Event Threat Detection Custom Module

Event Threat Detection Custom Module in Google Cloud allows users to create and manage custom detection rules for identifying security threats within their environment. It extends the built-in Event Threat Detection service by enabling organizations to define their own logic for detecting suspicious activity based on logs and events. This helps tailor threat detection to specific security needs and compliance requirements.

gcp.securitycenter_event_threat_detection_custom_module

Fields

TitleIDTypeData TypeDescription
_keycorestring
ancestor_modulecorestringOutput only. The closest ancestor module that this module inherits the enablement state from. The format is the same as the EventThreatDetectionCustomModule resource name.
ancestorscorearray<string>
cloud_providercorestringThe cloud provider of the custom module.
datadog_display_namecorestring
descriptioncorestringThe description for the module.
enablement_statecorestringThe state of enablement for the module at the given level of the hierarchy.
gcp_display_namecorestringThe human readable name to be displayed for the module.
labelscorearray<string>
last_editorcorestringOutput only. The editor the module was last updated by.
namecorestringImmutable. The resource name of the Event Threat Detection custom module. Its format is: * `organizations/{organization}/eventThreatDetectionSettings/customModules/{module}`. * `folders/{folder}/eventThreatDetectionSettings/customModules/{module}`. * `projects/{project}/eventThreatDetectionSettings/customModules/{module}`.
organization_idcorestring
parentcorestring
project_idcorestring
project_numbercorestring
region_idcorestring
resource_namecorestring
tagscorehstore_csv
typecorestringType for the module. e.g. CONFIGURABLE_BAD_IP.
update_timecoretimestampOutput only. The time the module was last updated.
zone_idcorestring