diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index cb3f6062e016..21b4b1eb3c68 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -433,6 +433,13 @@ components: required: true schema: type: string + HistoricalSignalID: + description: The ID of the historical signal. + in: path + name: histsignal_id + required: true + schema: + type: string IncidentAttachmentFilterQueryParameter: description: Specifies which types of attachments are included in the response. explode: false @@ -745,6 +752,58 @@ components: required: true schema: type: string + QueryFilterFrom: + description: The minimum timestamp for requested security signals. + example: '2019-01-02T09:42:36.320Z' + in: query + name: filter[from] + required: false + schema: + format: date-time + type: string + QueryFilterSearch: + description: The search query for security signals. + example: security:attack status:high + in: query + name: filter[query] + required: false + schema: + type: string + QueryFilterTo: + description: The maximum timestamp for requested security signals. + example: '2019-01-03T09:42:36.320Z' + in: query + name: filter[to] + required: false + schema: + format: date-time + type: string + QueryPageCursor: + description: A list of results using the cursor provided in the previous query. + example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== + in: query + name: page[cursor] + required: false + schema: + type: string + QueryPageLimit: + description: The maximum number of security signals in the response. + example: 25 + in: query + name: page[limit] + required: false + schema: + default: 10 + format: int32 + maximum: 1000 + type: integer + QuerySort: + description: The order of the security signals in results. + in: query + name: sort + required: false + schema: + $ref: '#/components/schemas/SecurityMonitoringSignalsSort' RelationInclude: description: Include relationship data. explode: true @@ -65338,52 +65397,12 @@ paths: security signals.' operationId: ListSecurityMonitoringSignals parameters: - - description: The search query for security signals. - example: security:attack status:high - in: query - name: filter[query] - required: false - schema: - type: string - - description: The minimum timestamp for requested security signals. - example: '2019-01-02T09:42:36.320Z' - in: query - name: filter[from] - required: false - schema: - format: date-time - type: string - - description: The maximum timestamp for requested security signals. - example: '2019-01-03T09:42:36.320Z' - in: query - name: filter[to] - required: false - schema: - format: date-time - type: string - - description: The order of the security signals in results. - in: query - name: sort - required: false - schema: - $ref: '#/components/schemas/SecurityMonitoringSignalsSort' - - description: A list of results using the cursor provided in the previous query. - example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ== - in: query - name: page[cursor] - required: false - schema: - type: string - - description: The maximum number of security signals in the response. - example: 25 - in: query - name: page[limit] - required: false - schema: - default: 10 - format: int32 - maximum: 1000 - type: integer + - $ref: '#/components/parameters/QueryFilterSearch' + - $ref: '#/components/parameters/QueryFilterFrom' + - $ref: '#/components/parameters/QueryFilterTo' + - $ref: '#/components/parameters/QuerySort' + - $ref: '#/components/parameters/QueryPageCursor' + - $ref: '#/components/parameters/QueryPageLimit' responses: '200': content: @@ -66664,6 +66683,123 @@ paths: permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is deprecated.' + /api/v2/siem-historical-detections/histsignals: + get: + description: List hist signals. + operationId: ListSecurityMonitoringHistsignals + parameters: + - $ref: '#/components/parameters/QueryFilterSearch' + - $ref: '#/components/parameters/QueryFilterFrom' + - $ref: '#/components/parameters/QueryFilterTo' + - $ref: '#/components/parameters/QuerySort' + - $ref: '#/components/parameters/QueryPageCursor' + - $ref: '#/components/parameters/QueryPageLimit' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_read + summary: List hist signals + tags: + - Security Monitoring + x-permission: + operator: OR + permissions: + - security_monitoring_signals_read + x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. + + Please check the documentation regularly for updates.' + /api/v2/siem-historical-detections/histsignals/search: + get: + description: Search hist signals. + operationId: SearchSecurityMonitoringHistsignals + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSignalListRequest' + required: false + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_read + summary: Search hist signals + tags: + - Security Monitoring + x-permission: + operator: OR + permissions: + - security_monitoring_signals_read + x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. + + Please check the documentation regularly for updates.' + /api/v2/siem-historical-detections/histsignals/{histsignal_id}: + get: + description: Get a hist signal's details. + operationId: GetSecurityMonitoringHistsignal + parameters: + - $ref: '#/components/parameters/HistoricalSignalID' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSignalResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_read + summary: Get a hist signal's details + tags: + - Security Monitoring + x-permission: + operator: OR + permissions: + - security_monitoring_signals_read + x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. + + Please check the documentation regularly for updates.' /api/v2/siem-historical-detections/jobs: get: description: List historical jobs. @@ -66885,6 +67021,48 @@ paths: - security_monitoring_rules_write x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. + Please check the documentation regularly for updates.' + /api/v2/siem-historical-detections/jobs/{job_id}/histsignals: + get: + description: Get a job's hist signals. + operationId: GetSecurityMonitoringHistsignalsByJobId + parameters: + - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/QueryFilterSearch' + - $ref: '#/components/parameters/QueryFilterFrom' + - $ref: '#/components/parameters/QueryFilterTo' + - $ref: '#/components/parameters/QuerySort' + - $ref: '#/components/parameters/QueryPageCursor' + - $ref: '#/components/parameters/QueryPageLimit' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_read + summary: Get a job's hist signals + tags: + - Security Monitoring + x-permission: + operator: OR + permissions: + - security_monitoring_signals_read + x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. + Please check the documentation regularly for updates.' /api/v2/slo/report: post: diff --git a/examples/v2/security-monitoring/GetSecurityMonitoringHistsignal.rb b/examples/v2/security-monitoring/GetSecurityMonitoringHistsignal.rb new file mode 100644 index 000000000000..f4f8814424f9 --- /dev/null +++ b/examples/v2/security-monitoring/GetSecurityMonitoringHistsignal.rb @@ -0,0 +1,8 @@ +# Get a hist signal's details returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.get_security_monitoring_histsignal".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +p api_instance.get_security_monitoring_histsignal("histsignal_id") diff --git a/examples/v2/security-monitoring/GetSecurityMonitoringHistsignalsByJobId.rb b/examples/v2/security-monitoring/GetSecurityMonitoringHistsignalsByJobId.rb new file mode 100644 index 000000000000..93004ca3b66f --- /dev/null +++ b/examples/v2/security-monitoring/GetSecurityMonitoringHistsignalsByJobId.rb @@ -0,0 +1,8 @@ +# Get a job's hist signals returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.get_security_monitoring_histsignals_by_job_id".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +p api_instance.get_security_monitoring_histsignals_by_job_id("job_id") diff --git a/examples/v2/security-monitoring/ListSecurityMonitoringHistsignals.rb b/examples/v2/security-monitoring/ListSecurityMonitoringHistsignals.rb new file mode 100644 index 000000000000..eacf635a1f3a --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityMonitoringHistsignals.rb @@ -0,0 +1,8 @@ +# List hist signals returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.list_security_monitoring_histsignals".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +p api_instance.list_security_monitoring_histsignals() diff --git a/examples/v2/security-monitoring/SearchSecurityMonitoringHistsignals.rb b/examples/v2/security-monitoring/SearchSecurityMonitoringHistsignals.rb new file mode 100644 index 000000000000..f267d51c78ad --- /dev/null +++ b/examples/v2/security-monitoring/SearchSecurityMonitoringHistsignals.rb @@ -0,0 +1,24 @@ +# Search hist signals returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.search_security_monitoring_histsignals".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +body = DatadogAPIClient::V2::SecurityMonitoringSignalListRequest.new({ + filter: DatadogAPIClient::V2::SecurityMonitoringSignalListRequestFilter.new({ + from: "2019-01-02T09:42:36.320Z", + query: "security:attack status:high", + to: "2019-01-03T09:42:36.320Z", + }), + page: DatadogAPIClient::V2::SecurityMonitoringSignalListRequestPage.new({ + cursor: "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==", + limit: 25, + }), + sort: DatadogAPIClient::V2::SecurityMonitoringSignalsSort::TIMESTAMP_ASCENDING, +}) +opts = { + body: body, +} +p api_instance.search_security_monitoring_histsignals(opts) diff --git a/features/scenarios_model_mapping.rb b/features/scenarios_model_mapping.rb index 239fb418a38b..79554dd63e71 100644 --- a/features/scenarios_model_mapping.rb +++ b/features/scenarios_model_mapping.rb @@ -1437,6 +1437,20 @@ "signal_id" => "String", "body" => "SecurityMonitoringSignalStateUpdateRequest", }, + "v2.ListSecurityMonitoringHistsignals" => { + "filter_query" => "String", + "filter_from" => "Time", + "filter_to" => "Time", + "sort" => "SecurityMonitoringSignalsSort", + "page_cursor" => "String", + "page_limit" => "Integer", + }, + "v2.SearchSecurityMonitoringHistsignals" => { + "body" => "SecurityMonitoringSignalListRequest", + }, + "v2.GetSecurityMonitoringHistsignal" => { + "histsignal_id" => "String", + }, "v2.ListHistoricalJobs" => { "page_size" => "Integer", "page_number" => "Integer", @@ -1458,6 +1472,15 @@ "v2.CancelHistoricalJob" => { "job_id" => "String", }, + "v2.GetSecurityMonitoringHistsignalsByJobId" => { + "job_id" => "String", + "filter_query" => "String", + "filter_from" => "Time", + "filter_to" => "Time", + "sort" => "SecurityMonitoringSignalsSort", + "page_cursor" => "String", + "page_limit" => "Integer", + }, "v2.ListContainerImages" => { "filter_tags" => "String", "group_by" => "String", diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 89424290ce17..c06b0abac08b 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -591,6 +591,30 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "data.attributes.evaluation" is equal to "pass" + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get a hist signal's details returns "Bad Request" response + Given operation "GetSecurityMonitoringHistsignal" enabled + And new "GetSecurityMonitoringHistsignal" request + And request contains "histsignal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get a hist signal's details returns "Not Found" response + Given operation "GetSecurityMonitoringHistsignal" enabled + And new "GetSecurityMonitoringHistsignal" request + And request contains "histsignal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get a hist signal's details returns "OK" response + Given operation "GetSecurityMonitoringHistsignal" enabled + And new "GetSecurityMonitoringHistsignal" request + And request contains "histsignal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 200 OK + @team:DataDog/k9-cloud-security-platform Scenario: Get a job's details returns "Bad Request" response Given operation "GetHistoricalJob" enabled @@ -617,6 +641,30 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get a job's hist signals returns "Bad Request" response + Given operation "GetSecurityMonitoringHistsignalsByJobId" enabled + And new "GetSecurityMonitoringHistsignalsByJobId" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get a job's hist signals returns "Not Found" response + Given operation "GetSecurityMonitoringHistsignalsByJobId" enabled + And new "GetSecurityMonitoringHistsignalsByJobId" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get a job's hist signals returns "OK" response + Given operation "GetSecurityMonitoringHistsignalsByJobId" enabled + And new "GetSecurityMonitoringHistsignalsByJobId" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Get a list of security signals returns "Bad Request" response Given new "SearchSecurityMonitoringSignals" request @@ -942,6 +990,27 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: List hist signals returns "Bad Request" response + Given operation "ListSecurityMonitoringHistsignals" enabled + And new "ListSecurityMonitoringHistsignals" request + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: List hist signals returns "Not Found" response + Given operation "ListSecurityMonitoringHistsignals" enabled + And new "ListSecurityMonitoringHistsignals" request + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: List hist signals returns "OK" response + Given operation "ListSecurityMonitoringHistsignals" enabled + And new "ListSecurityMonitoringHistsignals" request + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: List historical jobs returns "Bad Request" response Given operation "ListHistoricalJobs" enabled @@ -1186,6 +1255,30 @@ Feature: Security Monitoring When the request is sent Then the response status is 201 Status created + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Search hist signals returns "Bad Request" response + Given operation "SearchSecurityMonitoringHistsignals" enabled + And new "SearchSecurityMonitoringHistsignals" request + And body with value {"filter": {"from": "2019-01-02T09:42:36.320Z", "query": "security:attack status:high", "to": "2019-01-03T09:42:36.320Z"}, "page": {"cursor": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==", "limit": 25}, "sort": "timestamp"} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Search hist signals returns "Not Found" response + Given operation "SearchSecurityMonitoringHistsignals" enabled + And new "SearchSecurityMonitoringHistsignals" request + And body with value {"filter": {"from": "2019-01-02T09:42:36.320Z", "query": "security:attack status:high", "to": "2019-01-03T09:42:36.320Z"}, "page": {"cursor": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==", "limit": 25}, "sort": "timestamp"} + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Search hist signals returns "OK" response + Given operation "SearchSecurityMonitoringHistsignals" enabled + And new "SearchSecurityMonitoringHistsignals" request + And body with value {"filter": {"from": "2019-01-02T09:42:36.320Z", "query": "security:attack status:high", "to": "2019-01-03T09:42:36.320Z"}, "page": {"cursor": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==", "limit": 25}, "sort": "timestamp"} + When the request is sent + Then the response status is 200 OK + @skip @team:DataDog/k9-cloud-security-platform Scenario: Test a rule returns "Bad Request" response Given new "TestSecurityMonitoringRule" request diff --git a/features/v2/undo.json b/features/v2/undo.json index 3ae6306bca4a..b3731714ef65 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -3362,6 +3362,24 @@ "type": "idempotent" } }, + "ListSecurityMonitoringHistsignals": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "SearchSecurityMonitoringHistsignals": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "GetSecurityMonitoringHistsignal": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListHistoricalJobs": { "tag": "Security Monitoring", "undo": { @@ -3398,6 +3416,12 @@ "type": "idempotent" } }, + "GetSecurityMonitoringHistsignalsByJobId": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "CreateSLOReportJob": { "tag": "Service Level Objectives", "undo": { diff --git a/lib/datadog_api_client/configuration.rb b/lib/datadog_api_client/configuration.rb index 7700e3412f14..8eac288152cc 100644 --- a/lib/datadog_api_client/configuration.rb +++ b/lib/datadog_api_client/configuration.rb @@ -201,13 +201,17 @@ def initialize "v2.get_historical_job": false, "v2.get_rule_version_history": false, "v2.get_sbom": false, + "v2.get_security_monitoring_histsignal": false, + "v2.get_security_monitoring_histsignals_by_job_id": false, "v2.list_assets_sbo_ms": false, "v2.list_findings": false, "v2.list_historical_jobs": false, + "v2.list_security_monitoring_histsignals": false, "v2.list_vulnerabilities": false, "v2.list_vulnerable_assets": false, "v2.mute_findings": false, "v2.run_historical_job": false, + "v2.search_security_monitoring_histsignals": false, "v2.create_dataset": false, "v2.delete_dataset": false, "v2.get_all_datasets": false, diff --git a/lib/datadog_api_client/v2/api/security_monitoring_api.rb b/lib/datadog_api_client/v2/api/security_monitoring_api.rb index 2e46a4a2c26e..d5a246279268 100644 --- a/lib/datadog_api_client/v2/api/security_monitoring_api.rb +++ b/lib/datadog_api_client/v2/api/security_monitoring_api.rb @@ -1899,6 +1899,167 @@ def get_security_filter_with_http_info(security_filter_id, opts = {}) return data, status_code, headers end + # Get a hist signal's details. + # + # @see #get_security_monitoring_histsignal_with_http_info + def get_security_monitoring_histsignal(histsignal_id, opts = {}) + data, _status_code, _headers = get_security_monitoring_histsignal_with_http_info(histsignal_id, opts) + data + end + + # Get a hist signal's details. + # + # Get a hist signal's details. + # + # @param histsignal_id [String] The ID of the historical signal. + # @param opts [Hash] the optional parameters + # @return [Array<(SecurityMonitoringSignalResponse, Integer, Hash)>] SecurityMonitoringSignalResponse data, response status code and response headers + def get_security_monitoring_histsignal_with_http_info(histsignal_id, opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.get_security_monitoring_histsignal".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.get_security_monitoring_histsignal") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.get_security_monitoring_histsignal")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.get_security_monitoring_histsignal ...' + end + # verify the required parameter 'histsignal_id' is set + if @api_client.config.client_side_validation && histsignal_id.nil? + fail ArgumentError, "Missing the required parameter 'histsignal_id' when calling SecurityMonitoringAPI.get_security_monitoring_histsignal" + end + # resource path + local_var_path = '/api/v2/siem-historical-detections/histsignals/{histsignal_id}'.sub('{histsignal_id}', CGI.escape(histsignal_id.to_s).gsub('%2F', '/')) + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'SecurityMonitoringSignalResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :get_security_monitoring_histsignal, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#get_security_monitoring_histsignal\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + + # Get a job's hist signals. + # + # @see #get_security_monitoring_histsignals_by_job_id_with_http_info + def get_security_monitoring_histsignals_by_job_id(job_id, opts = {}) + data, _status_code, _headers = get_security_monitoring_histsignals_by_job_id_with_http_info(job_id, opts) + data + end + + # Get a job's hist signals. + # + # Get a job's hist signals. + # + # @param job_id [String] The ID of the job. + # @param opts [Hash] the optional parameters + # @option opts [String] :filter_query The search query for security signals. + # @option opts [Time] :filter_from The minimum timestamp for requested security signals. + # @option opts [Time] :filter_to The maximum timestamp for requested security signals. + # @option opts [SecurityMonitoringSignalsSort] :sort The order of the security signals in results. + # @option opts [String] :page_cursor A list of results using the cursor provided in the previous query. + # @option opts [Integer] :page_limit The maximum number of security signals in the response. + # @return [Array<(SecurityMonitoringSignalsListResponse, Integer, Hash)>] SecurityMonitoringSignalsListResponse data, response status code and response headers + def get_security_monitoring_histsignals_by_job_id_with_http_info(job_id, opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.get_security_monitoring_histsignals_by_job_id".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.get_security_monitoring_histsignals_by_job_id") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.get_security_monitoring_histsignals_by_job_id")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.get_security_monitoring_histsignals_by_job_id ...' + end + # verify the required parameter 'job_id' is set + if @api_client.config.client_side_validation && job_id.nil? + fail ArgumentError, "Missing the required parameter 'job_id' when calling SecurityMonitoringAPI.get_security_monitoring_histsignals_by_job_id" + end + allowable_values = ['timestamp', '-timestamp'] + if @api_client.config.client_side_validation && opts[:'sort'] && !allowable_values.include?(opts[:'sort']) + fail ArgumentError, "invalid value for \"sort\", must be one of #{allowable_values}" + end + if @api_client.config.client_side_validation && !opts[:'page_limit'].nil? && opts[:'page_limit'] > 1000 + fail ArgumentError, 'invalid value for "opts[:"page_limit"]" when calling SecurityMonitoringAPI.get_security_monitoring_histsignals_by_job_id, must be smaller than or equal to 1000.' + end + # resource path + local_var_path = '/api/v2/siem-historical-detections/jobs/{job_id}/histsignals'.sub('{job_id}', CGI.escape(job_id.to_s).gsub('%2F', '/')) + + # query parameters + query_params = opts[:query_params] || {} + query_params[:'filter[query]'] = opts[:'filter_query'] if !opts[:'filter_query'].nil? + query_params[:'filter[from]'] = opts[:'filter_from'] if !opts[:'filter_from'].nil? + query_params[:'filter[to]'] = opts[:'filter_to'] if !opts[:'filter_to'].nil? + query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? + query_params[:'page[cursor]'] = opts[:'page_cursor'] if !opts[:'page_cursor'].nil? + query_params[:'page[limit]'] = opts[:'page_limit'] if !opts[:'page_limit'].nil? + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'SecurityMonitoringSignalsListResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :get_security_monitoring_histsignals_by_job_id, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#get_security_monitoring_histsignals_by_job_id\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Get a rule's details. # # @see #get_security_monitoring_rule_with_http_info @@ -2894,6 +3055,91 @@ def list_security_filters_with_http_info(opts = {}) return data, status_code, headers end + # List hist signals. + # + # @see #list_security_monitoring_histsignals_with_http_info + def list_security_monitoring_histsignals(opts = {}) + data, _status_code, _headers = list_security_monitoring_histsignals_with_http_info(opts) + data + end + + # List hist signals. + # + # List hist signals. + # + # @param opts [Hash] the optional parameters + # @option opts [String] :filter_query The search query for security signals. + # @option opts [Time] :filter_from The minimum timestamp for requested security signals. + # @option opts [Time] :filter_to The maximum timestamp for requested security signals. + # @option opts [SecurityMonitoringSignalsSort] :sort The order of the security signals in results. + # @option opts [String] :page_cursor A list of results using the cursor provided in the previous query. + # @option opts [Integer] :page_limit The maximum number of security signals in the response. + # @return [Array<(SecurityMonitoringSignalsListResponse, Integer, Hash)>] SecurityMonitoringSignalsListResponse data, response status code and response headers + def list_security_monitoring_histsignals_with_http_info(opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.list_security_monitoring_histsignals".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.list_security_monitoring_histsignals") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.list_security_monitoring_histsignals")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.list_security_monitoring_histsignals ...' + end + allowable_values = ['timestamp', '-timestamp'] + if @api_client.config.client_side_validation && opts[:'sort'] && !allowable_values.include?(opts[:'sort']) + fail ArgumentError, "invalid value for \"sort\", must be one of #{allowable_values}" + end + if @api_client.config.client_side_validation && !opts[:'page_limit'].nil? && opts[:'page_limit'] > 1000 + fail ArgumentError, 'invalid value for "opts[:"page_limit"]" when calling SecurityMonitoringAPI.list_security_monitoring_histsignals, must be smaller than or equal to 1000.' + end + # resource path + local_var_path = '/api/v2/siem-historical-detections/histsignals' + + # query parameters + query_params = opts[:query_params] || {} + query_params[:'filter[query]'] = opts[:'filter_query'] if !opts[:'filter_query'].nil? + query_params[:'filter[from]'] = opts[:'filter_from'] if !opts[:'filter_from'].nil? + query_params[:'filter[to]'] = opts[:'filter_to'] if !opts[:'filter_to'].nil? + query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? + query_params[:'page[cursor]'] = opts[:'page_cursor'] if !opts[:'page_cursor'].nil? + query_params[:'page[limit]'] = opts[:'page_limit'] if !opts[:'page_limit'].nil? + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'SecurityMonitoringSignalsListResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :list_security_monitoring_histsignals, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#list_security_monitoring_histsignals\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # List rules. # # @see #list_security_monitoring_rules_with_http_info @@ -3813,6 +4059,75 @@ def run_historical_job_with_http_info(body, opts = {}) return data, status_code, headers end + # Search hist signals. + # + # @see #search_security_monitoring_histsignals_with_http_info + def search_security_monitoring_histsignals(opts = {}) + data, _status_code, _headers = search_security_monitoring_histsignals_with_http_info(opts) + data + end + + # Search hist signals. + # + # Search hist signals. + # + # @param opts [Hash] the optional parameters + # @option opts [SecurityMonitoringSignalListRequest] :body + # @return [Array<(SecurityMonitoringSignalsListResponse, Integer, Hash)>] SecurityMonitoringSignalsListResponse data, response status code and response headers + def search_security_monitoring_histsignals_with_http_info(opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.search_security_monitoring_histsignals".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.search_security_monitoring_histsignals") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.search_security_monitoring_histsignals")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.search_security_monitoring_histsignals ...' + end + # resource path + local_var_path = '/api/v2/siem-historical-detections/histsignals/search' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + # HTTP header 'Content-Type' + header_params['Content-Type'] = @api_client.select_header_content_type(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] || @api_client.object_to_http_body(opts[:'body']) + + # return_type + return_type = opts[:debug_return_type] || 'SecurityMonitoringSignalsListResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :search_security_monitoring_histsignals, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#search_security_monitoring_histsignals\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Get a list of security signals. # # @see #search_security_monitoring_signals_with_http_info