From 7ddd2cb53b2a7542c31d78e6afcafdb0156c1333 Mon Sep 17 00:00:00 2001 From: "api-clients-generation-pipeline[bot]" <54105614+api-clients-generation-pipeline[bot]@users.noreply.github.com> Date: Fri, 12 Jan 2024 18:54:59 +0000 Subject: [PATCH] Security Monitoring - Add API support for suppression rules (#1834) Co-authored-by: ci.datadog-api-spec Co-authored-by: api-clients-generation-pipeline[bot] <54105614+api-clients-generation-pipeline[bot]@users.noreply.github.com> --- .apigentools-info | 8 +- .generator/schemas/v2/openapi.yaml | 373 ++++++++++++++++++ docs/datadog_api_client.v2.model.rst | 84 ++++ .../CreateSecurityMonitoringSuppression.py | 37 ++ .../DeleteSecurityMonitoringSuppression.py | 17 + .../GetSecurityMonitoringSuppression.py | 19 + .../ListSecurityMonitoringSuppressions.py | 13 + .../UpdateSecurityMonitoringSuppression.py | 36 ++ .../v2/api/security_monitoring_api.py | 201 ++++++++++ .../model/security_monitoring_suppression.py | 68 ++++ ...urity_monitoring_suppression_attributes.py | 132 +++++++ ...onitoring_suppression_create_attributes.py | 77 ++++ ...rity_monitoring_suppression_create_data.py | 57 +++ ...y_monitoring_suppression_create_request.py | 44 +++ ...ecurity_monitoring_suppression_response.py | 42 ++ .../security_monitoring_suppression_type.py | 35 ++ ...onitoring_suppression_update_attributes.py | 94 +++++ ...rity_monitoring_suppression_update_data.py | 57 +++ ...y_monitoring_suppression_update_request.py | 44 +++ ...curity_monitoring_suppressions_response.py | 42 ++ .../v2/model/security_monitoring_user.py | 46 +++ src/datadog_api_client/v2/models/__init__.py | 38 ++ ...uppression_rule_returns_ok_response.frozen | 1 + ..._suppression_rule_returns_ok_response.yaml | 42 ++ ...uppression_rule_returns_ok_response.frozen | 1 + ..._suppression_rule_returns_ok_response.yaml | 56 +++ ...ion_rule_returns_not_found_response.frozen | 1 + ...ssion_rule_returns_not_found_response.yaml | 20 + ...uppression_rule_returns_ok_response.frozen | 1 + ..._suppression_rule_returns_ok_response.yaml | 56 +++ ...uppression_rule_returns_ok_response.frozen | 1 + ..._suppression_rule_returns_ok_response.yaml | 59 +++ tests/v2/features/given.json | 12 + tests/v2/features/security_monitoring.feature | 98 +++++ tests/v2/features/undo.json | 37 ++ 35 files changed, 1945 insertions(+), 4 deletions(-) create mode 100644 examples/v2/security-monitoring/CreateSecurityMonitoringSuppression.py create mode 100644 examples/v2/security-monitoring/DeleteSecurityMonitoringSuppression.py create mode 100644 examples/v2/security-monitoring/GetSecurityMonitoringSuppression.py create mode 100644 examples/v2/security-monitoring/ListSecurityMonitoringSuppressions.py create mode 100644 examples/v2/security-monitoring/UpdateSecurityMonitoringSuppression.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppression.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppression_attributes.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppression_create_attributes.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppression_create_data.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppression_create_request.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppression_response.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppression_type.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppression_update_attributes.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppression_update_data.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppression_update_request.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_suppressions_response.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_user.py create mode 100644 tests/v2/cassettes/test_scenarios/test_create_a_suppression_rule_returns_ok_response.frozen create mode 100644 tests/v2/cassettes/test_scenarios/test_create_a_suppression_rule_returns_ok_response.yaml create mode 100644 tests/v2/cassettes/test_scenarios/test_delete_a_suppression_rule_returns_ok_response.frozen create mode 100644 tests/v2/cassettes/test_scenarios/test_delete_a_suppression_rule_returns_ok_response.yaml create mode 100644 tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_not_found_response.frozen create mode 100644 tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_not_found_response.yaml create mode 100644 tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_ok_response.frozen create mode 100644 tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_ok_response.yaml create mode 100644 tests/v2/cassettes/test_scenarios/test_update_a_suppression_rule_returns_ok_response.frozen create mode 100644 tests/v2/cassettes/test_scenarios/test_update_a_suppression_rule_returns_ok_response.yaml diff --git a/.apigentools-info b/.apigentools-info index 4b8ed8b031..e791e238b3 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2024-01-12 13:44:53.253723", - "spec_repo_commit": "0d87bc66" + "regenerated": "2024-01-12 15:18:17.417974", + "spec_repo_commit": "b125495e" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2024-01-12 13:44:53.272022", - "spec_repo_commit": "0d87bc66" + "regenerated": "2024-01-12 15:18:17.459019", + "spec_repo_commit": "b125495e" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 8fbfc47bcd..8d81630a01 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -432,6 +432,13 @@ components: required: true schema: type: string + SecurityMonitoringSuppressionID: + description: The ID of the suppression rule + in: path + name: suppression_id + required: true + schema: + type: string SensitiveDataScannerGroupID: description: The ID of a group of rules. in: path @@ -16588,6 +16595,216 @@ components: description: The version of the rule. format: int64 type: integer + SecurityMonitoringSuppression: + description: The suppression rule's properties. + properties: + attributes: + $ref: '#/components/schemas/SecurityMonitoringSuppressionAttributes' + id: + $ref: '#/components/schemas/SecurityMonitoringSuppressionID' + type: + $ref: '#/components/schemas/SecurityMonitoringSuppressionType' + type: object + SecurityMonitoringSuppressionAttributes: + description: The attributes of the suppression rule. + properties: + creation_date: + description: A Unix millisecond timestamp given the creation date of the + suppression rule. + format: int64 + type: integer + creator: + $ref: '#/components/schemas/SecurityMonitoringUser' + description: + description: A description for the suppression rule. + example: This rule suppresses low-severity signals in staging environments. + type: string + enabled: + description: Whether the suppression rule is enabled. + example: true + type: boolean + expiration_date: + description: A Unix millisecond timestamp giving an expiration date for + the suppression rule. After this date, it won't suppress signals anymore. + example: 1703187336000 + format: int64 + type: integer + name: + description: The name of the suppression rule. + example: Custom suppression + type: string + rule_query: + description: The rule query of the suppression rule, with the same syntax + as the search bar for detection rules. + example: type:log_detection source:cloudtrail + type: string + suppression_query: + description: The suppression query of the suppression rule. If a signal + matches this query, it is suppressed and not triggered. Same syntax as + the queries to search signals in the signal explorer. + example: env:staging status:low + type: string + update_date: + description: A Unix millisecond timestamp given the update date of the suppression + rule. + format: int64 + type: integer + updater: + $ref: '#/components/schemas/SecurityMonitoringUser' + version: + description: The version of the suppression rule; it starts at 1, and is + incremented at each update. + example: 42 + format: int32 + maximum: 2147483647 + type: integer + type: object + SecurityMonitoringSuppressionCreateAttributes: + description: Object containing the attributes of the suppression rule to be + created. + properties: + description: + description: A description for the suppression rule. + example: This rule suppresses low-severity signals in staging environments. + type: string + enabled: + description: Whether the suppression rule is enabled. + example: true + type: boolean + expiration_date: + description: A Unix millisecond timestamp giving an expiration date for + the suppression rule. After this date, it won't suppress signals anymore. + example: 1703187336000 + format: int64 + type: integer + name: + description: The name of the suppression rule. + example: Custom suppression + type: string + rule_query: + description: The rule query of the suppression rule, with the same syntax + as the search bar for detection rules. + example: type:log_detection source:cloudtrail + type: string + suppression_query: + description: The suppression query of the suppression rule. If a signal + matches this query, it is suppressed and is not triggered . Same syntax + as the queries to search signals in the signal explorer. + example: env:staging status:low + type: string + required: + - name + - enabled + - rule_query + - suppression_query + type: object + SecurityMonitoringSuppressionCreateData: + description: Object for a single suppression rule. + properties: + attributes: + $ref: '#/components/schemas/SecurityMonitoringSuppressionCreateAttributes' + type: + $ref: '#/components/schemas/SecurityMonitoringSuppressionType' + required: + - type + - attributes + type: object + SecurityMonitoringSuppressionCreateRequest: + description: Request object that includes the suppression rule that you would + like to create. + properties: + data: + $ref: '#/components/schemas/SecurityMonitoringSuppressionCreateData' + required: + - data + type: object + SecurityMonitoringSuppressionID: + description: The ID of the suppression rule. + example: 3dd-0uc-h1s + type: string + SecurityMonitoringSuppressionResponse: + description: Response object containing a single suppression rule. + properties: + data: + $ref: '#/components/schemas/SecurityMonitoringSuppression' + type: object + SecurityMonitoringSuppressionType: + default: suppressions + description: The type of the resource. The value should always be `suppressions`. + enum: + - suppressions + example: suppressions + type: string + x-enum-varnames: + - SUPPRESSIONS + SecurityMonitoringSuppressionUpdateAttributes: + description: The suppression rule properties to be updated. + properties: + description: + description: A description for the suppression rule. + example: This rule suppresses low-severity signals in staging environments. + type: string + enabled: + description: Whether the suppression rule is enabled. + example: true + type: boolean + expiration_date: + description: A Unix millisecond timestamp giving an expiration date for + the suppression rule. After this date, it won't suppress signals anymore. + example: 1703187336000 + format: int64 + type: integer + name: + description: The name of the suppression rule. + example: Custom suppression + type: string + rule_query: + description: The rule query of the suppression rule, with the same syntax + as the search bar for detection rules. + example: type:log_detection source:cloudtrail + type: string + suppression_query: + description: The suppression query of the suppression rule. If a signal + matches this query, it is suppressed and not triggered. Same syntax as + the queries to search signals in the signal explorer. + example: env:staging status:low + type: string + version: + description: The current version of the suppression. This is optional, but + it can help prevent concurrent modifications. + format: int32 + maximum: 2147483647 + type: integer + type: object + SecurityMonitoringSuppressionUpdateData: + description: The new suppression properties; partial updates are supported. + properties: + attributes: + $ref: '#/components/schemas/SecurityMonitoringSuppressionUpdateAttributes' + type: + $ref: '#/components/schemas/SecurityMonitoringSuppressionType' + required: + - type + - attributes + type: object + SecurityMonitoringSuppressionUpdateRequest: + description: Request object containing the fields to update on the suppression + rule. + properties: + data: + $ref: '#/components/schemas/SecurityMonitoringSuppressionUpdateData' + required: + - data + type: object + SecurityMonitoringSuppressionsResponse: + description: Response object containing the available suppression rules. + properties: + data: + description: A list of suppressions objects. + items: + $ref: '#/components/schemas/SecurityMonitoringSuppression' + type: array + type: object SecurityMonitoringThirdPartyRootQuery: description: A query to be combined with the third party case query. properties: @@ -16666,6 +16883,19 @@ components: required: - uuid type: object + SecurityMonitoringUser: + description: A user. + properties: + handle: + description: The handle of the user. + example: john.doe@datadoghq.com + type: string + name: + description: The name of the user. + example: John Doe + nullable: true + type: string + type: object SensitiveDataScannerConfigRequest: description: Group reorder request. properties: @@ -29288,6 +29518,149 @@ paths: tags: - Security Monitoring x-codegen-request-body-name: body + /api/v2/security_monitoring/configuration/suppressions: + get: + description: Get the list of all suppression rules. + operationId: ListSecurityMonitoringSuppressions + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSuppressionsResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_suppressions_read + summary: Get all suppression rules + tags: + - Security Monitoring + post: + description: Create a new suppression rule. + operationId: CreateSecurityMonitoringSuppression + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSuppressionCreateRequest' + description: The definition of the new suppression rule. + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSuppressionResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '409': + $ref: '#/components/responses/ConflictResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_suppressions_write + summary: Create a suppression rule + tags: + - Security Monitoring + x-codegen-request-body-name: body + /api/v2/security_monitoring/configuration/suppressions/{suppression_id}: + delete: + description: Delete a specific suppression rule. + operationId: DeleteSecurityMonitoringSuppression + parameters: + - $ref: '#/components/parameters/SecurityMonitoringSuppressionID' + responses: + '204': + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_suppressions_write + summary: Delete a suppression rule + tags: + - Security Monitoring + get: + description: Get the details of a specific suppression rule. + operationId: GetSecurityMonitoringSuppression + parameters: + - $ref: '#/components/parameters/SecurityMonitoringSuppressionID' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSuppressionResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_suppressions_read + summary: Get a suppression rule + tags: + - Security Monitoring + patch: + description: Update a specific suppression rule. + operationId: UpdateSecurityMonitoringSuppression + parameters: + - $ref: '#/components/parameters/SecurityMonitoringSuppressionID' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSuppressionUpdateRequest' + description: New definition of the suppression rule. Supports partial updates. + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringSuppressionResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '409': + $ref: '#/components/responses/ConcurrentModificationResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_suppressions_write + summary: Update a suppression rule + tags: + - Security Monitoring /api/v2/security_monitoring/rules: get: description: List rules. diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index eb62643d14..d222afb043 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -7330,6 +7330,83 @@ security\_monitoring\_standard\_rule\_response :members: :show-inheritance: +security\_monitoring\_suppression +--------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppression + :members: + :show-inheritance: + +security\_monitoring\_suppression\_attributes +--------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppression_attributes + :members: + :show-inheritance: + +security\_monitoring\_suppression\_create\_attributes +----------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppression_create_attributes + :members: + :show-inheritance: + +security\_monitoring\_suppression\_create\_data +----------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppression_create_data + :members: + :show-inheritance: + +security\_monitoring\_suppression\_create\_request +-------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppression_create_request + :members: + :show-inheritance: + +security\_monitoring\_suppression\_response +------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppression_response + :members: + :show-inheritance: + +security\_monitoring\_suppression\_type +--------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppression_type + :members: + :show-inheritance: + +security\_monitoring\_suppression\_update\_attributes +----------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppression_update_attributes + :members: + :show-inheritance: + +security\_monitoring\_suppression\_update\_data +----------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppression_update_data + :members: + :show-inheritance: + +security\_monitoring\_suppression\_update\_request +-------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppression_update_request + :members: + :show-inheritance: + +security\_monitoring\_suppressions\_response +-------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_suppressions_response + :members: + :show-inheritance: + security\_monitoring\_third\_party\_root\_query ----------------------------------------------- @@ -7358,6 +7435,13 @@ security\_monitoring\_triage\_user :members: :show-inheritance: +security\_monitoring\_user +-------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_user + :members: + :show-inheritance: + sensitive\_data\_scanner\_config\_request ----------------------------------------- diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringSuppression.py b/examples/v2/security-monitoring/CreateSecurityMonitoringSuppression.py new file mode 100644 index 0000000000..af17c44190 --- /dev/null +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringSuppression.py @@ -0,0 +1,37 @@ +""" +Create a suppression rule returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi +from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import ( + SecurityMonitoringSuppressionCreateAttributes, +) +from datadog_api_client.v2.model.security_monitoring_suppression_create_data import ( + SecurityMonitoringSuppressionCreateData, +) +from datadog_api_client.v2.model.security_monitoring_suppression_create_request import ( + SecurityMonitoringSuppressionCreateRequest, +) +from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType + +body = SecurityMonitoringSuppressionCreateRequest( + data=SecurityMonitoringSuppressionCreateData( + attributes=SecurityMonitoringSuppressionCreateAttributes( + description="This rule suppresses low-severity signals in staging environments.", + enabled=True, + expiration_date=1703187336000, + name="Example-Security-Monitoring", + rule_query="type:log_detection source:cloudtrail", + suppression_query="env:staging status:low", + ), + type=SecurityMonitoringSuppressionType.SUPPRESSIONS, + ), +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.create_security_monitoring_suppression(body=body) + + print(response) diff --git a/examples/v2/security-monitoring/DeleteSecurityMonitoringSuppression.py b/examples/v2/security-monitoring/DeleteSecurityMonitoringSuppression.py new file mode 100644 index 0000000000..86d6dac455 --- /dev/null +++ b/examples/v2/security-monitoring/DeleteSecurityMonitoringSuppression.py @@ -0,0 +1,17 @@ +""" +Delete a suppression rule returns "OK" response +""" + +from os import environ +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +# there is a valid "suppression" in the system +SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"] + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + api_instance.delete_security_monitoring_suppression( + suppression_id=SUPPRESSION_DATA_ID, + ) diff --git a/examples/v2/security-monitoring/GetSecurityMonitoringSuppression.py b/examples/v2/security-monitoring/GetSecurityMonitoringSuppression.py new file mode 100644 index 0000000000..e998391f11 --- /dev/null +++ b/examples/v2/security-monitoring/GetSecurityMonitoringSuppression.py @@ -0,0 +1,19 @@ +""" +Get a suppression rule returns "OK" response +""" + +from os import environ +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +# there is a valid "suppression" in the system +SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"] + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.get_security_monitoring_suppression( + suppression_id=SUPPRESSION_DATA_ID, + ) + + print(response) diff --git a/examples/v2/security-monitoring/ListSecurityMonitoringSuppressions.py b/examples/v2/security-monitoring/ListSecurityMonitoringSuppressions.py new file mode 100644 index 0000000000..2751d23f01 --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityMonitoringSuppressions.py @@ -0,0 +1,13 @@ +""" +Get all suppression rules returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.list_security_monitoring_suppressions() + + print(response) diff --git a/examples/v2/security-monitoring/UpdateSecurityMonitoringSuppression.py b/examples/v2/security-monitoring/UpdateSecurityMonitoringSuppression.py new file mode 100644 index 0000000000..a7feb71e66 --- /dev/null +++ b/examples/v2/security-monitoring/UpdateSecurityMonitoringSuppression.py @@ -0,0 +1,36 @@ +""" +Update a suppression rule returns "OK" response +""" + +from os import environ +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi +from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType +from datadog_api_client.v2.model.security_monitoring_suppression_update_attributes import ( + SecurityMonitoringSuppressionUpdateAttributes, +) +from datadog_api_client.v2.model.security_monitoring_suppression_update_data import ( + SecurityMonitoringSuppressionUpdateData, +) +from datadog_api_client.v2.model.security_monitoring_suppression_update_request import ( + SecurityMonitoringSuppressionUpdateRequest, +) + +# there is a valid "suppression" in the system +SUPPRESSION_DATA_ID = environ["SUPPRESSION_DATA_ID"] + +body = SecurityMonitoringSuppressionUpdateRequest( + data=SecurityMonitoringSuppressionUpdateData( + attributes=SecurityMonitoringSuppressionUpdateAttributes( + suppression_query="env:staging status:low", + ), + type=SecurityMonitoringSuppressionType.SUPPRESSIONS, + ), +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.update_security_monitoring_suppression(suppression_id=SUPPRESSION_DATA_ID, body=body) + + print(response) diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index 51a2ff4c65..d0981de9d0 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -26,6 +26,14 @@ from datadog_api_client.v2.model.security_filter_response import SecurityFilterResponse from datadog_api_client.v2.model.security_filter_create_request import SecurityFilterCreateRequest from datadog_api_client.v2.model.security_filter_update_request import SecurityFilterUpdateRequest +from datadog_api_client.v2.model.security_monitoring_suppressions_response import SecurityMonitoringSuppressionsResponse +from datadog_api_client.v2.model.security_monitoring_suppression_response import SecurityMonitoringSuppressionResponse +from datadog_api_client.v2.model.security_monitoring_suppression_create_request import ( + SecurityMonitoringSuppressionCreateRequest, +) +from datadog_api_client.v2.model.security_monitoring_suppression_update_request import ( + SecurityMonitoringSuppressionUpdateRequest, +) from datadog_api_client.v2.model.security_monitoring_list_rules_response import SecurityMonitoringListRulesResponse from datadog_api_client.v2.model.security_monitoring_rule_response import SecurityMonitoringRuleResponse from datadog_api_client.v2.model.security_monitoring_rule_create_payload import SecurityMonitoringRuleCreatePayload @@ -107,6 +115,26 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._create_security_monitoring_suppression_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringSuppressionResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/suppressions", + "operation_id": "create_security_monitoring_suppression", + "http_method": "POST", + "version": "v2", + }, + params_map={ + "body": { + "required": True, + "openapi_types": (SecurityMonitoringSuppressionCreateRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + self._delete_security_filter_endpoint = _Endpoint( settings={ "response_type": None, @@ -153,6 +181,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._delete_security_monitoring_suppression_endpoint = _Endpoint( + settings={ + "response_type": None, + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/suppressions/{suppression_id}", + "operation_id": "delete_security_monitoring_suppression", + "http_method": "DELETE", + "version": "v2", + }, + params_map={ + "suppression_id": { + "required": True, + "openapi_types": (str,), + "attribute": "suppression_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["*/*"], + }, + api_client=api_client, + ) + self._edit_security_monitoring_signal_assignee_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringSignalTriageUpdateResponse,), @@ -331,6 +382,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._get_security_monitoring_suppression_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringSuppressionResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/suppressions/{suppression_id}", + "operation_id": "get_security_monitoring_suppression", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "suppression_id": { + "required": True, + "openapi_types": (str,), + "attribute": "suppression_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._list_findings_endpoint = _Endpoint( settings={ "response_type": (ListFindingsResponse,), @@ -508,6 +582,22 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._list_security_monitoring_suppressions_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringSuppressionsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/suppressions", + "operation_id": "list_security_monitoring_suppressions", + "http_method": "GET", + "version": "v2", + }, + params_map={}, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._mute_findings_endpoint = _Endpoint( settings={ "response_type": (BulkMuteFindingsResponse,), @@ -599,6 +689,32 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._update_security_monitoring_suppression_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringSuppressionResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/suppressions/{suppression_id}", + "operation_id": "update_security_monitoring_suppression", + "http_method": "PATCH", + "version": "v2", + }, + params_map={ + "suppression_id": { + "required": True, + "openapi_types": (str,), + "attribute": "suppression_id", + "location": "path", + }, + "body": { + "required": True, + "openapi_types": (SecurityMonitoringSuppressionUpdateRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + def create_security_filter( self, body: SecurityFilterCreateRequest, @@ -640,6 +756,23 @@ def create_security_monitoring_rule( return self._create_security_monitoring_rule_endpoint.call_with_http_info(**kwargs) + def create_security_monitoring_suppression( + self, + body: SecurityMonitoringSuppressionCreateRequest, + ) -> SecurityMonitoringSuppressionResponse: + """Create a suppression rule. + + Create a new suppression rule. + + :param body: The definition of the new suppression rule. + :type body: SecurityMonitoringSuppressionCreateRequest + :rtype: SecurityMonitoringSuppressionResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["body"] = body + + return self._create_security_monitoring_suppression_endpoint.call_with_http_info(**kwargs) + def delete_security_filter( self, security_filter_id: str, @@ -674,6 +807,23 @@ def delete_security_monitoring_rule( return self._delete_security_monitoring_rule_endpoint.call_with_http_info(**kwargs) + def delete_security_monitoring_suppression( + self, + suppression_id: str, + ) -> None: + """Delete a suppression rule. + + Delete a specific suppression rule. + + :param suppression_id: The ID of the suppression rule + :type suppression_id: str + :rtype: None + """ + kwargs: Dict[str, Any] = {} + kwargs["suppression_id"] = suppression_id + + return self._delete_security_monitoring_suppression_endpoint.call_with_http_info(**kwargs) + def edit_security_monitoring_signal_assignee( self, signal_id: str, @@ -818,6 +968,23 @@ def get_security_monitoring_signal( return self._get_security_monitoring_signal_endpoint.call_with_http_info(**kwargs) + def get_security_monitoring_suppression( + self, + suppression_id: str, + ) -> SecurityMonitoringSuppressionResponse: + """Get a suppression rule. + + Get the details of a specific suppression rule. + + :param suppression_id: The ID of the suppression rule + :type suppression_id: str + :rtype: SecurityMonitoringSuppressionResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["suppression_id"] = suppression_id + + return self._get_security_monitoring_suppression_endpoint.call_with_http_info(**kwargs) + def list_findings( self, *, @@ -1180,6 +1347,18 @@ def list_security_monitoring_signals_with_pagination( } return endpoint.call_with_http_info_paginated(pagination) + def list_security_monitoring_suppressions( + self, + ) -> SecurityMonitoringSuppressionsResponse: + """Get all suppression rules. + + Get the list of all suppression rules. + + :rtype: SecurityMonitoringSuppressionsResponse + """ + kwargs: Dict[str, Any] = {} + return self._list_security_monitoring_suppressions_endpoint.call_with_http_info(**kwargs) + def mute_findings( self, body: BulkMuteFindingsRequest, @@ -1303,3 +1482,25 @@ def update_security_monitoring_rule( kwargs["body"] = body return self._update_security_monitoring_rule_endpoint.call_with_http_info(**kwargs) + + def update_security_monitoring_suppression( + self, + suppression_id: str, + body: SecurityMonitoringSuppressionUpdateRequest, + ) -> SecurityMonitoringSuppressionResponse: + """Update a suppression rule. + + Update a specific suppression rule. + + :param suppression_id: The ID of the suppression rule + :type suppression_id: str + :param body: New definition of the suppression rule. Supports partial updates. + :type body: SecurityMonitoringSuppressionUpdateRequest + :rtype: SecurityMonitoringSuppressionResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["suppression_id"] = suppression_id + + kwargs["body"] = body + + return self._update_security_monitoring_suppression_endpoint.call_with_http_info(**kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppression.py b/src/datadog_api_client/v2/model/security_monitoring_suppression.py new file mode 100644 index 0000000000..9585436a0d --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppression.py @@ -0,0 +1,68 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_suppression_attributes import ( + SecurityMonitoringSuppressionAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType + + +class SecurityMonitoringSuppression(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_suppression_attributes import ( + SecurityMonitoringSuppressionAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType + + return { + "attributes": (SecurityMonitoringSuppressionAttributes,), + "id": (str,), + "type": (SecurityMonitoringSuppressionType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__( + self_, + attributes: Union[SecurityMonitoringSuppressionAttributes, UnsetType] = unset, + id: Union[str, UnsetType] = unset, + type: Union[SecurityMonitoringSuppressionType, UnsetType] = unset, + **kwargs, + ): + """ + The suppression rule's properties. + + :param attributes: The attributes of the suppression rule. + :type attributes: SecurityMonitoringSuppressionAttributes, optional + + :param id: The ID of the suppression rule. + :type id: str, optional + + :param type: The type of the resource. The value should always be ``suppressions``. + :type type: SecurityMonitoringSuppressionType, optional + """ + if attributes is not unset: + kwargs["attributes"] = attributes + if id is not unset: + kwargs["id"] = id + if type is not unset: + kwargs["type"] = type + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppression_attributes.py b/src/datadog_api_client/v2/model/security_monitoring_suppression_attributes.py new file mode 100644 index 0000000000..9cfd56350f --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppression_attributes.py @@ -0,0 +1,132 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_user import SecurityMonitoringUser + + +class SecurityMonitoringSuppressionAttributes(ModelNormal): + validations = { + "version": { + "inclusive_maximum": 2147483647, + }, + } + + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_user import SecurityMonitoringUser + + return { + "creation_date": (int,), + "creator": (SecurityMonitoringUser,), + "description": (str,), + "enabled": (bool,), + "expiration_date": (int,), + "name": (str,), + "rule_query": (str,), + "suppression_query": (str,), + "update_date": (int,), + "updater": (SecurityMonitoringUser,), + "version": (int,), + } + + attribute_map = { + "creation_date": "creation_date", + "creator": "creator", + "description": "description", + "enabled": "enabled", + "expiration_date": "expiration_date", + "name": "name", + "rule_query": "rule_query", + "suppression_query": "suppression_query", + "update_date": "update_date", + "updater": "updater", + "version": "version", + } + + def __init__( + self_, + creation_date: Union[int, UnsetType] = unset, + creator: Union[SecurityMonitoringUser, UnsetType] = unset, + description: Union[str, UnsetType] = unset, + enabled: Union[bool, UnsetType] = unset, + expiration_date: Union[int, UnsetType] = unset, + name: Union[str, UnsetType] = unset, + rule_query: Union[str, UnsetType] = unset, + suppression_query: Union[str, UnsetType] = unset, + update_date: Union[int, UnsetType] = unset, + updater: Union[SecurityMonitoringUser, UnsetType] = unset, + version: Union[int, UnsetType] = unset, + **kwargs, + ): + """ + The attributes of the suppression rule. + + :param creation_date: A Unix millisecond timestamp given the creation date of the suppression rule. + :type creation_date: int, optional + + :param creator: A user. + :type creator: SecurityMonitoringUser, optional + + :param description: A description for the suppression rule. + :type description: str, optional + + :param enabled: Whether the suppression rule is enabled. + :type enabled: bool, optional + + :param expiration_date: A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. + :type expiration_date: int, optional + + :param name: The name of the suppression rule. + :type name: str, optional + + :param rule_query: The rule query of the suppression rule, with the same syntax as the search bar for detection rules. + :type rule_query: str, optional + + :param suppression_query: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. + :type suppression_query: str, optional + + :param update_date: A Unix millisecond timestamp given the update date of the suppression rule. + :type update_date: int, optional + + :param updater: A user. + :type updater: SecurityMonitoringUser, optional + + :param version: The version of the suppression rule; it starts at 1, and is incremented at each update. + :type version: int, optional + """ + if creation_date is not unset: + kwargs["creation_date"] = creation_date + if creator is not unset: + kwargs["creator"] = creator + if description is not unset: + kwargs["description"] = description + if enabled is not unset: + kwargs["enabled"] = enabled + if expiration_date is not unset: + kwargs["expiration_date"] = expiration_date + if name is not unset: + kwargs["name"] = name + if rule_query is not unset: + kwargs["rule_query"] = rule_query + if suppression_query is not unset: + kwargs["suppression_query"] = suppression_query + if update_date is not unset: + kwargs["update_date"] = update_date + if updater is not unset: + kwargs["updater"] = updater + if version is not unset: + kwargs["version"] = version + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppression_create_attributes.py b/src/datadog_api_client/v2/model/security_monitoring_suppression_create_attributes.py new file mode 100644 index 0000000000..aa16b3363b --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppression_create_attributes.py @@ -0,0 +1,77 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +class SecurityMonitoringSuppressionCreateAttributes(ModelNormal): + @cached_property + def openapi_types(_): + return { + "description": (str,), + "enabled": (bool,), + "expiration_date": (int,), + "name": (str,), + "rule_query": (str,), + "suppression_query": (str,), + } + + attribute_map = { + "description": "description", + "enabled": "enabled", + "expiration_date": "expiration_date", + "name": "name", + "rule_query": "rule_query", + "suppression_query": "suppression_query", + } + + def __init__( + self_, + enabled: bool, + name: str, + rule_query: str, + suppression_query: str, + description: Union[str, UnsetType] = unset, + expiration_date: Union[int, UnsetType] = unset, + **kwargs, + ): + """ + Object containing the attributes of the suppression rule to be created. + + :param description: A description for the suppression rule. + :type description: str, optional + + :param enabled: Whether the suppression rule is enabled. + :type enabled: bool + + :param expiration_date: A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. + :type expiration_date: int, optional + + :param name: The name of the suppression rule. + :type name: str + + :param rule_query: The rule query of the suppression rule, with the same syntax as the search bar for detection rules. + :type rule_query: str + + :param suppression_query: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered . Same syntax as the queries to search signals in the signal explorer. + :type suppression_query: str + """ + if description is not unset: + kwargs["description"] = description + if expiration_date is not unset: + kwargs["expiration_date"] = expiration_date + super().__init__(kwargs) + + self_.enabled = enabled + self_.name = name + self_.rule_query = rule_query + self_.suppression_query = suppression_query diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppression_create_data.py b/src/datadog_api_client/v2/model/security_monitoring_suppression_create_data.py new file mode 100644 index 0000000000..617c9e8252 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppression_create_data.py @@ -0,0 +1,57 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import ( + SecurityMonitoringSuppressionCreateAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType + + +class SecurityMonitoringSuppressionCreateData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import ( + SecurityMonitoringSuppressionCreateAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType + + return { + "attributes": (SecurityMonitoringSuppressionCreateAttributes,), + "type": (SecurityMonitoringSuppressionType,), + } + + attribute_map = { + "attributes": "attributes", + "type": "type", + } + + def __init__( + self_, + attributes: SecurityMonitoringSuppressionCreateAttributes, + type: SecurityMonitoringSuppressionType, + **kwargs, + ): + """ + Object for a single suppression rule. + + :param attributes: Object containing the attributes of the suppression rule to be created. + :type attributes: SecurityMonitoringSuppressionCreateAttributes + + :param type: The type of the resource. The value should always be ``suppressions``. + :type type: SecurityMonitoringSuppressionType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.type = type diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppression_create_request.py b/src/datadog_api_client/v2/model/security_monitoring_suppression_create_request.py new file mode 100644 index 0000000000..aa92274eef --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppression_create_request.py @@ -0,0 +1,44 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_suppression_create_data import ( + SecurityMonitoringSuppressionCreateData, + ) + + +class SecurityMonitoringSuppressionCreateRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_suppression_create_data import ( + SecurityMonitoringSuppressionCreateData, + ) + + return { + "data": (SecurityMonitoringSuppressionCreateData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: SecurityMonitoringSuppressionCreateData, **kwargs): + """ + Request object that includes the suppression rule that you would like to create. + + :param data: Object for a single suppression rule. + :type data: SecurityMonitoringSuppressionCreateData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppression_response.py b/src/datadog_api_client/v2/model/security_monitoring_suppression_response.py new file mode 100644 index 0000000000..c4eac571dc --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppression_response.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_suppression import SecurityMonitoringSuppression + + +class SecurityMonitoringSuppressionResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_suppression import SecurityMonitoringSuppression + + return { + "data": (SecurityMonitoringSuppression,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: Union[SecurityMonitoringSuppression, UnsetType] = unset, **kwargs): + """ + Response object containing a single suppression rule. + + :param data: The suppression rule's properties. + :type data: SecurityMonitoringSuppression, optional + """ + if data is not unset: + kwargs["data"] = data + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppression_type.py b/src/datadog_api_client/v2/model/security_monitoring_suppression_type.py new file mode 100644 index 0000000000..532b81907b --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppression_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringSuppressionType(ModelSimple): + """ + The type of the resource. The value should always be `suppressions`. + + :param value: If omitted defaults to "suppressions". Must be one of ["suppressions"]. + :type value: str + """ + + allowed_values = { + "suppressions", + } + SUPPRESSIONS: ClassVar["SecurityMonitoringSuppressionType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringSuppressionType.SUPPRESSIONS = SecurityMonitoringSuppressionType("suppressions") diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppression_update_attributes.py b/src/datadog_api_client/v2/model/security_monitoring_suppression_update_attributes.py new file mode 100644 index 0000000000..8f856e9e80 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppression_update_attributes.py @@ -0,0 +1,94 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +class SecurityMonitoringSuppressionUpdateAttributes(ModelNormal): + validations = { + "version": { + "inclusive_maximum": 2147483647, + }, + } + + @cached_property + def openapi_types(_): + return { + "description": (str,), + "enabled": (bool,), + "expiration_date": (int,), + "name": (str,), + "rule_query": (str,), + "suppression_query": (str,), + "version": (int,), + } + + attribute_map = { + "description": "description", + "enabled": "enabled", + "expiration_date": "expiration_date", + "name": "name", + "rule_query": "rule_query", + "suppression_query": "suppression_query", + "version": "version", + } + + def __init__( + self_, + description: Union[str, UnsetType] = unset, + enabled: Union[bool, UnsetType] = unset, + expiration_date: Union[int, UnsetType] = unset, + name: Union[str, UnsetType] = unset, + rule_query: Union[str, UnsetType] = unset, + suppression_query: Union[str, UnsetType] = unset, + version: Union[int, UnsetType] = unset, + **kwargs, + ): + """ + The suppression rule properties to be updated. + + :param description: A description for the suppression rule. + :type description: str, optional + + :param enabled: Whether the suppression rule is enabled. + :type enabled: bool, optional + + :param expiration_date: A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore. + :type expiration_date: int, optional + + :param name: The name of the suppression rule. + :type name: str, optional + + :param rule_query: The rule query of the suppression rule, with the same syntax as the search bar for detection rules. + :type rule_query: str, optional + + :param suppression_query: The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. + :type suppression_query: str, optional + + :param version: The current version of the suppression. This is optional, but it can help prevent concurrent modifications. + :type version: int, optional + """ + if description is not unset: + kwargs["description"] = description + if enabled is not unset: + kwargs["enabled"] = enabled + if expiration_date is not unset: + kwargs["expiration_date"] = expiration_date + if name is not unset: + kwargs["name"] = name + if rule_query is not unset: + kwargs["rule_query"] = rule_query + if suppression_query is not unset: + kwargs["suppression_query"] = suppression_query + if version is not unset: + kwargs["version"] = version + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppression_update_data.py b/src/datadog_api_client/v2/model/security_monitoring_suppression_update_data.py new file mode 100644 index 0000000000..139872cdf9 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppression_update_data.py @@ -0,0 +1,57 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_suppression_update_attributes import ( + SecurityMonitoringSuppressionUpdateAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType + + +class SecurityMonitoringSuppressionUpdateData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_suppression_update_attributes import ( + SecurityMonitoringSuppressionUpdateAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType + + return { + "attributes": (SecurityMonitoringSuppressionUpdateAttributes,), + "type": (SecurityMonitoringSuppressionType,), + } + + attribute_map = { + "attributes": "attributes", + "type": "type", + } + + def __init__( + self_, + attributes: SecurityMonitoringSuppressionUpdateAttributes, + type: SecurityMonitoringSuppressionType, + **kwargs, + ): + """ + The new suppression properties; partial updates are supported. + + :param attributes: The suppression rule properties to be updated. + :type attributes: SecurityMonitoringSuppressionUpdateAttributes + + :param type: The type of the resource. The value should always be ``suppressions``. + :type type: SecurityMonitoringSuppressionType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.type = type diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppression_update_request.py b/src/datadog_api_client/v2/model/security_monitoring_suppression_update_request.py new file mode 100644 index 0000000000..7ea80b60da --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppression_update_request.py @@ -0,0 +1,44 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_suppression_update_data import ( + SecurityMonitoringSuppressionUpdateData, + ) + + +class SecurityMonitoringSuppressionUpdateRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_suppression_update_data import ( + SecurityMonitoringSuppressionUpdateData, + ) + + return { + "data": (SecurityMonitoringSuppressionUpdateData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: SecurityMonitoringSuppressionUpdateData, **kwargs): + """ + Request object containing the fields to update on the suppression rule. + + :param data: The new suppression properties; partial updates are supported. + :type data: SecurityMonitoringSuppressionUpdateData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/security_monitoring_suppressions_response.py b/src/datadog_api_client/v2/model/security_monitoring_suppressions_response.py new file mode 100644 index 0000000000..cfa5b9af5c --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_suppressions_response.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_suppression import SecurityMonitoringSuppression + + +class SecurityMonitoringSuppressionsResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_suppression import SecurityMonitoringSuppression + + return { + "data": ([SecurityMonitoringSuppression],), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: Union[List[SecurityMonitoringSuppression], UnsetType] = unset, **kwargs): + """ + Response object containing the available suppression rules. + + :param data: A list of suppressions objects. + :type data: [SecurityMonitoringSuppression], optional + """ + if data is not unset: + kwargs["data"] = data + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_user.py b/src/datadog_api_client/v2/model/security_monitoring_user.py new file mode 100644 index 0000000000..4b5209578d --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_user.py @@ -0,0 +1,46 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + none_type, + unset, + UnsetType, +) + + +class SecurityMonitoringUser(ModelNormal): + @cached_property + def openapi_types(_): + return { + "handle": (str,), + "name": (str, none_type), + } + + attribute_map = { + "handle": "handle", + "name": "name", + } + + def __init__( + self_, handle: Union[str, UnsetType] = unset, name: Union[str, none_type, UnsetType] = unset, **kwargs + ): + """ + A user. + + :param handle: The handle of the user. + :type handle: str, optional + + :param name: The name of the user. + :type name: str, none_type, optional + """ + if handle is not unset: + kwargs["handle"] = handle + if name is not unset: + kwargs["name"] = name + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 71a53a5ac2..404b42ae75 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -1233,12 +1233,38 @@ from datadog_api_client.v2.model.security_monitoring_standard_rule_response import ( SecurityMonitoringStandardRuleResponse, ) +from datadog_api_client.v2.model.security_monitoring_suppression import SecurityMonitoringSuppression +from datadog_api_client.v2.model.security_monitoring_suppression_attributes import ( + SecurityMonitoringSuppressionAttributes, +) +from datadog_api_client.v2.model.security_monitoring_suppression_create_attributes import ( + SecurityMonitoringSuppressionCreateAttributes, +) +from datadog_api_client.v2.model.security_monitoring_suppression_create_data import ( + SecurityMonitoringSuppressionCreateData, +) +from datadog_api_client.v2.model.security_monitoring_suppression_create_request import ( + SecurityMonitoringSuppressionCreateRequest, +) +from datadog_api_client.v2.model.security_monitoring_suppression_response import SecurityMonitoringSuppressionResponse +from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType +from datadog_api_client.v2.model.security_monitoring_suppression_update_attributes import ( + SecurityMonitoringSuppressionUpdateAttributes, +) +from datadog_api_client.v2.model.security_monitoring_suppression_update_data import ( + SecurityMonitoringSuppressionUpdateData, +) +from datadog_api_client.v2.model.security_monitoring_suppression_update_request import ( + SecurityMonitoringSuppressionUpdateRequest, +) +from datadog_api_client.v2.model.security_monitoring_suppressions_response import SecurityMonitoringSuppressionsResponse from datadog_api_client.v2.model.security_monitoring_third_party_root_query import SecurityMonitoringThirdPartyRootQuery from datadog_api_client.v2.model.security_monitoring_third_party_rule_case import SecurityMonitoringThirdPartyRuleCase from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, ) from datadog_api_client.v2.model.security_monitoring_triage_user import SecurityMonitoringTriageUser +from datadog_api_client.v2.model.security_monitoring_user import SecurityMonitoringUser from datadog_api_client.v2.model.sensitive_data_scanner_config_request import SensitiveDataScannerConfigRequest from datadog_api_client.v2.model.sensitive_data_scanner_configuration import SensitiveDataScannerConfiguration from datadog_api_client.v2.model.sensitive_data_scanner_configuration_data import SensitiveDataScannerConfigurationData @@ -2620,10 +2646,22 @@ "SecurityMonitoringStandardRuleCreatePayload", "SecurityMonitoringStandardRuleQuery", "SecurityMonitoringStandardRuleResponse", + "SecurityMonitoringSuppression", + "SecurityMonitoringSuppressionAttributes", + "SecurityMonitoringSuppressionCreateAttributes", + "SecurityMonitoringSuppressionCreateData", + "SecurityMonitoringSuppressionCreateRequest", + "SecurityMonitoringSuppressionResponse", + "SecurityMonitoringSuppressionType", + "SecurityMonitoringSuppressionUpdateAttributes", + "SecurityMonitoringSuppressionUpdateData", + "SecurityMonitoringSuppressionUpdateRequest", + "SecurityMonitoringSuppressionsResponse", "SecurityMonitoringThirdPartyRootQuery", "SecurityMonitoringThirdPartyRuleCase", "SecurityMonitoringThirdPartyRuleCaseCreate", "SecurityMonitoringTriageUser", + "SecurityMonitoringUser", "SensitiveDataScannerConfigRequest", "SensitiveDataScannerConfiguration", "SensitiveDataScannerConfigurationData", diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_suppression_rule_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_create_a_suppression_rule_returns_ok_response.frozen new file mode 100644 index 0000000000..cc25655a1b --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_create_a_suppression_rule_returns_ok_response.frozen @@ -0,0 +1 @@ +2024-01-11T10:06:23.179Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_suppression_rule_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_create_a_suppression_rule_returns_ok_response.yaml new file mode 100644 index 0000000000..d91a72f48c --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_create_a_suppression_rule_returns_ok_response.yaml @@ -0,0 +1,42 @@ +interactions: +- request: + body: '{"data":{"attributes":{"description":"This rule suppresses low-severity + signals in staging environments.","enabled":true,"expiration_date":1703187336000,"name":"Test-Create_a_suppression_rule_returns_OK_response-1704967583","rule_query":"type:log_detection + source:cloudtrail","suppression_query":"env:staging status:low"},"type":"suppressions"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions + response: + body: + string: '{"data":{"id":"5sx-nhj-htc","attributes":{"name":"Test-Create_a_suppression_rule_returns_OK_response-1704967583","enabled":true,"description":"This + rule suppresses low-severity signals in staging environments.","rule_query":"type:log_detection + source:cloudtrail","suppression_query":"env:staging status:low","expiration_date":1703187336000,"version":1,"creation_date":1704967583506,"update_date":1704967583506,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + + ' + headers: + content-type: + - application/json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/5sx-nhj-htc + response: + body: + string: '' + headers: + content-type: + - text/html; charset=utf-8 + status: + code: 204 + message: No Content +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_delete_a_suppression_rule_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_delete_a_suppression_rule_returns_ok_response.frozen new file mode 100644 index 0000000000..b989f5be0b --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_delete_a_suppression_rule_returns_ok_response.frozen @@ -0,0 +1 @@ +2024-01-11T10:06:25.411Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_delete_a_suppression_rule_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_delete_a_suppression_rule_returns_ok_response.yaml new file mode 100644 index 0000000000..5f468e8b4b --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_delete_a_suppression_rule_returns_ok_response.yaml @@ -0,0 +1,56 @@ +interactions: +- request: + body: '{"data":{"attributes":{"description":"Test-Delete_a_suppression_rule_returns_OK_response-1704967585","enabled":true,"name":"Test-Delete_a_suppression_rule_returns_OK_response-1704967585","rule_query":"source:cloudtrail","suppression_query":"env:test"},"type":"suppressions"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions + response: + body: + string: '{"data":{"id":"kpz-5gs-wn9","attributes":{"name":"Test-Delete_a_suppression_rule_returns_OK_response-1704967585","enabled":true,"description":"Test-Delete_a_suppression_rule_returns_OK_response-1704967585","rule_query":"source:cloudtrail","suppression_query":"env:test","version":1,"creation_date":1704967585721,"update_date":1704967585721,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + + ' + headers: + content-type: + - application/json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/kpz-5gs-wn9 + response: + body: + string: '' + headers: + content-type: + - text/html; charset=utf-8 + status: + code: 204 + message: No Content +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/kpz-5gs-wn9 + response: + body: + string: '{"errors":["not_found(Suppression with ID kpz-5gs-wn9 not found)"]} + + ' + headers: + content-type: + - application/json + status: + code: 404 + message: Not Found +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_not_found_response.frozen new file mode 100644 index 0000000000..5ef607bf2e --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_not_found_response.frozen @@ -0,0 +1 @@ +2024-01-11T10:06:31.565Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_not_found_response.yaml new file mode 100644 index 0000000000..5dffa26107 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_not_found_response.yaml @@ -0,0 +1,20 @@ +interactions: +- request: + body: null + headers: + accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/this-does-not-exist + response: + body: + string: '{"errors":["Not found"]} + + ' + headers: + content-type: + - application/json + status: + code: 404 + message: Not Found +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_ok_response.frozen new file mode 100644 index 0000000000..513c488651 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_ok_response.frozen @@ -0,0 +1 @@ +2024-01-11T10:06:31.876Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_ok_response.yaml new file mode 100644 index 0000000000..e3e71fc907 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_a_suppression_rule_returns_ok_response.yaml @@ -0,0 +1,56 @@ +interactions: +- request: + body: '{"data":{"attributes":{"description":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","enabled":true,"name":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","rule_query":"source:cloudtrail","suppression_query":"env:test"},"type":"suppressions"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions + response: + body: + string: '{"data":{"id":"vac-d9u-mmr","attributes":{"name":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","enabled":true,"description":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","rule_query":"source:cloudtrail","suppression_query":"env:test","version":1,"creation_date":1704967592204,"update_date":1704967592204,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + + ' + headers: + content-type: + - application/json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/vac-d9u-mmr + response: + body: + string: '{"data":{"id":"vac-d9u-mmr","attributes":{"name":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","enabled":true,"description":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","rule_query":"source:cloudtrail","suppression_query":"env:test","version":1,"creation_date":1704967592204,"update_date":1704967592204,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + + ' + headers: + content-type: + - application/json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/vac-d9u-mmr + response: + body: + string: '' + headers: + content-type: + - text/html; charset=utf-8 + status: + code: 204 + message: No Content +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_update_a_suppression_rule_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_update_a_suppression_rule_returns_ok_response.frozen new file mode 100644 index 0000000000..1fae5f63e7 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_update_a_suppression_rule_returns_ok_response.frozen @@ -0,0 +1 @@ +2024-01-11T10:06:37.000Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_update_a_suppression_rule_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_update_a_suppression_rule_returns_ok_response.yaml new file mode 100644 index 0000000000..805f7695af --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_update_a_suppression_rule_returns_ok_response.yaml @@ -0,0 +1,59 @@ +interactions: +- request: + body: '{"data":{"attributes":{"description":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","enabled":true,"name":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","rule_query":"source:cloudtrail","suppression_query":"env:test"},"type":"suppressions"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions + response: + body: + string: '{"data":{"id":"xhe-kbx-qym","attributes":{"name":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","enabled":true,"description":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","rule_query":"source:cloudtrail","suppression_query":"env:test","version":1,"creation_date":1704967597310,"update_date":1704967597310,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + + ' + headers: + content-type: + - application/json + status: + code: 200 + message: OK +- request: + body: '{"data":{"attributes":{"suppression_query":"env:staging status:low"},"type":"suppressions"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: PATCH + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/xhe-kbx-qym + response: + body: + string: '{"data":{"id":"xhe-kbx-qym","attributes":{"name":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","enabled":true,"description":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","rule_query":"source:cloudtrail","suppression_query":"env:staging + status:low","version":2,"creation_date":1704967597310,"update_date":1704967597660,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + + ' + headers: + content-type: + - application/json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/xhe-kbx-qym + response: + body: + string: '' + headers: + content-type: + - text/html; charset=utf-8 + status: + code: 204 + message: No Content +version: 1 diff --git a/tests/v2/features/given.json b/tests/v2/features/given.json index 19f0c37eec..5baa4e0192 100644 --- a/tests/v2/features/given.json +++ b/tests/v2/features/given.json @@ -422,6 +422,18 @@ "tag": "Security Monitoring", "operationId": "CreateSecurityFilter" }, + { + "parameters": [ + { + "name": "body", + "value": "{\n \"data\": {\n \"type\": \"suppressions\",\n \"attributes\": {\n \"enabled\": true,\n \"name\": \"{{ unique }}\",\n \"description\": \"{{ unique }}\",\n \"rule_query\": \"source:cloudtrail\",\n \"suppression_query\": \"env:test\"\n }\n }\n}" + } + ], + "step": "there is a valid \"suppression\" in the system", + "key": "suppression", + "tag": "Security Monitoring", + "operationId": "CreateSecurityMonitoringSuppression" + }, { "parameters": [ { diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index 2ed8263d9d..73b1741d31 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -155,6 +155,30 @@ Feature: Security Monitoring And the response "data.attributes.exclusion_filters[0].name" is equal to "Exclude staging" And the response "data.attributes.exclusion_filters[0].query" is equal to "source:staging" + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Create a suppression rule returns "Bad Request" response + Given new "CreateSecurityMonitoringSuppression" request + And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Create a suppression rule returns "Conflict" response + Given new "CreateSecurityMonitoringSuppression" request + And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + When the request is sent + Then the response status is 409 Conflict + + @team:DataDog/k9-cloud-security-platform + Scenario: Create a suppression rule returns "OK" response + Given new "CreateSecurityMonitoringSuppression" request + And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "{{ unique }}", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + When the request is sent + Then the response status is 200 OK + And the response "data.type" is equal to "suppressions" + And the response "data.attributes.enabled" is equal to true + And the response "data.attributes.rule_query" is equal to "type:log_detection source:cloudtrail" + @skip @team:DataDog/k9-cloud-security-platform Scenario: Delete a non existing rule returns "Not Found" response Given new "DeleteSecurityMonitoringRule" request @@ -184,6 +208,21 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 OK + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Delete a suppression rule returns "Not Found" response + Given new "DeleteSecurityMonitoringSuppression" request + And request contains "suppression_id" parameter with value "does-not-exist" + When the request is sent + Then the response status is 404 Not Found + + @team:DataDog/k9-cloud-security-platform + Scenario: Delete a suppression rule returns "OK" response + Given there is a valid "suppression" in the system + And new "DeleteSecurityMonitoringSuppression" request + And request contains "suppression_id" parameter from "suppression.data.id" + When the request is sent + Then the response status is 204 OK + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing rule returns "Not Found" response Given new "DeleteSecurityMonitoringRule" request @@ -327,6 +366,23 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/k9-cloud-security-platform + Scenario: Get a suppression rule returns "Not Found" response + Given new "GetSecurityMonitoringSuppression" request + And request contains "suppression_id" parameter with value "this-does-not-exist" + When the request is sent + Then the response status is 404 Not Found + + @team:DataDog/k9-cloud-security-platform + Scenario: Get a suppression rule returns "OK" response + Given new "GetSecurityMonitoringSuppression" request + And there is a valid "suppression" in the system + And request contains "suppression_id" parameter from "suppression.data.id" + When the request is sent + Then the response status is 200 OK + And the response "data.attributes.rule_query" has the same value as "suppression.data.attributes.rule_query" + And the response "data.attributes.suppression_query" is equal to "env:test" + @team:DataDog/k9-cloud-security-platform Scenario: Get all security filters returns "OK" response Given new "ListSecurityFilters" request @@ -335,6 +391,12 @@ Feature: Security Monitoring And the response "data" has item with field "attributes.filtered_data_type" with value "logs" And the response "data" has item with field "attributes.is_builtin" with value true + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get all suppression rules returns "OK" response + Given new "ListSecurityMonitoringSuppressions" request + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/cloud-security-posture-management Scenario: List findings returns "Bad Request: The server cannot process the request due to invalid syntax in the request." response Given operation "ListFindings" enabled @@ -479,6 +541,42 @@ Feature: Security Monitoring And the response "data.attributes.filtered_data_type" is equal to "logs" And the response "data.attributes.name" is equal to "{{ unique }}" + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Update a suppression rule returns "Bad Request" response + Given new "UpdateSecurityMonitoringSuppression" request + And request contains "suppression_id" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Update a suppression rule returns "Concurrent Modification" response + Given new "UpdateSecurityMonitoringSuppression" request + And request contains "suppression_id" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + When the request is sent + Then the response status is 409 Concurrent Modification + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Update a suppression rule returns "Not Found" response + Given new "UpdateSecurityMonitoringSuppression" request + And request contains "suppression_id" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + When the request is sent + Then the response status is 404 Not Found + + @team:DataDog/k9-cloud-security-platform + Scenario: Update a suppression rule returns "OK" response + Given new "UpdateSecurityMonitoringSuppression" request + And there is a valid "suppression" in the system + And request contains "suppression_id" parameter from "suppression.data.id" + And body with value {"data": {"attributes": {"suppression_query": "env:staging status:low"}, "type": "suppressions"}} + When the request is sent + Then the response status is 200 OK + And the response "data.type" is equal to "suppressions" + And the response "data.attributes.suppression_query" is equal to "env:staging status:low" + And the response "data.attributes.version" is equal to 2 + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Update an existing rule returns "Bad Request" response Given new "UpdateSecurityMonitoringRule" request diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index d4ee6f5c89..ecf9568a33 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -1493,6 +1493,43 @@ "type": "idempotent" } }, + "ListSecurityMonitoringSuppressions": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "CreateSecurityMonitoringSuppression": { + "tag": "Security Monitoring", + "undo": { + "operationId": "DeleteSecurityMonitoringSuppression", + "parameters": [ + { + "name": "suppression_id", + "source": "data.id" + } + ], + "type": "unsafe" + } + }, + "DeleteSecurityMonitoringSuppression": { + "tag": "Security Monitoring", + "undo": { + "type": "idempotent" + } + }, + "GetSecurityMonitoringSuppression": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "UpdateSecurityMonitoringSuppression": { + "tag": "Security Monitoring", + "undo": { + "type": "idempotent" + } + }, "ListSecurityMonitoringRules": { "tag": "Security Monitoring", "undo": {