diff --git a/.apigentools-info b/.apigentools-info index a6db5089f0de..5919d6496ca1 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2025-02-10 19:09:32.740537", - "spec_repo_commit": "824f78a1" + "regenerated": "2025-02-11 09:59:40.774900", + "spec_repo_commit": "b980d49f" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2025-02-10 19:09:32.756088", - "spec_repo_commit": "824f78a1" + "regenerated": "2025-02-11 09:59:40.793035", + "spec_repo_commit": "b980d49f" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 1cb9d8453bba..b0adf622a072 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -15657,6 +15657,15 @@ components: example: 1729843470000 format: int64 type: integer + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array index: description: Index used to load the data. example: cloud_siem @@ -24242,6 +24251,11 @@ components: SecurityMonitoringRuleCase: description: Case when signal is generated. properties: + actions: + description: Action to perform for each rule case. + items: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction' + type: array condition: description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated @@ -24260,9 +24274,42 @@ components: status: $ref: '#/components/schemas/SecurityMonitoringRuleSeverity' type: object + SecurityMonitoringRuleCaseAction: + description: Action to perform when a signal is triggered. Only available for + Application Security rule type. + properties: + options: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptions' + type: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionType' + type: object + SecurityMonitoringRuleCaseActionOptions: + description: Options for the rule action + properties: + duration: + description: Duration of the action in seconds. 0 indicates no expiration. + example: 0 + format: int64 + minimum: 0 + type: integer + type: object + SecurityMonitoringRuleCaseActionType: + description: The action type. + enum: + - block_ip + - block_user + type: string + x-enum-varnames: + - BLOCK_IP + - BLOCK_USER SecurityMonitoringRuleCaseCreate: description: Case when signal is generated. properties: + actions: + description: Action to perform for each rule case. + items: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction' + type: array condition: description: 'A case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated @@ -24724,6 +24771,15 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. @@ -25429,6 +25485,15 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. @@ -25501,6 +25566,15 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. @@ -25642,6 +25716,15 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. @@ -25719,6 +25802,15 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringFilter' type: array + groupSignalsBy: + description: Additional grouping to perform on top of the existing groups + in the query section. Must be a subset of the existing groups. + example: + - service + items: + description: Field to group by. + type: string + type: array hasExtendedTitle: description: Whether the notifications include the triggering group-by values in their title. diff --git a/cassettes/v2/Security-Monitoring_1187227211/Create-a-detection-rule-with-type-application_security-returns-OK-response_4179263030/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Create-a-detection-rule-with-type-application_security-returns-OK-response_4179263030/frozen.json new file mode 100644 index 000000000000..b730e2733eab --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Create-a-detection-rule-with-type-application_security-returns-OK-response_4179263030/frozen.json @@ -0,0 +1 @@ +"2025-02-06T16:50:39.787Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Create-a-detection-rule-with-type-application_security-returns-OK-response_4179263030/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Create-a-detection-rule-with-type-application_security-returns-OK-response_4179263030/recording.har new file mode 100644 index 000000000000..fe5857325499 --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Create-a-detection-rule-with-type-application_security-returns-OK-response_4179263030/recording.har @@ -0,0 +1,110 @@ +{ + "log": { + "_recordingName": "Security Monitoring/Create a detection rule with type 'application_security 'returns \"OK\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "e25ba2dd2cd854ae985a97cf9b520975", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 656, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 588, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"cases\":[{\"actions\":[{\"options\":{\"duration\":900},\"type\":\"block_ip\"}],\"condition\":\"a > 100000\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"groupSignalsBy\":[\"service\"],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_detection_rule_with_type_application_security_returns_OK_response-1738860639_appsec_rule\",\"options\":{\"detectionMethod\":\"threshold\",\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[\"service\",\"@http.client_ip\"],\"query\":\"@appsec.security_activity:business_logic.users.login.failure\"}],\"tags\":[],\"type\":\"application_security\"}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security_monitoring/rules" + }, + "response": { + "bodySize": 1153, + "content": { + "mimeType": "application/json", + "size": 1153, + "text": "{\"name\":\"Test-Create_a_detection_rule_with_type_application_security_returns_OK_response-1738860639_appsec_rule\",\"createdAt\":1738860640426,\"isDefault\":false,\"isPartner\":false,\"isEnabled\":true,\"isBeta\":false,\"isDeleted\":false,\"isDeprecated\":false,\"queries\":[{\"query\":\"@appsec.security_activity:business_logic.users.login.failure\",\"groupByFields\":[\"service\",\"@http.client_ip\"],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\",\"dataSource\":\"app_sec_spans\"}],\"options\":{\"evaluationWindow\":900,\"detectionMethod\":\"threshold\",\"maxSignalDuration\":86400,\"keepAlive\":3600},\"cases\":[{\"name\":\"\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 100000\",\"actions\":[{\"type\":\"block_ip\",\"options\":{\"duration\":900}}]}],\"message\":\"Test rule\",\"tags\":[],\"hasExtendedTitle\":false,\"type\":\"application_security\",\"filters\":[],\"version\":1,\"id\":\"rfn-h2v-udr\",\"blocking\":true,\"groupSignalsBy\":[\"service\"],\"casesActions\":[[{\"type\":\"block_ip\",\"options\":{\"duration\":900}}]],\"dependencies\":[\"business_logic.users.login.failure\"],\"metadata\":{\"entities\":null,\"sources\":null},\"creator\":{\"handle\":\"\",\"name\":\"\"},\"updater\":{\"handle\":\"\",\"name\":\"\"}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 656, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-02-06T16:50:40.180Z", + "time": 287 + }, + { + "_id": "d0c7ee9e7178f2b7bb6ab84e899effed", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + } + ], + "headersSize": 536, + "httpVersion": "HTTP/1.1", + "method": "DELETE", + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security_monitoring/rules/rfn-h2v-udr" + }, + "response": { + "bodySize": 36, + "content": { + "mimeType": "application/json", + "size": 36, + "text": "{\"status\":\"404\",\"title\":\"Not Found\"}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 654, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 404, + "statusText": "Not Found" + }, + "startedDateTime": "2025-02-06T16:50:40.475Z", + "time": 127 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.ts b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.ts new file mode 100644 index 000000000000..b24646772edf --- /dev/null +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.ts @@ -0,0 +1,59 @@ +/** + * Create a detection rule with type 'application_security 'returns "OK" response + */ + +import { client, v2 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +const apiInstance = new v2.SecurityMonitoringApi(configuration); + +const params: v2.SecurityMonitoringApiCreateSecurityMonitoringRuleRequest = { + body: { + type: "application_security", + name: "Example-Security-Monitoring_appsec_rule", + queries: [ + { + query: "@appsec.security_activity:business_logic.users.login.failure", + aggregation: "count", + groupByFields: ["service", "@http.client_ip"], + distinctFields: [], + }, + ], + filters: [], + cases: [ + { + name: "", + status: "info", + notifications: [], + condition: "a > 100000", + actions: [ + { + type: "block_ip", + options: { + duration: 900, + }, + }, + ], + }, + ], + options: { + keepAlive: 3600, + maxSignalDuration: 86400, + evaluationWindow: 900, + detectionMethod: "threshold", + }, + isEnabled: true, + message: "Test rule", + tags: [], + groupSignalsBy: ["service"], + }, +}; + +apiInstance + .createSecurityMonitoringRule(params) + .then((data: v2.SecurityMonitoringRuleResponse) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index aaea07a9f8a7..ec4c3d3f39d9 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -200,6 +200,16 @@ Feature: Security Monitoring And the response "options.detectionMethod" is equal to "third_party" And the response "thirdPartyCases[0].query" is equal to "status:error" + @skip-validation @team:DataDog/k9-cloud-security-platform + Scenario: Create a detection rule with type 'application_security 'returns "OK" response + Given new "CreateSecurityMonitoringRule" request + And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]} + When the request is sent + Then the response status is 200 OK + And the response "name" is equal to "{{ unique }}_appsec_rule" + And the response "type" is equal to "application_security" + And the response "message" is equal to "Test rule" + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule with type 'impossible_travel' returns "OK" response Given new "CreateSecurityMonitoringRule" request diff --git a/packages/datadog-api-client-v2/index.ts b/packages/datadog-api-client-v2/index.ts index 2229d9f7aa31..c6b2d24ad257 100644 --- a/packages/datadog-api-client-v2/index.ts +++ b/packages/datadog-api-client-v2/index.ts @@ -2146,6 +2146,9 @@ export { SecurityMonitoringFilterAction } from "./models/SecurityMonitoringFilte export { SecurityMonitoringListRulesResponse } from "./models/SecurityMonitoringListRulesResponse"; export { SecurityMonitoringReferenceTable } from "./models/SecurityMonitoringReferenceTable"; export { SecurityMonitoringRuleCase } from "./models/SecurityMonitoringRuleCase"; +export { SecurityMonitoringRuleCaseAction } from "./models/SecurityMonitoringRuleCaseAction"; +export { SecurityMonitoringRuleCaseActionOptions } from "./models/SecurityMonitoringRuleCaseActionOptions"; +export { SecurityMonitoringRuleCaseActionType } from "./models/SecurityMonitoringRuleCaseActionType"; export { SecurityMonitoringRuleCaseCreate } from "./models/SecurityMonitoringRuleCaseCreate"; export { SecurityMonitoringRuleConvertPayload } from "./models/SecurityMonitoringRuleConvertPayload"; export { SecurityMonitoringRuleConvertResponse } from "./models/SecurityMonitoringRuleConvertResponse"; diff --git a/packages/datadog-api-client-v2/models/JobDefinition.ts b/packages/datadog-api-client-v2/models/JobDefinition.ts index 4e69f3982156..a44da3985986 100644 --- a/packages/datadog-api-client-v2/models/JobDefinition.ts +++ b/packages/datadog-api-client-v2/models/JobDefinition.ts @@ -28,6 +28,10 @@ export class JobDefinition { * Starting time of data analyzed by the job. */ "from": number; + /** + * Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + */ + "groupSignalsBy"?: Array; /** * Index used to load the data. */ @@ -100,6 +104,10 @@ export class JobDefinition { required: true, format: "int64", }, + groupSignalsBy: { + baseName: "groupSignalsBy", + type: "Array", + }, index: { baseName: "index", type: "string", diff --git a/packages/datadog-api-client-v2/models/ObjectSerializer.ts b/packages/datadog-api-client-v2/models/ObjectSerializer.ts index f8b00fd85d84..5b9c7560bab8 100644 --- a/packages/datadog-api-client-v2/models/ObjectSerializer.ts +++ b/packages/datadog-api-client-v2/models/ObjectSerializer.ts @@ -1189,6 +1189,8 @@ import { SecurityMonitoringFilter } from "./SecurityMonitoringFilter"; import { SecurityMonitoringListRulesResponse } from "./SecurityMonitoringListRulesResponse"; import { SecurityMonitoringReferenceTable } from "./SecurityMonitoringReferenceTable"; import { SecurityMonitoringRuleCase } from "./SecurityMonitoringRuleCase"; +import { SecurityMonitoringRuleCaseAction } from "./SecurityMonitoringRuleCaseAction"; +import { SecurityMonitoringRuleCaseActionOptions } from "./SecurityMonitoringRuleCaseActionOptions"; import { SecurityMonitoringRuleCaseCreate } from "./SecurityMonitoringRuleCaseCreate"; import { SecurityMonitoringRuleConvertResponse } from "./SecurityMonitoringRuleConvertResponse"; import { SecurityMonitoringRuleImpossibleTravelOptions } from "./SecurityMonitoringRuleImpossibleTravelOptions"; @@ -2075,6 +2077,7 @@ const enumsMap: { [key: string]: any[] } = { SecurityFilterFilteredDataType: ["logs"], SecurityFilterType: ["security_filters"], SecurityMonitoringFilterAction: ["require", "suppress"], + SecurityMonitoringRuleCaseActionType: ["block_ip", "block_user"], SecurityMonitoringRuleDetectionMethod: [ "threshold", "new_value", @@ -3678,6 +3681,9 @@ const typeMap: { [index: string]: any } = { SecurityMonitoringListRulesResponse: SecurityMonitoringListRulesResponse, SecurityMonitoringReferenceTable: SecurityMonitoringReferenceTable, SecurityMonitoringRuleCase: SecurityMonitoringRuleCase, + SecurityMonitoringRuleCaseAction: SecurityMonitoringRuleCaseAction, + SecurityMonitoringRuleCaseActionOptions: + SecurityMonitoringRuleCaseActionOptions, SecurityMonitoringRuleCaseCreate: SecurityMonitoringRuleCaseCreate, SecurityMonitoringRuleConvertResponse: SecurityMonitoringRuleConvertResponse, SecurityMonitoringRuleImpossibleTravelOptions: diff --git a/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCase.ts b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCase.ts index 3e0859c52c02..0392e7564f25 100644 --- a/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCase.ts +++ b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCase.ts @@ -3,6 +3,7 @@ * This product includes software developed at Datadog (https://www.datadoghq.com/). * Copyright 2020-Present Datadog, Inc. */ +import { SecurityMonitoringRuleCaseAction } from "./SecurityMonitoringRuleCaseAction"; import { SecurityMonitoringRuleSeverity } from "./SecurityMonitoringRuleSeverity"; import { AttributeTypeMap } from "../../datadog-api-client-common/util"; @@ -11,6 +12,10 @@ import { AttributeTypeMap } from "../../datadog-api-client-common/util"; * Case when signal is generated. */ export class SecurityMonitoringRuleCase { + /** + * Action to perform for each rule case. + */ + "actions"?: Array; /** * A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated * based on the event counts in the previously defined queries. @@ -45,6 +50,10 @@ export class SecurityMonitoringRuleCase { * @ignore */ static readonly attributeTypeMap: AttributeTypeMap = { + actions: { + baseName: "actions", + type: "Array", + }, condition: { baseName: "condition", type: "string", diff --git a/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseAction.ts b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseAction.ts new file mode 100644 index 000000000000..3e30fe7c9fb7 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseAction.ts @@ -0,0 +1,62 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { SecurityMonitoringRuleCaseActionOptions } from "./SecurityMonitoringRuleCaseActionOptions"; +import { SecurityMonitoringRuleCaseActionType } from "./SecurityMonitoringRuleCaseActionType"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Action to perform when a signal is triggered. Only available for Application Security rule type. + */ +export class SecurityMonitoringRuleCaseAction { + /** + * Options for the rule action + */ + "options"?: SecurityMonitoringRuleCaseActionOptions; + /** + * The action type. + */ + "type"?: SecurityMonitoringRuleCaseActionType; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + options: { + baseName: "options", + type: "SecurityMonitoringRuleCaseActionOptions", + }, + type: { + baseName: "type", + type: "SecurityMonitoringRuleCaseActionType", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "any", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityMonitoringRuleCaseAction.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseActionOptions.ts b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseActionOptions.ts new file mode 100644 index 000000000000..992e7ca8daea --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseActionOptions.ts @@ -0,0 +1,53 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Options for the rule action + */ +export class SecurityMonitoringRuleCaseActionOptions { + /** + * Duration of the action in seconds. 0 indicates no expiration. + */ + "duration"?: number; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + duration: { + baseName: "duration", + type: "number", + format: "int64", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "any", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return SecurityMonitoringRuleCaseActionOptions.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseActionType.ts b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseActionType.ts new file mode 100644 index 000000000000..9aefa4826658 --- /dev/null +++ b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseActionType.ts @@ -0,0 +1,18 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * The action type. + */ + +export type SecurityMonitoringRuleCaseActionType = + | typeof BLOCK_IP + | typeof BLOCK_USER + | UnparsedObject; +export const BLOCK_IP = "block_ip"; +export const BLOCK_USER = "block_user"; diff --git a/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseCreate.ts b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseCreate.ts index dfaf7168203b..14f6d578cf74 100644 --- a/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseCreate.ts +++ b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleCaseCreate.ts @@ -3,6 +3,7 @@ * This product includes software developed at Datadog (https://www.datadoghq.com/). * Copyright 2020-Present Datadog, Inc. */ +import { SecurityMonitoringRuleCaseAction } from "./SecurityMonitoringRuleCaseAction"; import { SecurityMonitoringRuleSeverity } from "./SecurityMonitoringRuleSeverity"; import { AttributeTypeMap } from "../../datadog-api-client-common/util"; @@ -11,6 +12,10 @@ import { AttributeTypeMap } from "../../datadog-api-client-common/util"; * Case when signal is generated. */ export class SecurityMonitoringRuleCaseCreate { + /** + * Action to perform for each rule case. + */ + "actions"?: Array; /** * A case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated * based on the event counts in the previously defined queries. @@ -45,6 +50,10 @@ export class SecurityMonitoringRuleCaseCreate { * @ignore */ static readonly attributeTypeMap: AttributeTypeMap = { + actions: { + baseName: "actions", + type: "Array", + }, condition: { baseName: "condition", type: "string", diff --git a/packages/datadog-api-client-v2/models/SecurityMonitoringRuleUpdatePayload.ts b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleUpdatePayload.ts index e2a877fdba41..a900d23ab195 100644 --- a/packages/datadog-api-client-v2/models/SecurityMonitoringRuleUpdatePayload.ts +++ b/packages/datadog-api-client-v2/models/SecurityMonitoringRuleUpdatePayload.ts @@ -29,6 +29,10 @@ export class SecurityMonitoringRuleUpdatePayload { * Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. */ "filters"?: Array; + /** + * Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + */ + "groupSignalsBy"?: Array; /** * Whether the notifications include the triggering group-by values in their title. */ @@ -98,6 +102,10 @@ export class SecurityMonitoringRuleUpdatePayload { baseName: "filters", type: "Array", }, + groupSignalsBy: { + baseName: "groupSignalsBy", + type: "Array", + }, hasExtendedTitle: { baseName: "hasExtendedTitle", type: "boolean", diff --git a/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleCreatePayload.ts b/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleCreatePayload.ts index 3fb17c0401a5..42b9b4e75549 100644 --- a/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleCreatePayload.ts +++ b/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleCreatePayload.ts @@ -25,6 +25,10 @@ export class SecurityMonitoringStandardRuleCreatePayload { * Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. */ "filters"?: Array; + /** + * Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + */ + "groupSignalsBy"?: Array; /** * Whether the notifications include the triggering group-by values in their title. */ @@ -91,6 +95,10 @@ export class SecurityMonitoringStandardRuleCreatePayload { baseName: "filters", type: "Array", }, + groupSignalsBy: { + baseName: "groupSignalsBy", + type: "Array", + }, hasExtendedTitle: { baseName: "hasExtendedTitle", type: "boolean", diff --git a/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRulePayload.ts b/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRulePayload.ts index 6bb90fb4b900..c990c69af64b 100644 --- a/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRulePayload.ts +++ b/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRulePayload.ts @@ -25,6 +25,10 @@ export class SecurityMonitoringStandardRulePayload { * Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. */ "filters"?: Array; + /** + * Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + */ + "groupSignalsBy"?: Array; /** * Whether the notifications include the triggering group-by values in their title. */ @@ -91,6 +95,10 @@ export class SecurityMonitoringStandardRulePayload { baseName: "filters", type: "Array", }, + groupSignalsBy: { + baseName: "groupSignalsBy", + type: "Array", + }, hasExtendedTitle: { baseName: "hasExtendedTitle", type: "boolean", diff --git a/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleResponse.ts b/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleResponse.ts index 195e5e0bcf85..41a7cf1e7bf2 100644 --- a/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleResponse.ts +++ b/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleResponse.ts @@ -46,6 +46,10 @@ export class SecurityMonitoringStandardRuleResponse { * Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. */ "filters"?: Array; + /** + * Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + */ + "groupSignalsBy"?: Array; /** * Whether the notifications include the triggering group-by values in their title. */ @@ -158,6 +162,10 @@ export class SecurityMonitoringStandardRuleResponse { baseName: "filters", type: "Array", }, + groupSignalsBy: { + baseName: "groupSignalsBy", + type: "Array", + }, hasExtendedTitle: { baseName: "hasExtendedTitle", type: "boolean", diff --git a/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleTestPayload.ts b/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleTestPayload.ts index bdf02fcca7aa..67c970fab869 100644 --- a/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleTestPayload.ts +++ b/packages/datadog-api-client-v2/models/SecurityMonitoringStandardRuleTestPayload.ts @@ -25,6 +25,10 @@ export class SecurityMonitoringStandardRuleTestPayload { * Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules. */ "filters"?: Array; + /** + * Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups. + */ + "groupSignalsBy"?: Array; /** * Whether the notifications include the triggering group-by values in their title. */ @@ -91,6 +95,10 @@ export class SecurityMonitoringStandardRuleTestPayload { baseName: "filters", type: "Array", }, + groupSignalsBy: { + baseName: "groupSignalsBy", + type: "Array", + }, hasExtendedTitle: { baseName: "hasExtendedTitle", type: "boolean",