Security Monitoring - Validation Endpoint for Suppressions (#2740)

api-clients-generation-pipeline[bot] · ci.datadog-api-spec · web-flow · commit 46b38648f1b6 · 2025-09-03T11:54:06.000Z
Co-authored-by: ci.datadog-api-spec &lt;packages@datadoghq.com&gt;
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -64816,6 +64816,38 @@ paths:
       summary: Get suppressions affecting a specific rule
       tags:
       - Security Monitoring
+  /api/v2/security_monitoring/configuration/suppressions/validation:
+    post:
+      description: Validate a suppression rule.
+      operationId: ValidateSecurityMonitoringSuppression
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringSuppressionUpdateRequest'
+        required: true
+      responses:
+        '204':
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_suppressions_write
+      summary: Validate a suppression rule
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_suppressions_write
   /api/v2/security_monitoring/configuration/suppressions/{suppression_id}:
     delete:
       description: Delete a specific suppression rule.
diff --git a/cassettes/v2/Security-Monitoring_1187227211/Validate-a-suppression-rule-returns-Bad-Request-response_1037777113/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Validate-a-suppression-rule-returns-Bad-Request-response_1037777113/frozen.json
@@ -0,0 +1 @@
+"2025-09-01T21:36:42.334Z"
diff --git a/cassettes/v2/Security-Monitoring_1187227211/Validate-a-suppression-rule-returns-Bad-Request-response_1037777113/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Validate-a-suppression-rule-returns-Bad-Request-response_1037777113/recording.har
@@ -0,0 +1,67 @@
+{
+  "log": {
+    "_recordingName": "Security Monitoring/Validate a suppression rule returns \"Bad Request\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "703e6a45408a1cf4017d6f3d7e7b26c9",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 94,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "*/*"
+            },
+            {
+              "_fromType": "array",
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 615,
+          "httpVersion": "HTTP/1.1",
+          "method": "POST",
+          "postData": {
+            "mimeType": "application/json",
+            "params": [],
+            "text": "{\"data\":{\"attributes\":{\"data_exclusion_query\":\"not enough attributes\"},\"type\":\"suppressions\"}}"
+          },
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation"
+        },
+        "response": {
+          "bodySize": 204,
+          "content": {
+            "mimeType": "application/json",
+            "size": 204,
+            "text": "{\"errors\":[\"input_validation_error(Field 'data.attributes.rule_query' is invalid: field 'rule_query' is required)\",\"input_validation_error(Field 'data.attributes.name' is invalid: name cannot be empty)\"]}"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 654,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 400,
+          "statusText": "Bad Request"
+        },
+        "startedDateTime": "2025-09-01T21:36:42.339Z",
+        "time": 423
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
diff --git a/cassettes/v2/Security-Monitoring_1187227211/Validate-a-suppression-rule-returns-OK-response_4063319893/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Validate-a-suppression-rule-returns-OK-response_4063319893/frozen.json
@@ -0,0 +1 @@
+"2025-09-01T21:36:20.593Z"
diff --git a/cassettes/v2/Security-Monitoring_1187227211/Validate-a-suppression-rule-returns-OK-response_4063319893/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Validate-a-suppression-rule-returns-OK-response_4063319893/recording.har
@@ -0,0 +1,61 @@
+{
+  "log": {
+    "_recordingName": "Security Monitoring/Validate a suppression rule returns \"OK\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "7fdeeb56d69b7809c8f48bdeffca83e0",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 285,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "*/*"
+            },
+            {
+              "_fromType": "array",
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 616,
+          "httpVersion": "HTTP/1.1",
+          "method": "POST",
+          "postData": {
+            "mimeType": "application/json",
+            "params": [],
+            "text": "{\"data\":{\"attributes\":{\"data_exclusion_query\":\"source:cloudtrail account_id:12345\",\"description\":\"This rule suppresses low-severity signals in staging environments.\",\"enabled\":true,\"name\":\"Custom suppression\",\"rule_query\":\"type:log_detection source:cloudtrail\"},\"type\":\"suppressions\"}}"
+          },
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation"
+        },
+        "response": {
+          "bodySize": 0,
+          "content": {
+            "mimeType": "text/plain",
+            "size": 0
+          },
+          "cookies": [],
+          "headers": [],
+          "headersSize": 601,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 204,
+          "statusText": "No Content"
+        },
+        "startedDateTime": "2025-09-01T21:36:20.597Z",
+        "time": 501
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature
@@ -1389,3 +1389,17 @@ Feature: Security Monitoring
     And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":1800,"keepAlive":1800,"maxSignalDuration":1800,"detectionMethod":"threshold"},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"}
     When the request is sent
     Then the response status is 204 OK
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a suppression rule returns "Bad Request" response
+    Given new "ValidateSecurityMonitoringSuppression" request
+    And body with value {"data": {"attributes": {"data_exclusion_query": "not enough attributes"}, "type": "suppressions"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a suppression rule returns "OK" response
+    Given new "ValidateSecurityMonitoringSuppression" request
+    And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail"}, "type": "suppressions"}}
+    When the request is sent
+    Then the response status is 204 OK
diff --git a/features/v2/undo.json b/features/v2/undo.json
@@ -3024,6 +3024,12 @@
       "type": "safe"
     }
   },
+  "ValidateSecurityMonitoringSuppression": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "DeleteSecurityMonitoringSuppression": {
     "tag": "Security Monitoring",
     "undo": {
diff --git a/private/bdd_runner/src/support/scenarios_model_mapping.ts b/private/bdd_runner/src/support/scenarios_model_mapping.ts
@@ -3905,6 +3905,13 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = {
     },
     operationResponseType: "SecurityMonitoringSuppressionsResponse",
   },
+  "SecurityMonitoringApi.V2.ValidateSecurityMonitoringSuppression": {
+    body: {
+      type: "SecurityMonitoringSuppressionUpdateRequest",
+      format: "",
+    },
+    operationResponseType: "{}",
+  },
   "SecurityMonitoringApi.V2.GetSecurityMonitoringSuppression": {
     suppressionId: {
       type: "string",
diff --git a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts
@@ -3919,6 +3919,63 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory {
 
     return requestContext;
   }
+
+  public async validateSecurityMonitoringSuppression(
+    body: SecurityMonitoringSuppressionUpdateRequest,
+    _options?: Configuration,
+  ): Promise<RequestContext> {
+    const _config = _options || this.configuration;
+
+    // verify required parameter 'body' is not null or undefined
+    if (body === null || body === undefined) {
+      throw new RequiredError("body", "validateSecurityMonitoringSuppression");
+    }
+
+    // Path Params
+    const localVarPath =
+      "/api/v2/security_monitoring/configuration/suppressions/validation";
+
+    // Make Request Context
+    const { server, overrides } = _config.getServerAndOverrides(
+      "SecurityMonitoringApi.v2.validateSecurityMonitoringSuppression",
+      SecurityMonitoringApi.operationServers,
+    );
+    const requestContext = server.makeRequestContext(
+      localVarPath,
+      HttpMethod.POST,
+      overrides,
+    );
+    requestContext.setHeaderParam("Accept", "*/*");
+    requestContext.setHttpConfig(_config.httpConfig);
+
+    // Set User-Agent
+    if (this.userAgent) {
+      requestContext.setHeaderParam("User-Agent", this.userAgent);
+    }
+
+    // Body Params
+    const contentType = getPreferredMediaType(["application/json"]);
+    requestContext.setHeaderParam("Content-Type", contentType);
+    const serializedBody = stringify(
+      serialize(
+        body,
+        TypingInfo,
+        "SecurityMonitoringSuppressionUpdateRequest",
+        "",
+      ),
+      contentType,
+    );
+    requestContext.setBody(serializedBody);
+
+    // Apply auth methods
+    applySecurityAuthentication(_config, requestContext, [
+      "apiKeyAuth",
+      "appKeyAuth",
+      "AuthZ",
+    ]);
+
+    return requestContext;
+  }
 }
 
 export class SecurityMonitoringApiResponseProcessor {
@@ -7440,6 +7497,55 @@ export class SecurityMonitoringApiResponseProcessor {
       'Unknown API Status Code!\nBody: "' + body + '"',
     );
   }
+
+  /**
+   * Unwraps the actual response sent by the server from the response context and deserializes the response content
+   * to the expected objects
+   *
+   * @params response Response returned by the server for a request to validateSecurityMonitoringSuppression
+   * @throws ApiException if the response code was not in [200, 299]
+   */
+  public async validateSecurityMonitoringSuppression(
+    response: ResponseContext,
+  ): Promise<void> {
+    const contentType = normalizeMediaType(response.headers["content-type"]);
+    if (response.httpStatusCode === 204) {
+      return;
+    }
+    if (
+      response.httpStatusCode === 400 ||
+      response.httpStatusCode === 403 ||
+      response.httpStatusCode === 429
+    ) {
+      const bodyText = parse(await response.body.text(), contentType);
+      let body: APIErrorResponse;
+      try {
+        body = deserialize(
+          bodyText,
+          TypingInfo,
+          "APIErrorResponse",
+        ) as APIErrorResponse;
+      } catch (error) {
+        logger.debug(`Got error deserializing error: ${error}`);
+        throw new ApiException<APIErrorResponse>(
+          response.httpStatusCode,
+          bodyText,
+        );
+      }
+      throw new ApiException<APIErrorResponse>(response.httpStatusCode, body);
+    }
+
+    // Work around for missing responses in specification, e.g. for petstore.yaml
+    if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) {
+      return;
+    }
+
+    const body = (await response.body.text()) || "";
+    throw new ApiException<string>(
+      response.httpStatusCode,
+      'Unknown API Status Code!\nBody: "' + body + '"',
+    );
+  }
 }
 
 export interface SecurityMonitoringApiCancelHistoricalJobRequest {
@@ -8405,6 +8511,13 @@ export interface SecurityMonitoringApiValidateSecurityMonitoringRuleRequest {
   body: SecurityMonitoringRuleValidatePayload;
 }
 
+export interface SecurityMonitoringApiValidateSecurityMonitoringSuppressionRequest {
+  /**
+   * @type SecurityMonitoringSuppressionUpdateRequest
+   */
+  body: SecurityMonitoringSuppressionUpdateRequest;
+}
+
 export class SecurityMonitoringApi {
   private requestFactory: SecurityMonitoringApiRequestFactory;
   private responseProcessor: SecurityMonitoringApiResponseProcessor;
@@ -10149,4 +10262,28 @@ export class SecurityMonitoringApi {
         });
     });
   }
+
+  /**
+   * Validate a suppression rule.
+   * @param param The request object
+   */
+  public validateSecurityMonitoringSuppression(
+    param: SecurityMonitoringApiValidateSecurityMonitoringSuppressionRequest,
+    options?: Configuration,
+  ): Promise<void> {
+    const requestContextPromise =
+      this.requestFactory.validateSecurityMonitoringSuppression(
+        param.body,
+        options,
+      );
+    return requestContextPromise.then((requestContext) => {
+      return this.configuration.httpApi
+        .send(requestContext)
+        .then((responseContext) => {
+          return this.responseProcessor.validateSecurityMonitoringSuppression(
+            responseContext,
+          );
+        });
+    });
+  }
 }
diff --git a/services/security_monitoring/src/v2/index.ts b/services/security_monitoring/src/v2/index.ts
@@ -53,6 +53,7 @@ export {
   SecurityMonitoringApiUpdateSecurityMonitoringRuleRequest,
   SecurityMonitoringApiUpdateSecurityMonitoringSuppressionRequest,
   SecurityMonitoringApiValidateSecurityMonitoringRuleRequest,
+  SecurityMonitoringApiValidateSecurityMonitoringSuppressionRequest,
   SecurityMonitoringApi,
 } from "./SecurityMonitoringApi";
 
