DataDog · api-clients-generation-pipeline · Jul 20, 2023 · Jul 20, 2023
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.5",
-            "regenerated": "2023-07-19 18:05:01.077070",
-            "spec_repo_commit": "e9066fe1"
+            "regenerated": "2023-07-20 14:24:44.624557",
+            "spec_repo_commit": "878f93fe"
         },
         "v2": {
             "apigentools_version": "1.6.5",
-            "regenerated": "2023-07-19 18:05:01.093411",
-            "spec_repo_commit": "e9066fe1"
+            "regenerated": "2023-07-20 14:24:44.636983",
+            "spec_repo_commit": "878f93fe"
         }
     }
 }
@@ -2696,6 +2696,12 @@ components:
           type: array
         complianceSignalOptions:
           $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
+        filters:
+          description: Additional queries to filter matched events before they are
+            processed.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringFilter'
+          type: array
         isEnabled:
           description: Whether the rule is enabled.
           example: true

@@ -15,6 +15,8 @@
 from datadog_api_client.v2.model.cloud_configuration_rule_create_payload import CloudConfigurationRuleCreatePayload
 from datadog_api_client.v2.model.cloud_configuration_rule_options import CloudConfigurationRuleOptions
 from datadog_api_client.v2.model.cloud_configuration_rule_type import CloudConfigurationRuleType
+from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter
+from datadog_api_client.v2.model.security_monitoring_filter_action import SecurityMonitoringFilterAction
 from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
 
 body = CloudConfigurationRuleCreatePayload(
@@ -51,6 +53,16 @@
             "@account_id",
         ],
     ),
+    filters=[
+        SecurityMonitoringFilter(
+            action=SecurityMonitoringFilterAction.REQUIRE,
+            query="resource_id:helo*",
+        ),
+        SecurityMonitoringFilter(
+            action=SecurityMonitoringFilterAction.SUPPRESS,
+            query="control:helo*",
+        ),
+    ],
 )
 
 configuration = Configuration()

@@ -18,6 +18,7 @@
     from datadog_api_client.v2.model.cloud_configuration_rule_compliance_signal_options import (
         CloudConfigurationRuleComplianceSignalOptions,
     )
+    from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter
     from datadog_api_client.v2.model.cloud_configuration_rule_options import CloudConfigurationRuleOptions
     from datadog_api_client.v2.model.cloud_configuration_rule_type import CloudConfigurationRuleType
 
@@ -29,12 +30,14 @@ def openapi_types(_):
         from datadog_api_client.v2.model.cloud_configuration_rule_compliance_signal_options import (
             CloudConfigurationRuleComplianceSignalOptions,
         )
+        from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter
         from datadog_api_client.v2.model.cloud_configuration_rule_options import CloudConfigurationRuleOptions
         from datadog_api_client.v2.model.cloud_configuration_rule_type import CloudConfigurationRuleType
 
         return {
             "cases": ([CloudConfigurationRuleCaseCreate],),
             "compliance_signal_options": (CloudConfigurationRuleComplianceSignalOptions,),
+            "filters": ([SecurityMonitoringFilter],),
             "is_enabled": (bool,),
             "message": (str,),
             "name": (str,),
@@ -46,6 +49,7 @@ def openapi_types(_):
     attribute_map = {
         "cases": "cases",
         "compliance_signal_options": "complianceSignalOptions",
+        "filters": "filters",
         "is_enabled": "isEnabled",
         "message": "message",
         "name": "name",
@@ -62,6 +66,7 @@ def __init__(
         message: str,
         name: str,
         options: CloudConfigurationRuleOptions,
+        filters: Union[List[SecurityMonitoringFilter], UnsetType] = unset,
         tags: Union[List[str], UnsetType] = unset,
         type: Union[CloudConfigurationRuleType, UnsetType] = unset,
         **kwargs,
@@ -75,6 +80,9 @@ def __init__(
         :param compliance_signal_options: How to generate compliance signals. Useful for cloud_configuration rules only.
         :type compliance_signal_options: CloudConfigurationRuleComplianceSignalOptions
 
+        :param filters: Additional queries to filter matched events before they are processed.
+        :type filters: [SecurityMonitoringFilter], optional
+
         :param is_enabled: Whether the rule is enabled.
         :type is_enabled: bool
 
@@ -93,6 +101,8 @@ def __init__(
         :param type: The rule type.
         :type type: CloudConfigurationRuleType, optional
         """
+        if filters is not unset:
+            kwargs["filters"] = filters
         if tags is not unset:
             kwargs["tags"] = tags
         if type is not unset:

@@ -1 +1 @@
-2022-12-16T18:53:53.418Z
+2023-07-20T12:27:33.661Z
@@ -1,6 +1,6 @@
 interactions:
 - request:
-    body: '{"cases":[{"notifications":["channel"],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"isEnabled":false,"message":"ddd","name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1671216833_cloud","options":{"complianceRuleOptions":{"complexRule":false,"regoRule":{"policy":"package
+    body: '{"cases":[{"notifications":["channel"],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"filters":[{"action":"require","query":"resource_id:helo*"},{"action":"suppress","query":"control:helo*"}],"isEnabled":false,"message":"ddd","name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1689856053_cloud","options":{"complianceRuleOptions":{"complexRule":false,"regoRule":{"policy":"package
       datadog\n","resourceTypes":["gcp_compute_disk"]},"resourceType":"gcp_compute_disk"}},"tags":["my:tag"],"type":"cloud_configuration"}'
     headers:
       accept:
@@ -11,9 +11,9 @@ interactions:
     uri: https://api.datadoghq.com/api/v2/security_monitoring/rules
   response:
     body:
-      string: '{"creationAuthorId":1445416,"tags":["my:tag"],"type":"cloud_configuration","isEnabled":false,"hasExtendedTitle":true,"message":"ddd","options":{"detectionMethod":"threshold","evaluationWindow":7200,"maxSignalDuration":86400,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package
-        datadog\n","resourceTypes":["gcp_compute_disk"]},"complexRule":false},"keepAlive":21600},"version":1,"createdAt":1671216834196,"filters":[],"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"aggregation":"count","name":"a","distinctFields":[]}],"isDeleted":false,"complianceSignalOptions":{"defaultActivationStatus":null,"userActivationStatus":true,"defaultGroupByFields":null,"userGroupByFields":["@account_id"]},"cases":[{"status":"info","notifications":["channel"],"name":"","condition":"a
-        > 0"}],"id":"fat-bma-9yo","isDefault":false,"name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1671216833_cloud"}
+      string: '{"id":"rmr-xkf-scr","version":1,"name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1689856053_cloud","createdAt":1689856054469,"creationAuthorId":1445416,"isDefault":false,"isEnabled":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package
+        datadog\n","resourceTypes":["gcp_compute_disk"]},"complexRule":false}},"complianceSignalOptions":{"defaultActivationStatus":null,"defaultGroupByFields":null,"userActivationStatus":true,"userGroupByFields":["@account_id"]},"cases":[{"condition":"a
+        > 0","name":"","status":"info","notifications":["channel"]}],"message":"ddd","tags":["my:tag"],"hasExtendedTitle":true,"type":"cloud_configuration","filters":[{"action":"require","query":"resource_id:helo*"},{"action":"suppress","query":"control:helo*"}]}
 
         '
     headers:
@@ -28,7 +28,7 @@ interactions:
       accept:
       - '*/*'
     method: DELETE
-    uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/fat-bma-9yo
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/rmr-xkf-scr
   response:
     body:
       string: ''

@@ -58,7 +58,7 @@ Feature: Security Monitoring
   @team:DataDog/k9-cloud-security-platform
   Scenario: Create a cloud_configuration rule returns "OK" response
     Given new "CreateSecurityMonitoringRule" request
-    And body with value {"type":"cloud_configuration","name":"{{ unique }}_cloud","isEnabled":false,"cases":[{"status":"info","notifications":["channel"]}],"options":{"complianceRuleOptions":{"resourceType":"gcp_compute_disk","complexRule": false,"regoRule":{"policy":"package datadog\n","resourceTypes":["gcp_compute_disk"]}}},"message":"ddd","tags":["my:tag"],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]}}
+    And body with value {"type":"cloud_configuration","name":"{{ unique }}_cloud","isEnabled":false,"cases":[{"status":"info","notifications":["channel"]}],"options":{"complianceRuleOptions":{"resourceType":"gcp_compute_disk","complexRule": false,"regoRule":{"policy":"package datadog\n","resourceTypes":["gcp_compute_disk"]}}},"message":"ddd","tags":["my:tag"],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"filters":[{"action":"require","query":"resource_id:helo*"},{"action":"suppress","query":"control:helo*"}]}
     When the request is sent
     Then the response status is 200 OK
     And the response "name" is equal to "{{ unique }}_cloud"