Security Monitoring - Related Suppressions for a Rule (DataDog#2638)

api-clients-generation-pipeline[bot] · ci.datadog-api-spec · web-flow · commit 82f6df5f1f56 · 2025-09-02T18:50:59.000Z
Co-authored-by: ci.datadog-api-spec &lt;packages@datadoghq.com&gt;
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -64757,6 +64757,65 @@ paths:
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
+  /api/v2/security_monitoring/configuration/suppressions/rules:
+    post:
+      description: Get the list of suppressions that would affect a rule.
+      operationId: GetSuppressionsAffectingFutureRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringSuppressionsResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_suppressions_read
+      summary: Get suppressions affecting future rule
+      tags:
+      - Security Monitoring
+  /api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}:
+    get:
+      description: Get the list of suppressions that affect a specific existing rule
+        by its ID.
+      operationId: GetSuppressionsAffectingRule
+      parameters:
+      - $ref: '#/components/parameters/SecurityMonitoringRuleID'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringSuppressionsResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_suppressions_read
+      summary: Get suppressions affecting a specific rule
+      tags:
+      - Security Monitoring
   /api/v2/security_monitoring/configuration/suppressions/{suppression_id}:
     delete:
       description: Delete a specific suppression rule.
diff --git a/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-a-specific-rule-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-a-specific-rule-returns-Not-Found-response.frozen
@@ -0,0 +1 @@
+2025-08-30T15:29:04.687Z
diff --git a/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-a-specific-rule-returns-Not-Found-response.yml b/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-a-specific-rule-returns-Not-Found-response.yml
diff --git a/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-a-specific-rule-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-a-specific-rule-returns-OK-response.frozen
@@ -0,0 +1 @@
+2025-08-30T11:40:50.061Z
diff --git a/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-a-specific-rule-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-a-specific-rule-returns-OK-response.yml
diff --git a/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-future-rule-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-future-rule-returns-Bad-Request-response.frozen
@@ -0,0 +1 @@
+2025-08-30T15:29:48.867Z
diff --git a/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-future-rule-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-future-rule-returns-Bad-Request-response.yml
diff --git a/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-future-rule-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-future-rule-returns-OK-response.frozen
@@ -0,0 +1 @@
+2025-08-30T15:30:01.229Z
diff --git a/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-future-rule-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Get-suppressions-affecting-future-rule-returns-OK-response.yml
diff --git a/examples/v2/security-monitoring/GetSuppressionsAffectingFutureRule.rb b/examples/v2/security-monitoring/GetSuppressionsAffectingFutureRule.rb
@@ -0,0 +1,36 @@
+# Get suppressions affecting future rule returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringStandardRuleCreatePayload.new({
+  name: "Example-Security-Monitoring",
+  queries: [
+    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
+      query: "@test:true",
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
+      group_by_fields: [],
+      distinct_fields: [],
+      metrics: [],
+    }),
+  ],
+  filters: [],
+  cases: [
+    DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
+      name: "",
+      status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
+      condition: "a > 0",
+      notifications: [],
+    }),
+  ],
+  options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
+    evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES,
+    keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR,
+    max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY,
+  }),
+  message: "Test rule",
+  tags: [],
+  is_enabled: true,
+  type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::LOG_DETECTION,
+})
+p api_instance.get_suppressions_affecting_future_rule(body)
diff --git a/examples/v2/security-monitoring/GetSuppressionsAffectingRule.rb b/examples/v2/security-monitoring/GetSuppressionsAffectingRule.rb
@@ -0,0 +1,8 @@
+# Get suppressions affecting a specific rule returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+# there is a valid "security_rule" in the system
+SECURITY_RULE_ID = ENV["SECURITY_RULE_ID"]
+p api_instance.get_suppressions_affecting_rule(SECURITY_RULE_ID)
diff --git a/features/scenarios_model_mapping.rb b/features/scenarios_model_mapping.rb
@@ -1354,6 +1354,12 @@
     "v2.CreateSecurityMonitoringSuppression" => {
             "body" => "SecurityMonitoringSuppressionCreateRequest",
     },
+    "v2.GetSuppressionsAffectingFutureRule" => {
+            "body" => "SecurityMonitoringRuleCreatePayload",
+    },
+    "v2.GetSuppressionsAffectingRule" => {
+            "rule_id" => "String",
+    },
     "v2.DeleteSecurityMonitoringSuppression" => {
             "suppression_id" => "String",
     },
diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature
@@ -822,6 +822,35 @@ Feature: Security Monitoring
     And the response "data.attributes.count" is equal to 1
     And the response "data.attributes.data[1].rule.name" has the same value as "security_rule.name"
 
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Get suppressions affecting a specific rule returns "Not Found" response
+    Given new "GetSuppressionsAffectingRule" request
+    And request contains "rule_id" parameter with value "aaa-bbb-ccc-ddd"
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Get suppressions affecting a specific rule returns "OK" response
+    Given new "GetSuppressionsAffectingRule" request
+    And there is a valid "security_rule" in the system
+    And request contains "rule_id" parameter from "security_rule.id"
+    When the request is sent
+    Then the response status is 200 OK
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Get suppressions affecting future rule returns "Bad Request" response
+    Given new "GetSuppressionsAffectingFutureRule" request
+    And body with value {"invalid_key":"invalid_value"}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Get suppressions affecting future rule returns "OK" response
+    Given new "GetSuppressionsAffectingFutureRule" request
+    And body from file "security_monitoring_future_rule_suppression_payload.json"
+    When the request is sent
+    Then the response status is 200 OK
+
   @team:DataDog/cloud-security-posture-management
   Scenario: Get the list of signal-based notification rules returns "The list of notification rules." response
     Given there is a valid "valid_signal_notification_rule" in the system
diff --git a/features/v2/security_monitoring_future_rule_suppression_payload.json b/features/v2/security_monitoring_future_rule_suppression_payload.json
@@ -0,0 +1,30 @@
+{
+  "name": "{{ unique }}",
+  "queries": [
+    {
+      "query": "@test:true",
+      "aggregation": "count",
+      "groupByFields": [],
+      "distinctFields": [],
+      "metrics": []
+    }
+  ],
+  "filters": [],
+  "cases": [
+    {
+      "name": "",
+      "status": "info",
+      "condition": "a > 0",
+      "notifications": []
+    }
+  ],
+  "options": {
+    "evaluationWindow": 900,
+    "keepAlive": 3600,
+    "maxSignalDuration": 86400
+  },
+  "message": "Test rule",
+  "tags": [],
+  "isEnabled": true,
+  "type": "log_detection"
+}
diff --git a/features/v2/undo.json b/features/v2/undo.json
@@ -3012,6 +3012,18 @@
       "type": "unsafe"
     }
   },
+  "GetSuppressionsAffectingFutureRule": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "safe"
+    }
+  },
+  "GetSuppressionsAffectingRule": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "DeleteSecurityMonitoringSuppression": {
     "tag": "Security Monitoring",
     "undo": {
diff --git a/lib/datadog_api_client/v2/api/security_monitoring_api.rb b/lib/datadog_api_client/v2/api/security_monitoring_api.rb
