@@ -1761,6 +1761,148 @@ components:
17611761 example: infra_host
17621762 type: string
17631763 type: object
1764+ CloudConfigurationComplianceRuleOptions:
1765+ description: Options for cloud_configuration rules.
1766+ properties:
1767+ complexRule:
1768+ description: 'Whether the rule is a complex one.
1769+
1770+ Must be set to true if `regoRule.resourceTypes` contains more than one
1771+ item. Defaults to false.
1772+
1773+ '
1774+ type: boolean
1775+ regoRule:
1776+ $ref: '#/components/schemas/CloudConfigurationRegoRule'
1777+ required:
1778+ - regoRule
1779+ type: object
1780+ CloudConfigurationRegoRule:
1781+ description: Rule details.
1782+ properties:
1783+ policy:
1784+ description: 'The policy written in `rego`, see: https://www.openpolicyagent.org/docs/latest/policy-language/'
1785+ example: "package datadog\n\nimport data.datadog.output as dd_output\nimport
1786+ future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(resource)
1787+ = \"skip\" if {\n # Logic that evaluates to true if the resource should
1788+ be skipped\n true\n} else = \"pass\" {\n # Logic that evaluates to true
1789+ if the resource is compliant\n true\n} else = \"fail\" {\n # Logic that
1790+ evaluates to true if the resource is not compliant\n true\n}\n\n# This
1791+ part remains unchanged for all rules\nresults contains result if {\n some
1792+ resource in input.resources[input.main_resource_type]\n result := dd_output.format(resource,
1793+ eval(resource))\n}\n"
1794+ type: string
1795+ resourceTypes:
1796+ description: List of resource types that will be evaluated upon. Must have
1797+ at least one element.
1798+ example:
1799+ - gcp_iam_service_account
1800+ - gcp_iam_policy
1801+ items:
1802+ type: string
1803+ type: array
1804+ required:
1805+ - policy
1806+ - resourceTypes
1807+ type: object
1808+ CloudConfigurationRuleCaseCreate:
1809+ description: Description of signals.
1810+ properties:
1811+ notifications:
1812+ description: Notification targets for each rule case.
1813+ items:
1814+ description: Notification.
1815+ type: string
1816+ type: array
1817+ status:
1818+ $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
1819+ required:
1820+ - status
1821+ type: object
1822+ CloudConfigurationRuleComplianceSignalOptions:
1823+ description: How to generate compliance signals. Useful for cloud_configuration
1824+ rules only.
1825+ properties:
1826+ userActivationStatus:
1827+ description: Whether signals will be sent.
1828+ type: boolean
1829+ userGroupByFields:
1830+ description: Fields to use to group findings by when sending signals.
1831+ items:
1832+ type: string
1833+ type: array
1834+ type: object
1835+ CloudConfigurationRuleCreatePayload:
1836+ description: Create a new cloud configuration rule.
1837+ properties:
1838+ cases:
1839+ description: 'Description of generated findings and signals (severity and
1840+ channels to be notified in case of a signal). Must contain exactly one
1841+ item.
1842+
1843+ '
1844+ items:
1845+ $ref: '#/components/schemas/CloudConfigurationRuleCaseCreate'
1846+ type: array
1847+ complianceSignalOptions:
1848+ $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
1849+ isEnabled:
1850+ description: Whether the rule is enabled.
1851+ example: true
1852+ type: boolean
1853+ message:
1854+ description: Message in markdown format for generated findings and signals.
1855+ example: '#Description
1856+
1857+ Explanation of the rule.
1858+
1859+
1860+ #Remediation
1861+
1862+ How to fix the security issue.
1863+
1864+ '
1865+ type: string
1866+ name:
1867+ description: The name of the rule.
1868+ example: My security monitoring rule.
1869+ type: string
1870+ options:
1871+ $ref: '#/components/schemas/CloudConfigurationRuleOptions'
1872+ tags:
1873+ description: Tags for generated findings and signals.
1874+ example:
1875+ - env:prod
1876+ - team:security
1877+ items:
1878+ description: Tag.
1879+ type: string
1880+ type: array
1881+ type:
1882+ $ref: '#/components/schemas/CloudConfigurationRuleType'
1883+ required:
1884+ - name
1885+ - isEnabled
1886+ - options
1887+ - complianceSignalOptions
1888+ - cases
1889+ - message
1890+ type: object
1891+ CloudConfigurationRuleOptions:
1892+ description: Options on cloud configuration rules.
1893+ properties:
1894+ complianceRuleOptions:
1895+ $ref: '#/components/schemas/CloudConfigurationComplianceRuleOptions'
1896+ required:
1897+ - complianceRuleOptions
1898+ type: object
1899+ CloudConfigurationRuleType:
1900+ description: The rule type.
1901+ enum:
1902+ - cloud_configuration
1903+ type: string
1904+ x-enum-varnames:
1905+ - CLOUD_CONFIGURATION
17641906 CloudWorkloadSecurityAgentRuleAttributes:
17651907 description: A Cloud Workload Security Agent rule returned by the API.
17661908 properties:
@@ -8344,6 +8486,7 @@ components:
83448486 oneOf:
83458487 - $ref: '#/components/schemas/SecurityMonitoringStandardRuleCreatePayload'
83468488 - $ref: '#/components/schemas/SecurityMonitoringSignalRuleCreatePayload'
8489+ - $ref: '#/components/schemas/CloudConfigurationRuleCreatePayload'
83478490 type: object
83488491 SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv:
83498492 description: 'If true, signals in non-production environments have a lower severity
@@ -8549,6 +8692,8 @@ components:
85498692 SecurityMonitoringRuleOptions:
85508693 description: Options on rules.
85518694 properties:
8695+ complianceRuleOptions:
8696+ $ref: '#/components/schemas/CloudConfigurationComplianceRuleOptions'
85528697 decreaseCriticalityBasedOnEnv:
85538698 $ref: '#/components/schemas/SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv'
85548699 detectionMethod:
@@ -8643,6 +8788,8 @@ components:
86438788 items:
86448789 $ref: '#/components/schemas/SecurityMonitoringRuleCase'
86458790 type: array
8791+ complianceSignalOptions:
8792+ $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
86468793 filters:
86478794 description: Additional queries to filter matched events before they are
86488795 processed.
@@ -9323,6 +9470,8 @@ components:
93239470 items:
93249471 $ref: '#/components/schemas/SecurityMonitoringRuleCase'
93259472 type: array
9473+ complianceSignalOptions:
9474+ $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
93269475 createdAt:
93279476 description: When the rule was created, timestamp in milliseconds.
93289477 format: int64
![api-clients-generation-pipeline[bot]](https://avatars.githubusercontent.com/u/365230?v=4&size=40){kind=avatar}
0 commit comments