Security Monitoring Suppression - Add data_exclusion_query field

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-04-09 18:06:05.043770",
-            "spec_repo_commit": "fc718bc2"
+            "regenerated": "2024-04-10 15:00:59.509061",
+            "spec_repo_commit": "7e61ac0f"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-04-09 18:06:05.061038",
-            "spec_repo_commit": "fc718bc2"
+            "regenerated": "2024-04-10 15:00:59.527080",
+            "spec_repo_commit": "7e61ac0f"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -18282,6 +18282,13 @@ components:
           type: integer
         creator:
           $ref: '#/components/schemas/SecurityMonitoringUser'
+        data_exclusion_query:
+          description: An exclusion query on the input data of the security rules,
+            which could be logs, Agent events, or other types of data based on the
+            security rule. Events matching this query are ignored by any detection
+            rules referenced in the suppression rule.
+          example: source:cloudtrail account_id:12345
+          type: string
         description:
           description: A description for the suppression rule.
           example: This rule suppresses low-severity signals in staging environments.
@@ -18330,6 +18337,13 @@ components:
       description: Object containing the attributes of the suppression rule to be
         created.
       properties:
+        data_exclusion_query:
+          description: An exclusion query on the input data of the security rules,
+            which could be logs, Agent events, or other types of data based on the
+            security rule. Events matching this query are ignored by any detection
+            rules referenced in the suppression rule.
+          example: source:cloudtrail account_id:12345
+          type: string
         description:
           description: A description for the suppression rule.
           example: This rule suppresses low-severity signals in staging environments.
@@ -18355,15 +18369,14 @@ components:
           type: string
         suppression_query:
           description: The suppression query of the suppression rule. If a signal
-            matches this query, it is suppressed and is not triggered . Same syntax
-            as the queries to search signals in the signal explorer.
+            matches this query, it is suppressed and is not triggered. It uses the
+            same syntax as the queries to search signals in the Signals Explorer.
           example: env:staging status:low
           type: string
       required:
       - name
       - enabled
       - rule_query
-      - suppression_query
       type: object
     SecurityMonitoringSuppressionCreateData:
       description: Object for a single suppression rule.
@@ -18407,6 +18420,13 @@ components:
     SecurityMonitoringSuppressionUpdateAttributes:
       description: The suppression rule properties to be updated.
       properties:
+        data_exclusion_query:
+          description: An exclusion query on the input data of the security rules,
+            which could be logs, Agent events, or other types of data based on the
+            security rule. Events matching this query are ignored by any detection
+            rules referenced in the suppression rule.
+          example: source:cloudtrail account_id:12345
+          type: string
         description:
           description: A description for the suppression rule.
           example: This rule suppresses low-severity signals in staging environments.

cassettes/features/v2/security_monitoring/Create-a-suppression-rule-returns-OK-response.frozen

@@ -1 +1 @@
-2024-01-11T10:06:23.179Z
+2024-04-08T09:56:58.589Z

cassettes/features/v2/security_monitoring/Create-a-suppression-rule-with-an-exclusion-query-returns-OK-response.frozen

@@ -0,0 +1 @@
+2024-04-08T09:57:01.815Z

cassettes/features/v2/security_monitoring/Get-a-suppression-rule-returns-OK-response.frozen

@@ -1 +1 @@
-2024-01-11T10:06:31.876Z
+2024-04-08T09:57:31.186Z

cassettes/features/v2/security_monitoring/Update-a-suppression-rule-returns-OK-response.frozen

@@ -1 +1 @@
-2024-01-11T10:06:37.000Z
+2024-04-08T09:57:43.431Z

examples/v2/security-monitoring/CreateSecurityMonitoringSuppression_3192265332.rb

@@ -0,0 +1,19 @@
+# Create a suppression rule with an exclusion query returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateRequest.new({
+  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateData.new({
+    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionCreateAttributes.new({
+      description: "This rule suppresses low-severity signals in staging environments.",
+      enabled: true,
+      expiration_date: 1703187336000,
+      name: "Example-Security-Monitoring",
+      rule_query: "type:log_detection source:cloudtrail",
+      data_exclusion_query: "account_id:12345",
+    }),
+    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
+  }),
+})
+p api_instance.create_security_monitoring_suppression(body)