security_detection_rule

package
v0.11.19 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 23, 2025 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var MinVersionResponseActions = version.Must(version.NewVersion("8.16.0"))

MinVersionResponseActions defines the minimum server version required for response actions

Functions

func GetSchema 

func GetSchema() schema.Schema

func NewSecurityDetectionRuleResource 

func NewSecurityDetectionRuleResource() resource.Resource

Types

type ActionFrequencyModel 

type ActionFrequencyModel struct {
	NotifyWhen types.String `tfsdk:"notify_when"`
	Summary    types.Bool   `tfsdk:"summary"`
	Throttle   types.String `tfsdk:"throttle"`
}

type ActionModel 

type ActionModel struct {
	ActionTypeId types.String `tfsdk:"action_type_id"`
	Id           types.String `tfsdk:"id"`
	Params       types.Map    `tfsdk:"params"`
	Group        types.String `tfsdk:"group"`
	Uuid         types.String `tfsdk:"uuid"`
	AlertsFilter types.Map    `tfsdk:"alerts_filter"`
	Frequency    types.Object `tfsdk:"frequency"`
}

type AlertSuppressionModel 

type AlertSuppressionModel struct {
	GroupBy               types.List           `tfsdk:"group_by"`
	Duration              customtypes.Duration `tfsdk:"duration"`
	MissingFieldsStrategy types.String         `tfsdk:"missing_fields_strategy"`
}

type CardinalityModel 

type CardinalityModel struct {
	Field types.String `tfsdk:"field"`
	Value types.Int64  `tfsdk:"value"`
}

type CommonCreateProps 

type CommonCreateProps struct {
	Actions                           **[]kbapi.SecurityDetectionsAPIRuleAction
	ResponseActions                   **[]kbapi.SecurityDetectionsAPIResponseAction
	RuleId                            **kbapi.SecurityDetectionsAPIRuleSignatureId
	Enabled                           **kbapi.SecurityDetectionsAPIIsRuleEnabled
	From                              **kbapi.SecurityDetectionsAPIRuleIntervalFrom
	To                                **kbapi.SecurityDetectionsAPIRuleIntervalTo
	Interval                          **kbapi.SecurityDetectionsAPIRuleInterval
	Index                             **[]string
	Author                            **[]string
	Tags                              **[]string
	FalsePositives                    **[]string
	References                        **[]string
	License                           **kbapi.SecurityDetectionsAPIRuleLicense
	Note                              **kbapi.SecurityDetectionsAPIInvestigationGuide
	Setup                             **kbapi.SecurityDetectionsAPISetupGuide
	MaxSignals                        **kbapi.SecurityDetectionsAPIMaxSignals
	Version                           **kbapi.SecurityDetectionsAPIRuleVersion
	ExceptionsList                    **[]kbapi.SecurityDetectionsAPIRuleExceptionList
	AlertSuppression                  **kbapi.SecurityDetectionsAPIAlertSuppression
	RiskScoreMapping                  **kbapi.SecurityDetectionsAPIRiskScoreMapping
	SeverityMapping                   **kbapi.SecurityDetectionsAPISeverityMapping
	RelatedIntegrations               **kbapi.SecurityDetectionsAPIRelatedIntegrationArray
	RequiredFields                    **[]kbapi.SecurityDetectionsAPIRequiredFieldInput
	BuildingBlockType                 **kbapi.SecurityDetectionsAPIBuildingBlockType
	DataViewId                        **kbapi.SecurityDetectionsAPIDataViewId
	Namespace                         **kbapi.SecurityDetectionsAPIAlertsIndexNamespace
	RuleNameOverride                  **kbapi.SecurityDetectionsAPIRuleNameOverride
	TimestampOverride                 **kbapi.SecurityDetectionsAPITimestampOverride
	TimestampOverrideFallbackDisabled **kbapi.SecurityDetectionsAPITimestampOverrideFallbackDisabled
	InvestigationFields               **kbapi.SecurityDetectionsAPIInvestigationFields
	Filters                           **kbapi.SecurityDetectionsAPIRuleFilterArray
	Threat                            **kbapi.SecurityDetectionsAPIThreatArray
	TimelineId                        **kbapi.SecurityDetectionsAPITimelineTemplateId
	TimelineTitle                     **kbapi.SecurityDetectionsAPITimelineTemplateTitle
}

CommonCreateProps holds all the field pointers for setting common create properties

type CommonUpdateProps 

type CommonUpdateProps struct {
	Actions                           **[]kbapi.SecurityDetectionsAPIRuleAction
	ResponseActions                   **[]kbapi.SecurityDetectionsAPIResponseAction
	RuleId                            **kbapi.SecurityDetectionsAPIRuleSignatureId
	Enabled                           **kbapi.SecurityDetectionsAPIIsRuleEnabled
	From                              **kbapi.SecurityDetectionsAPIRuleIntervalFrom
	To                                **kbapi.SecurityDetectionsAPIRuleIntervalTo
	Interval                          **kbapi.SecurityDetectionsAPIRuleInterval
	Index                             **[]string
	Author                            **[]string
	Tags                              **[]string
	FalsePositives                    **[]string
	References                        **[]string
	License                           **kbapi.SecurityDetectionsAPIRuleLicense
	Note                              **kbapi.SecurityDetectionsAPIInvestigationGuide
	Setup                             **kbapi.SecurityDetectionsAPISetupGuide
	MaxSignals                        **kbapi.SecurityDetectionsAPIMaxSignals
	Version                           **kbapi.SecurityDetectionsAPIRuleVersion
	ExceptionsList                    **[]kbapi.SecurityDetectionsAPIRuleExceptionList
	AlertSuppression                  **kbapi.SecurityDetectionsAPIAlertSuppression
	RiskScoreMapping                  **kbapi.SecurityDetectionsAPIRiskScoreMapping
	SeverityMapping                   **kbapi.SecurityDetectionsAPISeverityMapping
	RelatedIntegrations               **kbapi.SecurityDetectionsAPIRelatedIntegrationArray
	RequiredFields                    **[]kbapi.SecurityDetectionsAPIRequiredFieldInput
	BuildingBlockType                 **kbapi.SecurityDetectionsAPIBuildingBlockType
	DataViewId                        **kbapi.SecurityDetectionsAPIDataViewId
	Namespace                         **kbapi.SecurityDetectionsAPIAlertsIndexNamespace
	RuleNameOverride                  **kbapi.SecurityDetectionsAPIRuleNameOverride
	TimestampOverride                 **kbapi.SecurityDetectionsAPITimestampOverride
	TimestampOverrideFallbackDisabled **kbapi.SecurityDetectionsAPITimestampOverrideFallbackDisabled
	InvestigationFields               **kbapi.SecurityDetectionsAPIInvestigationFields
	Filters                           **kbapi.SecurityDetectionsAPIRuleFilterArray
	Threat                            **kbapi.SecurityDetectionsAPIThreatArray
	TimelineId                        **kbapi.SecurityDetectionsAPITimelineTemplateId
	TimelineTitle                     **kbapi.SecurityDetectionsAPITimelineTemplateTitle
}

CommonUpdateProps holds all the field pointers for setting common update properties

type EndpointProcessConfigModel 

type EndpointProcessConfigModel struct {
	Field     types.String `tfsdk:"field"`
	Overwrite types.Bool   `tfsdk:"overwrite"`
}

type EqlRuleProcessor 

type EqlRuleProcessor struct{}

func (EqlRuleProcessor) ExtractId 

func (e EqlRuleProcessor) ExtractId(response any) (string, diag.Diagnostics)

func (EqlRuleProcessor) HandlesAPIRuleResponse 

func (e EqlRuleProcessor) HandlesAPIRuleResponse(rule any) bool

func (EqlRuleProcessor) HandlesRuleType 

func (e EqlRuleProcessor) HandlesRuleType(t string) bool

func (EqlRuleProcessor) ToCreateProps 

func (e EqlRuleProcessor) ToCreateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleCreateProps, diag.Diagnostics)

func (EqlRuleProcessor) ToUpdateProps 

func (e EqlRuleProcessor) ToUpdateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleUpdateProps, diag.Diagnostics)

func (EqlRuleProcessor) UpdateFromResponse 

func (e EqlRuleProcessor) UpdateFromResponse(ctx context.Context, rule any, d *SecurityDetectionRuleData) diag.Diagnostics

type EsqlRuleProcessor 

type EsqlRuleProcessor struct{}

func (EsqlRuleProcessor) ExtractId 

func (e EsqlRuleProcessor) ExtractId(response any) (string, diag.Diagnostics)

func (EsqlRuleProcessor) HandlesAPIRuleResponse 

func (e EsqlRuleProcessor) HandlesAPIRuleResponse(rule any) bool

func (EsqlRuleProcessor) HandlesRuleType 

func (e EsqlRuleProcessor) HandlesRuleType(t string) bool

func (EsqlRuleProcessor) ToCreateProps 

func (e EsqlRuleProcessor) ToCreateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleCreateProps, diag.Diagnostics)

func (EsqlRuleProcessor) ToUpdateProps 

func (e EsqlRuleProcessor) ToUpdateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleUpdateProps, diag.Diagnostics)

func (EsqlRuleProcessor) UpdateFromResponse 

func (e EsqlRuleProcessor) UpdateFromResponse(ctx context.Context, rule any, d *SecurityDetectionRuleData) diag.Diagnostics

type ExceptionsListModel 

type ExceptionsListModel struct {
	Id            types.String `tfsdk:"id"`
	ListId        types.String `tfsdk:"list_id"`
	NamespaceType types.String `tfsdk:"namespace_type"`
	Type          types.String `tfsdk:"type"`
}

type MachineLearningRuleProcessor 

type MachineLearningRuleProcessor struct{}

func (MachineLearningRuleProcessor) ExtractId 

func (m MachineLearningRuleProcessor) ExtractId(response any) (string, diag.Diagnostics)

func (MachineLearningRuleProcessor) HandlesAPIRuleResponse 

func (m MachineLearningRuleProcessor) HandlesAPIRuleResponse(rule any) bool

func (MachineLearningRuleProcessor) HandlesRuleType 

func (m MachineLearningRuleProcessor) HandlesRuleType(t string) bool

func (MachineLearningRuleProcessor) ToCreateProps 

func (m MachineLearningRuleProcessor) ToCreateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleCreateProps, diag.Diagnostics)

func (MachineLearningRuleProcessor) ToUpdateProps 

func (m MachineLearningRuleProcessor) ToUpdateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleUpdateProps, diag.Diagnostics)

func (MachineLearningRuleProcessor) UpdateFromResponse 

func (m MachineLearningRuleProcessor) UpdateFromResponse(ctx context.Context, rule any, d *SecurityDetectionRuleData) diag.Diagnostics

type NewTermsRuleProcessor 

type NewTermsRuleProcessor struct{}

func (NewTermsRuleProcessor) ExtractId 

func (n NewTermsRuleProcessor) ExtractId(response any) (string, diag.Diagnostics)

func (NewTermsRuleProcessor) HandlesAPIRuleResponse 

func (n NewTermsRuleProcessor) HandlesAPIRuleResponse(rule any) bool

func (NewTermsRuleProcessor) HandlesRuleType 

func (n NewTermsRuleProcessor) HandlesRuleType(t string) bool

func (NewTermsRuleProcessor) ToCreateProps 

func (n NewTermsRuleProcessor) ToCreateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleCreateProps, diag.Diagnostics)

func (NewTermsRuleProcessor) ToUpdateProps 

func (n NewTermsRuleProcessor) ToUpdateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleUpdateProps, diag.Diagnostics)

func (NewTermsRuleProcessor) UpdateFromResponse 

func (n NewTermsRuleProcessor) UpdateFromResponse(ctx context.Context, rule any, d *SecurityDetectionRuleData) diag.Diagnostics

type OsqueryQueryModel 

type OsqueryQueryModel struct {
	Id         types.String `tfsdk:"id"`
	Query      types.String `tfsdk:"query"`
	Platform   types.String `tfsdk:"platform"`
	Version    types.String `tfsdk:"version"`
	Removed    types.Bool   `tfsdk:"removed"`
	Snapshot   types.Bool   `tfsdk:"snapshot"`
	EcsMapping types.Map    `tfsdk:"ecs_mapping"`
}

type QueryRuleProcessor 

type QueryRuleProcessor struct{}

func (QueryRuleProcessor) ExtractId 

func (q QueryRuleProcessor) ExtractId(response any) (string, diag.Diagnostics)

func (QueryRuleProcessor) HandlesAPIRuleResponse 

func (q QueryRuleProcessor) HandlesAPIRuleResponse(rule any) bool

func (QueryRuleProcessor) HandlesRuleType 

func (q QueryRuleProcessor) HandlesRuleType(t string) bool

func (QueryRuleProcessor) ToCreateProps 

func (q QueryRuleProcessor) ToCreateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleCreateProps, diag.Diagnostics)

func (QueryRuleProcessor) ToUpdateProps 

func (q QueryRuleProcessor) ToUpdateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleUpdateProps, diag.Diagnostics)

func (QueryRuleProcessor) UpdateFromResponse 

func (q QueryRuleProcessor) UpdateFromResponse(ctx context.Context, rule any, d *SecurityDetectionRuleData) diag.Diagnostics

type RelatedIntegrationModel 

type RelatedIntegrationModel struct {
	Package     types.String `tfsdk:"package"`
	Version     types.String `tfsdk:"version"`
	Integration types.String `tfsdk:"integration"`
}

type RequiredFieldModel 

type RequiredFieldModel struct {
	Name types.String `tfsdk:"name"`
	Type types.String `tfsdk:"type"`
	Ecs  types.Bool   `tfsdk:"ecs"`
}

type ResponseActionModel 

type ResponseActionModel struct {
	ActionTypeId types.String `tfsdk:"action_type_id"`
	Params       types.Object `tfsdk:"params"`
}

type ResponseActionParamsModel 

type ResponseActionParamsModel struct {
	// Osquery params
	Query        types.String `tfsdk:"query"`
	PackId       types.String `tfsdk:"pack_id"`
	SavedQueryId types.String `tfsdk:"saved_query_id"`
	Timeout      types.Int64  `tfsdk:"timeout"`
	EcsMapping   types.Map    `tfsdk:"ecs_mapping"`
	Queries      types.List   `tfsdk:"queries"`

	// Endpoint params
	Command types.String `tfsdk:"command"`
	Comment types.String `tfsdk:"comment"`
	Config  types.Object `tfsdk:"config"`
}

type RiskScoreMappingModel 

type RiskScoreMappingModel struct {
	Field     types.String `tfsdk:"field"`
	Operator  types.String `tfsdk:"operator"`
	Value     types.String `tfsdk:"value"`
	RiskScore types.Int64  `tfsdk:"risk_score"`
}

type SavedQueryRuleProcessor 

type SavedQueryRuleProcessor struct{}

func (SavedQueryRuleProcessor) ExtractId 

func (s SavedQueryRuleProcessor) ExtractId(response any) (string, diag.Diagnostics)

func (SavedQueryRuleProcessor) HandlesAPIRuleResponse 

func (s SavedQueryRuleProcessor) HandlesAPIRuleResponse(rule any) bool

func (SavedQueryRuleProcessor) HandlesRuleType 

func (s SavedQueryRuleProcessor) HandlesRuleType(t string) bool

func (SavedQueryRuleProcessor) ToCreateProps 

func (s SavedQueryRuleProcessor) ToCreateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleCreateProps, diag.Diagnostics)

func (SavedQueryRuleProcessor) ToUpdateProps 

func (s SavedQueryRuleProcessor) ToUpdateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleUpdateProps, diag.Diagnostics)

func (SavedQueryRuleProcessor) UpdateFromResponse 

func (s SavedQueryRuleProcessor) UpdateFromResponse(ctx context.Context, rule any, d *SecurityDetectionRuleData) diag.Diagnostics

type SecurityDetectionRuleData 

type SecurityDetectionRuleData struct {
	Id       types.String `tfsdk:"id"`
	SpaceId  types.String `tfsdk:"space_id"`
	RuleId   types.String `tfsdk:"rule_id"`
	Name     types.String `tfsdk:"name"`
	Type     types.String `tfsdk:"type"`
	Query    types.String `tfsdk:"query"`
	Language types.String `tfsdk:"language"`
	Index    types.List   `tfsdk:"index"`
	Enabled  types.Bool   `tfsdk:"enabled"`
	From     types.String `tfsdk:"from"`
	To       types.String `tfsdk:"to"`
	Interval types.String `tfsdk:"interval"`

	// Rule content
	Description         types.String `tfsdk:"description"`
	RiskScore           types.Int64  `tfsdk:"risk_score"`
	RiskScoreMapping    types.List   `tfsdk:"risk_score_mapping"`
	Severity            types.String `tfsdk:"severity"`
	SeverityMapping     types.List   `tfsdk:"severity_mapping"`
	Author              types.List   `tfsdk:"author"`
	Tags                types.List   `tfsdk:"tags"`
	License             types.String `tfsdk:"license"`
	RelatedIntegrations types.List   `tfsdk:"related_integrations"`
	RequiredFields      types.List   `tfsdk:"required_fields"`

	// Optional fields
	FalsePositives types.List   `tfsdk:"false_positives"`
	References     types.List   `tfsdk:"references"`
	Note           types.String `tfsdk:"note"`
	Setup          types.String `tfsdk:"setup"`
	MaxSignals     types.Int64  `tfsdk:"max_signals"`
	Version        types.Int64  `tfsdk:"version"`

	// Read-only fields
	CreatedAt types.String `tfsdk:"created_at"`
	CreatedBy types.String `tfsdk:"created_by"`
	UpdatedAt types.String `tfsdk:"updated_at"`
	UpdatedBy types.String `tfsdk:"updated_by"`
	Revision  types.Int64  `tfsdk:"revision"`

	// EQL-specific fields
	TiebreakerField types.String `tfsdk:"tiebreaker_field"`

	// Machine Learning-specific fields
	AnomalyThreshold     types.Int64 `tfsdk:"anomaly_threshold"`
	MachineLearningJobId types.List  `tfsdk:"machine_learning_job_id"`

	// New Terms-specific fields
	NewTermsFields     types.List   `tfsdk:"new_terms_fields"`
	HistoryWindowStart types.String `tfsdk:"history_window_start"`

	// Saved Query-specific fields
	SavedId types.String `tfsdk:"saved_id"`

	// Threat Match-specific fields
	ThreatIndex         types.List   `tfsdk:"threat_index"`
	ThreatQuery         types.String `tfsdk:"threat_query"`
	ThreatMapping       types.List   `tfsdk:"threat_mapping"`
	ThreatFilters       types.List   `tfsdk:"threat_filters"`
	ThreatIndicatorPath types.String `tfsdk:"threat_indicator_path"`
	ConcurrentSearches  types.Int64  `tfsdk:"concurrent_searches"`
	ItemsPerSearch      types.Int64  `tfsdk:"items_per_search"`

	// Threshold-specific fields
	Threshold types.Object `tfsdk:"threshold"`

	// Optional timeline fields (common across multiple rule types)
	TimelineId    types.String `tfsdk:"timeline_id"`
	TimelineTitle types.String `tfsdk:"timeline_title"`

	// Threat field (common across multiple rule types)
	Threat types.List `tfsdk:"threat"`

	// Actions field (common across all rule types)
	Actions types.List `tfsdk:"actions"`

	// Response actions field (common across all rule types)
	ResponseActions types.List `tfsdk:"response_actions"`

	// Exceptions list field (common across all rule types)
	ExceptionsList types.List `tfsdk:"exceptions_list"`

	// Alert suppression field (common across all rule types)
	AlertSuppression types.Object `tfsdk:"alert_suppression"`

	// Building block type field (common across all rule types)
	BuildingBlockType types.String `tfsdk:"building_block_type"`

	// Data view ID field (common across all rule types)
	DataViewId types.String `tfsdk:"data_view_id"`

	// Namespace field (common across all rule types)
	Namespace types.String `tfsdk:"namespace"`

	// Rule name override field (common across all rule types)
	RuleNameOverride types.String `tfsdk:"rule_name_override"`

	// Timestamp override fields (common across all rule types)
	TimestampOverride                 types.String `tfsdk:"timestamp_override"`
	TimestampOverrideFallbackDisabled types.Bool   `tfsdk:"timestamp_override_fallback_disabled"`

	// Investigation fields (common across all rule types)
	InvestigationFields types.List `tfsdk:"investigation_fields"`

	// Filters field (common across all rule types) - Query and filter context array to define alert conditions
	Filters jsontypes.Normalized `tfsdk:"filters"`
}

type SecurityDetectionRuleTfData 

type SecurityDetectionRuleTfData struct {
	ThreatMapping types.List `tfsdk:"threat_mapping"`
}

type SecurityDetectionRuleTfDataItem 

type SecurityDetectionRuleTfDataItem struct {
	Entries types.List `tfsdk:"entries"`
}

type SecurityDetectionRuleTfDataItemEntry 

type SecurityDetectionRuleTfDataItemEntry struct {
	Field types.String `tfsdk:"field"`
	Type  types.String `tfsdk:"type"`
	Value types.String `tfsdk:"value"`
}

type SeverityMappingModel 

type SeverityMappingModel struct {
	Field    types.String `tfsdk:"field"`
	Operator types.String `tfsdk:"operator"`
	Value    types.String `tfsdk:"value"`
	Severity types.String `tfsdk:"severity"`
}

type ThreatMatchRuleProcessor 

type ThreatMatchRuleProcessor struct{}

func (ThreatMatchRuleProcessor) ExtractId 

func (t ThreatMatchRuleProcessor) ExtractId(response any) (string, diag.Diagnostics)

func (ThreatMatchRuleProcessor) HandlesAPIRuleResponse 

func (t ThreatMatchRuleProcessor) HandlesAPIRuleResponse(rule any) bool

func (ThreatMatchRuleProcessor) HandlesRuleType 

func (t ThreatMatchRuleProcessor) HandlesRuleType(ruleType string) bool

func (ThreatMatchRuleProcessor) ToCreateProps 

func (t ThreatMatchRuleProcessor) ToCreateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleCreateProps, diag.Diagnostics)

func (ThreatMatchRuleProcessor) ToUpdateProps 

func (t ThreatMatchRuleProcessor) ToUpdateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleUpdateProps, diag.Diagnostics)

func (ThreatMatchRuleProcessor) UpdateFromResponse 

func (t ThreatMatchRuleProcessor) UpdateFromResponse(ctx context.Context, rule any, d *SecurityDetectionRuleData) diag.Diagnostics

type ThreatModel added in v0.11.19 

type ThreatModel struct {
	Framework types.String `tfsdk:"framework"`
	Tactic    types.Object `tfsdk:"tactic"`
	Technique types.List   `tfsdk:"technique"`
}

type ThreatSubtechniqueModel added in v0.11.19 

type ThreatSubtechniqueModel struct {
	Id        types.String `tfsdk:"id"`
	Name      types.String `tfsdk:"name"`
	Reference types.String `tfsdk:"reference"`
}

type ThreatTacticModel added in v0.11.19 

type ThreatTacticModel struct {
	Id        types.String `tfsdk:"id"`
	Name      types.String `tfsdk:"name"`
	Reference types.String `tfsdk:"reference"`
}

type ThreatTechniqueModel added in v0.11.19 

type ThreatTechniqueModel struct {
	Id           types.String `tfsdk:"id"`
	Name         types.String `tfsdk:"name"`
	Reference    types.String `tfsdk:"reference"`
	Subtechnique types.List   `tfsdk:"subtechnique"`
}

type ThresholdModel 

type ThresholdModel struct {
	Field       types.List  `tfsdk:"field"`
	Value       types.Int64 `tfsdk:"value"`
	Cardinality types.List  `tfsdk:"cardinality"`
}

type ThresholdRuleProcessor 

type ThresholdRuleProcessor struct{}

func (ThresholdRuleProcessor) ExtractId 

func (th ThresholdRuleProcessor) ExtractId(response any) (string, diag.Diagnostics)

func (ThresholdRuleProcessor) HandlesAPIRuleResponse 

func (th ThresholdRuleProcessor) HandlesAPIRuleResponse(rule any) bool

func (ThresholdRuleProcessor) HandlesRuleType 

func (th ThresholdRuleProcessor) HandlesRuleType(t string) bool

func (ThresholdRuleProcessor) ToCreateProps 

func (th ThresholdRuleProcessor) ToCreateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleCreateProps, diag.Diagnostics)

func (ThresholdRuleProcessor) ToUpdateProps 

func (th ThresholdRuleProcessor) ToUpdateProps(ctx context.Context, client clients.MinVersionEnforceable, d SecurityDetectionRuleData) (kbapi.SecurityDetectionsAPIRuleUpdateProps, diag.Diagnostics)

func (ThresholdRuleProcessor) UpdateFromResponse 

func (th ThresholdRuleProcessor) UpdateFromResponse(ctx context.Context, rule any, d *SecurityDetectionRuleData) diag.Diagnostics

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.