datadog_security_monitoring_rule (Resource)

Provides a Datadog Security Monitoring Rule API resource. This can be used to create and manage Datadog security monitoring rules. To change settings for a default rule use datadog_security_default_rule instead.

Example Usage

resource "datadog_security_monitoring_rule" "myrule" {
  name = "My rule"

  message = "The rule has triggered."
  enabled = true

  query {
    name            = "errors"
    query           = "status:error"
    aggregation     = "count"
    group_by_fields = ["host"]
  }

  query {
    name            = "warnings"
    query           = "status:warning"
    aggregation     = "count"
    group_by_fields = ["host"]
  }

  case {
    status        = "high"
    condition     = "errors > 3 && warnings > 10"
    notifications = ["@user"]
  }

  options {
    evaluation_window   = 300
    keep_alive          = 600
    max_signal_duration = 900
  }

  tags = ["type:dos"]
}

Schema

Required

Optional

Read-Only

Nested Schema for case

Required:

Optional:

Nested Schema for filter

Required:

Nested Schema for options

Optional:

Nested Schema for options.impossible_travel_options

Optional:

Nested Schema for options.new_value_options

Required:

Optional:

Nested Schema for options.third_party_rule_options

Required:

Optional:

Nested Schema for options.third_party_rule_options.root_query

Required:

Optional:

Nested Schema for query

Required:

Optional:

Nested Schema for query.agent_rule

Required:

Nested Schema for signal_query

Required:

Optional:

Nested Schema for third_party_case

Required:

Optional:

Import

Import is supported using the following syntax:

# Security monitoring rules can be imported using ID, e.g.
terraform import datadog_security_monitoring_rule.my_rule m0o-hto-lkb