Provides a Datadog Security Monitoring Rule API resource for default rules. It can only be imported, you can't create a default rule.
resource "datadog_security_monitoring_default_rule" "adefaultrule" {
enabled = true
# Change the notifications for the high case
case {
status = "high"
notifications = ["@me"]
}
}
case
(Block List, Max: 10) Cases of the rule, this is used to update notifications. (see below for nested schema)enabled
(Boolean) Enable the rule. Defaults to true
.filter
(Block List) Additional queries to filter matched events before they are processed. (see below for nested schema)options
(Block List, Max: 1) Options on default rules. Note that only a subset of fields can be updated on default rule options. (see below for nested schema)id
(String) The ID of this resource.type
(String) The rule type.case
Required:
notifications
(List of String) Notification targets for each rule case.status
(String) Status of the rule case to match. Valid values are info
, low
, medium
, high
, critical
.filter
Required:
action
(String) The type of filtering action. Allowed enum values: require, suppress Valid values are require
, suppress
.query
(String) Query for selecting logs to apply the filtering action.options
Optional:
decrease_criticality_based_on_env
(Boolean) If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce noise. The decrement is applied when the environment tag of the signal starts with staging
, test
, or dev
. Only available when the rule type is log_detection
. Defaults to false
.Import is supported using the following syntax:
# Default rules need to be imported using their ID before applying.
resource "datadog_security_monitoring_default_rule" "adefaultrule" {
}
terraform import datadog_security_monitoring_default_rule.adefaultrule m0o-hto-lkb