Add documentation for the new resources

Signed-off-by: Federico Barcelona <[email protected]>

Author: tembleking

website/docs/r/sysdig_secure_policy.html.markdown

@@ -6,7 +6,7 @@ description: |-
   Creates a Sysdig Secure Policy.
 ---
 
-# sysdig\secure\_policy
+# sysdig\_secure\_policy
 
 Creates a Sysdig Secure Policy.
 
@@ -22,21 +22,21 @@ resource "sysdig_secure_policy" "write_apt_database" {
   enabled = true
 
   // Scope selection
-  //filter = "host.ip.private = \"10.0.23.1\""
-  container_scope = true
-  host_scope = true
+  scope = "container.id != \"\""
 
-  //actions {
-  //  container = "pause"
+  // Rule selection
+  rule_names = ["Terminal shell in container"]
 
-  //  capture {
-  //    seconds_before_event = 60
-  //    seconds_after_event = 60
-  //  }
-  //}
+  actions {
+    container = "stop"
+    capture {
+      seconds_before_event = 5
+      seconds_after_event = 10
+    }
+  }
+
+  notification_channels = [10000]
 
-  // Falco rule selection
-  falco_rule_name_regex = "Unexpected spawned process traefik"
 }
 ```
 
@@ -46,49 +46,43 @@ resource "sysdig_secure_policy" "write_apt_database" {
 
 * `description` - (Required) The description of Secure policy.
 
-* `severity` - (Required) The severity of Secure policy. The accepted values
-    are: 2 (High), 4 (Medium) and 6 (Low).
+* `severity` - (Optional) The severity of Secure policy. The accepted values
+    are: 0 (High), 4 (Medium), 6 (Low) and 7 (Info). The default value is 4 (Medium).
 
-* `enabled` - (Required) Will secure process with this rule?
+* `enabled` - (Optional) Will secure process with this rule?. By default this is true.
 
 - - -
 
 ### Scope selection
 
-* `host_scope` - (Required) The application scope of this rule. Does this rule
-    applies to hosts?
-
-* `container_scope` - (Required) The application scope of this rule. Does this
-    rule applies to containers? Note that the rule should apply at least to one
-    scope, host or container.
-
-* `filter` - (Optional) Limit appplication scope based in one expresion. By
-    example: "host.ip.private = \"10.0.23.1\""
+* `scope` - (Optional) Limit appplication scope based in one expresion. For
+    example: "host.ip.private = \\"10.0.23.1\\"". By default the rule won't be scoped
+    and will target the entire infrastructure.
 
 - - -
 
 ### Actions block
 
 The actions block is optional and supports:
 
-* `container` - (Required) The action applied to container when this Policy is
+* `container` - (Optional) The action applied to container when this Policy is
     triggered. Can be *stop* or *pause*.
 
-which
-The capture block is optional and whan present captures with Sysdig the stream
-of system calls:
-
-* `seconds_before_event` - (Required) Captures the system calls during the
+* `capture` - (Optional) Captures with Sysdig the stream of system calls:
+    * `seconds_before_event` - (Required) Captures the system calls during the
     amount of seconds before the policy was triggered.
-
-* `seconds_after_event` - (Required) Captures the system calls for the amount
+    * `seconds_after_event` - (Required) Captures the system calls for the amount
     of seconds after the policy was triggered.
 
 - - -
 
 ### Falco rule selection
 
-* `falco_rule_name_regex` - (Required) The RegExp for checking matches with
-    Falco Rule name.  When a you have uploaded custom rules, and an alert is
-    raised. Check if that alert matches with this regexp for raising the Policy
-    Alert.
+* `rule_names` - (Optional) Array with the name of the rules to match.
+
+- - -
+
+### Notification
+
+* `notification_channels` - (Optional) IDs of the notification channels to send alerts to
+    when the policy is fired.

website/docs/r/sysdig_secure_rule_container.html.markdown

@@ -0,0 +1,43 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_rule_container"
+sidebar_current: "docs-sysdig-secure-rule-container"
+description: |-
+  Creates a Sysdig Secure Container Rule.
+---
+
+# sysdig\_secure\_rule\_container
+
+Creates a Sysdig Secure Container Rule.
+
+~> **Note:** This resource is still experimental, and is subject of being changed.
+
+## Example usage
+
+```hcl
+resource "sysdig_secure_rule_container" "sample" {
+  name = "Nginx container spawned"
+  description = "A container withthe nginx image spawned in the cluster."
+  tags = ["container", "cis"]
+
+  matching = true // default
+  containers = ["nginx"]
+}
+```
+
+## Argument Reference
+
+* `name` - (Required) The name of the Secure rule. It must be unique.
+* `description` - (Required) The description of Secure rule.
+* `tags` - (Optional) A list of tags for this rule.
+
+### Matching
+
+* `matching` - (Optional) Defines if the image name matches or not with the provided list. Default is true.
+* `containers` - (Required) List of containers to match.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `version` - Current version of the resource in Sysdig Secure.

website/docs/r/sysdig_secure_rule_falco.html.markdown

@@ -0,0 +1,52 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_rule_falco"
+sidebar_current: "docs-sysdig-secure-rule-falco"
+description: |-
+  Creates a Sysdig Secure Falco Rule.
+---
+
+# sysdig\_secure\_rule\_falco
+
+Creates a Sysdig Secure Falco Rule.
+
+~> **Note:** This resource is still experimental, and is subject of being changed.
+
+## Example usage
+
+```hcl
+resource "sysdig_secure_rule_falco" "example" {
+  name = "Terminal shell in container" // ID
+  description = "A shell was used as the entrypoint/exec point into a container with an attached terminal."
+  tags = ["container", "shell", "mitre_execution"]
+
+  condition = "spawned_process and container and shell_procs and proc.tty != 0 and container_entrypoint"
+  output = "A shell was spawned in a container with an attached terminal (user=%user.name %container.info shell=%proc.name parent=%proc.pname cmdline=%proc.cmdline terminal=%proc.tty container_id=%container.id image=%container.image.repository)"
+  priority = "notice"
+  source = "syscall" // syscall or k8s_audit
+}
+
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the Secure rule. It must be unique.
+* `description` - (Required) The description of Secure rule.
+* `tags` - (Optional) A list of tags for this rule.
+
+- - -
+
+### Conditions
+
+* `condition` - (Required) A [Falco condition](https://falco.org/docs/rules/) is simply a Boolean predicate on Sysdig events expressed using the Sysdig [filter syntax](http://www.sysdig.org/wiki/sysdig-user-guide/#filtering) and macro terms. 
+* `output` - (Required) Add additional information to each Falco notification's output.
+* `priority` - (Required) The priority of the Falco rule. It can be: "emergency", "alert", "critical", "error", "warning", "notice", "informational", "informational" or "debug".
+* `source` - (Required) The source of the event. It can be either "syscall" or "k8s_audit".
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `version` - Current version of the resource in Sysdig Secure.

website/docs/r/sysdig_secure_rule_filesystem.html.markdown

@@ -0,0 +1,58 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_rule_filesystem"
+sidebar_current: "docs-sysdig-secure-rule-filesystem"
+description: |-
+  Creates a Sysdig Secure Filesystem Rule.
+---
+
+# sysdig\_secure\_rule\_filesystem
+
+Creates a Sysdig Secure Filesystem Rule.
+
+~> **Note:** This resource is still experimental, and is subject of being changed.
+
+## Example usage
+
+```hcl
+
+resource "sysdig_secure_rule_filesystem"  "example" {
+  name = "Apache writing to non allowed directory"
+  description = "Attempt to write to directories that should be immutable"
+  tags = ["filesystem", "cis"]
+
+  read_only {
+    matching = true // default
+    paths = ["/etc"]
+  }
+
+  read_write {
+    matching = true // default
+    paths = ["/var/log/apache2", "/dev/tty"]
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the Secure rule. It must be unique.
+* `description` - (Required) The description of Secure rule.
+* `tags` - (Optional) A list of tags for this rule.
+
+### Read Only
+
+* `matching` - (Optional) Defines if the path matches or not with the provided list. Default is true.
+* `paths` - (Required) List of paths to match.
+
+### Read Write
+
+* `matching` - (Optional) Defines if the path matches or not with the provided list. Default is true.
+* `paths` - (Required) List of paths to match.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `version` - Current version of the resource in Sysdig Secure.

website/docs/r/sysdig_secure_rule_network.html.markdown

@@ -0,0 +1,66 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_rule_network"
+sidebar_current: "docs-sysdig-secure-rule-network"
+description: |-
+  Creates a Sysdig Secure Network Rule.
+---
+
+# sysdig\_secure\_rule\_network
+
+Creates a Sysdig Secure Network Rule.
+
+~> **Note:** This resource is still experimental, and is subject of being changed.
+
+## Example usage
+
+```hcl
+resource "sysdig_secure_rule_network" "example" {
+  name = "Disallowed SSH Connection"
+  description = "Detect any new ssh connection to a host other than those in an allowed group of hosts"
+  tags = ["network", "mitre_remote_service"]
+
+  block_inbound = true
+  block_outbound = true
+
+  tcp {
+    matching = true // default
+    ports = [22]
+  }
+
+  udp {
+    matching = true // default
+    ports = [22]
+  }
+}
+
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the Secure rule. It must be unique.
+* `description` - (Required) The description of Secure rule.
+* `tags` - (Optional) A list of tags for this rule.
+
+### Disallow incoming or outgoing connections
+
+* `block_inbound` - (Required) Detect if there is an inbound connection.
+* `block_outbound` - (Required) Detect if there is an outbound connection.
+
+### Detect TCP Connections
+
+* `matching` - (Optional) Defines if the port matches or not with the provided list. Default is true.
+* `ports` - (Required) List of ports to match.
+
+### Detect UDP Connections
+
+* `matching` - (Optional) Defines if the port matches or not with the provided list. Default is true.
+* `ports` - (Required) List of ports to match.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `version` - Current version of the resource in Sysdig Secure.

website/docs/r/sysdig_secure_rule_process.html.markdown

@@ -0,0 +1,43 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_rule_process"
+sidebar_current: "docs-sysdig-secure-rule-process"
+description: |-
+  Creates a Sysdig Secure Process Rule.
+---
+
+# sysdig\_secure\_rule\_process
+
+Creates a Sysdig Secure Process Rule.
+
+~> **Note:** This resource is still experimental, and is subject of being changed.
+
+## Example usage
+
+```hcl
+resource "sysdig_secure_rule_process" "sample" {
+  name = "Launch Suspicious Network Tool in Container" // ID
+  description = "Detect network tools launched inside container"
+
+  matching = true // default
+  processes = ["nc", "ncat", "nmap", "dig", "tcpdump", "tshark", "ngrep"]
+}
+
+```
+
+## Argument Reference
+
+* `name` - (Required) The name of the Secure rule. It must be unique.
+* `description` - (Required) The description of Secure rule.
+* `tags` - (Optional) A list of tags for this rule.
+
+### Matching
+
+* `matching` - (Optional) Defines if the process name matches or not with the provided list. Default is true.
+* `processes` - (Required) List of processes to match.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `version` - Current version of the resource in Sysdig Secure.