diff --git a/.apigentools-info b/.apigentools-info index 9ffe9a5f5346..806a1bdd9152 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2024-12-18 19:23:39.928959", - "spec_repo_commit": "3f22290a" + "regenerated": "2024-12-19 07:26:22.629677", + "spec_repo_commit": "5dd2cbe4" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2024-12-18 19:23:39.944997", - "spec_repo_commit": "3f22290a" + "regenerated": "2024-12-19 07:26:22.647976", + "spec_repo_commit": "5dd2cbe4" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index fea0c1deed32..3480f9db3a70 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -12250,6 +12250,65 @@ components: maximum: 2147483647 type: integer type: object + HistoricalJobOptions: + description: Job options. + properties: + detectionMethod: + $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' + evaluationWindow: + $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' + impossibleTravelOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions' + keepAlive: + $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' + maxSignalDuration: + $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' + newValueOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' + thirdPartyRuleOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions' + type: object + HistoricalJobQuery: + description: Query for selecting logs analyzed by the historical job. + properties: + aggregation: + $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' + distinctFields: + description: Field for which the cardinality is measured. Sent as an array. + items: + description: Field. + type: string + type: array + groupByFields: + description: Fields to group by. + items: + description: Field. + type: string + type: array + hasOptionalGroupByFields: + description: When false, events without a group-by value are ignored by + the query. When true, events with missing group-by fields are processed + with `N/A`, replacing the missing values. + example: false + readOnly: true + type: boolean + metrics: + description: Group of target fields to aggregate over when using the sum, + max, geo data, or new value aggregations. The sum, max, and geo data aggregations + only accept one value in this list, whereas the new value aggregation + accepts up to five values. + items: + description: Field. + type: string + type: array + name: + description: Name of the query. + type: string + query: + description: Query to run on logs. + example: a > 3 + type: string + type: object HistoricalJobResponse: description: Historical job response. properties: @@ -14824,13 +14883,6 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' type: array - filters: - description: Additional queries to filter matched events before they are - processed. This field is deprecated for log detection, signal correlation, - and workload security rules. - items: - $ref: '#/components/schemas/SecurityMonitoringFilter' - type: array from: description: Starting time of data analyzed by the job. example: 1729843470000 @@ -14849,14 +14901,14 @@ components: example: Excessive number of failed attempts. type: string options: - $ref: '#/components/schemas/SecurityMonitoringRuleOptions' + $ref: '#/components/schemas/HistoricalJobOptions' queries: description: Queries for selecting logs analyzed by the job. items: - $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' + $ref: '#/components/schemas/HistoricalJobQuery' type: array referenceTables: - description: Reference tables for the rule. + description: Reference tables used in the queries. items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array @@ -14866,8 +14918,8 @@ components: type: string type: array thirdPartyCases: - description: Cases for generating results from third-party rules. Only available - for third-party rules. + description: Cases for generating results from third-party detection method. + Only available for third-party detection method. example: [] items: $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate' @@ -22792,7 +22844,7 @@ components: $ref: '#/components/schemas/ResponseMetaAttributes' type: object SecurityMonitoringReferenceTable: - description: Reference table for the rule. + description: Reference tables used in the queries. properties: checkPresence: description: Whether to include or exclude the matched values. @@ -22804,7 +22856,7 @@ components: description: The field in the log to match against the reference table. type: string ruleQueryName: - description: The name of the rule query to apply the reference table to. + description: The name of the query to apply the reference table to. type: string tableName: description: The name of the reference table. @@ -22835,7 +22887,7 @@ components: description: Case when signal is generated. properties: condition: - description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`) + description: 'A case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated based on the event counts in the previously defined queries.' @@ -22844,7 +22896,7 @@ components: description: Name of the case. type: string notifications: - description: Notification targets for each rule case. + description: Notification targets. items: description: Notification. type: string @@ -22906,7 +22958,8 @@ components: description: 'A time window is specified to match when at least one of the cases matches true. This is a sliding window - and evaluates in real time. For third party rules, this field is not used.' + and evaluates in real time. For third party detection method, this field is + not used.' enum: - 0 - 60 @@ -22935,7 +22988,7 @@ components: x-enum-varnames: - LOG4SHELL SecurityMonitoringRuleImpossibleTravelOptions: - description: Options on impossible travel rules. + description: Options on impossible travel detection method. properties: baselineUserLocations: $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptionsBaselineUserLocations' @@ -22951,7 +23004,7 @@ components: SecurityMonitoringRuleKeepAlive: description: "Once a signal is generated, the signal will remain \u201Copen\u201D if a case is matched at least once within\nthis keep alive window. For third - party rules, this field is not used." + party detection method, this field is not used." enum: - 0 - 60 @@ -23009,7 +23062,7 @@ components: - TWELVE_HOURS - ONE_DAY SecurityMonitoringRuleNewValueOptions: - description: Options on new value rules. + description: Options on new value detection method. properties: forgetAfter: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter' @@ -23079,7 +23132,7 @@ components: - ZERO_OCCURRENCES - ONE_OCCURRENCE SecurityMonitoringRuleOptions: - description: Options on rules. + description: Options. properties: complianceRuleOptions: $ref: '#/components/schemas/CloudConfigurationComplianceRuleOptions' @@ -23221,7 +23274,7 @@ components: type: array type: object SecurityMonitoringRuleThirdPartyOptions: - description: Options on third party rules. + description: Options on third party detection method. properties: defaultNotifications: description: Notification targets for the logs that do not correspond to @@ -24621,7 +24674,7 @@ components: description: Name of the case. type: string notifications: - description: Notification targets for each rule case. + description: Notification targets for each case. items: description: Notification. type: string diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen index f25fc13ebb08..34c6fa068485 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.695Z \ No newline at end of file +2024-12-18T17:02:38.823Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml index 840ac4bbad0d..42026a4affaf 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Wed, 18 Dec 2024 17:02:38 GMT request: body: encoding: UTF-8 @@ -17,32 +17,32 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"data":{"id":"f1753ed6-8c47-4168-9d6b-d11b9612fb3c","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"fa90e7ac-998d-4bf4-9d32-2e831a1e9479","type":"historicalDetectionsJob"}}' headers: Content-Type: - application/vnd.api+json status: code: 201 message: Created -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Wed, 18 Dec 2024 17:02:38 GMT request: body: null headers: Accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/f1753ed6-8c47-4168-9d6b-d11b9612fb3c + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/fa90e7ac-998d-4bf4-9d32-2e831a1e9479 response: body: encoding: UTF-8 - string: '{"data":{"id":"f1753ed6-8c47-4168-9d6b-d11b9612fb3c","type":"historicalDetectionsJob","attributes":{"createdAt":"2024-11-08 - 09:54:39.761792+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI + string: '{"data":{"id":"fa90e7ac-998d-4bf4-9d32-2e831a1e9479","type":"historicalDetectionsJob","attributes":{"createdAt":"2024-12-18 + 17:02:39.551791+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI Account","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive number of failed attempts.","cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A - large number of failed login attempts.","tags":[],"type":"log_detection","filters":[]},"jobName":"Excessive - number of failed attempts.","jobStatus":"pending","modifiedAt":"2024-11-08 - 09:54:39.761792+00"}}}' + large number of failed login attempts.","tags":[],"type":"log_detection"},"jobName":"Excessive + number of failed attempts.","jobStatus":"pending","modifiedAt":"2024-12-18 + 17:02:39.551791+00"}}}' headers: Content-Type: - application/vnd.api+json diff --git a/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.frozen index b45a44cb78fc..b139681f6487 100644 --- a/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.932Z \ No newline at end of file +2024-12-18T17:02:39.880Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.yml index 37e9d12e8a5a..240be933d3fe 100644 --- a/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Wed, 18 Dec 2024 17:02:39 GMT request: body: encoding: UTF-8 @@ -17,32 +17,32 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"data":{"id":"34df4a54-9d84-4b4c-bc7e-0464d374ee19","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"7b16f110-0ce9-46cd-9dad-b658ced2ac50","type":"historicalDetectionsJob"}}' headers: Content-Type: - application/vnd.api+json status: code: 201 message: Created -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Wed, 18 Dec 2024 17:02:39 GMT request: body: null headers: Accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs?filter%5Bquery%5D=id%3A34df4a54-9d84-4b4c-bc7e-0464d374ee19 + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs?filter%5Bquery%5D=id%3A7b16f110-0ce9-46cd-9dad-b658ced2ac50 response: body: encoding: UTF-8 - string: '{"data":[{"id":"34df4a54-9d84-4b4c-bc7e-0464d374ee19","type":"historicalDetectionsJob","attributes":{"createdAt":"2024-11-08 - 09:54:40.000915+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI + string: '{"data":[{"id":"7b16f110-0ce9-46cd-9dad-b658ced2ac50","type":"historicalDetectionsJob","attributes":{"createdAt":"2024-12-18 + 17:02:40.144396+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI Account","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive number of failed attempts.","cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A - large number of failed login attempts.","tags":[],"type":"log_detection","filters":[]},"jobName":"Excessive - number of failed attempts.","jobStatus":"pending","modifiedAt":"2024-11-08 - 09:54:40.000915+00"}}],"meta":{"totalCount":1}}' + large number of failed login attempts.","tags":[],"type":"log_detection"},"jobName":"Excessive + number of failed attempts.","jobStatus":"pending","modifiedAt":"2024-12-18 + 17:02:40.144396+00"}}],"meta":{"totalCount":1}}' headers: Content-Type: - application/vnd.api+json diff --git a/examples/v2/security-monitoring/RunHistoricalJob.rb b/examples/v2/security-monitoring/RunHistoricalJob.rb index 7a8b86a21bae..f4e8904f907d 100644 --- a/examples/v2/security-monitoring/RunHistoricalJob.rb +++ b/examples/v2/security-monitoring/RunHistoricalJob.rb @@ -14,7 +14,7 @@ type: "log_detection", name: "Excessive number of failed attempts.", queries: [ - DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({ + DatadogAPIClient::V2::HistoricalJobQuery.new({ query: "source:non_existing_src_weekend", aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT, group_by_fields: [], @@ -29,7 +29,7 @@ condition: "a > 1", }), ], - options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({ + options: DatadogAPIClient::V2::HistoricalJobOptions.new({ keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR, max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY, evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES, diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb index 4d25f686c381..7436dcdf6b8a 100644 --- a/lib/datadog_api_client/inflector.rb +++ b/lib/datadog_api_client/inflector.rb @@ -1611,6 +1611,8 @@ def overrides "v2.group_scalar_column" => "GroupScalarColumn", "v2.historical_job_data_type" => "HistoricalJobDataType", "v2.historical_job_list_meta" => "HistoricalJobListMeta", + "v2.historical_job_options" => "HistoricalJobOptions", + "v2.historical_job_query" => "HistoricalJobQuery", "v2.historical_job_response" => "HistoricalJobResponse", "v2.historical_job_response_attributes" => "HistoricalJobResponseAttributes", "v2.historical_job_response_data" => "HistoricalJobResponseData", diff --git a/lib/datadog_api_client/v2/models/historical_job_options.rb b/lib/datadog_api_client/v2/models/historical_job_options.rb new file mode 100644 index 000000000000..9c2f27a38785 --- /dev/null +++ b/lib/datadog_api_client/v2/models/historical_job_options.rb @@ -0,0 +1,168 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Job options. + class HistoricalJobOptions + include BaseGenericModel + + # The detection method. + attr_accessor :detection_method + + # A time window is specified to match when at least one of the cases matches true. This is a sliding window + # and evaluates in real time. For third party detection method, this field is not used. + attr_accessor :evaluation_window + + # Options on impossible travel detection method. + attr_accessor :impossible_travel_options + + # Once a signal is generated, the signal will remain “open” if a case is matched at least once within + # this keep alive window. For third party detection method, this field is not used. + attr_accessor :keep_alive + + # A signal will “close” regardless of the query being matched once the time exceeds the maximum duration. + # This time is calculated from the first seen timestamp. + attr_accessor :max_signal_duration + + # Options on new value detection method. + attr_accessor :new_value_options + + # Options on third party detection method. + attr_accessor :third_party_rule_options + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'detection_method' => :'detectionMethod', + :'evaluation_window' => :'evaluationWindow', + :'impossible_travel_options' => :'impossibleTravelOptions', + :'keep_alive' => :'keepAlive', + :'max_signal_duration' => :'maxSignalDuration', + :'new_value_options' => :'newValueOptions', + :'third_party_rule_options' => :'thirdPartyRuleOptions' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'detection_method' => :'SecurityMonitoringRuleDetectionMethod', + :'evaluation_window' => :'SecurityMonitoringRuleEvaluationWindow', + :'impossible_travel_options' => :'SecurityMonitoringRuleImpossibleTravelOptions', + :'keep_alive' => :'SecurityMonitoringRuleKeepAlive', + :'max_signal_duration' => :'SecurityMonitoringRuleMaxSignalDuration', + :'new_value_options' => :'SecurityMonitoringRuleNewValueOptions', + :'third_party_rule_options' => :'SecurityMonitoringRuleThirdPartyOptions' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::HistoricalJobOptions` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'detection_method') + self.detection_method = attributes[:'detection_method'] + end + + if attributes.key?(:'evaluation_window') + self.evaluation_window = attributes[:'evaluation_window'] + end + + if attributes.key?(:'impossible_travel_options') + self.impossible_travel_options = attributes[:'impossible_travel_options'] + end + + if attributes.key?(:'keep_alive') + self.keep_alive = attributes[:'keep_alive'] + end + + if attributes.key?(:'max_signal_duration') + self.max_signal_duration = attributes[:'max_signal_duration'] + end + + if attributes.key?(:'new_value_options') + self.new_value_options = attributes[:'new_value_options'] + end + + if attributes.key?(:'third_party_rule_options') + self.third_party_rule_options = attributes[:'third_party_rule_options'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + detection_method == o.detection_method && + evaluation_window == o.evaluation_window && + impossible_travel_options == o.impossible_travel_options && + keep_alive == o.keep_alive && + max_signal_duration == o.max_signal_duration && + new_value_options == o.new_value_options && + third_party_rule_options == o.third_party_rule_options && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [detection_method, evaluation_window, impossible_travel_options, keep_alive, max_signal_duration, new_value_options, third_party_rule_options, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/historical_job_query.rb b/lib/datadog_api_client/v2/models/historical_job_query.rb new file mode 100644 index 000000000000..0a345ca300ec --- /dev/null +++ b/lib/datadog_api_client/v2/models/historical_job_query.rb @@ -0,0 +1,171 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Query for selecting logs analyzed by the historical job. + class HistoricalJobQuery + include BaseGenericModel + + # The aggregation type. + attr_accessor :aggregation + + # Field for which the cardinality is measured. Sent as an array. + attr_accessor :distinct_fields + + # Fields to group by. + attr_accessor :group_by_fields + + # When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. + attr_accessor :has_optional_group_by_fields + + # Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. + attr_accessor :metrics + + # Name of the query. + attr_accessor :name + + # Query to run on logs. + attr_accessor :query + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'aggregation' => :'aggregation', + :'distinct_fields' => :'distinctFields', + :'group_by_fields' => :'groupByFields', + :'has_optional_group_by_fields' => :'hasOptionalGroupByFields', + :'metrics' => :'metrics', + :'name' => :'name', + :'query' => :'query' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'aggregation' => :'SecurityMonitoringRuleQueryAggregation', + :'distinct_fields' => :'Array', + :'group_by_fields' => :'Array', + :'has_optional_group_by_fields' => :'Boolean', + :'metrics' => :'Array', + :'name' => :'String', + :'query' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::HistoricalJobQuery` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'aggregation') + self.aggregation = attributes[:'aggregation'] + end + + if attributes.key?(:'distinct_fields') + if (value = attributes[:'distinct_fields']).is_a?(Array) + self.distinct_fields = value + end + end + + if attributes.key?(:'group_by_fields') + if (value = attributes[:'group_by_fields']).is_a?(Array) + self.group_by_fields = value + end + end + + if attributes.key?(:'has_optional_group_by_fields') + self.has_optional_group_by_fields = attributes[:'has_optional_group_by_fields'] + end + + if attributes.key?(:'metrics') + if (value = attributes[:'metrics']).is_a?(Array) + self.metrics = value + end + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + + if attributes.key?(:'query') + self.query = attributes[:'query'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + aggregation == o.aggregation && + distinct_fields == o.distinct_fields && + group_by_fields == o.group_by_fields && + has_optional_group_by_fields == o.has_optional_group_by_fields && + metrics == o.metrics && + name == o.name && + query == o.query && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [aggregation, distinct_fields, group_by_fields, has_optional_group_by_fields, metrics, name, query, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/job_definition.rb b/lib/datadog_api_client/v2/models/job_definition.rb index 077d283b76bd..88ca70f3430f 100644 --- a/lib/datadog_api_client/v2/models/job_definition.rb +++ b/lib/datadog_api_client/v2/models/job_definition.rb @@ -27,9 +27,6 @@ class JobDefinition # Cases used for generating job results. attr_reader :cases - # Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. - attr_accessor :filters - # Starting time of data analyzed by the job. attr_reader :from @@ -42,19 +39,19 @@ class JobDefinition # Job name. attr_reader :name - # Options on rules. + # Job options. attr_accessor :options # Queries for selecting logs analyzed by the job. attr_reader :queries - # Reference tables for the rule. + # Reference tables used in the queries. attr_accessor :reference_tables # Tags for generated signals. attr_accessor :tags - # Cases for generating results from third-party rules. Only available for third-party rules. + # Cases for generating results from third-party detection method. Only available for third-party detection method. attr_accessor :third_party_cases # Ending time of data analyzed by the job. @@ -71,7 +68,6 @@ def self.attribute_map { :'calculated_fields' => :'calculatedFields', :'cases' => :'cases', - :'filters' => :'filters', :'from' => :'from', :'index' => :'index', :'message' => :'message', @@ -92,13 +88,12 @@ def self.openapi_types { :'calculated_fields' => :'Array', :'cases' => :'Array', - :'filters' => :'Array', :'from' => :'Integer', :'index' => :'String', :'message' => :'String', :'name' => :'String', - :'options' => :'SecurityMonitoringRuleOptions', - :'queries' => :'Array', + :'options' => :'HistoricalJobOptions', + :'queries' => :'Array', :'reference_tables' => :'Array', :'tags' => :'Array', :'third_party_cases' => :'Array', @@ -137,12 +132,6 @@ def initialize(attributes = {}) end end - if attributes.key?(:'filters') - if (value = attributes[:'filters']).is_a?(Array) - self.filters = value - end - end - if attributes.key?(:'from') self.from = attributes[:'from'] end @@ -308,7 +297,6 @@ def ==(o) self.class == o.class && calculated_fields == o.calculated_fields && cases == o.cases && - filters == o.filters && from == o.from && index == o.index && message == o.message && @@ -327,7 +315,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [calculated_fields, cases, filters, from, index, message, name, options, queries, reference_tables, tags, third_party_cases, to, type, additional_properties].hash + [calculated_fields, cases, from, index, message, name, options, queries, reference_tables, tags, third_party_cases, to, type, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_reference_table.rb b/lib/datadog_api_client/v2/models/security_monitoring_reference_table.rb index 2273d00435a8..1a95cd9fcdbd 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_reference_table.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_reference_table.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # Reference table for the rule. + # Reference tables used in the queries. class SecurityMonitoringReferenceTable include BaseGenericModel @@ -30,7 +30,7 @@ class SecurityMonitoringReferenceTable # The field in the log to match against the reference table. attr_accessor :log_field_path - # The name of the rule query to apply the reference table to. + # The name of the query to apply the reference table to. attr_accessor :rule_query_name # The name of the reference table. diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_case_create.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_case_create.rb index c4285fd78e88..21f6abc22569 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_case_create.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_case_create.rb @@ -21,14 +21,14 @@ module DatadogAPIClient::V2 class SecurityMonitoringRuleCaseCreate include BaseGenericModel - # A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated + # A case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated # based on the event counts in the previously defined queries. attr_accessor :condition # Name of the case. attr_accessor :name - # Notification targets for each rule case. + # Notification targets. attr_accessor :notifications # Severity of the Security Signal. diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_evaluation_window.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_evaluation_window.rb index 86d2e5aab66e..d416a16d59de 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_evaluation_window.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_evaluation_window.rb @@ -18,7 +18,7 @@ module DatadogAPIClient::V2 # A time window is specified to match when at least one of the cases matches true. This is a sliding window - # and evaluates in real time. For third party rules, this field is not used. + # and evaluates in real time. For third party detection method, this field is not used. class SecurityMonitoringRuleEvaluationWindow include BaseEnumModel diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_impossible_travel_options.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_impossible_travel_options.rb index 190be946c5e4..66467b7402f1 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_impossible_travel_options.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_impossible_travel_options.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # Options on impossible travel rules. + # Options on impossible travel detection method. class SecurityMonitoringRuleImpossibleTravelOptions include BaseGenericModel diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_keep_alive.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_keep_alive.rb index f127efbd5468..e5ad08ae54fa 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_keep_alive.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_keep_alive.rb @@ -18,7 +18,7 @@ module DatadogAPIClient::V2 # Once a signal is generated, the signal will remain “open” if a case is matched at least once within - # this keep alive window. For third party rules, this field is not used. + # this keep alive window. For third party detection method, this field is not used. class SecurityMonitoringRuleKeepAlive include BaseEnumModel diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_new_value_options.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_new_value_options.rb index cbf034130227..c492dcb63777 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_new_value_options.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_new_value_options.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # Options on new value rules. + # Options on new value detection method. class SecurityMonitoringRuleNewValueOptions include BaseGenericModel diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb index 3e0f096459db..5f46c31aa2fc 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # Options on rules. + # Options. class SecurityMonitoringRuleOptions include BaseGenericModel @@ -35,27 +35,27 @@ class SecurityMonitoringRuleOptions attr_accessor :detection_method # A time window is specified to match when at least one of the cases matches true. This is a sliding window - # and evaluates in real time. For third party rules, this field is not used. + # and evaluates in real time. For third party detection method, this field is not used. attr_accessor :evaluation_window # Hardcoded evaluator type. attr_accessor :hardcoded_evaluator_type - # Options on impossible travel rules. + # Options on impossible travel detection method. attr_accessor :impossible_travel_options # Once a signal is generated, the signal will remain “open” if a case is matched at least once within - # this keep alive window. For third party rules, this field is not used. + # this keep alive window. For third party detection method, this field is not used. attr_accessor :keep_alive # A signal will “close” regardless of the query being matched once the time exceeds the maximum duration. # This time is calculated from the first seen timestamp. attr_accessor :max_signal_duration - # Options on new value rules. + # Options on new value detection method. attr_accessor :new_value_options - # Options on third party rules. + # Options on third party detection method. attr_accessor :third_party_rule_options attr_accessor :additional_properties diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_third_party_options.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_third_party_options.rb index f136e9fa967a..87e4e2b6a70a 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_third_party_options.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_third_party_options.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # Options on third party rules. + # Options on third party detection method. class SecurityMonitoringRuleThirdPartyOptions include BaseGenericModel diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb index fda82946c1cc..732fb2e649bb 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb @@ -42,7 +42,7 @@ class SecurityMonitoringRuleUpdatePayload # Name of the rule. attr_accessor :name - # Options on rules. + # Options. attr_accessor :options # Queries for selecting logs which are part of the rule. diff --git a/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_create_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_create_payload.rb index 079d712ea922..aea6399a15a8 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_create_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_create_payload.rb @@ -39,7 +39,7 @@ class SecurityMonitoringSignalRuleCreatePayload # The name of the rule. attr_reader :name - # Options on rules. + # Options. attr_reader :options # Queries for selecting signals which are part of the rule. diff --git a/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_payload.rb index 53976763a434..725ae7136642 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_payload.rb @@ -39,7 +39,7 @@ class SecurityMonitoringSignalRulePayload # The name of the rule. attr_reader :name - # Options on rules. + # Options. attr_reader :options # Queries for selecting signals which are part of the rule. diff --git a/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_response.rb b/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_response.rb index b4063a4c6bcf..751103ad3b62 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_response.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_signal_rule_response.rb @@ -57,7 +57,7 @@ class SecurityMonitoringSignalRuleResponse # The name of the rule. attr_accessor :name - # Options on rules. + # Options. attr_accessor :options # Queries for selecting logs which are part of the rule. diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb index 69887cfbcff9..4b53d3fdade4 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb @@ -39,7 +39,7 @@ class SecurityMonitoringStandardRuleCreatePayload # The name of the rule. attr_reader :name - # Options on rules. + # Options. attr_reader :options # Queries for selecting logs which are part of the rule. diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb index 2d5f6e6fcc6e..405d3e042d34 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb @@ -39,7 +39,7 @@ class SecurityMonitoringStandardRulePayload # The name of the rule. attr_reader :name - # Options on rules. + # Options. attr_reader :options # Queries for selecting logs which are part of the rule. diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb index d585ad004b61..f9ccc227d15a 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb @@ -63,7 +63,7 @@ class SecurityMonitoringStandardRuleResponse # The name of the rule. attr_accessor :name - # Options on rules. + # Options. attr_accessor :options # Queries for selecting logs which are part of the rule. diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb index 28eb0c8daf31..68bba7e4757d 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb @@ -39,7 +39,7 @@ class SecurityMonitoringStandardRuleTestPayload # The name of the rule. attr_reader :name - # Options on rules. + # Options. attr_reader :options # Queries for selecting logs which are part of the rule. diff --git a/lib/datadog_api_client/v2/models/security_monitoring_third_party_rule_case_create.rb b/lib/datadog_api_client/v2/models/security_monitoring_third_party_rule_case_create.rb index 6e16e0ea0d67..fdf4849d44ae 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_third_party_rule_case_create.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_third_party_rule_case_create.rb @@ -24,7 +24,7 @@ class SecurityMonitoringThirdPartyRuleCaseCreate # Name of the case. attr_accessor :name - # Notification targets for each rule case. + # Notification targets for each case. attr_accessor :notifications # A query to map a third party event to this case.