1. Packages
  2. Sumologic Provider
  3. API Docs
  4. CseMatchRule
Sumo Logic v1.0.7 published on Friday, Apr 11, 2025 by Pulumi

sumologic.CseMatchRule

Explore with Pulumi AI

Provides a Sumo Logic CSE Match Rule.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";

const matchRule = new sumologic.CseMatchRule("match_rule", {
    descriptionExpression: "Signal description",
    enabled: true,
    entitySelectors: [{
        entityType: "_ip",
        expression: "srcDevice_ip",
    }],
    expression: "objectType = \"Network\"",
    isPrototype: false,
    name: "Match Rule Example",
    nameExpression: "Signal name",
    severityMapping: {
        type: "constant",
        "default": 5,
    },
    summaryExpression: "Signal summary",
    tags: ["_mitreAttackTactic:TA0009"],
    suppressionWindowSize: 2100000,
});
Copy
import pulumi
import pulumi_sumologic as sumologic

match_rule = sumologic.CseMatchRule("match_rule",
    description_expression="Signal description",
    enabled=True,
    entity_selectors=[{
        "entity_type": "_ip",
        "expression": "srcDevice_ip",
    }],
    expression="objectType = \"Network\"",
    is_prototype=False,
    name="Match Rule Example",
    name_expression="Signal name",
    severity_mapping={
        "type": "constant",
        "default": 5,
    },
    summary_expression="Signal summary",
    tags=["_mitreAttackTactic:TA0009"],
    suppression_window_size=2100000)
Copy
package main

import (
	"github.com/pulumi/pulumi-sumologic/sdk/go/sumologic"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sumologic.NewCseMatchRule(ctx, "match_rule", &sumologic.CseMatchRuleArgs{
			DescriptionExpression: pulumi.String("Signal description"),
			Enabled:               pulumi.Bool(true),
			EntitySelectors: sumologic.CseMatchRuleEntitySelectorArray{
				&sumologic.CseMatchRuleEntitySelectorArgs{
					EntityType: pulumi.String("_ip"),
					Expression: pulumi.String("srcDevice_ip"),
				},
			},
			Expression:     pulumi.String("objectType = \"Network\""),
			IsPrototype:    pulumi.Bool(false),
			Name:           pulumi.String("Match Rule Example"),
			NameExpression: pulumi.String("Signal name"),
			SeverityMapping: &sumologic.CseMatchRuleSeverityMappingArgs{
				Type:    pulumi.String("constant"),
				Default: pulumi.Int(5),
			},
			SummaryExpression: pulumi.String("Signal summary"),
			Tags: pulumi.StringArray{
				pulumi.String("_mitreAttackTactic:TA0009"),
			},
			SuppressionWindowSize: pulumi.Int(2100000),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using SumoLogic = Pulumi.SumoLogic;

return await Deployment.RunAsync(() => 
{
    var matchRule = new SumoLogic.CseMatchRule("match_rule", new()
    {
        DescriptionExpression = "Signal description",
        Enabled = true,
        EntitySelectors = new[]
        {
            new SumoLogic.Inputs.CseMatchRuleEntitySelectorArgs
            {
                EntityType = "_ip",
                Expression = "srcDevice_ip",
            },
        },
        Expression = "objectType = \"Network\"",
        IsPrototype = false,
        Name = "Match Rule Example",
        NameExpression = "Signal name",
        SeverityMapping = new SumoLogic.Inputs.CseMatchRuleSeverityMappingArgs
        {
            Type = "constant",
            Default = 5,
        },
        SummaryExpression = "Signal summary",
        Tags = new[]
        {
            "_mitreAttackTactic:TA0009",
        },
        SuppressionWindowSize = 2100000,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.CseMatchRule;
import com.pulumi.sumologic.CseMatchRuleArgs;
import com.pulumi.sumologic.inputs.CseMatchRuleEntitySelectorArgs;
import com.pulumi.sumologic.inputs.CseMatchRuleSeverityMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var matchRule = new CseMatchRule("matchRule", CseMatchRuleArgs.builder()
            .descriptionExpression("Signal description")
            .enabled(true)
            .entitySelectors(CseMatchRuleEntitySelectorArgs.builder()
                .entityType("_ip")
                .expression("srcDevice_ip")
                .build())
            .expression("objectType = \"Network\"")
            .isPrototype(false)
            .name("Match Rule Example")
            .nameExpression("Signal name")
            .severityMapping(CseMatchRuleSeverityMappingArgs.builder()
                .type("constant")
                .default_(5)
                .build())
            .summaryExpression("Signal summary")
            .tags("_mitreAttackTactic:TA0009")
            .suppressionWindowSize(2100000)
            .build());

    }
}
Copy
resources:
  matchRule:
    type: sumologic:CseMatchRule
    name: match_rule
    properties:
      descriptionExpression: Signal description
      enabled: true
      entitySelectors:
        - entityType: _ip
          expression: srcDevice_ip
      expression: objectType = "Network"
      isPrototype: false
      name: Match Rule Example
      nameExpression: Signal name
      severityMapping:
        type: constant
        default: 5
      summaryExpression: Signal summary
      tags:
        - _mitreAttackTactic:TA0009
      suppressionWindowSize: 2.1e+06
Copy

Create CseMatchRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new CseMatchRule(name: string, args: CseMatchRuleArgs, opts?: CustomResourceOptions);
@overload
def CseMatchRule(resource_name: str,
                 args: CseMatchRuleArgs,
                 opts: Optional[ResourceOptions] = None)

@overload
def CseMatchRule(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 description_expression: Optional[str] = None,
                 enabled: Optional[bool] = None,
                 entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
                 expression: Optional[str] = None,
                 name_expression: Optional[str] = None,
                 severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
                 is_prototype: Optional[bool] = None,
                 name: Optional[str] = None,
                 summary_expression: Optional[str] = None,
                 suppression_window_size: Optional[int] = None,
                 tags: Optional[Sequence[str]] = None)
func NewCseMatchRule(ctx *Context, name string, args CseMatchRuleArgs, opts ...ResourceOption) (*CseMatchRule, error)
public CseMatchRule(string name, CseMatchRuleArgs args, CustomResourceOptions? opts = null)
public CseMatchRule(String name, CseMatchRuleArgs args)
public CseMatchRule(String name, CseMatchRuleArgs args, CustomResourceOptions options)
type: sumologic:CseMatchRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. CseMatchRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. CseMatchRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. CseMatchRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. CseMatchRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. CseMatchRuleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var cseMatchRuleResource = new SumoLogic.CseMatchRule("cseMatchRuleResource", new()
{
    DescriptionExpression = "string",
    Enabled = false,
    EntitySelectors = new[]
    {
        new SumoLogic.Inputs.CseMatchRuleEntitySelectorArgs
        {
            EntityType = "string",
            Expression = "string",
        },
    },
    Expression = "string",
    NameExpression = "string",
    SeverityMapping = new SumoLogic.Inputs.CseMatchRuleSeverityMappingArgs
    {
        Type = "string",
        Default = 0,
        Field = "string",
        Mappings = new[]
        {
            new SumoLogic.Inputs.CseMatchRuleSeverityMappingMappingArgs
            {
                From = "string",
                To = 0,
                Type = "string",
            },
        },
    },
    IsPrototype = false,
    Name = "string",
    SummaryExpression = "string",
    SuppressionWindowSize = 0,
    Tags = new[]
    {
        "string",
    },
});
Copy
example, err := sumologic.NewCseMatchRule(ctx, "cseMatchRuleResource", &sumologic.CseMatchRuleArgs{
	DescriptionExpression: pulumi.String("string"),
	Enabled:               pulumi.Bool(false),
	EntitySelectors: sumologic.CseMatchRuleEntitySelectorArray{
		&sumologic.CseMatchRuleEntitySelectorArgs{
			EntityType: pulumi.String("string"),
			Expression: pulumi.String("string"),
		},
	},
	Expression:     pulumi.String("string"),
	NameExpression: pulumi.String("string"),
	SeverityMapping: &sumologic.CseMatchRuleSeverityMappingArgs{
		Type:    pulumi.String("string"),
		Default: pulumi.Int(0),
		Field:   pulumi.String("string"),
		Mappings: sumologic.CseMatchRuleSeverityMappingMappingArray{
			&sumologic.CseMatchRuleSeverityMappingMappingArgs{
				From: pulumi.String("string"),
				To:   pulumi.Int(0),
				Type: pulumi.String("string"),
			},
		},
	},
	IsPrototype:           pulumi.Bool(false),
	Name:                  pulumi.String("string"),
	SummaryExpression:     pulumi.String("string"),
	SuppressionWindowSize: pulumi.Int(0),
	Tags: pulumi.StringArray{
		pulumi.String("string"),
	},
})
Copy
var cseMatchRuleResource = new CseMatchRule("cseMatchRuleResource", CseMatchRuleArgs.builder()
    .descriptionExpression("string")
    .enabled(false)
    .entitySelectors(CseMatchRuleEntitySelectorArgs.builder()
        .entityType("string")
        .expression("string")
        .build())
    .expression("string")
    .nameExpression("string")
    .severityMapping(CseMatchRuleSeverityMappingArgs.builder()
        .type("string")
        .default_(0)
        .field("string")
        .mappings(CseMatchRuleSeverityMappingMappingArgs.builder()
            .from("string")
            .to(0)
            .type("string")
            .build())
        .build())
    .isPrototype(false)
    .name("string")
    .summaryExpression("string")
    .suppressionWindowSize(0)
    .tags("string")
    .build());
Copy
cse_match_rule_resource = sumologic.CseMatchRule("cseMatchRuleResource",
    description_expression="string",
    enabled=False,
    entity_selectors=[{
        "entity_type": "string",
        "expression": "string",
    }],
    expression="string",
    name_expression="string",
    severity_mapping={
        "type": "string",
        "default": 0,
        "field": "string",
        "mappings": [{
            "from_": "string",
            "to": 0,
            "type": "string",
        }],
    },
    is_prototype=False,
    name="string",
    summary_expression="string",
    suppression_window_size=0,
    tags=["string"])
Copy
const cseMatchRuleResource = new sumologic.CseMatchRule("cseMatchRuleResource", {
    descriptionExpression: "string",
    enabled: false,
    entitySelectors: [{
        entityType: "string",
        expression: "string",
    }],
    expression: "string",
    nameExpression: "string",
    severityMapping: {
        type: "string",
        "default": 0,
        field: "string",
        mappings: [{
            from: "string",
            to: 0,
            type: "string",
        }],
    },
    isPrototype: false,
    name: "string",
    summaryExpression: "string",
    suppressionWindowSize: 0,
    tags: ["string"],
});
Copy
type: sumologic:CseMatchRule
properties:
    descriptionExpression: string
    enabled: false
    entitySelectors:
        - entityType: string
          expression: string
    expression: string
    isPrototype: false
    name: string
    nameExpression: string
    severityMapping:
        default: 0
        field: string
        mappings:
            - from: string
              to: 0
              type: string
        type: string
    summaryExpression: string
    suppressionWindowSize: 0
    tags:
        - string
Copy

CseMatchRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The CseMatchRule resource accepts the following input properties:

DescriptionExpression This property is required. string
The description of the generated Signals
Enabled This property is required. bool
Whether the rule should generate Signals
EntitySelectors This property is required. List<Pulumi.SumoLogic.Inputs.CseMatchRuleEntitySelector>
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
Expression This property is required. string
The expression for which records to match on
NameExpression This property is required. string
The name of the generated Signals
SeverityMapping This property is required. Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMapping
The configuration of how the severity of the Signals should be mapped from the Records
IsPrototype bool
Whether the generated Signals should be prototype Signals
Name string
The name of the Rule
SummaryExpression string
The summary of the generated Signals
SuppressionWindowSize int

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

Tags List<string>
The tags of the generated Signals
DescriptionExpression This property is required. string
The description of the generated Signals
Enabled This property is required. bool
Whether the rule should generate Signals
EntitySelectors This property is required. []CseMatchRuleEntitySelectorArgs
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
Expression This property is required. string
The expression for which records to match on
NameExpression This property is required. string
The name of the generated Signals
SeverityMapping This property is required. CseMatchRuleSeverityMappingArgs
The configuration of how the severity of the Signals should be mapped from the Records
IsPrototype bool
Whether the generated Signals should be prototype Signals
Name string
The name of the Rule
SummaryExpression string
The summary of the generated Signals
SuppressionWindowSize int

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

Tags []string
The tags of the generated Signals
descriptionExpression This property is required. String
The description of the generated Signals
enabled This property is required. Boolean
Whether the rule should generate Signals
entitySelectors This property is required. List<CseMatchRuleEntitySelector>
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
expression This property is required. String
The expression for which records to match on
nameExpression This property is required. String
The name of the generated Signals
severityMapping This property is required. CseMatchRuleSeverityMapping
The configuration of how the severity of the Signals should be mapped from the Records
isPrototype Boolean
Whether the generated Signals should be prototype Signals
name String
The name of the Rule
summaryExpression String
The summary of the generated Signals
suppressionWindowSize Integer

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

tags List<String>
The tags of the generated Signals
descriptionExpression This property is required. string
The description of the generated Signals
enabled This property is required. boolean
Whether the rule should generate Signals
entitySelectors This property is required. CseMatchRuleEntitySelector[]
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
expression This property is required. string
The expression for which records to match on
nameExpression This property is required. string
The name of the generated Signals
severityMapping This property is required. CseMatchRuleSeverityMapping
The configuration of how the severity of the Signals should be mapped from the Records
isPrototype boolean
Whether the generated Signals should be prototype Signals
name string
The name of the Rule
summaryExpression string
The summary of the generated Signals
suppressionWindowSize number

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

tags string[]
The tags of the generated Signals
description_expression This property is required. str
The description of the generated Signals
enabled This property is required. bool
Whether the rule should generate Signals
entity_selectors This property is required. Sequence[CseMatchRuleEntitySelectorArgs]
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
expression This property is required. str
The expression for which records to match on
name_expression This property is required. str
The name of the generated Signals
severity_mapping This property is required. CseMatchRuleSeverityMappingArgs
The configuration of how the severity of the Signals should be mapped from the Records
is_prototype bool
Whether the generated Signals should be prototype Signals
name str
The name of the Rule
summary_expression str
The summary of the generated Signals
suppression_window_size int

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

tags Sequence[str]
The tags of the generated Signals
descriptionExpression This property is required. String
The description of the generated Signals
enabled This property is required. Boolean
Whether the rule should generate Signals
entitySelectors This property is required. List<Property Map>
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
expression This property is required. String
The expression for which records to match on
nameExpression This property is required. String
The name of the generated Signals
severityMapping This property is required. Property Map
The configuration of how the severity of the Signals should be mapped from the Records
isPrototype Boolean
Whether the generated Signals should be prototype Signals
name String
The name of the Rule
summaryExpression String
The summary of the generated Signals
suppressionWindowSize Number

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

tags List<String>
The tags of the generated Signals

Outputs

All input properties are implicitly available as output properties. Additionally, the CseMatchRule resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing CseMatchRule Resource

Get an existing CseMatchRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CseMatchRuleState, opts?: CustomResourceOptions): CseMatchRule
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description_expression: Optional[str] = None,
        enabled: Optional[bool] = None,
        entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
        expression: Optional[str] = None,
        is_prototype: Optional[bool] = None,
        name: Optional[str] = None,
        name_expression: Optional[str] = None,
        severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
        summary_expression: Optional[str] = None,
        suppression_window_size: Optional[int] = None,
        tags: Optional[Sequence[str]] = None) -> CseMatchRule
func GetCseMatchRule(ctx *Context, name string, id IDInput, state *CseMatchRuleState, opts ...ResourceOption) (*CseMatchRule, error)
public static CseMatchRule Get(string name, Input<string> id, CseMatchRuleState? state, CustomResourceOptions? opts = null)
public static CseMatchRule get(String name, Output<String> id, CseMatchRuleState state, CustomResourceOptions options)
resources:  _:    type: sumologic:CseMatchRule    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
DescriptionExpression string
The description of the generated Signals
Enabled bool
Whether the rule should generate Signals
EntitySelectors List<Pulumi.SumoLogic.Inputs.CseMatchRuleEntitySelector>
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
Expression string
The expression for which records to match on
IsPrototype bool
Whether the generated Signals should be prototype Signals
Name string
The name of the Rule
NameExpression string
The name of the generated Signals
SeverityMapping Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMapping
The configuration of how the severity of the Signals should be mapped from the Records
SummaryExpression string
The summary of the generated Signals
SuppressionWindowSize int

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

Tags List<string>
The tags of the generated Signals
DescriptionExpression string
The description of the generated Signals
Enabled bool
Whether the rule should generate Signals
EntitySelectors []CseMatchRuleEntitySelectorArgs
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
Expression string
The expression for which records to match on
IsPrototype bool
Whether the generated Signals should be prototype Signals
Name string
The name of the Rule
NameExpression string
The name of the generated Signals
SeverityMapping CseMatchRuleSeverityMappingArgs
The configuration of how the severity of the Signals should be mapped from the Records
SummaryExpression string
The summary of the generated Signals
SuppressionWindowSize int

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

Tags []string
The tags of the generated Signals
descriptionExpression String
The description of the generated Signals
enabled Boolean
Whether the rule should generate Signals
entitySelectors List<CseMatchRuleEntitySelector>
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
expression String
The expression for which records to match on
isPrototype Boolean
Whether the generated Signals should be prototype Signals
name String
The name of the Rule
nameExpression String
The name of the generated Signals
severityMapping CseMatchRuleSeverityMapping
The configuration of how the severity of the Signals should be mapped from the Records
summaryExpression String
The summary of the generated Signals
suppressionWindowSize Integer

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

tags List<String>
The tags of the generated Signals
descriptionExpression string
The description of the generated Signals
enabled boolean
Whether the rule should generate Signals
entitySelectors CseMatchRuleEntitySelector[]
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
expression string
The expression for which records to match on
isPrototype boolean
Whether the generated Signals should be prototype Signals
name string
The name of the Rule
nameExpression string
The name of the generated Signals
severityMapping CseMatchRuleSeverityMapping
The configuration of how the severity of the Signals should be mapped from the Records
summaryExpression string
The summary of the generated Signals
suppressionWindowSize number

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

tags string[]
The tags of the generated Signals
description_expression str
The description of the generated Signals
enabled bool
Whether the rule should generate Signals
entity_selectors Sequence[CseMatchRuleEntitySelectorArgs]
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
expression str
The expression for which records to match on
is_prototype bool
Whether the generated Signals should be prototype Signals
name str
The name of the Rule
name_expression str
The name of the generated Signals
severity_mapping CseMatchRuleSeverityMappingArgs
The configuration of how the severity of the Signals should be mapped from the Records
summary_expression str
The summary of the generated Signals
suppression_window_size int

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

tags Sequence[str]
The tags of the generated Signals
descriptionExpression String
The description of the generated Signals
enabled Boolean
Whether the rule should generate Signals
entitySelectors List<Property Map>
The entities to generate Signals on

  • entityType - (Required) The type of the entity to generate the Signal on.
expression String
The expression for which records to match on
isPrototype Boolean
Whether the generated Signals should be prototype Signals
name String
The name of the Rule
nameExpression String
The name of the generated Signals
severityMapping Property Map
The configuration of how the severity of the Signals should be mapped from the Records
summaryExpression String
The summary of the generated Signals
suppressionWindowSize Number

For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.

The following attributes are exported:

tags List<String>
The tags of the generated Signals

Supporting Types

CseMatchRuleEntitySelector
, CseMatchRuleEntitySelectorArgs

EntityType This property is required. string
Expression This property is required. string
The expression or field name to generate the Signal on.
EntityType This property is required. string
Expression This property is required. string
The expression or field name to generate the Signal on.
entityType This property is required. String
expression This property is required. String
The expression or field name to generate the Signal on.
entityType This property is required. string
expression This property is required. string
The expression or field name to generate the Signal on.
entity_type This property is required. str
expression This property is required. str
The expression or field name to generate the Signal on.
entityType This property is required. String
expression This property is required. String
The expression or field name to generate the Signal on.

CseMatchRuleSeverityMapping
, CseMatchRuleSeverityMappingArgs

Type This property is required. string
Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
Default int
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
Field string
The field to use in the "fieldValue"/"fieldValueMapping" cases.
Mappings List<Pulumi.SumoLogic.Inputs.CseMatchRuleSeverityMappingMapping>
The map of record values to severities to use in the "fieldValueMapping" case
Type This property is required. string
Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
Default int
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
Field string
The field to use in the "fieldValue"/"fieldValueMapping" cases.
Mappings []CseMatchRuleSeverityMappingMapping
The map of record values to severities to use in the "fieldValueMapping" case
type This property is required. String
Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
default_ Integer
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
field String
The field to use in the "fieldValue"/"fieldValueMapping" cases.
mappings List<CseMatchRuleSeverityMappingMapping>
The map of record values to severities to use in the "fieldValueMapping" case
type This property is required. string
Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
default number
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
field string
The field to use in the "fieldValue"/"fieldValueMapping" cases.
mappings CseMatchRuleSeverityMappingMapping[]
The map of record values to severities to use in the "fieldValueMapping" case
type This property is required. str
Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
default int
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
field str
The field to use in the "fieldValue"/"fieldValueMapping" cases.
mappings Sequence[CseMatchRuleSeverityMappingMapping]
The map of record values to severities to use in the "fieldValueMapping" case
type This property is required. String
Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
default Number
The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
field String
The field to use in the "fieldValue"/"fieldValueMapping" cases.
mappings List<Property Map>
The map of record values to severities to use in the "fieldValueMapping" case

CseMatchRuleSeverityMappingMapping
, CseMatchRuleSeverityMappingMappingArgs

From This property is required. string
The record value to map from
To This property is required. int
The severity value to map to
Type This property is required. string
Must be set to "eq" currently
From This property is required. string
The record value to map from
To This property is required. int
The severity value to map to
Type This property is required. string
Must be set to "eq" currently
from This property is required. String
The record value to map from
to This property is required. Integer
The severity value to map to
type This property is required. String
Must be set to "eq" currently
from This property is required. string
The record value to map from
to This property is required. number
The severity value to map to
type This property is required. string
Must be set to "eq" currently
from_ This property is required. str
The record value to map from
to This property is required. int
The severity value to map to
type This property is required. str
Must be set to "eq" currently
from This property is required. String
The record value to map from
to This property is required. Number
The severity value to map to
type This property is required. String
Must be set to "eq" currently

Import

Match Rules can be imported using the field id, e.g.:

hcl

$ pulumi import sumologic:index/cseMatchRule:CseMatchRule match_rule id
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Sumo Logic pulumi/pulumi-sumologic
License
Apache-2.0
Notes
This Pulumi package is based on the sumologic Terraform Provider.