Datadog Cloud Security

Create detection rule

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Create a detection rule.

Inputs

Expand All

フィールド

種類

説明

ruleName [required]

string

Name of the new detection rule.

queries [required]

[object]

Queries for selecting logs which are part of the rule.

query [required]

string

Query to run on logs.

message [required]

string

Message to be included in the Security Signal.

cases [required]

[object]

Conditions for when to generate security signals.

status [required]

enum

Severity of the Security Signal. Allowed enum values: info,low,medium,high,critical

condition

string

A rule case contains logical operations (>,>=, &&, ||) to determine if a signal should be generated based on the event counts in the previously defined queries.

name

string

Name of the case.

maxSignalDuration

enum

A signal will “close” regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600,43200,86400

evaluationWindow

enum

A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time. Allowed enum values: 0,60,300,600,900,1800,3600,7200

keepAlive

enum

Once a signal is generated, the signal will remain “open” if a case is matched at least once within this keep alive window. Allowed enum values: 0,60,300,600,900,1800,3600,7200,10800,21600

tags

Tags for generated signals.

Outputs

フィールド

種類

説明

No request body