import * as pulumi from "@pulumi/pulumi"; /** * Provides a Datadog Security Monitoring Suppression API resource. It can be used to create and manage Datadog security monitoring suppression rules. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as datadog from "@pulumi/datadog"; * * const mySuppression = new datadog.SecurityMonitoringSuppression("my_suppression", { * name: "My suppression", * description: "Suppression for low severity CloudTrail signals from John Doe, excluding test environments from analysis, limited to 2024", * enabled: true, * ruleQuery: "severity:low source:cloudtrail", * suppressionQuery: "@usr.id:john.doe", * dataExclusionQuery: "env:test", * startDate: "2024-12-01T16:00:00Z", * expirationDate: "2024-12-31T12:00:00Z", * }); * ``` * * ## Import * * The `pulumi import` command can be used, for example: * * Security monitoring suppressions can be imported using ID, for example: * * ```sh * $ pulumi import datadog:index/securityMonitoringSuppression:SecurityMonitoringSuppression my_suppression m0o-hto-lkb * ``` */ export declare class SecurityMonitoringSuppression extends pulumi.CustomResource { /** * Get an existing SecurityMonitoringSuppression resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: SecurityMonitoringSuppressionState, opts?: pulumi.CustomResourceOptions): SecurityMonitoringSuppression; /** * Returns true if the given object is an instance of SecurityMonitoringSuppression. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SecurityMonitoringSuppression; /** * An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. */ readonly dataExclusionQuery: pulumi.Output; /** * A description for the suppression rule. */ readonly description: pulumi.Output; /** * Whether the suppression rule is enabled. */ readonly enabled: pulumi.Output; /** * A RFC3339 timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. */ readonly expirationDate: pulumi.Output; /** * The name of the suppression rule. */ readonly name: pulumi.Output; /** * The rule query of the suppression rule, with the same syntax as the search bar for detection rules. */ readonly ruleQuery: pulumi.Output; /** * A RFC3339 timestamp giving a start date for the suppression rule. Before this date, it doesn't suppress signals. */ readonly startDate: pulumi.Output; /** * The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer. */ readonly suppressionQuery: pulumi.Output; /** * A list of tags associated with the suppression rule. */ readonly tags: pulumi.Output; /** * Whether to validate the suppression rule during `pulumi preview`. When set to `true`, the rule is validated against Datadog's suppression validation endpoint. Defaults to `true`. */ readonly validate: pulumi.Output; /** * Create a SecurityMonitoringSuppression resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SecurityMonitoringSuppressionArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SecurityMonitoringSuppression resources. */ export interface SecurityMonitoringSuppressionState { /** * An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. */ dataExclusionQuery?: pulumi.Input; /** * A description for the suppression rule. */ description?: pulumi.Input; /** * Whether the suppression rule is enabled. */ enabled?: pulumi.Input; /** * A RFC3339 timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. */ expirationDate?: pulumi.Input; /** * The name of the suppression rule. */ name?: pulumi.Input; /** * The rule query of the suppression rule, with the same syntax as the search bar for detection rules. */ ruleQuery?: pulumi.Input; /** * A RFC3339 timestamp giving a start date for the suppression rule. Before this date, it doesn't suppress signals. */ startDate?: pulumi.Input; /** * The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer. */ suppressionQuery?: pulumi.Input; /** * A list of tags associated with the suppression rule. */ tags?: pulumi.Input[]>; /** * Whether to validate the suppression rule during `pulumi preview`. When set to `true`, the rule is validated against Datadog's suppression validation endpoint. Defaults to `true`. */ validate?: pulumi.Input; } /** * The set of arguments for constructing a SecurityMonitoringSuppression resource. */ export interface SecurityMonitoringSuppressionArgs { /** * An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. */ dataExclusionQuery?: pulumi.Input; /** * A description for the suppression rule. */ description?: pulumi.Input; /** * Whether the suppression rule is enabled. */ enabled: pulumi.Input; /** * A RFC3339 timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. */ expirationDate?: pulumi.Input; /** * The name of the suppression rule. */ name: pulumi.Input; /** * The rule query of the suppression rule, with the same syntax as the search bar for detection rules. */ ruleQuery: pulumi.Input; /** * A RFC3339 timestamp giving a start date for the suppression rule. Before this date, it doesn't suppress signals. */ startDate?: pulumi.Input; /** * The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer. */ suppressionQuery?: pulumi.Input; /** * A list of tags associated with the suppression rule. */ tags?: pulumi.Input[]>; /** * Whether to validate the suppression rule during `pulumi preview`. When set to `true`, the rule is validated against Datadog's suppression validation endpoint. Defaults to `true`. */ validate?: pulumi.Input; }