diff --git a/.apigentools-info b/.apigentools-info index 24ef9f956a..825a757630 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2024-09-30 14:37:33.886944", - "spec_repo_commit": "60bc9127" + "regenerated": "2024-09-30 19:44:29.650607", + "spec_repo_commit": "909e369c" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2024-09-30 14:37:33.900686", - "spec_repo_commit": "60bc9127" + "regenerated": "2024-09-30 19:44:29.664206", + "spec_repo_commit": "909e369c" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index fc61f2c6e4..ce325fb628 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -19089,6 +19089,25 @@ components: meta: $ref: '#/components/schemas/ResponseMetaAttributes' type: object + SecurityMonitoringReferenceTable: + description: Reference table for the rule. + properties: + checkPresence: + description: Whether to include or exclude the matched values. + type: boolean + columnName: + description: The name of the column in the reference table. + type: string + logFieldPath: + description: The field in the log to match against the reference table. + type: string + ruleQueryName: + description: The name of the rule query to apply the reference table to. + type: string + tableName: + description: The name of the reference table. + type: string + type: object SecurityMonitoringRuleCase: description: Case when signal is generated. properties: @@ -19594,6 +19613,11 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringRuleQuery' type: array + referenceTables: + description: Reference tables for the rule. + items: + $ref: '#/components/schemas/SecurityMonitoringReferenceTable' + type: array tags: description: Tags for generated signals. items: @@ -20298,6 +20322,11 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array + referenceTables: + description: Reference tables for the rule. + items: + $ref: '#/components/schemas/SecurityMonitoringReferenceTable' + type: array tags: description: Tags for generated signals. example: @@ -20365,6 +20394,11 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array + referenceTables: + description: Reference tables for the rule. + items: + $ref: '#/components/schemas/SecurityMonitoringReferenceTable' + type: array tags: description: Tags for generated signals. example: @@ -20505,6 +20539,11 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array + referenceTables: + description: Reference tables for the rule. + items: + $ref: '#/components/schemas/SecurityMonitoringReferenceTable' + type: array tags: description: Tags for generated signals. items: @@ -20569,6 +20608,11 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array + referenceTables: + description: Reference tables for the rule. + items: + $ref: '#/components/schemas/SecurityMonitoringReferenceTable' + type: array tags: description: Tags for generated signals. example: diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index 796e717bc1..75f3bdab4b 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -8488,6 +8488,13 @@ datadog\_api\_client.v2.model.security\_monitoring\_list\_rules\_response module :members: :show-inheritance: +datadog\_api\_client.v2.model.security\_monitoring\_reference\_table module +--------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_reference_table + :members: + :show-inheritance: + datadog\_api\_client.v2.model.security\_monitoring\_rule\_case module --------------------------------------------------------------------- diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule.py b/examples/v2/security-monitoring/CreateSecurityMonitoringRule.py index b4931a61c0..054efdd701 100644 --- a/examples/v2/security-monitoring/CreateSecurityMonitoringRule.py +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule.py @@ -4,6 +4,7 @@ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi +from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import ( SecurityMonitoringRuleEvaluationWindow, @@ -52,6 +53,15 @@ tags=[], is_enabled=True, type=SecurityMonitoringRuleTypeCreate.LOG_DETECTION, + reference_tables=[ + SecurityMonitoringReferenceTable( + table_name="synthetics_test_reference_table_dont_delete", + column_name="value", + log_field_path="testtag", + check_presence=True, + rule_query_name="a", + ), + ], ) configuration = Configuration() diff --git a/src/datadog_api_client/v2/model/security_monitoring_reference_table.py b/src/datadog_api_client/v2/model/security_monitoring_reference_table.py new file mode 100644 index 0000000000..5d5071d1c6 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_reference_table.py @@ -0,0 +1,72 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +class SecurityMonitoringReferenceTable(ModelNormal): + @cached_property + def openapi_types(_): + return { + "check_presence": (bool,), + "column_name": (str,), + "log_field_path": (str,), + "rule_query_name": (str,), + "table_name": (str,), + } + + attribute_map = { + "check_presence": "checkPresence", + "column_name": "columnName", + "log_field_path": "logFieldPath", + "rule_query_name": "ruleQueryName", + "table_name": "tableName", + } + + def __init__( + self_, + check_presence: Union[bool, UnsetType] = unset, + column_name: Union[str, UnsetType] = unset, + log_field_path: Union[str, UnsetType] = unset, + rule_query_name: Union[str, UnsetType] = unset, + table_name: Union[str, UnsetType] = unset, + **kwargs, + ): + """ + Reference table for the rule. + + :param check_presence: Whether to include or exclude the matched values. + :type check_presence: bool, optional + + :param column_name: The name of the column in the reference table. + :type column_name: str, optional + + :param log_field_path: The field in the log to match against the reference table. + :type log_field_path: str, optional + + :param rule_query_name: The name of the rule query to apply the reference table to. + :type rule_query_name: str, optional + + :param table_name: The name of the reference table. + :type table_name: str, optional + """ + if check_presence is not unset: + kwargs["check_presence"] = check_presence + if column_name is not unset: + kwargs["column_name"] = column_name + if log_field_path is not unset: + kwargs["log_field_path"] = log_field_path + if rule_query_name is not unset: + kwargs["rule_query_name"] = rule_query_name + if table_name is not unset: + kwargs["table_name"] = table_name + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_convert_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_convert_payload.py index 55da815f2e..513e35df45 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_rule_convert_payload.py +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_convert_payload.py @@ -39,6 +39,9 @@ def __init__(self, **kwargs): :param queries: Queries for selecting logs which are part of the rule. :type queries: [SecurityMonitoringStandardRuleQuery] + :param reference_tables: Reference tables for the rule. + :type reference_tables: [SecurityMonitoringReferenceTable], optional + :param tags: Tags for generated signals. :type tags: [str], optional diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_create_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_create_payload.py index 08f7412f65..b99299e42e 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_rule_create_payload.py +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_create_payload.py @@ -39,6 +39,9 @@ def __init__(self, **kwargs): :param queries: Queries for selecting logs which are part of the rule. :type queries: [SecurityMonitoringStandardRuleQuery] + :param reference_tables: Reference tables for the rule. + :type reference_tables: [SecurityMonitoringReferenceTable], optional + :param tags: Tags for generated signals. :type tags: [str], optional diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_response.py b/src/datadog_api_client/v2/model/security_monitoring_rule_response.py index df2b56e444..85c053adf3 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_rule_response.py +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_response.py @@ -63,6 +63,9 @@ def __init__(self, **kwargs): :param queries: Queries for selecting logs which are part of the rule. :type queries: [SecurityMonitoringStandardRuleQuery], optional + :param reference_tables: Reference tables for the rule. + :type reference_tables: [SecurityMonitoringReferenceTable], optional + :param tags: Tags for generated signals. :type tags: [str], optional diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_test_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_test_payload.py index a9d182480b..946108110d 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_rule_test_payload.py +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_test_payload.py @@ -39,6 +39,9 @@ def __init__(self, **kwargs): :param queries: Queries for selecting logs which are part of the rule. :type queries: [SecurityMonitoringStandardRuleQuery] + :param reference_tables: Reference tables for the rule. + :type reference_tables: [SecurityMonitoringReferenceTable], optional + :param tags: Tags for generated signals. :type tags: [str], optional diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_update_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_update_payload.py index ecfc1ca803..e40e68f359 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_rule_update_payload.py +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_update_payload.py @@ -21,6 +21,7 @@ from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions from datadog_api_client.v2.model.security_monitoring_rule_query import SecurityMonitoringRuleQuery + from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case import ( SecurityMonitoringThirdPartyRuleCase, ) @@ -44,6 +45,7 @@ def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions from datadog_api_client.v2.model.security_monitoring_rule_query import SecurityMonitoringRuleQuery + from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case import ( SecurityMonitoringThirdPartyRuleCase, ) @@ -58,6 +60,7 @@ def openapi_types(_): "name": (str,), "options": (SecurityMonitoringRuleOptions,), "queries": ([SecurityMonitoringRuleQuery],), + "reference_tables": ([SecurityMonitoringReferenceTable],), "tags": ([str],), "third_party_cases": ([SecurityMonitoringThirdPartyRuleCase],), "version": (int,), @@ -73,6 +76,7 @@ def openapi_types(_): "name": "name", "options": "options", "queries": "queries", + "reference_tables": "referenceTables", "tags": "tags", "third_party_cases": "thirdPartyCases", "version": "version", @@ -96,6 +100,7 @@ def __init__( ], UnsetType, ] = unset, + reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset, tags: Union[List[str], UnsetType] = unset, third_party_cases: Union[List[SecurityMonitoringThirdPartyRuleCase], UnsetType] = unset, version: Union[int, UnsetType] = unset, @@ -131,6 +136,9 @@ def __init__( :param queries: Queries for selecting logs which are part of the rule. :type queries: [SecurityMonitoringRuleQuery], optional + :param reference_tables: Reference tables for the rule. + :type reference_tables: [SecurityMonitoringReferenceTable], optional + :param tags: Tags for generated signals. :type tags: [str], optional @@ -158,6 +166,8 @@ def __init__( kwargs["options"] = options if queries is not unset: kwargs["queries"] = queries + if reference_tables is not unset: + kwargs["reference_tables"] = reference_tables if tags is not unset: kwargs["tags"] = tags if third_party_cases is not unset: diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_validate_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_validate_payload.py index 42e5e36231..5854abc525 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_rule_validate_payload.py +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_validate_payload.py @@ -39,6 +39,9 @@ def __init__(self, **kwargs): :param queries: Queries for selecting logs which are part of the rule. :type queries: [SecurityMonitoringStandardRuleQuery] + :param reference_tables: Reference tables for the rule. + :type reference_tables: [SecurityMonitoringReferenceTable], optional + :param tags: Tags for generated signals. :type tags: [str], optional diff --git a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_create_payload.py b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_create_payload.py index 267395a2d9..88db2df6cf 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_create_payload.py +++ b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_create_payload.py @@ -18,6 +18,7 @@ from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery + from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, ) @@ -33,6 +34,7 @@ def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_standard_rule_query import ( SecurityMonitoringStandardRuleQuery, ) + from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, ) @@ -47,6 +49,7 @@ def openapi_types(_): "name": (str,), "options": (SecurityMonitoringRuleOptions,), "queries": ([SecurityMonitoringStandardRuleQuery],), + "reference_tables": ([SecurityMonitoringReferenceTable],), "tags": ([str],), "third_party_cases": ([SecurityMonitoringThirdPartyRuleCaseCreate],), "type": (SecurityMonitoringRuleTypeCreate,), @@ -61,6 +64,7 @@ def openapi_types(_): "name": "name", "options": "options", "queries": "queries", + "reference_tables": "referenceTables", "tags": "tags", "third_party_cases": "thirdPartyCases", "type": "type", @@ -76,6 +80,7 @@ def __init__( queries: List[SecurityMonitoringStandardRuleQuery], filters: Union[List[SecurityMonitoringFilter], UnsetType] = unset, has_extended_title: Union[bool, UnsetType] = unset, + reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset, tags: Union[List[str], UnsetType] = unset, third_party_cases: Union[List[SecurityMonitoringThirdPartyRuleCaseCreate], UnsetType] = unset, type: Union[SecurityMonitoringRuleTypeCreate, UnsetType] = unset, @@ -108,6 +113,9 @@ def __init__( :param queries: Queries for selecting logs which are part of the rule. :type queries: [SecurityMonitoringStandardRuleQuery] + :param reference_tables: Reference tables for the rule. + :type reference_tables: [SecurityMonitoringReferenceTable], optional + :param tags: Tags for generated signals. :type tags: [str], optional @@ -121,6 +129,8 @@ def __init__( kwargs["filters"] = filters if has_extended_title is not unset: kwargs["has_extended_title"] = has_extended_title + if reference_tables is not unset: + kwargs["reference_tables"] = reference_tables if tags is not unset: kwargs["tags"] = tags if third_party_cases is not unset: diff --git a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_payload.py b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_payload.py index d90b7e5c31..b85a3089b8 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_payload.py +++ b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_payload.py @@ -18,6 +18,7 @@ from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery + from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, ) @@ -33,6 +34,7 @@ def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_standard_rule_query import ( SecurityMonitoringStandardRuleQuery, ) + from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, ) @@ -47,6 +49,7 @@ def openapi_types(_): "name": (str,), "options": (SecurityMonitoringRuleOptions,), "queries": ([SecurityMonitoringStandardRuleQuery],), + "reference_tables": ([SecurityMonitoringReferenceTable],), "tags": ([str],), "third_party_cases": ([SecurityMonitoringThirdPartyRuleCaseCreate],), "type": (SecurityMonitoringRuleTypeCreate,), @@ -61,6 +64,7 @@ def openapi_types(_): "name": "name", "options": "options", "queries": "queries", + "reference_tables": "referenceTables", "tags": "tags", "third_party_cases": "thirdPartyCases", "type": "type", @@ -76,6 +80,7 @@ def __init__( queries: List[SecurityMonitoringStandardRuleQuery], filters: Union[List[SecurityMonitoringFilter], UnsetType] = unset, has_extended_title: Union[bool, UnsetType] = unset, + reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset, tags: Union[List[str], UnsetType] = unset, third_party_cases: Union[List[SecurityMonitoringThirdPartyRuleCaseCreate], UnsetType] = unset, type: Union[SecurityMonitoringRuleTypeCreate, UnsetType] = unset, @@ -108,6 +113,9 @@ def __init__( :param queries: Queries for selecting logs which are part of the rule. :type queries: [SecurityMonitoringStandardRuleQuery] + :param reference_tables: Reference tables for the rule. + :type reference_tables: [SecurityMonitoringReferenceTable], optional + :param tags: Tags for generated signals. :type tags: [str], optional @@ -121,6 +129,8 @@ def __init__( kwargs["filters"] = filters if has_extended_title is not unset: kwargs["has_extended_title"] = has_extended_title + if reference_tables is not unset: + kwargs["reference_tables"] = reference_tables if tags is not unset: kwargs["tags"] = tags if third_party_cases is not unset: diff --git a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_response.py b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_response.py index b2ede3a13f..fd460c21bf 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_response.py +++ b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_response.py @@ -21,6 +21,7 @@ from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery + from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case import ( SecurityMonitoringThirdPartyRuleCase, ) @@ -39,6 +40,7 @@ def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_standard_rule_query import ( SecurityMonitoringStandardRuleQuery, ) + from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case import ( SecurityMonitoringThirdPartyRuleCase, ) @@ -61,6 +63,7 @@ def openapi_types(_): "name": (str,), "options": (SecurityMonitoringRuleOptions,), "queries": ([SecurityMonitoringStandardRuleQuery],), + "reference_tables": ([SecurityMonitoringReferenceTable],), "tags": ([str],), "third_party_cases": ([SecurityMonitoringThirdPartyRuleCase],), "type": (SecurityMonitoringRuleTypeRead,), @@ -85,6 +88,7 @@ def openapi_types(_): "name": "name", "options": "options", "queries": "queries", + "reference_tables": "referenceTables", "tags": "tags", "third_party_cases": "thirdPartyCases", "type": "type", @@ -110,6 +114,7 @@ def __init__( name: Union[str, UnsetType] = unset, options: Union[SecurityMonitoringRuleOptions, UnsetType] = unset, queries: Union[List[SecurityMonitoringStandardRuleQuery], UnsetType] = unset, + reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset, tags: Union[List[str], UnsetType] = unset, third_party_cases: Union[List[SecurityMonitoringThirdPartyRuleCase], UnsetType] = unset, type: Union[SecurityMonitoringRuleTypeRead, UnsetType] = unset, @@ -168,6 +173,9 @@ def __init__( :param queries: Queries for selecting logs which are part of the rule. :type queries: [SecurityMonitoringStandardRuleQuery], optional + :param reference_tables: Reference tables for the rule. + :type reference_tables: [SecurityMonitoringReferenceTable], optional + :param tags: Tags for generated signals. :type tags: [str], optional @@ -215,6 +223,8 @@ def __init__( kwargs["options"] = options if queries is not unset: kwargs["queries"] = queries + if reference_tables is not unset: + kwargs["reference_tables"] = reference_tables if tags is not unset: kwargs["tags"] = tags if third_party_cases is not unset: diff --git a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_test_payload.py b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_test_payload.py index fa2e0acc93..b8b7b22f88 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_test_payload.py +++ b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_test_payload.py @@ -18,6 +18,7 @@ from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery + from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, ) @@ -33,6 +34,7 @@ def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_standard_rule_query import ( SecurityMonitoringStandardRuleQuery, ) + from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, ) @@ -47,6 +49,7 @@ def openapi_types(_): "name": (str,), "options": (SecurityMonitoringRuleOptions,), "queries": ([SecurityMonitoringStandardRuleQuery],), + "reference_tables": ([SecurityMonitoringReferenceTable],), "tags": ([str],), "third_party_cases": ([SecurityMonitoringThirdPartyRuleCaseCreate],), "type": (SecurityMonitoringRuleTypeTest,), @@ -61,6 +64,7 @@ def openapi_types(_): "name": "name", "options": "options", "queries": "queries", + "reference_tables": "referenceTables", "tags": "tags", "third_party_cases": "thirdPartyCases", "type": "type", @@ -76,6 +80,7 @@ def __init__( queries: List[SecurityMonitoringStandardRuleQuery], filters: Union[List[SecurityMonitoringFilter], UnsetType] = unset, has_extended_title: Union[bool, UnsetType] = unset, + reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset, tags: Union[List[str], UnsetType] = unset, third_party_cases: Union[List[SecurityMonitoringThirdPartyRuleCaseCreate], UnsetType] = unset, type: Union[SecurityMonitoringRuleTypeTest, UnsetType] = unset, @@ -108,6 +113,9 @@ def __init__( :param queries: Queries for selecting logs which are part of the rule. :type queries: [SecurityMonitoringStandardRuleQuery] + :param reference_tables: Reference tables for the rule. + :type reference_tables: [SecurityMonitoringReferenceTable], optional + :param tags: Tags for generated signals. :type tags: [str], optional @@ -121,6 +129,8 @@ def __init__( kwargs["filters"] = filters if has_extended_title is not unset: kwargs["has_extended_title"] = has_extended_title + if reference_tables is not unset: + kwargs["reference_tables"] = reference_tables if tags is not unset: kwargs["tags"] = tags if third_party_cases is not unset: diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index b873d6fcc1..7478f2fe9e 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -1420,6 +1420,7 @@ from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.security_monitoring_filter_action import SecurityMonitoringFilterAction from datadog_api_client.v2.model.security_monitoring_list_rules_response import SecurityMonitoringListRulesResponse +from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_rule_case import SecurityMonitoringRuleCase from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate from datadog_api_client.v2.model.security_monitoring_rule_convert_payload import SecurityMonitoringRuleConvertPayload @@ -3179,6 +3180,7 @@ "SecurityMonitoringFilter", "SecurityMonitoringFilterAction", "SecurityMonitoringListRulesResponse", + "SecurityMonitoringReferenceTable", "SecurityMonitoringRuleCase", "SecurityMonitoringRuleCaseCreate", "SecurityMonitoringRuleConvertPayload", diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_returns_ok_response.frozen index 701307e250..76923cce50 100644 --- a/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_returns_ok_response.frozen @@ -1 +1 @@ -2024-05-10T16:34:28.650Z \ No newline at end of file +2024-09-11T18:14:46.491Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_returns_ok_response.yaml index a43668b950..f79d4ae1c7 100644 --- a/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_returns_ok_response.yaml @@ -1,7 +1,7 @@ interactions: - request: body: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test - rule","name":"Test-Create_a_detection_rule_returns_OK_response-1715358868","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metric":"","query":"@test:true"}],"tags":[],"type":"log_detection"}' + rule","name":"Test-Create_a_detection_rule_returns_OK_response-1726078486","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metric":"","query":"@test:true"}],"referenceTables":[{"checkPresence":true,"columnName":"value","logFieldPath":"testtag","ruleQueryName":"a","tableName":"synthetics_test_reference_table_dont_delete"}],"tags":[],"type":"log_detection"}' headers: accept: - application/json @@ -11,8 +11,8 @@ interactions: uri: https://api.datadoghq.com/api/v2/security_monitoring/rules response: body: - string: '{"id":"oka-fqr-yqa","version":1,"name":"Test-Create_a_detection_rule_returns_OK_response-1715358868","createdAt":1715358869030,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a - > 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]} + string: '{"id":"5br-mto-gse","version":1,"name":"Test-Create_a_detection_rule_returns_OK_response-1726078486","createdAt":1726078486689,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + > 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"referenceTables":[{"tableName":"synthetics_test_reference_table_dont_delete","columnName":"value","logFieldPath":"testtag","checkPresence":true,"ruleQueryName":"a"}]} ' headers: @@ -27,7 +27,7 @@ interactions: accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/oka-fqr-yqa + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/5br-mto-gse response: body: string: '' diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index dc66166540..27e45dd3c2 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -123,12 +123,13 @@ Feature: Security Monitoring @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule returns "OK" response Given new "CreateSecurityMonitoringRule" request - And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection"} + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "referenceTables":[{"tableName": "synthetics_test_reference_table_dont_delete", "columnName": "value", "logFieldPath":"testtag", "checkPresence":true, "ruleQueryName":"a"}]} When the request is sent Then the response status is 200 OK And the response "name" is equal to "{{ unique }}" And the response "type" is equal to "log_detection" And the response "message" is equal to "Test rule" + And the response "referenceTables" is equal to [{"tableName": "synthetics_test_reference_table_dont_delete", "columnName": "value", "logFieldPath":"testtag", "checkPresence":true, "ruleQueryName":"a"}] @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule with detection method 'third_party' returns "OK" response