diff --git a/.apigentools-info b/.apigentools-info index 6c64a362b444..1cf0db324db8 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2024-04-09 18:06:05.043770", - "spec_repo_commit": "fc718bc2" + "regenerated": "2024-04-10 15:00:59.509061", + "spec_repo_commit": "7e61ac0f" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2024-04-09 18:06:05.061038", - "spec_repo_commit": "fc718bc2" + "regenerated": "2024-04-10 15:00:59.527080", + "spec_repo_commit": "7e61ac0f" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 9010c45c0c0b..90e25751f7f0 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -18282,6 +18282,13 @@ components: type: integer creator: $ref: '#/components/schemas/SecurityMonitoringUser' + data_exclusion_query: + description: An exclusion query on the input data of the security rules, + which could be logs, Agent events, or other types of data based on the + security rule. Events matching this query are ignored by any detection + rules referenced in the suppression rule. + example: source:cloudtrail account_id:12345 + type: string description: description: A description for the suppression rule. example: This rule suppresses low-severity signals in staging environments. @@ -18330,6 +18337,13 @@ components: description: Object containing the attributes of the suppression rule to be created. properties: + data_exclusion_query: + description: An exclusion query on the input data of the security rules, + which could be logs, Agent events, or other types of data based on the + security rule. Events matching this query are ignored by any detection + rules referenced in the suppression rule. + example: source:cloudtrail account_id:12345 + type: string description: description: A description for the suppression rule. example: This rule suppresses low-severity signals in staging environments. @@ -18355,15 +18369,14 @@ components: type: string suppression_query: description: The suppression query of the suppression rule. If a signal - matches this query, it is suppressed and is not triggered . Same syntax - as the queries to search signals in the signal explorer. + matches this query, it is suppressed and is not triggered. It uses the + same syntax as the queries to search signals in the Signals Explorer. example: env:staging status:low type: string required: - name - enabled - rule_query - - suppression_query type: object SecurityMonitoringSuppressionCreateData: description: Object for a single suppression rule. @@ -18407,6 +18420,13 @@ components: SecurityMonitoringSuppressionUpdateAttributes: description: The suppression rule properties to be updated. properties: + data_exclusion_query: + description: An exclusion query on the input data of the security rules, + which could be logs, Agent events, or other types of data based on the + security rule. Events matching this query are ignored by any detection + rules referenced in the suppression rule. + example: source:cloudtrail account_id:12345 + type: string description: description: A description for the suppression rule. example: This rule suppresses low-severity signals in staging environments. diff --git a/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-returns-OK-response.frozen index cc25655a1b40..311c12c34371 100644 --- a/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-returns-OK-response.frozen @@ -1 +1 @@ -2024-01-11T10:06:23.179Z \ No newline at end of file +2024-04-08T09:56:58.589Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-returns-OK-response.yml index 69164832c42b..617ab5d384fc 100644 --- a/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-returns-OK-response.yml @@ -1,10 +1,10 @@ http_interactions: -- recorded_at: Thu, 11 Jan 2024 10:06:23 GMT +- recorded_at: Mon, 08 Apr 2024 09:56:58 GMT request: body: encoding: UTF-8 string: '{"data":{"attributes":{"description":"This rule suppresses low-severity - signals in staging environments.","enabled":true,"expiration_date":1703187336000,"name":"Test-Create_a_suppression_rule_returns_OK_response-1704967583","rule_query":"type:log_detection + signals in staging environments.","enabled":true,"expiration_date":1703187336000,"name":"Test-Create_a_suppression_rule_returns_OK_response-1712570218","rule_query":"type:log_detection source:cloudtrail","suppression_query":"env:staging status:low"},"type":"suppressions"}}' headers: Accept: @@ -16,9 +16,9 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"data":{"id":"5sx-nhj-htc","attributes":{"name":"Test-Create_a_suppression_rule_returns_OK_response-1704967583","enabled":true,"description":"This + string: '{"data":{"id":"mu8-qje-pys","attributes":{"name":"Test-Create_a_suppression_rule_returns_OK_response-1712570218","enabled":true,"description":"This rule suppresses low-severity signals in staging environments.","rule_query":"type:log_detection - source:cloudtrail","suppression_query":"env:staging status:low","expiration_date":1703187336000,"version":1,"creation_date":1704967583506,"update_date":1704967583506,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + source:cloudtrail","suppression_query":"env:staging status:low","log_exclusion_query":"","data_exclusion_query":"","expiration_date":1703187336000,"version":1,"creation_date":1712570219298,"update_date":1712570219298,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} ' headers: @@ -27,14 +27,14 @@ http_interactions: status: code: 200 message: OK -- recorded_at: Thu, 11 Jan 2024 10:06:23 GMT +- recorded_at: Mon, 08 Apr 2024 09:56:58 GMT request: body: null headers: Accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/5sx-nhj-htc + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/mu8-qje-pys response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-with-an-exclusion-query-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-with-an-exclusion-query-returns-OK-response.frozen new file mode 100644 index 000000000000..42e62d263a98 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-with-an-exclusion-query-returns-OK-response.frozen @@ -0,0 +1 @@ +2024-04-08T09:57:01.815Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-with-an-exclusion-query-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-with-an-exclusion-query-returns-OK-response.yml new file mode 100644 index 000000000000..86d456c79252 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-a-suppression-rule-with-an-exclusion-query-returns-OK-response.yml @@ -0,0 +1,48 @@ +http_interactions: +- recorded_at: Mon, 08 Apr 2024 09:57:01 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"data_exclusion_query":"account_id:12345","description":"This + rule suppresses low-severity signals in staging environments.","enabled":true,"expiration_date":1703187336000,"name":"Test-Create_a_suppression_rule_with_an_exclusion_query_returns_OK_response-1712570221","rule_query":"type:log_detection + source:cloudtrail"},"type":"suppressions"}}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions + response: + body: + encoding: UTF-8 + string: '{"data":{"id":"2dj-cxs-dg6","attributes":{"name":"Test-Create_a_suppression_rule_with_an_exclusion_query_returns_OK_response-1712570221","enabled":true,"description":"This + rule suppresses low-severity signals in staging environments.","rule_query":"type:log_detection + source:cloudtrail","suppression_query":"","log_exclusion_query":"account_id:12345","data_exclusion_query":"account_id:12345","expiration_date":1703187336000,"version":1,"creation_date":1712570222285,"update_date":1712570222285,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + + ' + headers: + Content-Type: + - application/json + status: + code: 200 + message: OK +- recorded_at: Mon, 08 Apr 2024 09:57:01 GMT + request: + body: null + headers: + Accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/2dj-cxs-dg6 + response: + body: + encoding: UTF-8 + string: '' + headers: + Content-Type: + - text/html; charset=utf-8 + status: + code: 204 + message: No Content +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/Get-a-suppression-rule-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Get-a-suppression-rule-returns-OK-response.frozen index 513c48865103..7409a388df9b 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-suppression-rule-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Get-a-suppression-rule-returns-OK-response.frozen @@ -1 +1 @@ -2024-01-11T10:06:31.876Z \ No newline at end of file +2024-04-08T09:57:31.186Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-a-suppression-rule-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Get-a-suppression-rule-returns-OK-response.yml index 4181bc6c2fa2..51d31c69b686 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-suppression-rule-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Get-a-suppression-rule-returns-OK-response.yml @@ -1,9 +1,9 @@ http_interactions: -- recorded_at: Thu, 11 Jan 2024 10:06:31 GMT +- recorded_at: Mon, 08 Apr 2024 09:57:31 GMT request: body: encoding: UTF-8 - string: '{"data":{"attributes":{"description":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","enabled":true,"name":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","rule_query":"source:cloudtrail","suppression_query":"env:test"},"type":"suppressions"}}' + string: '{"data":{"attributes":{"description":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","enabled":true,"name":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","rule_query":"source:cloudtrail","suppression_query":"env:test"},"type":"suppressions"}}' headers: Accept: - application/json @@ -14,7 +14,7 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"data":{"id":"vac-d9u-mmr","attributes":{"name":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","enabled":true,"description":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","rule_query":"source:cloudtrail","suppression_query":"env:test","version":1,"creation_date":1704967592204,"update_date":1704967592204,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + string: '{"data":{"id":"zrh-zwa-bgu","attributes":{"name":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","enabled":true,"description":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","rule_query":"source:cloudtrail","suppression_query":"env:test","log_exclusion_query":"","data_exclusion_query":"","version":1,"creation_date":1712570252683,"update_date":1712570252683,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} ' headers: @@ -23,18 +23,18 @@ http_interactions: status: code: 200 message: OK -- recorded_at: Thu, 11 Jan 2024 10:06:31 GMT +- recorded_at: Mon, 08 Apr 2024 09:57:31 GMT request: body: null headers: Accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/vac-d9u-mmr + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/zrh-zwa-bgu response: body: encoding: UTF-8 - string: '{"data":{"id":"vac-d9u-mmr","attributes":{"name":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","enabled":true,"description":"Test-Get_a_suppression_rule_returns_OK_response-1704967591","rule_query":"source:cloudtrail","suppression_query":"env:test","version":1,"creation_date":1704967592204,"update_date":1704967592204,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + string: '{"data":{"id":"zrh-zwa-bgu","attributes":{"name":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","enabled":true,"description":"Test-Get_a_suppression_rule_returns_OK_response-1712570251","rule_query":"source:cloudtrail","suppression_query":"env:test","log_exclusion_query":"","data_exclusion_query":"","version":1,"creation_date":1712570252683,"update_date":1712570252683,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} ' headers: @@ -43,14 +43,14 @@ http_interactions: status: code: 200 message: OK -- recorded_at: Thu, 11 Jan 2024 10:06:31 GMT +- recorded_at: Mon, 08 Apr 2024 09:57:31 GMT request: body: null headers: Accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/vac-d9u-mmr + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/zrh-zwa-bgu response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Update-a-suppression-rule-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Update-a-suppression-rule-returns-OK-response.frozen index 1fae5f63e7c6..8af9e82dae25 100644 --- a/cassettes/features/v2/security_monitoring/Update-a-suppression-rule-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Update-a-suppression-rule-returns-OK-response.frozen @@ -1 +1 @@ -2024-01-11T10:06:37.000Z \ No newline at end of file +2024-04-08T09:57:43.431Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Update-a-suppression-rule-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Update-a-suppression-rule-returns-OK-response.yml index 219fc2f5ccce..ed4f2503153a 100644 --- a/cassettes/features/v2/security_monitoring/Update-a-suppression-rule-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Update-a-suppression-rule-returns-OK-response.yml @@ -1,9 +1,9 @@ http_interactions: -- recorded_at: Thu, 11 Jan 2024 10:06:37 GMT +- recorded_at: Mon, 08 Apr 2024 09:57:43 GMT request: body: encoding: UTF-8 - string: '{"data":{"attributes":{"description":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","enabled":true,"name":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","rule_query":"source:cloudtrail","suppression_query":"env:test"},"type":"suppressions"}}' + string: '{"data":{"attributes":{"description":"Test-Update_a_suppression_rule_returns_OK_response-1712570263","enabled":true,"name":"Test-Update_a_suppression_rule_returns_OK_response-1712570263","rule_query":"source:cloudtrail","suppression_query":"env:test"},"type":"suppressions"}}' headers: Accept: - application/json @@ -14,7 +14,7 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"data":{"id":"xhe-kbx-qym","attributes":{"name":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","enabled":true,"description":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","rule_query":"source:cloudtrail","suppression_query":"env:test","version":1,"creation_date":1704967597310,"update_date":1704967597310,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + string: '{"data":{"id":"h4v-y6f-ycg","attributes":{"name":"Test-Update_a_suppression_rule_returns_OK_response-1712570263","enabled":true,"description":"Test-Update_a_suppression_rule_returns_OK_response-1712570263","rule_query":"source:cloudtrail","suppression_query":"env:test","log_exclusion_query":"","data_exclusion_query":"","version":1,"creation_date":1712570264756,"update_date":1712570264756,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} ' headers: @@ -23,7 +23,7 @@ http_interactions: status: code: 200 message: OK -- recorded_at: Thu, 11 Jan 2024 10:06:37 GMT +- recorded_at: Mon, 08 Apr 2024 09:57:43 GMT request: body: encoding: UTF-8 @@ -34,12 +34,12 @@ http_interactions: Content-Type: - application/json method: PATCH - uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/xhe-kbx-qym + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/h4v-y6f-ycg response: body: encoding: UTF-8 - string: '{"data":{"id":"xhe-kbx-qym","attributes":{"name":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","enabled":true,"description":"Test-Update_a_suppression_rule_returns_OK_response-1704967597","rule_query":"source:cloudtrail","suppression_query":"env:staging - status:low","version":2,"creation_date":1704967597310,"update_date":1704967597660,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} + string: '{"data":{"id":"h4v-y6f-ycg","attributes":{"name":"Test-Update_a_suppression_rule_returns_OK_response-1712570263","enabled":true,"description":"Test-Update_a_suppression_rule_returns_OK_response-1712570263","rule_query":"source:cloudtrail","suppression_query":"env:staging + status:low","log_exclusion_query":"","data_exclusion_query":"","version":2,"creation_date":1712570264756,"update_date":1712570265486,"creator":{"name":null,"handle":"frog@datadoghq.com"},"updater":{"name":null,"handle":"frog@datadoghq.com"}},"type":"suppressions"}} ' headers: @@ -48,14 +48,14 @@ http_interactions: status: code: 200 message: OK -- recorded_at: Thu, 11 Jan 2024 10:06:37 GMT +- recorded_at: Mon, 08 Apr 2024 09:57:43 GMT request: body: null headers: Accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/xhe-kbx-qym + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/h4v-y6f-ycg response: body: encoding: UTF-8 diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringSuppression_3192265332.rb b/examples/v2/security-monitoring/CreateSecurityMonitoringSuppression_3192265332.rb new file mode 100644 index 000000000000..1a056dc6208b --- /dev/null +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringSuppression_3192265332.rb @@ -0,0 +1,19 @@ +# Create a suppression rule with an exclusion query returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({ + data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({ + attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({ + description: "This rule suppresses low-severity signals in staging environments.", + enabled: true, + expiration_date: 1703187336000, + name: "Example-Security-Monitoring", + rule_query: "type:log_detection source:cloudtrail", + data_exclusion_query: "account_id:12345", + }), + type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS, + }), +}) +p api_instance.create_security_monitoring_suppression(body) diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index b505f2a4fcb4..ba592532d600 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -160,18 +160,18 @@ Feature: Security Monitoring @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Create a suppression rule returns "Bad Request" response Given new "CreateSecurityMonitoringSuppression" request - And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} When the request is sent Then the response status is 400 Bad Request @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Create a suppression rule returns "Conflict" response Given new "CreateSecurityMonitoringSuppression" request - And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} When the request is sent Then the response status is 409 Conflict - @team:DataDog/k9-cloud-security-platform + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Create a suppression rule returns "OK" response Given new "CreateSecurityMonitoringSuppression" request And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "{{ unique }}", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} @@ -181,6 +181,17 @@ Feature: Security Monitoring And the response "data.attributes.enabled" is equal to true And the response "data.attributes.rule_query" is equal to "type:log_detection source:cloudtrail" + @skip-validation @team:DataDog/k9-cloud-security-platform + Scenario: Create a suppression rule with an exclusion query returns "OK" response + Given new "CreateSecurityMonitoringSuppression" request + And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "{{ unique }}", "rule_query": "type:log_detection source:cloudtrail", "data_exclusion_query": "account_id:12345"}, "type": "suppressions"}} + When the request is sent + Then the response status is 200 OK + And the response "data.type" is equal to "suppressions" + And the response "data.attributes.enabled" is equal to true + And the response "data.attributes.rule_query" is equal to "type:log_detection source:cloudtrail" + And the response "data.attributes.data_exclusion_query" is equal to "account_id:12345" + @skip @team:DataDog/k9-cloud-security-platform Scenario: Delete a non existing rule returns "Not Found" response Given new "DeleteSecurityMonitoringRule" request @@ -188,7 +199,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-security-platform + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Delete a security filter returns "No Content" response Given there is a valid "security_filter" in the system And new "DeleteSecurityFilter" request @@ -217,7 +228,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-security-platform + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Delete a suppression rule returns "OK" response Given there is a valid "suppression" in the system And new "DeleteSecurityMonitoringSuppression" request @@ -368,14 +379,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @team:DataDog/k9-cloud-security-platform + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Get a suppression rule returns "Not Found" response Given new "GetSecurityMonitoringSuppression" request And request contains "suppression_id" parameter with value "this-does-not-exist" When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-security-platform + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Get a suppression rule returns "OK" response Given new "GetSecurityMonitoringSuppression" request And there is a valid "suppression" in the system @@ -547,7 +558,7 @@ Feature: Security Monitoring Scenario: Update a suppression rule returns "Bad Request" response Given new "UpdateSecurityMonitoringSuppression" request And request contains "suppression_id" parameter from "REPLACE.ME" - And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} When the request is sent Then the response status is 400 Bad Request @@ -555,7 +566,7 @@ Feature: Security Monitoring Scenario: Update a suppression rule returns "Concurrent Modification" response Given new "UpdateSecurityMonitoringSuppression" request And request contains "suppression_id" parameter from "REPLACE.ME" - And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} When the request is sent Then the response status is 409 Concurrent Modification @@ -563,11 +574,11 @@ Feature: Security Monitoring Scenario: Update a suppression rule returns "Not Found" response Given new "UpdateSecurityMonitoringSuppression" request And request contains "suppression_id" parameter from "REPLACE.ME" - And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-security-platform + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Update a suppression rule returns "OK" response Given new "UpdateSecurityMonitoringSuppression" request And there is a valid "suppression" in the system diff --git a/lib/datadog_api_client/v2/models/security_monitoring_suppression_attributes.rb b/lib/datadog_api_client/v2/models/security_monitoring_suppression_attributes.rb index 0ae1c5e92b4b..acbdde5db0cb 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_suppression_attributes.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_suppression_attributes.rb @@ -27,6 +27,9 @@ class SecurityMonitoringSuppressionAttributes # A user. attr_accessor :creator + # An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. + attr_accessor :data_exclusion_query + # A description for the suppression rule. attr_accessor :description @@ -60,6 +63,7 @@ def self.attribute_map { :'creation_date' => :'creation_date', :'creator' => :'creator', + :'data_exclusion_query' => :'data_exclusion_query', :'description' => :'description', :'enabled' => :'enabled', :'expiration_date' => :'expiration_date', @@ -78,6 +82,7 @@ def self.openapi_types { :'creation_date' => :'Integer', :'creator' => :'SecurityMonitoringUser', + :'data_exclusion_query' => :'String', :'description' => :'String', :'enabled' => :'Boolean', :'expiration_date' => :'Integer', @@ -114,6 +119,10 @@ def initialize(attributes = {}) self.creator = attributes[:'creator'] end + if attributes.key?(:'data_exclusion_query') + self.data_exclusion_query = attributes[:'data_exclusion_query'] + end + if attributes.key?(:'description') self.description = attributes[:'description'] end @@ -177,6 +186,7 @@ def ==(o) self.class == o.class && creation_date == o.creation_date && creator == o.creator && + data_exclusion_query == o.data_exclusion_query && description == o.description && enabled == o.enabled && expiration_date == o.expiration_date && @@ -192,7 +202,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [creation_date, creator, description, enabled, expiration_date, name, rule_query, suppression_query, update_date, updater, version].hash + [creation_date, creator, data_exclusion_query, description, enabled, expiration_date, name, rule_query, suppression_query, update_date, updater, version].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_suppression_create_attributes.rb b/lib/datadog_api_client/v2/models/security_monitoring_suppression_create_attributes.rb index 9c468e79f27b..37b5846cd5fd 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_suppression_create_attributes.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_suppression_create_attributes.rb @@ -21,6 +21,9 @@ module DatadogAPIClient::V2 class SecurityMonitoringSuppressionCreateAttributes include BaseGenericModel + # An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. + attr_accessor :data_exclusion_query + # A description for the suppression rule. attr_accessor :description @@ -36,13 +39,14 @@ class SecurityMonitoringSuppressionCreateAttributes # The rule query of the suppression rule, with the same syntax as the search bar for detection rules. attr_reader :rule_query - # The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered . Same syntax as the queries to search signals in the signal explorer. - attr_reader :suppression_query + # The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer. + attr_accessor :suppression_query # Attribute mapping from ruby-style variable name to JSON key. # @!visibility private def self.attribute_map { + :'data_exclusion_query' => :'data_exclusion_query', :'description' => :'description', :'enabled' => :'enabled', :'expiration_date' => :'expiration_date', @@ -56,6 +60,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'data_exclusion_query' => :'String', :'description' => :'String', :'enabled' => :'Boolean', :'expiration_date' => :'Integer', @@ -81,6 +86,10 @@ def initialize(attributes = {}) h[k.to_sym] = v } + if attributes.key?(:'data_exclusion_query') + self.data_exclusion_query = attributes[:'data_exclusion_query'] + end + if attributes.key?(:'description') self.description = attributes[:'description'] end @@ -113,7 +122,6 @@ def valid? return false if @enabled.nil? return false if @name.nil? return false if @rule_query.nil? - return false if @suppression_query.nil? true end @@ -147,22 +155,13 @@ def rule_query=(rule_query) @rule_query = rule_query end - # Custom attribute writer method with validation - # @param suppression_query [Object] Object to be assigned - # @!visibility private - def suppression_query=(suppression_query) - if suppression_query.nil? - fail ArgumentError, 'invalid value for "suppression_query", suppression_query cannot be nil.' - end - @suppression_query = suppression_query - end - # Checks equality by comparing each attribute. # @param o [Object] Object to be compared # @!visibility private def ==(o) return true if self.equal?(o) self.class == o.class && + data_exclusion_query == o.data_exclusion_query && description == o.description && enabled == o.enabled && expiration_date == o.expiration_date && @@ -175,7 +174,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [description, enabled, expiration_date, name, rule_query, suppression_query].hash + [data_exclusion_query, description, enabled, expiration_date, name, rule_query, suppression_query].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_suppression_update_attributes.rb b/lib/datadog_api_client/v2/models/security_monitoring_suppression_update_attributes.rb index a51a7f5b76ff..b0941cf0dd77 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_suppression_update_attributes.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_suppression_update_attributes.rb @@ -21,6 +21,9 @@ module DatadogAPIClient::V2 class SecurityMonitoringSuppressionUpdateAttributes include BaseGenericModel + # An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule. + attr_accessor :data_exclusion_query + # A description for the suppression rule. attr_accessor :description @@ -46,6 +49,7 @@ class SecurityMonitoringSuppressionUpdateAttributes # @!visibility private def self.attribute_map { + :'data_exclusion_query' => :'data_exclusion_query', :'description' => :'description', :'enabled' => :'enabled', :'expiration_date' => :'expiration_date', @@ -60,6 +64,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'data_exclusion_query' => :'String', :'description' => :'String', :'enabled' => :'Boolean', :'expiration_date' => :'Integer', @@ -94,6 +99,10 @@ def initialize(attributes = {}) h[k.to_sym] = v } + if attributes.key?(:'data_exclusion_query') + self.data_exclusion_query = attributes[:'data_exclusion_query'] + end + if attributes.key?(:'description') self.description = attributes[:'description'] end @@ -147,6 +156,7 @@ def version=(version) def ==(o) return true if self.equal?(o) self.class == o.class && + data_exclusion_query == o.data_exclusion_query && description == o.description && enabled == o.enabled && expiration_date == o.expiration_date && @@ -160,7 +170,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [description, enabled, expiration_date, name, rule_query, suppression_query, version].hash + [data_exclusion_query, description, enabled, expiration_date, name, rule_query, suppression_query, version].hash end end end