diff --git a/.generated-info b/.generated-info index 6654229eca74..138174260d18 100644 --- a/.generated-info +++ b/.generated-info @@ -1,4 +1,4 @@ { - "spec_repo_commit": "c5cca50", - "generated": "2025-08-07 18:03:13.305" + "spec_repo_commit": "d02c8a3", + "generated": "2025-08-08 12:07:05.112" } diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index a0599c01eb05..4f155402b7ec 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -36336,6 +36336,12 @@ components: SecurityMonitoringRuleUpdatePayload: description: Update an existing rule. properties: + calculatedFields: + description: Calculated fields. Only allowed for scheduled rules - in other + words, when schedulingOptions is also defined. + items: + $ref: '#/components/schemas/CalculatedField' + type: array cases: description: Cases for generating signals. items: @@ -36392,6 +36398,8 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array + schedulingOptions: + $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions' tags: description: Tags for generated signals. items: @@ -36418,6 +36426,27 @@ components: - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload' - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload' - $ref: '#/components/schemas/CloudConfigurationRulePayload' + SecurityMonitoringSchedulingOptions: + description: Options for scheduled rules. When this field is present, the rule + runs based on the schedule. When absent, it runs real-time on ingested logs. + nullable: true + properties: + rrule: + description: Schedule for the rule queries, written in RRULE syntax. See + [RFC](https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html) + for syntax reference. + example: FREQ=HOURLY;INTERVAL=1; + type: string + start: + description: Start date for the schedule, in ISO 8601 format without timezone. + example: '2025-07-14T12:00:00' + type: string + timezone: + description: Time zone of the start date, in the [tz database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) + format. + example: America/New_York + type: string + type: object SecurityMonitoringSignal: description: Object description of a security signal. properties: @@ -37096,6 +37125,12 @@ components: SecurityMonitoringStandardRuleCreatePayload: description: Create a new rule. properties: + calculatedFields: + description: Calculated fields. Only allowed for scheduled rules - in other + words, when schedulingOptions is also defined. + items: + $ref: '#/components/schemas/CalculatedField' + type: array cases: description: Cases for generating signals. example: [] @@ -37148,6 +37183,8 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array + schedulingOptions: + $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions' tags: description: Tags for generated signals. example: @@ -37177,6 +37214,12 @@ components: SecurityMonitoringStandardRulePayload: description: The payload of a rule. properties: + calculatedFields: + description: Calculated fields. Only allowed for scheduled rules - in other + words, when schedulingOptions is also defined. + items: + $ref: '#/components/schemas/CalculatedField' + type: array cases: description: Cases for generating signals. example: [] @@ -37237,6 +37280,8 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array + schedulingOptions: + $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions' tags: description: Tags for generated signals. example: @@ -37293,6 +37338,14 @@ components: example: false readOnly: true type: boolean + index: + description: '**This field is currently unstable and might be removed in + a minor version upgrade.** + + The index to run the query on, if the `dataSource` is `logs`. Only used + for scheduled rules - in other words, when the `schedulingOptions` field + is present in the rule payload.' + type: string metric: deprecated: true description: '(Deprecated) The target field to aggregate over when using @@ -37320,6 +37373,12 @@ components: SecurityMonitoringStandardRuleResponse: description: Rule. properties: + calculatedFields: + description: Calculated fields. Only allowed for scheduled rules - in other + words, when schedulingOptions is also defined. + items: + $ref: '#/components/schemas/CalculatedField' + type: array cases: description: Cases for generating signals. items: @@ -37405,6 +37464,8 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array + schedulingOptions: + $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions' tags: description: Tags for generated signals. items: @@ -37436,6 +37497,12 @@ components: SecurityMonitoringStandardRuleTestPayload: description: The payload of a rule to test properties: + calculatedFields: + description: Calculated fields. Only allowed for scheduled rules - in other + words, when schedulingOptions is also defined. + items: + $ref: '#/components/schemas/CalculatedField' + type: array cases: description: Cases for generating signals. example: [] @@ -37488,6 +37555,8 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array + schedulingOptions: + $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions' tags: description: Tags for generated signals. example: diff --git a/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.frozen new file mode 100644 index 000000000000..5c8f2a4f087f --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.frozen @@ -0,0 +1 @@ +2025-07-31T07:48:27.113Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.yml new file mode 100644 index 000000000000..5b9e527383c3 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.yml @@ -0,0 +1,42 @@ +http_interactions: +- recorded_at: Thu, 31 Jul 2025 07:48:27 GMT + request: + body: + encoding: UTF-8 + string: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test + rule","name":"Test-Create_a_scheduled_detection_rule_returns_OK_response-1753948107","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"index":"main","query":"@test:true"}],"schedulingOptions":{"rrule":"FREQ=HOURLY;INTERVAL=2;","start":"2025-06-18T12:00:00","timezone":"Europe/Paris"},"tags":[],"type":"log_detection"}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules + response: + body: + encoding: UTF-8 + string: '{"name":"Test-Create_a_scheduled_detection_rule_returns_OK_response-1753948107","createdAt":1753948107557,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs","index":"main"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + \u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"8dd-els-oyn","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"updater":{"handle":"","name":""},"schedulingOptions":{"rrule":"FREQ=HOURLY;INTERVAL=2;","start":"2025-06-18T12:00:00","timezone":"Europe/Paris"}}' + headers: + Content-Type: + - application/json + status: + code: 200 + message: OK +- recorded_at: Thu, 31 Jul 2025 07:48:27 GMT + request: + body: null + headers: + Accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/8dd-els-oyn + response: + body: + encoding: UTF-8 + string: '' + headers: {} + status: + code: 204 + message: No Content +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.frozen new file mode 100644 index 000000000000..74170d6acd0b --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.frozen @@ -0,0 +1 @@ +2025-07-31T07:49:14.474Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.yml new file mode 100644 index 000000000000..591bd5667e60 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.yml @@ -0,0 +1,26 @@ +http_interactions: +- recorded_at: Thu, 31 Jul 2025 07:49:14 GMT + request: + body: + encoding: UTF-8 + string: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test + rule","name":"Test-Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response-1753948154","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"index":"main","query":"@test:true"}],"schedulingOptions":{"start":"2025-06-18T12:00:00","timezone":"Europe/Paris"},"tags":[],"type":"log_detection"}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules + response: + body: + encoding: UTF-8 + string: '{"error":{"code":"InvalidArgument","message":"Invalid rule configuration","details":[{"code":"InvalidArgument","message":"The + RRULE schedule is invalid for scheduled rules","target":"schedulingOptions.rrule"}]}}' + headers: + Content-Type: + - application/json + status: + code: 400 + message: Bad Request +recorded_with: VCR 6.0.0 diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.rb b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.rb new file mode 100644 index 000000000000..1463482610d1 --- /dev/null +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.rb @@ -0,0 +1,41 @@ +# Create a scheduled detection rule returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +body = DatadogAPIClient::V2::SecurityMonitoringStandardRuleCreatePayload.new({ + name: "Example-Security-Monitoring", + queries: [ + DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({ + query: "@test:true", + aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT, + group_by_fields: [], + distinct_fields: [], + index: "main", + }), + ], + filters: [], + cases: [ + DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({ + name: "", + status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO, + condition: "a > 0", + notifications: [], + }), + ], + options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({ + evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES, + keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR, + max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY, + }), + message: "Test rule", + tags: [], + is_enabled: true, + type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::LOG_DETECTION, + scheduling_options: DatadogAPIClient::V2::SecurityMonitoringSchedulingOptions.new({ + rrule: "FREQ=HOURLY;INTERVAL=2;", + start: "2025-06-18T12:00:00", + timezone: "Europe/Paris", + }), +}) +p api_instance.create_security_monitoring_rule(body) diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 28df5a064461..3acea8148db2 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -295,6 +295,24 @@ Feature: Security Monitoring When the request is sent Then the response status is 201 Successfully created the notification rule. + @team:DataDog/k9-cloud-security-platform + Scenario: Create a scheduled detection rule returns "OK" response + Given new "CreateSecurityMonitoringRule" request + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} + When the request is sent + Then the response status is 200 OK + And the response "name" is equal to "{{ unique }}" + And the response "type" is equal to "log_detection" + And the response "message" is equal to "Test rule" + And the response "schedulingOptions" is equal to {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"} + + @team:DataDog/k9-cloud-security-platform + Scenario: Create a scheduled rule without rrule returns "Bad Request" response + Given new "CreateSecurityMonitoringRule" request + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} + When the request is sent + Then the response status is 400 Bad Request + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Create a security filter returns "Bad Request" response Given new "CreateSecurityFilter" request diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb index 478952c5558b..7ce705bbb7ee 100644 --- a/lib/datadog_api_client/inflector.rb +++ b/lib/datadog_api_client/inflector.rb @@ -3243,6 +3243,7 @@ def overrides "v2.security_monitoring_rule_type_test" => "SecurityMonitoringRuleTypeTest", "v2.security_monitoring_rule_update_payload" => "SecurityMonitoringRuleUpdatePayload", "v2.security_monitoring_rule_validate_payload" => "SecurityMonitoringRuleValidatePayload", + "v2.security_monitoring_scheduling_options" => "SecurityMonitoringSchedulingOptions", "v2.security_monitoring_signal" => "SecurityMonitoringSignal", "v2.security_monitoring_signal_archive_reason" => "SecurityMonitoringSignalArchiveReason", "v2.security_monitoring_signal_assignee_update_attributes" => "SecurityMonitoringSignalAssigneeUpdateAttributes", diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb index 65705f1a2178..ba995c2f8e7e 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_update_payload.rb @@ -21,6 +21,9 @@ module DatadogAPIClient::V2 class SecurityMonitoringRuleUpdatePayload include BaseGenericModel + # Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined. + attr_accessor :calculated_fields + # Cases for generating signals. attr_accessor :cases @@ -60,6 +63,9 @@ class SecurityMonitoringRuleUpdatePayload # Reference tables for the rule. attr_accessor :reference_tables + # Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs. + attr_accessor :scheduling_options + # Tags for generated signals. attr_accessor :tags @@ -75,6 +81,7 @@ class SecurityMonitoringRuleUpdatePayload # @!visibility private def self.attribute_map { + :'calculated_fields' => :'calculatedFields', :'cases' => :'cases', :'compliance_signal_options' => :'complianceSignalOptions', :'custom_message' => :'customMessage', @@ -88,6 +95,7 @@ def self.attribute_map :'options' => :'options', :'queries' => :'queries', :'reference_tables' => :'referenceTables', + :'scheduling_options' => :'schedulingOptions', :'tags' => :'tags', :'third_party_cases' => :'thirdPartyCases', :'version' => :'version' @@ -98,6 +106,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'calculated_fields' => :'Array', :'cases' => :'Array', :'compliance_signal_options' => :'CloudConfigurationRuleComplianceSignalOptions', :'custom_message' => :'String', @@ -111,12 +120,21 @@ def self.openapi_types :'options' => :'SecurityMonitoringRuleOptions', :'queries' => :'Array', :'reference_tables' => :'Array', + :'scheduling_options' => :'SecurityMonitoringSchedulingOptions', :'tags' => :'Array', :'third_party_cases' => :'Array', :'version' => :'Integer' } end + # List of attributes with nullable: true + # @!visibility private + def self.openapi_nullable + Set.new([ + :'scheduling_options', + ]) + end + # Initializes the object # @param attributes [Hash] Model attributes in the form of hash # @!visibility private @@ -135,6 +153,12 @@ def initialize(attributes = {}) end } + if attributes.key?(:'calculated_fields') + if (value = attributes[:'calculated_fields']).is_a?(Array) + self.calculated_fields = value + end + end + if attributes.key?(:'cases') if (value = attributes[:'cases']).is_a?(Array) self.cases = value @@ -197,6 +221,10 @@ def initialize(attributes = {}) end end + if attributes.key?(:'scheduling_options') + self.scheduling_options = attributes[:'scheduling_options'] + end + if attributes.key?(:'tags') if (value = attributes[:'tags']).is_a?(Array) self.tags = value @@ -258,6 +286,7 @@ def to_hash def ==(o) return true if self.equal?(o) self.class == o.class && + calculated_fields == o.calculated_fields && cases == o.cases && compliance_signal_options == o.compliance_signal_options && custom_message == o.custom_message && @@ -271,6 +300,7 @@ def ==(o) options == o.options && queries == o.queries && reference_tables == o.reference_tables && + scheduling_options == o.scheduling_options && tags == o.tags && third_party_cases == o.third_party_cases && version == o.version && @@ -281,7 +311,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, compliance_signal_options, custom_message, custom_name, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, version, additional_properties].hash + [calculated_fields, cases, compliance_signal_options, custom_message, custom_name, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, scheduling_options, tags, third_party_cases, version, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_scheduling_options.rb b/lib/datadog_api_client/v2/models/security_monitoring_scheduling_options.rb new file mode 100644 index 000000000000..3a0e293c875e --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_monitoring_scheduling_options.rb @@ -0,0 +1,125 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs. + class SecurityMonitoringSchedulingOptions + include BaseGenericModel + + # Schedule for the rule queries, written in RRULE syntax. See [RFC](https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html) for syntax reference. + attr_accessor :rrule + + # Start date for the schedule, in ISO 8601 format without timezone. + attr_accessor :start + + # Time zone of the start date, in the [tz database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) format. + attr_accessor :timezone + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'rrule' => :'rrule', + :'start' => :'start', + :'timezone' => :'timezone' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'rrule' => :'String', + :'start' => :'String', + :'timezone' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityMonitoringSchedulingOptions` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'rrule') + self.rrule = attributes[:'rrule'] + end + + if attributes.key?(:'start') + self.start = attributes[:'start'] + end + + if attributes.key?(:'timezone') + self.timezone = attributes[:'timezone'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + rrule == o.rrule && + start == o.start && + timezone == o.timezone && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [rrule, start, timezone, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb index 4eed6ac5979c..33d66ebee7c8 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb @@ -21,6 +21,9 @@ module DatadogAPIClient::V2 class SecurityMonitoringStandardRuleCreatePayload include BaseGenericModel + # Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined. + attr_accessor :calculated_fields + # Cases for generating signals. attr_reader :cases @@ -51,6 +54,9 @@ class SecurityMonitoringStandardRuleCreatePayload # Reference tables for the rule. attr_accessor :reference_tables + # Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs. + attr_accessor :scheduling_options + # Tags for generated signals. attr_accessor :tags @@ -66,6 +72,7 @@ class SecurityMonitoringStandardRuleCreatePayload # @!visibility private def self.attribute_map { + :'calculated_fields' => :'calculatedFields', :'cases' => :'cases', :'filters' => :'filters', :'group_signals_by' => :'groupSignalsBy', @@ -76,6 +83,7 @@ def self.attribute_map :'options' => :'options', :'queries' => :'queries', :'reference_tables' => :'referenceTables', + :'scheduling_options' => :'schedulingOptions', :'tags' => :'tags', :'third_party_cases' => :'thirdPartyCases', :'type' => :'type' @@ -86,6 +94,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'calculated_fields' => :'Array', :'cases' => :'Array', :'filters' => :'Array', :'group_signals_by' => :'Array', @@ -96,12 +105,21 @@ def self.openapi_types :'options' => :'SecurityMonitoringRuleOptions', :'queries' => :'Array', :'reference_tables' => :'Array', + :'scheduling_options' => :'SecurityMonitoringSchedulingOptions', :'tags' => :'Array', :'third_party_cases' => :'Array', :'type' => :'SecurityMonitoringRuleTypeCreate' } end + # List of attributes with nullable: true + # @!visibility private + def self.openapi_nullable + Set.new([ + :'scheduling_options', + ]) + end + # Initializes the object # @param attributes [Hash] Model attributes in the form of hash # @!visibility private @@ -120,6 +138,12 @@ def initialize(attributes = {}) end } + if attributes.key?(:'calculated_fields') + if (value = attributes[:'calculated_fields']).is_a?(Array) + self.calculated_fields = value + end + end + if attributes.key?(:'cases') if (value = attributes[:'cases']).is_a?(Array) self.cases = value @@ -170,6 +194,10 @@ def initialize(attributes = {}) end end + if attributes.key?(:'scheduling_options') + self.scheduling_options = attributes[:'scheduling_options'] + end + if attributes.key?(:'tags') if (value = attributes[:'tags']).is_a?(Array) self.tags = value @@ -286,6 +314,7 @@ def to_hash def ==(o) return true if self.equal?(o) self.class == o.class && + calculated_fields == o.calculated_fields && cases == o.cases && filters == o.filters && group_signals_by == o.group_signals_by && @@ -296,6 +325,7 @@ def ==(o) options == o.options && queries == o.queries && reference_tables == o.reference_tables && + scheduling_options == o.scheduling_options && tags == o.tags && third_party_cases == o.third_party_cases && type == o.type && @@ -306,7 +336,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, additional_properties].hash + [calculated_fields, cases, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, scheduling_options, tags, third_party_cases, type, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb index ac6df93d5dcc..a8611fb6b237 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_payload.rb @@ -21,6 +21,9 @@ module DatadogAPIClient::V2 class SecurityMonitoringStandardRulePayload include BaseGenericModel + # Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined. + attr_accessor :calculated_fields + # Cases for generating signals. attr_reader :cases @@ -57,6 +60,9 @@ class SecurityMonitoringStandardRulePayload # Reference tables for the rule. attr_accessor :reference_tables + # Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs. + attr_accessor :scheduling_options + # Tags for generated signals. attr_accessor :tags @@ -72,6 +78,7 @@ class SecurityMonitoringStandardRulePayload # @!visibility private def self.attribute_map { + :'calculated_fields' => :'calculatedFields', :'cases' => :'cases', :'custom_message' => :'customMessage', :'custom_name' => :'customName', @@ -84,6 +91,7 @@ def self.attribute_map :'options' => :'options', :'queries' => :'queries', :'reference_tables' => :'referenceTables', + :'scheduling_options' => :'schedulingOptions', :'tags' => :'tags', :'third_party_cases' => :'thirdPartyCases', :'type' => :'type' @@ -94,6 +102,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'calculated_fields' => :'Array', :'cases' => :'Array', :'custom_message' => :'String', :'custom_name' => :'String', @@ -106,12 +115,21 @@ def self.openapi_types :'options' => :'SecurityMonitoringRuleOptions', :'queries' => :'Array', :'reference_tables' => :'Array', + :'scheduling_options' => :'SecurityMonitoringSchedulingOptions', :'tags' => :'Array', :'third_party_cases' => :'Array', :'type' => :'SecurityMonitoringRuleTypeCreate' } end + # List of attributes with nullable: true + # @!visibility private + def self.openapi_nullable + Set.new([ + :'scheduling_options', + ]) + end + # Initializes the object # @param attributes [Hash] Model attributes in the form of hash # @!visibility private @@ -130,6 +148,12 @@ def initialize(attributes = {}) end } + if attributes.key?(:'calculated_fields') + if (value = attributes[:'calculated_fields']).is_a?(Array) + self.calculated_fields = value + end + end + if attributes.key?(:'cases') if (value = attributes[:'cases']).is_a?(Array) self.cases = value @@ -188,6 +212,10 @@ def initialize(attributes = {}) end end + if attributes.key?(:'scheduling_options') + self.scheduling_options = attributes[:'scheduling_options'] + end + if attributes.key?(:'tags') if (value = attributes[:'tags']).is_a?(Array) self.tags = value @@ -304,6 +332,7 @@ def to_hash def ==(o) return true if self.equal?(o) self.class == o.class && + calculated_fields == o.calculated_fields && cases == o.cases && custom_message == o.custom_message && custom_name == o.custom_name && @@ -316,6 +345,7 @@ def ==(o) options == o.options && queries == o.queries && reference_tables == o.reference_tables && + scheduling_options == o.scheduling_options && tags == o.tags && third_party_cases == o.third_party_cases && type == o.type && @@ -326,7 +356,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, custom_message, custom_name, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, additional_properties].hash + [calculated_fields, cases, custom_message, custom_name, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, scheduling_options, tags, third_party_cases, type, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_query.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_query.rb index accfcb9a5260..aceb98c244a2 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_query.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_query.rb @@ -39,6 +39,10 @@ class SecurityMonitoringStandardRuleQuery # When false, events without a group-by value are ignored by the rule. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. attr_accessor :has_optional_group_by_fields + # **This field is currently unstable and might be removed in a minor version upgrade.** + # The index to run the query on, if the `dataSource` is `logs`. Only used for scheduled rules - in other words, when the `schedulingOptions` field is present in the rule payload. + attr_accessor :index + # (Deprecated) The target field to aggregate over when using the sum or max # aggregations. `metrics` field should be used instead. attr_accessor :metric @@ -64,6 +68,7 @@ def self.attribute_map :'distinct_fields' => :'distinctFields', :'group_by_fields' => :'groupByFields', :'has_optional_group_by_fields' => :'hasOptionalGroupByFields', + :'index' => :'index', :'metric' => :'metric', :'metrics' => :'metrics', :'name' => :'name', @@ -81,6 +86,7 @@ def self.openapi_types :'distinct_fields' => :'Array', :'group_by_fields' => :'Array', :'has_optional_group_by_fields' => :'Boolean', + :'index' => :'String', :'metric' => :'String', :'metrics' => :'Array', :'name' => :'String', @@ -134,6 +140,10 @@ def initialize(attributes = {}) self.has_optional_group_by_fields = attributes[:'has_optional_group_by_fields'] end + if attributes.key?(:'index') + self.index = attributes[:'index'] + end + if attributes.key?(:'metric') self.metric = attributes[:'metric'] end @@ -185,6 +195,7 @@ def ==(o) distinct_fields == o.distinct_fields && group_by_fields == o.group_by_fields && has_optional_group_by_fields == o.has_optional_group_by_fields && + index == o.index && metric == o.metric && metrics == o.metrics && name == o.name && @@ -196,7 +207,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [aggregation, custom_query_extension, data_source, distinct_fields, group_by_fields, has_optional_group_by_fields, metric, metrics, name, query, additional_properties].hash + [aggregation, custom_query_extension, data_source, distinct_fields, group_by_fields, has_optional_group_by_fields, index, metric, metrics, name, query, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb index e32cd144aaff..c5db1717aa1e 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_response.rb @@ -21,6 +21,9 @@ module DatadogAPIClient::V2 class SecurityMonitoringStandardRuleResponse include BaseGenericModel + # Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined. + attr_accessor :calculated_fields + # Cases for generating signals. attr_accessor :cases @@ -81,6 +84,9 @@ class SecurityMonitoringStandardRuleResponse # Reference tables for the rule. attr_accessor :reference_tables + # Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs. + attr_accessor :scheduling_options + # Tags for generated signals. attr_accessor :tags @@ -105,6 +111,7 @@ class SecurityMonitoringStandardRuleResponse # @!visibility private def self.attribute_map { + :'calculated_fields' => :'calculatedFields', :'cases' => :'cases', :'compliance_signal_options' => :'complianceSignalOptions', :'created_at' => :'createdAt', @@ -125,6 +132,7 @@ def self.attribute_map :'options' => :'options', :'queries' => :'queries', :'reference_tables' => :'referenceTables', + :'scheduling_options' => :'schedulingOptions', :'tags' => :'tags', :'third_party_cases' => :'thirdPartyCases', :'type' => :'type', @@ -138,6 +146,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'calculated_fields' => :'Array', :'cases' => :'Array', :'compliance_signal_options' => :'CloudConfigurationRuleComplianceSignalOptions', :'created_at' => :'Integer', @@ -158,6 +167,7 @@ def self.openapi_types :'options' => :'SecurityMonitoringRuleOptions', :'queries' => :'Array', :'reference_tables' => :'Array', + :'scheduling_options' => :'SecurityMonitoringSchedulingOptions', :'tags' => :'Array', :'third_party_cases' => :'Array', :'type' => :'SecurityMonitoringRuleTypeRead', @@ -167,6 +177,14 @@ def self.openapi_types } end + # List of attributes with nullable: true + # @!visibility private + def self.openapi_nullable + Set.new([ + :'scheduling_options', + ]) + end + # Initializes the object # @param attributes [Hash] Model attributes in the form of hash # @!visibility private @@ -185,6 +203,12 @@ def initialize(attributes = {}) end } + if attributes.key?(:'calculated_fields') + if (value = attributes[:'calculated_fields']).is_a?(Array) + self.calculated_fields = value + end + end + if attributes.key?(:'cases') if (value = attributes[:'cases']).is_a?(Array) self.cases = value @@ -277,6 +301,10 @@ def initialize(attributes = {}) end end + if attributes.key?(:'scheduling_options') + self.scheduling_options = attributes[:'scheduling_options'] + end + if attributes.key?(:'tags') if (value = attributes[:'tags']).is_a?(Array) self.tags = value @@ -332,6 +360,7 @@ def to_hash def ==(o) return true if self.equal?(o) self.class == o.class && + calculated_fields == o.calculated_fields && cases == o.cases && compliance_signal_options == o.compliance_signal_options && created_at == o.created_at && @@ -352,6 +381,7 @@ def ==(o) options == o.options && queries == o.queries && reference_tables == o.reference_tables && + scheduling_options == o.scheduling_options && tags == o.tags && third_party_cases == o.third_party_cases && type == o.type && @@ -365,7 +395,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, compliance_signal_options, created_at, creation_author_id, custom_message, custom_name, default_tags, deprecation_date, filters, group_signals_by, has_extended_title, id, is_default, is_deleted, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, update_author_id, updated_at, version, additional_properties].hash + [calculated_fields, cases, compliance_signal_options, created_at, creation_author_id, custom_message, custom_name, default_tags, deprecation_date, filters, group_signals_by, has_extended_title, id, is_default, is_deleted, is_enabled, message, name, options, queries, reference_tables, scheduling_options, tags, third_party_cases, type, update_author_id, updated_at, version, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb index 3dfafe0976c4..28a9dc6276f6 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_test_payload.rb @@ -21,6 +21,9 @@ module DatadogAPIClient::V2 class SecurityMonitoringStandardRuleTestPayload include BaseGenericModel + # Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined. + attr_accessor :calculated_fields + # Cases for generating signals. attr_reader :cases @@ -51,6 +54,9 @@ class SecurityMonitoringStandardRuleTestPayload # Reference tables for the rule. attr_accessor :reference_tables + # Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs. + attr_accessor :scheduling_options + # Tags for generated signals. attr_accessor :tags @@ -66,6 +72,7 @@ class SecurityMonitoringStandardRuleTestPayload # @!visibility private def self.attribute_map { + :'calculated_fields' => :'calculatedFields', :'cases' => :'cases', :'filters' => :'filters', :'group_signals_by' => :'groupSignalsBy', @@ -76,6 +83,7 @@ def self.attribute_map :'options' => :'options', :'queries' => :'queries', :'reference_tables' => :'referenceTables', + :'scheduling_options' => :'schedulingOptions', :'tags' => :'tags', :'third_party_cases' => :'thirdPartyCases', :'type' => :'type' @@ -86,6 +94,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'calculated_fields' => :'Array', :'cases' => :'Array', :'filters' => :'Array', :'group_signals_by' => :'Array', @@ -96,12 +105,21 @@ def self.openapi_types :'options' => :'SecurityMonitoringRuleOptions', :'queries' => :'Array', :'reference_tables' => :'Array', + :'scheduling_options' => :'SecurityMonitoringSchedulingOptions', :'tags' => :'Array', :'third_party_cases' => :'Array', :'type' => :'SecurityMonitoringRuleTypeTest' } end + # List of attributes with nullable: true + # @!visibility private + def self.openapi_nullable + Set.new([ + :'scheduling_options', + ]) + end + # Initializes the object # @param attributes [Hash] Model attributes in the form of hash # @!visibility private @@ -120,6 +138,12 @@ def initialize(attributes = {}) end } + if attributes.key?(:'calculated_fields') + if (value = attributes[:'calculated_fields']).is_a?(Array) + self.calculated_fields = value + end + end + if attributes.key?(:'cases') if (value = attributes[:'cases']).is_a?(Array) self.cases = value @@ -170,6 +194,10 @@ def initialize(attributes = {}) end end + if attributes.key?(:'scheduling_options') + self.scheduling_options = attributes[:'scheduling_options'] + end + if attributes.key?(:'tags') if (value = attributes[:'tags']).is_a?(Array) self.tags = value @@ -286,6 +314,7 @@ def to_hash def ==(o) return true if self.equal?(o) self.class == o.class && + calculated_fields == o.calculated_fields && cases == o.cases && filters == o.filters && group_signals_by == o.group_signals_by && @@ -296,6 +325,7 @@ def ==(o) options == o.options && queries == o.queries && reference_tables == o.reference_tables && + scheduling_options == o.scheduling_options && tags == o.tags && third_party_cases == o.third_party_cases && type == o.type && @@ -306,7 +336,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [cases, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, additional_properties].hash + [calculated_fields, cases, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, scheduling_options, tags, third_party_cases, type, additional_properties].hash end end end