lacework 2.0.6, Apr 14 25

lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework

lacework.AlertRule

Explore with Pulumi AI

lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework

Example Usage

Alert Rule with Slack Alert Channel

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as lacework from "@pulumi/lacework";

const opsCritical = new lacework.AlertChannelSlack("opsCritical", {slackUrl: "https://hooks.slack.com/services/ABCD/12345/abcd1234"});
const example = new lacework.AlertRule("example", {
    description: "This is an example alert rule",
    alertChannels: [opsCritical.alertChannelSlackId],
    severities: ["Critical"],
    alertSubcategories: ["Compliance"],
    alertCategories: ["Policy"],
    alertSources: ["AWS"],
});

import pulumi
import pulumi_lacework as lacework

ops_critical = lacework.AlertChannelSlack("opsCritical", slack_url="https://hooks.slack.com/services/ABCD/12345/abcd1234")
example = lacework.AlertRule("example",
    description="This is an example alert rule",
    alert_channels=[ops_critical.alert_channel_slack_id],
    severities=["Critical"],
    alert_subcategories=["Compliance"],
    alert_categories=["Policy"],
    alert_sources=["AWS"])

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/lacework/v2/lacework"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		opsCritical, err := lacework.NewAlertChannelSlack(ctx, "opsCritical", &lacework.AlertChannelSlackArgs{
			SlackUrl: pulumi.String("https://hooks.slack.com/services/ABCD/12345/abcd1234"),
		})
		if err != nil {
			return err
		}
		_, err = lacework.NewAlertRule(ctx, "example", &lacework.AlertRuleArgs{
			Description: pulumi.String("This is an example alert rule"),
			AlertChannels: pulumi.StringArray{
				opsCritical.AlertChannelSlackId,
			},
			Severities: pulumi.StringArray{
				pulumi.String("Critical"),
			},
			AlertSubcategories: pulumi.StringArray{
				pulumi.String("Compliance"),
			},
			AlertCategories: pulumi.StringArray{
				pulumi.String("Policy"),
			},
			AlertSources: pulumi.StringArray{
				pulumi.String("AWS"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Lacework = Pulumi.Lacework;

return await Deployment.RunAsync(() => 
{
    var opsCritical = new Lacework.AlertChannelSlack("opsCritical", new()
    {
        SlackUrl = "https://hooks.slack.com/services/ABCD/12345/abcd1234",
    });

    var example = new Lacework.AlertRule("example", new()
    {
        Description = "This is an example alert rule",
        AlertChannels = new[]
        {
            opsCritical.AlertChannelSlackId,
        },
        Severities = new[]
        {
            "Critical",
        },
        AlertSubcategories = new[]
        {
            "Compliance",
        },
        AlertCategories = new[]
        {
            "Policy",
        },
        AlertSources = new[]
        {
            "AWS",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.lacework.AlertChannelSlack;
import com.pulumi.lacework.AlertChannelSlackArgs;
import com.pulumi.lacework.AlertRule;
import com.pulumi.lacework.AlertRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var opsCritical = new AlertChannelSlack("opsCritical", AlertChannelSlackArgs.builder()
            .slackUrl("https://hooks.slack.com/services/ABCD/12345/abcd1234")
            .build());

        var example = new AlertRule("example", AlertRuleArgs.builder()
            .description("This is an example alert rule")
            .alertChannels(opsCritical.alertChannelSlackId())
            .severities("Critical")
            .alertSubcategories("Compliance")
            .alertCategories("Policy")
            .alertSources("AWS")
            .build());

    }
}

resources:
  opsCritical:
    type: lacework:AlertChannelSlack
    properties:
      slackUrl: https://hooks.slack.com/services/ABCD/12345/abcd1234
  example:
    type: lacework:AlertRule
    properties:
      description: This is an example alert rule
      alertChannels:
        - ${opsCritical.alertChannelSlackId}
      severities:
        - Critical
      alertSubcategories:
        - Compliance
      alertCategories:
        - Policy
      alertSources:
        - AWS

Create AlertRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new AlertRule(name: string, args: AlertRuleArgs, opts?: CustomResourceOptions);

@overload
def AlertRule(resource_name: str,
              args: AlertRuleArgs,
              opts: Optional[ResourceOptions] = None)

@overload
def AlertRule(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              severities: Optional[Sequence[str]] = None,
              alert_categories: Optional[Sequence[str]] = None,
              alert_channels: Optional[Sequence[str]] = None,
              alert_rule_id: Optional[str] = None,
              alert_sources: Optional[Sequence[str]] = None,
              alert_subcategories: Optional[Sequence[str]] = None,
              description: Optional[str] = None,
              enabled: Optional[bool] = None,
              event_categories: Optional[Sequence[str]] = None,
              name: Optional[str] = None,
              resource_groups: Optional[Sequence[str]] = None)

func NewAlertRule(ctx *Context, name string, args AlertRuleArgs, opts ...ResourceOption) (*AlertRule, error)

public AlertRule(string name, AlertRuleArgs args, CustomResourceOptions? opts = null)

public AlertRule(String name, AlertRuleArgs args)
public AlertRule(String name, AlertRuleArgs args, CustomResourceOptions options)

type: lacework:AlertRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AlertRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AlertRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AlertRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AlertRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AlertRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var alertRuleResource = new Lacework.AlertRule("alertRuleResource", new()
{
    Severities = new[]
    {
        "string",
    },
    AlertCategories = new[]
    {
        "string",
    },
    AlertChannels = new[]
    {
        "string",
    },
    AlertRuleId = "string",
    AlertSources = new[]
    {
        "string",
    },
    AlertSubcategories = new[]
    {
        "string",
    },
    Description = "string",
    Enabled = false,
    Name = "string",
    ResourceGroups = new[]
    {
        "string",
    },
});

example, err := lacework.NewAlertRule(ctx, "alertRuleResource", &lacework.AlertRuleArgs{
	Severities: pulumi.StringArray{
		pulumi.String("string"),
	},
	AlertCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	AlertChannels: pulumi.StringArray{
		pulumi.String("string"),
	},
	AlertRuleId: pulumi.String("string"),
	AlertSources: pulumi.StringArray{
		pulumi.String("string"),
	},
	AlertSubcategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	Description: pulumi.String("string"),
	Enabled:     pulumi.Bool(false),
	Name:        pulumi.String("string"),
	ResourceGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var alertRuleResource = new AlertRule("alertRuleResource", AlertRuleArgs.builder()
    .severities("string")
    .alertCategories("string")
    .alertChannels("string")
    .alertRuleId("string")
    .alertSources("string")
    .alertSubcategories("string")
    .description("string")
    .enabled(false)
    .name("string")
    .resourceGroups("string")
    .build());

alert_rule_resource = lacework.AlertRule("alertRuleResource",
    severities=["string"],
    alert_categories=["string"],
    alert_channels=["string"],
    alert_rule_id="string",
    alert_sources=["string"],
    alert_subcategories=["string"],
    description="string",
    enabled=False,
    name="string",
    resource_groups=["string"])

const alertRuleResource = new lacework.AlertRule("alertRuleResource", {
    severities: ["string"],
    alertCategories: ["string"],
    alertChannels: ["string"],
    alertRuleId: "string",
    alertSources: ["string"],
    alertSubcategories: ["string"],
    description: "string",
    enabled: false,
    name: "string",
    resourceGroups: ["string"],
});

type: lacework:AlertRule
properties:
    alertCategories:
        - string
    alertChannels:
        - string
    alertRuleId: string
    alertSources:
        - string
    alertSubcategories:
        - string
    description: string
    enabled: false
    name: string
    resourceGroups:
        - string
    severities:
        - string

AlertRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AlertRule resource accepts the following input properties:

Severities List<string>: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
AlertCategories List<string>: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
AlertChannels List<string>: The list of alert channels for the rule to use.
AlertRuleId string
AlertSources List<string>: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
AlertSubcategories List<string>: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
Description string: The description of the alert rule.
Enabled bool: The state of the external integration. Defaults to true.
EventCategories List<string>: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
Name string: The alert rule name.
ResourceGroups List<string>: The list of resource groups the rule will apply to.

Severities []string: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
AlertCategories []string: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
AlertChannels []string: The list of alert channels for the rule to use.
AlertRuleId string
AlertSources []string: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
AlertSubcategories []string: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
Description string: The description of the alert rule.
Enabled bool: The state of the external integration. Defaults to true.
EventCategories []string: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
Name string: The alert rule name.
ResourceGroups []string: The list of resource groups the rule will apply to.

severities List<String>: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
alertCategories List<String>: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels List<String>: The list of alert channels for the rule to use.
alertRuleId String
alertSources List<String>: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories List<String>: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
description String: The description of the alert rule.
enabled Boolean: The state of the external integration. Defaults to true.
eventCategories List<String>: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
name String: The alert rule name.
resourceGroups List<String>: The list of resource groups the rule will apply to.

severities string[]: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
alertCategories string[]: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels string[]: The list of alert channels for the rule to use.
alertRuleId string
alertSources string[]: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories string[]: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
description string: The description of the alert rule.
enabled boolean: The state of the external integration. Defaults to true.
eventCategories string[]: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
name string: The alert rule name.
resourceGroups string[]: The list of resource groups the rule will apply to.

severities Sequence[str]: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
alert_categories Sequence[str]: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alert_channels Sequence[str]: The list of alert channels for the rule to use.
alert_rule_id str
alert_sources Sequence[str]: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alert_subcategories Sequence[str]: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
description str: The description of the alert rule.
enabled bool: The state of the external integration. Defaults to true.
event_categories Sequence[str]: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
name str: The alert rule name.
resource_groups Sequence[str]: The list of resource groups the rule will apply to.

severities List<String>: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
alertCategories List<String>: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels List<String>: The list of alert channels for the rule to use.
alertRuleId String
alertSources List<String>: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories List<String>: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
description String: The description of the alert rule.
enabled Boolean: The state of the external integration. Defaults to true.
eventCategories List<String>: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
name String: The alert rule name.
resourceGroups List<String>: The list of resource groups the rule will apply to.

Outputs

All input properties are implicitly available as output properties. Additionally, the AlertRule resource produces the following output properties:

CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Guid string
Id string: The provider-assigned unique ID for this managed resource.
Type string

CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Guid string
Id string: The provider-assigned unique ID for this managed resource.
Type string

createdOrUpdatedBy String
createdOrUpdatedTime String
guid String
id String: The provider-assigned unique ID for this managed resource.
type String

createdOrUpdatedBy string
createdOrUpdatedTime string
guid string
id string: The provider-assigned unique ID for this managed resource.
type string

created_or_updated_by str
created_or_updated_time str
guid str
id str: The provider-assigned unique ID for this managed resource.
type str

createdOrUpdatedBy String
createdOrUpdatedTime String
guid String
id String: The provider-assigned unique ID for this managed resource.
type String

Look up Existing AlertRule Resource

Get an existing AlertRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: AlertRuleState, opts?: CustomResourceOptions): AlertRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        alert_categories: Optional[Sequence[str]] = None,
        alert_channels: Optional[Sequence[str]] = None,
        alert_rule_id: Optional[str] = None,
        alert_sources: Optional[Sequence[str]] = None,
        alert_subcategories: Optional[Sequence[str]] = None,
        created_or_updated_by: Optional[str] = None,
        created_or_updated_time: Optional[str] = None,
        description: Optional[str] = None,
        enabled: Optional[bool] = None,
        event_categories: Optional[Sequence[str]] = None,
        guid: Optional[str] = None,
        name: Optional[str] = None,
        resource_groups: Optional[Sequence[str]] = None,
        severities: Optional[Sequence[str]] = None,
        type: Optional[str] = None) -> AlertRule

func GetAlertRule(ctx *Context, name string, id IDInput, state *AlertRuleState, opts ...ResourceOption) (*AlertRule, error)

public static AlertRule Get(string name, Input<string> id, AlertRuleState? state, CustomResourceOptions? opts = null)

public static AlertRule get(String name, Output<String> id, AlertRuleState state, CustomResourceOptions options)

resources:  _:    type: lacework:AlertRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AlertCategories List<string>: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
AlertChannels List<string>: The list of alert channels for the rule to use.
AlertRuleId string
AlertSources List<string>: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
AlertSubcategories List<string>: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Description string: The description of the alert rule.
Enabled bool: The state of the external integration. Defaults to true.
EventCategories List<string>: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
Guid string
Name string: The alert rule name.
ResourceGroups List<string>: The list of resource groups the rule will apply to.
Severities List<string>: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
Type string

AlertCategories []string: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
AlertChannels []string: The list of alert channels for the rule to use.
AlertRuleId string
AlertSources []string: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
AlertSubcategories []string: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
CreatedOrUpdatedBy string
CreatedOrUpdatedTime string
Description string: The description of the alert rule.
Enabled bool: The state of the external integration. Defaults to true.
EventCategories []string: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
Guid string
Name string: The alert rule name.
ResourceGroups []string: The list of resource groups the rule will apply to.
Severities []string: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
Type string

alertCategories List<String>: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels List<String>: The list of alert channels for the rule to use.
alertRuleId String
alertSources List<String>: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories List<String>: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
createdOrUpdatedBy String
createdOrUpdatedTime String
description String: The description of the alert rule.
enabled Boolean: The state of the external integration. Defaults to true.
eventCategories List<String>: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
guid String
name String: The alert rule name.
resourceGroups List<String>: The list of resource groups the rule will apply to.
severities List<String>: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
type String

alertCategories string[]: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels string[]: The list of alert channels for the rule to use.
alertRuleId string
alertSources string[]: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories string[]: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
createdOrUpdatedBy string
createdOrUpdatedTime string
description string: The description of the alert rule.
enabled boolean: The state of the external integration. Defaults to true.
eventCategories string[]: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
guid string
name string: The alert rule name.
resourceGroups string[]: The list of resource groups the rule will apply to.
severities string[]: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
type string

alert_categories Sequence[str]: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alert_channels Sequence[str]: The list of alert channels for the rule to use.
alert_rule_id str
alert_sources Sequence[str]: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alert_subcategories Sequence[str]: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
created_or_updated_by str
created_or_updated_time str
description str: The description of the alert rule.
enabled bool: The state of the external integration. Defaults to true.
event_categories Sequence[str]: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
guid str
name str: The alert rule name.
resource_groups Sequence[str]: The list of resource groups the rule will apply to.
severities Sequence[str]: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
type str

alertCategories List<String>: The alert categories that will use this rule for alert routing. Valid categories include: Anomaly, Policy, Composite.
alertChannels List<String>: The list of alert channels for the rule to use.
alertRuleId String
alertSources List<String>: The alert sources that will use this rule for alert routing. Valid sources include: Agent, AWS, Azure, GCP, K8s.
alertSubcategories List<String>: The list of alert subcategories the rule will apply to. Valid categories include: Compliance, Application, Cloud Activity, File, Machine, User, Platform, Kubernetes Activity, Registry, SystemCall,Host Vulnerability, Container Vulnerability, Threat Intel.
createdOrUpdatedBy String
createdOrUpdatedTime String
description String: The description of the alert rule.
enabled Boolean: The state of the external integration. Defaults to true.
eventCategories List<String>: The list of event categories the rule will apply to. Valid categories include: Compliance, App, Cloud, File, Machine, User, Platform, K8sActivity, Registry, SystemCall. This attribute is deprecated use alert_subcategories instead.
Deprecated: Deprecated
guid String
name String: The alert rule name.
resourceGroups List<String>: The list of resource groups the rule will apply to.
severities List<String>: The list of the severities that the rule will apply. Valid severities include: Critical, High, Medium, Low and Info.
type String

Import

A Lacework Alert Rule can be imported using a GUID, e.g.

$ pulumi import lacework:index/alertRule:AlertRule example EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: lacework lacework/terraform-provider-lacework
License
Notes: This Pulumi package is based on the lacework Terraform Provider.

lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework

lacework/terraform-provider-lacework

lacework.AlertRule

On this page

On this page

Example Usage

Alert Rule with Slack Alert Channel

Create AlertRule Resource

Constructor syntax

Parameters

Constructor example

AlertRule Resource Properties

Inputs

Outputs

Look up Existing AlertRule Resource

Import

Package Details

On this page

On this page