Use this data source to retrieve information about existing security monitoring rules for use in other resources.
data "datadog_security_monitoring_rules" "test" {
name_filter = "attack"
tags_filter = ["foo:bar"]
default_only_filter = true
}
default_only_filter
(Boolean) Limit the search to default rulesname_filter
(String) A rule name to limit the searchtags_filter
(List of String) A list of tags to limit the searchuser_only_filter
(Boolean) Limit the search to user rulesid
(String) The ID of this resource.rule_ids
(List of String) List of IDs of the matched rules.rules
(List of Object) List of rules. (see below for nested schema)rules
Read-Only:
case
(List of Object) (see below for nested schema)enabled
(Boolean)filter
(List of Object) (see below for nested schema)has_extended_title
(Boolean)message
(String)name
(String)options
(List of Object) (see below for nested schema)query
(List of Object) (see below for nested schema)signal_query
(List of Object) (see below for nested schema)tags
(Set of String)third_party_case
(List of Object) (see below for nested schema)type
(String)rules.case
Read-Only:
condition
(String)name
(String)notifications
(List of String)status
(String)rules.filter
Read-Only:
action
(String)query
(String)rules.options
Read-Only:
decrease_criticality_based_on_env
(Boolean)detection_method
(String)evaluation_window
(Number)impossible_travel_options
(List of Object) (see below for nested schema)keep_alive
(Number)max_signal_duration
(Number)new_value_options
(List of Object) (see below for nested schema)third_party_rule_options
(List of Object) (see below for nested schema)rules.options.impossible_travel_options
Read-Only:
baseline_user_locations
(Boolean)rules.options.new_value_options
Read-Only:
forget_after
(Number)learning_duration
(Number)learning_method
(String)learning_threshold
(Number)rules.options.third_party_rule_options
Read-Only:
default_notifications
(List of String)default_status
(String)root_query
(List of Object) (see below for nested schema)signal_title_template
(String)rules.options.third_party_rule_options.signal_title_template
Read-Only:
group_by_fields
(List of String)query
(String)rules.query
Read-Only:
agent_rule
(List of Object) (see below for nested schema)aggregation
(String)distinct_fields
(List of String)group_by_fields
(List of String)metric
(String)metrics
(List of String)name
(String)query
(String)rules.query.agent_rule
Read-Only:
agent_rule_id
(String)expression
(String)rules.signal_query
Read-Only:
aggregation
(String)correlated_by_fields
(List of String)correlated_query_index
(String)default_rule_id
(String)name
(String)rule_id
(String)rules.third_party_case
Read-Only:
name
(String)notifications
(List of String)query
(String)status
(String)