diff --git a/sysdig/data_source_sysdig_secure_managed_policy_test.go b/sysdig/data_source_sysdig_secure_managed_policy_test.go
index a8b30ff8..96e10552 100644
--- a/sysdig/data_source_sysdig_secure_managed_policy_test.go
+++ b/sysdig/data_source_sysdig_secure_managed_policy_test.go
@@ -1,4 +1,4 @@
-//go:build tf_acc_sysdig || tf_acc_sysdig_secure
+//go:build tf_acc_sysdig || tf_acc_sysdig_secure || tf_acc_policies
 
 package sysdig_test
 
diff --git a/sysdig/data_source_sysdig_secure_managed_ruleset.go b/sysdig/data_source_sysdig_secure_managed_ruleset.go
new file mode 100644
index 00000000..f480ba9a
--- /dev/null
+++ b/sysdig/data_source_sysdig_secure_managed_ruleset.go
@@ -0,0 +1,63 @@
+package sysdig
+
+import (
+	"context"
+	"time"
+
+	v2 "github.com/draios/terraform-provider-sysdig/sysdig/internal/client/v2"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceSysdigSecureManagedRuleset() *schema.Resource {
+	timeout := 5 * time.Minute
+
+	return &schema.Resource{
+		ReadContext: dataSourceSysdigManagedRulesetRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(timeout),
+		},
+
+		Schema: createPolicyDataSourceSchema(),
+	}
+}
+
+func dataSourceSysdigManagedRulesetRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client, err := getSecurePolicyClient(meta.(SysdigClients))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	policyName := d.Get("name").(string)
+	policyType := d.Get("type").(string)
+
+	policies, _, err := client.GetPolicies(ctx)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	var policy v2.Policy
+	for _, existingPolicy := range policies {
+		if existingPolicy.Name == policyName && existingPolicy.Type == policyType {
+			if existingPolicy.IsDefault || existingPolicy.TemplateId == 0 {
+				return diag.Errorf("policy is not a managed ruleset")
+			}
+			policy = existingPolicy
+			break
+		}
+	}
+
+	if policy.ID == 0 {
+		return diag.Errorf("unable to find managed ruleset")
+	}
+
+	loadedPolicy, _, err := client.GetPolicyByID(ctx, policy.ID)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	policyDataSourceToResourceData(loadedPolicy, d)
+
+	return nil
+}
diff --git a/sysdig/data_source_sysdig_secure_managed_ruleset_test.go b/sysdig/data_source_sysdig_secure_managed_ruleset_test.go
new file mode 100644
index 00000000..8dbf1921
--- /dev/null
+++ b/sysdig/data_source_sysdig_secure_managed_ruleset_test.go
@@ -0,0 +1,57 @@
+//go:build tf_acc_sysdig || tf_acc_sysdig_secure || tf_acc_policies
+
+package sysdig_test
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/draios/terraform-provider-sysdig/sysdig"
+)
+
+func TestAccManagedRulesetDataSource(t *testing.T) {
+	rText := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			if v := os.Getenv("SYSDIG_SECURE_API_TOKEN"); v == "" {
+				t.Fatal("SYSDIG_SECURE_API_TOKEN must be set for acceptance tests")
+			}
+		},
+		ProviderFactories: map[string]func() (*schema.Provider, error){
+			"sysdig": func() (*schema.Provider, error) {
+				return sysdig.Provider(), nil
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: managedRulesetDataSource(rText),
+			},
+		},
+	})
+}
+
+func managedRulesetDataSource(name string) string {
+	return fmt.Sprintf(`
+resource "sysdig_secure_managed_ruleset" "sample" {
+	name = "%s"
+	description = "Test Description"
+	inherited_from {
+		name = "Sysdig Runtime Threat Detection"
+		type = "falco"
+	}
+	enabled = true
+}
+
+data "sysdig_secure_managed_ruleset" "example" {
+	depends_on = [sysdig_secure_managed_ruleset.sample]
+	name = "%s"
+	type = "falco"
+}
+`, name, name)
+}
diff --git a/sysdig/data_source_sysdig_secure_policy.go b/sysdig/data_source_sysdig_secure_policy.go
index 334314fb..6ab0c8f3 100644
--- a/sysdig/data_source_sysdig_secure_policy.go
+++ b/sysdig/data_source_sysdig_secure_policy.go
@@ -127,7 +127,6 @@ func policyDataSourceToResourceData(policy v2.Policy, d *schema.ResourceData) {
 		if action.Type != "POLICY_ACTION_CAPTURE" {
 			action := strings.Replace(action.Type, "POLICY_ACTION_", "", 1)
 			actions[0]["container"] = strings.ToLower(action)
-			//d.Set("actions.0.container", strings.ToLower(action))
 		} else {
 			actions[0]["capture"] = []map[string]interface{}{{
 				"seconds_after_event":  action.AfterEventNs / 1000000000,
diff --git a/sysdig/provider.go b/sysdig/provider.go
index 99511468..4a3fef80 100644
--- a/sysdig/provider.go
+++ b/sysdig/provider.go
@@ -127,6 +127,7 @@ func Provider() *schema.Provider {
 			"sysdig_secure_trusted_cloud_identity": dataSourceSysdigSecureTrustedCloudIdentity(),
 			"sysdig_secure_notification_channel":   dataSourceSysdigSecureNotificationChannel(),
 			"sysdig_secure_managed_policy":         dataSourceSysdigSecureManagedPolicy(),
+			"sysdig_secure_managed_ruleset":        dataSourceSysdigSecureManagedRuleset(),
 
 			"sysdig_current_user":      dataSourceSysdigCurrentUser(),
 			"sysdig_user":              dataSourceSysdigUser(),
diff --git a/website/docs/d/secure_managed_policy.md b/website/docs/d/secure_managed_policy.md
index 80a8eba2..ff113369 100644
--- a/website/docs/d/secure_managed_policy.md
+++ b/website/docs/d/secure_managed_policy.md
@@ -15,7 +15,7 @@ Retrieves the information of an existing Sysdig Secure Managed Policy.
 ## Example Usage
 
 ```terraform
-data "sysdig_secure_notification_channel" "sample-email" {
+data "sysdig_secure_managed_policy" "example" {
   name                 = "Sysdig Runtime Threat Detection"
   type                 = "falco"
 }
diff --git a/website/docs/d/secure_managed_ruleset.md b/website/docs/d/secure_managed_ruleset.md
new file mode 100644
index 00000000..b30dff2b
--- /dev/null
+++ b/website/docs/d/secure_managed_ruleset.md
@@ -0,0 +1,66 @@
+---
+subcategory: "Sysdig Secure"
+layout: "sysdig"
+page_title: "Sysdig: sysdig_secure_managed_ruleset"
+description: |-
+  Retrieves a Sysdig Secure Managed Ruleset.
+---
+
+# sysdig_secure_managed_ruleset
+
+Retrieves the information of an existing Sysdig Secure Managed Ruleset.
+
+-> **Note:** Sysdig Terraform Provider is under rapid development at this point. If you experience any issue or discrepancy while using it, please make sure you have the latest version. If the issue persists, or you have a Feature Request to support an additional set of resources, please open a [new issue](https://github.com/sysdiglabs/terraform-provider-sysdig/issues/new) in the GitHub repository.
+
+## Example Usage
+
+```terraform
+data "sysdig_secure_managed_ruleset" "example" {
+  name                 = "Sysdig Runtime Threat Detection - Managed Ruleset"
+  type                 = "falco"
+}
+```
+
+## Argument Reference
+
+* `name` - (Required) The name of the Secure managed ruleset.
+
+* `type` - (Optional) Specifies the type of the runtime policy. Must be one of: `falco`, `list_matching`, `k8s_audit`,
+  `aws_cloudtrail`, `gcp_auditlog`, `azure_platformlogs`. By default it is `falco`.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The id for the managed policy.
+
+* `description` - The description for the managed policy.
+
+* `severity` -  The severity of Secure policy. The accepted values
+    are: 0, 1, 2, 3 (High), 4, 5 (Medium), 6 (Low) and 7 (Info).
+
+* `enabled` - Whether the policy is enabled or not.
+
+* `runbook` - Customer provided url that provides a runbook for a given policy.
+
+* `scope` - The application scope for the policy.
+
+* `rules` - An array of rules with the properties `name` and `enabled` to identify the rule name and whether it is enabled.
+
+* `notification_channels` - IDs of the notification channels to send alerts to
+    when the policy is fired.
+
+### Actions block
+
+The actions block is optional and supports:
+
+* `container` - (Optional) The action applied to container when this Policy is
+    triggered. Can be *stop*, *pause* or *kill*. If this is not specified,
+    no action will be applied at the container level.
+
+* `capture` - (Optional) Captures with Sysdig the stream of system calls:
+    * `seconds_before_event` - (Required) Captures the system calls during the
+    amount of seconds before the policy was triggered.
+    * `seconds_after_event` - (Required) Captures the system calls for the amount
+    of seconds after the policy was triggered.
+    * `name` - (Optional) The name of the capture file