datadogpy/datadog/api/security_monitoring_signals.py at c0f7adc1f30034a2151704a347ad9d0401f856c1 · DataDog/datadogpy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Unless explicitly stated otherwise all files in this repository are licensed under the BSD-3-Clause License.
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2015-Present Datadog, Inc
"""
Security Monitoring Signals API.
"""

from datadog.api.resources import (
    GetableAPIResource,
    ListableAPIResource,
    SearchableAPIResource,
    ActionAPIResource,
)


class SecurityMonitoringSignal(
    GetableAPIResource,
    ListableAPIResource,
    SearchableAPIResource,
    ActionAPIResource,
):
    """
    A wrapper around Security Monitoring Signal API.
    """

    _resource_name = "security_monitoring/signals"
    _api_version = "v2"

    @classmethod
    def get(cls, signal_id, **params):
        """
        Get a security signal's details.

        :param signal_id: ID of the security signal
        :type signal_id: str

        :returns: Dictionary representing the API's JSON response
        """
        return super(SecurityMonitoringSignal, cls).get(signal_id, **params)

    @classmethod
    def get_all(cls, **params):
        """
        Get all security signals.

        :param params: additional parameters to filter security signals
            Valid options are:
            - filter[query]: search query to filter security signals
            - filter[from]: minimum timestamp for returned security signals
            - filter[to]: maximum timestamp for returned security signals
            - sort: sort order, can be 'timestamp', '-timestamp', etc.
            - page[size]: number of signals to return per page
            - page[cursor]: cursor to use for pagination
        :type params: dict

        :returns: Dictionary representing the API's JSON response
        """
        return super(SecurityMonitoringSignal, cls).get_all(**params)

    @classmethod
    def change_triage_state(cls, signal_id, state, **params):
        """
        Change the triage state of security signals.

        :param signal_id: signal ID to update
        :type signal_id: str
        :param state: new triage state ('open', 'archived', 'under_review')
        :type state: str
        :param params: additional parameters
        :type params: dict

        :returns: Dictionary representing the API's JSON response
        """
        body = {
            "data": {
                "attributes": {
                    "state": state,
                },
                "id": signal_id,
                "type": "signal_metadata",
            }
        }

        return cls._trigger_class_action("PATCH", "state", id=signal_id, **body)