Regenerate client from commit 3e12345a of spec repo

Author: ci.datadog-api-spec

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-04 14:10:06.221297",
-            "spec_repo_commit": "4fb9047a"
+            "regenerated": "2025-02-06 16:51:26.185537",
+            "spec_repo_commit": "3e12345a"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-04 14:10:06.239068",
-            "spec_repo_commit": "4fb9047a"
+            "regenerated": "2025-02-06 16:51:26.200810",
+            "spec_repo_commit": "3e12345a"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -15657,6 +15657,15 @@ components:
           example: 1729843470000
           format: int64
           type: integer
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         index:
           description: Index used to load the data.
           example: cloud_siem
@@ -23184,16 +23193,15 @@ components:
       x-enum-varnames:
       - RULE
     RuleTypes:
-      description: Security rule types used to filter signals and vulnerabilities
-        generating notifications.
+      description: Security rule types used as filters in security rules.
       example:
       - misconfiguration
       - attack_path
       items:
         $ref: '#/components/schemas/RuleTypesItems'
       type: array
     RuleTypesItems:
-      description: 'Security rule types which can be used in notification rules.
+      description: 'Security rule type which can be used in security rules.
 
         Signal-based notification rules can filter signals based on rule types application_security,
         log_detection,
@@ -24243,6 +24251,11 @@ components:
     SecurityMonitoringRuleCase:
       description: Case when signal is generated.
       properties:
+        actions:
+          description: Action to perform for each rule case.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
+          type: array
         condition:
           description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`)
             to determine if a signal should be generated
@@ -24261,9 +24274,42 @@ components:
         status:
           $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
       type: object
+    SecurityMonitoringRuleCaseAction:
+      description: Action to perform when a signals trigger. Only available for Application
+        Security rule type
+      properties:
+        options:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptions'
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionType'
+      type: object
+    SecurityMonitoringRuleCaseActionOptions:
+      description: Options for the rule action
+      properties:
+        duration:
+          description: Duration of the action in seconds. 0 means no expiration
+          example: 0
+          format: int64
+          minimum: 0
+          type: integer
+      type: object
+    SecurityMonitoringRuleCaseActionType:
+      description: Type of the action
+      enum:
+      - block_ip
+      - block_user
+      type: string
+      x-enum-varnames:
+      - BLOCK_IP
+      - BLOCK_USER
     SecurityMonitoringRuleCaseCreate:
       description: Case when signal is generated.
       properties:
+        actions:
+          description: Action to perform for each rule case.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
+          type: array
         condition:
           description: 'A case contains logical operations (`>`,`>=`, `&&`, `||`)
             to determine if a signal should be generated
@@ -24725,6 +24771,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25430,6 +25485,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25502,6 +25566,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25643,6 +25716,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25720,6 +25802,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -44078,7 +44169,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - security_monitoring_notification_profiles_read
-      summary: Get the list of signal-based rules
+      summary: Get the list of signal-based notification rules
       tags:
       - Security Monitoring
       x-permission:
@@ -44120,7 +44211,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - security_monitoring_notification_profiles_write
-      summary: Create a new signal-based rule
+      summary: Create a new signal-based notification rule
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
@@ -44153,7 +44244,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - security_monitoring_notification_profiles_write
-      summary: Delete a signal-based rule
+      summary: Delete a signal-based notification rule
       tags:
       - Security Monitoring
       x-permission:
@@ -44190,7 +44281,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - security_monitoring_notification_profiles_read
-      summary: Get details of a signal-based rule
+      summary: Get details of a signal-based notification rule
       tags:
       - Security Monitoring
       x-permission:
@@ -44236,7 +44327,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - security_monitoring_notification_profiles_write
-      summary: Patch a signal-based rule
+      summary: Patch a signal-based notification rule
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
@@ -44636,7 +44727,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - security_monitoring_notification_profiles_read
-      summary: Get the list of vulnerability-based rules
+      summary: Get the list of vulnerability notification rules
       tags:
       - Security Monitoring
       x-permission:
@@ -44678,7 +44769,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - security_monitoring_notification_profiles_write
-      summary: Create a new vulnerability-based rule
+      summary: Create a new vulnerability-based notification rule
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
@@ -44711,7 +44802,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - security_monitoring_notification_profiles_write
-      summary: Delete a vulnerability-based rule
+      summary: Delete a vulnerability-based notification rule
       tags:
       - Security Monitoring
       x-permission:
@@ -44748,7 +44839,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - security_monitoring_notification_profiles_read
-      summary: Get details of a vulnerability-based rule
+      summary: Get details of a vulnerability notification rule
       tags:
       - Security Monitoring
       x-permission:
@@ -44794,7 +44885,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - security_monitoring_notification_profiles_write
-      summary: Patch a vulnerability-based rule
+      summary: Patch a vulnerability-based notification rule
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body

examples/v2_security-monitoring_CreateSecurityMonitoringRule_1965169892.rs

@@ -0,0 +1,63 @@
+// Create a detection rule with type 'application_security 'returns "OK" response
+use datadog_api_client::datadog;
+use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseAction;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseActionOptions;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseActionType;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseCreate;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCreatePayload;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleDetectionMethod;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleEvaluationWindow;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleKeepAlive;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleMaxSignalDuration;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleOptions;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleQueryAggregation;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleSeverity;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleTypeCreate;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleCreatePayload;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleQuery;
+
+#[tokio::main]
+async fn main() {
+    let body =
+        SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
+            SecurityMonitoringStandardRuleCreatePayload::new(
+                vec![
+                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
+                        .actions(vec![SecurityMonitoringRuleCaseAction::new()
+                            .options(SecurityMonitoringRuleCaseActionOptions::new().duration(900))
+                            .type_(SecurityMonitoringRuleCaseActionType::BLOCK_IP)])
+                        .condition("a > 100000".to_string())
+                        .name("".to_string())
+                        .notifications(vec![]),
+                ],
+                true,
+                "Test rule".to_string(),
+                "Example-Security-Monitoring_appsec_rule".to_string(),
+                SecurityMonitoringRuleOptions::new()
+                    .detection_method(SecurityMonitoringRuleDetectionMethod::THRESHOLD)
+                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
+                    .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
+                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
+                vec![SecurityMonitoringStandardRuleQuery::new()
+                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
+                    .distinct_fields(vec![])
+                    .group_by_fields(vec!["service".to_string(), "@http.client_ip".to_string()])
+                    .query(
+                        "@appsec.security_activity:business_logic.users.login.failure".to_string(),
+                    )],
+            )
+            .filters(vec![])
+            .group_signals_by(vec!["service".to_string()])
+            .tags(vec![])
+            .type_(SecurityMonitoringRuleTypeCreate::APPLICATION_SECURITY),
+        ));
+    let configuration = datadog::Configuration::new();
+    let api = SecurityMonitoringAPI::with_config(configuration);
+    let resp = api.create_security_monitoring_rule(body).await;
+    if let Ok(value) = resp {
+        println!("{:#?}", value);
+    } else {
+        println!("{:#?}", resp.unwrap_err());
+    }
+}

examples/v2_security-monitoring_CreateSignalNotificationRule.rs

@@ -1,5 +1,5 @@
-// Create a new signal-based rule returns "Successfully created the notification
-// rule." response
+// Create a new signal-based notification rule returns "Successfully created the
+// notification rule." response
 use datadog_api_client::datadog;
 use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
 use datadog_api_client::datadogV2::model::CreateNotificationRuleParameters;

examples/v2_security-monitoring_CreateVulnerabilityNotificationRule.rs

@@ -1,5 +1,5 @@
-// Create a new vulnerability-based rule returns "Successfully created the
-// notification rule." response
+// Create a new vulnerability-based notification rule returns "Successfully
+// created the notification rule." response
 use datadog_api_client::datadog;
 use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
 use datadog_api_client::datadogV2::model::CreateNotificationRuleParameters;

examples/v2_security-monitoring_DeleteSignalNotificationRule.rs

@@ -1,4 +1,5 @@
-// Delete a signal-based rule returns "Rule successfully deleted." response
+// Delete a signal-based notification rule returns "Rule successfully deleted."
+// response
 use datadog_api_client::datadog;
 use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
 

examples/v2_security-monitoring_DeleteVulnerabilityNotificationRule.rs

@@ -1,4 +1,5 @@
-// Delete a vulnerability-based rule returns "Rule successfully deleted." response
+// Delete a vulnerability-based notification rule returns "Rule successfully
+// deleted." response
 use datadog_api_client::datadog;
 use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
 

examples/v2_security-monitoring_GetSignalNotificationRule.rs

@@ -1,4 +1,5 @@
-// Get details of a signal-based rule returns "Notification rule details." response
+// Get details of a signal-based notification rule returns "Notification rule
+// details." response
 use datadog_api_client::datadog;
 use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
 

examples/v2_security-monitoring_GetSignalNotificationRules.rs

@@ -1,5 +1,5 @@
-// Get the list of signal-based rules returns "The list of notification rules."
-// response
+// Get the list of signal-based notification rules returns "The list of
+// notification rules." response
 use datadog_api_client::datadog;
 use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
 

examples/v2_security-monitoring_GetVulnerabilityNotificationRule.rs

@@ -1,5 +1,5 @@
-// Get details of a vulnerability-based rule returns "Notification rule details."
-// response
+// Get details of a vulnerability notification rule returns "Notification rule
+// details." response
 use datadog_api_client::datadog;
 use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;