Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Record Security Monitoring cassettes due to Payload updates #2951

Merged
merged 1 commit into from
Feb 26, 2025
+42 −50
Merged

Record Security Monitoring cassettes due to Payload updates #2951

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .apigentools-info
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@
"spec_versions": {
"v1": {
"apigentools_version": "1.6.6",
"regenerated": "2025-02-25 17:19:35.598368",
"spec_repo_commit": "7b09d7dd"
"regenerated": "2025-02-26 17:41:54.560567",
"spec_repo_commit": "e04872fb"
},
"v2": {
"apigentools_version": "1.6.6",
"regenerated": "2025-02-25 17:19:35.613826",
"spec_repo_commit": "7b09d7dd"
"regenerated": "2025-02-26 17:41:54.579763",
"spec_repo_commit": "e04872fb"
}
}
}
2 changes: 1 addition & 1 deletion ...oring/Scenario_Convert_an_existing_rule_from_JSON_to_Terraform_returns_OK_response.freeze
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2024-06-24T19:55:06.421Z
2025-02-26T17:28:43.473Z
22 changes: 9 additions & 13 deletions ...itoring/Scenario_Convert_an_existing_rule_from_JSON_to_Terraform_returns_OK_response.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
interactions:
- request:
body: |
{"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Convert_an_existing_rule_from_JSON_to_Terraform_returns_OK_response-1719258906","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[],"type":"log_detection"}
{"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Convert_an_existing_rule_from_JSON_to_Terraform_returns_OK_response-1740590923","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[],"type":"log_detection"}
form: {}
headers:
Accept:
Expand All @@ -12,10 +12,8 @@ interactions:
method: POST
url: https://api.datadoghq.com/api/v2/security_monitoring/rules
response:
body: '{"id":"eu8-b0k-wzc","version":1,"name":"Test-Convert_an_existing_rule_from_JSON_to_Terraform_returns_OK_response-1719258906","createdAt":1719258906588,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a
> 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]}
'
body: '{"name":"Test-Convert_an_existing_rule_from_JSON_to_Terraform_returns_OK_response-1740590923","createdAt":1740590923738,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a
\u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"wva-gkr-uze","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"[email protected]","name":"frog"},"updater":{"handle":"","name":""}}'
code: 200
duration: 0ms
headers:
Expand All @@ -30,18 +28,16 @@ interactions:
- application/json
id: 1
method: GET
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/eu8-b0k-wzc/convert
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/wva-gkr-uze/convert
response:
body: '{"terraformContent":"resource \"datadog_security_monitoring_rule\" \"test-convert_an_existing_rule_from_json_to_terraform_returns_ok_response-1719258906\"
{\n\tname = \"Test-Convert_an_existing_rule_from_JSON_to_Terraform_returns_OK_response-1719258906\"\n\tenabled
body: '{"terraformContent":"resource \"datadog_security_monitoring_rule\" \"test-convert_an_existing_rule_from_json_to_terraform_returns_ok_response-1740590923\"
{\n\tname = \"Test-Convert_an_existing_rule_from_JSON_to_Terraform_returns_OK_response-1740590923\"\n\tenabled
= true\n\tquery {\n\t\tquery = \"@test:true\"\n\t\tgroup_by_fields = []\n\t\tdistinct_fields
= []\n\t\taggregation = \"count\"\n\t\tname = \"\"\n\t}\n\toptions {\n\t\tkeep_alive
= 3600\n\t\tmax_signal_duration = 86400\n\t\tdetection_method = \"threshold\"\n\t\tevaluation_window
= 900\n\t}\n\tcase {\n\t\tname = \"\"\n\t\tstatus = \"info\"\n\t\tnotifications
= []\n\t\tcondition = \"a > 0\"\n\t}\n\tmessage = \"Test rule\"\n\ttags = []\n\thas_extended_title
= false\n\ttype = \"log_detection\"\n}\n"}
'
= []\n\t\tcondition = \"a \u003e 0\"\n\t}\n\tmessage = \"Test rule\"\n\ttags
= []\n\thas_extended_title = false\n\ttype = \"log_detection\"\n}\n"}'
code: 200
duration: 0ms
headers:
Expand All @@ -56,7 +52,7 @@ interactions:
- '*/*'
id: 2
method: DELETE
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/eu8-b0k-wzc
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/wva-gkr-uze
response:
body: ''
code: 204
Expand Down
2 changes: 1 addition & 1 deletion ...ario_Create_a_detection_rule_with_detection_method_third_party_returns_OK_response.freeze
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2024-09-04T13:32:10.858Z
2025-02-26T17:28:46.568Z
12 changes: 5 additions & 7 deletions ...enario_Create_a_detection_rule_with_detection_method_third_party_returns_OK_response.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
interactions:
- request:
body: |
{"cases":[],"isEnabled":true,"message":"This is a third party rule","name":"Test-Create_a_detection_rule_with_detection_method_third_party_returns_OK_response-1725456730","options":{"detectionMethod":"third_party","keepAlive":0,"maxSignalDuration":600,"thirdPartyRuleOptions":{"defaultStatus":"info","rootQueries":[{"groupByFields":["instance-id"],"query":"source:guardduty @details.alertType:*EC2*"},{"groupByFields":[],"query":"source:guardduty"}]}},"queries":[],"thirdPartyCases":[{"name":"high","query":"status:error","status":"high"},{"name":"low","query":"status:info","status":"low"}],"type":"log_detection"}
{"cases":[],"isEnabled":true,"message":"This is a third party rule","name":"Test-Create_a_detection_rule_with_detection_method_third_party_returns_OK_response-1740590926","options":{"detectionMethod":"third_party","keepAlive":0,"maxSignalDuration":600,"thirdPartyRuleOptions":{"defaultStatus":"info","rootQueries":[{"groupByFields":["instance-id"],"query":"source:guardduty @details.alertType:*EC2*"},{"groupByFields":[],"query":"source:guardduty"}]}},"queries":[],"thirdPartyCases":[{"name":"high","query":"status:error","status":"high"},{"name":"low","query":"status:info","status":"low"}],"type":"log_detection"}
form: {}
headers:
Accept:
Expand All @@ -12,11 +12,9 @@ interactions:
method: POST
url: https://api.datadoghq.com/api/v2/security_monitoring/rules
response:
body: '{"id":"rvf-kfc-pxh","version":1,"name":"Test-Create_a_detection_rule_with_detection_method_third_party_returns_OK_response-1725456730","createdAt":1725456731210,"creationAuthorId":1445416,"isDefault":false,"isEnabled":true,"isDeleted":false,"queries":[{"query":"status:error","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"none","name":""},{"query":"status:info","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"none","name":""}],"options":{"keepAlive":0,"maxSignalDuration":600,"detectionMethod":"third_party","evaluationWindow":0,"thirdPartyRuleOptions":{"defaultStatus":"info","defaultNotifications":[],"rootQueries":[{"query":"source:guardduty
@details.alertType:*EC2*","groupByFields":["instance-id"]},{"query":"source:guardduty","groupByFields":[]}]}},"cases":[{"name":"high","status":"high","notifications":[]},{"name":"low","status":"low","notifications":[]}],"message":"This
is a third party rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"thirdPartyCases":[{"name":"high","status":"high","notifications":[],"query":"status:error"},{"name":"low","status":"low","notifications":[],"query":"status:info"}]}

'
body: '{"name":"Test-Create_a_detection_rule_with_detection_method_third_party_returns_OK_response-1740590926","createdAt":1740590926922,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"status:error","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"none","name":"","dataSource":"logs"},{"query":"status:info","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"none","name":"","dataSource":"logs"}],"options":{"evaluationWindow":0,"detectionMethod":"third_party","maxSignalDuration":600,"keepAlive":0,"thirdPartyRuleOptions":{"defaultStatus":"info","rootQueries":[{"query":"source:guardduty
@details.alertType:*EC2*","groupByFields":["instance-id"]},{"query":"source:guardduty","groupByFields":[]}],"defaultNotifications":[]}},"cases":[{"name":"high","status":"high","notifications":[]},{"name":"low","status":"low","notifications":[]}],"message":"This
is a third party rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"h74-lse-wq3","blocking":false,"metadata":{"entities":null,"sources":null},"thirdPartyCases":[{"name":"high","status":"high","notifications":[],"query":"status:error"},{"name":"low","status":"low","notifications":[],"query":"status:info"}],"creationAuthorId":1445416,"creator":{"handle":"[email protected]","name":"frog"},"updater":{"handle":"","name":""}}'
code: 200
duration: 0ms
headers:
Expand All @@ -31,7 +29,7 @@ interactions:
- '*/*'
id: 1
method: DELETE
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/rvf-kfc-pxh
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/h74-lse-wq3
response:
body: ''
code: 204
Expand Down
2 changes: 1 addition & 1 deletion ...ios/v2/Feature_Security_Monitoring/Scenario_Get_a_jobs_details_returns_OK_response.freeze
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2024-12-18T17:02:38.823Z
2025-02-26T17:29:04.516Z
13 changes: 6 additions & 7 deletions ...arios/v2/Feature_Security_Monitoring/Scenario_Get_a_jobs_details_returns_OK_response.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ interactions:
method: POST
url: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs
response:
body: '{"data":{"id":"fa90e7ac-998d-4bf4-9d32-2e831a1e9479","type":"historicalDetectionsJob"}}'
body: '{"data":{"id":"1b7a2a3e-487a-4732-aab6-58eba621a138","type":"historicalDetectionsJob"}}'
code: 201
duration: 0ms
headers:
Expand All @@ -27,15 +27,14 @@ interactions:
- application/json
id: 1
method: GET
url: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/fa90e7ac-998d-4bf4-9d32-2e831a1e9479
url: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/1b7a2a3e-487a-4732-aab6-58eba621a138
response:
body: '{"data":{"id":"fa90e7ac-998d-4bf4-9d32-2e831a1e9479","type":"historicalDetectionsJob","attributes":{"createdAt":"2024-12-18
17:02:39.551791+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI
Account","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive
body: '{"data":{"id":"1b7a2a3e-487a-4732-aab6-58eba621a138","type":"historicalDetectionsJob","attributes":{"createdAt":"2025-02-26
17:29:04.769285+00","createdByHandle":"[email protected]","createdByName":"frog","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive
number of failed attempts.","cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a
\u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A
\u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A
large number of failed login attempts.","tags":[],"type":"log_detection"},"jobName":"Excessive
number of failed attempts.","jobStatus":"pending","modifiedAt":"2024-12-18 17:02:39.551791+00"}}}'
number of failed attempts.","jobStatus":"pending","modifiedAt":"2025-02-26 17:29:04.769285+00"}}}'
code: 200
duration: 0ms
headers:
Expand Down
2 changes: 1 addition & 1 deletion .../Feature_Security_Monitoring/Scenario_Get_rule_version_history_returns_OK_response.freeze
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2025-02-04T22:39:17.325Z
2025-02-26T17:29:12.067Z
14 changes: 7 additions & 7 deletions ...v2/Feature_Security_Monitoring/Scenario_Get_rule_version_history_returns_OK_response.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
interactions:
- request:
body: |
{"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Get_rule_version_history_returns_OK_response-1738708757","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[],"type":"log_detection"}
{"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Get_rule_version_history_returns_OK_response-1740590952","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[],"type":"log_detection"}
form: {}
headers:
Accept:
Expand All @@ -12,8 +12,8 @@ interactions:
method: POST
url: https://api.datadoghq.com/api/v2/security_monitoring/rules
response:
body: '{"name":"Test-Get_rule_version_history_returns_OK_response-1738708757","createdAt":1738708757817,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a
\u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"gvq-qqd-jc7"}'
body: '{"name":"Test-Get_rule_version_history_returns_OK_response-1740590952","createdAt":1740590952333,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a
\u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"s3a-zh4-3yj","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"[email protected]","name":"frog"},"updater":{"handle":"","name":""}}'
code: 200
duration: 0ms
headers:
Expand All @@ -28,10 +28,10 @@ interactions:
- application/json
id: 1
method: GET
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/gvq-qqd-jc7/version_history
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/s3a-zh4-3yj/version_history
response:
body: '{"data":{"id":"gvq-qqd-jc7","type":"GetRuleVersionHistoryResponse","attributes":{"count":1,"data":{"1":{"rule":{"name":"Test-Get_rule_version_history_returns_OK_response-1738708757","createdAt":1738708757817,"isDefault":false,"isEnabled":true,"isDeleted":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a
\u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"gvq-qqd-jc7","metadata":{"entities":null,"sources":null},"creator":{"handle":"","name":""},"updater":{"handle":"","name":""}},"changes":[]}}}}}'
body: '{"data":{"id":"s3a-zh4-3yj","type":"GetRuleVersionHistoryResponse","attributes":{"count":1,"data":{"1":{"rule":{"name":"Test-Get_rule_version_history_returns_OK_response-1740590952","createdAt":1740590952333,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a
\u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"s3a-zh4-3yj","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"[email protected]","name":"frog"},"updater":{"handle":"","name":""}},"changes":[]}}}}}'
code: 200
duration: 0ms
headers:
Expand All @@ -46,7 +46,7 @@ interactions:
- '*/*'
id: 2
method: DELETE
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/gvq-qqd-jc7
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/s3a-zh4-3yj
response:
body: ''
code: 204
Expand Down
2 changes: 1 addition & 1 deletion ...s/v2/Feature_Security_Monitoring/Scenario_List_historical_jobs_returns_OK_response.freeze
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2024-12-18T17:02:39.880Z
2025-02-26T17:29:15.346Z
Loading
Loading