Skip to main content

monitoring_rules

Creates, updates, deletes, gets or lists a monitoring_rules resource.

Overview

Namemonitoring_rules
TypeResource
Iddatadog.security.monitoring_rules

Fields

The following fields are returned by SELECT queries:

NameDatatypeDescription

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
get_security_monitoring_ruleselectrule_id, regionGet a rule's details.
list_security_monitoring_rulesselectregionpage[size], page[number]List rules.
create_security_monitoring_ruleinsertregion, data__name, data__isEnabled, data__queries, data__options, data__cases, data__messageCreate a detection rule.
update_security_monitoring_rulereplacerule_id, regionUpdate an existing rule. When updating cases, queries or options, the whole field
must be included. For example, when modifying a query all queries must be included.
Default rules can only be updated to be enabled, to change notifications, or to update
the tags (default tags cannot be removed).
delete_security_monitoring_ruledeleterule_id, regionDelete an existing rule. Default rules cannot be deleted.
convert_security_monitoring_rule_from_jsonto_terraformexecregion, name, isEnabled, queries, options, cases, messageConvert a rule that doesn't (yet) exist from JSON to Terraform for datadog provider
resource datadog_security_monitoring_rule.
test_security_monitoring_ruleexecregionTest a rule.
validate_security_monitoring_ruleexecregion, name, isEnabled, queries, options, cases, messageValidate a detection rule.
convert_existing_security_monitoring_ruleexecrule_id, regionConvert an existing rule from JSON to Terraform for datadog provider
resource datadog_security_monitoring_rule.
test_existing_security_monitoring_ruleexecrule_id, regionTest an existing rule.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
regionstring(default: datadoghq.com)
rule_idstringThe ID of the rule.
page[number]integer (int64)Specific page number to return.
page[size]integer (int64)Size for a given page. The maximum allowed value is 100.

SELECT examples

Get a rule's details.

SELECT
*
FROM datadog.security.monitoring_rules
WHERE rule_id = '{{ rule_id }}' -- required
AND region = '{{ region }}' -- required
;

INSERT examples

Create a detection rule.

INSERT INTO datadog.security.monitoring_rules (
data__calculatedFields,
data__cases,
data__filters,
data__groupSignalsBy,
data__hasExtendedTitle,
data__isEnabled,
data__message,
data__name,
data__options,
data__queries,
data__referenceTables,
data__schedulingOptions,
data__tags,
data__thirdPartyCases,
data__type,
region
)
SELECT 
'{{ calculatedFields }}',
'{{ cases }}' /* required */,
'{{ filters }}',
'{{ groupSignalsBy }}',
{{ hasExtendedTitle }},
{{ isEnabled }} /* required */,
'{{ message }}' /* required */,
'{{ name }}' /* required */,
'{{ options }}' /* required */,
'{{ queries }}' /* required */,
'{{ referenceTables }}',
'{{ schedulingOptions }}',
'{{ tags }}',
'{{ thirdPartyCases }}',
'{{ type }}',
'{{ region }}'
;

REPLACE examples

Update an existing rule. When updating cases, queries or options, the whole field
must be included. For example, when modifying a query all queries must be included.
Default rules can only be updated to be enabled, to change notifications, or to update
the tags (default tags cannot be removed).

REPLACE datadog.security.monitoring_rules
SET 
data__calculatedFields = '{{ calculatedFields }}',
data__cases = '{{ cases }}',
data__complianceSignalOptions = '{{ complianceSignalOptions }}',
data__customMessage = '{{ customMessage }}',
data__customName = '{{ customName }}',
data__filters = '{{ filters }}',
data__groupSignalsBy = '{{ groupSignalsBy }}',
data__hasExtendedTitle = {{ hasExtendedTitle }},
data__isEnabled = {{ isEnabled }},
data__message = '{{ message }}',
data__name = '{{ name }}',
data__options = '{{ options }}',
data__queries = '{{ queries }}',
data__referenceTables = '{{ referenceTables }}',
data__schedulingOptions = '{{ schedulingOptions }}',
data__tags = '{{ tags }}',
data__thirdPartyCases = '{{ thirdPartyCases }}',
data__version = {{ version }}
WHERE 
rule_id = '{{ rule_id }}' --required
AND region = '{{ region }}' --required;

DELETE examples

Delete an existing rule. Default rules cannot be deleted.

DELETE FROM datadog.security.monitoring_rules
WHERE rule_id = '{{ rule_id }}' --required
AND region = '{{ region }}' --required
;

Lifecycle Methods

Convert a rule that doesn't (yet) exist from JSON to Terraform for datadog provider
resource datadog_security_monitoring_rule.

EXEC datadog.security.monitoring_rules.convert_security_monitoring_rule_from_jsonto_terraform 
@region='{{ region }}' --required 
@@json=
'{
"calculatedFields": "{{ calculatedFields }}", 
"cases": "{{ cases }}", 
"customMessage": "{{ customMessage }}", 
"customName": "{{ customName }}", 
"filters": "{{ filters }}", 
"groupSignalsBy": "{{ groupSignalsBy }}", 
"hasExtendedTitle": {{ hasExtendedTitle }}, 
"isEnabled": {{ isEnabled }}, 
"message": "{{ message }}", 
"name": "{{ name }}", 
"options": "{{ options }}", 
"queries": "{{ queries }}", 
"referenceTables": "{{ referenceTables }}", 
"schedulingOptions": "{{ schedulingOptions }}", 
"tags": "{{ tags }}", 
"thirdPartyCases": "{{ thirdPartyCases }}", 
"type": "{{ type }}"
}'
;