[datadog_security_monitoring_rule] Replace security monitoring rules with an updated detection method#3392
Merged
dd-mergequeue[bot] merged 1 commit intomasterfrom Dec 29, 2025
Conversation
paul-hf
changed the title
MatthewMSaucedo
approved these changes
Dec 29, 2025
Contributor
Author
|
/merge |
|
View all feedbacks in Devflow UI.
The expected merge time in
|
20agbekodo
added a commit
that referenced
this pull request
Dec 31, 2025
* Replace security monitoring rules with an updated detection method (#3392) Replace security monitoring rules with an updated detection method Co-authored-by: paul.howardflanders <[email protected]> * Add add_hostname, parse_xml and split_array processors --------- Co-authored-by: Paul Howard-Flanders <[email protected]>
dd-mergequeue Bot
pushed a commit
that referenced
this pull request
Jan 15, 2026
…metrics pipelines (#3386) [datadog_observability_pipeline] Add OpenTelemetry Source open PR obs-pipelines: remove `rate` config field in `sample` processors (#3384) remove the deprecated field, in favor of alway using `percentage`, and make `percentage` required. obs-pipelines: support for optional descriptions in SDS rule patterns (#3387) Add add_hostname, parse_xml and split_array processors (#3395) * Replace security monitoring rules with an updated detection method (#3392) Replace security monitoring rules with an updated detection method Co-authored-by: paul.howardflanders <[email protected]> * Add add_hostname, parse_xml and split_array processors --------- Co-authored-by: Paul Howard-Flanders <[email protected]> Add metric pipelines (#3385) * Add metric pipelines add CloudPrem destination add kafka destination remove env var Merge branch 'vladimir-dd/backfill' into op-ga add too_many_buckets_option (#3405) bump api client [datadog_observability_pipeline] Add referencetable and datastream (#3404) * Add support for reference_table in enrichment processor and datastream option in elastic search destination * Update to ReferenceTable reference * Clean up last of additional properties now that I can properly reference the types from the client * Remove trailing new line to fix formatting issue add include for rules + rename processors to processor_groups (#3410) * Add include field for rules * Rename processors to processor_groups bump client remove unrelated failing test bump Go client bump Go client record cassettes Merge branch 'master' into op-ga update docs make docs fix typo add OP team to codeowners record cassettes exclude cassettes from codeowners Co-authored-by: 20agbekodo <[email protected]> Co-authored-by: taylorchandleryoung <[email protected]> Co-authored-by: clementd-dd <[email protected]> Co-authored-by: vladimir.zhuk <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In the rule editor, we don't allow users to update the detection method once they've created a rule but the security monitoring terraform resource still allows it. This results in validation errors (see this example updating a threshold rule to a sequence_detection rule) when updating the rule because the API is not expecting a change in detection method. This PR adds the ForceNew flag to the detection method field which will result in the resource being deleted and created rather than updated when the detection method changes