diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index d1ea8725c6..961406c151 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -43891,6 +43891,14 @@ components: for scheduled rules - in other words, when the `schedulingOptions` field is present in the rule payload.' type: string + indexes: + description: List of indexes to query when the `dataSource` is `logs`. Only + used for scheduled rules, such as when the `schedulingOptions` field is + present in the rule payload. + items: + description: Index. + type: string + type: array metric: deprecated: true description: '(Deprecated) The target field to aggregate over when using diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.py b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.py index 1d39510a01..7ca8901066 100644 --- a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.py +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.py @@ -32,7 +32,9 @@ aggregation=SecurityMonitoringRuleQueryAggregation.COUNT, group_by_fields=[], distinct_fields=[], - index="main", + indexes=[ + "main", + ], ), ], filters=[], diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_query.py b/src/datadog_api_client/v2/model/security_monitoring_rule_query.py index 1322145c77..1135b57d7f 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_rule_query.py +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_query.py @@ -37,6 +37,9 @@ def __init__(self, **kwargs): The index to run the query on, if the `dataSource` is `logs`. Only used for scheduled rules - in other words, when the `schedulingOptions` field is present in the rule payload. :type index: str, optional + :param indexes: List of indexes to query when the `dataSource` is `logs`. Only used for scheduled rules, such as when the `schedulingOptions` field is present in the rule payload. + :type indexes: [str], optional + :param metric: (Deprecated) The target field to aggregate over when using the sum or max aggregations. `metrics` field should be used instead. :type metric: str, optional diff --git a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_query.py b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_query.py index edb2e14c4f..300ddbdbcd 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_query.py +++ b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_query.py @@ -40,6 +40,7 @@ def openapi_types(_): "group_by_fields": ([str],), "has_optional_group_by_fields": (bool,), "index": (str,), + "indexes": ([str],), "metric": (str,), "metrics": ([str],), "name": (str,), @@ -54,6 +55,7 @@ def openapi_types(_): "group_by_fields": "groupByFields", "has_optional_group_by_fields": "hasOptionalGroupByFields", "index": "index", + "indexes": "indexes", "metric": "metric", "metrics": "metrics", "name": "name", @@ -69,6 +71,7 @@ def __init__( group_by_fields: Union[List[str], UnsetType] = unset, has_optional_group_by_fields: Union[bool, UnsetType] = unset, index: Union[str, UnsetType] = unset, + indexes: Union[List[str], UnsetType] = unset, metric: Union[str, UnsetType] = unset, metrics: Union[List[str], UnsetType] = unset, name: Union[str, UnsetType] = unset, @@ -100,6 +103,9 @@ def __init__( The index to run the query on, if the ``dataSource`` is ``logs``. Only used for scheduled rules - in other words, when the ``schedulingOptions`` field is present in the rule payload. :type index: str, optional + :param indexes: List of indexes to query when the ``dataSource`` is ``logs``. Only used for scheduled rules, such as when the ``schedulingOptions`` field is present in the rule payload. + :type indexes: [str], optional + :param metric: (Deprecated) The target field to aggregate over when using the sum or max aggregations. ``metrics`` field should be used instead. **Deprecated**. :type metric: str, optional @@ -127,6 +133,8 @@ def __init__( kwargs["has_optional_group_by_fields"] = has_optional_group_by_fields if index is not unset: kwargs["index"] = index + if indexes is not unset: + kwargs["indexes"] = indexes if metric is not unset: kwargs["metric"] = metric if metrics is not unset: diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_detection_rule_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_detection_rule_returns_ok_response.frozen index 5c8f2a4f08..b67dbf545e 100644 --- a/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_detection_rule_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_detection_rule_returns_ok_response.frozen @@ -1 +1 @@ -2025-07-31T07:48:27.113Z \ No newline at end of file +2025-10-13T21:11:45.641Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_detection_rule_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_detection_rule_returns_ok_response.yaml index 06476082ec..60b75a0bc6 100644 --- a/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_detection_rule_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_detection_rule_returns_ok_response.yaml @@ -1,7 +1,7 @@ interactions: - request: body: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test - rule","name":"Test-Create_a_scheduled_detection_rule_returns_OK_response-1753948107","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"index":"main","query":"@test:true"}],"schedulingOptions":{"rrule":"FREQ=HOURLY;INTERVAL=2;","start":"2025-06-18T12:00:00","timezone":"Europe/Paris"},"tags":[],"type":"log_detection"}' + rule","name":"Test-Create_a_scheduled_detection_rule_returns_OK_response-1760389905","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"indexes":["main"],"query":"@test:true"}],"schedulingOptions":{"rrule":"FREQ=HOURLY;INTERVAL=2;","start":"2025-06-18T12:00:00","timezone":"Europe/Paris"},"tags":[],"type":"log_detection"}' headers: accept: - application/json @@ -11,8 +11,8 @@ interactions: uri: https://api.datadoghq.com/api/v2/security_monitoring/rules response: body: - string: '{"name":"Test-Create_a_scheduled_detection_rule_returns_OK_response-1753948107","createdAt":1753948107557,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs","index":"main"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a - \u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"8dd-els-oyn","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"updater":{"handle":"","name":""},"schedulingOptions":{"rrule":"FREQ=HOURLY;INTERVAL=2;","start":"2025-06-18T12:00:00","timezone":"Europe/Paris"}}' + string: '{"name":"Test-Create_a_scheduled_detection_rule_returns_OK_response-1760389905","createdAt":1760389906051,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs","index":"main","indexes":["main"]}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + \u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"vgs-rrg-orf","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"updater":{"handle":"","name":""},"schedulingOptions":{"rrule":"FREQ=HOURLY;INTERVAL=2;","start":"2025-06-18T12:00:00","timezone":"Europe/Paris"}}' headers: content-type: - application/json @@ -25,7 +25,7 @@ interactions: accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/8dd-els-oyn + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/vgs-rrg-orf response: body: string: '' diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_rule_without_rrule_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_rule_without_rrule_returns_bad_request_response.frozen index 74170d6acd..f95a999888 100644 --- a/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_rule_without_rrule_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_rule_without_rrule_returns_bad_request_response.frozen @@ -1 +1 @@ -2025-07-31T07:49:14.474Z \ No newline at end of file +2025-10-13T21:12:46.212Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_rule_without_rrule_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_rule_without_rrule_returns_bad_request_response.yaml index c72d5bf4df..6611f746bf 100644 --- a/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_rule_without_rrule_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_create_a_scheduled_rule_without_rrule_returns_bad_request_response.yaml @@ -1,7 +1,7 @@ interactions: - request: body: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test - rule","name":"Test-Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response-1753948154","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"index":"main","query":"@test:true"}],"schedulingOptions":{"start":"2025-06-18T12:00:00","timezone":"Europe/Paris"},"tags":[],"type":"log_detection"}' + rule","name":"Test-Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response-1760389966","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"indexes":["main"],"query":"@test:true"}],"schedulingOptions":{"start":"2025-06-18T12:00:00","timezone":"Europe/Paris"},"tags":[],"type":"log_detection"}' headers: accept: - application/json diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index 77aa1d738c..c83348e689 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -308,7 +308,7 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Create a scheduled detection rule returns "OK" response Given new "CreateSecurityMonitoringRule" request - And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"indexes":["main"]}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} When the request is sent Then the response status is 200 OK And the response "name" is equal to "{{ unique }}" @@ -319,7 +319,7 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Create a scheduled rule without rrule returns "Bad Request" response Given new "CreateSecurityMonitoringRule" request - And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"indexes":["main"]}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} When the request is sent Then the response status is 400 Bad Request