DataDog · api-clients-generation-pipeline · Apr 10, 2024 · Apr 10, 2024 · Apr 10, 2024
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-04-09 18:05:43.533229",
-            "spec_repo_commit": "fc718bc2"
+            "regenerated": "2024-04-10 15:01:01.395898",
+            "spec_repo_commit": "7e61ac0f"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-04-09 18:05:43.550344",
-            "spec_repo_commit": "fc718bc2"
+            "regenerated": "2024-04-10 15:01:01.412691",
+            "spec_repo_commit": "7e61ac0f"
         }
     }
 }
@@ -18282,6 +18282,13 @@ components:
           type: integer
         creator:
           $ref: '#/components/schemas/SecurityMonitoringUser'
+        data_exclusion_query:
+          description: An exclusion query on the input data of the security rules,
+            which could be logs, Agent events, or other types of data based on the
+            security rule. Events matching this query are ignored by any detection
+            rules referenced in the suppression rule.
+          example: source:cloudtrail account_id:12345
+          type: string
         description:
           description: A description for the suppression rule.
           example: This rule suppresses low-severity signals in staging environments.
@@ -18330,6 +18337,13 @@ components:
       description: Object containing the attributes of the suppression rule to be
         created.
       properties:
+        data_exclusion_query:
+          description: An exclusion query on the input data of the security rules,
+            which could be logs, Agent events, or other types of data based on the
+            security rule. Events matching this query are ignored by any detection
+            rules referenced in the suppression rule.
+          example: source:cloudtrail account_id:12345
+          type: string
         description:
           description: A description for the suppression rule.
           example: This rule suppresses low-severity signals in staging environments.
@@ -18355,15 +18369,14 @@ components:
           type: string
         suppression_query:
           description: The suppression query of the suppression rule. If a signal
-            matches this query, it is suppressed and is not triggered . Same syntax
-            as the queries to search signals in the signal explorer.
+            matches this query, it is suppressed and is not triggered. It uses the
+            same syntax as the queries to search signals in the Signals Explorer.
           example: env:staging status:low
           type: string
       required:
       - name
       - enabled
       - rule_query
-      - suppression_query
       type: object
     SecurityMonitoringSuppressionCreateData:
       description: Object for a single suppression rule.
@@ -18407,6 +18420,13 @@ components:
     SecurityMonitoringSuppressionUpdateAttributes:
       description: The suppression rule properties to be updated.
       properties:
+        data_exclusion_query:
+          description: An exclusion query on the input data of the security rules,
+            which could be logs, Agent events, or other types of data based on the
+            security rule. Events matching this query are ignored by any detection
+            rules referenced in the suppression rule.
+          example: source:cloudtrail account_id:12345
+          type: string
         description:
           description: A description for the suppression rule.
           example: This rule suppresses low-severity signals in staging environments.

@@ -0,0 +1,37 @@
+"""
+Create a suppression rule with an exclusion query returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import (
+    SecurityMonitoringSuppressionCreateAttributes,
+)
+from datadog_api_client.v2.model.security_monitoring_suppression_create_data import (
+    SecurityMonitoringSuppressionCreateData,
+)
+from datadog_api_client.v2.model.security_monitoring_suppression_create_request import (
+    SecurityMonitoringSuppressionCreateRequest,
+)
+from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType
+
+body = SecurityMonitoringSuppressionCreateRequest(
+    data=SecurityMonitoringSuppressionCreateData(
+        attributes=SecurityMonitoringSuppressionCreateAttributes(
+            description="This rule suppresses low-severity signals in staging environments.",
+            enabled=True,
+            expiration_date=1703187336000,
+            name="Example-Security-Monitoring",
+            rule_query="type:log_detection source:cloudtrail",
+            data_exclusion_query="account_id:12345",
+        ),
+        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
+    ),
+)
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.create_security_monitoring_suppression(body=body)
+
+    print(response)
@@ -31,6 +31,7 @@ def openapi_types(_):
         return {
             "creation_date": (int,),
             "creator": (SecurityMonitoringUser,),
+            "data_exclusion_query": (str,),
             "description": (str,),
             "enabled": (bool,),
             "expiration_date": (int,),
@@ -45,6 +46,7 @@ def openapi_types(_):
     attribute_map = {
         "creation_date": "creation_date",
         "creator": "creator",
+        "data_exclusion_query": "data_exclusion_query",
         "description": "description",
         "enabled": "enabled",
         "expiration_date": "expiration_date",
@@ -60,6 +62,7 @@ def __init__(
         self_,
         creation_date: Union[int, UnsetType] = unset,
         creator: Union[SecurityMonitoringUser, UnsetType] = unset,
+        data_exclusion_query: Union[str, UnsetType] = unset,
         description: Union[str, UnsetType] = unset,
         enabled: Union[bool, UnsetType] = unset,
         expiration_date: Union[int, UnsetType] = unset,
@@ -80,6 +83,9 @@ def __init__(
         :param creator: A user.
         :type creator: SecurityMonitoringUser, optional
 
+        :param data_exclusion_query: An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.
+        :type data_exclusion_query: str, optional
+
         :param description: A description for the suppression rule.
         :type description: str, optional
 
@@ -111,6 +117,8 @@ def __init__(
             kwargs["creation_date"] = creation_date
         if creator is not unset:
             kwargs["creator"] = creator
+        if data_exclusion_query is not unset:
+            kwargs["data_exclusion_query"] = data_exclusion_query
         if description is not unset:
             kwargs["description"] = description
         if enabled is not unset:

@@ -17,6 +17,7 @@ class SecurityMonitoringSuppressionCreateAttributes(ModelNormal):
     @cached_property
     def openapi_types(_):
         return {
+            "data_exclusion_query": (str,),
             "description": (str,),
             "enabled": (bool,),
             "expiration_date": (int,),
@@ -26,6 +27,7 @@ def openapi_types(_):
         }
 
     attribute_map = {
+        "data_exclusion_query": "data_exclusion_query",
         "description": "description",
         "enabled": "enabled",
         "expiration_date": "expiration_date",
@@ -39,14 +41,18 @@ def __init__(
         enabled: bool,
         name: str,
         rule_query: str,
-        suppression_query: str,
+        data_exclusion_query: Union[str, UnsetType] = unset,
         description: Union[str, UnsetType] = unset,
         expiration_date: Union[int, UnsetType] = unset,
+        suppression_query: Union[str, UnsetType] = unset,
         **kwargs,
     ):
         """
         Object containing the attributes of the suppression rule to be created.
 
+        :param data_exclusion_query: An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.
+        :type data_exclusion_query: str, optional
+
         :param description: A description for the suppression rule.
         :type description: str, optional
 
@@ -62,16 +68,19 @@ def __init__(
         :param rule_query: The rule query of the suppression rule, with the same syntax as the search bar for detection rules.
         :type rule_query: str
 
-        :param suppression_query: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered . Same syntax as the queries to search signals in the signal explorer.
-        :type suppression_query: str
+        :param suppression_query: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer.
+        :type suppression_query: str, optional
         """
+        if data_exclusion_query is not unset:
+            kwargs["data_exclusion_query"] = data_exclusion_query
         if description is not unset:
             kwargs["description"] = description
         if expiration_date is not unset:
             kwargs["expiration_date"] = expiration_date
+        if suppression_query is not unset:
+            kwargs["suppression_query"] = suppression_query
         super().__init__(kwargs)
 
         self_.enabled = enabled
         self_.name = name
         self_.rule_query = rule_query
-        self_.suppression_query = suppression_query
@@ -24,6 +24,7 @@ class SecurityMonitoringSuppressionUpdateAttributes(ModelNormal):
     @cached_property
     def openapi_types(_):
         return {
+            "data_exclusion_query": (str,),
             "description": (str,),
             "enabled": (bool,),
             "expiration_date": (int, none_type),
@@ -34,6 +35,7 @@ def openapi_types(_):
         }
 
     attribute_map = {
+        "data_exclusion_query": "data_exclusion_query",
         "description": "description",
         "enabled": "enabled",
         "expiration_date": "expiration_date",
@@ -45,6 +47,7 @@ def openapi_types(_):
 
     def __init__(
         self_,
+        data_exclusion_query: Union[str, UnsetType] = unset,
         description: Union[str, UnsetType] = unset,
         enabled: Union[bool, UnsetType] = unset,
         expiration_date: Union[int, none_type, UnsetType] = unset,
@@ -57,6 +60,9 @@ def __init__(
         """
         The suppression rule properties to be updated.
 
+        :param data_exclusion_query: An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.
+        :type data_exclusion_query: str, optional
+
         :param description: A description for the suppression rule.
         :type description: str, optional
 
@@ -78,6 +84,8 @@ def __init__(
         :param version: The current version of the suppression. This is optional, but it can help prevent concurrent modifications.
         :type version: int, optional
         """
+        if data_exclusion_query is not unset:
+            kwargs["data_exclusion_query"] = data_exclusion_query
         if description is not unset:
             kwargs["description"] = description
         if enabled is not unset:

@@ -1 +1 @@
-2024-01-11T10:06:23.179Z
+2024-04-08T09:56:58.589Z
@@ -1,7 +1,7 @@
 interactions:
 - request:
     body: '{"data":{"attributes":{"description":"This rule suppresses low-severity
-      signals in staging environments.","enabled":true,"expiration_date":1703187336000,"name":"Test-Create_a_suppression_rule_returns_OK_response-1704967583","rule_query":"type:log_detection
+      signals in staging environments.","enabled":true,"expiration_date":1703187336000,"name":"Test-Create_a_suppression_rule_returns_OK_response-1712570218","rule_query":"type:log_detection
       source:cloudtrail","suppression_query":"env:staging status:low"},"type":"suppressions"}}'
     headers:
       accept:
@@ -12,9 +12,9 @@ interactions:
     uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions
   response:
     body:
-      string: '{"data":{"id":"5sx-nhj-htc","attributes":{"name":"Test-Create_a_suppression_rule_returns_OK_response-1704967583","enabled":true,"description":"This
+      string: '{"data":{"id":"mu8-qje-pys","attributes":{"name":"Test-Create_a_suppression_rule_returns_OK_response-1712570218","enabled":true,"description":"This
         rule suppresses low-severity signals in staging environments.","rule_query":"type:log_detection
-        source:cloudtrail","suppression_query":"env:staging status:low","expiration_date":1703187336000,"version":1,"creation_date":1704967583506,"update_date":1704967583506,"creator":{"name":null,"handle":"[email protected]"},"updater":{"name":null,"handle":"[email protected]"}},"type":"suppressions"}}
+        source:cloudtrail","suppression_query":"env:staging status:low","log_exclusion_query":"","data_exclusion_query":"","expiration_date":1703187336000,"version":1,"creation_date":1712570219298,"update_date":1712570219298,"creator":{"name":null,"handle":"[email protected]"},"updater":{"name":null,"handle":"[email protected]"}},"type":"suppressions"}}
 
         '
     headers:
@@ -29,7 +29,7 @@ interactions:
       accept:
       - '*/*'
     method: DELETE
-    uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/5sx-nhj-htc
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/mu8-qje-pys
   response:
     body:
       string: ''

@@ -0,0 +1 @@
+2024-04-08T09:57:01.815Z
@@ -0,0 +1,42 @@
+interactions:
+- request:
+    body: '{"data":{"attributes":{"data_exclusion_query":"account_id:12345","description":"This
+      rule suppresses low-severity signals in staging environments.","enabled":true,"expiration_date":1703187336000,"name":"Test-Create_a_suppression_rule_with_an_exclusion_query_returns_OK_response-1712570221","rule_query":"type:log_detection
+      source:cloudtrail"},"type":"suppressions"}}'
+    headers:
+      accept:
+      - application/json
+      content-type:
+      - application/json
+    method: POST
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions
+  response:
+    body:
+      string: '{"data":{"id":"2dj-cxs-dg6","attributes":{"name":"Test-Create_a_suppression_rule_with_an_exclusion_query_returns_OK_response-1712570221","enabled":true,"description":"This
+        rule suppresses low-severity signals in staging environments.","rule_query":"type:log_detection
+        source:cloudtrail","suppression_query":"","log_exclusion_query":"account_id:12345","data_exclusion_query":"account_id:12345","expiration_date":1703187336000,"version":1,"creation_date":1712570222285,"update_date":1712570222285,"creator":{"name":null,"handle":"[email protected]"},"updater":{"name":null,"handle":"[email protected]"}},"type":"suppressions"}}
+
+        '
+    headers:
+      content-type:
+      - application/json
+    status:
+      code: 200
+      message: OK
+- request:
+    body: null
+    headers:
+      accept:
+      - '*/*'
+    method: DELETE
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/2dj-cxs-dg6
+  response:
+    body:
+      string: ''
+    headers:
+      content-type:
+      - text/html; charset=utf-8
+    status:
+      code: 204
+      message: No Content
+version: 1
@@ -1 +1 @@
-2024-01-11T10:06:31.876Z
+2024-04-08T09:57:31.186Z
@@ -1,6 +1,6 @@
 interactions:
 - request:
-    body: '{"data":{"attributes":{"description":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","enabled":true,"name":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","rule_query":"source:cloudtrail","suppression_query":"env:test"},"type":"suppressions"}}'
+    body: '{"data":{"attributes":{"description":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","enabled":true,"name":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","rule_query":"source:cloudtrail","suppression_query":"env:test"},"type":"suppressions"}}'
     headers:
       accept:
       - application/json
@@ -10,7 +10,7 @@ interactions:
     uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions
   response:
     body:
-      string: '{"data":{"id":"vac-d9u-mmr","attributes":{"name":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","enabled":true,"description":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","rule_query":"source:cloudtrail","suppression_query":"env:test","version":1,"creation_date":1704967592204,"update_date":1704967592204,"creator":{"name":null,"handle":"[email protected]"},"updater":{"name":null,"handle":"[email protected]"}},"type":"suppressions"}}
+      string: '{"data":{"id":"zrh-zwa-bgu","attributes":{"name":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","enabled":true,"description":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","rule_query":"source:cloudtrail","suppression_query":"env:test","log_exclusion_query":"","data_exclusion_query":"","version":1,"creation_date":1712570252683,"update_date":1712570252683,"creator":{"name":null,"handle":"[email protected]"},"updater":{"name":null,"handle":"[email protected]"}},"type":"suppressions"}}
 
         '
     headers:
@@ -25,10 +25,10 @@ interactions:
       accept:
       - application/json
     method: GET
-    uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/vac-d9u-mmr
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/zrh-zwa-bgu
   response:
     body:
-      string: '{"data":{"id":"vac-d9u-mmr","attributes":{"name":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","enabled":true,"description":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","rule_query":"source:cloudtrail","suppression_query":"env:test","version":1,"creation_date":1704967592204,"update_date":1704967592204,"creator":{"name":null,"handle":"[email protected]"},"updater":{"name":null,"handle":"[email protected]"}},"type":"suppressions"}}
+      string: '{"data":{"id":"zrh-zwa-bgu","attributes":{"name":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","enabled":true,"description":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","rule_query":"source:cloudtrail","suppression_query":"env:test","log_exclusion_query":"","data_exclusion_query":"","version":1,"creation_date":1712570252683,"update_date":1712570252683,"creator":{"name":null,"handle":"[email protected]"},"updater":{"name":null,"handle":"[email protected]"}},"type":"suppressions"}}
 
         '
     headers:
@@ -43,7 +43,7 @@ interactions:
       accept:
       - '*/*'
     method: DELETE
-    uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/vac-d9u-mmr
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/zrh-zwa-bgu
   response:
     body:
       string: ''

@@ -1 +1 @@
-2024-01-11T10:06:37.000Z
+2024-04-08T09:57:43.431Z