Add data source for NG-SIEM Rules

[vova-bolotov]

Description

When creating custom SIEM correlation rules, the rules are automatically assigned to the admin user who created them. During Fal.Con Europe 2025, I learned that if this admin account is later deleted, all rules owned by that admin are also deleted, which can lead to unintended data loss and operational disruptions.

To prevent this, it would be beneficial to allow rules to be created and managed via Terraform, ensuring that ownership is not tied to an individual user.

API Scopes Required

• Correlation Rules Admin RIGHT
• Correlation Rules READ RIGHT

[wwebster-rr]

Seconding this, I was honestly surprised this was not announced as part of their "detection-as-code" announcement.

[cfitzgerald-pd]

+1, very important functionality especially as other siem providers have this