Provides a Datadog Security Monitoring Suppression API resource. It can be used to create and manage Datadog security monitoring suppression rules.
resource "datadog_security_monitoring_suppression" "my_suppression" {
name = "My suppression"
description = "Suppression for low severity CloudTrail signals from test environments limited to 2024"
enabled = true
rule_query = "severity:low source:cloudtrail"
suppression_query = "env:test"
expiration_date = "2024-12-31T12:00:00Z"
}
enabled
(Boolean) Whether the suppression rule is enabled.name
(String) The name of the suppression rule.rule_query
(String) The rule query of the suppression rule, with the same syntax as the search bar for detection rules.data_exclusion_query
(String) An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.description
(String) A description for the suppression rule.expiration_date
(String) A RFC3339 timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.suppression_query
(String) The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer.id
(String) The ID of this resource.Import is supported using the following syntax:
# Security monitoring suppressions can be imported using ID, for example:
terraform import datadog_security_monitoring_suppression.my_suppression m0o-hto-lkb