DataDog
diff --git a/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 84 additions & 0 deletions b/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 84 additions & 0 deletions
diff --git a/‎examples/v2_security-monitoring_CreateSecurityMonitoringRule_2323193894.rs‎
Lines changed: 80 additions & 0 deletions b/‎examples/v2_security-monitoring_CreateSecurityMonitoringRule_2323193894.rs‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎src/datadogV2/model/mod.rs‎
Lines changed: 8 additions & 0 deletions b/‎src/datadogV2/model/mod.rs‎
Lines changed: 8 additions & 0 deletions
@@ -47320,6 +47320,86 @@ components:
           description: The name of the reference table.
           type: string
       type: object
+    SecurityMonitoringRuleAnomalyDetectionOptions:
+      additionalProperties: {}
+      description: Options on anomaly detection method.
+      properties:
+        bucketDuration:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration'
+        detectionTolerance:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance'
+        learningDuration:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration'
+        learningPeriodBaseline:
+          description: An optional override baseline to apply while the rule is in
+            the learning period. Must be greater than or equal to 0.
+          format: int64
+          minimum: 0
+          type: integer
+      type: object
+    SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration:
+      description: 'Duration in seconds of the time buckets used to aggregate events
+        matched by the rule.
+
+        Must be greater than or equal to 300.'
+      enum:
+      - 300
+      - 600
+      - 900
+      - 1800
+      - 3600
+      - 10800
+      example: 300
+      format: int32
+      type: integer
+      x-enum-varnames:
+      - FIVE_MINUTES
+      - TEN_MINUTES
+      - FIFTEEN_MINUTES
+      - THIRTY_MINUTES
+      - ONE_HOUR
+      - THREE_HOURS
+    SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance:
+      description: 'An optional parameter that sets how permissive anomaly detection
+        is.
+
+        Higher values require higher deviations before triggering a signal.'
+      enum:
+      - 1
+      - 2
+      - 3
+      - 4
+      - 5
+      example: 5
+      format: int32
+      type: integer
+      x-enum-varnames:
+      - ONE
+      - TWO
+      - THREE
+      - FOUR
+      - FIVE
+    SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration:
+      description: Learning duration in hours. Anomaly detection waits for at least
+        this amount of historical data before it starts evaluating.
+      enum:
+      - 1
+      - 6
+      - 12
+      - 24
+      - 48
+      - 168
+      - 336
+      format: int32
+      type: integer
+      x-enum-varnames:
+      - ONE_HOUR
+      - SIX_HOURS
+      - TWELVE_HOURS
+      - ONE_DAY
+      - TWO_DAYS
+      - ONE_WEEK
+      - TWO_WEEKS
     SecurityMonitoringRuleCase:
       description: Case when signal is generated.
       properties:
@@ -47685,6 +47765,8 @@ components:
     SecurityMonitoringRuleOptions:
       description: Options.
       properties:
+        anomalyDetectionOptions:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptions'
         complianceRuleOptions:
           $ref: '#/components/schemas/CloudConfigurationComplianceRuleOptions'
         decreaseCriticalityBasedOnEnv:
@@ -55124,6 +55206,8 @@ components:
     ThreatHuntingJobOptions:
       description: Job options.
       properties:
+        anomalyDetectionOptions:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptions'
         detectionMethod:
           $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod'
         evaluationWindow:
 
@@ -0,0 +1,80 @@
+// Create a detection rule with detection method 'anomaly_detection' returns "OK"
+// response
+use datadog_api_client::datadog;
+use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleAnomalyDetectionOptions;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseCreate;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCreatePayload;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleDetectionMethod;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleEvaluationWindow;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleKeepAlive;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleMaxSignalDuration;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleOptions;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleQueryAggregation;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleSeverity;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleTypeCreate;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardDataSource;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleCreatePayload;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleQuery;
+
+#[tokio::main]
+async fn main() {
+    let body =
+        SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(
+            Box::new(
+                SecurityMonitoringStandardRuleCreatePayload::new(
+                    vec![
+                        SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
+                            .condition("a > 0.995".to_string())
+                            .name("".to_string())
+                            .notifications(vec![])
+                    ],
+                    true,
+                    "An anomaly detection rule".to_string(),
+                    "Example-Security-Monitoring".to_string(),
+                    SecurityMonitoringRuleOptions::new()
+                        .anomaly_detection_options(
+                            SecurityMonitoringRuleAnomalyDetectionOptions::new()
+                                .bucket_duration(
+                                    SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration::FIVE_MINUTES,
+                                )
+                                .detection_tolerance(
+                                    SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance::THREE,
+                                )
+                                .learning_duration(
+                                    SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration::ONE_DAY,
+                                )
+                                .learning_period_baseline(10),
+                        )
+                        .detection_method(SecurityMonitoringRuleDetectionMethod::ANOMALY_DETECTION)
+                        .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
+                        .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
+                        .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
+                    vec![
+                        SecurityMonitoringStandardRuleQuery::new()
+                            .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
+                            .data_source(SecurityMonitoringStandardDataSource::LOGS)
+                            .distinct_fields(vec![])
+                            .group_by_fields(vec!["@usr.email".to_string(), "@network.client.ip".to_string()])
+                            .has_optional_group_by_fields(false)
+                            .name("".to_string())
+                            .query("service:app status:error".to_string())
+                    ],
+                )
+                    .filters(vec![])
+                    .tags(vec![])
+                    .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
+            ),
+        );
+    let configuration = datadog::Configuration::new();
+    let api = SecurityMonitoringAPI::with_config(configuration);
+    let resp = api.create_security_monitoring_rule(body).await;
+    if let Ok(value) = resp {
+        println!("{:#?}", value);
+    } else {
+        println!("{:#?}", resp.unwrap_err());
+    }
+}
@@ -6024,6 +6024,14 @@ pub mod model_security_monitoring_filter_action;
 pub use self::model_security_monitoring_filter_action::SecurityMonitoringFilterAction;
 pub mod model_security_monitoring_rule_options;
 pub use self::model_security_monitoring_rule_options::SecurityMonitoringRuleOptions;
+pub mod model_security_monitoring_rule_anomaly_detection_options;
+pub use self::model_security_monitoring_rule_anomaly_detection_options::SecurityMonitoringRuleAnomalyDetectionOptions;
+pub mod model_security_monitoring_rule_anomaly_detection_options_bucket_duration;
+pub use self::model_security_monitoring_rule_anomaly_detection_options_bucket_duration::SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration;
+pub mod model_security_monitoring_rule_anomaly_detection_options_detection_tolerance;
+pub use self::model_security_monitoring_rule_anomaly_detection_options_detection_tolerance::SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance;
+pub mod model_security_monitoring_rule_anomaly_detection_options_learning_duration;
+pub use self::model_security_monitoring_rule_anomaly_detection_options_learning_duration::SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration;
 pub mod model_cloud_configuration_compliance_rule_options;
 pub use self::model_cloud_configuration_compliance_rule_options::CloudConfigurationComplianceRuleOptions;
 pub mod model_cloud_configuration_rego_rule;