|
| 1 | +--- |
| 2 | +subcategory: "Sysdig Secure" |
| 3 | +layout: "sysdig" |
| 4 | +page_title: "Sysdig: sysdig_secure_rule_stateful" |
| 5 | +description: |- |
| 6 | + Creates a Sysdig Secure Stateful Rule Append. |
| 7 | +--- |
| 8 | + |
| 9 | +# Resource: sysdig_secure_rule_stateful |
| 10 | + |
| 11 | +Creates a Sysdig Secure Stateful Rule Append. |
| 12 | + |
| 13 | +-> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository. |
| 14 | + |
| 15 | +## Example Usage |
| 16 | + |
| 17 | +```terraform |
| 18 | +resource "sysdig_secure_rule_stateful" "stateful_rule" { |
| 19 | + name = "API Gateway Enumeration Detected" |
| 20 | + source = "awscloudtrail_stateful" |
| 21 | + ruletype = "STATEFUL_SEQUENCE" |
| 22 | + exceptions { |
| 23 | + values = jsonencode([["user_abc", ["12345"]]]) |
| 24 | + name = "user_accountid" |
| 25 | + } |
| 26 | +} |
| 27 | +``` |
| 28 | + |
| 29 | +## Argument Reference |
| 30 | + |
| 31 | +The following arguments are supported: |
| 32 | + |
| 33 | +* `name` - (Required) The name of the Stateful rule that the exception is being appended to. |
| 34 | +* `source` - (Required) The source of the event. We currently support the "awscloudtrail_stateful" source. |
| 35 | +* `exceptions` - (Required) The exceptions key is a list of identifier plus list of tuples of filtercheck fields. See below for details. |
| 36 | +* `append` - (Optional) This indicates that the rule being created appends the condition to an existing Sysdig-provided. For stateful rules, the default value is true. |
| 37 | +* `ruletype` - (Required) The type of Stateful rule being appended to. We currently support "STATEFUL_SEQUENCE", "STATEFUL_COUNT", and "STATEFUL_UNIQ_PERCENT". |
| 38 | + |
| 39 | +### Exceptions |
| 40 | +Supported fields for exceptions: |
| 41 | + |
| 42 | +* `name` - (Required) The name of the exception. |
| 43 | +* `values` - (Required) Contains tuples of values. Each item in the tuple should align 1-1 with the corresponding field |
| 44 | + and comparison operator. Since the value can be a string, a list of strings or a list of a list of strings, the value |
| 45 | + of this field must be supplied in JSON format. You can use the default `jsonencode` function to provide this value. |
| 46 | + See the usage example on the top. |
| 47 | + |
| 48 | +## Attributes Reference |
| 49 | + |
| 50 | +In addition to all arguments above, the following attributes are exported: |
| 51 | + |
| 52 | +* `version` - Current version of the resource in Sysdig Secure. |
| 53 | + |
0 commit comments