diff --git a/.apigentools-info b/.apigentools-info index a1ec4b9ee101..860370813c24 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2025-02-10 19:09:34.070491", - "spec_repo_commit": "824f78a1" + "regenerated": "2025-02-11 20:44:51.275730", + "spec_repo_commit": "b53b7d50" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2025-02-10 19:09:34.086424", - "spec_repo_commit": "824f78a1" + "regenerated": "2025-02-11 20:44:51.290833", + "spec_repo_commit": "b53b7d50" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 1cb9d8453bba..b39af6ab7b11 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -15657,6 +15657,15 @@ components: example: 1729843470000 format: int64 type: integer + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array index: description: Index used to load the data. example: cloud_siem @@ -24242,6 +24251,11 @@ components: SecurityMonitoringRuleCase: description: Case when signal is generated. properties: + actions: + description: Action to perform for each rule case. + items: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction' + type: array condition: description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated @@ -24260,9 +24274,42 @@ components: status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' type: object + SecurityMonitoringRuleCaseAction: + description: Action to perform when a signal is triggered. Only available for + Application Security rule type. + properties: + options: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptions' + type: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionType' + type: object + SecurityMonitoringRuleCaseActionOptions: + description: Options for the rule action + properties: + duration: + description: Duration of the action in seconds. 0 indicates no expiration. + example: 0 + format: int64 + minimum: 0 + type: integer + type: object + SecurityMonitoringRuleCaseActionType: + description: The action type. + enum: + - block_ip + - block_user + type: string + x-enum-varnames: + - BLOCK_IP + - BLOCK_USER SecurityMonitoringRuleCaseCreate: description: Case when signal is generated. properties: + actions: + description: Action to perform for each rule case. + items: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction' + type: array condition: description: 'A case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated @@ -24724,6 +24771,15 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. @@ -25429,6 +25485,15 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. @@ -25501,6 +25566,15 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. @@ -25642,6 +25716,15 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. @@ -25719,6 +25802,15 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. @@ -49972,7 +50064,7 @@ tags: for more information. name: CI Visibility Pipelines - description: Search or aggregate your CI Visibility test events over HTTP. See the - [Test Visibility in Datadog page](https://docs.datadoghq.com/tests/) for more + [Test Optimization in Datadog](https://docs.datadoghq.com/tests/) page for more information. name: CI Visibility Tests - description: 'Datadog Cloud Security Management (CSM) delivers real-time threat diff --git a/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.frozen new file mode 100644 index 000000000000..7a935c1425be --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.frozen @@ -0,0 +1 @@ +2025-02-06T16:50:39.787Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.yml new file mode 100644 index 000000000000..054e6d146bf6 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-type-application-security-returns-OK-response.yml @@ -0,0 +1,46 @@ +http_interactions: +- recorded_at: Thu, 06 Feb 2025 16:50:39 GMT + request: + body: + encoding: UTF-8 + string: '{"cases":[{"actions":[{"options":{"duration":900},"type":"block_ip"}],"condition":"a + > 100000","name":"","notifications":[],"status":"info"}],"filters":[],"groupSignalsBy":["service"],"isEnabled":true,"message":"Test + rule","name":"Test-Create_a_detection_rule_with_type_application_security_returns_OK_response-1738860639_appsec_rule","options":{"detectionMethod":"threshold","evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":["service","@http.client_ip"],"query":"@appsec.security_activity:business_logic.users.login.failure"}],"tags":[],"type":"application_security"}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules + response: + body: + encoding: UTF-8 + string: '{"name":"Test-Create_a_detection_rule_with_type_application_security_returns_OK_response-1738860639_appsec_rule","createdAt":1738860640426,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","groupByFields":["service","@http.client_ip"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"app_sec_spans"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + \u003e 100000","actions":[{"type":"block_ip","options":{"duration":900}}]}],"message":"Test + rule","tags":[],"hasExtendedTitle":false,"type":"application_security","filters":[],"version":1,"id":"rfn-h2v-udr","blocking":true,"groupSignalsBy":["service"],"casesActions":[[{"type":"block_ip","options":{"duration":900}}]],"dependencies":["business_logic.users.login.failure"],"metadata":{"entities":null,"sources":null},"creator":{"handle":"","name":""},"updater":{"handle":"","name":""}}' + headers: + Content-Type: + - application/json + status: + code: 200 + message: OK +- recorded_at: Thu, 06 Feb 2025 16:50:39 GMT + request: + body: null + headers: + Accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/rfn-h2v-udr + response: + body: + encoding: UTF-8 + string: '{"status":"404","title":"Not Found"}' + headers: + Content-Type: + - application/json + status: + code: 404 + message: Not Found +recorded_with: VCR 6.0.0 diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.rb b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.rb new file mode 100644 index 000000000000..2dc963adfc2f --- /dev/null +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.rb @@ -0,0 +1,50 @@ +# Create a detection rule with type 'application_security 'returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +body = DatadogAPIClient::V2::SecurityMonitoringStandardRuleCreatePayload.new({ + type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::APPLICATION_SECURITY, + name: "Example-Security-Monitoring_appsec_rule", + queries: [ + DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({ + query: "@appsec.security_activity:business_logic.users.login.failure", + aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT, + group_by_fields: [ + "service", + "@http.client_ip", + ], + distinct_fields: [], + }), + ], + filters: [], + cases: [ + DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({ + name: "", + status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO, + notifications: [], + condition: "a > 100000", + actions: [ + DatadogAPIClient::V2::SecurityMonitoringRuleCaseAction.new({ + type: DatadogAPIClient::V2::SecurityMonitoringRuleCaseActionType::BLOCK_IP, + options: DatadogAPIClient::V2::SecurityMonitoringRuleCaseActionOptions.new({ + duration: 900, + }), + }), + ], + }), + ], + options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({ + keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR, + max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY, + evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES, + detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::THRESHOLD, + }), + is_enabled: true, + message: "Test rule", + tags: [], + group_signals_by: [ + "service", + ], +}) +p api_instance.create_security_monitoring_rule(body) diff --git a/features/v2/ci_visibility_tests.feature b/features/v2/ci_visibility_tests.feature index 9d6f849b2050..3c5ebc791652 100644 --- a/features/v2/ci_visibility_tests.feature +++ b/features/v2/ci_visibility_tests.feature @@ -1,7 +1,7 @@ @endpoint(ci-visibility-tests) @endpoint(ci-visibility-tests-v2) Feature: CI Visibility Tests Search or aggregate your CI Visibility test events over HTTP. See the - [Test Visibility in Datadog page](https://docs.datadoghq.com/tests/) for + [Test Optimization in Datadog](https://docs.datadoghq.com/tests/) page for more information. Background: diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index aaea07a9f8a7..ec4c3d3f39d9 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -200,6 +200,16 @@ Feature: Security Monitoring And the response "options.detectionMethod" is equal to "third_party" And the response "thirdPartyCases[0].query" is equal to "status:error" + @skip-validation @team:DataDog/k9-cloud-security-platform + Scenario: Create a detection rule with type 'application_security 'returns "OK" response + Given new "CreateSecurityMonitoringRule" request + And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]} + When the request is sent + Then the response status is 200 OK + And the response "name" is equal to "{{ unique }}_appsec_rule" + And the response "type" is equal to "application_security" + And the response "message" is equal to "Test rule" + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule with type 'impossible_travel' returns "OK" response Given new "CreateSecurityMonitoringRule" request diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb index d77c46229ab8..13a8ac72c0e0 100644 --- a/lib/datadog_api_client/inflector.rb +++ b/lib/datadog_api_client/inflector.rb @@ -2420,6 +2420,9 @@ def overrides "v2.security_monitoring_list_rules_response" => "SecurityMonitoringListRulesResponse", "v2.security_monitoring_reference_table" => "SecurityMonitoringReferenceTable", "v2.security_monitoring_rule_case" => "SecurityMonitoringRuleCase", + "v2.security_monitoring_rule_case_action" => "SecurityMonitoringRuleCaseAction", + "v2.security_monitoring_rule_case_action_options" => "SecurityMonitoringRuleCaseActionOptions", + "v2.security_monitoring_rule_case_action_type" => "SecurityMonitoringRuleCaseActionType", "v2.security_monitoring_rule_case_create" => "SecurityMonitoringRuleCaseCreate", "v2.security_monitoring_rule_convert_payload" => "SecurityMonitoringRuleConvertPayload", "v2.security_monitoring_rule_convert_response" => "SecurityMonitoringRuleConvertResponse", diff --git a/lib/datadog_api_client/v2/models/job_definition.rb b/lib/datadog_api_client/v2/models/job_definition.rb index 88ca70f3430f..990c37537802 100644 --- a/lib/datadog_api_client/v2/models/job_definition.rb +++ b/lib/datadog_api_client/v2/models/job_definition.rb @@ -30,6 +30,9 @@ class JobDefinition # Starting time of data analyzed by the job. attr_reader :from + # Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + attr_accessor :group_signals_by + # Index used to load the data. attr_reader :index @@ -69,6 +72,7 @@ def self.attribute_map :'calculated_fields' => :'calculatedFields', :'cases' => :'cases', :'from' => :'from', + :'group_signals_by' => :'groupSignalsBy', :'index' => :'index', :'message' => :'message', :'name' => :'name', @@ -89,6 +93,7 @@ def self.openapi_types :'calculated_fields' => :'Array', :'cases' => :'Array', :'from' => :'Integer', + :'group_signals_by' => :'Array', :'index' => :'String', :'message' => :'String', :'name' => :'String', @@ -136,6 +141,12 @@ def initialize(attributes = {}) self.from = attributes[:'from'] end + if attributes.key?(:'group_signals_by') + if (value = attributes[:'group_signals_by']).is_a?(Array) + self.group_signals_by = value + end + end + if attributes.key?(:'index') self.index = attributes[:'index'] end @@ -298,6 +309,7 @@ def ==(o) calculated_fields == o.calculated_fields && cases == o.cases && from == o.from && + group_signals_by == o.group_signals_by && index == o.index && message == o.message && name == o.name && @@ -315,7 +327,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [calculated_fields, cases, from, index, message, name, options, queries, reference_tables, tags, third_party_cases, to, type, additional_properties].hash + [calculated_fields, cases, from, group_signals_by, index, message, name, options, queries, reference_tables, tags, third_party_cases, to, type, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_case.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_case.rb index 806538f39250..ac7c35ea8df5 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_case.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_case.rb @@ -21,6 +21,9 @@ module DatadogAPIClient::V2 class SecurityMonitoringRuleCase include BaseGenericModel + # Action to perform for each rule case. + attr_accessor :actions + # A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated # based on the event counts in the previously defined queries. attr_accessor :condition @@ -40,6 +43,7 @@ class SecurityMonitoringRuleCase # @!visibility private def self.attribute_map { + :'actions' => :'actions', :'condition' => :'condition', :'name' => :'name', :'notifications' => :'notifications', @@ -51,6 +55,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'actions' => :'Array', :'condition' => :'String', :'name' => :'String', :'notifications' => :'Array', @@ -76,6 +81,12 @@ def initialize(attributes = {}) end } + if attributes.key?(:'actions') + if (value = attributes[:'actions']).is_a?(Array) + self.actions = value + end + end + if attributes.key?(:'condition') self.condition = attributes[:'condition'] end @@ -121,6 +132,7 @@ def to_hash def ==(o) return true if self.equal?(o) self.class == o.class && + actions == o.actions && condition == o.condition && name == o.name && notifications == o.notifications && @@ -132,7 +144,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [condition, name, notifications, status, additional_properties].hash + [actions, condition, name, notifications, status, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_case_action.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_case_action.rb new file mode 100644 index 000000000000..70d85d9c1671 --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_case_action.rb @@ -0,0 +1,115 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Action to perform when a signal is triggered. Only available for Application Security rule type. + class SecurityMonitoringRuleCaseAction + include BaseGenericModel + + # Options for the rule action + attr_accessor :options + + # The action type. + attr_accessor :type + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'options' => :'options', + :'type' => :'type' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'options' => :'SecurityMonitoringRuleCaseActionOptions', + :'type' => :'SecurityMonitoringRuleCaseActionType' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityMonitoringRuleCaseAction` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'options') + self.options = attributes[:'options'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + options == o.options && + type == o.type && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [options, type, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_case_action_options.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_case_action_options.rb new file mode 100644 index 000000000000..72d3a85bd6dd --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_case_action_options.rb @@ -0,0 +1,123 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Options for the rule action + class SecurityMonitoringRuleCaseActionOptions + include BaseGenericModel + + # Duration of the action in seconds. 0 indicates no expiration. + attr_reader :duration + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'duration' => :'duration' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'duration' => :'Integer' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityMonitoringRuleCaseActionOptions` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'duration') + self.duration = attributes[:'duration'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if !@duration.nil? && @duration < 0 + true + end + + # Custom attribute writer method with validation + # @param duration [Object] Object to be assigned + # @!visibility private + def duration=(duration) + if !duration.nil? && duration < 0 + fail ArgumentError, 'invalid value for "duration", must be greater than or equal to 0.' + end + @duration = duration + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + duration == o.duration && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [duration, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_case_action_type.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_case_action_type.rb new file mode 100644 index 000000000000..f55ab3c361ef --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_case_action_type.rb @@ -0,0 +1,27 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # The action type. + class SecurityMonitoringRuleCaseActionType + include BaseEnumModel + + BLOCK_IP = "block_ip".freeze + BLOCK_USER = "block_user".freeze + end +end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_case_create.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_case_create.rb index 21f6abc22569..1371cb8636db 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_case_create.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_case_create.rb @@ -21,6 +21,9 @@ module DatadogAPIClient::V2 class SecurityMonitoringRuleCaseCreate include BaseGenericModel + # Action to perform for each rule case. + attr_accessor :actions + # A case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated # based on the event counts in the previously defined queries. attr_accessor :condition @@ -40,6 +43,7 @@ class SecurityMonitoringRuleCaseCreate # @!visibility private def self.attribute_map { + :'actions' => :'actions', :'condition' => :'condition', :'name' => :'name', :'notifications' => :'notifications', @@ -51,6 +55,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'actions' => :'Array', :'condition' => :'String', :'name' => :'String', :'notifications' => :'Array', @@ -76,6 +81,12 @@ def initialize(attributes = {}) end } + if attributes.key?(:'actions') + if (value = attributes[:'actions']).is_a?(Array) + self.actions = value + end + end + if attributes.key?(:'condition') self.condition = attributes[:'condition'] end @@ -139,6 +150,7 @@ def to_hash def ==(o) return true if self.equal?(o) self.class == o.class && + actions == o.actions && condition == o.condition && name == o.name && notifications == o.notifications && @@ -150,7 +162,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [condition, name, notifications, status, additional_properties].hash + [actions, condition, name, notifications, status, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb index 732fb2e649bb..ce105bfa347d 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb @@ -30,6 +30,9 @@ class SecurityMonitoringRuleUpdatePayload # Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. attr_accessor :filters + # Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + attr_accessor :group_signals_by + # Whether the notifications include the triggering group-by values in their title. attr_accessor :has_extended_title @@ -69,6 +72,7 @@ def self.attribute_map :'cases' => :'cases', :'compliance_signal_options' => :'complianceSignalOptions', :'filters' => :'filters', + :'group_signals_by' => :'groupSignalsBy', :'has_extended_title' => :'hasExtendedTitle', :'is_enabled' => :'isEnabled', :'message' => :'message', @@ -89,6 +93,7 @@ def self.openapi_types :'cases' => :'Array', :'compliance_signal_options' => :'CloudConfigurationRuleComplianceSignalOptions', :'filters' => :'Array', + :'group_signals_by' => :'Array', :'has_extended_title' => :'Boolean', :'is_enabled' => :'Boolean', :'message' => :'String', @@ -136,6 +141,12 @@ def initialize(attributes = {}) end end + if attributes.key?(:'group_signals_by') + if (value = attributes[:'group_signals_by']).is_a?(Array) + self.group_signals_by = value + end + end + if attributes.key?(:'has_extended_title') self.has_extended_title = attributes[:'has_extended_title'] end @@ -232,6 +243,7 @@ def ==(o) cases == o.cases && compliance_signal_options == o.compliance_signal_options && filters == o.filters && + group_signals_by == o.group_signals_by && has_extended_title == o.has_extended_title && is_enabled == o.is_enabled && message == o.message && @@ -249,7 +261,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, compliance_signal_options, filters, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, version, additional_properties].hash + [cases, compliance_signal_options, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, version, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb index 4b53d3fdade4..4eed6ac5979c 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb @@ -27,6 +27,9 @@ class SecurityMonitoringStandardRuleCreatePayload # Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. attr_accessor :filters + # Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + attr_accessor :group_signals_by + # Whether the notifications include the triggering group-by values in their title. attr_accessor :has_extended_title @@ -65,6 +68,7 @@ def self.attribute_map { :'cases' => :'cases', :'filters' => :'filters', + :'group_signals_by' => :'groupSignalsBy', :'has_extended_title' => :'hasExtendedTitle', :'is_enabled' => :'isEnabled', :'message' => :'message', @@ -84,6 +88,7 @@ def self.openapi_types { :'cases' => :'Array', :'filters' => :'Array', + :'group_signals_by' => :'Array', :'has_extended_title' => :'Boolean', :'is_enabled' => :'Boolean', :'message' => :'String', @@ -127,6 +132,12 @@ def initialize(attributes = {}) end end + if attributes.key?(:'group_signals_by') + if (value = attributes[:'group_signals_by']).is_a?(Array) + self.group_signals_by = value + end + end + if attributes.key?(:'has_extended_title') self.has_extended_title = attributes[:'has_extended_title'] end @@ -277,6 +288,7 @@ def ==(o) self.class == o.class && cases == o.cases && filters == o.filters && + group_signals_by == o.group_signals_by && has_extended_title == o.has_extended_title && is_enabled == o.is_enabled && message == o.message && @@ -294,7 +306,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, filters, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, additional_properties].hash + [cases, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb index 405d3e042d34..a1a899ea0e86 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb @@ -27,6 +27,9 @@ class SecurityMonitoringStandardRulePayload # Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. attr_accessor :filters + # Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + attr_accessor :group_signals_by + # Whether the notifications include the triggering group-by values in their title. attr_accessor :has_extended_title @@ -65,6 +68,7 @@ def self.attribute_map { :'cases' => :'cases', :'filters' => :'filters', + :'group_signals_by' => :'groupSignalsBy', :'has_extended_title' => :'hasExtendedTitle', :'is_enabled' => :'isEnabled', :'message' => :'message', @@ -84,6 +88,7 @@ def self.openapi_types { :'cases' => :'Array', :'filters' => :'Array', + :'group_signals_by' => :'Array', :'has_extended_title' => :'Boolean', :'is_enabled' => :'Boolean', :'message' => :'String', @@ -127,6 +132,12 @@ def initialize(attributes = {}) end end + if attributes.key?(:'group_signals_by') + if (value = attributes[:'group_signals_by']).is_a?(Array) + self.group_signals_by = value + end + end + if attributes.key?(:'has_extended_title') self.has_extended_title = attributes[:'has_extended_title'] end @@ -277,6 +288,7 @@ def ==(o) self.class == o.class && cases == o.cases && filters == o.filters && + group_signals_by == o.group_signals_by && has_extended_title == o.has_extended_title && is_enabled == o.is_enabled && message == o.message && @@ -294,7 +306,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, filters, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, additional_properties].hash + [cases, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb index f9ccc227d15a..955957e0a500 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb @@ -42,6 +42,9 @@ class SecurityMonitoringStandardRuleResponse # Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. attr_accessor :filters + # Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + attr_accessor :group_signals_by + # Whether the notifications include the triggering group-by values in their title. attr_accessor :has_extended_title @@ -103,6 +106,7 @@ def self.attribute_map :'default_tags' => :'defaultTags', :'deprecation_date' => :'deprecationDate', :'filters' => :'filters', + :'group_signals_by' => :'groupSignalsBy', :'has_extended_title' => :'hasExtendedTitle', :'id' => :'id', :'is_default' => :'isDefault', @@ -133,6 +137,7 @@ def self.openapi_types :'default_tags' => :'Array', :'deprecation_date' => :'Integer', :'filters' => :'Array', + :'group_signals_by' => :'Array', :'has_extended_title' => :'Boolean', :'id' => :'String', :'is_default' => :'Boolean', @@ -204,6 +209,12 @@ def initialize(attributes = {}) end end + if attributes.key?(:'group_signals_by') + if (value = attributes[:'group_signals_by']).is_a?(Array) + self.group_signals_by = value + end + end + if attributes.key?(:'has_extended_title') self.has_extended_title = attributes[:'has_extended_title'] end @@ -310,6 +321,7 @@ def ==(o) default_tags == o.default_tags && deprecation_date == o.deprecation_date && filters == o.filters && + group_signals_by == o.group_signals_by && has_extended_title == o.has_extended_title && id == o.id && is_default == o.is_default && @@ -333,7 +345,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, compliance_signal_options, created_at, creation_author_id, default_tags, deprecation_date, filters, has_extended_title, id, is_default, is_deleted, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, update_author_id, updated_at, version, additional_properties].hash + [cases, compliance_signal_options, created_at, creation_author_id, default_tags, deprecation_date, filters, group_signals_by, has_extended_title, id, is_default, is_deleted, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, update_author_id, updated_at, version, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb index 68bba7e4757d..3dfafe0976c4 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb @@ -27,6 +27,9 @@ class SecurityMonitoringStandardRuleTestPayload # Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. attr_accessor :filters + # Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + attr_accessor :group_signals_by + # Whether the notifications include the triggering group-by values in their title. attr_accessor :has_extended_title @@ -65,6 +68,7 @@ def self.attribute_map { :'cases' => :'cases', :'filters' => :'filters', + :'group_signals_by' => :'groupSignalsBy', :'has_extended_title' => :'hasExtendedTitle', :'is_enabled' => :'isEnabled', :'message' => :'message', @@ -84,6 +88,7 @@ def self.openapi_types { :'cases' => :'Array', :'filters' => :'Array', + :'group_signals_by' => :'Array', :'has_extended_title' => :'Boolean', :'is_enabled' => :'Boolean', :'message' => :'String', @@ -127,6 +132,12 @@ def initialize(attributes = {}) end end + if attributes.key?(:'group_signals_by') + if (value = attributes[:'group_signals_by']).is_a?(Array) + self.group_signals_by = value + end + end + if attributes.key?(:'has_extended_title') self.has_extended_title = attributes[:'has_extended_title'] end @@ -277,6 +288,7 @@ def ==(o) self.class == o.class && cases == o.cases && filters == o.filters && + group_signals_by == o.group_signals_by && has_extended_title == o.has_extended_title && is_enabled == o.is_enabled && message == o.message && @@ -294,7 +306,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, filters, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, additional_properties].hash + [cases, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, additional_properties].hash end end end