DataDog · zippolyte · Dec 29, 2020 · Dec 29, 2020
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.4.1.dev2",
-            "regenerated": "2020-12-29 08:50:45.613296",
-            "spec_repo_commit": "2554c85"
+            "regenerated": "2020-12-29 12:58:47.131418",
+            "spec_repo_commit": "ca13c42"
         },
         "v2": {
             "apigentools_version": "1.4.1.dev2",
-            "regenerated": "2020-12-29 08:50:57.367519",
-            "spec_repo_commit": "2554c85"
+            "regenerated": "2020-12-29 12:58:58.467891",
+            "spec_repo_commit": "ca13c42"
         }
     }
 }
@@ -224,6 +224,8 @@ datadog_api_client/v2/model/role_update_response_data.py
 datadog_api_client/v2/model/roles_response.py
 datadog_api_client/v2/model/roles_sort.py
 datadog_api_client/v2/model/roles_type.py
+datadog_api_client/v2/model/security_monitoring_filter.py
+datadog_api_client/v2/model/security_monitoring_filter_action.py
 datadog_api_client/v2/model/security_monitoring_list_rules_response.py
 datadog_api_client/v2/model/security_monitoring_rule_case.py
 datadog_api_client/v2/model/security_monitoring_rule_case_create.py
@@ -492,6 +494,8 @@ docs/RolesResponse.md
 docs/RolesSort.md
 docs/RolesType.md
 docs/SecurityMonitoringApi.md
+docs/SecurityMonitoringFilter.md
+docs/SecurityMonitoringFilterAction.md
 docs/SecurityMonitoringListRulesResponse.md
 docs/SecurityMonitoringRuleCase.md
 docs/SecurityMonitoringRuleCaseCreate.md
@@ -758,6 +762,8 @@ test/test_roles_response.py
 test/test_roles_sort.py
 test/test_roles_type.py
 test/test_security_monitoring_api.py
+test/test_security_monitoring_filter.py
+test/test_security_monitoring_filter_action.py
 test/test_security_monitoring_list_rules_response.py
 test/test_security_monitoring_rule_case.py
 test/test_security_monitoring_rule_case_create.py

@@ -392,6 +392,8 @@ Class | Method | HTTP request | Description
  - [RolesResponse](RolesResponse.md)
  - [RolesSort](RolesSort.md)
  - [RolesType](RolesType.md)
+ - [SecurityMonitoringFilter](SecurityMonitoringFilter.md)
+ - [SecurityMonitoringFilterAction](SecurityMonitoringFilterAction.md)
  - [SecurityMonitoringListRulesResponse](SecurityMonitoringListRulesResponse.md)
  - [SecurityMonitoringRuleCase](SecurityMonitoringRuleCase.md)
  - [SecurityMonitoringRuleCaseCreate](SecurityMonitoringRuleCaseCreate.md)

@@ -60,6 +60,12 @@ with datadog_api_client.v2.ApiClient(configuration) as api_client:
     api_instance = security_monitoring_api.SecurityMonitoringApi(api_client)
     body = SecurityMonitoringRuleCreatePayload(
         cases=[],
+        filters=[
+            SecurityMonitoringFilter(
+                action=SecurityMonitoringFilterAction("require"),
+                query="query_example",
+            ),
+        ],
         is_enabled=True,
         message="",
         name="",
@@ -611,6 +617,12 @@ with datadog_api_client.v2.ApiClient(configuration) as api_client:
                 status=SecurityMonitoringRuleSeverity("info"),
             ),
         ],
+        filters=[
+            SecurityMonitoringFilter(
+                action=SecurityMonitoringFilterAction("require"),
+                query="query_example",
+            ),
+        ],
         is_enabled=True,
         message="message_example",
         name="name_example",

@@ -0,0 +1,12 @@
+# SecurityMonitoringFilter
+
+The rule's suppression filter.
+## Properties
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**action** | [**SecurityMonitoringFilterAction**](SecurityMonitoringFilterAction.md) |  | [optional] 
+**query** | **str** | Query for selecting logs to apply the filtering action. | [optional] 
+
+[[Back to Model list]](README.md#documentation-for-models) [[Back to API list]](README.md#documentation-for-api-endpoints) [[Back to README]](README.md)
+
+
@@ -0,0 +1,11 @@
+# SecurityMonitoringFilterAction
+
+The type of filtering action.
+## Properties
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**value** | **str** | The type of filtering action. |  must be one of ["require", "suppress", ]
+
+[[Back to Model list]](README.md#documentation-for-models) [[Back to API list]](README.md#documentation-for-api-endpoints) [[Back to README]](README.md)
+
+
@@ -10,6 +10,7 @@ Name | Type | Description | Notes
 **name** | **str** | The name of the rule. | 
 **options** | [**SecurityMonitoringRuleOptions**](SecurityMonitoringRuleOptions.md) |  | 
 **queries** | [**[SecurityMonitoringRuleQueryCreate]**](SecurityMonitoringRuleQueryCreate.md) | Queries for selecting logs which are part of the rule. | 
+**filters** | [**[SecurityMonitoringFilter]**](SecurityMonitoringFilter.md) | Additional queries to filter matched events before they are processed. | [optional] 
 **tags** | **[str]** | Tags for generated signals. | [optional] 
 
 [[Back to Model list]](README.md#documentation-for-models) [[Back to API list]](README.md#documentation-for-api-endpoints) [[Back to README]](README.md)

@@ -7,6 +7,7 @@ Name | Type | Description | Notes
 **cases** | [**[SecurityMonitoringRuleCase]**](SecurityMonitoringRuleCase.md) | Cases for generating signals. | [optional] 
 **created_at** | **int** | When the rule was created, timestamp in milliseconds. | [optional] 
 **creation_author_id** | **int** | User ID of the user who created the rule. | [optional] 
+**filters** | [**[SecurityMonitoringFilter]**](SecurityMonitoringFilter.md) | Additional queries to filter matched events before they are processed. | [optional] 
 **id** | **str** | The ID of the rule. | [optional] 
 **is_default** | **bool** | Whether the rule is included by default. | [optional] 
 **is_deleted** | **bool** | Whether the rule has been deleted. | [optional] 

@@ -5,6 +5,7 @@ Update an existing rule.
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **cases** | [**[SecurityMonitoringRuleCase]**](SecurityMonitoringRuleCase.md) | Cases for generating signals. | [optional] 
+**filters** | [**[SecurityMonitoringFilter]**](SecurityMonitoringFilter.md) | Additional queries to filter matched events before they are processed. | [optional] 
 **is_enabled** | **bool** | Whether the rule is enabled. | [optional] 
 **message** | **str** | Message for generated signals. | [optional] 
 **name** | **str** | Name of the rule. | [optional] 

@@ -0,0 +1,171 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+
+
+import re  # noqa: F401
+import sys  # noqa: F401
+
+import nulltype  # noqa: F401
+
+from datadog_api_client.v2.model_utils import (  # noqa: F401
+    ApiTypeError,
+    ModelComposed,
+    ModelNormal,
+    ModelSimple,
+    cached_property,
+    change_keys_js_to_python,
+    convert_js_args_to_python_args,
+    date,
+    datetime,
+    file_type,
+    none_type,
+    validate_get_composed_info,
+)
+
+def lazy_import():
+    from datadog_api_client.v2.model.security_monitoring_filter_action import SecurityMonitoringFilterAction
+    globals()['SecurityMonitoringFilterAction'] = SecurityMonitoringFilterAction
+
+
+class SecurityMonitoringFilter(ModelNormal):
+    """NOTE: This class is auto generated by OpenAPI Generator.
+    Ref: https://openapi-generator.tech
+
+    Do not edit the class manually.
+
+    Attributes:
+      allowed_values (dict): The key is the tuple path to the attribute
+          and the for var_name this is (var_name,). The value is a dict
+          with a capitalized key describing the allowed value and an allowed
+          value. These dicts store the allowed enum values.
+      attribute_map (dict): The key is attribute name
+          and the value is json key in definition.
+      discriminator_value_class_map (dict): A dict to go from the discriminator
+          variable value to the discriminator class name.
+      validations (dict): The key is the tuple path to the attribute
+          and the for var_name this is (var_name,). The value is a dict
+          that stores validations for max_length, min_length, max_items,
+          min_items, exclusive_maximum, inclusive_maximum, exclusive_minimum,
+          inclusive_minimum, and regex.
+      additional_properties_type (tuple): A tuple of classes accepted
+          as additional properties values.
+    """
+
+    allowed_values = {
+    }
+
+    validations = {
+    }
+
+    additional_properties_type = None
+
+    _nullable = False
+
+    @cached_property
+    def openapi_types():
+        """
+        This must be a method because a model may have properties that are
+        of type self, this must run after the class is loaded
+
+        Returns
+            openapi_types (dict): The key is attribute name
+                and the value is attribute type.
+        """
+        lazy_import()
+        return {
+            'action': (SecurityMonitoringFilterAction,),  # noqa: E501
+            'query': (str,),  # noqa: E501
+        }
+
+    @cached_property
+    def discriminator():
+        return None
+
+
+    attribute_map = {
+        'action': 'action',  # noqa: E501
+        'query': 'query',  # noqa: E501
+    }
+
+    _composed_schemas = {}
+
+    required_properties = set([
+        '_data_store',
+        '_check_type',
+        '_spec_property_naming',
+        '_path_to_item',
+        '_configuration',
+        '_visited_composed_classes',
+    ])
+
+    @convert_js_args_to_python_args
+    def __init__(self, *args, **kwargs):  # noqa: E501
+        """SecurityMonitoringFilter - a model defined in OpenAPI
+
+        Keyword Args:
+            _check_type (bool): if True, values for parameters in openapi_types
+                                will be type checked and a TypeError will be
+                                raised if the wrong type is input.
+                                Defaults to True
+            _path_to_item (tuple/list): This is a list of keys or values to
+                                drill down to the model in received_data
+                                when deserializing a response
+            _spec_property_naming (bool): True if the variable names in the input data
+                                are serialized names, as specified in the OpenAPI document.
+                                False if the variable names in the input data
+                                are pythonic names, e.g. snake case (default)
+            _configuration (Configuration): the instance to use when
+                                deserializing a file_type parameter.
+                                If passed, type conversion is attempted
+                                If omitted no type conversion is done.
+            _visited_composed_classes (tuple): This stores a tuple of
+                                classes that we have traveled through so that
+                                if we see that class again we will not use its
+                                discriminator again.
+                                When traveling through a discriminator, the
+                                composed schema that is
+                                is traveled through is added to this set.
+                                For example if Animal has a discriminator
+                                petType and we pass in "Dog", and the class Dog
+                                allOf includes Animal, we move through Animal
+                                once using the discriminator, and pick Dog.
+                                Then in Dog, we will make an instance of the
+                                Animal class but this time we won't travel
+                                through its discriminator because we passed in
+                                _visited_composed_classes = (Animal,)
+            action (SecurityMonitoringFilterAction): [optional]  # noqa: E501
+            query (str): Query for selecting logs to apply the filtering action.. [optional]  # noqa: E501
+        """
+
+        _check_type = kwargs.pop('_check_type', True)
+        _spec_property_naming = kwargs.pop('_spec_property_naming', False)
+        _path_to_item = kwargs.pop('_path_to_item', ())
+        _configuration = kwargs.pop('_configuration', None)
+        _visited_composed_classes = kwargs.pop('_visited_composed_classes', ())
+
+        if args:
+            raise ApiTypeError(
+                "Invalid positional arguments=%s passed to %s. Remove those invalid positional arguments." % (
+                    args,
+                    self.__class__.__name__,
+                ),
+                path_to_item=_path_to_item,
+                valid_classes=(self.__class__,),
+            )
+
+        self._data_store = {}
+        self._check_type = _check_type
+        self._spec_property_naming = _spec_property_naming
+        self._path_to_item = _path_to_item
+        self._configuration = _configuration
+        self._visited_composed_classes = _visited_composed_classes + (self.__class__,)
+
+        for var_name, var_value in kwargs.items():
+            if var_name not in self.attribute_map and \
+                        self._configuration is not None and \
+                        self._configuration.discard_unknown_keys and \
+                        self.additional_properties_type is None:
+                # discard variable.
+                continue
+            setattr(self, var_name, var_value)