Regenerate client from commit e7cfa56f of spec repo

Author: ci.datadog-api-spec

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-01-03 19:28:41.267857",
-            "spec_repo_commit": "b2d74fec"
+            "regenerated": "2024-01-04 15:18:08.876360",
+            "spec_repo_commit": "e7cfa56f"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-01-03 19:28:41.286788",
-            "spec_repo_commit": "b2d74fec"
+            "regenerated": "2024-01-04 15:18:08.899971",
+            "spec_repo_commit": "e7cfa56f"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -15616,6 +15616,8 @@ components:
           $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration'
         newValueOptions:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions'
+        thirdPartyRuleOptions:
+          $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions'
       type: object
     SecurityMonitoringRuleQuery:
       description: Query for matching rule.
@@ -15664,6 +15666,30 @@ components:
       - MEDIUM
       - HIGH
       - CRITICAL
+    SecurityMonitoringRuleThirdPartyOptions:
+      description: Options on third party rules.
+      properties:
+        defaultNotifications:
+          description: Notification targets for the logs that do not correspond to
+            any of the cases.
+          items:
+            description: Notification.
+            type: string
+          type: array
+        defaultStatus:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
+        rootQueries:
+          description: Queries to be combined with third party case queries. Each
+            of them can have different group by fields, to aggregate differently based
+            on the type of alert.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringThirdPartyRootQuery'
+          type: array
+        signalTitleTemplate:
+          description: A template for the signal title; if omitted, the title is generated
+            based on the case name.
+          type: string
+      type: object
     SecurityMonitoringRuleTypeCreate:
       description: The rule type.
       enum:
@@ -15733,6 +15759,13 @@ components:
             description: Tag.
             type: string
           type: array
+        thirdPartyCases:
+          description: Cases for generating signals from third party rules. Only available
+            for third party rules.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCase'
+          type: array
         version:
           description: The version of the rule being updated.
           example: 1
@@ -16362,6 +16395,13 @@ components:
             description: Tag.
             type: string
           type: array
+        thirdPartyCases:
+          description: Cases for generating signals from third party rules. Only available
+            for third party rules.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate'
+          type: array
         type:
           $ref: '#/components/schemas/SecurityMonitoringRuleTypeCreate'
       required:
@@ -16483,6 +16523,13 @@ components:
             description: Tag.
             type: string
           type: array
+        thirdPartyCases:
+          description: Cases for generating signals from third party rules. Only available
+            for third party rules.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCase'
+          type: array
         type:
           $ref: '#/components/schemas/SecurityMonitoringRuleTypeRead'
         updateAuthorId:
@@ -16493,6 +16540,58 @@ components:
           description: The version of the rule.
           format: int64
           type: integer
+    SecurityMonitoringThirdPartyRootQuery:
+      description: A query to be combined with the third party case query.
+      properties:
+        groupByFields:
+          description: Fields to group by.
+          items:
+            description: Field.
+            type: string
+          type: array
+        query:
+          description: Query to run on logs.
+          example: source:cloudtrail
+          type: string
+      type: object
+    SecurityMonitoringThirdPartyRuleCase:
+      description: Case when signal is generated by a third party rule.
+      properties:
+        name:
+          description: Name of the case.
+          type: string
+        notifications:
+          description: Notification targets for each rule case.
+          items:
+            description: Notification.
+            type: string
+          type: array
+        query:
+          description: A query to map a third party event to this case.
+          type: string
+        status:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
+      type: object
+    SecurityMonitoringThirdPartyRuleCaseCreate:
+      description: Case when a signal is generated by a third party rule.
+      properties:
+        name:
+          description: Name of the case.
+          type: string
+        notifications:
+          description: Notification targets for each rule case.
+          items:
+            description: Notification.
+            type: string
+          type: array
+        query:
+          description: A query to map a third party event to this case.
+          type: string
+        status:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
+      required:
+      - status
+      type: object
     SecurityMonitoringTriageUser:
       description: Object representing a given user entity.
       properties:

docs/datadog_api_client.v2.model.rst

@@ -7050,6 +7050,13 @@ security\_monitoring\_rule\_severity
    :members:
    :show-inheritance:
 
+security\_monitoring\_rule\_third\_party\_options
+-------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_third_party_options
+   :members:
+   :show-inheritance:
+
 security\_monitoring\_rule\_type\_create
 ----------------------------------------
 
@@ -7323,6 +7330,27 @@ security\_monitoring\_standard\_rule\_response
    :members:
    :show-inheritance:
 
+security\_monitoring\_third\_party\_root\_query
+-----------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_third_party_root_query
+   :members:
+   :show-inheritance:
+
+security\_monitoring\_third\_party\_rule\_case
+----------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_third_party_rule_case
+   :members:
+   :show-inheritance:
+
+security\_monitoring\_third\_party\_rule\_case\_create
+------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create
+   :members:
+   :show-inheritance:
+
 security\_monitoring\_triage\_user
 ----------------------------------
 

examples/v2/security-monitoring/CreateSecurityMonitoringRule_3367706049.py

@@ -0,0 +1,72 @@
+"""
+Create a detection rule with detection method 'third_party' returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.security_monitoring_rule_detection_method import SecurityMonitoringRuleDetectionMethod
+from datadog_api_client.v2.model.security_monitoring_rule_keep_alive import SecurityMonitoringRuleKeepAlive
+from datadog_api_client.v2.model.security_monitoring_rule_max_signal_duration import (
+    SecurityMonitoringRuleMaxSignalDuration,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions
+from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
+from datadog_api_client.v2.model.security_monitoring_rule_third_party_options import (
+    SecurityMonitoringRuleThirdPartyOptions,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_type_create import SecurityMonitoringRuleTypeCreate
+from datadog_api_client.v2.model.security_monitoring_standard_rule_create_payload import (
+    SecurityMonitoringStandardRuleCreatePayload,
+)
+from datadog_api_client.v2.model.security_monitoring_third_party_root_query import SecurityMonitoringThirdPartyRootQuery
+from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import (
+    SecurityMonitoringThirdPartyRuleCaseCreate,
+)
+
+body = SecurityMonitoringStandardRuleCreatePayload(
+    name="Example-Security-Monitoring",
+    type=SecurityMonitoringRuleTypeCreate.LOG_DETECTION,
+    is_enabled=True,
+    third_party_cases=[
+        SecurityMonitoringThirdPartyRuleCaseCreate(
+            query="status:error",
+            name="high",
+            status=SecurityMonitoringRuleSeverity.HIGH,
+        ),
+        SecurityMonitoringThirdPartyRuleCaseCreate(
+            query="status:info",
+            name="low",
+            status=SecurityMonitoringRuleSeverity.LOW,
+        ),
+    ],
+    queries=[],
+    cases=[],
+    message="This is a third party rule",
+    options=SecurityMonitoringRuleOptions(
+        detection_method=SecurityMonitoringRuleDetectionMethod.THIRD_PARTY,
+        keep_alive=SecurityMonitoringRuleKeepAlive.ZERO_MINUTES,
+        max_signal_duration=SecurityMonitoringRuleMaxSignalDuration.ZERO_MINUTES,
+        third_party_rule_options=SecurityMonitoringRuleThirdPartyOptions(
+            default_status=SecurityMonitoringRuleSeverity.INFO,
+            root_queries=[
+                SecurityMonitoringThirdPartyRootQuery(
+                    query="source:guardduty @details.alertType:*EC2*",
+                    group_by_fields=[
+                        "instance-id",
+                    ],
+                ),
+                SecurityMonitoringThirdPartyRootQuery(
+                    query="source:guardduty",
+                    group_by_fields=[],
+                ),
+            ],
+        ),
+    ),
+)
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.create_security_monitoring_rule(body=body)
+
+    print(response)

src/datadog_api_client/v2/model/security_monitoring_rule_create_payload.py

@@ -42,6 +42,9 @@ def __init__(self, **kwargs):
         :param tags: Tags for generated signals.
         :type tags: [str], optional
 
+        :param third_party_cases: Cases for generating signals from third party rules. Only available for third party rules.
+        :type third_party_cases: [SecurityMonitoringThirdPartyRuleCaseCreate], optional
+
         :param type: The rule type.
         :type type: SecurityMonitoringRuleTypeCreate, optional
 

src/datadog_api_client/v2/model/security_monitoring_rule_options.py

@@ -36,6 +36,9 @@
     from datadog_api_client.v2.model.security_monitoring_rule_new_value_options import (
         SecurityMonitoringRuleNewValueOptions,
     )
+    from datadog_api_client.v2.model.security_monitoring_rule_third_party_options import (
+        SecurityMonitoringRuleThirdPartyOptions,
+    )
 
 
 class SecurityMonitoringRuleOptions(ModelNormal):
@@ -63,6 +66,9 @@ def openapi_types(_):
         from datadog_api_client.v2.model.security_monitoring_rule_new_value_options import (
             SecurityMonitoringRuleNewValueOptions,
         )
+        from datadog_api_client.v2.model.security_monitoring_rule_third_party_options import (
+            SecurityMonitoringRuleThirdPartyOptions,
+        )
 
         return {
             "compliance_rule_options": (CloudConfigurationComplianceRuleOptions,),
@@ -74,6 +80,7 @@ def openapi_types(_):
             "keep_alive": (SecurityMonitoringRuleKeepAlive,),
             "max_signal_duration": (SecurityMonitoringRuleMaxSignalDuration,),
             "new_value_options": (SecurityMonitoringRuleNewValueOptions,),
+            "third_party_rule_options": (SecurityMonitoringRuleThirdPartyOptions,),
         }
 
     attribute_map = {
@@ -86,6 +93,7 @@ def openapi_types(_):
         "keep_alive": "keepAlive",
         "max_signal_duration": "maxSignalDuration",
         "new_value_options": "newValueOptions",
+        "third_party_rule_options": "thirdPartyRuleOptions",
     }
 
     def __init__(
@@ -99,6 +107,7 @@ def __init__(
         keep_alive: Union[SecurityMonitoringRuleKeepAlive, UnsetType] = unset,
         max_signal_duration: Union[SecurityMonitoringRuleMaxSignalDuration, UnsetType] = unset,
         new_value_options: Union[SecurityMonitoringRuleNewValueOptions, UnsetType] = unset,
+        third_party_rule_options: Union[SecurityMonitoringRuleThirdPartyOptions, UnsetType] = unset,
         **kwargs,
     ):
         """
@@ -136,6 +145,9 @@ def __init__(
 
         :param new_value_options: Options on new value rules.
         :type new_value_options: SecurityMonitoringRuleNewValueOptions, optional
+
+        :param third_party_rule_options: Options on third party rules.
+        :type third_party_rule_options: SecurityMonitoringRuleThirdPartyOptions, optional
         """
         if compliance_rule_options is not unset:
             kwargs["compliance_rule_options"] = compliance_rule_options
@@ -155,4 +167,6 @@ def __init__(
             kwargs["max_signal_duration"] = max_signal_duration
         if new_value_options is not unset:
             kwargs["new_value_options"] = new_value_options
+        if third_party_rule_options is not unset:
+            kwargs["third_party_rule_options"] = third_party_rule_options
         super().__init__(kwargs)

src/datadog_api_client/v2/model/security_monitoring_rule_response.py

@@ -63,6 +63,9 @@ def __init__(self, **kwargs):
         :param tags: Tags for generated signals.
         :type tags: [str], optional
 
+        :param third_party_cases: Cases for generating signals from third party rules. Only available for third party rules.
+        :type third_party_cases: [SecurityMonitoringThirdPartyRuleCase], optional
+
         :param type: The rule type.
         :type type: SecurityMonitoringRuleTypeRead, optional