diff --git a/config/_default/menus/api.en.yaml b/config/_default/menus/api.en.yaml index f5644fbe9e1..6c4296d1412 100644 --- a/config/_default/menus/api.en.yaml +++ b/config/_default/menus/api.en.yaml @@ -2921,6 +2921,78 @@ menu: - ListSecurityFilters unstable: [] order: 18 + - name: Update a critical asset + url: '#update-a-critical-asset' + identifier: security-monitoring-update-a-critical-asset + parent: security-monitoring + generated: true + params: + versions: + - v2 + operationids: + - UpdateSecurityMonitoringCriticalAsset + unstable: [] + order: 0 + - name: Get a critical asset + url: '#get-a-critical-asset' + identifier: security-monitoring-get-a-critical-asset + parent: security-monitoring + generated: true + params: + versions: + - v2 + operationids: + - GetSecurityMonitoringCriticalAsset + unstable: [] + order: 0 + - name: Delete a critical asset + url: '#delete-a-critical-asset' + identifier: security-monitoring-delete-a-critical-asset + parent: security-monitoring + generated: true + params: + versions: + - v2 + operationids: + - DeleteSecurityMonitoringCriticalAsset + unstable: [] + order: 0 + - name: Get critical assets affecting a specific rule + url: '#get-critical-assets-affecting-a-specific-rule' + identifier: security-monitoring-get-critical-assets-affecting-a-specific-rule + parent: security-monitoring + generated: true + params: + versions: + - v2 + operationids: + - GetCriticalAssetsAffectingRule + unstable: [] + order: 0 + - name: Create a critical asset + url: '#create-a-critical-asset' + identifier: security-monitoring-create-a-critical-asset + parent: security-monitoring + generated: true + params: + versions: + - v2 + operationids: + - CreateSecurityMonitoringCriticalAsset + unstable: [] + order: 0 + - name: Get all critical assets + url: '#get-all-critical-assets' + identifier: security-monitoring-get-all-critical-assets + parent: security-monitoring + generated: true + params: + versions: + - v2 + operationids: + - ListSecurityMonitoringCriticalAssets + unstable: [] + order: 0 - name: List vulnerable assets url: '#list-vulnerable-assets' identifier: security-monitoring-list-vulnerable-assets diff --git a/content/en/api/v2/security-monitoring/examples.json b/content/en/api/v2/security-monitoring/examples.json index eb851b07f11..1e4e88ef64d 100644 --- a/content/en/api/v2/security-monitoring/examples.json +++ b/content/en/api/v2/security-monitoring/examples.json @@ -3188,6 +3188,427 @@ "html": "" } }, + "ListSecurityMonitoringCriticalAssets": { + "responses": { + "200": { + "json": { + "data": [ + { + "attributes": { + "creation_author_id": 367742, + "creation_date": "integer", + "creator": { + "handle": "john.doe@datadoghq.com", + "name": "John Doe" + }, + "enabled": true, + "query": "security:monitoring", + "rule_query": "type:log_detection source:cloudtrail", + "severity": "increase", + "tags": [ + "team:database", + "source:cloudtrail" + ], + "update_author_id": 367743, + "update_date": "integer", + "updater": { + "handle": "john.doe@datadoghq.com", + "name": "John Doe" + }, + "version": 2 + }, + "id": "4e2435a5-6670-4b8f-baff-46083cd1c250", + "type": "critical_assets" + } + ] + }, + "html": "
\n
\n
\n
\n

data

\n
\n

[object]

\n

A list of critical assets objects.

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

The attributes of the critical asset.

\n
\n
\n
\n
\n
\n

creation_author_id

\n
\n

int64

\n

ID of user who created the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

creation_date

\n
\n

int64

\n

A Unix millisecond timestamp given the creation date of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

A user.

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user.

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the critical asset is enabled.

\n
\n \n
\n
\n
\n
\n
\n

query

\n
\n

string

\n

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

\n
\n \n
\n
\n
\n
\n
\n

rule_query

\n
\n

string

\n

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

\n
\n \n
\n
\n
\n
\n
\n

severity

\n
\n

enum

\n

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. \nAllowed enum values: info,low,medium,high,critical,increase,decrease

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

[string]

\n

List of tags associated with the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

update_author_id

\n
\n

int64

\n

ID of user who updated the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

update_date

\n
\n

int64

\n

A Unix millisecond timestamp given the update date of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

A user.

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user.

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int32

\n

The version of the critical asset; it starts at 1, and is incremented at each update.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource. The value should always be critical_assets. \nAllowed enum values: critical_assets

default: critical_assets

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "CreateSecurityMonitoringCriticalAsset": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "creation_author_id": 367742, + "creation_date": "integer", + "creator": { + "handle": "john.doe@datadoghq.com", + "name": "John Doe" + }, + "enabled": true, + "query": "security:monitoring", + "rule_query": "type:log_detection source:cloudtrail", + "severity": "increase", + "tags": [ + "team:database", + "source:cloudtrail" + ], + "update_author_id": 367743, + "update_date": "integer", + "updater": { + "handle": "john.doe@datadoghq.com", + "name": "John Doe" + }, + "version": 2 + }, + "id": "4e2435a5-6670-4b8f-baff-46083cd1c250", + "type": "critical_assets" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

The critical asset's properties.

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

The attributes of the critical asset.

\n
\n
\n
\n
\n
\n

creation_author_id

\n
\n

int64

\n

ID of user who created the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

creation_date

\n
\n

int64

\n

A Unix millisecond timestamp given the creation date of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

A user.

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user.

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the critical asset is enabled.

\n
\n \n
\n
\n
\n
\n
\n

query

\n
\n

string

\n

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

\n
\n \n
\n
\n
\n
\n
\n

rule_query

\n
\n

string

\n

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

\n
\n \n
\n
\n
\n
\n
\n

severity

\n
\n

enum

\n

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. \nAllowed enum values: info,low,medium,high,critical,increase,decrease

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

[string]

\n

List of tags associated with the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

update_author_id

\n
\n

int64

\n

ID of user who updated the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

update_date

\n
\n

int64

\n

A Unix millisecond timestamp given the update date of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

A user.

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user.

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int32

\n

The version of the critical asset; it starts at 1, and is incremented at each update.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource. The value should always be critical_assets. \nAllowed enum values: critical_assets

default: critical_assets

\n
\n \n
\n
\n
\n
" + }, + "400": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": { + "data": { + "attributes": { + "query": "security:monitoring", + "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail", + "severity": "increase" + }, + "type": "critical_assets" + } + }, + "json": { + "data": { + "attributes": { + "enabled": true, + "query": "security:monitoring", + "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail", + "severity": "increase", + "tags": [ + "team:database", + "source:cloudtrail" + ] + }, + "type": "critical_assets" + } + }, + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single critical asset.

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Object containing the attributes of the critical asset to be created.

\n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the critical asset is enabled. Defaults to true if not specified.

default: true

\n
\n \n
\n
\n
\n
\n
\n

query [required]

\n
\n

string

\n

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

\n
\n \n
\n
\n
\n
\n
\n

rule_query [required]

\n
\n

string

\n

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

\n
\n \n
\n
\n
\n
\n
\n

severity [required]

\n
\n

enum

\n

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. \nAllowed enum values: info,low,medium,high,critical,increase,decrease

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

[string]

\n

List of tags associated with the critical asset.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource. The value should always be critical_assets. \nAllowed enum values: critical_assets

default: critical_assets

\n
\n \n
\n
\n
\n
" + } + }, + "GetCriticalAssetsAffectingRule": { + "responses": { + "200": { + "json": { + "data": [ + { + "attributes": { + "creation_author_id": 367742, + "creation_date": "integer", + "creator": { + "handle": "john.doe@datadoghq.com", + "name": "John Doe" + }, + "enabled": true, + "query": "security:monitoring", + "rule_query": "type:log_detection source:cloudtrail", + "severity": "increase", + "tags": [ + "team:database", + "source:cloudtrail" + ], + "update_author_id": 367743, + "update_date": "integer", + "updater": { + "handle": "john.doe@datadoghq.com", + "name": "John Doe" + }, + "version": 2 + }, + "id": "4e2435a5-6670-4b8f-baff-46083cd1c250", + "type": "critical_assets" + } + ] + }, + "html": "
\n
\n
\n
\n

data

\n
\n

[object]

\n

A list of critical assets objects.

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

The attributes of the critical asset.

\n
\n
\n
\n
\n
\n

creation_author_id

\n
\n

int64

\n

ID of user who created the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

creation_date

\n
\n

int64

\n

A Unix millisecond timestamp given the creation date of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

A user.

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user.

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the critical asset is enabled.

\n
\n \n
\n
\n
\n
\n
\n

query

\n
\n

string

\n

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

\n
\n \n
\n
\n
\n
\n
\n

rule_query

\n
\n

string

\n

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

\n
\n \n
\n
\n
\n
\n
\n

severity

\n
\n

enum

\n

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. \nAllowed enum values: info,low,medium,high,critical,increase,decrease

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

[string]

\n

List of tags associated with the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

update_author_id

\n
\n

int64

\n

ID of user who updated the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

update_date

\n
\n

int64

\n

A Unix millisecond timestamp given the update date of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

A user.

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user.

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int32

\n

The version of the critical asset; it starts at 1, and is incremented at each update.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource. The value should always be critical_assets. \nAllowed enum values: critical_assets

default: critical_assets

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "DeleteSecurityMonitoringCriticalAsset": { + "responses": { + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "GetSecurityMonitoringCriticalAsset": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "creation_author_id": 367742, + "creation_date": "integer", + "creator": { + "handle": "john.doe@datadoghq.com", + "name": "John Doe" + }, + "enabled": true, + "query": "security:monitoring", + "rule_query": "type:log_detection source:cloudtrail", + "severity": "increase", + "tags": [ + "team:database", + "source:cloudtrail" + ], + "update_author_id": 367743, + "update_date": "integer", + "updater": { + "handle": "john.doe@datadoghq.com", + "name": "John Doe" + }, + "version": 2 + }, + "id": "4e2435a5-6670-4b8f-baff-46083cd1c250", + "type": "critical_assets" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

The critical asset's properties.

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

The attributes of the critical asset.

\n
\n
\n
\n
\n
\n

creation_author_id

\n
\n

int64

\n

ID of user who created the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

creation_date

\n
\n

int64

\n

A Unix millisecond timestamp given the creation date of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

A user.

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user.

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the critical asset is enabled.

\n
\n \n
\n
\n
\n
\n
\n

query

\n
\n

string

\n

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

\n
\n \n
\n
\n
\n
\n
\n

rule_query

\n
\n

string

\n

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

\n
\n \n
\n
\n
\n
\n
\n

severity

\n
\n

enum

\n

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. \nAllowed enum values: info,low,medium,high,critical,increase,decrease

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

[string]

\n

List of tags associated with the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

update_author_id

\n
\n

int64

\n

ID of user who updated the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

update_date

\n
\n

int64

\n

A Unix millisecond timestamp given the update date of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

A user.

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user.

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int32

\n

The version of the critical asset; it starts at 1, and is incremented at each update.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource. The value should always be critical_assets. \nAllowed enum values: critical_assets

default: critical_assets

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "UpdateSecurityMonitoringCriticalAsset": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "creation_author_id": 367742, + "creation_date": "integer", + "creator": { + "handle": "john.doe@datadoghq.com", + "name": "John Doe" + }, + "enabled": true, + "query": "security:monitoring", + "rule_query": "type:log_detection source:cloudtrail", + "severity": "increase", + "tags": [ + "team:database", + "source:cloudtrail" + ], + "update_author_id": 367743, + "update_date": "integer", + "updater": { + "handle": "john.doe@datadoghq.com", + "name": "John Doe" + }, + "version": 2 + }, + "id": "4e2435a5-6670-4b8f-baff-46083cd1c250", + "type": "critical_assets" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

The critical asset's properties.

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

The attributes of the critical asset.

\n
\n
\n
\n
\n
\n

creation_author_id

\n
\n

int64

\n

ID of user who created the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

creation_date

\n
\n

int64

\n

A Unix millisecond timestamp given the creation date of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

A user.

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user.

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the critical asset is enabled.

\n
\n \n
\n
\n
\n
\n
\n

query

\n
\n

string

\n

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

\n
\n \n
\n
\n
\n
\n
\n

rule_query

\n
\n

string

\n

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

\n
\n \n
\n
\n
\n
\n
\n

severity

\n
\n

enum

\n

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. \nAllowed enum values: info,low,medium,high,critical,increase,decrease

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

[string]

\n

List of tags associated with the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

update_author_id

\n
\n

int64

\n

ID of user who updated the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

update_date

\n
\n

int64

\n

A Unix millisecond timestamp given the update date of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

A user.

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user.

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int32

\n

The version of the critical asset; it starts at 1, and is incremented at each update.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource. The value should always be critical_assets. \nAllowed enum values: critical_assets

default: critical_assets

\n
\n \n
\n
\n
\n
" + }, + "400": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": { + "data": { + "attributes": {}, + "type": "critical_assets" + } + }, + "json": { + "data": { + "attributes": { + "enabled": true, + "query": "security:monitoring", + "rule_query": "type:log_detection source:cloudtrail", + "severity": "increase", + "tags": [ + "technique:T1110-brute-force", + "source:cloudtrail" + ], + "version": 1 + }, + "type": "critical_assets" + } + }, + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

The new critical asset properties; partial updates are supported.

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

The critical asset properties to be updated.

\n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the critical asset is enabled.

\n
\n \n
\n
\n
\n
\n
\n

query

\n
\n

string

\n

The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer.

\n
\n \n
\n
\n
\n
\n
\n

rule_query

\n
\n

string

\n

The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to.

\n
\n \n
\n
\n
\n
\n
\n

severity

\n
\n

enum

\n

Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. \nAllowed enum values: info,low,medium,high,critical,increase,decrease

\n
\n \n
\n
\n
\n
\n
\n

tags

\n
\n

[string]

\n

List of tags associated with the critical asset.

\n
\n \n
\n
\n
\n
\n
\n

version

\n
\n

int32

\n

The version of the critical asset being updated. Used for optimistic locking to prevent concurrent modifications.

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource. The value should always be critical_assets. \nAllowed enum values: critical_assets

default: critical_assets

\n
\n \n
\n
\n
\n
" + } + }, "ListSecurityFilters": { "responses": { "200": { diff --git a/content/en/api/v2/security-monitoring/request.CreateSecurityMonitoringCriticalAsset.json b/content/en/api/v2/security-monitoring/request.CreateSecurityMonitoringCriticalAsset.json new file mode 100644 index 00000000000..d8e52f00989 --- /dev/null +++ b/content/en/api/v2/security-monitoring/request.CreateSecurityMonitoringCriticalAsset.json @@ -0,0 +1,14 @@ +{ + "data": { + "type": "critical_assets", + "attributes": { + "query": "host:examplesecuritymonitoring", + "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail", + "severity": "decrease", + "tags": [ + "team:security", + "env:test" + ] + } + } +} \ No newline at end of file diff --git a/content/en/api/v2/security-monitoring/request.UpdateSecurityMonitoringCriticalAsset.json b/content/en/api/v2/security-monitoring/request.UpdateSecurityMonitoringCriticalAsset.json new file mode 100644 index 00000000000..608c09b183d --- /dev/null +++ b/content/en/api/v2/security-monitoring/request.UpdateSecurityMonitoringCriticalAsset.json @@ -0,0 +1,15 @@ +{ + "data": { + "type": "critical_assets", + "attributes": { + "enabled": false, + "query": "no:alert", + "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq", + "severity": "decrease", + "tags": [ + "env:production" + ], + "version": 1 + } + } +} \ No newline at end of file diff --git a/data/api/v2/CodeExamples.json b/data/api/v2/CodeExamples.json index ff12c099c1f..47727107d04 100644 --- a/data/api/v2/CodeExamples.json +++ b/data/api/v2/CodeExamples.json @@ -1533,6 +1533,13 @@ "description": "Create a scheduled detection rule returns \"OK\" response" } ], + "CreateSecurityMonitoringCriticalAsset": [ + { + "group": "security_monitoring", + "suffix": "", + "description": "Create a critical asset returns \"OK\" response" + } + ], "CreateCustomFramework": [ { "group": "security_monitoring", @@ -1677,6 +1684,13 @@ "description": "Update an existing rule returns \"OK\" response" } ], + "UpdateSecurityMonitoringCriticalAsset": [ + { + "group": "security_monitoring", + "suffix": "", + "description": "Update a critical asset returns \"OK\" response" + } + ], "UpdateCustomFramework": [ { "group": "security_monitoring", diff --git a/data/api/v2/full_spec.yaml b/data/api/v2/full_spec.yaml index 52e309e247b..80e1edcbcb1 100644 --- a/data/api/v2/full_spec.yaml +++ b/data/api/v2/full_spec.yaml @@ -1009,6 +1009,13 @@ components: required: true schema: type: string + SecurityMonitoringCriticalAssetID: + description: The ID of the critical asset. + in: path + name: critical_asset_id + required: true + schema: + type: string SecurityMonitoringRuleID: description: The ID of the rule. in: path @@ -49146,6 +49153,237 @@ components: x-enum-varnames: - DONE - TIMEOUT + SecurityMonitoringCriticalAsset: + description: The critical asset's properties. + properties: + attributes: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetAttributes' + id: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetID' + type: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetType' + type: object + SecurityMonitoringCriticalAssetAttributes: + description: The attributes of the critical asset. + properties: + creation_author_id: + description: ID of user who created the critical asset. + example: 367742 + format: int64 + type: integer + creation_date: + description: A Unix millisecond timestamp given the creation date of the + critical asset. + format: int64 + type: integer + creator: + $ref: '#/components/schemas/SecurityMonitoringUser' + enabled: + description: Whether the critical asset is enabled. + example: true + type: boolean + query: + description: The query for the critical asset. It uses the same syntax as + the queries to search signals in the Signals Explorer. + example: security:monitoring + type: string + rule_query: + description: The rule query of the critical asset, with the same syntax + as the search bar for detection rules. This determines which rules this + critical asset will apply to. + example: type:log_detection source:cloudtrail + type: string + severity: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetSeverity' + tags: + description: List of tags associated with the critical asset. + example: + - team:database + - source:cloudtrail + items: + type: string + type: array + update_author_id: + description: ID of user who updated the critical asset. + example: 367743 + format: int64 + type: integer + update_date: + description: A Unix millisecond timestamp given the update date of the critical + asset. + format: int64 + type: integer + updater: + $ref: '#/components/schemas/SecurityMonitoringUser' + version: + description: The version of the critical asset; it starts at 1, and is incremented + at each update. + example: 2 + format: int32 + maximum: 2147483647 + type: integer + type: object + SecurityMonitoringCriticalAssetCreateAttributes: + description: Object containing the attributes of the critical asset to be created. + properties: + enabled: + default: true + description: Whether the critical asset is enabled. Defaults to `true` if + not specified. + example: true + type: boolean + query: + description: The query for the critical asset. It uses the same syntax as + the queries to search signals in the Signals Explorer. + example: security:monitoring + type: string + rule_query: + description: The rule query of the critical asset, with the same syntax + as the search bar for detection rules. This determines which rules this + critical asset will apply to. + example: type:(log_detection OR signal_correlation OR workload_security + OR application_security) source:cloudtrail + type: string + severity: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetSeverity' + tags: + description: List of tags associated with the critical asset. + example: + - team:database + - source:cloudtrail + items: + type: string + type: array + required: + - query + - severity + - rule_query + type: object + SecurityMonitoringCriticalAssetCreateData: + description: Object for a single critical asset. + properties: + attributes: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetCreateAttributes' + type: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetType' + required: + - type + - attributes + type: object + SecurityMonitoringCriticalAssetCreateRequest: + description: Request object that includes the critical asset that you would + like to create. + properties: + data: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetCreateData' + required: + - data + type: object + SecurityMonitoringCriticalAssetID: + description: The ID of the critical asset. + example: 4e2435a5-6670-4b8f-baff-46083cd1c250 + type: string + SecurityMonitoringCriticalAssetResponse: + description: Response object containing a single critical asset. + properties: + data: + $ref: '#/components/schemas/SecurityMonitoringCriticalAsset' + type: object + SecurityMonitoringCriticalAssetSeverity: + description: Severity associated with this critical asset. Either an explicit + severity can be set, or the severity can be increased or decreased. + enum: + - info + - low + - medium + - high + - critical + - increase + - decrease + example: increase + type: string + x-enum-varnames: + - INFO + - LOW + - MEDIUM + - HIGH + - CRITICAL + - INCREASE + - DECREASE + SecurityMonitoringCriticalAssetType: + default: critical_assets + description: The type of the resource. The value should always be `critical_assets`. + enum: + - critical_assets + example: critical_assets + type: string + x-enum-varnames: + - CRITICAL_ASSETS + SecurityMonitoringCriticalAssetUpdateAttributes: + description: The critical asset properties to be updated. + properties: + enabled: + description: Whether the critical asset is enabled. + example: true + type: boolean + query: + description: The query for the critical asset. It uses the same syntax as + the queries to search signals in the Signals Explorer. + example: security:monitoring + type: string + rule_query: + description: The rule query of the critical asset, with the same syntax + as the search bar for detection rules. This determines which rules this + critical asset will apply to. + example: type:log_detection source:cloudtrail + type: string + severity: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetSeverity' + tags: + description: List of tags associated with the critical asset. + example: + - technique:T1110-brute-force + - source:cloudtrail + items: + type: string + type: array + version: + description: The version of the critical asset being updated. Used for optimistic + locking to prevent concurrent modifications. + example: 1 + format: int32 + maximum: 2147483647 + type: integer + type: object + SecurityMonitoringCriticalAssetUpdateData: + description: The new critical asset properties; partial updates are supported. + properties: + attributes: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetUpdateAttributes' + type: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetType' + required: + - type + - attributes + type: object + SecurityMonitoringCriticalAssetUpdateRequest: + description: Request object containing the fields to update on the critical + asset. + properties: + data: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetUpdateData' + required: + - data + type: object + SecurityMonitoringCriticalAssetsResponse: + description: Response object containing the available critical assets. + properties: + data: + description: A list of critical assets objects. + items: + $ref: '#/components/schemas/SecurityMonitoringCriticalAsset' + type: array + type: object SecurityMonitoringFilter: description: The rule's suppression filter. properties: @@ -60802,6 +61040,8 @@ components: & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization. security_comments_read: Read comments of vulnerabilities. + security_monitoring_critical_assets_read: Read Critical Assets. + security_monitoring_critical_assets_write: Write Critical Assets. security_monitoring_filters_read: Read Security Filters. security_monitoring_filters_write: Create, edit, and delete Security Filters. security_monitoring_findings_read: View a list of findings that include @@ -86146,6 +86386,190 @@ paths: operator: OR permissions: - security_monitoring_cws_agent_rules_write + /api/v2/security_monitoring/configuration/critical_assets: + get: + description: Get the list of all critical assets. + operationId: ListSecurityMonitoringCriticalAssets + parameters: + - description: Query string. + in: query + name: query + required: false + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetsResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_read + summary: Get all critical assets + tags: + - Security Monitoring + x-menu-order: 0 + post: + description: Create a new critical asset. + operationId: CreateSecurityMonitoringCriticalAsset + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetCreateRequest' + description: The definition of the new critical asset. + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '409': + $ref: '#/components/responses/ConflictResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_write + summary: Create a critical asset + tags: + - Security Monitoring + x-codegen-request-body-name: body + x-menu-order: 0 + /api/v2/security_monitoring/configuration/critical_assets/rules/{rule_id}: + get: + description: Get the list of critical assets that affect a specific existing + rule by the rule's ID. + operationId: GetCriticalAssetsAffectingRule + parameters: + - $ref: '#/components/parameters/SecurityMonitoringRuleID' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetsResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_read + summary: Get critical assets affecting a specific rule + tags: + - Security Monitoring + x-menu-order: 0 + /api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}: + delete: + description: Delete a specific critical asset. + operationId: DeleteSecurityMonitoringCriticalAsset + parameters: + - $ref: '#/components/parameters/SecurityMonitoringCriticalAssetID' + responses: + '204': + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_write + summary: Delete a critical asset + tags: + - Security Monitoring + x-menu-order: 0 + get: + description: Get the details of a specific critical asset. + operationId: GetSecurityMonitoringCriticalAsset + parameters: + - $ref: '#/components/parameters/SecurityMonitoringCriticalAssetID' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_read + summary: Get a critical asset + tags: + - Security Monitoring + x-menu-order: 0 + patch: + description: Update a specific critical asset. + operationId: UpdateSecurityMonitoringCriticalAsset + parameters: + - $ref: '#/components/parameters/SecurityMonitoringCriticalAssetID' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetUpdateRequest' + description: New definition of the critical asset. Supports partial updates. + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '409': + $ref: '#/components/responses/ConcurrentModificationResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_write + summary: Update a critical asset + tags: + - Security Monitoring + x-menu-order: 0 /api/v2/security_monitoring/configuration/security_filters: get: description: Get the list of configured security filters with their definitions. @@ -93404,6 +93828,11 @@ tags: name: Logs Archives - description: 'Custom Destinations forward all the logs ingested to an external destination. + + **Note**: Log forwarding is not available for the Government (US1-FED) site. Contact + your account representative for more information. + + See the [Custom Destinations Page](https://app.datadoghq.com/logs/pipelines/log-forwarding/custom-destinations) for a list of the custom destinations currently configured in web UI.' diff --git a/data/api/v2/translate_actions.json b/data/api/v2/translate_actions.json index f759c2267fa..4208375299c 100644 --- a/data/api/v2/translate_actions.json +++ b/data/api/v2/translate_actions.json @@ -2801,6 +2801,34 @@ "request_description": "New definition of the agent rule", "request_schema_description": "Request object that includes the Agent rule with the attributes to update" }, + "ListSecurityMonitoringCriticalAssets": { + "description": "Get the list of all critical assets.", + "summary": "Get all critical assets" + }, + "CreateSecurityMonitoringCriticalAsset": { + "description": "Create a new critical asset.", + "summary": "Create a critical asset", + "request_description": "The definition of the new critical asset.", + "request_schema_description": "Request object that includes the critical asset that you would like to create." + }, + "GetCriticalAssetsAffectingRule": { + "description": "Get the list of critical assets that affect a specific existing rule by the rule's ID.", + "summary": "Get critical assets affecting a specific rule" + }, + "DeleteSecurityMonitoringCriticalAsset": { + "description": "Delete a specific critical asset.", + "summary": "Delete a critical asset" + }, + "GetSecurityMonitoringCriticalAsset": { + "description": "Get the details of a specific critical asset.", + "summary": "Get a critical asset" + }, + "UpdateSecurityMonitoringCriticalAsset": { + "description": "Update a specific critical asset.", + "summary": "Update a critical asset", + "request_description": "New definition of the critical asset. Supports partial updates.", + "request_schema_description": "Request object containing the fields to update on the critical asset." + }, "ListSecurityFilters": { "description": "Get the list of configured security filters with their definitions.", "summary": "Get all security filters" diff --git a/data/api/v2/translate_tags.json b/data/api/v2/translate_tags.json index ea2404557db..1e1f9ccc797 100644 --- a/data/api/v2/translate_tags.json +++ b/data/api/v2/translate_tags.json @@ -177,7 +177,7 @@ }, "logs-custom-destinations": { "name": "Logs Custom Destinations", - "description": "Custom Destinations forward all the logs ingested to an external destination.\n\nSee the [Custom Destinations Page](https://app.datadoghq.com/logs/pipelines/log-forwarding/custom-destinations)\nfor a list of the custom destinations currently configured in web UI." + "description": "Custom Destinations forward all the logs ingested to an external destination.\n\n**Note**: Log forwarding is not available for the Government (US1-FED) site. Contact your account representative for more information.\n\nSee the [Custom Destinations Page](https://app.datadoghq.com/logs/pipelines/log-forwarding/custom-destinations)\nfor a list of the custom destinations currently configured in web UI." }, "logs-metrics": { "name": "Logs Metrics",