scanning_rules
Creates, updates, deletes, gets or lists a scanning_rules resource.
Overview
| Name | scanning_rules |
| Type | Resource |
| Id | datadog.security.scanning_rules |
Fields
The following fields are returned by SELECT queries:
SELECT not supported for this resource, use SHOW METHODS to view available operations for the resource.
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
create_scanning_rule | insert | region, data__data, data__meta | Create a scanning rule in a sensitive data scanner group, ordered last. The posted rule MUST include a group relationship. It MUST include either a standard_pattern relationship or a regex attribute, but not both. If included_attributes is empty or missing, we will scan all attributes except excluded_attributes. If both are missing, we will scan the whole event. | |
update_scanning_rule | update | rule_id, region, data__data, data__meta | Update a scanning rule. The request body MUST NOT include a standard_pattern relationship, as that relationship is non-editable. Trying to edit the regex attribute of a rule with a standard_pattern relationship will also result in an error. | |
delete_scanning_rule | delete | rule_id, region | Delete a given rule. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
region | string | (default: datadoghq.com) |
rule_id | string | The ID of the rule. |
INSERT examples
- create_scanning_rule
- Manifest
Create a scanning rule in a sensitive data scanner group, ordered last.
The posted rule MUST include a group relationship.
It MUST include either a standard_pattern relationship or a regex attribute, but not both.
If included_attributes is empty or missing, we will scan all attributes except
excluded_attributes. If both are missing, we will scan the whole event.
INSERT INTO datadog.security.scanning_rules (
data__data,
data__meta,
region
)
SELECT
'{{ data }}' /* required */,
'{{ meta }}' /* required */,
'{{ region }}'
RETURNING
data,
meta
;
# Description fields are for documentation purposes
- name: scanning_rules
props:
- name: region
value: string
description: Required parameter for the scanning_rules resource.
- name: data
value: object
description: |
Data related to the creation of a rule.
- name: meta
value: object
description: |
Meta payload containing information about the API.
UPDATE examples
- update_scanning_rule
Update a scanning rule.
The request body MUST NOT include a standard_pattern relationship, as that relationship
is non-editable. Trying to edit the regex attribute of a rule with a standard_pattern
relationship will also result in an error.
UPDATE datadog.security.scanning_rules
SET
data__data = '{{ data }}',
data__meta = '{{ meta }}'
WHERE
rule_id = '{{ rule_id }}' --required
AND region = '{{ region }}' --required
AND data__data = '{{ data }}' --required
AND data__meta = '{{ meta }}' --required
RETURNING
meta;
DELETE examples
- delete_scanning_rule
Delete a given rule.
DELETE FROM datadog.security.scanning_rules
WHERE rule_id = '{{ rule_id }}' --required
AND region = '{{ region }}' --required
;