1. Packages
  2. Lacework Provider
  3. API Docs
  4. AlertRule
lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework

lacework.AlertRule

Explore with Pulumi AI

Use this resource to create a Lacework Alert Rule in order to route events to the appropriate people or tools. For more information, see the Alert Rules documentation.

Example Usage

Alert Rule with Slack Alert Channel

import * as pulumi from "@pulumi/pulumi";
import * as lacework from "@pulumi/lacework";

const opsCritical = new lacework.AlertChannelSlack("opsCritical", {slackUrl: "https://hooks.slack.com/services/ABCD/12345/abcd1234"});
const example = new lacework.AlertRule("example", {
    description: "This is an example alert rule",
    alertChannels: [opsCritical.alertChannelSlackId],
    severities: ["Critical"],
    alertSubcategories: ["Compliance"],
    alertCategories: ["Policy"],
    alertSources: ["AWS"],
});
Copy
import pulumi
import pulumi_lacework as lacework

ops_critical = lacework.AlertChannelSlack("opsCritical", slack_url="https://hooks.slack.com/services/ABCD/12345/abcd1234")
example = lacework.AlertRule("example",
    description="This is an example alert rule",
    alert_channels=[ops_critical.alert_channel_slack_id],
    severities=["Critical"],
    alert_subcategories=["Compliance"],
    alert_categories=["Policy"],
    alert_sources=["AWS"])
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/lacework/v2/lacework"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		opsCritical, err := lacework.NewAlertChannelSlack(ctx, "opsCritical", &lacework.AlertChannelSlackArgs{
			SlackUrl: pulumi.String("https://hooks.slack.com/services/ABCD/12345/abcd1234"),
		})
		if err != nil {
			return err
		}
		_, err = lacework.NewAlertRule(ctx, "example", &lacework.AlertRuleArgs{
			Description: pulumi.String("This is an example alert rule"),
			AlertChannels: pulumi.StringArray{
				opsCritical.AlertChannelSlackId,
			},
			Severities: pulumi.StringArray{
				pulumi.String("Critical"),
			},
			AlertSubcategories: pulumi.StringArray{
				pulumi.String("Compliance"),
			},
			AlertCategories: pulumi.StringArray{
				pulumi.String("Policy"),
			},
			AlertSources: pulumi.StringArray{
				pulumi.String("AWS"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Lacework = Pulumi.Lacework;

return await Deployment.RunAsync(() => 
{
    var opsCritical = new Lacework.AlertChannelSlack("opsCritical", new()
    {
        SlackUrl = "https://hooks.slack.com/services/ABCD/12345/abcd1234",
    });

    var example = new Lacework.AlertRule("example", new()
    {
        Description = "This is an example alert rule",
        AlertChannels = new[]
        {
            opsCritical.AlertChannelSlackId,
        },
        Severities = new[]
        {
            "Critical",
        },
        AlertSubcategories = new[]
        {
            "Compliance",
        },
        AlertCategories = new[]
        {
            "Policy",
        },
        AlertSources = new[]
        {
            "AWS",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.lacework.AlertChannelSlack;
import com.pulumi.lacework.AlertChannelSlackArgs;
import com.pulumi.lacework.AlertRule;
import com.pulumi.lacework.AlertRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var opsCritical = new AlertChannelSlack("opsCritical", AlertChannelSlackArgs.builder()
            .slackUrl("https://hooks.slack.com/services/ABCD/12345/abcd1234")
            .build());

        var example = new AlertRule("example", AlertRuleArgs.builder()
            .description("This is an example alert rule")
            .alertChannels(opsCritical.alertChannelSlackId())
            .severities("Critical")
            .alertSubcategories("Compliance")
            .alertCategories("Policy")
            .alertSources("AWS")
            .build());

    }
}
Copy
resources:
  opsCritical:
    type: lacework:AlertChannelSlack
    properties:
      slackUrl: https://hooks.slack.com/services/ABCD/12345/abcd1234
  example:
    type: lacework:AlertRule
    properties:
      description: This is an example alert rule
      alertChannels:
        - ${opsCritical.alertChannelSlackId}
      severities:
        - Critical
      alertSubcategories:
        - Compliance
      alertCategories:
        - Policy
      alertSources:
        - AWS
Copy

Create AlertRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AlertRule(name: string, args: AlertRuleArgs, opts?: CustomResourceOptions);
@overload
def AlertRule(resource_name: str,
              args: AlertRuleArgs,
              opts: Optional[ResourceOptions] = None)

@overload
def AlertRule(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              severities: Optional[Sequence[str]] = None,
              alert_categories: Optional[Sequence[str]] = None,
              alert_channels: Optional[Sequence[str]] = None,
              alert_rule_id: Optional[str] = None,
              alert_sources: Optional[Sequence[str]] = None,
              alert_subcategories: Optional[Sequence[str]] = None,
              description: Optional[str] = None,
              enabled: Optional[bool] = None,
              event_categories: Optional[Sequence[str]] = None,
              name: Optional[str] = None,
              resource_groups: Optional[Sequence[str]] = None)
func NewAlertRule(ctx *Context, name string, args AlertRuleArgs, opts ...ResourceOption) (*AlertRule, error)
public AlertRule(string name, AlertRuleArgs args, CustomResourceOptions? opts = null)
public AlertRule(String name, AlertRuleArgs args)
public AlertRule(String name, AlertRuleArgs args, CustomResourceOptions options)
type: lacework:AlertRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. AlertRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. AlertRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. AlertRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. AlertRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. AlertRuleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var alertRuleResource = new Lacework.AlertRule("alertRuleResource", new()
{
    Severities = new[]
    {
        "string",
    },
    AlertCategories = new[]
    {
        "string",
    },
    AlertChannels = new[]
    {
        "string",
    },
    AlertRuleId = "string",
    AlertSources = new[]
    {
        "string",
    },
    AlertSubcategories = new[]
    {
        "string",
    },
    Description = "string",
    Enabled = false,
    Name = "string",
    ResourceGroups = new[]
    {
        "string",
    },
});
Copy
example, err := lacework.NewAlertRule(ctx, "alertRuleResource", &lacework.AlertRuleArgs{
	Severities: pulumi.StringArray{
		pulumi.String("string"),
	},
	AlertCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	AlertChannels: pulumi.StringArray{
		pulumi.String("string"),
	},
	AlertRuleId: pulumi.String("string"),
	AlertSources: pulumi.StringArray{
		pulumi.String("string"),
	},
	AlertSubcategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	Description: pulumi.String("string"),
	Enabled:     pulumi.Bool(false),
	Name:        pulumi.String("string"),
	ResourceGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
})
Copy
var alertRuleResource = new AlertRule("alertRuleResource", AlertRuleArgs.builder()
    .severities("string")
    .alertCategories("string")
    .alertChannels("string")
    .alertRuleId("string")
    .alertSources("string")
    .alertSubcategories("string")
    .description("string")
    .enabled(false)
    .name("string")
    .resourceGroups("string")
    .build());
Copy
alert_rule_resource = lacework.AlertRule("alertRuleResource",
    severities=["string"],
    alert_categories=["string"],
    alert_channels=["string"],
    alert_rule_id="string",
    alert_sources=["string"],
    alert_subcategories=["string"],
    description="string",
    enabled=False,
    name="string",
    resource_groups=["string"])
Copy
const alertRuleResource = new lacework.AlertRule("alertRuleResource", {
    severities: ["string"],
    alertCategories: ["string"],
    alertChannels: ["string"],
    alertRuleId: "string",
    alertSources: ["string"],
    alertSubcategories: ["string"],
    description: "string",
    enabled: false,
    name: "string",
    resourceGroups: ["string"],
});
Copy
type: lacework:AlertRule
properties:
    alertCategories:
        - string
    alertChannels:
        - string
    alertRuleId: string
    alertSources:
        - string
    alertSubcategories:
        - string
    description: string
    enabled: false
    name: string
    resourceGroups:
        - string
    severities:
        - string
Copy

AlertRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AlertRule resource accepts the following input properties:

Severities This property is required. List<string>
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
AlertCategories List<string>
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
AlertChannels List<string>
The list of alert channels for the rule to use.
AlertRuleId string
AlertSources List<string>
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
AlertSubcategories List<string>
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
Description string
The description of the alert rule.
Enabled bool
The state of the external integration. Defaults to true.
EventCategories List<string>
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

Name string
The alert rule name.
ResourceGroups List<string>
The list of resource groups the rule will apply to.
Severities This property is required. []string
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
AlertCategories []string
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
AlertChannels []string
The list of alert channels for the rule to use.
AlertRuleId string
AlertSources []string
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
AlertSubcategories []string
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
Description string
The description of the alert rule.
Enabled bool
The state of the external integration. Defaults to true.
EventCategories []string
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

Name string
The alert rule name.
ResourceGroups []string
The list of resource groups the rule will apply to.
severities This property is required. List<String>
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
alertCategories List<String>
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels List<String>
The list of alert channels for the rule to use.
alertRuleId String
alertSources List<String>
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories List<String>
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
description String
The description of the alert rule.
enabled Boolean
The state of the external integration. Defaults to true.
eventCategories List<String>
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

name String
The alert rule name.
resourceGroups List<String>
The list of resource groups the rule will apply to.
severities This property is required. string[]
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
alertCategories string[]
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels string[]
The list of alert channels for the rule to use.
alertRuleId string
alertSources string[]
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories string[]
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
description string
The description of the alert rule.
enabled boolean
The state of the external integration. Defaults to true.
eventCategories string[]
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

name string
The alert rule name.
resourceGroups string[]
The list of resource groups the rule will apply to.
severities This property is required. Sequence[str]
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
alert_categories Sequence[str]
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alert_channels Sequence[str]
The list of alert channels for the rule to use.
alert_rule_id str
alert_sources Sequence[str]
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alert_subcategories Sequence[str]
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
description str
The description of the alert rule.
enabled bool
The state of the external integration. Defaults to true.
event_categories Sequence[str]
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

name str
The alert rule name.
resource_groups Sequence[str]
The list of resource groups the rule will apply to.
severities This property is required. List<String>
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
alertCategories List<String>
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels List<String>
The list of alert channels for the rule to use.
alertRuleId String
alertSources List<String>
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories List<String>
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
description String
The description of the alert rule.
enabled Boolean
The state of the external integration. Defaults to true.
eventCategories List<String>
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

name String
The alert rule name.
resourceGroups List<String>
The list of resource groups the rule will apply to.

Outputs

All input properties are implicitly available as output properties. Additionally, the AlertRule resource produces the following output properties:

CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Guid string
Id string
The provider-assigned unique ID for this managed resource.
Type string
CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Guid string
Id string
The provider-assigned unique ID for this managed resource.
Type string
createdOrUpdatedBy String
createdOrUpdatedTime String
guid String
id String
The provider-assigned unique ID for this managed resource.
type String
createdOrUpdatedBy string
createdOrUpdatedTime string
guid string
id string
The provider-assigned unique ID for this managed resource.
type string
created_or_updated_by str
created_or_updated_time str
guid str
id str
The provider-assigned unique ID for this managed resource.
type str
createdOrUpdatedBy String
createdOrUpdatedTime String
guid String
id String
The provider-assigned unique ID for this managed resource.
type String

Look up Existing AlertRule Resource

Get an existing AlertRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AlertRuleState, opts?: CustomResourceOptions): AlertRule
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        alert_categories: Optional[Sequence[str]] = None,
        alert_channels: Optional[Sequence[str]] = None,
        alert_rule_id: Optional[str] = None,
        alert_sources: Optional[Sequence[str]] = None,
        alert_subcategories: Optional[Sequence[str]] = None,
        created_or_updated_by: Optional[str] = None,
        created_or_updated_time: Optional[str] = None,
        description: Optional[str] = None,
        enabled: Optional[bool] = None,
        event_categories: Optional[Sequence[str]] = None,
        guid: Optional[str] = None,
        name: Optional[str] = None,
        resource_groups: Optional[Sequence[str]] = None,
        severities: Optional[Sequence[str]] = None,
        type: Optional[str] = None) -> AlertRule
func GetAlertRule(ctx *Context, name string, id IDInput, state *AlertRuleState, opts ...ResourceOption) (*AlertRule, error)
public static AlertRule Get(string name, Input<string> id, AlertRuleState? state, CustomResourceOptions? opts = null)
public static AlertRule get(String name, Output<String> id, AlertRuleState state, CustomResourceOptions options)
resources:  _:    type: lacework:AlertRule    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AlertCategories List<string>
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
AlertChannels List<string>
The list of alert channels for the rule to use.
AlertRuleId string
AlertSources List<string>
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
AlertSubcategories List<string>
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Description string
The description of the alert rule.
Enabled bool
The state of the external integration. Defaults to true.
EventCategories List<string>
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

Guid string
Name string
The alert rule name.
ResourceGroups List<string>
The list of resource groups the rule will apply to.
Severities List<string>
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
Type string
AlertCategories []string
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
AlertChannels []string
The list of alert channels for the rule to use.
AlertRuleId string
AlertSources []string
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
AlertSubcategories []string
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Description string
The description of the alert rule.
Enabled bool
The state of the external integration. Defaults to true.
EventCategories []string
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

Guid string
Name string
The alert rule name.
ResourceGroups []string
The list of resource groups the rule will apply to.
Severities []string
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
Type string
alertCategories List<String>
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels List<String>
The list of alert channels for the rule to use.
alertRuleId String
alertSources List<String>
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories List<String>
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
createdOrUpdatedBy String
createdOrUpdatedTime String
description String
The description of the alert rule.
enabled Boolean
The state of the external integration. Defaults to true.
eventCategories List<String>
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

guid String
name String
The alert rule name.
resourceGroups List<String>
The list of resource groups the rule will apply to.
severities List<String>
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
type String
alertCategories string[]
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels string[]
The list of alert channels for the rule to use.
alertRuleId string
alertSources string[]
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories string[]
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
createdOrUpdatedBy string
createdOrUpdatedTime string
description string
The description of the alert rule.
enabled boolean
The state of the external integration. Defaults to true.
eventCategories string[]
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

guid string
name string
The alert rule name.
resourceGroups string[]
The list of resource groups the rule will apply to.
severities string[]
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
type string
alert_categories Sequence[str]
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alert_channels Sequence[str]
The list of alert channels for the rule to use.
alert_rule_id str
alert_sources Sequence[str]
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alert_subcategories Sequence[str]
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
created_or_updated_by str
created_or_updated_time str
description str
The description of the alert rule.
enabled bool
The state of the external integration. Defaults to true.
event_categories Sequence[str]
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

guid str
name str
The alert rule name.
resource_groups Sequence[str]
The list of resource groups the rule will apply to.
severities Sequence[str]
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
type str
alertCategories List<String>
The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels List<String>
The list of alert channels for the rule to use.
alertRuleId String
alertSources List<String>
The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories List<String>
The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
createdOrUpdatedBy String
createdOrUpdatedTime String
description String
The description of the alert rule.
enabled Boolean
The state of the external integration. Defaults to true.
eventCategories List<String>
The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.

Deprecated: Deprecated

guid String
name String
The alert rule name.
resourceGroups List<String>
The list of resource groups the rule will apply to.
severities List<String>
The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
type String

Import

A Lacework Alert Rule can be imported using a GUID, e.g.

$ pulumi import lacework:index/alertRule:AlertRule example EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
lacework lacework/terraform-provider-lacework
License
Notes
This Pulumi package is based on the lacework Terraform Provider.