import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * Provides a Datadog Security Monitoring Rule API resource. This can be used to create and manage Datadog security monitoring rules. To change settings for a default rule, use `datadog.SecurityMonitoringDefaultRule` instead. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as datadog from "@pulumi/datadog"; * * const myrule = new datadog.SecurityMonitoringRule("myrule", { * name: "My rule", * message: "The rule has triggered.", * enabled: true, * queries: [ * { * name: "errors", * query: "status:error", * aggregation: "count", * dataSource: "logs", * groupByFields: ["host"], * }, * { * name: "warnings", * query: "status:warning", * aggregation: "count", * dataSource: "logs", * groupByFields: ["host"], * }, * ], * cases: [{ * status: "high", * condition: "errors > 3 && warnings > 10", * notifications: ["@user"], * }], * options: { * evaluationWindow: 300, * keepAlive: 600, * maxSignalDuration: 900, * }, * tags: ["type:dos"], * }); * ``` * * ## Import * * The `pulumi import` command can be used, for example: * * Security monitoring rules can be imported using ID, e.g. * * ```sh * $ pulumi import datadog:index/securityMonitoringRule:SecurityMonitoringRule my_rule m0o-hto-lkb * ``` */ export declare class SecurityMonitoringRule extends pulumi.CustomResource { /** * Get an existing SecurityMonitoringRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: SecurityMonitoringRuleState, opts?: pulumi.CustomResourceOptions): SecurityMonitoringRule; /** * Returns true if the given object is an instance of SecurityMonitoringRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SecurityMonitoringRule; /** * One or more calculated fields. Available only for scheduled rules (in other words, when `schedulingOptions` is defined). */ readonly calculatedFields: pulumi.Output; /** * Cases for generating signals. */ readonly cases: pulumi.Output; /** * Whether the rule is enabled. Defaults to `true`. */ readonly enabled: pulumi.Output; /** * Additional queries to filter matched events before they are processed. **Note**: This field is deprecated for log detection, signal correlation, and workload security rules. */ readonly filters: pulumi.Output; /** * Additional grouping to perform on top of the query grouping. */ readonly groupSignalsBies: pulumi.Output; /** * Whether the notifications include the triggering group-by values in their title. Defaults to `false`. */ readonly hasExtendedTitle: pulumi.Output; /** * Message for generated signals. */ readonly message: pulumi.Output; /** * The name of the rule. */ readonly name: pulumi.Output; /** * Options on rules. */ readonly options: pulumi.Output; /** * Queries for selecting logs which are part of the rule. */ readonly queries: pulumi.Output; /** * Reference tables for filtering query results. */ readonly referenceTables: pulumi.Output; /** * Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs in real time on ingested logs. */ readonly schedulingOptions: pulumi.Output; /** * Queries for selecting logs which are part of the rule. */ readonly signalQueries: pulumi.Output; /** * Tags for generated signals. Note: if default tags are present at provider level, they will be added to this resource. */ readonly tags: pulumi.Output; /** * Cases for generating signals for third-party rules. Only required and accepted for third-party rules */ readonly thirdPartyCases: pulumi.Output; /** * The rule type. Valid values are `applicationSecurity`, `logDetection`, `workloadSecurity`, `signalCorrelation`. Defaults to `"logDetection"`. */ readonly type: pulumi.Output; /** * Whether or not to validate the Rule. */ readonly validate: pulumi.Output; /** * Create a SecurityMonitoringRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SecurityMonitoringRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SecurityMonitoringRule resources. */ export interface SecurityMonitoringRuleState { /** * One or more calculated fields. Available only for scheduled rules (in other words, when `schedulingOptions` is defined). */ calculatedFields?: pulumi.Input[]>; /** * Cases for generating signals. */ cases?: pulumi.Input[]>; /** * Whether the rule is enabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * Additional queries to filter matched events before they are processed. **Note**: This field is deprecated for log detection, signal correlation, and workload security rules. */ filters?: pulumi.Input[]>; /** * Additional grouping to perform on top of the query grouping. */ groupSignalsBies?: pulumi.Input[]>; /** * Whether the notifications include the triggering group-by values in their title. Defaults to `false`. */ hasExtendedTitle?: pulumi.Input; /** * Message for generated signals. */ message?: pulumi.Input; /** * The name of the rule. */ name?: pulumi.Input; /** * Options on rules. */ options?: pulumi.Input; /** * Queries for selecting logs which are part of the rule. */ queries?: pulumi.Input[]>; /** * Reference tables for filtering query results. */ referenceTables?: pulumi.Input[]>; /** * Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs in real time on ingested logs. */ schedulingOptions?: pulumi.Input; /** * Queries for selecting logs which are part of the rule. */ signalQueries?: pulumi.Input[]>; /** * Tags for generated signals. Note: if default tags are present at provider level, they will be added to this resource. */ tags?: pulumi.Input[]>; /** * Cases for generating signals for third-party rules. Only required and accepted for third-party rules */ thirdPartyCases?: pulumi.Input[]>; /** * The rule type. Valid values are `applicationSecurity`, `logDetection`, `workloadSecurity`, `signalCorrelation`. Defaults to `"logDetection"`. */ type?: pulumi.Input; /** * Whether or not to validate the Rule. */ validate?: pulumi.Input; } /** * The set of arguments for constructing a SecurityMonitoringRule resource. */ export interface SecurityMonitoringRuleArgs { /** * One or more calculated fields. Available only for scheduled rules (in other words, when `schedulingOptions` is defined). */ calculatedFields?: pulumi.Input[]>; /** * Cases for generating signals. */ cases?: pulumi.Input[]>; /** * Whether the rule is enabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * Additional queries to filter matched events before they are processed. **Note**: This field is deprecated for log detection, signal correlation, and workload security rules. */ filters?: pulumi.Input[]>; /** * Additional grouping to perform on top of the query grouping. */ groupSignalsBies?: pulumi.Input[]>; /** * Whether the notifications include the triggering group-by values in their title. Defaults to `false`. */ hasExtendedTitle?: pulumi.Input; /** * Message for generated signals. */ message: pulumi.Input; /** * The name of the rule. */ name: pulumi.Input; /** * Options on rules. */ options?: pulumi.Input; /** * Queries for selecting logs which are part of the rule. */ queries?: pulumi.Input[]>; /** * Reference tables for filtering query results. */ referenceTables?: pulumi.Input[]>; /** * Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs in real time on ingested logs. */ schedulingOptions?: pulumi.Input; /** * Queries for selecting logs which are part of the rule. */ signalQueries?: pulumi.Input[]>; /** * Tags for generated signals. Note: if default tags are present at provider level, they will be added to this resource. */ tags?: pulumi.Input[]>; /** * Cases for generating signals for third-party rules. Only required and accepted for third-party rules */ thirdPartyCases?: pulumi.Input[]>; /** * The rule type. Valid values are `applicationSecurity`, `logDetection`, `workloadSecurity`, `signalCorrelation`. Defaults to `"logDetection"`. */ type?: pulumi.Input; /** * Whether or not to validate the Rule. */ validate?: pulumi.Input; }