rules
Creates, updates, deletes, gets or lists a rules resource.
Overview
| Name | rules |
| Type | Resource |
| Id | cloudflare.cloudforce_one.rules |
Fields
The following fields are returned by SELECT queries:
- get
- list
Rule details.
| Name | Datatype | Description |
|---|---|---|
id | string (uuid) | (example: 550e8400-e29b-41d4-a716-446655440000) |
name | string | (example: block-malicious-workers) |
content | string | (example: rule example { condition: true }) |
created_at | number | |
created_by | string | (example: user@example.com) |
description | string | (example: Detects malicious proxy workers) |
enabled | boolean | Whether this rule is active for dice consumers. |
is_public | boolean | Whether this rule is visible to other internal accounts. |
namespaces | array | |
updated_at | number | |
updated_by | string | (example: user@example.com) |
List of rules.
| Name | Datatype | Description |
|---|---|---|
id | string (uuid) | (example: 550e8400-e29b-41d4-a716-446655440000) |
name | string | (example: block-malicious-workers) |
content | string | (example: rule example { condition: true }) |
created_at | number | |
created_by | string | (example: user@example.com) |
description | string | (example: Detects malicious proxy workers) |
enabled | boolean | Whether this rule is active for dice consumers. |
is_public | boolean | Whether this rule is visible to other internal accounts. |
namespaces | array | |
updated_at | number | |
updated_by | string | (example: user@example.com) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | account_id, id | Get a single rule by ID. | |
list | select | account_id | namespace, recursive, search, is_public, limit, offset | List all rules for an account with optional filtering. |
cloudforce_one_create_rule | insert | account_id, name, namespaces, content | Create a new detection rule. | |
cloudforce_one_update_rule | replace | account_id, id | Update an existing rule. | |
cloudforce_one_delete_rule | delete | account_id, id | Delete an existing rule. | |
cloudforce_one_delete_all_rules | delete | account_id | Delete all rules in an account. | |
validate | exec | account_id, name, namespaces, content | Validate rule syntax, name uniqueness, namespace, and meta checks. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
id | string | Resource ID. |
is_public | string | Filter by public visibility. |
limit | number | |
namespace | string | Filter by namespace. Repeat the parameter to filter by multiple namespaces (e.g. namespace=foo&namespace=bar). |
offset | number | |
recursive | string | |
search | string |
SELECT examples
- get
- list
Get a single rule by ID.
SELECT
id,
name,
content,
created_at,
created_by,
description,
enabled,
is_public,
namespaces,
updated_at,
updated_by
FROM cloudflare.cloudforce_one.rules
WHERE account_id = '{{ account_id }}' -- required
AND id = '{{ id }}' -- required
;
List all rules for an account with optional filtering.
SELECT
id,
name,
content,
created_at,
created_by,
description,
enabled,
is_public,
namespaces,
updated_at,
updated_by
FROM cloudflare.cloudforce_one.rules
WHERE account_id = '{{ account_id }}' -- required
AND namespace = '{{ namespace }}'
AND recursive = '{{ recursive }}'
AND search = '{{ search }}'
AND is_public = '{{ is_public }}'
AND limit = '{{ limit }}'
AND offset = '{{ offset }}'
;
INSERT examples
- cloudforce_one_create_rule
- Manifest
Create a new detection rule.
INSERT INTO cloudflare.cloudforce_one.rules (
actions,
content,
description,
enabled,
is_public,
name,
namespaces,
account_id
)
SELECT
'{{ actions }}',
'{{ content }}' /* required */,
'{{ description }}',
{{ enabled }},
{{ is_public }},
'{{ name }}' /* required */,
'{{ namespaces }}' /* required */,
'{{ account_id }}'
RETURNING
id,
name,
content,
created_at,
created_by,
description,
enabled,
is_public,
namespaces,
updated_at,
updated_by
;
# Description fields are for documentation purposes
- name: rules
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the rules resource.
- name: actions
value:
- action_config: "{{ action_config }}"
action_type: "{{ action_type }}"
enabled: {{ enabled }}
- name: content
value: "{{ content }}"
- name: description
value: "{{ description }}"
description: |
Human-readable description of the rule. Auto-extracted from YARA meta if present.
- name: enabled
value: {{ enabled }}
description: |
Whether this rule is active for dice consumers.
default: true
- name: is_public
value: {{ is_public }}
description: |
Whether this rule is visible to other internal accounts.
default: false
- name: name
value: "{{ name }}"
- name: namespaces
value:
- "{{ namespaces }}"
REPLACE examples
- cloudforce_one_update_rule
Update an existing rule.
REPLACE cloudflare.cloudforce_one.rules
SET
content = '{{ content }}',
description = '{{ description }}',
enabled = {{ enabled }},
is_public = {{ is_public }},
name = '{{ name }}',
namespaces = '{{ namespaces }}'
WHERE
account_id = '{{ account_id }}' --required
AND id = '{{ id }}' --required
RETURNING
id,
name,
content,
created_at,
created_by,
description,
enabled,
is_public,
namespaces,
updated_at,
updated_by;
DELETE examples
- cloudforce_one_delete_rule
- cloudforce_one_delete_all_rules
Delete an existing rule.
DELETE FROM cloudflare.cloudforce_one.rules
WHERE account_id = '{{ account_id }}' --required
AND id = '{{ id }}' --required
;
Delete all rules in an account.
DELETE FROM cloudflare.cloudforce_one.rules
WHERE account_id = '{{ account_id }}' --required
;
Lifecycle Methods
- validate
Validate rule syntax, name uniqueness, namespace, and meta checks.
EXEC cloudflare.cloudforce_one.rules.validate
@account_id='{{ account_id }}' --required
@@json=
'{
"content": "{{ content }}",
"excludeRuleId": "{{ excludeRuleId }}",
"name": "{{ name }}",
"namespaces": "{{ namespaces }}"
}'
;