Datadog Cloud Security

Create detection rule

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Create a detection rule.

Inputs

Expand All

Champ

Type

Description

ruleName [required]

string

Name of the new detection rule.

queries [required]

[object]

Queries for selecting logs which are part of the rule.

query [required]

string

Query to run on logs.

message [required]

string

Message to be included in the Security Signal.

cases [required]

[object]

Conditions for when to generate security signals.

status [required]

enum

Severity of the Security Signal. Allowed enum values: info,low,medium,high,critical

condition

string

A rule case contains logical operations (>,>=, &&, ||) to determine if a signal should be generated based on the event counts in the previously defined queries.

name

string

Name of the case.

maxSignalDuration

enum

A signal will “close” regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600,43200,86400

evaluationWindow

enum

A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. Allowed enum values: 0,60,300,600,900,1800,3600,7200

keepAlive

enum

Once a signal is generated, the signal will remain “open” if a case is matched at least once within this keep alive window. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

tags

Tags for generated signals.

Outputs

Champ

Type

Description

No request body