Docs Home
sysdig 1.56.1 published on Thursday, May 8, 2025 by sysdiglabs
sysdig.SecureManagedRuleset
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sysdig from "@pulumi/sysdig";
const emailNotificationChannel = sysdig.getSecureNotificationChannel({
name: "Test Email Channel",
});
const sysdigRuntimeThreatDetectionManagedRuleset = new sysdig.SecureManagedRuleset("sysdigRuntimeThreatDetectionManagedRuleset", {
description: "Managed ruleset for Sysdig Runtime Threat Detection",
inheritedFroms: [{
name: "Sysdig Runtime Threat Intelligence",
type: "falco",
}],
severity: 4,
enabled: true,
runbook: "https://runbook.com",
scope: "container.id != \"\"",
disabledRules: ["Hexadecimal string detected"],
actions: [{
container: "stop",
captures: [{
secondsBeforeEvent: 5,
secondsAfterEvent: 10,
}],
}],
notificationChannels: [emailNotificationChannel.then(emailNotificationChannel => emailNotificationChannel.id)],
});
import pulumi
import pulumi_sysdig as sysdig
email_notification_channel = sysdig.get_secure_notification_channel(name="Test Email Channel")
sysdig_runtime_threat_detection_managed_ruleset = sysdig.SecureManagedRuleset("sysdigRuntimeThreatDetectionManagedRuleset",
description="Managed ruleset for Sysdig Runtime Threat Detection",
inherited_froms=[{
"name": "Sysdig Runtime Threat Intelligence",
"type": "falco",
}],
severity=4,
enabled=True,
runbook="https://runbook.com",
scope="container.id != \"\"",
disabled_rules=["Hexadecimal string detected"],
actions=[{
"container": "stop",
"captures": [{
"seconds_before_event": 5,
"seconds_after_event": 10,
}],
}],
notification_channels=[email_notification_channel.id])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sysdig/sysdig"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
emailNotificationChannel, err := sysdig.GetSecureNotificationChannel(ctx, &sysdig.GetSecureNotificationChannelArgs{
Name: "Test Email Channel",
}, nil)
if err != nil {
return err
}
_, err = sysdig.NewSecureManagedRuleset(ctx, "sysdigRuntimeThreatDetectionManagedRuleset", &sysdig.SecureManagedRulesetArgs{
Description: pulumi.String("Managed ruleset for Sysdig Runtime Threat Detection"),
InheritedFroms: sysdig.SecureManagedRulesetInheritedFromArray{
&sysdig.SecureManagedRulesetInheritedFromArgs{
Name: pulumi.String("Sysdig Runtime Threat Intelligence"),
Type: pulumi.String("falco"),
},
},
Severity: pulumi.Float64(4),
Enabled: pulumi.Bool(true),
Runbook: pulumi.String("https://runbook.com"),
Scope: pulumi.String("container.id != \"\""),
DisabledRules: pulumi.StringArray{
pulumi.String("Hexadecimal string detected"),
},
Actions: sysdig.SecureManagedRulesetActionArray{
&sysdig.SecureManagedRulesetActionArgs{
Container: pulumi.String("stop"),
Captures: sysdig.SecureManagedRulesetActionCaptureArray{
&sysdig.SecureManagedRulesetActionCaptureArgs{
SecondsBeforeEvent: pulumi.Float64(5),
SecondsAfterEvent: pulumi.Float64(10),
},
},
},
},
NotificationChannels: pulumi.Float64Array{
pulumi.String(emailNotificationChannel.Id),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sysdig = Pulumi.Sysdig;
return await Deployment.RunAsync(() =>
{
var emailNotificationChannel = Sysdig.GetSecureNotificationChannel.Invoke(new()
{
Name = "Test Email Channel",
});
var sysdigRuntimeThreatDetectionManagedRuleset = new Sysdig.SecureManagedRuleset("sysdigRuntimeThreatDetectionManagedRuleset", new()
{
Description = "Managed ruleset for Sysdig Runtime Threat Detection",
InheritedFroms = new[]
{
new Sysdig.Inputs.SecureManagedRulesetInheritedFromArgs
{
Name = "Sysdig Runtime Threat Intelligence",
Type = "falco",
},
},
Severity = 4,
Enabled = true,
Runbook = "https://runbook.com",
Scope = "container.id != \"\"",
DisabledRules = new[]
{
"Hexadecimal string detected",
},
Actions = new[]
{
new Sysdig.Inputs.SecureManagedRulesetActionArgs
{
Container = "stop",
Captures = new[]
{
new Sysdig.Inputs.SecureManagedRulesetActionCaptureArgs
{
SecondsBeforeEvent = 5,
SecondsAfterEvent = 10,
},
},
},
},
NotificationChannels = new[]
{
emailNotificationChannel.Apply(getSecureNotificationChannelResult => getSecureNotificationChannelResult.Id),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sysdig.SysdigFunctions;
import com.pulumi.sysdig.inputs.GetSecureNotificationChannelArgs;
import com.pulumi.sysdig.SecureManagedRuleset;
import com.pulumi.sysdig.SecureManagedRulesetArgs;
import com.pulumi.sysdig.inputs.SecureManagedRulesetInheritedFromArgs;
import com.pulumi.sysdig.inputs.SecureManagedRulesetActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var emailNotificationChannel = SysdigFunctions.getSecureNotificationChannel(GetSecureNotificationChannelArgs.builder()
.name("Test Email Channel")
.build());
var sysdigRuntimeThreatDetectionManagedRuleset = new SecureManagedRuleset("sysdigRuntimeThreatDetectionManagedRuleset", SecureManagedRulesetArgs.builder()
.description("Managed ruleset for Sysdig Runtime Threat Detection")
.inheritedFroms(SecureManagedRulesetInheritedFromArgs.builder()
.name("Sysdig Runtime Threat Intelligence")
.type("falco")
.build())
.severity(4)
.enabled(true)
.runbook("https://runbook.com")
.scope("container.id != \"\"")
.disabledRules("Hexadecimal string detected")
.actions(SecureManagedRulesetActionArgs.builder()
.container("stop")
.captures(SecureManagedRulesetActionCaptureArgs.builder()
.secondsBeforeEvent(5)
.secondsAfterEvent(10)
.build())
.build())
.notificationChannels(emailNotificationChannel.applyValue(getSecureNotificationChannelResult -> getSecureNotificationChannelResult.id()))
.build());
}
}
resources:
sysdigRuntimeThreatDetectionManagedRuleset:
type: sysdig:SecureManagedRuleset
properties:
description: Managed ruleset for Sysdig Runtime Threat Detection
inheritedFroms:
- name: Sysdig Runtime Threat Intelligence
type: falco
severity: 4
enabled: true
runbook: https://runbook.com
# Scope selection
scope: container.id != ""
# Disabling rules
disabledRules:
- Hexadecimal string detected
actions:
- container: stop
captures:
- secondsBeforeEvent: 5
secondsAfterEvent: 10
notificationChannels:
- ${emailNotificationChannel.id}
variables:
emailNotificationChannel:
fn::invoke:
function: sysdig:getSecureNotificationChannel
arguments:
name: Test Email Channel
Create SecureManagedRuleset Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecureManagedRuleset(name: string, args: SecureManagedRulesetArgs, opts?: CustomResourceOptions);@overload
def SecureManagedRuleset(resource_name: str,
args: SecureManagedRulesetArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecureManagedRuleset(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
inherited_froms: Optional[Sequence[SecureManagedRulesetInheritedFromArgs]] = None,
actions: Optional[Sequence[SecureManagedRulesetActionArgs]] = None,
disabled_rules: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
notification_channels: Optional[Sequence[float]] = None,
runbook: Optional[str] = None,
scope: Optional[str] = None,
secure_managed_ruleset_id: Optional[str] = None,
severity: Optional[float] = None,
timeouts: Optional[SecureManagedRulesetTimeoutsArgs] = None)func NewSecureManagedRuleset(ctx *Context, name string, args SecureManagedRulesetArgs, opts ...ResourceOption) (*SecureManagedRuleset, error)public SecureManagedRuleset(string name, SecureManagedRulesetArgs args, CustomResourceOptions? opts = null)
public SecureManagedRuleset(String name, SecureManagedRulesetArgs args)
public SecureManagedRuleset(String name, SecureManagedRulesetArgs args, CustomResourceOptions options)
type: sysdig:SecureManagedRuleset
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecureManagedRulesetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecureManagedRulesetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecureManagedRulesetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecureManagedRulesetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecureManagedRulesetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var secureManagedRulesetResource = new Sysdig.SecureManagedRuleset("secureManagedRulesetResource", new()
{
Description = "string",
InheritedFroms = new[]
{
new Sysdig.Inputs.SecureManagedRulesetInheritedFromArgs
{
Name = "string",
Type = "string",
},
},
Actions = new[]
{
new Sysdig.Inputs.SecureManagedRulesetActionArgs
{
Captures = new[]
{
new Sysdig.Inputs.SecureManagedRulesetActionCaptureArgs
{
Name = "string",
SecondsAfterEvent = 0,
SecondsBeforeEvent = 0,
BucketName = "string",
Filter = "string",
Folder = "string",
},
},
Container = "string",
KillProcess = false,
},
},
DisabledRules = new[]
{
"string",
},
Enabled = false,
Name = "string",
NotificationChannels = new[]
{
0,
},
Runbook = "string",
Scope = "string",
SecureManagedRulesetId = "string",
Severity = 0,
Timeouts = new Sysdig.Inputs.SecureManagedRulesetTimeoutsArgs
{
Create = "string",
Delete = "string",
Read = "string",
Update = "string",
},
});
example, err := sysdig.NewSecureManagedRuleset(ctx, "secureManagedRulesetResource", &sysdig.SecureManagedRulesetArgs{
Description: pulumi.String("string"),
InheritedFroms: sysdig.SecureManagedRulesetInheritedFromArray{
&sysdig.SecureManagedRulesetInheritedFromArgs{
Name: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Actions: sysdig.SecureManagedRulesetActionArray{
&sysdig.SecureManagedRulesetActionArgs{
Captures: sysdig.SecureManagedRulesetActionCaptureArray{
&sysdig.SecureManagedRulesetActionCaptureArgs{
Name: pulumi.String("string"),
SecondsAfterEvent: pulumi.Float64(0),
SecondsBeforeEvent: pulumi.Float64(0),
BucketName: pulumi.String("string"),
Filter: pulumi.String("string"),
Folder: pulumi.String("string"),
},
},
Container: pulumi.String("string"),
KillProcess: pulumi.Bool(false),
},
},
DisabledRules: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
NotificationChannels: pulumi.Float64Array{
pulumi.Float64(0),
},
Runbook: pulumi.String("string"),
Scope: pulumi.String("string"),
SecureManagedRulesetId: pulumi.String("string"),
Severity: pulumi.Float64(0),
Timeouts: &sysdig.SecureManagedRulesetTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Read: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var secureManagedRulesetResource = new SecureManagedRuleset("secureManagedRulesetResource", SecureManagedRulesetArgs.builder()
.description("string")
.inheritedFroms(SecureManagedRulesetInheritedFromArgs.builder()
.name("string")
.type("string")
.build())
.actions(SecureManagedRulesetActionArgs.builder()
.captures(SecureManagedRulesetActionCaptureArgs.builder()
.name("string")
.secondsAfterEvent(0.0)
.secondsBeforeEvent(0.0)
.bucketName("string")
.filter("string")
.folder("string")
.build())
.container("string")
.killProcess(false)
.build())
.disabledRules("string")
.enabled(false)
.name("string")
.notificationChannels(0.0)
.runbook("string")
.scope("string")
.secureManagedRulesetId("string")
.severity(0.0)
.timeouts(SecureManagedRulesetTimeoutsArgs.builder()
.create("string")
.delete("string")
.read("string")
.update("string")
.build())
.build());
secure_managed_ruleset_resource = sysdig.SecureManagedRuleset("secureManagedRulesetResource",
description="string",
inherited_froms=[{
"name": "string",
"type": "string",
}],
actions=[{
"captures": [{
"name": "string",
"seconds_after_event": 0,
"seconds_before_event": 0,
"bucket_name": "string",
"filter": "string",
"folder": "string",
}],
"container": "string",
"kill_process": False,
}],
disabled_rules=["string"],
enabled=False,
name="string",
notification_channels=[0],
runbook="string",
scope="string",
secure_managed_ruleset_id="string",
severity=0,
timeouts={
"create": "string",
"delete": "string",
"read": "string",
"update": "string",
})
const secureManagedRulesetResource = new sysdig.SecureManagedRuleset("secureManagedRulesetResource", {
description: "string",
inheritedFroms: [{
name: "string",
type: "string",
}],
actions: [{
captures: [{
name: "string",
secondsAfterEvent: 0,
secondsBeforeEvent: 0,
bucketName: "string",
filter: "string",
folder: "string",
}],
container: "string",
killProcess: false,
}],
disabledRules: ["string"],
enabled: false,
name: "string",
notificationChannels: [0],
runbook: "string",
scope: "string",
secureManagedRulesetId: "string",
severity: 0,
timeouts: {
create: "string",
"delete": "string",
read: "string",
update: "string",
},
});
type: sysdig:SecureManagedRuleset
properties:
actions:
- captures:
- bucketName: string
filter: string
folder: string
name: string
secondsAfterEvent: 0
secondsBeforeEvent: 0
container: string
killProcess: false
description: string
disabledRules:
- string
enabled: false
inheritedFroms:
- name: string
type: string
name: string
notificationChannels:
- 0
runbook: string
scope: string
secureManagedRulesetId: string
severity: 0
timeouts:
create: string
delete: string
read: string
update: string
SecureManagedRuleset Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecureManagedRuleset resource accepts the following input properties:
- Description string
- The description of Secure policy.
- Inherited
Froms List<SecureManaged Ruleset Inherited From> - Actions
List<Secure
Managed Ruleset Action> - Disabled
Rules List<string> - Enabled bool
- Will secure process with this rule?. By default this is true.
- Name string
- The name of the Secure policy. It must be unique.
- Notification
Channels List<double> - Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- Secure
Managed stringRuleset Id - Severity double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- Timeouts
Secure
Managed Ruleset Timeouts
- Description string
- The description of Secure policy.
- Inherited
Froms []SecureManaged Ruleset Inherited From Args - Actions
[]Secure
Managed Ruleset Action Args - Disabled
Rules []string - Enabled bool
- Will secure process with this rule?. By default this is true.
- Name string
- The name of the Secure policy. It must be unique.
- Notification
Channels []float64 - Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- Secure
Managed stringRuleset Id - Severity float64
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- Timeouts
Secure
Managed Ruleset Timeouts Args
- description String
- The description of Secure policy.
- inherited
Froms List<SecureManaged Ruleset Inherited From> - actions
List<Secure
Managed Ruleset Action> - disabled
Rules List<String> - enabled Boolean
- Will secure process with this rule?. By default this is true.
- name String
- The name of the Secure policy. It must be unique.
- notification
Channels List<Double> - runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- secure
Managed StringRuleset Id - severity Double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- timeouts
Secure
Managed Ruleset Timeouts
- description string
- The description of Secure policy.
- inherited
Froms SecureManaged Ruleset Inherited From[] - actions
Secure
Managed Ruleset Action[] - disabled
Rules string[] - enabled boolean
- Will secure process with this rule?. By default this is true.
- name string
- The name of the Secure policy. It must be unique.
- notification
Channels number[] - runbook string
- Customer provided url that provides a runbook for a given policy.
- scope string
- secure
Managed stringRuleset Id - severity number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- timeouts
Secure
Managed Ruleset Timeouts
- description str
- The description of Secure policy.
- inherited_
froms Sequence[SecureManaged Ruleset Inherited From Args] - actions
Sequence[Secure
Managed Ruleset Action Args] - disabled_
rules Sequence[str] - enabled bool
- Will secure process with this rule?. By default this is true.
- name str
- The name of the Secure policy. It must be unique.
- notification_
channels Sequence[float] - runbook str
- Customer provided url that provides a runbook for a given policy.
- scope str
- secure_
managed_ strruleset_ id - severity float
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- timeouts
Secure
Managed Ruleset Timeouts Args
- description String
- The description of Secure policy.
- inherited
Froms List<Property Map> - actions List<Property Map>
- disabled
Rules List<String> - enabled Boolean
- Will secure process with this rule?. By default this is true.
- name String
- The name of the Secure policy. It must be unique.
- notification
Channels List<Number> - runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- secure
Managed StringRuleset Id - severity Number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the SecureManagedRuleset resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Template
Id double - Version double
- Id string
- The provider-assigned unique ID for this managed resource.
- Template
Id float64 - Version float64
- id String
- The provider-assigned unique ID for this managed resource.
- template
Id Double - version Double
- id string
- The provider-assigned unique ID for this managed resource.
- template
Id number - version number
- id str
- The provider-assigned unique ID for this managed resource.
- template_
id float - version float
- id String
- The provider-assigned unique ID for this managed resource.
- template
Id Number - version Number
Look up Existing SecureManagedRuleset Resource
Get an existing SecureManagedRuleset resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecureManagedRulesetState, opts?: CustomResourceOptions): SecureManagedRuleset@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[SecureManagedRulesetActionArgs]] = None,
description: Optional[str] = None,
disabled_rules: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
inherited_froms: Optional[Sequence[SecureManagedRulesetInheritedFromArgs]] = None,
name: Optional[str] = None,
notification_channels: Optional[Sequence[float]] = None,
runbook: Optional[str] = None,
scope: Optional[str] = None,
secure_managed_ruleset_id: Optional[str] = None,
severity: Optional[float] = None,
template_id: Optional[float] = None,
timeouts: Optional[SecureManagedRulesetTimeoutsArgs] = None,
version: Optional[float] = None) -> SecureManagedRulesetfunc GetSecureManagedRuleset(ctx *Context, name string, id IDInput, state *SecureManagedRulesetState, opts ...ResourceOption) (*SecureManagedRuleset, error)public static SecureManagedRuleset Get(string name, Input<string> id, SecureManagedRulesetState? state, CustomResourceOptions? opts = null)public static SecureManagedRuleset get(String name, Output<String> id, SecureManagedRulesetState state, CustomResourceOptions options)resources: _: type: sysdig:SecureManagedRuleset get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions
List<Secure
Managed Ruleset Action> - Description string
- The description of Secure policy.
- Disabled
Rules List<string> - Enabled bool
- Will secure process with this rule?. By default this is true.
- Inherited
Froms List<SecureManaged Ruleset Inherited From> - Name string
- The name of the Secure policy. It must be unique.
- Notification
Channels List<double> - Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- Secure
Managed stringRuleset Id - Severity double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- Template
Id double - Timeouts
Secure
Managed Ruleset Timeouts - Version double
- Actions
[]Secure
Managed Ruleset Action Args - Description string
- The description of Secure policy.
- Disabled
Rules []string - Enabled bool
- Will secure process with this rule?. By default this is true.
- Inherited
Froms []SecureManaged Ruleset Inherited From Args - Name string
- The name of the Secure policy. It must be unique.
- Notification
Channels []float64 - Runbook string
- Customer provided url that provides a runbook for a given policy.
- Scope string
- Secure
Managed stringRuleset Id - Severity float64
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- Template
Id float64 - Timeouts
Secure
Managed Ruleset Timeouts Args - Version float64
- actions
List<Secure
Managed Ruleset Action> - description String
- The description of Secure policy.
- disabled
Rules List<String> - enabled Boolean
- Will secure process with this rule?. By default this is true.
- inherited
Froms List<SecureManaged Ruleset Inherited From> - name String
- The name of the Secure policy. It must be unique.
- notification
Channels List<Double> - runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- secure
Managed StringRuleset Id - severity Double
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- template
Id Double - timeouts
Secure
Managed Ruleset Timeouts - version Double
- actions
Secure
Managed Ruleset Action[] - description string
- The description of Secure policy.
- disabled
Rules string[] - enabled boolean
- Will secure process with this rule?. By default this is true.
- inherited
Froms SecureManaged Ruleset Inherited From[] - name string
- The name of the Secure policy. It must be unique.
- notification
Channels number[] - runbook string
- Customer provided url that provides a runbook for a given policy.
- scope string
- secure
Managed stringRuleset Id - severity number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- template
Id number - timeouts
Secure
Managed Ruleset Timeouts - version number
- actions
Sequence[Secure
Managed Ruleset Action Args] - description str
- The description of Secure policy.
- disabled_
rules Sequence[str] - enabled bool
- Will secure process with this rule?. By default this is true.
- inherited_
froms Sequence[SecureManaged Ruleset Inherited From Args] - name str
- The name of the Secure policy. It must be unique.
- notification_
channels Sequence[float] - runbook str
- Customer provided url that provides a runbook for a given policy.
- scope str
- secure_
managed_ strruleset_ id - severity float
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- template_
id float - timeouts
Secure
Managed Ruleset Timeouts Args - version float
- actions List<Property Map>
- description String
- The description of Secure policy.
- disabled
Rules List<String> - enabled Boolean
- Will secure process with this rule?. By default this is true.
- inherited
Froms List<Property Map> - name String
- The name of the Secure policy. It must be unique.
- notification
Channels List<Number> - runbook String
- Customer provided url that provides a runbook for a given policy.
- scope String
- secure
Managed StringRuleset Id - severity Number
- The severity of Secure policy. The accepted values are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
- template
Id Number - timeouts Property Map
- version Number
Supporting Types
SecureManagedRulesetAction, SecureManagedRulesetActionArgs
- Captures
List<Secure
Managed Ruleset Action Capture> - Captures with Sysdig the stream of system calls:
- Container string
- The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- Kill
Process bool
- Captures
[]Secure
Managed Ruleset Action Capture - Captures with Sysdig the stream of system calls:
- Container string
- The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- Kill
Process bool
- captures
List<Secure
Managed Ruleset Action Capture> - Captures with Sysdig the stream of system calls:
- container String
- The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- kill
Process Boolean
- captures
Secure
Managed Ruleset Action Capture[] - Captures with Sysdig the stream of system calls:
- container string
- The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- kill
Process boolean
- captures
Sequence[Secure
Managed Ruleset Action Capture] - Captures with Sysdig the stream of system calls:
- container str
- The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- kill_
process bool
- captures List<Property Map>
- Captures with Sysdig the stream of system calls:
- container String
- The action applied to container when this Policy is triggered. Can be stop, pause or kill. If this is not specified, no action will be applied at the container level.
- kill
Process Boolean
SecureManagedRulesetActionCapture, SecureManagedRulesetActionCaptureArgs
- Name string
- The name of the Secure policy. It must be unique.
- Seconds
After doubleEvent - Captures the system calls for the amount of seconds after the policy was triggered.
- Seconds
Before doubleEvent - Captures the system calls during the amount of seconds before the policy was triggered.
- Bucket
Name string - Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- Filter string
- Additional filter to apply to the capture. For example:
proc.name=cat - Folder string
- Name of folder to store capture inside the bucket.
By default we will store the capture file at the root of the bucket
- Name string
- The name of the Secure policy. It must be unique.
- Seconds
After float64Event - Captures the system calls for the amount of seconds after the policy was triggered.
- Seconds
Before float64Event - Captures the system calls during the amount of seconds before the policy was triggered.
- Bucket
Name string - Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- Filter string
- Additional filter to apply to the capture. For example:
proc.name=cat - Folder string
- Name of folder to store capture inside the bucket.
By default we will store the capture file at the root of the bucket
- name String
- The name of the Secure policy. It must be unique.
- seconds
After DoubleEvent - Captures the system calls for the amount of seconds after the policy was triggered.
- seconds
Before DoubleEvent - Captures the system calls during the amount of seconds before the policy was triggered.
- bucket
Name String - Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter String
- Additional filter to apply to the capture. For example:
proc.name=cat - folder String
- Name of folder to store capture inside the bucket.
By default we will store the capture file at the root of the bucket
- name string
- The name of the Secure policy. It must be unique.
- seconds
After numberEvent - Captures the system calls for the amount of seconds after the policy was triggered.
- seconds
Before numberEvent - Captures the system calls during the amount of seconds before the policy was triggered.
- bucket
Name string - Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter string
- Additional filter to apply to the capture. For example:
proc.name=cat - folder string
- Name of folder to store capture inside the bucket.
By default we will store the capture file at the root of the bucket
- name str
- The name of the Secure policy. It must be unique.
- seconds_
after_ floatevent - Captures the system calls for the amount of seconds after the policy was triggered.
- seconds_
before_ floatevent - Captures the system calls during the amount of seconds before the policy was triggered.
- bucket_
name str - Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter str
- Additional filter to apply to the capture. For example:
proc.name=cat - folder str
- Name of folder to store capture inside the bucket.
By default we will store the capture file at the root of the bucket
- name String
- The name of the Secure policy. It must be unique.
- seconds
After NumberEvent - Captures the system calls for the amount of seconds after the policy was triggered.
- seconds
Before NumberEvent - Captures the system calls during the amount of seconds before the policy was triggered.
- bucket
Name String - Custom bucket to store capture in, bucket should be onboarded in Integrations > S3 Capture Storage. Default is to use Sysdig Secure Storage
- filter String
- Additional filter to apply to the capture. For example:
proc.name=cat - folder String
- Name of folder to store capture inside the bucket.
By default we will store the capture file at the root of the bucket
SecureManagedRulesetInheritedFrom, SecureManagedRulesetInheritedFromArgs
SecureManagedRulesetTimeouts, SecureManagedRulesetTimeoutsArgs
Import
Secure managed rulesets can be imported using the ID, e.g.
$ pulumi import sysdig:index/secureManagedRuleset:SecureManagedRuleset example 12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sysdig sysdiglabs/terraform-provider-sysdig
- License
- Notes
- This Pulumi package is based on the
sysdigTerraform Provider.