From f66b4cf0f1916a7f665960e2347ba95ab09cb744 Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Tue, 10 Dec 2024 13:52:56 +0000 Subject: [PATCH] Regenerate client from commit 4f71be94 of spec repo --- .apigentools-info | 8 ++-- .generator/schemas/v2/openapi.yaml | 4 ++ .../List-rules-returns-OK-response.frozen | 2 +- .../List-rules-returns-OK-response.yml | 44 +++++++++---------- ...-rule-s-details-returns-OK-response.frozen | 2 +- ...ion-rule-s-details-returns-OK-response.yml | 18 ++++---- ...n-existing-rule-returns-OK-response.frozen | 2 +- ...e-an-existing-rule-returns-OK-response.yml | 18 ++++---- ...urity_monitoring_standard_rule_response.rb | 12 ++++- 9 files changed, 62 insertions(+), 48 deletions(-) diff --git a/.apigentools-info b/.apigentools-info index 0e1b3978c480..6808f09f7db9 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2024-12-09 11:21:38.816823", - "spec_repo_commit": "21da0df3" + "regenerated": "2024-12-10 13:52:29.278222", + "spec_repo_commit": "4f71be94" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2024-12-09 11:21:38.838595", - "spec_repo_commit": "21da0df3" + "regenerated": "2024-12-10 13:52:29.297144", + "spec_repo_commit": "4f71be94" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 55d50bce8064..af3105008c24 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -22893,6 +22893,10 @@ components: description: User ID of the user who updated the rule. format: int64 type: integer + updatedAt: + description: The date the rule was last updated, in milliseconds. + format: int64 + type: integer version: description: The version of the rule. format: int64 diff --git a/cassettes/features/v2/security_monitoring/List-rules-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/List-rules-returns-OK-response.frozen index 7ffaef687a26..ecb6c1d899e5 100644 --- a/cassettes/features/v2/security_monitoring/List-rules-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/List-rules-returns-OK-response.frozen @@ -1 +1 @@ -2024-05-10T16:34:48.233Z \ No newline at end of file +2024-11-22T13:52:05.136Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/List-rules-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/List-rules-returns-OK-response.yml index 50dcabef71d7..af0e9059e8ea 100644 --- a/cassettes/features/v2/security_monitoring/List-rules-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/List-rules-returns-OK-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Fri, 10 May 2024 16:34:48 GMT +- recorded_at: Fri, 22 Nov 2024 13:52:05 GMT request: body: null headers: @@ -10,8 +10,8 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"data":[{"id":"def-000-vc2","version":5,"name":"''Blob public access'' - should be disabled for storage accounts with blob containers","createdAt":1681395797603,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_storage_account","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_storage_account","validationQuery":"","complianceFrameworks":[{"framework":"pci-dss","version":"4.0","requirement":"Apply-Secure-Configurations-to-All-System-Components","control":"2.2.1"},{"framework":"hipaa","version":"1","requirement":"Workforce-Security","control":"164.308-a-3-i"},{"framework":"hipaa","version":"1","requirement":"Security-Management-Process","control":"164.308-a-1-ii-B"},{"framework":"hipaa","version":"1","requirement":"Access-Control","control":"164.312-a-1"},{"framework":"gdpr","version":"1","requirement":"Data-Protection","control":"25.2"},{"framework":"gdpr","version":"1","requirement":"Security-of-Processing","control":"32.1a"},{"framework":"dcsb-m","version":"1","requirement":"Azure","control":"2.2"},{"framework":"dcsb-m","version":"1","requirement":"Azure","control":"2.8"},{"framework":"iso-27001","version":"2","requirement":"Compliance","control":"A.18.1.3"},{"framework":"iso-27001","version":"2","requirement":"Access-Control","control":"A.9.2.3"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.1"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.3"},{"framework":"nist-800-53","version":"5","requirement":"Configuration-Management","control":"CM-6"},{"framework":"nist-csf","version":"1.1","requirement":"Information-Protection","control":"PR.IP-1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Storage-Accounts","control":"3.7"}],"filter":"","regoRule":{"policy":"package + string: '{"data":[{"id":"def-000-vc2","version":7,"name":"''Blob public access'' + should be disabled for storage accounts with blob containers","createdAt":1681395797603,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722014735961,"isDefault":true,"isPartner":false,"isEnabled":false,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_storage_account","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_storage_account","validationQuery":"","complianceFrameworks":[{"framework":"pci-dss","version":"4.0","requirement":"Apply-Secure-Configurations-to-All-System-Components","control":"2.2.1","message":"","is_default":true},{"framework":"hipaa","version":"1","requirement":"Workforce-Security","control":"164.308-a-3-i","message":"","is_default":true},{"framework":"hipaa","version":"1","requirement":"Security-Management-Process","control":"164.308-a-1-ii-B","message":"","is_default":true},{"framework":"hipaa","version":"1","requirement":"Access-Control","control":"164.312-a-1","message":"","is_default":true},{"framework":"gdpr","version":"1","requirement":"Data-Protection","control":"25.2","message":"","is_default":true},{"framework":"gdpr","version":"1","requirement":"Security-of-Processing","control":"32.1a","message":"","is_default":true},{"framework":"dcsb-m","version":"1","requirement":"Azure","control":"2.2","message":"","is_default":true},{"framework":"dcsb-m","version":"1","requirement":"Azure","control":"2.8","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Compliance","control":"A.18.1.3","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Access-Control","control":"A.9.2.3","message":"","is_default":true},{"framework":"fedramp-high","version":"5","requirement":"Configuration-Management","control":"CM-6","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.3","message":"","is_default":true},{"framework":"nist-800-53","version":"5","requirement":"Configuration-Management","control":"CM-6","message":"","is_default":true},{"framework":"nist-csf","version":"1.1","requirement":"Information-Protection","control":"PR.IP-1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Storage-Accounts","control":"3.7","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(storage_account) = \"pass\" if {\n\tstorage_account.allow_blob_public_access == false\n} else = \"fail\"\n\n# @@ -50,8 +50,8 @@ http_interactions: https://docs.microsoft.com/en-us/security/benchmark/azure-security-controls-v3-governance-strategy#gs-2-define-and-implement-enterprise-segmentationseparation-of-duties-strategy\n[4]: https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-2-secure-cloud-services-with-network-controls\n[5]: https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure\n[6]: - https://docs.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access\n","tags":["scored:true","cloud_provider:azure","framework:gdpr","control:164.308-a-3-i","requirement:Compliance","level:1","requirement:Storage-Accounts","control:2.2.1","framework:nist-csf","requirement:Security-Management-Process","framework:dcsb-m","framework:iso-27001","framework:hipaa","requirement:Access-Control","control:164.308-a-1-ii-B","requirement:Information-Protection","scope:azure.storage","control:25.2","requirement:Workforce-Security","security:compliance","requirement:Configuration-Management","control:164.312-a-1","requirement:Azure","requirement:Apply-Secure-Configurations-to-All-System-Components","control:2.8","control:3.7","framework:cis-azure","control:2.2","framework:pci-dss","requirement:Data-Protection","framework:nist-800-53","source:azure.storage","requirement:Security-of-Processing","control:CM-6","control:A.18.1.3","framework:soc-2","control:A.9.2.3","control:PR.IP-1","control:32.1a","requirement:Logical-and-Physical-Access-Control","control:CC6.3","control:CC6.1"],"defaultTags":["framework:dcsb-m","requirement:Azure","requirement:Configuration-Management","control:2.2","control:A.9.2.3","control:CC6.3","control:CC6.1","requirement:Workforce-Security","control:2.8","framework:soc-2","requirement:Security-of-Processing","requirement:Apply-Secure-Configurations-to-All-System-Components","security:compliance","requirement:Data-Protection","framework:nist-csf","framework:pci-dss","control:164.308-a-1-ii-B","control:164.312-a-1","control:32.1a","scored:true","requirement:Storage-Accounts","requirement:Access-Control","control:A.18.1.3","level:1","framework:hipaa","requirement:Logical-and-Physical-Access-Control","scope:azure.storage","control:PR.IP-1","control:2.2.1","control:25.2","control:3.7","requirement:Information-Protection","requirement:Security-Management-Process","framework:gdpr","framework:cis-azure","requirement:Compliance","control:CM-6","source:azure.storage","cloud_provider:azure","control:164.308-a-3-i","framework:iso-27001","framework:nist-800-53"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-qnx","version":2,"name":"''Create - Policy Assignment'' activity log alert should be configured","createdAt":1695335294080,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.1"}],"filter":"","regoRule":{"policy":"package + https://docs.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access\n","tags":["scored:true","cloud_provider:azure","framework:gdpr","control:164.308-a-3-i","requirement:Compliance","level:1","requirement:Storage-Accounts","control:2.2.1","framework:nist-csf","requirement:Security-Management-Process","framework:dcsb-m","framework:iso-27001","framework:hipaa","requirement:Access-Control","control:164.308-a-1-ii-B","requirement:Information-Protection","scope:azure.storage","control:25.2","requirement:Workforce-Security","security:compliance","requirement:Configuration-Management","control:164.312-a-1","requirement:Azure","requirement:Apply-Secure-Configurations-to-All-System-Components","control:2.8","control:3.7","framework:cis-azure","control:2.2","framework:pci-dss","requirement:Data-Protection","framework:nist-800-53","source:azure.storage","requirement:Security-of-Processing","control:CM-6","control:A.18.1.3","framework:soc-2","control:A.9.2.3","control:PR.IP-1","control:32.1a","framework:fedramp-high","requirement:Logical-and-Physical-Access-Control","control:CC6.3","control:CC6.1"],"defaultTags":["requirement:Compliance","cloud_provider:azure","control:32.1a","framework:nist-800-53","scope:azure.storage","control:164.312-a-1","scored:true","requirement:Configuration-Management","control:2.2.1","requirement:Access-Control","framework:iso-27001","control:164.308-a-3-i","requirement:Information-Protection","level:1","framework:nist-csf","control:CC6.3","requirement:Security-of-Processing","control:CC6.1","control:A.9.2.3","requirement:Workforce-Security","requirement:Data-Protection","control:25.2","requirement:Logical-and-Physical-Access-Control","framework:hipaa","framework:gdpr","control:PR.IP-1","source:azure.storage","control:3.7","requirement:Storage-Accounts","control:A.18.1.3","control:164.308-a-1-ii-B","control:CM-6","control:2.8","requirement:Security-Management-Process","framework:cis-azure","requirement:Apply-Secure-Configurations-to-All-System-Components","framework:fedramp-high","control:2.2","framework:pci-dss","requirement:Azure","framework:soc-2","framework:dcsb-m","security:compliance"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-qnx","version":4,"name":"''Create + Policy Assignment'' activity log alert should be configured","createdAt":1695335294080,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722015330005,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"fedramp-high","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.1","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -82,8 +82,8 @@ http_interactions: and complete the creation process or select the appropriate action group.\n12. Under **Alert Rule Details**, enter the **Alert Rule Name** and **Description**.\n13. Select the appropriate resource group to save the alert to.\n14. Select the - **Enable alert rule upon creation** checkbox.\n15. Click **Create Alert Rule**.\n","tags":["scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:5.2.1","control:A.12.4.1","requirement:Logging-and-Monitoring","framework:nist-800-53","level:1","framework:nist-800-171","framework:soc-2","control:AU-6","framework:iso-27001","requirement:Audit-and-Accountability","control:CC2.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["framework:nist-800-53","control:3.14.1","control:3.14.2","requirement:Systems-and-Information-Integrity","framework:soc-2","requirement:Audit-and-Accountability","framework:nist-800-171","scored:true","control:5.2.1","control:CC2.1","source:azure.activity_log","level:1","security:compliance","scope:azure.activity_log","framework:cis-azure","cloud_provider:azure","requirement:Communication-and-Information","control:A.12.4.1","control:AU-6","requirement:Operations-Security","framework:iso-27001","requirement:Logging-and-Monitoring"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-9q9","version":2,"name":"''Create - or Update Network Security Group'' activity log alert should be configured","createdAt":1695406412231,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.3"}],"filter":"","regoRule":{"policy":"package + **Enable alert rule upon creation** checkbox.\n15. Click **Create Alert Rule**.\n","tags":["scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:5.2.1","control:A.12.4.1","requirement:Logging-and-Monitoring","framework:nist-800-53","level:1","framework:nist-800-171","framework:soc-2","control:AU-6","framework:fedramp-high","framework:iso-27001","requirement:Audit-and-Accountability","control:CC2.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["control:AU-6","source:azure.activity_log","requirement:Communication-and-Information","cloud_provider:azure","requirement:Systems-and-Information-Integrity","framework:cis-azure","scope:azure.activity_log","framework:soc-2","control:A.12.4.1","requirement:Operations-Security","control:3.14.2","control:3.14.1","framework:iso-27001","framework:nist-800-53","scored:true","control:5.2.1","security:compliance","control:CC2.1","level:1","framework:nist-800-171","requirement:Logging-and-Monitoring","requirement:Audit-and-Accountability","framework:fedramp-high"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-9q9","version":4,"name":"''Create + or Update Network Security Group'' activity log alert should be configured","createdAt":1695406412231,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722015442517,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"fedramp-high","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.3","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -112,8 +112,8 @@ http_interactions: To create a new action group, click **Create action group**. Fill out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, then provide an **Alert rule name** and an optional - **Alert rule description**.\n13. Click **Review + create**.\n14. Click **Create**.\n","tags":["scored:true","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","control:A.12.4.1","level:1","framework:nist-800-171","control:5.2.3","framework:iso-27001","requirement:Audit-and-Accountability","requirement:Operations-Security","requirement:Communication-and-Information","source:azure.activity_log","security:compliance","framework:cis-azure","requirement:Systems-and-Information-Integrity","requirement:Logging-and-Monitoring","requirement:System-Operations","framework:nist-800-53","framework:soc-2","control:AU-6","control:CC2.1","control:CC7.2","control:CC7.1"],"defaultTags":["control:AU-6","framework:cis-azure","scored:true","framework:iso-27001","requirement:Logging-and-Monitoring","requirement:Systems-and-Information-Integrity","framework:nist-800-171","control:5.2.3","control:3.14.1","control:3.14.2","framework:nist-800-53","level:1","control:CC2.1","control:CC7.1","control:A.12.4.1","source:azure.activity_log","cloud_provider:azure","requirement:Audit-and-Accountability","framework:soc-2","control:CC7.2","security:compliance","requirement:Operations-Security","requirement:System-Operations","requirement:Communication-and-Information","scope:azure.activity_log"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-bfa","version":2,"name":"''Create - or Update Public Ip Address'' activity log alert should be configured","createdAt":1695406412713,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.9"}],"filter":"","regoRule":{"policy":"package + **Alert rule description**.\n13. Click **Review + create**.\n14. Click **Create**.\n","tags":["scored:true","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","control:A.12.4.1","level:1","framework:nist-800-171","control:5.2.3","framework:iso-27001","requirement:Audit-and-Accountability","requirement:Operations-Security","requirement:Communication-and-Information","source:azure.activity_log","security:compliance","framework:cis-azure","requirement:Systems-and-Information-Integrity","requirement:Logging-and-Monitoring","requirement:System-Operations","framework:nist-800-53","framework:soc-2","control:AU-6","framework:fedramp-high","control:CC2.1","control:CC7.2","control:CC7.1"],"defaultTags":["framework:cis-azure","requirement:Systems-and-Information-Integrity","requirement:Audit-and-Accountability","scope:azure.activity_log","control:CC7.2","framework:iso-27001","cloud_provider:azure","control:3.14.2","control:3.14.1","control:CC7.1","level:1","source:azure.activity_log","requirement:Logging-and-Monitoring","requirement:System-Operations","framework:fedramp-high","control:CC2.1","scored:true","requirement:Communication-and-Information","control:AU-6","framework:nist-800-53","security:compliance","requirement:Operations-Security","control:5.2.3","framework:soc-2","framework:nist-800-171","control:A.12.4.1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-bfa","version":3,"name":"''Create + or Update Public Ip Address'' activity log alert should be configured","createdAt":1695406412713,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722014920314,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.9","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -145,8 +145,8 @@ http_interactions: Fill out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, then provide an **Alert rule name** and an optional **Alert rule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.9","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["security:compliance","requirement:Systems-and-Information-Integrity","control:CC2.1","requirement:Logical-and-Physical-Access-Control","control:CC7.1","control:CC7.2","cloud_provider:azure","control:CC6.8","requirement:Logging-and-Monitoring","control:5.2.9","scope:azure.activity_log","control:3.14.1","control:3.14.2","framework:soc-2","source:azure.activity_log","control:A.12.4.1","scored:true","framework:iso-27001","requirement:Communication-and-Information","requirement:Operations-Security","level:1","framework:nist-800-171","framework:cis-azure","requirement:System-Operations"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-w0f","version":2,"name":"''Create - or Update SQL Server Firewall Rule'' activity log alert should be configured","createdAt":1695406413348,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.7"}],"filter":"","regoRule":{"policy":"package + Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.9","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","scored:true","control:A.12.4.1","source:azure.activity_log","framework:soc-2","control:3.14.2","control:3.14.1","scope:azure.activity_log","control:5.2.9","requirement:Logging-and-Monitoring","control:CC6.8","cloud_provider:azure","control:CC7.2","control:CC7.1","requirement:Logical-and-Physical-Access-Control","control:CC2.1","requirement:Systems-and-Information-Integrity","security:compliance","requirement:System-Operations","framework:cis-azure","framework:nist-800-171","level:1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-w0f","version":3,"name":"''Create + or Update SQL Server Firewall Rule'' activity log alert should be configured","createdAt":1695406413348,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722015217333,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.7","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -178,8 +178,8 @@ http_interactions: Fill out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, provide an **Alert rule name** and an optional **Alert\nrule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.7","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["security:compliance","requirement:Systems-and-Information-Integrity","control:CC2.1","requirement:Logical-and-Physical-Access-Control","control:CC7.1","control:CC7.2","cloud_provider:azure","control:CC6.8","requirement:Logging-and-Monitoring","control:5.2.7","scope:azure.activity_log","control:3.14.1","control:3.14.2","framework:soc-2","source:azure.activity_log","control:A.12.4.1","scored:true","framework:iso-27001","requirement:Communication-and-Information","requirement:Operations-Security","level:1","framework:nist-800-171","framework:cis-azure","requirement:System-Operations"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-059","version":2,"name":"''Create - or Update Security Solutions'' activity log alert should be configured","createdAt":1695406412988,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.5"}],"filter":"","regoRule":{"policy":"package + Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.7","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","scored:true","control:A.12.4.1","source:azure.activity_log","framework:soc-2","control:3.14.2","control:3.14.1","scope:azure.activity_log","control:5.2.7","requirement:Logging-and-Monitoring","control:CC6.8","cloud_provider:azure","control:CC7.2","control:CC7.1","requirement:Logical-and-Physical-Access-Control","control:CC2.1","requirement:Systems-and-Information-Integrity","security:compliance","requirement:System-Operations","framework:cis-azure","framework:nist-800-171","level:1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-059","version":3,"name":"''Create + or Update Security Solutions'' activity log alert should be configured","createdAt":1695406412988,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722014956116,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.5","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -209,8 +209,8 @@ http_interactions: out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, then provide an **Alert rule name** and an optional **Alert\nrule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","framework:soc-2","control:5.2.5","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["security:compliance","requirement:Systems-and-Information-Integrity","control:CC2.1","requirement:Logical-and-Physical-Access-Control","control:CC7.1","control:CC7.2","cloud_provider:azure","control:CC6.8","requirement:Logging-and-Monitoring","control:5.2.5","scope:azure.activity_log","control:3.14.1","control:3.14.2","framework:soc-2","source:azure.activity_log","control:A.12.4.1","scored:true","framework:iso-27001","requirement:Communication-and-Information","requirement:Operations-Security","level:1","framework:nist-800-171","framework:cis-azure","requirement:System-Operations"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-rhj","version":2,"name":"''Delete - Network Security Group'' activity log alert should be configured","createdAt":1695406412766,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.4"}],"filter":"","regoRule":{"policy":"package + Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","framework:soc-2","control:5.2.5","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","scored:true","control:A.12.4.1","source:azure.activity_log","framework:soc-2","control:3.14.2","control:3.14.1","scope:azure.activity_log","control:5.2.5","requirement:Logging-and-Monitoring","control:CC6.8","cloud_provider:azure","control:CC7.2","control:CC7.1","requirement:Logical-and-Physical-Access-Control","control:CC2.1","requirement:Systems-and-Information-Integrity","security:compliance","requirement:System-Operations","framework:cis-azure","framework:nist-800-171","level:1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-rhj","version":3,"name":"''Delete + Network Security Group'' activity log alert should be configured","createdAt":1695406412766,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722014510456,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.4","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -239,8 +239,8 @@ http_interactions: Fill out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, then provide an **Alert rule name** and an optional **Alert rule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","framework:soc-2","control:5.2.4","framework:iso-27001","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["control:3.14.1","control:3.14.2","requirement:Systems-and-Information-Integrity","framework:soc-2","requirement:System-Operations","framework:nist-800-171","scored:true","control:CC2.1","source:azure.activity_log","level:1","control:5.2.4","security:compliance","scope:azure.activity_log","control:CC7.2","framework:cis-azure","cloud_provider:azure","control:CC7.1","requirement:Communication-and-Information","control:A.12.4.1","requirement:Operations-Security","framework:iso-27001","requirement:Logging-and-Monitoring"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-d1v","version":2,"name":"''Delete - Policy Assignment'' activity log alert should be configured","createdAt":1695406412546,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Compliance","control":"A.18.1.3"},{"framework":"iso-27001","version":"2","requirement":"Communications-Security","control":"A.13.1.1"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"iso-27001","version":"2","requirement":"Access-Control","control":"A.9.1.2"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.2"}],"filter":"","regoRule":{"policy":"package + Click **Create**.\n","tags":["scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","framework:soc-2","control:5.2.4","framework:iso-27001","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["control:A.12.4.1","requirement:Communication-and-Information","control:CC7.1","cloud_provider:azure","framework:cis-azure","control:CC7.2","scope:azure.activity_log","security:compliance","control:5.2.4","level:1","source:azure.activity_log","control:CC2.1","scored:true","framework:nist-800-171","requirement:System-Operations","framework:soc-2","requirement:Systems-and-Information-Integrity","control:3.14.2","control:3.14.1","requirement:Logging-and-Monitoring","framework:iso-27001","requirement:Operations-Security"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-d1v","version":4,"name":"''Delete + Policy Assignment'' activity log alert should be configured","createdAt":1695406412546,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722015365872,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Compliance","control":"A.18.1.3","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Communications-Security","control":"A.13.1.1","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Access-Control","control":"A.9.1.2","message":"","is_default":true},{"framework":"fedramp-high","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"nist-800-53","version":"5","requirement":"Audit-and-Accountability","control":"AU-6","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.2","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -269,8 +269,8 @@ http_interactions: Fill out the appropriate details for the selection.\n11. Select the **Details** tab.\n12. Select a **Resource group**, provide an **Alert rule name** and an optional **Alert\nrule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["scored:true","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","control:A.12.4.1","requirement:Compliance","level:1","control:5.2.2","framework:nist-800-171","framework:iso-27001","requirement:Audit-and-Accountability","requirement:Access-Control","requirement:Operations-Security","requirement:Communication-and-Information","source:azure.activity_log","security:compliance","framework:cis-azure","requirement:Systems-and-Information-Integrity","requirement:Communications-Security","requirement:Logging-and-Monitoring","requirement:System-Operations","framework:nist-800-53","control:A.13.1.1","control:A.18.1.3","framework:soc-2","control:AU-6","control:A.9.1.2","control:CC2.1","control:CC7.2","control:CC7.1"],"defaultTags":["framework:iso-27001","requirement:Communication-and-Information","framework:soc-2","requirement:Access-Control","control:5.2.2","control:CC7.2","control:CC7.1","control:AU-6","source:azure.activity_log","framework:cis-azure","framework:nist-800-53","framework:nist-800-171","control:A.12.4.1","requirement:Compliance","requirement:Operations-Security","control:A.13.1.1","requirement:Systems-and-Information-Integrity","scope:azure.activity_log","control:A.9.1.2","requirement:System-Operations","control:CC2.1","requirement:Audit-and-Accountability","security:compliance","control:3.14.1","control:3.14.2","requirement:Communications-Security","cloud_provider:azure","level:1","requirement:Logging-and-Monitoring","control:A.18.1.3","scored:true"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-2sc","version":2,"name":"''Delete - Public Ip Address Rule'' activity log alert should be configured","createdAt":1695406411919,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.10"}],"filter":"","regoRule":{"policy":"package + Click **Create**.\n","tags":["scored:true","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","control:A.12.4.1","requirement:Compliance","level:1","control:5.2.2","framework:nist-800-171","framework:iso-27001","requirement:Audit-and-Accountability","requirement:Access-Control","requirement:Operations-Security","requirement:Communication-and-Information","source:azure.activity_log","security:compliance","framework:cis-azure","requirement:Systems-and-Information-Integrity","requirement:Communications-Security","requirement:Logging-and-Monitoring","requirement:System-Operations","framework:nist-800-53","control:A.13.1.1","control:A.18.1.3","framework:soc-2","control:AU-6","control:A.9.1.2","framework:fedramp-high","control:CC2.1","control:CC7.2","control:CC7.1"],"defaultTags":["requirement:Access-Control","requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","requirement:Logging-and-Monitoring","control:CC7.1","framework:nist-800-171","control:CC7.2","control:3.14.2","control:3.14.1","control:CC2.1","control:A.18.1.3","level:1","requirement:Communications-Security","scope:azure.activity_log","control:A.9.1.2","requirement:Systems-and-Information-Integrity","scored:true","control:A.12.4.1","control:A.13.1.1","framework:soc-2","framework:nist-800-53","control:5.2.2","requirement:Audit-and-Accountability","control:AU-6","framework:fedramp-high","requirement:System-Operations","security:compliance","framework:cis-azure","source:azure.activity_log","requirement:Compliance","cloud_provider:azure"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-2sc","version":3,"name":"''Delete + Public Ip Address Rule'' activity log alert should be configured","createdAt":1695406411919,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722015104777,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.10","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -301,8 +301,8 @@ http_interactions: To create a new action group, click **Create action group**. Fill out the appropriate details for the selection.\n11. Select the **Details** tab.\n12. Select a **Resource group**, provide an **Alert rule name** and an optional - **Alert\nrule description**.\n13. Click **Review + create**.\n14. Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","control:5.2.10","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["security:compliance","requirement:Systems-and-Information-Integrity","control:CC2.1","requirement:Logical-and-Physical-Access-Control","control:CC7.1","control:CC7.2","cloud_provider:azure","control:5.2.10","control:CC6.8","requirement:Logging-and-Monitoring","scope:azure.activity_log","control:3.14.1","control:3.14.2","framework:soc-2","source:azure.activity_log","control:A.12.4.1","scored:true","framework:iso-27001","requirement:Communication-and-Information","requirement:Operations-Security","level:1","framework:nist-800-171","framework:cis-azure","requirement:System-Operations"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-77s","version":2,"name":"''Delete - SQL Server Firewall Rule'' activity log alert should be configured","createdAt":1695406412914,"creationAuthorId":0,"updateAuthorId":0,"isDefault":true,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1"},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2"},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1"},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2"},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8"},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1"},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.8"}],"filter":"","regoRule":{"policy":"package + **Alert\nrule description**.\n13. Click **Review + create**.\n14. Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","level:1","framework:nist-800-171","control:5.2.10","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","scored:true","control:A.12.4.1","source:azure.activity_log","framework:soc-2","control:3.14.2","control:3.14.1","scope:azure.activity_log","requirement:Logging-and-Monitoring","control:CC6.8","control:5.2.10","cloud_provider:azure","control:CC7.2","control:CC7.1","requirement:Logical-and-Physical-Access-Control","control:CC2.1","requirement:Systems-and-Information-Integrity","security:compliance","requirement:System-Operations","framework:cis-azure","framework:nist-800-171","level:1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]},{"id":"def-000-77s","version":3,"name":"''Delete + SQL Server Firewall Rule'' activity log alert should be configured","createdAt":1695406412914,"creationAuthorId":0,"updateAuthorId":0,"updatedAt":1722014920291,"isDefault":true,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:azure_subscription","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"azure_subscription","validationQuery":"","complianceFrameworks":[{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.1","message":"","is_default":true},{"framework":"nist-800-171","version":"2","requirement":"Systems-and-Information-Integrity","control":"3.14.2","message":"","is_default":true},{"framework":"iso-27001","version":"2","requirement":"Operations-Security","control":"A.12.4.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.1","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"System-Operations","control":"CC7.2","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Logical-and-Physical-Access-Control","control":"CC6.8","message":"","is_default":true},{"framework":"soc-2","version":"2","requirement":"Communication-and-Information","control":"CC2.1","message":"","is_default":true},{"framework":"cis-azure","version":"2.0.0","requirement":"Logging-and-Monitoring","control":"5.2.8","message":"","is_default":true}],"filter":"","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nvalid_log_alert = {activity_log_alert.subscription_id |\n\tsome activity_log_alert in input.resources.azure_activity_log_alert\n\tsome @@ -334,7 +334,7 @@ http_interactions: Fill out the appropriate details for the selection.\n11. Click the **Details** tab.\n12. Select a **Resource group**, then provide an **Alert rule name** and an optional **Alert rule description**.\n13. Click **Review + create**.\n14. - Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.8","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["security:compliance","requirement:Systems-and-Information-Integrity","control:CC2.1","requirement:Logical-and-Physical-Access-Control","control:CC7.1","control:CC7.2","cloud_provider:azure","control:CC6.8","requirement:Logging-and-Monitoring","control:5.2.8","scope:azure.activity_log","control:3.14.1","control:3.14.2","framework:soc-2","source:azure.activity_log","control:A.12.4.1","scored:true","framework:iso-27001","requirement:Communication-and-Information","requirement:Operations-Security","level:1","framework:nist-800-171","framework:cis-azure","requirement:System-Operations"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]}],"meta":{"page":{"total_count":1744,"total_filtered_count":10}}} + Click **Create**.\n","tags":["control:CC6.8","scored:true","source:azure.activity_log","security:compliance","control:3.14.1","scope:azure.activity_log","cloud_provider:azure","control:3.14.2","framework:cis-azure","requirement:Systems-and-Information-Integrity","control:A.12.4.1","requirement:Logging-and-Monitoring","requirement:System-Operations","control:5.2.8","level:1","framework:nist-800-171","framework:soc-2","framework:iso-27001","requirement:Logical-and-Physical-Access-Control","control:CC2.1","control:CC7.2","control:CC7.1","requirement:Operations-Security","requirement:Communication-and-Information"],"defaultTags":["requirement:Operations-Security","requirement:Communication-and-Information","framework:iso-27001","scored:true","control:A.12.4.1","source:azure.activity_log","framework:soc-2","control:3.14.2","control:3.14.1","scope:azure.activity_log","control:5.2.8","requirement:Logging-and-Monitoring","control:CC6.8","cloud_provider:azure","control:CC7.2","control:CC7.1","requirement:Logical-and-Physical-Access-Control","control:CC2.1","requirement:Systems-and-Information-Integrity","security:compliance","requirement:System-Operations","framework:cis-azure","framework:nist-800-171","level:1"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[]}],"meta":{"page":{"total_count":2017,"total_filtered_count":10}}} ' headers: diff --git a/cassettes/features/v2/security_monitoring/Update-a-cloud-configuration-rule-s-details-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Update-a-cloud-configuration-rule-s-details-returns-OK-response.frozen index e1c9e440e171..50af3bf1c472 100644 --- a/cassettes/features/v2/security_monitoring/Update-a-cloud-configuration-rule-s-details-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Update-a-cloud-configuration-rule-s-details-returns-OK-response.frozen @@ -1 +1 @@ -2024-05-10T16:34:48.765Z \ No newline at end of file +2024-11-22T13:52:07.331Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Update-a-cloud-configuration-rule-s-details-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Update-a-cloud-configuration-rule-s-details-returns-OK-response.yml index 9331bf09a533..22f2e7fcd562 100644 --- a/cassettes/features/v2/security_monitoring/Update-a-cloud-configuration-rule-s-details-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Update-a-cloud-configuration-rule-s-details-returns-OK-response.yml @@ -1,10 +1,10 @@ http_interactions: -- recorded_at: Fri, 10 May 2024 16:34:48 GMT +- recorded_at: Fri, 22 Nov 2024 13:52:07 GMT request: body: encoding: UTF-8 string: '{"cases":[{"notifications":["channel"],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"isEnabled":false,"message":"Cloud - configuration rule","name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1715358888_cloud","options":{"complianceRuleOptions":{"complexRule":false,"regoRule":{"policy":"package + configuration rule","name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1732283527_cloud","options":{"complianceRuleOptions":{"complexRule":false,"regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} @@ -23,7 +23,7 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"id":"efv-nza-5ev","version":1,"name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1715358888_cloud","createdAt":1715358889053,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package + string: '{"id":"uao-sdg-mt8","version":1,"name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1732283527_cloud","createdAt":1732283527664,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":false,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} @@ -41,11 +41,11 @@ http_interactions: status: code: 200 message: OK -- recorded_at: Fri, 10 May 2024 16:34:48 GMT +- recorded_at: Fri, 22 Nov 2024 13:52:07 GMT request: body: encoding: UTF-8 - string: '{"cases":[{"notifications":[],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":false,"userGroupByFields":[]},"isEnabled":false,"message":"ddd","name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1715358888_cloud_updated","options":{"complianceRuleOptions":{"regoRule":{"policy":"package + string: '{"cases":[{"notifications":[],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":false,"userGroupByFields":[]},"isEnabled":false,"message":"ddd","name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1732283527_cloud_updated","options":{"complianceRuleOptions":{"regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} @@ -60,11 +60,11 @@ http_interactions: Content-Type: - application/json method: PUT - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/efv-nza-5ev + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/uao-sdg-mt8 response: body: encoding: UTF-8 - string: '{"id":"efv-nza-5ev","version":2,"name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1715358888_cloud_updated","createdAt":1715358889053,"creationAuthorId":1445416,"updateAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package + string: '{"id":"uao-sdg-mt8","version":2,"name":"Test-Update_a_cloud_configuration_rule_s_details_returns_OK_response-1732283527_cloud_updated","createdAt":1732283527664,"creationAuthorId":1445416,"updateAuthorId":1445416,"updatedAt":1732283528223,"isDefault":false,"isPartner":false,"isEnabled":false,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} @@ -82,14 +82,14 @@ http_interactions: status: code: 200 message: OK -- recorded_at: Fri, 10 May 2024 16:34:48 GMT +- recorded_at: Fri, 22 Nov 2024 13:52:07 GMT request: body: null headers: Accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/efv-nza-5ev + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/uao-sdg-mt8 response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Update-an-existing-rule-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Update-an-existing-rule-returns-OK-response.frozen index 175df7f5add1..1f3eaa6786c3 100644 --- a/cassettes/features/v2/security_monitoring/Update-an-existing-rule-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Update-an-existing-rule-returns-OK-response.frozen @@ -1 +1 @@ -2024-05-10T16:34:54.978Z \ No newline at end of file +2024-11-22T13:52:12.595Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Update-an-existing-rule-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Update-an-existing-rule-returns-OK-response.yml index c9434cc5d1c3..5a2fe06384dc 100644 --- a/cassettes/features/v2/security_monitoring/Update-an-existing-rule-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Update-an-existing-rule-returns-OK-response.yml @@ -1,10 +1,10 @@ http_interactions: -- recorded_at: Fri, 10 May 2024 16:34:54 GMT +- recorded_at: Fri, 22 Nov 2024 13:52:12 GMT request: body: encoding: UTF-8 string: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test - rule","name":"Test-Update_an_existing_rule_returns_OK_response-1715358894","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[],"type":"log_detection"}' + rule","name":"Test-Update_an_existing_rule_returns_OK_response-1732283532","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[],"type":"log_detection"}' headers: Accept: - application/json @@ -15,7 +15,7 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"id":"fu8-wg9-rsy","version":1,"name":"Test-Update_an_existing_rule_returns_OK_response-1715358894","createdAt":1715358895245,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + string: '{"id":"mza-hwt-ziu","version":1,"name":"Test-Update_an_existing_rule_returns_OK_response-1732283532","createdAt":1732283532973,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]} ' @@ -25,23 +25,23 @@ http_interactions: status: code: 200 message: OK -- recorded_at: Fri, 10 May 2024 16:34:54 GMT +- recorded_at: Fri, 22 Nov 2024 13:52:12 GMT request: body: encoding: UTF-8 string: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test - rule","name":"Test-Update_an_existing_rule_returns_OK_response-1715358894-Updated","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[]}' + rule","name":"Test-Update_an_existing_rule_returns_OK_response-1732283532-Updated","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[]}' headers: Accept: - application/json Content-Type: - application/json method: PUT - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/fu8-wg9-rsy + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/mza-hwt-ziu response: body: encoding: UTF-8 - string: '{"id":"fu8-wg9-rsy","version":2,"name":"Test-Update_an_existing_rule_returns_OK_response-1715358894-Updated","createdAt":1715358895245,"creationAuthorId":1445416,"updateAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + string: '{"id":"mza-hwt-ziu","version":2,"name":"Test-Update_an_existing_rule_returns_OK_response-1732283532-Updated","createdAt":1732283532973,"creationAuthorId":1445416,"updateAuthorId":1445416,"updatedAt":1732283533337,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]} ' @@ -51,14 +51,14 @@ http_interactions: status: code: 200 message: OK -- recorded_at: Fri, 10 May 2024 16:34:54 GMT +- recorded_at: Fri, 22 Nov 2024 13:52:12 GMT request: body: null headers: Accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/fu8-wg9-rsy + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/mza-hwt-ziu response: body: encoding: UTF-8 diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb index 0880e5535814..0e43b36d7083 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb @@ -84,6 +84,9 @@ class SecurityMonitoringStandardRuleResponse # User ID of the user who updated the rule. attr_accessor :update_author_id + # The date the rule was last updated, in milliseconds. + attr_accessor :updated_at + # The version of the rule. attr_accessor :version @@ -114,6 +117,7 @@ def self.attribute_map :'third_party_cases' => :'thirdPartyCases', :'type' => :'type', :'update_author_id' => :'updateAuthorId', + :'updated_at' => :'updatedAt', :'version' => :'version' } end @@ -143,6 +147,7 @@ def self.openapi_types :'third_party_cases' => :'Array', :'type' => :'SecurityMonitoringRuleTypeRead', :'update_author_id' => :'Integer', + :'updated_at' => :'Integer', :'version' => :'Integer' } end @@ -263,6 +268,10 @@ def initialize(attributes = {}) self.update_author_id = attributes[:'update_author_id'] end + if attributes.key?(:'updated_at') + self.updated_at = attributes[:'updated_at'] + end + if attributes.key?(:'version') self.version = attributes[:'version'] end @@ -315,6 +324,7 @@ def ==(o) third_party_cases == o.third_party_cases && type == o.type && update_author_id == o.update_author_id && + updated_at == o.updated_at && version == o.version additional_properties == o.additional_properties end @@ -323,7 +333,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, compliance_signal_options, created_at, creation_author_id, default_tags, deprecation_date, filters, has_extended_title, id, is_default, is_deleted, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, update_author_id, version].hash + [cases, compliance_signal_options, created_at, creation_author_id, default_tags, deprecation_date, filters, has_extended_title, id, is_default, is_deleted, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, update_author_id, updated_at, version].hash end end end