docs: Add documentation for Monitor alert resources

Signed-off-by: Federico Barcelona <[email protected]>

Author: tembleking

website/docs/index.html.markdown

@@ -20,6 +20,7 @@ Use the navigation to the left to read about the available resources.
 ```hcl
 // Configure the Sysdig provider
 provider "sysdig" {
+  sysdig_monitor_api_token = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
   sysdig_secure_api_token = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
 }
 
@@ -33,9 +34,18 @@ resource "sysdig_secure_policy" "unexpected_inbound_tcp_connection_traefik" {
 
 The following keys can be used to configure the provider.
 
+* `sysdig_monitor_api_token` - (Required) The Sysdig Secure API token, it must be
+  present, but you can get it from the `SYSDIG_MONITOR_API_TOKEN` environment variable.
+
 * `sysdig_secure_api_token` - (Required) The Sysdig Secure API token, it must be
   present, but you can get it from the `SYSDIG_SECURE_API_TOKEN` environment variable.
 
+* `sysdig_monitor_url` - (Optional) This is the target Sysdig Secure base API
+  endpoint. It's intended to be used with OnPrem installations. By defaults it
+  points to `https://app.sysdigcloud.com`, and notice that should not be ended
+  with an slash. It can also be sourced from the `SYSDIG_MONITOR_URL` environment
+  variable.
+  
 * `sysdig_secure_url` - (Optional) This is the target Sysdig Secure base API
   endpoint. It's intended to be used with OnPrem installations. By defaults it
   points to `https://secure.sysdig.com`, and notice that should not be ended

website/docs/r/sysdig_monitor_alert_anomaly.html.markdown

@@ -0,0 +1,70 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_monitor_alert_anomaly"
+sidebar_current: "docs-sysdig-monitor-alert-anomaly"
+description: |-
+  Creates a Sysdig Monitor Anomaly Alert.
+---
+
+# sysdig\_monitor\_alert\_anomaly
+
+Creates a Sysdig Monitor Anomaly Alert. Monitor hosts based on their historical behaviors and alert when they deviate.
+
+~> **Note:** This resource is still experimental, and is subject of being changed.
+
+## Example usage
+
+```hcl
+resource "sysdig_monitor_alert_anomaly" "sample" {
+	name = "[Kubernetes] Anomaly Detection Alert"
+	description = "Detects an anomaly in the cluster"
+	severity = 6
+
+	monitor = ["cpu.used.percent", "memory.bytes.used"]
+
+	multiple_alerts_by = ["kubernetes.cluster.name", 
+                          "kubernetes.namespace.name", 
+                          "kubernetes.deployment.name", 
+                          "kubernetes.pod.name"]
+}
+```
+
+## Argument Reference
+
+### Common alert arguments
+
+These arguments are common to all alerts in Sysdig Monitor.
+
+* `name` - (Required) The name of the Monitor alert. It must be unique.
+* `description` - (Optional) The description of Monitor alert.
+* `severity` - (Optional) Severity of the Monitor alert. It must be a value between 0 and 7,
+               with 0 being the most critical and 7 the less critical. Defaults to 4.
+* `trigger_after_minutes` - (Required) Threshold of time for the status to stabilize until the alert is fired.
+* `scope` - (Optional) Part of the infrastructure where the alert is valid. Defaults to the entire infrastructure. 
+* `enabled` - (Optional) Boolean that defines if the alert is enabled or not. Defaults to true.
+* `notification_channels` - (Optional) List of notification channel IDs where an alert must be sent to once fired.
+* `renotification_minutes` - (Optional) Number of minutes for the alert to re-notify until the status is solved.
+ 
+
+#### Capture
+
+Enables the creation of a capture file of the syscalls during the event.
+
+* `filename` - (Required) Defines the name of the capture file.
+* `duration` - (Required) Time frame in seconds of the capture.
+* `filter` - (Optional) Additional filter to apply to the capture. For example: `proc.name contains nginx`.
+
+### Metric alert arguments
+
+* `monitor` - (Required) Array of metrics to monitor and alert on. Example: `["cpu.used.percent", "cpu.cores.used", "memory.bytes.used", "fs.used.percent", "thread.count", "net.request.count.in"]`.
+* `multiple_alerts_by` - (Optional) List of segments to trigger a separate alert on. Example: `["kubernetes.cluster.name", "kubernetes.namespace.name"]`.  
+
+## Attributes Reference
+
+### Common alert attributes
+
+In addition to all arguments above, the following attributes are exported, which are common to all the
+alerts in Sysdig Monitor:
+
+* `version` - Current version of the resource in Sysdig Monitor.
+* `team` - Team ID that owns the alert.

website/docs/r/sysdig_monitor_alert_downtime.html.markdown

@@ -0,0 +1,68 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_monitor_alert_downtime"
+sidebar_current: "docs-sysdig-monitor-alert-downtime"
+description: |-
+  Creates a Sysdig Monitor Downtime Alert.
+---
+
+# sysdig\_monitor\_alert\_downtime
+
+Creates a Sysdig Monitor Downtime Alert. Monitor any type of entity - host, container, process, service, etc - and alert when the entity goes down.
+
+~> **Note:** This resource is still experimental, and is subject of being changed.
+
+## Example usage
+
+```hcl
+resource "sysdig_monitor_alert_downtime" "sample" {
+	name = "[Kubernetes] Downtime Alert"
+	description = "Detects a downtime in the Kubernetes cluster"
+	severity = 2
+
+	entities_to_monitor = ["kubernetes.namespace.name"]
+	
+	trigger_after_minutes = 10
+	trigger_after_pct = 100
+}
+```
+
+## Argument Reference
+
+### Common alert arguments
+
+These arguments are common to all alerts in Sysdig Monitor.
+
+* `name` - (Required) The name of the Monitor alert. It must be unique.
+* `description` - (Optional) The description of Monitor alert.
+* `severity` - (Optional) Severity of the Monitor alert. It must be a value between 0 and 7,
+               with 0 being the most critical and 7 the less critical. Defaults to 4.
+* `trigger_after_minutes` - (Required) Threshold of time for the status to stabilize until the alert is fired.
+* `scope` - (Optional) Part of the infrastructure where the alert is valid. Defaults to the entire infrastructure. 
+* `enabled` - (Optional) Boolean that defines if the alert is enabled or not. Defaults to true.
+* `notification_channels` - (Optional) List of notification channel IDs where an alert must be sent to once fired.
+* `renotification_minutes` - (Optional) Number of minutes for the alert to re-notify until the status is solved.
+ 
+
+#### Capture
+
+Enables the creation of a capture file of the syscalls during the event.
+
+* `filename` - (Required) Defines the name of the capture file.
+* `duration` - (Required) Time frame in seconds of the capture.
+* `filter` - (Optional) Additional filter to apply to the capture. For example: `proc.name contains nginx`.
+
+### Metric alert arguments
+
+* `entities_to_monitor` - (Required) List of metrics to monitor downtime and alert on. Example: `["kubernetes.namespace.name"]` to detect namespace removal or `["host.hostName"]` to detect host downtime.
+* `trigger_after_pct` - (Optional) Below of this percentage of downtime the alert will be triggered. Defaults to 100.  
+
+## Attributes Reference
+
+### Common alert attributes
+
+In addition to all arguments above, the following attributes are exported, which are common to all the
+alerts in Sysdig Monitor:
+
+* `version` - Current version of the resource in Sysdig Monitor.
+* `team` - Team ID that owns the alert.

website/docs/r/sysdig_monitor_alert_event.html.markdown

@@ -0,0 +1,77 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_monitor_alert_event"
+sidebar_current: "docs-sysdig-monitor-alert-event"
+description: |-
+  Creates a Sysdig Monitor Event Alert.
+---
+
+# sysdig\_monitor\_alert\_event
+
+Creates a Sysdig Monitor Event Alert. Monitor occurrences of specific events, and alert if the total 
+number of occurrences violates a threshold. Useful for alerting on container, orchestration, and 
+service events like restarts and deployments.
+
+~> **Note:** This resource is still experimental, and is subject of being changed.
+
+## Example usage
+
+```hcl
+resource "sysdig_monitor_alert_event" "sample" {
+	name = "[Kubernetes] Failed to pull image"
+	description = "A Kubernetes pod failed to pull an image from the registry"
+	severity = 4
+
+	event_name = "Failed to pull image"
+	source = "kubernetes"
+	event_rel = ">"
+	event_count = 0
+
+	multiple_alerts_by = ["kubernetes.pod.name"]
+	
+	trigger_after_minutes = 1
+}
+```
+
+## Argument Reference
+
+### Common alert arguments
+
+These arguments are common to all alerts in Sysdig Monitor.
+
+* `name` - (Required) The name of the Monitor alert. It must be unique.
+* `description` - (Optional) The description of Monitor alert.
+* `severity` - (Optional) Severity of the Monitor alert. It must be a value between 0 and 7,
+               with 0 being the most critical and 7 the less critical. Defaults to 4.
+* `trigger_after_minutes` - (Required) Threshold of time for the status to stabilize until the alert is fired.
+* `scope` - (Optional) Part of the infrastructure where the alert is valid. Defaults to the entire infrastructure. 
+* `enabled` - (Optional) Boolean that defines if the alert is enabled or not. Defaults to true.
+* `notification_channels` - (Optional) List of notification channel IDs where an alert must be sent to once fired.
+* `renotification_minutes` - (Optional) Number of minutes for the alert to re-notify until the status is solved.
+ 
+
+#### Capture
+
+Enables the creation of a capture file of the syscalls during the event.
+
+* `filename` - (Required) Defines the name of the capture file.
+* `duration` - (Required) Time frame in seconds of the capture.
+* `filter` - (Optional) Additional filter to apply to the capture. For example: `proc.name contains nginx`.
+
+### Metric alert arguments
+
+* `event_name` - (Required) String that matches part of name, tag or the description of Sysdig Events.
+* `source` - (Required) Source of the event. It can be `docker` or `kubernetes`. 
+* `event_rel` - (Required) Relationship of the event count. It can be `>`, `>=`, `<`, `<=`, `=` or `!=`.
+* `event_count` - (Required) Number of events to match with event_rel.
+* `multiple_alerts_by` - (Optional) List of segments to trigger a separate alert on. Example: `["kubernetes.cluster.name", "kubernetes.namespace.name"]`.  
+
+## Attributes Reference
+
+### Common alert attributes
+
+In addition to all arguments above, the following attributes are exported, which are common to all the
+alerts in Sysdig Monitor:
+
+* `version` - Current version of the resource in Sysdig Monitor.
+* `team` - Team ID that owns the alert.

website/docs/r/sysdig_monitor_alert_group_outlier.html.markdown

@@ -0,0 +1,71 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_monitor_alert_group_outlier"
+sidebar_current: "docs-sysdig-monitor-alert-group-outlier"
+description: |-
+  Creates a Sysdig Monitor Group Outlier Alert.
+---
+
+# sysdig\_monitor\_alert\_group\_outlier
+
+Creates a Sysdig Monitor Group Outlier Alert. Monitor a group of hosts and be notified when one acts differently from the rest.
+
+~> **Note:** This resource is still experimental, and is subject of being changed.
+
+## Example usage
+
+```hcl
+resource "sysdig_monitor_alert_group_outlier" "sample" {
+	name = "[Kubernetes] A node is using more CPU than the rest"
+	description = "Monitors the cluster and checks when a node has more CPU usage than the others"
+	severity = 6
+
+	monitor = ["cpu.used.percent"]
+	
+	trigger_after_minutes = 10
+
+	capture {
+		filename = "TERRAFORM_TEST"
+		duration = 15
+	}
+}
+```
+
+## Argument Reference
+
+### Common alert arguments
+
+These arguments are common to all alerts in Sysdig Monitor.
+
+* `name` - (Required) The name of the Monitor alert. It must be unique.
+* `description` - (Optional) The description of Monitor alert.
+* `severity` - (Optional) Severity of the Monitor alert. It must be a value between 0 and 7,
+               with 0 being the most critical and 7 the less critical. Defaults to 4.
+* `trigger_after_minutes` - (Required) Threshold of time for the status to stabilize until the alert is fired.
+* `scope` - (Optional) Part of the infrastructure where the alert is valid. Defaults to the entire infrastructure. 
+* `enabled` - (Optional) Boolean that defines if the alert is enabled or not. Defaults to true.
+* `notification_channels` - (Optional) List of notification channel IDs where an alert must be sent to once fired.
+* `renotification_minutes` - (Optional) Number of minutes for the alert to re-notify until the status is solved.
+ 
+ 
+#### Capture
+
+Enables the creation of a capture file of the syscalls during the event.
+
+* `filename` - (Required) Defines the name of the capture file.
+* `duration` - (Required) Time frame in seconds of the capture.
+* `filter` - (Optional) Additional filter to apply to the capture. For example: `proc.name contains nginx`.
+
+### Metric alert arguments
+
+* `monitor` - (Required) Array of metrics to monitor and alert on. Example: `["cpu.used.percent", "cpu.cores.used", "memory.bytes.used", "fs.used.percent", "thread.count", "net.request.count.in"]`.  
+
+## Attributes Reference
+
+### Common alert attributes
+
+In addition to all arguments above, the following attributes are exported, which are common to all the
+alerts in Sysdig Monitor:
+
+* `version` - Current version of the resource in Sysdig Monitor.
+* `team` - Team ID that owns the alert.

website/docs/r/sysdig_monitor_alert_metric.html.markdown

@@ -0,0 +1,76 @@
+---
+layout: "sysdig"
+page_title: "Sysdig: sysdig_monitor_alert_metric"
+sidebar_current: "docs-sysdig-monitor-alert-metric"
+description: |-
+  Creates a Sysdig Monitor Metric Alert.
+---
+
+# sysdig\_monitor\_alert\_metric
+
+Creates a Sysdig Monitor Metric Alert. Monitor time-series metrics and alert if they violate user-defined thresholds.
+
+~> **Note:** This resource is still experimental, and is subject of being changed.
+
+## Example usage
+
+```hcl
+resource "sysdig_monitor_alert_metric" "sample" {
+	name = "[Kubernetes] CrashLoopBackOff"
+	description = "A Kubernetes pod failed to restart"
+	severity = 6
+
+	metric = "sum(timeAvg(kubernetes.pod.restart.count)) > 2"
+	trigger_after_minutes = 1
+
+	multiple_alerts_by = ["kubernetes.cluster.name",
+                          "kubernetes.namespace.name",
+                          "kubernetes.deployment.name",
+                          "kubernetes.pod.name"]
+
+	capture {
+		filename = "CrashLoopBackOff"
+		duration = 15
+	}
+}
+```
+
+## Argument Reference
+
+### Common alert arguments
+
+These arguments are common to all alerts in Sysdig Monitor.
+
+* `name` - (Required) The name of the Monitor alert. It must be unique.
+* `description` - (Optional) The description of Monitor alert.
+* `severity` - (Optional) Severity of the Monitor alert. It must be a value between 0 and 7,
+               with 0 being the most critical and 7 the less critical. Defaults to 4.
+* `trigger_after_minutes` - (Required) Threshold of time for the status to stabilize until the alert is fired.
+* `scope` - (Optional) Part of the infrastructure where the alert is valid. Defaults to the entire infrastructure. 
+* `enabled` - (Optional) Boolean that defines if the alert is enabled or not. Defaults to true.
+* `notification_channels` - (Optional) List of notification channel IDs where an alert must be sent to once fired.
+* `renotification_minutes` - (Optional) Number of minutes for the alert to re-notify until the status is solved.
+ 
+
+#### Capture
+
+Enables the creation of a capture file of the syscalls during the event.
+
+* `filename` - (Required) Defines the name of the capture file.
+* `duration` - (Required) Time frame in seconds of the capture.
+* `filter` - (Optional) Additional filter to apply to the capture. For example: `proc.name contains nginx`.
+
+### Metric alert arguments
+
+* `metric` - (Required) Metric to monitor and alert on. Example: `sum(timeAvg(kubernetes.pod.restart.count)) > 2` or `avg(avg(cpu.used.percent)) > 50`.
+* `multiple_alerts_by` - (Optional) List of segments to trigger a separate alert on. Example: `["kubernetes.cluster.name", "kubernetes.namespace.name"]`.  
+
+## Attributes Reference
+
+### Common alert attributes
+
+In addition to all arguments above, the following attributes are exported, which are common to all the
+alerts in Sysdig Monitor:
+
+* `version` - Current version of the resource in Sysdig Monitor.
+* `team` - Team ID that owns the alert.