Optional[str] = None,
        file_types: Optional[Sequence[str]] = None,
        groups: Optional[DLPWebRulesGroupsArgs] = None,
        icap_servers: Optional[Sequence[DLPWebRulesIcapServerArgs]] = None,
        included_domain_profiles: Optional[DLPWebRulesIncludedDomainProfilesArgs] = None,
        inspect_http_get_enabled: Optional[bool] = None,
        labels: Optional[DLPWebRulesLabelsArgs] = None,
        location_groups: Optional[DLPWebRulesLocationGroupsArgs] = None,
        locations: Optional[DLPWebRulesLocationsArgs] = None,
        match_only: Optional[bool] = None,
        min_size: Optional[int] = None,
        name: Optional[str] = None,
        notification_templates: Optional[Sequence[DLPWebRulesNotificationTemplateArgs]] = None,
        order: Optional[int] = None,
        parent_rule: Optional[int] = None,
        protocols: Optional[Sequence[str]] = None,
        rank: Optional[int] = None,
        rule_id: Optional[int] = None,
        severity: Optional[str] = None,
        source_ip_groups: Optional[DLPWebRulesSourceIpGroupsArgs] = None,
        state: Optional[str] = None,
        sub_rules: Optional[Sequence[str]] = None,
        time_windows: Optional[DLPWebRulesTimeWindowsArgs] = None,
        url_categories: Optional[DLPWebRulesUrlCategoriesArgs] = None,
        user_risk_score_levels: Optional[Sequence[str]] = None,
        users: Optional[DLPWebRulesUsersArgs] = None,
        without_content_inspection: Optional[bool] = None,
        workload_groups: Optional[Sequence[DLPWebRulesWorkloadGroupArgs]] = None,
        zcc_notifications_enabled: Optional[bool] = None,
        zscaler_incident_receiver: Optional[bool] = None) -> DLPWebRules
    func GetDLPWebRules(ctx *Context, name string, id IDInput, state *DLPWebRulesState, opts ...ResourceOption) (*DLPWebRules, error)
    public static DLPWebRules Get(string name, Input<string> id, DLPWebRulesState? state, CustomResourceOptions? opts = null)
    public static DLPWebRules get(String name, Output<String> id, DLPWebRulesState state, CustomResourceOptions options)
    resources:  _:    type: zia:DLPWebRules    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    The action taken when traffic matches the DLP policy rule criteria.
    Auditors List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesAuditor>
    The auditor to which the DLP policy rule must be applied.
    CloudApplications List<string>
    The list of cloud applications to which the DLP policy rule must be applied.
    Departments zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesDepartments
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    Description string
    The description of the DLP policy rule.
    DlpDownloadScanEnabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    DlpEngines zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied.
    ExcludedDepartments zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedDepartments
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedGroups
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedUsers zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExternalAuditorEmail string
    The email address of an external auditor to whom DLP email notifications are sent.
    FileTypes List<string>
    The list of file types for which the DLP policy rule must be applied.
    Groups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesGroups
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    IcapServers List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesIcapServer>
    The DLP server, using ICAP, to which the transaction content is forwarded.
    IncludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesIncludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    InspectHttpGetEnabled bool
    Labels zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLabels
    list of Labels that are applicable to the rule.
    LocationGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLocationGroups
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    Locations zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLocations
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    MatchOnly bool
    The match only criteria for DLP engines.
    MinSize int
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    Name string
    The DLP policy rule name.
    NotificationTemplates List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesNotificationTemplate>
    The template used for DLP notification emails.
    Order int
    The rule order of execution for the DLP policy rule with respect to other rules.
    ParentRule int
    The unique identifier of the parent rule under which an exception rule is added
    Protocols List<string>
    The protocol criteria specified for the DLP policy rule.
    Rank int
    Admin rank of the admin who creates this rule
    RuleId int
    Severity string
    Indicates the severity selected for the DLP rule violation
    SourceIpGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesSourceIpGroups
    list of source ip groups
    State string
    Enables or disables the DLP policy rule.
    SubRules List<string>
    The list of exception rules added to a parent rule
    TimeWindows zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesTimeWindows
    list of time interval during which rule must be enforced.
    UrlCategories zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesUrlCategories
    The list of URL categories to which the DLP policy rule must be applied.
    UserRiskScoreLevels List<string>
    Users zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    WithoutContentInspection bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    WorkloadGroups List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesWorkloadGroup>
    The list of preconfigured workload groups to which the policy must be applied
    ZccNotificationsEnabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    ZscalerIncidentReceiver bool
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
    Action string
    The action taken when traffic matches the DLP policy rule criteria.
    Auditors []DLPWebRulesAuditorArgs
    The auditor to which the DLP policy rule must be applied.
    CloudApplications []string
    The list of cloud applications to which the DLP policy rule must be applied.
    Departments DLPWebRulesDepartmentsArgs
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    Description string
    The description of the DLP policy rule.
    DlpDownloadScanEnabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    DlpEngines DLPWebRulesDlpEnginesArgs
    The list of DLP engines to which the DLP policy rule must be applied.
    ExcludedDepartments DLPWebRulesExcludedDepartmentsArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedDomainProfiles DLPWebRulesExcludedDomainProfilesArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedGroups DLPWebRulesExcludedGroupsArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExcludedUsers DLPWebRulesExcludedUsersArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    ExternalAuditorEmail string
    The email address of an external auditor to whom DLP email notifications are sent.
    FileTypes []string
    The list of file types for which the DLP policy rule must be applied.
    Groups DLPWebRulesGroupsArgs
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    IcapServers []DLPWebRulesIcapServerArgs
    The DLP server, using ICAP, to which the transaction content is forwarded.
    IncludedDomainProfiles DLPWebRulesIncludedDomainProfilesArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    InspectHttpGetEnabled bool
    Labels DLPWebRulesLabelsArgs
    list of Labels that are applicable to the rule.
    LocationGroups DLPWebRulesLocationGroupsArgs
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    Locations DLPWebRulesLocationsArgs
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    MatchOnly bool
    The match only criteria for DLP engines.
    MinSize int
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    Name string
    The DLP policy rule name.
    NotificationTemplates []DLPWebRulesNotificationTemplateArgs
    The template used for DLP notification emails.
    Order int
    The rule order of execution for the DLP policy rule with respect to other rules.
    ParentRule int
    The unique identifier of the parent rule under which an exception rule is added
    Protocols []string
    The protocol criteria specified for the DLP policy rule.
    Rank int
    Admin rank of the admin who creates this rule
    RuleId int
    Severity string
    Indicates the severity selected for the DLP rule violation
    SourceIpGroups DLPWebRulesSourceIpGroupsArgs
    list of source ip groups
    State string
    Enables or disables the DLP policy rule.
    SubRules []string
    The list of exception rules added to a parent rule
    TimeWindows DLPWebRulesTimeWindowsArgs
    list of time interval during which rule must be enforced.
    UrlCategories DLPWebRulesUrlCategoriesArgs
    The list of URL categories to which the DLP policy rule must be applied.
    UserRiskScoreLevels []string
    Users DLPWebRulesUsersArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    WithoutContentInspection bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    WorkloadGroups []DLPWebRulesWorkloadGroupArgs
    The list of preconfigured workload groups to which the policy must be applied
    ZccNotificationsEnabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    ZscalerIncidentReceiver bool
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
    action String
    The action taken when traffic matches the DLP policy rule criteria.
    auditors List<DLPWebRulesAuditor>
    The auditor to which the DLP policy rule must be applied.
    cloudApplications List<String>
    The list of cloud applications to which the DLP policy rule must be applied.
    departments DLPWebRulesDepartments
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    description String
    The description of the DLP policy rule.
    dlpDownloadScanEnabled Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    dlpEngines DLPWebRulesDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied.
    excludedDepartments DLPWebRulesExcludedDepartments
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedDomainProfiles DLPWebRulesExcludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedGroups DLPWebRulesExcludedGroups
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedUsers DLPWebRulesExcludedUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    externalAuditorEmail String
    The email address of an external auditor to whom DLP email notifications are sent.
    fileTypes List<String>
    The list of file types for which the DLP policy rule must be applied.
    groups DLPWebRulesGroups
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    icapServers List<DLPWebRulesIcapServer>
    The DLP server, using ICAP, to which the transaction content is forwarded.
    includedDomainProfiles DLPWebRulesIncludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    inspectHttpGetEnabled Boolean
    labels DLPWebRulesLabels
    list of Labels that are applicable to the rule.
    locationGroups DLPWebRulesLocationGroups
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    locations DLPWebRulesLocations
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    matchOnly Boolean
    The match only criteria for DLP engines.
    minSize Integer
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    name String
    The DLP policy rule name.
    notificationTemplates List<DLPWebRulesNotificationTemplate>
    The template used for DLP notification emails.
    order Integer
    The rule order of execution for the DLP policy rule with respect to other rules.
    parentRule Integer
    The unique identifier of the parent rule under which an exception rule is added
    protocols List<String>
    The protocol criteria specified for the DLP policy rule.
    rank Integer
    Admin rank of the admin who creates this rule
    ruleId Integer
    severity String
    Indicates the severity selected for the DLP rule violation
    sourceIpGroups DLPWebRulesSourceIpGroups
    list of source ip groups
    state String
    Enables or disables the DLP policy rule.
    subRules List<String>
    The list of exception rules added to a parent rule
    timeWindows DLPWebRulesTimeWindows
    list of time interval during which rule must be enforced.
    urlCategories DLPWebRulesUrlCategories
    The list of URL categories to which the DLP policy rule must be applied.
    userRiskScoreLevels List<String>
    users DLPWebRulesUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    withoutContentInspection Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    workloadGroups List<DLPWebRulesWorkloadGroup>
    The list of preconfigured workload groups to which the policy must be applied
    zccNotificationsEnabled Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    zscalerIncidentReceiver Boolean
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
    action string
    The action taken when traffic matches the DLP policy rule criteria.
    auditors DLPWebRulesAuditor[]
    The auditor to which the DLP policy rule must be applied.
    cloudApplications string[]
    The list of cloud applications to which the DLP policy rule must be applied.
    departments DLPWebRulesDepartments
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    description string
    The description of the DLP policy rule.
    dlpDownloadScanEnabled boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    dlpEngines DLPWebRulesDlpEngines
    The list of DLP engines to which the DLP policy rule must be applied.
    excludedDepartments DLPWebRulesExcludedDepartments
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedDomainProfiles DLPWebRulesExcludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedGroups DLPWebRulesExcludedGroups
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedUsers DLPWebRulesExcludedUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    externalAuditorEmail string
    The email address of an external auditor to whom DLP email notifications are sent.
    fileTypes string[]
    The list of file types for which the DLP policy rule must be applied.
    groups DLPWebRulesGroups
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    icapServers DLPWebRulesIcapServer[]
    The DLP server, using ICAP, to which the transaction content is forwarded.
    includedDomainProfiles DLPWebRulesIncludedDomainProfiles
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    inspectHttpGetEnabled boolean
    labels DLPWebRulesLabels
    list of Labels that are applicable to the rule.
    locationGroups DLPWebRulesLocationGroups
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    locations DLPWebRulesLocations
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    matchOnly boolean
    The match only criteria for DLP engines.
    minSize number
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    name string
    The DLP policy rule name.
    notificationTemplates DLPWebRulesNotificationTemplate[]
    The template used for DLP notification emails.
    order number
    The rule order of execution for the DLP policy rule with respect to other rules.
    parentRule number
    The unique identifier of the parent rule under which an exception rule is added
    protocols string[]
    The protocol criteria specified for the DLP policy rule.
    rank number
    Admin rank of the admin who creates this rule
    ruleId number
    severity string
    Indicates the severity selected for the DLP rule violation
    sourceIpGroups DLPWebRulesSourceIpGroups
    list of source ip groups
    state string
    Enables or disables the DLP policy rule.
    subRules string[]
    The list of exception rules added to a parent rule
    timeWindows DLPWebRulesTimeWindows
    list of time interval during which rule must be enforced.
    urlCategories DLPWebRulesUrlCategories
    The list of URL categories to which the DLP policy rule must be applied.
    userRiskScoreLevels string[]
    users DLPWebRulesUsers
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    withoutContentInspection boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    workloadGroups DLPWebRulesWorkloadGroup[]
    The list of preconfigured workload groups to which the policy must be applied
    zccNotificationsEnabled boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    zscalerIncidentReceiver boolean
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
    action str
    The action taken when traffic matches the DLP policy rule criteria.
    auditors Sequence[DLPWebRulesAuditorArgs]
    The auditor to which the DLP policy rule must be applied.
    cloud_applications Sequence[str]
    The list of cloud applications to which the DLP policy rule must be applied.
    departments DLPWebRulesDepartmentsArgs
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    description str
    The description of the DLP policy rule.
    dlp_download_scan_enabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    dlp_engines DLPWebRulesDlpEnginesArgs
    The list of DLP engines to which the DLP policy rule must be applied.
    excluded_departments DLPWebRulesExcludedDepartmentsArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excluded_domain_profiles DLPWebRulesExcludedDomainProfilesArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excluded_groups DLPWebRulesExcludedGroupsArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excluded_users DLPWebRulesExcludedUsersArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    external_auditor_email str
    The email address of an external auditor to whom DLP email notifications are sent.
    file_types Sequence[str]
    The list of file types for which the DLP policy rule must be applied.
    groups DLPWebRulesGroupsArgs
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    icap_servers Sequence[DLPWebRulesIcapServerArgs]
    The DLP server, using ICAP, to which the transaction content is forwarded.
    included_domain_profiles DLPWebRulesIncludedDomainProfilesArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    inspect_http_get_enabled bool
    labels DLPWebRulesLabelsArgs
    list of Labels that are applicable to the rule.
    location_groups DLPWebRulesLocationGroupsArgs
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    locations DLPWebRulesLocationsArgs
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    match_only bool
    The match only criteria for DLP engines.
    min_size int
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    name str
    The DLP policy rule name.
    notification_templates Sequence[DLPWebRulesNotificationTemplateArgs]
    The template used for DLP notification emails.
    order int
    The rule order of execution for the DLP policy rule with respect to other rules.
    parent_rule int
    The unique identifier of the parent rule under which an exception rule is added
    protocols Sequence[str]
    The protocol criteria specified for the DLP policy rule.
    rank int
    Admin rank of the admin who creates this rule
    rule_id int
    severity str
    Indicates the severity selected for the DLP rule violation
    source_ip_groups DLPWebRulesSourceIpGroupsArgs
    list of source ip groups
    state str
    Enables or disables the DLP policy rule.
    sub_rules Sequence[str]
    The list of exception rules added to a parent rule
    time_windows DLPWebRulesTimeWindowsArgs
    list of time interval during which rule must be enforced.
    url_categories DLPWebRulesUrlCategoriesArgs
    The list of URL categories to which the DLP policy rule must be applied.
    user_risk_score_levels Sequence[str]
    users DLPWebRulesUsersArgs
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    without_content_inspection bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    workload_groups Sequence[DLPWebRulesWorkloadGroupArgs]
    The list of preconfigured workload groups to which the policy must be applied
    zcc_notifications_enabled bool
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    zscaler_incident_receiver bool
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
    action String
    The action taken when traffic matches the DLP policy rule criteria.
    auditors List<Property Map>
    The auditor to which the DLP policy rule must be applied.
    cloudApplications List<String>
    The list of cloud applications to which the DLP policy rule must be applied.
    departments Property Map
    The Name-ID pairs of departments to which the DLP policy rule must be applied.
    description String
    The description of the DLP policy rule.
    dlpDownloadScanEnabled Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    dlpEngines Property Map
    The list of DLP engines to which the DLP policy rule must be applied.
    excludedDepartments Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedDomainProfiles Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedGroups Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    excludedUsers Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    externalAuditorEmail String
    The email address of an external auditor to whom DLP email notifications are sent.
    fileTypes List<String>
    The list of file types for which the DLP policy rule must be applied.
    groups Property Map
    The Name-ID pairs of groups to which the DLP policy rule must be applied.
    icapServers List<Property Map>
    The DLP server, using ICAP, to which the transaction content is forwarded.
    includedDomainProfiles Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    inspectHttpGetEnabled Boolean
    labels Property Map
    list of Labels that are applicable to the rule.
    locationGroups Property Map
    The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
    locations Property Map
    The Name-ID pairs of locations to which the DLP policy rule must be applied.
    matchOnly Boolean
    The match only criteria for DLP engines.
    minSize Number
    The minimum file size (in KB) used for evaluation of the DLP policy rule.
    name String
    The DLP policy rule name.
    notificationTemplates List<Property Map>
    The template used for DLP notification emails.
    order Number
    The rule order of execution for the DLP policy rule with respect to other rules.
    parentRule Number
    The unique identifier of the parent rule under which an exception rule is added
    protocols List<String>
    The protocol criteria specified for the DLP policy rule.
    rank Number
    Admin rank of the admin who creates this rule
    ruleId Number
    severity String
    Indicates the severity selected for the DLP rule violation
    sourceIpGroups Property Map
    list of source ip groups
    state String
    Enables or disables the DLP policy rule.
    subRules List<String>
    The list of exception rules added to a parent rule
    timeWindows Property Map
    list of time interval during which rule must be enforced.
    urlCategories Property Map
    The list of URL categories to which the DLP policy rule must be applied.
    userRiskScoreLevels List<String>
    users Property Map
    The Name-ID pairs of users to which the DLP policy rule must be applied.
    withoutContentInspection Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    workloadGroups List<Property Map>
    The list of preconfigured workload groups to which the policy must be applied
    zccNotificationsEnabled Boolean
    Indicates a DLP policy rule without content inspection, when the value is set to true.
    zscalerIncidentReceiver Boolean
    Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.

    Supporting Types

    DLPWebRulesAuditor, DLPWebRulesAuditorArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    DLPWebRulesDepartments, DLPWebRulesDepartmentsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesDlpEngines, DLPWebRulesDlpEnginesArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesExcludedDepartments, DLPWebRulesExcludedDepartmentsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesExcludedDomainProfiles, DLPWebRulesExcludedDomainProfilesArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesExcludedGroups, DLPWebRulesExcludedGroupsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesExcludedUsers, DLPWebRulesExcludedUsersArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesGroups, DLPWebRulesGroupsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesIcapServer, DLPWebRulesIcapServerArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    DLPWebRulesIncludedDomainProfiles, DLPWebRulesIncludedDomainProfilesArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesLabels, DLPWebRulesLabelsArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    DLPWebRulesLocationGroups, DLPWebRulesLocationGroupsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesLocations, DLPWebRulesLocationsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesNotificationTemplate, DLPWebRulesNotificationTemplateArgs

    Id int
    Id int
    id Integer
    id number
    id int
    id Number

    DLPWebRulesSourceIpGroups, DLPWebRulesSourceIpGroupsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesTimeWindows, DLPWebRulesTimeWindowsArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesUrlCategories, DLPWebRulesUrlCategoriesArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesUsers, DLPWebRulesUsersArgs

    Ids List<int>
    Ids []int
    ids List<Integer>
    ids number[]
    ids Sequence[int]
    ids List<Number>

    DLPWebRulesWorkloadGroup, DLPWebRulesWorkloadGroupArgs

    Id int
    The unique identifier for the resource.
    Name string
    The name of the resource.
    Id int
    The unique identifier for the resource.
    Name string
    The name of the resource.
    id Integer
    The unique identifier for the resource.
    name String
    The name of the resource.
    id number
    The unique identifier for the resource.
    name string
    The name of the resource.
    id int
    The unique identifier for the resource.
    name str
    The name of the resource.
    id Number
    The unique identifier for the resource.
    name String
    The name of the resource.

    Import

    Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.

    Visit

    zia_dlp_web_rules can be imported by using <RULE ID> or <RULE NAME> as the import ID.

    For example:

    $ pulumi import zia:index/dLPWebRules:DLPWebRules example <rule_id>

    or

    $ pulumi import zia:index/dLPWebRules:DLPWebRules example <rule_name>

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    zia zscaler/pulumi-zia
    License
    MIT
    Notes
    This Pulumi package is based on the zia Terraform Provider.
    zia logo
    Zscaler Internet Access v1.0.1 published on Friday, Jun 6, 2025 by Zscaler
    zscaler/pulumi-zia