Skip to content

Add Security Monitoring API to dogshell #893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
amaskara-dd merged 2 commits into from
May 9, 2025
Merged

Add Security Monitoring API to dogshell #893

amaskara-dd merged 2 commits into from
May 9, 2025

Conversation

@clementgbcn
Copy link
Contributor

@clementgbcn clementgbcn commented Mar 27, 2025
edited
Loading

Cloud SIEM API Support

Overview

This PR adds support for Cloud SIEM rule management and security signals retrieval in the Datadog Python API client.

Changes

  • Added SecurityMonitoringRule class to manage SIEM rules:

    • Get all security monitoring rules
    • Get a specific security monitoring rule
    • Create a new security monitoring rule
    • Update an existing security monitoring rule
    • Delete a security monitoring rule

  • Added SecurityMonitoringSignal class to retrieve and manage security signals:

    • Get all security signals with filtering options
    • Get a specific security signal's details
    • Search for security signals with custom query filters
    • Change the triage state of security signals (open, archived, under_review)

  • Added dogshell commands for security monitoring:

    • dogshell security-monitoring rules list: List all security monitoring rules
    • dogshell security-monitoring rules get <rule_id>: Get a specific rule
    • dogshell security-monitoring rules create --file <rule.json>: Create a new rule
    • dogshell security-monitoring rules update <rule_id> --file <rule.json>: Update a rule
    • dogshell security-monitoring rules delete <rule_id>: Delete a rule
    • dogshell security-monitoring signals list: List security signals
    • dogshell security-monitoring signals get <signal_id>: Get a specific signal
    • dogshell security-monitoring signals triage --state <state> <signal_id>: Change triage state

  • Added basic unit tests for new API classes

  • Updated CHANGELOG.md

Tests

  • Added a basic unit test to ensure classes are defined correctly
  • More comprehensive testing will be added in a follow-up PR

Documentation

The API follows the standard Datadog REST API patterns described in:
https://docs.datadoghq.com/api/latest/security-monitoring/

@github-actions github-actions bot added the documentation Documentation related changes label Mar 27, 2025
@clementgbcn clementgbcn force-pushed the cgc/security-monitoring-dogshell branch 3 times, most recently from 4cc844a to 9ca7e7f Compare March 27, 2025 23:10
@clementgbcn clementgbcn marked this pull request as ready for review March 27, 2025 23:11
@clementgbcn clementgbcn requested review from a team as code owners March 27, 2025 23:11
@clementgbcn clementgbcn added the changelog/Added Added features results into a minor version bump label Mar 27, 2025
janine-c
janine-c previously approved these changes Mar 27, 2025
View reviewed changes
@clementgbcn clementgbcn force-pushed the cgc/security-monitoring-dogshell branch 2 times, most recently from aed4934 to d27910f Compare March 28, 2025 09:25
datadog-datadog-prod-us1[bot]
datadog-datadog-prod-us1 bot reviewed Mar 28, 2025
View reviewed changes
@clementgbcn clementgbcn force-pushed the cgc/security-monitoring-dogshell branch 3 times, most recently from 611abf5 to 8e5cbd4 Compare March 28, 2025 10:51
@DataDog DataDog deleted a comment from datadog-datadog-prod-us1 bot Mar 28, 2025
@clementgbcn clementgbcn force-pushed the cgc/security-monitoring-dogshell branch from 8e5cbd4 to f62fdef Compare March 28, 2025 11:45
@github-actions
Copy link

github-actions bot commented Apr 28, 2025

This issue has been automatically marked as stale because it has not had activity in the last 30 days.
Note that the issue will not be automatically closed, but this notification will remind us to investigate why there's been inactivity.

@github-actions github-actions bot added the stale Stale - Bot reminder label Apr 28, 2025
@skarimo skarimo removed the stale Stale - Bot reminder label May 1, 2025
@amaskara-dd amaskara-dd merged commit 5bb7c02 into master May 9, 2025
10 checks passed
@amaskara-dd amaskara-dd deleted the cgc/security-monitoring-dogshell branch May 9, 2025 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@amaskara-dd amaskara-dd amaskara-dd approved these changes

@janine-c janine-c janine-c left review comments

Assignees

No one assigned

Labels

changelog/Added Added features results into a minor version bump documentation Documentation related changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@clementgbcn @janine-c @amaskara-dd @skarimo