DLPWebRules

Zscaler Internet Access v1.2.0, Feb 20 26

Zscaler Internet Access v1.2.0 published on Friday, Feb 20, 2026 by Zscaler

Schema (JSON)

zscaler/pulumi-zia

Zscaler Internet Access v1.2.0 published on Friday, Feb 20, 2026 by Zscaler

Schema (JSON)

zscaler/pulumi-zia

Example Usage

“FTCATEGORY_ALL_OUTBOUND” File Type"

data "zia_dlp_engines" "this" {
  predefined_engine_name = "EXTERNAL"
}

resource "zia_dlp_web_rules" "this" {
  name                       = "Example"
  description                = "Example"
  action                     = "BLOCK"
  order                      = 1
  rank                       = 7
  state                      = "ENABLED"
  protocols                  = [ "FTP_RULE", "HTTPS_RULE", "HTTP_RULE" ]
  file_types                 = [ "FTCATEGORY_ALL_OUTBOUND" ]
  zscaler_incident_receiver  = false
  without_content_inspection = true
  user_risk_score_levels     = [ "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
  severity                   = "RULE_SEVERITY_HIGH"
  dlp_engines {
    id = [ data.zia_dlp_engines.this.id ]
  }
}

// Example 1: Using data source to reference existing URL category
data "zia_url_categories" "existing_category" {
    configured_name = "Example"
}

// Example 2: Creating new URL category and referencing it
resource "zia_url_categories" "new_category" {
  configured_name = "Custom_Category"
  description     = "Custom category for DLP rules"
  custom_category = true
  super_category  = "USER_DEFINED"
  type            = "URL_CATEGORY"
}

// Retrieve an ICAP Server by Name
data "zia_dlp_icap_servers" "this" {
  name = "ZS_ICAP_01"
}

resource "zia_dlp_web_rules" "this" {
  name                      = "Terraform_Test"
  description               = "Terraform_Test"
  action                    = "BLOCK"
  order                     = 1
  protocols                 = ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"]
  rank                      = 7
  state                     = "ENABLED"
  zscaler_incident_receiver = true
  without_content_inspection = false
  url_categories {
    id = [ data.zia_url_categories.existing_category.val ]
  }
  icap_server {
    id = data.zia_dlp_icap_servers.this.id
  }
}

resource "zia_dlp_web_rules" "with_new_category" {
  name                      = "Terraform_Test_New_Category"
  description               = "Terraform_Test with new category"
  action                    = "BLOCK"
  order                     = 2
  protocols                 = ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"]
  rank                      = 7
  state                     = "ENABLED"
  zscaler_incident_receiver = true
  without_content_inspection = false
  url_categories {
    id = [ zia_url_categories.new_category.val ]
  }
  icap_server {
    id = data.zia_dlp_icap_servers.this.id
  }
}

“FTCATEGORY_ALL_OUTBOUND” File Type - New"

data "zia_dlp_engines" "this" {
  predefined_engine_name = "EXTERNAL"
}

data "zia_file_type_categories" "this" {
    name = "FileType01"
}

resource "zia_dlp_web_rules" "this" {
  name                       = "Example"
  description                = "Example"
  action                     = "BLOCK"
  order                      = 1
  rank                       = 7
  state                      = "ENABLED"
  protocols                  = [ "FTP_RULE", "HTTPS_RULE", "HTTP_RULE" ]
  zscaler_incident_receiver  = false
  without_content_inspection = true
  user_risk_score_levels     = [ "LOW", "MEDIUM", "HIGH", "CRITICAL" ]
  severity                   = "RULE_SEVERITY_HIGH"
  file_type_categories {
    id = [ data.zia_file_type_categories.this.id ]
  }
  dlp_engines {
    id = [ data.zia_dlp_engines.this.id ]
  }
}

“Specify Incident Receiver Setting”

// Retrieve a custom URL Category by Name
data "zia_url_categories" "this"{
    configured_name = "Example"
}

// Retrieve a Incident Receiver by Name
data "zia_dlp_incident_receiver_servers" "this" {
  name = "ZS_INC_RECEIVER_01"
}

resource "zia_dlp_web_rules" "this" {
  name                      = "Terraform_Test"
  description               = "Terraform_Test"
  action                    = "BLOCK"
  order                     = 1
  protocols                 = ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"]
  rank                      = 7
  state                     = "ENABLED"
  zscaler_incident_receiver = true
  without_content_inspection = false
  url_categories {
    id = [ data.zia_url_categories.this.val ]
  }
  icap_server {
    id = data.zia_dlp_incident_receiver_servers.this.id
  }
  notification_template {
    id = data.zia_dlp_notification_templates.this.id
  }
}

“Creating Parent Rules And SubRules”

⚠️ WARNING: Destroying a parent rule will also destroy all subrules

NOTE Exception rules can be configured only when the inline DLP rule evaluation type is set to evaluate all DLP rules in the DLP Advanced Settings. To learn more, see Configuring DLP Advanced Settings

resource "zia_dlp_web_rules" "parent_rule" {
  name                       = "ParentRule1"
  description                = "ParentRule1"
  action                     = "ALLOW"
  state                      = "ENABLED"
  order                      = 1
  rank                       = 0
  protocols                  = ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"]
  cloud_applications         = ["GOOGLE_WEBMAIL", "WINDOWS_LIVE_HOTMAIL"]
  without_content_inspection = false
  match_only                 = false
  min_size                   = 20
  zscaler_incident_receiver  = true
}

resource "zia_dlp_web_rules" "subrule1" {
  name                       = "SubRule1"
  description                = "SubRule1"
  action                     = "ALLOW"
  state                      = "ENABLED"
  order                      = 1
  rank                       = 0
  protocols                  = ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"]
  cloud_applications         = ["GOOGLE_WEBMAIL", "WINDOWS_LIVE_HOTMAIL"]
  without_content_inspection = false
  match_only                 = false
  parent_rule = zia_dlp_web_rules.parent_rule.id
}

“Configuring Receiver For DLP Policy Rule”

resource "zia_dlp_web_rules" "with_receiver" {
  name                       = "Terraform_Test_with_Receiver"
  description                = "DLP rule with receiver configuration"
  action                     = "ALLOW"
  state                      = "ENABLED"
  order                      = 1
  rank                       = 0
  protocols                  = [
    "WEBSOCKETSSL_RULE",
    "WEBSOCKET_RULE",
    "FTP_RULE",
    "HTTPS_RULE",
    "HTTP_RULE"
  ]
  severity = "RULE_SEVERITY_HIGH"

  # Basic receiver configuration with just ID
  receiver {
    id = "23136553"
  }
}

Configure Cloud To Cloud Forwarding

# Retrieve Cloud-to-Cloud Incident Receiver (C2CIR) information
data "zia_dlp_cloud_to_cloud_ir" "this" {
  name = "AzureTenant01"
}

# Output the retrieved C2CIR information for reference
output "zia_dlp_cloud_to_cloud_ir" {
  value = data.zia_dlp_cloud_to_cloud_ir.this
}

resource "zia_dlp_web_rules" "this" {
  name                       = "Terraform_Test_policy_prod_tf"
  description                = "Terraform_Test_policy_prod_tf"
  action                     = "ALLOW"
  state                      = "ENABLED"
  order                      = 1
  rank                       = 0
  protocols                  = [
        "WEBSOCKETSSL_RULE",
        "WEBSOCKET_RULE",
        "FTP_RULE",
        "HTTPS_RULE",
        "HTTP_RULE"
    ]
  severity = "RULE_SEVERITY_HIGH"

  # Configure receiver using values from the C2CIR data source
  receiver {
    id   = tostring(data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].tenant_authorization_info[0].smir_bucket_config[0].id)
    name = data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].tenant_authorization_info[0].smir_bucket_config[0].config_name
    type = data.zia_dlp_cloud_to_cloud_ir.this.onboardable_entity[0].type
    tenant {
      id   = tostring(data.zia_dlp_cloud_to_cloud_ir.this.id)
      name = data.zia_dlp_cloud_to_cloud_ir.this.name
    }
  }
}

Note: The receiver configuration uses values from the C2CIR data source:

id: Uses the SMIR bucket configuration ID (converted to string)
name: Uses the SMIR bucket configuration name
type: Uses the onboardable entity type (e.g., “C2CIR”)
tenant.id: Uses the C2CIR tenant ID (converted to string)
tenant.name: Uses the C2CIR tenant name

Create DLPWebRules Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new DLPWebRules(name: string, args: DLPWebRulesArgs, opts?: CustomResourceOptions);

@overload
def DLPWebRules(resource_name: str,
                args: DLPWebRulesArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def DLPWebRules(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                order: Optional[int] = None,
                location_groups: Optional[DLPWebRulesLocationGroupsArgs] = None,
                match_only: Optional[bool] = None,
                min_size: Optional[int] = None,
                description: Optional[str] = None,
                dlp_download_scan_enabled: Optional[bool] = None,
                dlp_engines: Optional[DLPWebRulesDlpEnginesArgs] = None,
                eun_template_id: Optional[int] = None,
                excluded_departments: Optional[DLPWebRulesExcludedDepartmentsArgs] = None,
                excluded_domain_profiles: Optional[DLPWebRulesExcludedDomainProfilesArgs] = None,
                excluded_groups: Optional[DLPWebRulesExcludedGroupsArgs] = None,
                excluded_users: Optional[DLPWebRulesExcludedUsersArgs] = None,
                external_auditor_email: Optional[str] = None,
                file_type_categories: Optional[DLPWebRulesFileTypeCategoriesArgs] = None,
                file_types: Optional[Sequence[str]] = None,
                groups: Optional[DLPWebRulesGroupsArgs] = None,
                icap_servers: Optional[Sequence[DLPWebRulesIcapServerArgs]] = None,
                included_domain_profiles: Optional[DLPWebRulesIncludedDomainProfilesArgs] = None,
                inspect_http_get_enabled: Optional[bool] = None,
                labels: Optional[DLPWebRulesLabelsArgs] = None,
                action: Optional[str] = None,
                cloud_applications: Optional[Sequence[str]] = None,
                locations: Optional[DLPWebRulesLocationsArgs] = None,
                departments: Optional[DLPWebRulesDepartmentsArgs] = None,
                name: Optional[str] = None,
                notification_templates: Optional[Sequence[DLPWebRulesNotificationTemplateArgs]] = None,
                auditors: Optional[Sequence[DLPWebRulesAuditorArgs]] = None,
                parent_rule: Optional[int] = None,
                protocols: Optional[Sequence[str]] = None,
                rank: Optional[int] = None,
                receiver: Optional[DLPWebRulesReceiverArgs] = None,
                severity: Optional[str] = None,
                source_ip_groups: Optional[DLPWebRulesSourceIpGroupsArgs] = None,
                state: Optional[str] = None,
                sub_rules: Optional[Sequence[str]] = None,
                time_windows: Optional[DLPWebRulesTimeWindowsArgs] = None,
                url_categories: Optional[DLPWebRulesUrlCategoriesArgs] = None,
                user_risk_score_levels: Optional[Sequence[str]] = None,
                users: Optional[DLPWebRulesUsersArgs] = None,
                without_content_inspection: Optional[bool] = None,
                workload_groups: Optional[Sequence[DLPWebRulesWorkloadGroupArgs]] = None,
                zcc_notifications_enabled: Optional[bool] = None,
                zscaler_incident_receiver: Optional[bool] = None)

func NewDLPWebRules(ctx *Context, name string, args DLPWebRulesArgs, opts ...ResourceOption) (*DLPWebRules, error)

public DLPWebRules(string name, DLPWebRulesArgs args, CustomResourceOptions? opts = null)

public DLPWebRules(String name, DLPWebRulesArgs args)
public DLPWebRules(String name, DLPWebRulesArgs args, CustomResourceOptions options)

type: zia:DLPWebRules
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args DLPWebRulesArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DLPWebRulesArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DLPWebRulesArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DLPWebRulesArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DLPWebRulesArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var dlpwebRulesResource = new Zia.DLPWebRules("dlpwebRulesResource", new()
{
    Order = 0,
    LocationGroups = new Zia.Inputs.DLPWebRulesLocationGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    MatchOnly = false,
    MinSize = 0,
    Description = "string",
    DlpDownloadScanEnabled = false,
    DlpEngines = new Zia.Inputs.DLPWebRulesDlpEnginesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    EunTemplateId = 0,
    ExcludedDepartments = new Zia.Inputs.DLPWebRulesExcludedDepartmentsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExcludedDomainProfiles = new Zia.Inputs.DLPWebRulesExcludedDomainProfilesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExcludedGroups = new Zia.Inputs.DLPWebRulesExcludedGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExcludedUsers = new Zia.Inputs.DLPWebRulesExcludedUsersArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    ExternalAuditorEmail = "string",
    FileTypeCategories = new Zia.Inputs.DLPWebRulesFileTypeCategoriesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    FileTypes = new[]
    {
        "string",
    },
    Groups = new Zia.Inputs.DLPWebRulesGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    IcapServers = new[]
    {
        new Zia.Inputs.DLPWebRulesIcapServerArgs
        {
            Id = 0,
        },
    },
    IncludedDomainProfiles = new Zia.Inputs.DLPWebRulesIncludedDomainProfilesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    InspectHttpGetEnabled = false,
    Labels = new Zia.Inputs.DLPWebRulesLabelsArgs
    {
        Id = 0,
    },
    Action = "string",
    CloudApplications = new[]
    {
        "string",
    },
    Locations = new Zia.Inputs.DLPWebRulesLocationsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Departments = new Zia.Inputs.DLPWebRulesDepartmentsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    Name = "string",
    NotificationTemplates = new[]
    {
        new Zia.Inputs.DLPWebRulesNotificationTemplateArgs
        {
            Id = 0,
        },
    },
    Auditors = new[]
    {
        new Zia.Inputs.DLPWebRulesAuditorArgs
        {
            Id = 0,
        },
    },
    ParentRule = 0,
    Protocols = new[]
    {
        "string",
    },
    Rank = 0,
    Receiver = new Zia.Inputs.DLPWebRulesReceiverArgs
    {
        Id = "string",
        Name = "string",
        Tenant = new Zia.Inputs.DLPWebRulesReceiverTenantArgs
        {
            Id = "string",
            Name = "string",
        },
        Type = "string",
    },
    Severity = "string",
    SourceIpGroups = new Zia.Inputs.DLPWebRulesSourceIpGroupsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    State = "string",
    SubRules = new[]
    {
        "string",
    },
    TimeWindows = new Zia.Inputs.DLPWebRulesTimeWindowsArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    UrlCategories = new Zia.Inputs.DLPWebRulesUrlCategoriesArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    UserRiskScoreLevels = new[]
    {
        "string",
    },
    Users = new Zia.Inputs.DLPWebRulesUsersArgs
    {
        Ids = new[]
        {
            0,
        },
    },
    WithoutContentInspection = false,
    WorkloadGroups = new[]
    {
        new Zia.Inputs.DLPWebRulesWorkloadGroupArgs
        {
            Id = 0,
            Name = "string",
        },
    },
    ZccNotificationsEnabled = false,
    ZscalerIncidentReceiver = false,
});

example, err := zia.NewDLPWebRules(ctx, "dlpwebRulesResource", &zia.DLPWebRulesArgs{
	Order: pulumi.Int(0),
	LocationGroups: &zia.DLPWebRulesLocationGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	MatchOnly:              pulumi.Bool(false),
	MinSize:                pulumi.Int(0),
	Description:            pulumi.String("string"),
	DlpDownloadScanEnabled: pulumi.Bool(false),
	DlpEngines: &zia.DLPWebRulesDlpEnginesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	EunTemplateId: pulumi.Int(0),
	ExcludedDepartments: &zia.DLPWebRulesExcludedDepartmentsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExcludedDomainProfiles: &zia.DLPWebRulesExcludedDomainProfilesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExcludedGroups: &zia.DLPWebRulesExcludedGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExcludedUsers: &zia.DLPWebRulesExcludedUsersArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	ExternalAuditorEmail: pulumi.String("string"),
	FileTypeCategories: &zia.DLPWebRulesFileTypeCategoriesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	FileTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Groups: &zia.DLPWebRulesGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	IcapServers: zia.DLPWebRulesIcapServerArray{
		&zia.DLPWebRulesIcapServerArgs{
			Id: pulumi.Int(0),
		},
	},
	IncludedDomainProfiles: &zia.DLPWebRulesIncludedDomainProfilesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	InspectHttpGetEnabled: pulumi.Bool(false),
	Labels: &zia.DLPWebRulesLabelsArgs{
		Id: pulumi.Int(0),
	},
	Action: pulumi.String("string"),
	CloudApplications: pulumi.StringArray{
		pulumi.String("string"),
	},
	Locations: &zia.DLPWebRulesLocationsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Departments: &zia.DLPWebRulesDepartmentsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	Name: pulumi.String("string"),
	NotificationTemplates: zia.DLPWebRulesNotificationTemplateArray{
		&zia.DLPWebRulesNotificationTemplateArgs{
			Id: pulumi.Int(0),
		},
	},
	Auditors: zia.DLPWebRulesAuditorArray{
		&zia.DLPWebRulesAuditorArgs{
			Id: pulumi.Int(0),
		},
	},
	ParentRule: pulumi.Int(0),
	Protocols: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rank: pulumi.Int(0),
	Receiver: &zia.DLPWebRulesReceiverArgs{
		Id:   pulumi.String("string"),
		Name: pulumi.String("string"),
		Tenant: &zia.DLPWebRulesReceiverTenantArgs{
			Id:   pulumi.String("string"),
			Name: pulumi.String("string"),
		},
		Type: pulumi.String("string"),
	},
	Severity: pulumi.String("string"),
	SourceIpGroups: &zia.DLPWebRulesSourceIpGroupsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	State: pulumi.String("string"),
	SubRules: pulumi.StringArray{
		pulumi.String("string"),
	},
	TimeWindows: &zia.DLPWebRulesTimeWindowsArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	UrlCategories: &zia.DLPWebRulesUrlCategoriesArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	UserRiskScoreLevels: pulumi.StringArray{
		pulumi.String("string"),
	},
	Users: &zia.DLPWebRulesUsersArgs{
		Ids: pulumi.IntArray{
			pulumi.Int(0),
		},
	},
	WithoutContentInspection: pulumi.Bool(false),
	WorkloadGroups: zia.DLPWebRulesWorkloadGroupArray{
		&zia.DLPWebRulesWorkloadGroupArgs{
			Id:   pulumi.Int(0),
			Name: pulumi.String("string"),
		},
	},
	ZccNotificationsEnabled: pulumi.Bool(false),
	ZscalerIncidentReceiver: pulumi.Bool(false),
})

var dlpwebRulesResource = new DLPWebRules("dlpwebRulesResource", DLPWebRulesArgs.builder()
    .order(0)
    .locationGroups(DLPWebRulesLocationGroupsArgs.builder()
        .ids(0)
        .build())
    .matchOnly(false)
    .minSize(0)
    .description("string")
    .dlpDownloadScanEnabled(false)
    .dlpEngines(DLPWebRulesDlpEnginesArgs.builder()
        .ids(0)
        .build())
    .eunTemplateId(0)
    .excludedDepartments(DLPWebRulesExcludedDepartmentsArgs.builder()
        .ids(0)
        .build())
    .excludedDomainProfiles(DLPWebRulesExcludedDomainProfilesArgs.builder()
        .ids(0)
        .build())
    .excludedGroups(DLPWebRulesExcludedGroupsArgs.builder()
        .ids(0)
        .build())
    .excludedUsers(DLPWebRulesExcludedUsersArgs.builder()
        .ids(0)
        .build())
    .externalAuditorEmail("string")
    .fileTypeCategories(DLPWebRulesFileTypeCategoriesArgs.builder()
        .ids(0)
        .build())
    .fileTypes("string")
    .groups(DLPWebRulesGroupsArgs.builder()
        .ids(0)
        .build())
    .icapServers(DLPWebRulesIcapServerArgs.builder()
        .id(0)
        .build())
    .includedDomainProfiles(DLPWebRulesIncludedDomainProfilesArgs.builder()
        .ids(0)
        .build())
    .inspectHttpGetEnabled(false)
    .labels(DLPWebRulesLabelsArgs.builder()
        .id(0)
        .build())
    .action("string")
    .cloudApplications("string")
    .locations(DLPWebRulesLocationsArgs.builder()
        .ids(0)
        .build())
    .departments(DLPWebRulesDepartmentsArgs.builder()
        .ids(0)
        .build())
    .name("string")
    .notificationTemplates(DLPWebRulesNotificationTemplateArgs.builder()
        .id(0)
        .build())
    .auditors(DLPWebRulesAuditorArgs.builder()
        .id(0)
        .build())
    .parentRule(0)
    .protocols("string")
    .rank(0)
    .receiver(DLPWebRulesReceiverArgs.builder()
        .id("string")
        .name("string")
        .tenant(DLPWebRulesReceiverTenantArgs.builder()
            .id("string")
            .name("string")
            .build())
        .type("string")
        .build())
    .severity("string")
    .sourceIpGroups(DLPWebRulesSourceIpGroupsArgs.builder()
        .ids(0)
        .build())
    .state("string")
    .subRules("string")
    .timeWindows(DLPWebRulesTimeWindowsArgs.builder()
        .ids(0)
        .build())
    .urlCategories(DLPWebRulesUrlCategoriesArgs.builder()
        .ids(0)
        .build())
    .userRiskScoreLevels("string")
    .users(DLPWebRulesUsersArgs.builder()
        .ids(0)
        .build())
    .withoutContentInspection(false)
    .workloadGroups(DLPWebRulesWorkloadGroupArgs.builder()
        .id(0)
        .name("string")
        .build())
    .zccNotificationsEnabled(false)
    .zscalerIncidentReceiver(false)
    .build());

dlpweb_rules_resource = zia.DLPWebRules("dlpwebRulesResource",
    order=0,
    location_groups={
        "ids": [0],
    },
    match_only=False,
    min_size=0,
    description="string",
    dlp_download_scan_enabled=False,
    dlp_engines={
        "ids": [0],
    },
    eun_template_id=0,
    excluded_departments={
        "ids": [0],
    },
    excluded_domain_profiles={
        "ids": [0],
    },
    excluded_groups={
        "ids": [0],
    },
    excluded_users={
        "ids": [0],
    },
    external_auditor_email="string",
    file_type_categories={
        "ids": [0],
    },
    file_types=["string"],
    groups={
        "ids": [0],
    },
    icap_servers=[{
        "id": 0,
    }],
    included_domain_profiles={
        "ids": [0],
    },
    inspect_http_get_enabled=False,
    labels={
        "id": 0,
    },
    action="string",
    cloud_applications=["string"],
    locations={
        "ids": [0],
    },
    departments={
        "ids": [0],
    },
    name="string",
    notification_templates=[{
        "id": 0,
    }],
    auditors=[{
        "id": 0,
    }],
    parent_rule=0,
    protocols=["string"],
    rank=0,
    receiver={
        "id": "string",
        "name": "string",
        "tenant": {
            "id": "string",
            "name": "string",
        },
        "type": "string",
    },
    severity="string",
    source_ip_groups={
        "ids": [0],
    },
    state="string",
    sub_rules=["string"],
    time_windows={
        "ids": [0],
    },
    url_categories={
        "ids": [0],
    },
    user_risk_score_levels=["string"],
    users={
        "ids": [0],
    },
    without_content_inspection=False,
    workload_groups=[{
        "id": 0,
        "name": "string",
    }],
    zcc_notifications_enabled=False,
    zscaler_incident_receiver=False)

const dlpwebRulesResource = new zia.DLPWebRules("dlpwebRulesResource", {
    order: 0,
    locationGroups: {
        ids: [0],
    },
    matchOnly: false,
    minSize: 0,
    description: "string",
    dlpDownloadScanEnabled: false,
    dlpEngines: {
        ids: [0],
    },
    eunTemplateId: 0,
    excludedDepartments: {
        ids: [0],
    },
    excludedDomainProfiles: {
        ids: [0],
    },
    excludedGroups: {
        ids: [0],
    },
    excludedUsers: {
        ids: [0],
    },
    externalAuditorEmail: "string",
    fileTypeCategories: {
        ids: [0],
    },
    fileTypes: ["string"],
    groups: {
        ids: [0],
    },
    icapServers: [{
        id: 0,
    }],
    includedDomainProfiles: {
        ids: [0],
    },
    inspectHttpGetEnabled: false,
    labels: {
        id: 0,
    },
    action: "string",
    cloudApplications: ["string"],
    locations: {
        ids: [0],
    },
    departments: {
        ids: [0],
    },
    name: "string",
    notificationTemplates: [{
        id: 0,
    }],
    auditors: [{
        id: 0,
    }],
    parentRule: 0,
    protocols: ["string"],
    rank: 0,
    receiver: {
        id: "string",
        name: "string",
        tenant: {
            id: "string",
            name: "string",
        },
        type: "string",
    },
    severity: "string",
    sourceIpGroups: {
        ids: [0],
    },
    state: "string",
    subRules: ["string"],
    timeWindows: {
        ids: [0],
    },
    urlCategories: {
        ids: [0],
    },
    userRiskScoreLevels: ["string"],
    users: {
        ids: [0],
    },
    withoutContentInspection: false,
    workloadGroups: [{
        id: 0,
        name: "string",
    }],
    zccNotificationsEnabled: false,
    zscalerIncidentReceiver: false,
});

type: zia:DLPWebRules
properties:
    action: string
    auditors:
        - id: 0
    cloudApplications:
        - string
    departments:
        ids:
            - 0
    description: string
    dlpDownloadScanEnabled: false
    dlpEngines:
        ids:
            - 0
    eunTemplateId: 0
    excludedDepartments:
        ids:
            - 0
    excludedDomainProfiles:
        ids:
            - 0
    excludedGroups:
        ids:
            - 0
    excludedUsers:
        ids:
            - 0
    externalAuditorEmail: string
    fileTypeCategories:
        ids:
            - 0
    fileTypes:
        - string
    groups:
        ids:
            - 0
    icapServers:
        - id: 0
    includedDomainProfiles:
        ids:
            - 0
    inspectHttpGetEnabled: false
    labels:
        id: 0
    locationGroups:
        ids:
            - 0
    locations:
        ids:
            - 0
    matchOnly: false
    minSize: 0
    name: string
    notificationTemplates:
        - id: 0
    order: 0
    parentRule: 0
    protocols:
        - string
    rank: 0
    receiver:
        id: string
        name: string
        tenant:
            id: string
            name: string
        type: string
    severity: string
    sourceIpGroups:
        ids:
            - 0
    state: string
    subRules:
        - string
    timeWindows:
        ids:
            - 0
    urlCategories:
        ids:
            - 0
    userRiskScoreLevels:
        - string
    users:
        ids:
            - 0
    withoutContentInspection: false
    workloadGroups:
        - id: 0
          name: string
    zccNotificationsEnabled: false
    zscalerIncidentReceiver: false

DLPWebRules Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The DLPWebRules resource accepts the following input properties:

Order int: The rule order of execution for the DLP policy rule with respect to other rules.
Action string: The action taken when traffic matches the DLP policy rule criteria.
Auditors List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesAuditor>: The auditor to which the DLP policy rule must be applied
CloudApplications List<string>: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
Departments zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesDepartments: The Name-ID pairs of departments to which the DLP policy rule must be applied
Description string: The description of the DLP policy rule.
DlpDownloadScanEnabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
DlpEngines zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesDlpEngines: The list of DLP engines to which the DLP policy rule must be applied
EunTemplateId int: The EUN template ID associated with the rule
ExcludedDepartments zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedDepartments: The Name-ID pairs of departments which the DLP policy rule must exclude
ExcludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedDomainProfiles: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
ExcludedGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedGroups: The Name-ID pairs of groups which the DLP policy rule must exclude
ExcludedUsers zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedUsers: The Name-ID pairs of users which the DLP policy rule must exclude
ExternalAuditorEmail string: The email address of an external auditor to whom DLP email notifications are sent
FileTypeCategories zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesFileTypeCategories: The list of file types to which the rule applies
FileTypes List<string>: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
Groups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesGroups: The Name-ID pairs of groups to which the DLP policy rule must be applied
IcapServers List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesIcapServer>: The DLP server, using ICAP, to which the transaction content is forwarded
IncludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesIncludedDomainProfiles: The Name-ID pairs of domain profiiles which the DLP policy rule must include
InspectHttpGetEnabled bool
Labels zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLabels: list of Labels that are applicable to the rule
LocationGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLocationGroups: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
Locations zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLocations: The Name-ID pairs of locations to which the DLP policy rule must be applied
MatchOnly bool: The match only criteria for DLP engines.
MinSize int: The minimum file size (in KB) used for evaluation of the DLP policy rule.
Name string: The DLP policy rule name.
NotificationTemplates List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesNotificationTemplate>: The template used for DLP notification emails
ParentRule int: The unique identifier of the parent rule under which an exception rule is added
Protocols List<string>: The protocol criteria specified for the DLP policy rule.
Rank int: Admin rank of the admin who creates this rule
Receiver zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesReceiver: The receiver information for the DLP policy rule
Severity string: Indicates the severity selected for the DLP rule violation
SourceIpGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesSourceIpGroups: list of source ip groups
State string: Enables or disables the DLP policy rule.
SubRules List<string>: The list of exception rules added to a parent rule
TimeWindows zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesTimeWindows: list of source ip groups
UrlCategories zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesUrlCategories: The list of URL categories to which the DLP policy rule must be applied
UserRiskScoreLevels List<string>
Users zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesUsers: The Name-ID pairs of users to which the DLP policy rule must be applied
WithoutContentInspection bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
WorkloadGroups List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesWorkloadGroup>: The list of preconfigured workload groups to which the policy must be applied
ZccNotificationsEnabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
ZscalerIncidentReceiver bool: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

Order int: The rule order of execution for the DLP policy rule with respect to other rules.
Action string: The action taken when traffic matches the DLP policy rule criteria.
Auditors []DLPWebRulesAuditorArgs: The auditor to which the DLP policy rule must be applied
CloudApplications []string: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
Departments DLPWebRulesDepartmentsArgs: The Name-ID pairs of departments to which the DLP policy rule must be applied
Description string: The description of the DLP policy rule.
DlpDownloadScanEnabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
DlpEngines DLPWebRulesDlpEnginesArgs: The list of DLP engines to which the DLP policy rule must be applied
EunTemplateId int: The EUN template ID associated with the rule
ExcludedDepartments DLPWebRulesExcludedDepartmentsArgs: The Name-ID pairs of departments which the DLP policy rule must exclude
ExcludedDomainProfiles DLPWebRulesExcludedDomainProfilesArgs: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
ExcludedGroups DLPWebRulesExcludedGroupsArgs: The Name-ID pairs of groups which the DLP policy rule must exclude
ExcludedUsers DLPWebRulesExcludedUsersArgs: The Name-ID pairs of users which the DLP policy rule must exclude
ExternalAuditorEmail string: The email address of an external auditor to whom DLP email notifications are sent
FileTypeCategories DLPWebRulesFileTypeCategoriesArgs: The list of file types to which the rule applies
FileTypes []string: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
Groups DLPWebRulesGroupsArgs: The Name-ID pairs of groups to which the DLP policy rule must be applied
IcapServers []DLPWebRulesIcapServerArgs: The DLP server, using ICAP, to which the transaction content is forwarded
IncludedDomainProfiles DLPWebRulesIncludedDomainProfilesArgs: The Name-ID pairs of domain profiiles which the DLP policy rule must include
InspectHttpGetEnabled bool
Labels DLPWebRulesLabelsArgs: list of Labels that are applicable to the rule
LocationGroups DLPWebRulesLocationGroupsArgs: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
Locations DLPWebRulesLocationsArgs: The Name-ID pairs of locations to which the DLP policy rule must be applied
MatchOnly bool: The match only criteria for DLP engines.
MinSize int: The minimum file size (in KB) used for evaluation of the DLP policy rule.
Name string: The DLP policy rule name.
NotificationTemplates []DLPWebRulesNotificationTemplateArgs: The template used for DLP notification emails
ParentRule int: The unique identifier of the parent rule under which an exception rule is added
Protocols []string: The protocol criteria specified for the DLP policy rule.
Rank int: Admin rank of the admin who creates this rule
Receiver DLPWebRulesReceiverArgs: The receiver information for the DLP policy rule
Severity string: Indicates the severity selected for the DLP rule violation
SourceIpGroups DLPWebRulesSourceIpGroupsArgs: list of source ip groups
State string: Enables or disables the DLP policy rule.
SubRules []string: The list of exception rules added to a parent rule
TimeWindows DLPWebRulesTimeWindowsArgs: list of source ip groups
UrlCategories DLPWebRulesUrlCategoriesArgs: The list of URL categories to which the DLP policy rule must be applied
UserRiskScoreLevels []string
Users DLPWebRulesUsersArgs: The Name-ID pairs of users to which the DLP policy rule must be applied
WithoutContentInspection bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
WorkloadGroups []DLPWebRulesWorkloadGroupArgs: The list of preconfigured workload groups to which the policy must be applied
ZccNotificationsEnabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
ZscalerIncidentReceiver bool: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

order Integer: The rule order of execution for the DLP policy rule with respect to other rules.
action String: The action taken when traffic matches the DLP policy rule criteria.
auditors List<DLPWebRulesAuditor>: The auditor to which the DLP policy rule must be applied
cloudApplications List<String>: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
departments DLPWebRulesDepartments: The Name-ID pairs of departments to which the DLP policy rule must be applied
description String: The description of the DLP policy rule.
dlpDownloadScanEnabled Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
dlpEngines DLPWebRulesDlpEngines: The list of DLP engines to which the DLP policy rule must be applied
eunTemplateId Integer: The EUN template ID associated with the rule
excludedDepartments DLPWebRulesExcludedDepartments: The Name-ID pairs of departments which the DLP policy rule must exclude
excludedDomainProfiles DLPWebRulesExcludedDomainProfiles: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
excludedGroups DLPWebRulesExcludedGroups: The Name-ID pairs of groups which the DLP policy rule must exclude
excludedUsers DLPWebRulesExcludedUsers: The Name-ID pairs of users which the DLP policy rule must exclude
externalAuditorEmail String: The email address of an external auditor to whom DLP email notifications are sent
fileTypeCategories DLPWebRulesFileTypeCategories: The list of file types to which the rule applies
fileTypes List<String>: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
groups DLPWebRulesGroups: The Name-ID pairs of groups to which the DLP policy rule must be applied
icapServers List<DLPWebRulesIcapServer>: The DLP server, using ICAP, to which the transaction content is forwarded
includedDomainProfiles DLPWebRulesIncludedDomainProfiles: The Name-ID pairs of domain profiiles which the DLP policy rule must include
inspectHttpGetEnabled Boolean
labels DLPWebRulesLabels: list of Labels that are applicable to the rule
locationGroups DLPWebRulesLocationGroups: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
locations DLPWebRulesLocations: The Name-ID pairs of locations to which the DLP policy rule must be applied
matchOnly Boolean: The match only criteria for DLP engines.
minSize Integer: The minimum file size (in KB) used for evaluation of the DLP policy rule.
name String: The DLP policy rule name.
notificationTemplates List<DLPWebRulesNotificationTemplate>: The template used for DLP notification emails
parentRule Integer: The unique identifier of the parent rule under which an exception rule is added
protocols List<String>: The protocol criteria specified for the DLP policy rule.
rank Integer: Admin rank of the admin who creates this rule
receiver DLPWebRulesReceiver: The receiver information for the DLP policy rule
severity String: Indicates the severity selected for the DLP rule violation
sourceIpGroups DLPWebRulesSourceIpGroups: list of source ip groups
state String: Enables or disables the DLP policy rule.
subRules List<String>: The list of exception rules added to a parent rule
timeWindows DLPWebRulesTimeWindows: list of source ip groups
urlCategories DLPWebRulesUrlCategories: The list of URL categories to which the DLP policy rule must be applied
userRiskScoreLevels List<String>
users DLPWebRulesUsers: The Name-ID pairs of users to which the DLP policy rule must be applied
withoutContentInspection Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
workloadGroups List<DLPWebRulesWorkloadGroup>: The list of preconfigured workload groups to which the policy must be applied
zccNotificationsEnabled Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
zscalerIncidentReceiver Boolean: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

order number: The rule order of execution for the DLP policy rule with respect to other rules.
action string: The action taken when traffic matches the DLP policy rule criteria.
auditors DLPWebRulesAuditor[]: The auditor to which the DLP policy rule must be applied
cloudApplications string[]: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
departments DLPWebRulesDepartments: The Name-ID pairs of departments to which the DLP policy rule must be applied
description string: The description of the DLP policy rule.
dlpDownloadScanEnabled boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
dlpEngines DLPWebRulesDlpEngines: The list of DLP engines to which the DLP policy rule must be applied
eunTemplateId number: The EUN template ID associated with the rule
excludedDepartments DLPWebRulesExcludedDepartments: The Name-ID pairs of departments which the DLP policy rule must exclude
excludedDomainProfiles DLPWebRulesExcludedDomainProfiles: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
excludedGroups DLPWebRulesExcludedGroups: The Name-ID pairs of groups which the DLP policy rule must exclude
excludedUsers DLPWebRulesExcludedUsers: The Name-ID pairs of users which the DLP policy rule must exclude
externalAuditorEmail string: The email address of an external auditor to whom DLP email notifications are sent
fileTypeCategories DLPWebRulesFileTypeCategories: The list of file types to which the rule applies
fileTypes string[]: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
groups DLPWebRulesGroups: The Name-ID pairs of groups to which the DLP policy rule must be applied
icapServers DLPWebRulesIcapServer[]: The DLP server, using ICAP, to which the transaction content is forwarded
includedDomainProfiles DLPWebRulesIncludedDomainProfiles: The Name-ID pairs of domain profiiles which the DLP policy rule must include
inspectHttpGetEnabled boolean
labels DLPWebRulesLabels: list of Labels that are applicable to the rule
locationGroups DLPWebRulesLocationGroups: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
locations DLPWebRulesLocations: The Name-ID pairs of locations to which the DLP policy rule must be applied
matchOnly boolean: The match only criteria for DLP engines.
minSize number: The minimum file size (in KB) used for evaluation of the DLP policy rule.
name string: The DLP policy rule name.
notificationTemplates DLPWebRulesNotificationTemplate[]: The template used for DLP notification emails
parentRule number: The unique identifier of the parent rule under which an exception rule is added
protocols string[]: The protocol criteria specified for the DLP policy rule.
rank number: Admin rank of the admin who creates this rule
receiver DLPWebRulesReceiver: The receiver information for the DLP policy rule
severity string: Indicates the severity selected for the DLP rule violation
sourceIpGroups DLPWebRulesSourceIpGroups: list of source ip groups
state string: Enables or disables the DLP policy rule.
subRules string[]: The list of exception rules added to a parent rule
timeWindows DLPWebRulesTimeWindows: list of source ip groups
urlCategories DLPWebRulesUrlCategories: The list of URL categories to which the DLP policy rule must be applied
userRiskScoreLevels string[]
users DLPWebRulesUsers: The Name-ID pairs of users to which the DLP policy rule must be applied
withoutContentInspection boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
workloadGroups DLPWebRulesWorkloadGroup[]: The list of preconfigured workload groups to which the policy must be applied
zccNotificationsEnabled boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
zscalerIncidentReceiver boolean: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

order int: The rule order of execution for the DLP policy rule with respect to other rules.
action str: The action taken when traffic matches the DLP policy rule criteria.
auditors Sequence[DLPWebRulesAuditorArgs]: The auditor to which the DLP policy rule must be applied
cloud_applications Sequence[str]: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
departments DLPWebRulesDepartmentsArgs: The Name-ID pairs of departments to which the DLP policy rule must be applied
description str: The description of the DLP policy rule.
dlp_download_scan_enabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
dlp_engines DLPWebRulesDlpEnginesArgs: The list of DLP engines to which the DLP policy rule must be applied
eun_template_id int: The EUN template ID associated with the rule
excluded_departments DLPWebRulesExcludedDepartmentsArgs: The Name-ID pairs of departments which the DLP policy rule must exclude
excluded_domain_profiles DLPWebRulesExcludedDomainProfilesArgs: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
excluded_groups DLPWebRulesExcludedGroupsArgs: The Name-ID pairs of groups which the DLP policy rule must exclude
excluded_users DLPWebRulesExcludedUsersArgs: The Name-ID pairs of users which the DLP policy rule must exclude
external_auditor_email str: The email address of an external auditor to whom DLP email notifications are sent
file_type_categories DLPWebRulesFileTypeCategoriesArgs: The list of file types to which the rule applies
file_types Sequence[str]: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
groups DLPWebRulesGroupsArgs: The Name-ID pairs of groups to which the DLP policy rule must be applied
icap_servers Sequence[DLPWebRulesIcapServerArgs]: The DLP server, using ICAP, to which the transaction content is forwarded
included_domain_profiles DLPWebRulesIncludedDomainProfilesArgs: The Name-ID pairs of domain profiiles which the DLP policy rule must include
inspect_http_get_enabled bool
labels DLPWebRulesLabelsArgs: list of Labels that are applicable to the rule
location_groups DLPWebRulesLocationGroupsArgs: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
locations DLPWebRulesLocationsArgs: The Name-ID pairs of locations to which the DLP policy rule must be applied
match_only bool: The match only criteria for DLP engines.
min_size int: The minimum file size (in KB) used for evaluation of the DLP policy rule.
name str: The DLP policy rule name.
notification_templates Sequence[DLPWebRulesNotificationTemplateArgs]: The template used for DLP notification emails
parent_rule int: The unique identifier of the parent rule under which an exception rule is added
protocols Sequence[str]: The protocol criteria specified for the DLP policy rule.
rank int: Admin rank of the admin who creates this rule
receiver DLPWebRulesReceiverArgs: The receiver information for the DLP policy rule
severity str: Indicates the severity selected for the DLP rule violation
source_ip_groups DLPWebRulesSourceIpGroupsArgs: list of source ip groups
state str: Enables or disables the DLP policy rule.
sub_rules Sequence[str]: The list of exception rules added to a parent rule
time_windows DLPWebRulesTimeWindowsArgs: list of source ip groups
url_categories DLPWebRulesUrlCategoriesArgs: The list of URL categories to which the DLP policy rule must be applied
user_risk_score_levels Sequence[str]
users DLPWebRulesUsersArgs: The Name-ID pairs of users to which the DLP policy rule must be applied
without_content_inspection bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
workload_groups Sequence[DLPWebRulesWorkloadGroupArgs]: The list of preconfigured workload groups to which the policy must be applied
zcc_notifications_enabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
zscaler_incident_receiver bool: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

order Number: The rule order of execution for the DLP policy rule with respect to other rules.
action String: The action taken when traffic matches the DLP policy rule criteria.
auditors List<Property Map>: The auditor to which the DLP policy rule must be applied
cloudApplications List<String>: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
departments Property Map: The Name-ID pairs of departments to which the DLP policy rule must be applied
description String: The description of the DLP policy rule.
dlpDownloadScanEnabled Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
dlpEngines Property Map: The list of DLP engines to which the DLP policy rule must be applied
eunTemplateId Number: The EUN template ID associated with the rule
excludedDepartments Property Map: The Name-ID pairs of departments which the DLP policy rule must exclude
excludedDomainProfiles Property Map: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
excludedGroups Property Map: The Name-ID pairs of groups which the DLP policy rule must exclude
excludedUsers Property Map: The Name-ID pairs of users which the DLP policy rule must exclude
externalAuditorEmail String: The email address of an external auditor to whom DLP email notifications are sent
fileTypeCategories Property Map: The list of file types to which the rule applies
fileTypes List<String>: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
groups Property Map: The Name-ID pairs of groups to which the DLP policy rule must be applied
icapServers List<Property Map>: The DLP server, using ICAP, to which the transaction content is forwarded
includedDomainProfiles Property Map: The Name-ID pairs of domain profiiles which the DLP policy rule must include
inspectHttpGetEnabled Boolean
labels Property Map: list of Labels that are applicable to the rule
locationGroups Property Map: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
locations Property Map: The Name-ID pairs of locations to which the DLP policy rule must be applied
matchOnly Boolean: The match only criteria for DLP engines.
minSize Number: The minimum file size (in KB) used for evaluation of the DLP policy rule.
name String: The DLP policy rule name.
notificationTemplates List<Property Map>: The template used for DLP notification emails
parentRule Number: The unique identifier of the parent rule under which an exception rule is added
protocols List<String>: The protocol criteria specified for the DLP policy rule.
rank Number: Admin rank of the admin who creates this rule
receiver Property Map: The receiver information for the DLP policy rule
severity String: Indicates the severity selected for the DLP rule violation
sourceIpGroups Property Map: list of source ip groups
state String: Enables or disables the DLP policy rule.
subRules List<String>: The list of exception rules added to a parent rule
timeWindows Property Map: list of source ip groups
urlCategories Property Map: The list of URL categories to which the DLP policy rule must be applied
userRiskScoreLevels List<String>
users Property Map: The Name-ID pairs of users to which the DLP policy rule must be applied
withoutContentInspection Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
workloadGroups List<Property Map>: The list of preconfigured workload groups to which the policy must be applied
zccNotificationsEnabled Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
zscalerIncidentReceiver Boolean: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

Outputs

All input properties are implicitly available as output properties. Additionally, the DLPWebRules resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

Id string: The provider-assigned unique ID for this managed resource.
RuleId int

id String: The provider-assigned unique ID for this managed resource.
ruleId Integer

id string: The provider-assigned unique ID for this managed resource.
ruleId number

id str: The provider-assigned unique ID for this managed resource.
rule_id int

id String: The provider-assigned unique ID for this managed resource.
ruleId Number

Look up Existing DLPWebRules Resource

Get an existing DLPWebRules resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DLPWebRulesState, opts?: CustomResourceOptions): DLPWebRules

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        auditors: Optional[Sequence[DLPWebRulesAuditorArgs]] = None,
        cloud_applications: Optional[Sequence[str]] = None,
        departments: Optional[DLPWebRulesDepartmentsArgs] = None,
        description: Optional[str] = None,
        dlp_download_scan_enabled: Optional[bool] = None,
        dlp_engines: Optional[DLPWebRulesDlpEnginesArgs] = None,
        eun_template_id: Optional[int] = None,
        excluded_departments: Optional[DLPWebRulesExcludedDepartmentsArgs] = None,
        excluded_domain_profiles: Optional[DLPWebRulesExcludedDomainProfilesArgs] = None,
        excluded_groups: Optional[DLPWebRulesExcludedGroupsArgs] = None,
        excluded_users: Optional[DLPWebRulesExcludedUsersArgs] = None,
        external_auditor_email: Optional[str] = None,
        file_type_categories: Optional[DLPWebRulesFileTypeCategoriesArgs] = None,
        file_types: Optional[Sequence[str]] = None,
        groups: Optional[DLPWebRulesGroupsArgs] = None,
        icap_servers: Optional[Sequence[DLPWebRulesIcapServerArgs]] = None,
        included_domain_profiles: Optional[DLPWebRulesIncludedDomainProfilesArgs] = None,
        inspect_http_get_enabled: Optional[bool] = None,
        labels: Optional[DLPWebRulesLabelsArgs] = None,
        location_groups: Optional[DLPWebRulesLocationGroupsArgs] = None,
        locations: Optional[DLPWebRulesLocationsArgs] = None,
        match_only: Optional[bool] = None,
        min_size: Optional[int] = None,
        name: Optional[str] = None,
        notification_templates: Optional[Sequence[DLPWebRulesNotificationTemplateArgs]] = None,
        order: Optional[int] = None,
        parent_rule: Optional[int] = None,
        protocols: Optional[Sequence[str]] = None,
        rank: Optional[int] = None,
        receiver: Optional[DLPWebRulesReceiverArgs] = None,
        rule_id: Optional[int] = None,
        severity: Optional[str] = None,
        source_ip_groups: Optional[DLPWebRulesSourceIpGroupsArgs] = None,
        state: Optional[str] = None,
        sub_rules: Optional[Sequence[str]] = None,
        time_windows: Optional[DLPWebRulesTimeWindowsArgs] = None,
        url_categories: Optional[DLPWebRulesUrlCategoriesArgs] = None,
        user_risk_score_levels: Optional[Sequence[str]] = None,
        users: Optional[DLPWebRulesUsersArgs] = None,
        without_content_inspection: Optional[bool] = None,
        workload_groups: Optional[Sequence[DLPWebRulesWorkloadGroupArgs]] = None,
        zcc_notifications_enabled: Optional[bool] = None,
        zscaler_incident_receiver: Optional[bool] = None) -> DLPWebRules

func GetDLPWebRules(ctx *Context, name string, id IDInput, state *DLPWebRulesState, opts ...ResourceOption) (*DLPWebRules, error)

public static DLPWebRules Get(string name, Input<string> id, DLPWebRulesState? state, CustomResourceOptions? opts = null)

public static DLPWebRules get(String name, Output<String> id, DLPWebRulesState state, CustomResourceOptions options)

resources:  _:    type: zia:DLPWebRules    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: The action taken when traffic matches the DLP policy rule criteria.
Auditors List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesAuditor>: The auditor to which the DLP policy rule must be applied
CloudApplications List<string>: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
Departments zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesDepartments: The Name-ID pairs of departments to which the DLP policy rule must be applied
Description string: The description of the DLP policy rule.
DlpDownloadScanEnabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
DlpEngines zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesDlpEngines: The list of DLP engines to which the DLP policy rule must be applied
EunTemplateId int: The EUN template ID associated with the rule
ExcludedDepartments zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedDepartments: The Name-ID pairs of departments which the DLP policy rule must exclude
ExcludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedDomainProfiles: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
ExcludedGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedGroups: The Name-ID pairs of groups which the DLP policy rule must exclude
ExcludedUsers zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesExcludedUsers: The Name-ID pairs of users which the DLP policy rule must exclude
ExternalAuditorEmail string: The email address of an external auditor to whom DLP email notifications are sent
FileTypeCategories zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesFileTypeCategories: The list of file types to which the rule applies
FileTypes List<string>: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
Groups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesGroups: The Name-ID pairs of groups to which the DLP policy rule must be applied
IcapServers List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesIcapServer>: The DLP server, using ICAP, to which the transaction content is forwarded
IncludedDomainProfiles zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesIncludedDomainProfiles: The Name-ID pairs of domain profiiles which the DLP policy rule must include
InspectHttpGetEnabled bool
Labels zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLabels: list of Labels that are applicable to the rule
LocationGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLocationGroups: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
Locations zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesLocations: The Name-ID pairs of locations to which the DLP policy rule must be applied
MatchOnly bool: The match only criteria for DLP engines.
MinSize int: The minimum file size (in KB) used for evaluation of the DLP policy rule.
Name string: The DLP policy rule name.
NotificationTemplates List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesNotificationTemplate>: The template used for DLP notification emails
Order int: The rule order of execution for the DLP policy rule with respect to other rules.
ParentRule int: The unique identifier of the parent rule under which an exception rule is added
Protocols List<string>: The protocol criteria specified for the DLP policy rule.
Rank int: Admin rank of the admin who creates this rule
Receiver zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesReceiver: The receiver information for the DLP policy rule
RuleId int
Severity string: Indicates the severity selected for the DLP rule violation
SourceIpGroups zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesSourceIpGroups: list of source ip groups
State string: Enables or disables the DLP policy rule.
SubRules List<string>: The list of exception rules added to a parent rule
TimeWindows zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesTimeWindows: list of source ip groups
UrlCategories zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesUrlCategories: The list of URL categories to which the DLP policy rule must be applied
UserRiskScoreLevels List<string>
Users zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesUsers: The Name-ID pairs of users to which the DLP policy rule must be applied
WithoutContentInspection bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
WorkloadGroups List<zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesWorkloadGroup>: The list of preconfigured workload groups to which the policy must be applied
ZccNotificationsEnabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
ZscalerIncidentReceiver bool: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

Action string: The action taken when traffic matches the DLP policy rule criteria.
Auditors []DLPWebRulesAuditorArgs: The auditor to which the DLP policy rule must be applied
CloudApplications []string: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
Departments DLPWebRulesDepartmentsArgs: The Name-ID pairs of departments to which the DLP policy rule must be applied
Description string: The description of the DLP policy rule.
DlpDownloadScanEnabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
DlpEngines DLPWebRulesDlpEnginesArgs: The list of DLP engines to which the DLP policy rule must be applied
EunTemplateId int: The EUN template ID associated with the rule
ExcludedDepartments DLPWebRulesExcludedDepartmentsArgs: The Name-ID pairs of departments which the DLP policy rule must exclude
ExcludedDomainProfiles DLPWebRulesExcludedDomainProfilesArgs: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
ExcludedGroups DLPWebRulesExcludedGroupsArgs: The Name-ID pairs of groups which the DLP policy rule must exclude
ExcludedUsers DLPWebRulesExcludedUsersArgs: The Name-ID pairs of users which the DLP policy rule must exclude
ExternalAuditorEmail string: The email address of an external auditor to whom DLP email notifications are sent
FileTypeCategories DLPWebRulesFileTypeCategoriesArgs: The list of file types to which the rule applies
FileTypes []string: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
Groups DLPWebRulesGroupsArgs: The Name-ID pairs of groups to which the DLP policy rule must be applied
IcapServers []DLPWebRulesIcapServerArgs: The DLP server, using ICAP, to which the transaction content is forwarded
IncludedDomainProfiles DLPWebRulesIncludedDomainProfilesArgs: The Name-ID pairs of domain profiiles which the DLP policy rule must include
InspectHttpGetEnabled bool
Labels DLPWebRulesLabelsArgs: list of Labels that are applicable to the rule
LocationGroups DLPWebRulesLocationGroupsArgs: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
Locations DLPWebRulesLocationsArgs: The Name-ID pairs of locations to which the DLP policy rule must be applied
MatchOnly bool: The match only criteria for DLP engines.
MinSize int: The minimum file size (in KB) used for evaluation of the DLP policy rule.
Name string: The DLP policy rule name.
NotificationTemplates []DLPWebRulesNotificationTemplateArgs: The template used for DLP notification emails
Order int: The rule order of execution for the DLP policy rule with respect to other rules.
ParentRule int: The unique identifier of the parent rule under which an exception rule is added
Protocols []string: The protocol criteria specified for the DLP policy rule.
Rank int: Admin rank of the admin who creates this rule
Receiver DLPWebRulesReceiverArgs: The receiver information for the DLP policy rule
RuleId int
Severity string: Indicates the severity selected for the DLP rule violation
SourceIpGroups DLPWebRulesSourceIpGroupsArgs: list of source ip groups
State string: Enables or disables the DLP policy rule.
SubRules []string: The list of exception rules added to a parent rule
TimeWindows DLPWebRulesTimeWindowsArgs: list of source ip groups
UrlCategories DLPWebRulesUrlCategoriesArgs: The list of URL categories to which the DLP policy rule must be applied
UserRiskScoreLevels []string
Users DLPWebRulesUsersArgs: The Name-ID pairs of users to which the DLP policy rule must be applied
WithoutContentInspection bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
WorkloadGroups []DLPWebRulesWorkloadGroupArgs: The list of preconfigured workload groups to which the policy must be applied
ZccNotificationsEnabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
ZscalerIncidentReceiver bool: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

action String: The action taken when traffic matches the DLP policy rule criteria.
auditors List<DLPWebRulesAuditor>: The auditor to which the DLP policy rule must be applied
cloudApplications List<String>: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
departments DLPWebRulesDepartments: The Name-ID pairs of departments to which the DLP policy rule must be applied
description String: The description of the DLP policy rule.
dlpDownloadScanEnabled Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
dlpEngines DLPWebRulesDlpEngines: The list of DLP engines to which the DLP policy rule must be applied
eunTemplateId Integer: The EUN template ID associated with the rule
excludedDepartments DLPWebRulesExcludedDepartments: The Name-ID pairs of departments which the DLP policy rule must exclude
excludedDomainProfiles DLPWebRulesExcludedDomainProfiles: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
excludedGroups DLPWebRulesExcludedGroups: The Name-ID pairs of groups which the DLP policy rule must exclude
excludedUsers DLPWebRulesExcludedUsers: The Name-ID pairs of users which the DLP policy rule must exclude
externalAuditorEmail String: The email address of an external auditor to whom DLP email notifications are sent
fileTypeCategories DLPWebRulesFileTypeCategories: The list of file types to which the rule applies
fileTypes List<String>: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
groups DLPWebRulesGroups: The Name-ID pairs of groups to which the DLP policy rule must be applied
icapServers List<DLPWebRulesIcapServer>: The DLP server, using ICAP, to which the transaction content is forwarded
includedDomainProfiles DLPWebRulesIncludedDomainProfiles: The Name-ID pairs of domain profiiles which the DLP policy rule must include
inspectHttpGetEnabled Boolean
labels DLPWebRulesLabels: list of Labels that are applicable to the rule
locationGroups DLPWebRulesLocationGroups: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
locations DLPWebRulesLocations: The Name-ID pairs of locations to which the DLP policy rule must be applied
matchOnly Boolean: The match only criteria for DLP engines.
minSize Integer: The minimum file size (in KB) used for evaluation of the DLP policy rule.
name String: The DLP policy rule name.
notificationTemplates List<DLPWebRulesNotificationTemplate>: The template used for DLP notification emails
order Integer: The rule order of execution for the DLP policy rule with respect to other rules.
parentRule Integer: The unique identifier of the parent rule under which an exception rule is added
protocols List<String>: The protocol criteria specified for the DLP policy rule.
rank Integer: Admin rank of the admin who creates this rule
receiver DLPWebRulesReceiver: The receiver information for the DLP policy rule
ruleId Integer
severity String: Indicates the severity selected for the DLP rule violation
sourceIpGroups DLPWebRulesSourceIpGroups: list of source ip groups
state String: Enables or disables the DLP policy rule.
subRules List<String>: The list of exception rules added to a parent rule
timeWindows DLPWebRulesTimeWindows: list of source ip groups
urlCategories DLPWebRulesUrlCategories: The list of URL categories to which the DLP policy rule must be applied
userRiskScoreLevels List<String>
users DLPWebRulesUsers: The Name-ID pairs of users to which the DLP policy rule must be applied
withoutContentInspection Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
workloadGroups List<DLPWebRulesWorkloadGroup>: The list of preconfigured workload groups to which the policy must be applied
zccNotificationsEnabled Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
zscalerIncidentReceiver Boolean: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

action string: The action taken when traffic matches the DLP policy rule criteria.
auditors DLPWebRulesAuditor[]: The auditor to which the DLP policy rule must be applied
cloudApplications string[]: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
departments DLPWebRulesDepartments: The Name-ID pairs of departments to which the DLP policy rule must be applied
description string: The description of the DLP policy rule.
dlpDownloadScanEnabled boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
dlpEngines DLPWebRulesDlpEngines: The list of DLP engines to which the DLP policy rule must be applied
eunTemplateId number: The EUN template ID associated with the rule
excludedDepartments DLPWebRulesExcludedDepartments: The Name-ID pairs of departments which the DLP policy rule must exclude
excludedDomainProfiles DLPWebRulesExcludedDomainProfiles: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
excludedGroups DLPWebRulesExcludedGroups: The Name-ID pairs of groups which the DLP policy rule must exclude
excludedUsers DLPWebRulesExcludedUsers: The Name-ID pairs of users which the DLP policy rule must exclude
externalAuditorEmail string: The email address of an external auditor to whom DLP email notifications are sent
fileTypeCategories DLPWebRulesFileTypeCategories: The list of file types to which the rule applies
fileTypes string[]: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
groups DLPWebRulesGroups: The Name-ID pairs of groups to which the DLP policy rule must be applied
icapServers DLPWebRulesIcapServer[]: The DLP server, using ICAP, to which the transaction content is forwarded
includedDomainProfiles DLPWebRulesIncludedDomainProfiles: The Name-ID pairs of domain profiiles which the DLP policy rule must include
inspectHttpGetEnabled boolean
labels DLPWebRulesLabels: list of Labels that are applicable to the rule
locationGroups DLPWebRulesLocationGroups: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
locations DLPWebRulesLocations: The Name-ID pairs of locations to which the DLP policy rule must be applied
matchOnly boolean: The match only criteria for DLP engines.
minSize number: The minimum file size (in KB) used for evaluation of the DLP policy rule.
name string: The DLP policy rule name.
notificationTemplates DLPWebRulesNotificationTemplate[]: The template used for DLP notification emails
order number: The rule order of execution for the DLP policy rule with respect to other rules.
parentRule number: The unique identifier of the parent rule under which an exception rule is added
protocols string[]: The protocol criteria specified for the DLP policy rule.
rank number: Admin rank of the admin who creates this rule
receiver DLPWebRulesReceiver: The receiver information for the DLP policy rule
ruleId number
severity string: Indicates the severity selected for the DLP rule violation
sourceIpGroups DLPWebRulesSourceIpGroups: list of source ip groups
state string: Enables or disables the DLP policy rule.
subRules string[]: The list of exception rules added to a parent rule
timeWindows DLPWebRulesTimeWindows: list of source ip groups
urlCategories DLPWebRulesUrlCategories: The list of URL categories to which the DLP policy rule must be applied
userRiskScoreLevels string[]
users DLPWebRulesUsers: The Name-ID pairs of users to which the DLP policy rule must be applied
withoutContentInspection boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
workloadGroups DLPWebRulesWorkloadGroup[]: The list of preconfigured workload groups to which the policy must be applied
zccNotificationsEnabled boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
zscalerIncidentReceiver boolean: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

action str: The action taken when traffic matches the DLP policy rule criteria.
auditors Sequence[DLPWebRulesAuditorArgs]: The auditor to which the DLP policy rule must be applied
cloud_applications Sequence[str]: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
departments DLPWebRulesDepartmentsArgs: The Name-ID pairs of departments to which the DLP policy rule must be applied
description str: The description of the DLP policy rule.
dlp_download_scan_enabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
dlp_engines DLPWebRulesDlpEnginesArgs: The list of DLP engines to which the DLP policy rule must be applied
eun_template_id int: The EUN template ID associated with the rule
excluded_departments DLPWebRulesExcludedDepartmentsArgs: The Name-ID pairs of departments which the DLP policy rule must exclude
excluded_domain_profiles DLPWebRulesExcludedDomainProfilesArgs: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
excluded_groups DLPWebRulesExcludedGroupsArgs: The Name-ID pairs of groups which the DLP policy rule must exclude
excluded_users DLPWebRulesExcludedUsersArgs: The Name-ID pairs of users which the DLP policy rule must exclude
external_auditor_email str: The email address of an external auditor to whom DLP email notifications are sent
file_type_categories DLPWebRulesFileTypeCategoriesArgs: The list of file types to which the rule applies
file_types Sequence[str]: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
groups DLPWebRulesGroupsArgs: The Name-ID pairs of groups to which the DLP policy rule must be applied
icap_servers Sequence[DLPWebRulesIcapServerArgs]: The DLP server, using ICAP, to which the transaction content is forwarded
included_domain_profiles DLPWebRulesIncludedDomainProfilesArgs: The Name-ID pairs of domain profiiles which the DLP policy rule must include
inspect_http_get_enabled bool
labels DLPWebRulesLabelsArgs: list of Labels that are applicable to the rule
location_groups DLPWebRulesLocationGroupsArgs: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
locations DLPWebRulesLocationsArgs: The Name-ID pairs of locations to which the DLP policy rule must be applied
match_only bool: The match only criteria for DLP engines.
min_size int: The minimum file size (in KB) used for evaluation of the DLP policy rule.
name str: The DLP policy rule name.
notification_templates Sequence[DLPWebRulesNotificationTemplateArgs]: The template used for DLP notification emails
order int: The rule order of execution for the DLP policy rule with respect to other rules.
parent_rule int: The unique identifier of the parent rule under which an exception rule is added
protocols Sequence[str]: The protocol criteria specified for the DLP policy rule.
rank int: Admin rank of the admin who creates this rule
receiver DLPWebRulesReceiverArgs: The receiver information for the DLP policy rule
rule_id int
severity str: Indicates the severity selected for the DLP rule violation
source_ip_groups DLPWebRulesSourceIpGroupsArgs: list of source ip groups
state str: Enables or disables the DLP policy rule.
sub_rules Sequence[str]: The list of exception rules added to a parent rule
time_windows DLPWebRulesTimeWindowsArgs: list of source ip groups
url_categories DLPWebRulesUrlCategoriesArgs: The list of URL categories to which the DLP policy rule must be applied
user_risk_score_levels Sequence[str]
users DLPWebRulesUsersArgs: The Name-ID pairs of users to which the DLP policy rule must be applied
without_content_inspection bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
workload_groups Sequence[DLPWebRulesWorkloadGroupArgs]: The list of preconfigured workload groups to which the policy must be applied
zcc_notifications_enabled bool: Indicates a DLP policy rule without content inspection, when the value is set to true.
zscaler_incident_receiver bool: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

action String: The action taken when traffic matches the DLP policy rule criteria.
auditors List<Property Map>: The auditor to which the DLP policy rule must be applied
cloudApplications List<String>: The list of cloud applications to which the DLP policy rule must be applied Use the data source zia.getCloudApplications to get the list of available cloud applications: https://registry.terraform.io/providers/zscaler/zia/latest/docs/data-sources/zia_cloud_applications
departments Property Map: The Name-ID pairs of departments to which the DLP policy rule must be applied
description String: The description of the DLP policy rule.
dlpDownloadScanEnabled Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
dlpEngines Property Map: The list of DLP engines to which the DLP policy rule must be applied
eunTemplateId Number: The EUN template ID associated with the rule
excludedDepartments Property Map: The Name-ID pairs of departments which the DLP policy rule must exclude
excludedDomainProfiles Property Map: The Name-ID pairs of domain profiles to which the DLP policy rule must exclude
excludedGroups Property Map: The Name-ID pairs of groups which the DLP policy rule must exclude
excludedUsers Property Map: The Name-ID pairs of users which the DLP policy rule must exclude
externalAuditorEmail String: The email address of an external auditor to whom DLP email notifications are sent
fileTypeCategories Property Map: The list of file types to which the rule applies
fileTypes List<String>: The list of file types for which the DLP policy rule must be applied, See the Web DLP Rules API for the list of available File types: https://help.zscaler.com/zia/data-loss-prevention#/webDlpRules-get
groups Property Map: The Name-ID pairs of groups to which the DLP policy rule must be applied
icapServers List<Property Map>: The DLP server, using ICAP, to which the transaction content is forwarded
includedDomainProfiles Property Map: The Name-ID pairs of domain profiiles which the DLP policy rule must include
inspectHttpGetEnabled Boolean
labels Property Map: list of Labels that are applicable to the rule
locationGroups Property Map: The Name-ID pairs of locations groups to which the DLP policy rule must be applied
locations Property Map: The Name-ID pairs of locations to which the DLP policy rule must be applied
matchOnly Boolean: The match only criteria for DLP engines.
minSize Number: The minimum file size (in KB) used for evaluation of the DLP policy rule.
name String: The DLP policy rule name.
notificationTemplates List<Property Map>: The template used for DLP notification emails
order Number: The rule order of execution for the DLP policy rule with respect to other rules.
parentRule Number: The unique identifier of the parent rule under which an exception rule is added
protocols List<String>: The protocol criteria specified for the DLP policy rule.
rank Number: Admin rank of the admin who creates this rule
receiver Property Map: The receiver information for the DLP policy rule
ruleId Number
severity String: Indicates the severity selected for the DLP rule violation
sourceIpGroups Property Map: list of source ip groups
state String: Enables or disables the DLP policy rule.
subRules List<String>: The list of exception rules added to a parent rule
timeWindows Property Map: list of source ip groups
urlCategories Property Map: The list of URL categories to which the DLP policy rule must be applied
userRiskScoreLevels List<String>
users Property Map: The Name-ID pairs of users to which the DLP policy rule must be applied
withoutContentInspection Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
workloadGroups List<Property Map>: The list of preconfigured workload groups to which the policy must be applied
zccNotificationsEnabled Boolean: Indicates a DLP policy rule without content inspection, when the value is set to true.
zscalerIncidentReceiver Boolean: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule

Supporting Types

DLPWebRulesAuditor, DLPWebRulesAuditorArgs

Id int

Id int

id Integer

id number

id int

id Number

DLPWebRulesDepartments, DLPWebRulesDepartmentsArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesDlpEngines, DLPWebRulesDlpEnginesArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesExcludedDepartments, DLPWebRulesExcludedDepartmentsArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesExcludedDomainProfiles, DLPWebRulesExcludedDomainProfilesArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesExcludedGroups, DLPWebRulesExcludedGroupsArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesExcludedUsers, DLPWebRulesExcludedUsersArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesFileTypeCategories, DLPWebRulesFileTypeCategoriesArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesGroups, DLPWebRulesGroupsArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesIcapServer, DLPWebRulesIcapServerArgs

Id int

Id int

id Integer

id number

id int

id Number

DLPWebRulesIncludedDomainProfiles, DLPWebRulesIncludedDomainProfilesArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesLabels, DLPWebRulesLabelsArgs

Id int

Id int

id Integer

id number

id int

id Number

DLPWebRulesLocationGroups, DLPWebRulesLocationGroupsArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesLocations, DLPWebRulesLocationsArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesNotificationTemplate, DLPWebRulesNotificationTemplateArgs

Id int

Id int

id Integer

id number

id int

id Number

DLPWebRulesReceiver, DLPWebRulesReceiverArgs

Id string: Unique identifier for the receiver
Name string: Name of the receiver
Tenant zscaler.PulumiPackage.Zia.Inputs.DLPWebRulesReceiverTenant: Tenant information for the receiver
Type string: Type of the receiver

Id string: Unique identifier for the receiver
Name string: Name of the receiver
Tenant DLPWebRulesReceiverTenant: Tenant information for the receiver
Type string: Type of the receiver

id String: Unique identifier for the receiver
name String: Name of the receiver
tenant DLPWebRulesReceiverTenant: Tenant information for the receiver
type String: Type of the receiver

id string: Unique identifier for the receiver
name string: Name of the receiver
tenant DLPWebRulesReceiverTenant: Tenant information for the receiver
type string: Type of the receiver

id str: Unique identifier for the receiver
name str: Name of the receiver
tenant DLPWebRulesReceiverTenant: Tenant information for the receiver
type str: Type of the receiver

id String: Unique identifier for the receiver
name String: Name of the receiver
tenant Property Map: Tenant information for the receiver
type String: Type of the receiver

DLPWebRulesReceiverTenant, DLPWebRulesReceiverTenantArgs

Id string: Unique identifier for the tenant
Name string: Name of the tenant

Id string: Unique identifier for the tenant
Name string: Name of the tenant

id String: Unique identifier for the tenant
name String: Name of the tenant

id string: Unique identifier for the tenant
name string: Name of the tenant

id str: Unique identifier for the tenant
name str: Name of the tenant

id String: Unique identifier for the tenant
name String: Name of the tenant

DLPWebRulesSourceIpGroups, DLPWebRulesSourceIpGroupsArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesTimeWindows, DLPWebRulesTimeWindowsArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesUrlCategories, DLPWebRulesUrlCategoriesArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesUsers, DLPWebRulesUsersArgs

Ids List<int>

Ids []int

ids List<Integer>

ids number[]

ids Sequence[int]

ids List<Number>

DLPWebRulesWorkloadGroup, DLPWebRulesWorkloadGroupArgs

Id int: The unique identifier for the resource.
Name string: The name of the resource.

Id int: The unique identifier for the resource.
Name string: The name of the resource.

id Integer: The unique identifier for the resource.
name String: The name of the resource.

id number: The unique identifier for the resource.
name string: The name of the resource.

id int: The unique identifier for the resource.
name str: The name of the resource.

id Number: The unique identifier for the resource.
name String: The name of the resource.

Import

Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language. Visit

zia_dlp_web_rules can be imported by using <RULE ID> or <RULE NAME> as the import ID.

For example:

$ pulumi import zia:index/dLPWebRules:DLPWebRules example <rule_id>

$ pulumi import zia:index/dLPWebRules:DLPWebRules example <rule_name>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: zia zscaler/pulumi-zia
License: MIT
Notes: This Pulumi package is based on the zia Terraform Provider.

Zscaler Internet Access v1.2.0 published on Friday, Feb 20, 2026 by Zscaler

Schema (JSON)

zscaler/pulumi-zia

zia.DLPWebRules

On this page

On this page

Example Usage

“FTCATEGORY_ALL_OUTBOUND” File Type"

“FTCATEGORY_ALL_OUTBOUND” File Type - New"

“Specify Incident Receiver Setting”

“Creating Parent Rules And SubRules”

“Configuring Receiver For DLP Policy Rule”

Configure Cloud To Cloud Forwarding

Create DLPWebRules Resource

Constructor syntax

Parameters

Constructor example

DLPWebRules Resource Properties

Inputs

Outputs

Look up Existing DLPWebRules Resource

Supporting Types

DLPWebRulesAuditor, DLPWebRulesAuditorArgs

DLPWebRulesDepartments, DLPWebRulesDepartmentsArgs

DLPWebRulesDlpEngines, DLPWebRulesDlpEnginesArgs

DLPWebRulesExcludedDepartments, DLPWebRulesExcludedDepartmentsArgs

DLPWebRulesExcludedDomainProfiles, DLPWebRulesExcludedDomainProfilesArgs

DLPWebRulesExcludedGroups, DLPWebRulesExcludedGroupsArgs

DLPWebRulesExcludedUsers, DLPWebRulesExcludedUsersArgs

DLPWebRulesFileTypeCategories, DLPWebRulesFileTypeCategoriesArgs

DLPWebRulesGroups, DLPWebRulesGroupsArgs

DLPWebRulesIcapServer, DLPWebRulesIcapServerArgs

DLPWebRulesIncludedDomainProfiles, DLPWebRulesIncludedDomainProfilesArgs

DLPWebRulesLabels, DLPWebRulesLabelsArgs

DLPWebRulesLocationGroups, DLPWebRulesLocationGroupsArgs

DLPWebRulesLocations, DLPWebRulesLocationsArgs

DLPWebRulesNotificationTemplate, DLPWebRulesNotificationTemplateArgs

DLPWebRulesReceiver, DLPWebRulesReceiverArgs

DLPWebRulesReceiverTenant, DLPWebRulesReceiverTenantArgs

DLPWebRulesSourceIpGroups, DLPWebRulesSourceIpGroupsArgs

DLPWebRulesTimeWindows, DLPWebRulesTimeWindowsArgs

DLPWebRulesUrlCategories, DLPWebRulesUrlCategoriesArgs

DLPWebRulesUsers, DLPWebRulesUsersArgs

DLPWebRulesWorkloadGroup, DLPWebRulesWorkloadGroupArgs

Import

Package Details

On this page

On this page