sysdig 1.56.1, May 8 25

sysdig 1.56.1 published on Thursday, May 8, 2025 by sysdiglabs

sysdig.getSecureManagedRuleset

Explore with Pulumi AI

sysdig 1.56.1 published on Thursday, May 8, 2025 by sysdiglabs

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";

const example = sysdig.getSecureManagedRuleset({
    name: "Sysdig Runtime Threat Detection - Managed Ruleset",
    type: "falco",
});

import pulumi
import pulumi_sysdig as sysdig

example = sysdig.get_secure_managed_ruleset(name="Sysdig Runtime Threat Detection - Managed Ruleset",
    type="falco")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sysdig.LookupSecureManagedRuleset(ctx, &sysdig.LookupSecureManagedRulesetArgs{
			Name: "Sysdig Runtime Threat Detection - Managed Ruleset",
			Type: pulumi.StringRef("falco"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;

return await Deployment.RunAsync(() => 
{
    var example = Sysdig.GetSecureManagedRuleset.Invoke(new()
    {
        Name = "Sysdig Runtime Threat Detection - Managed Ruleset",
        Type = "falco",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SysdigFunctions;
import com.pulumi.sysdig.inputs.GetSecureManagedRulesetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = SysdigFunctions.getSecureManagedRuleset(GetSecureManagedRulesetArgs.builder()
            .name("Sysdig Runtime Threat Detection - Managed Ruleset")
            .type("falco")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: sysdig:getSecureManagedRuleset
      arguments:
        name: Sysdig Runtime Threat Detection - Managed Ruleset
        type: falco

Using getSecureManagedRuleset

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSecureManagedRuleset(args: GetSecureManagedRulesetArgs, opts?: InvokeOptions): Promise<GetSecureManagedRulesetResult>
function getSecureManagedRulesetOutput(args: GetSecureManagedRulesetOutputArgs, opts?: InvokeOptions): Output<GetSecureManagedRulesetResult>

def get_secure_managed_ruleset(actions: Optional[Sequence[GetSecureManagedRulesetAction]] = None,
                               name: Optional[str] = None,
                               runbook: Optional[str] = None,
                               timeouts: Optional[GetSecureManagedRulesetTimeouts] = None,
                               type: Optional[str] = None,
                               opts: Optional[InvokeOptions] = None) -> GetSecureManagedRulesetResult
def get_secure_managed_ruleset_output(actions: Optional[pulumi.Input[Sequence[pulumi.Input[GetSecureManagedRulesetActionArgs]]]] = None,
                               name: Optional[pulumi.Input[str]] = None,
                               runbook: Optional[pulumi.Input[str]] = None,
                               timeouts: Optional[pulumi.Input[GetSecureManagedRulesetTimeoutsArgs]] = None,
                               type: Optional[pulumi.Input[str]] = None,
                               opts: Optional[InvokeOptions] = None) -> Output[GetSecureManagedRulesetResult]

func LookupSecureManagedRuleset(ctx *Context, args *LookupSecureManagedRulesetArgs, opts ...InvokeOption) (*LookupSecureManagedRulesetResult, error)
func LookupSecureManagedRulesetOutput(ctx *Context, args *LookupSecureManagedRulesetOutputArgs, opts ...InvokeOption) LookupSecureManagedRulesetResultOutput

> Note: This function is named LookupSecureManagedRuleset in the Go SDK.

public static class GetSecureManagedRuleset 
{
    public static Task<GetSecureManagedRulesetResult> InvokeAsync(GetSecureManagedRulesetArgs args, InvokeOptions? opts = null)
    public static Output<GetSecureManagedRulesetResult> Invoke(GetSecureManagedRulesetInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecureManagedRulesetResult> getSecureManagedRuleset(GetSecureManagedRulesetArgs args, InvokeOptions options)
public static Output<GetSecureManagedRulesetResult> getSecureManagedRuleset(GetSecureManagedRulesetArgs args, InvokeOptions options)

fn::invoke:
  function: sysdig:index/getSecureManagedRuleset:getSecureManagedRuleset
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string: The name of the Secure managed ruleset.
Actions List<GetSecureManagedRulesetAction>
Runbook string: Customer provided url that provides a runbook for a given policy.
Timeouts GetSecureManagedRulesetTimeouts
Type string: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

Name string: The name of the Secure managed ruleset.
Actions []GetSecureManagedRulesetAction
Runbook string: Customer provided url that provides a runbook for a given policy.
Timeouts GetSecureManagedRulesetTimeouts
Type string: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

name String: The name of the Secure managed ruleset.
actions List<GetSecureManagedRulesetAction>
runbook String: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureManagedRulesetTimeouts
type String: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

name string: The name of the Secure managed ruleset.
actions GetSecureManagedRulesetAction[]
runbook string: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureManagedRulesetTimeouts
type string: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

name str: The name of the Secure managed ruleset.
actions Sequence[GetSecureManagedRulesetAction]
runbook str: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureManagedRulesetTimeouts
type str: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

name String: The name of the Secure managed ruleset.
actions List<Property Map>
runbook String: Customer provided url that provides a runbook for a given policy.
timeouts Property Map
type String: Specifies the type of the runtime policy. Must be one of: falco, list_matching, k8s_audit, aws_cloudtrail, gcp_auditlog, azure_platformlogs, awscloudtrail, okta, github, guardduty. By default it is falco.

getSecureManagedRuleset Result

The following output properties are available:

Description string: The description for the managed policy.
Enabled bool: Whether the policy is enabled or not.
Id double: The id for the managed policy.
Name string: (Required) The name of the capture file
NotificationChannels List<double>: IDs of the notification channels to send alerts to when the policy is fired.
Rules List<GetSecureManagedRulesetRule>: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
Scope string: The application scope for the policy.
Severity double: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
Actions List<GetSecureManagedRulesetAction>
Runbook string: Customer provided url that provides a runbook for a given policy.
Timeouts GetSecureManagedRulesetTimeouts
Type string

Description string: The description for the managed policy.
Enabled bool: Whether the policy is enabled or not.
Id float64: The id for the managed policy.
Name string: (Required) The name of the capture file
NotificationChannels []float64: IDs of the notification channels to send alerts to when the policy is fired.
Rules []GetSecureManagedRulesetRule: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
Scope string: The application scope for the policy.
Severity float64: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
Actions []GetSecureManagedRulesetAction
Runbook string: Customer provided url that provides a runbook for a given policy.
Timeouts GetSecureManagedRulesetTimeouts
Type string

description String: The description for the managed policy.
enabled Boolean: Whether the policy is enabled or not.
id Double: The id for the managed policy.
name String: (Required) The name of the capture file
notificationChannels List<Double>: IDs of the notification channels to send alerts to when the policy is fired.
rules List<GetSecureManagedRulesetRule>: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
scope String: The application scope for the policy.
severity Double: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
actions List<GetSecureManagedRulesetAction>
runbook String: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureManagedRulesetTimeouts
type String

description string: The description for the managed policy.
enabled boolean: Whether the policy is enabled or not.
id number: The id for the managed policy.
name string: (Required) The name of the capture file
notificationChannels number[]: IDs of the notification channels to send alerts to when the policy is fired.
rules GetSecureManagedRulesetRule[]: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
scope string: The application scope for the policy.
severity number: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
actions GetSecureManagedRulesetAction[]
runbook string: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureManagedRulesetTimeouts
type string

description str: The description for the managed policy.
enabled bool: Whether the policy is enabled or not.
id float: The id for the managed policy.
name str: (Required) The name of the capture file
notification_channels Sequence[float]: IDs of the notification channels to send alerts to when the policy is fired.
rules Sequence[GetSecureManagedRulesetRule]: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
scope str: The application scope for the policy.
severity float: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
actions Sequence[GetSecureManagedRulesetAction]
runbook str: Customer provided url that provides a runbook for a given policy.
timeouts GetSecureManagedRulesetTimeouts
type str

description String: The description for the managed policy.
enabled Boolean: Whether the policy is enabled or not.
id Number: The id for the managed policy.
name String: (Required) The name of the capture file
notificationChannels List<Number>: IDs of the notification channels to send alerts to when the policy is fired.
rules List<Property Map>: An array of rules with the properties name and enabled to identify the rule name and whether it is enabled.
scope String: The application scope for the policy.
severity Number: The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
actions List<Property Map>
runbook String: Customer provided url that provides a runbook for a given policy.
timeouts Property Map
type String

Supporting Types

GetSecureManagedRulesetAction

Container string: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
KillProcess string
Captures List<GetSecureManagedRulesetActionCapture>: (Optional) Captures with Sysdig the stream of system calls:

Container string: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
KillProcess string
Captures []GetSecureManagedRulesetActionCapture: (Optional) Captures with Sysdig the stream of system calls:

container String: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
killProcess String
captures List<GetSecureManagedRulesetActionCapture>: (Optional) Captures with Sysdig the stream of system calls:

container string: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
killProcess string
captures GetSecureManagedRulesetActionCapture[]: (Optional) Captures with Sysdig the stream of system calls:

container str: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
kill_process str
captures Sequence[GetSecureManagedRulesetActionCapture]: (Optional) Captures with Sysdig the stream of system calls:

container String: (Optional) The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
killProcess String
captures List<Property Map>: (Optional) Captures with Sysdig the stream of system calls:

GetSecureManagedRulesetActionCapture

BucketName string: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
Filter string: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
Folder string: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
Name string: The name of the Secure managed ruleset.
SecondsAfterEvent double: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
SecondsBeforeEvent double: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

BucketName string: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
Filter string: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
Folder string: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
Name string: The name of the Secure managed ruleset.
SecondsAfterEvent float64: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
SecondsBeforeEvent float64: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

bucketName String: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
filter String: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
folder String: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
name String: The name of the Secure managed ruleset.
secondsAfterEvent Double: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
secondsBeforeEvent Double: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

bucketName string: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
filter string: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
folder string: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
name string: The name of the Secure managed ruleset.
secondsAfterEvent number: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
secondsBeforeEvent number: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

bucket_name str: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
filter str: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
folder str: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
name str: The name of the Secure managed ruleset.
seconds_after_event float: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
seconds_before_event float: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

bucketName String: (Optional) Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
filter String: (Optional) Additional filter to apply to the capture. For example: proc.name=cat
folder String: (Optional) Name of folder to store capture inside the bucket. By default we will store the capture file at the root of the bucket
name String: The name of the Secure managed ruleset.
secondsAfterEvent Number: (Required) Captures the system calls for the amount of seconds after the policy was triggered.
secondsBeforeEvent Number: (Required) Captures the system calls during the amount of seconds before the policy was triggered.

GetSecureManagedRulesetRule

Enabled bool: Whether the policy is enabled or not.
Name string: The name of the Secure managed ruleset.

Enabled bool: Whether the policy is enabled or not.
Name string: The name of the Secure managed ruleset.

enabled Boolean: Whether the policy is enabled or not.
name String: The name of the Secure managed ruleset.

enabled boolean: Whether the policy is enabled or not.
name string: The name of the Secure managed ruleset.

enabled bool: Whether the policy is enabled or not.
name str: The name of the Secure managed ruleset.

enabled Boolean: Whether the policy is enabled or not.
name String: The name of the Secure managed ruleset.

GetSecureManagedRulesetTimeouts

Read string

Read string

read String

read string

read str

read String

Package Details

Repository: sysdig sysdiglabs/terraform-provider-sysdig
License
Notes: This Pulumi package is based on the sysdig Terraform Provider.

sysdig 1.56.1 published on Thursday, May 8, 2025 by sysdiglabs

sysdiglabs/terraform-provider-sysdig

sysdig.getSecureManagedRuleset

On this page

On this page

Example Usage

Using getSecureManagedRuleset

getSecureManagedRuleset Result

Supporting Types

GetSecureManagedRulesetAction

GetSecureManagedRulesetActionCapture

GetSecureManagedRulesetRule

GetSecureManagedRulesetTimeouts

Package Details

On this page

On this page