DataDog · api-clients-generation-pipeline · Jan 18, 2022 · Jan 18, 2022
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.1",
-            "regenerated": "2022-01-18 11:51:58.575036",
-            "spec_repo_commit": "5808ab7"
+            "regenerated": "2022-01-18 13:39:04.398943",
+            "spec_repo_commit": "a6ad2ff"
         },
         "v2": {
             "apigentools_version": "1.6.1",
-            "regenerated": "2022-01-18 11:51:58.597917",
-            "spec_repo_commit": "5808ab7"
+            "regenerated": "2022-01-18 13:39:04.424643",
+            "spec_repo_commit": "a6ad2ff"
         }
     }
 }
@@ -4745,11 +4745,13 @@ components:
       - threshold
       - new_value
       - anomaly_detection
+      - third_party
       type: string
       x-enum-varnames:
       - THRESHOLD
       - NEW_VALUE
       - ANOMALY_DETECTION
+      - THIRD_PARTY
     SecurityMonitoringRuleEvaluationWindow:
       description: 'A time window is specified to match when at least one of the cases
         matches true. This is a sliding window
@@ -4889,6 +4891,8 @@ components:
           $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration'
         newValueOptions:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions'
+        thirdPartyRuleOptions:
+          $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions'
       type: object
     SecurityMonitoringRuleQuery:
       description: Query for matching rule.
@@ -4927,13 +4931,15 @@ components:
       - sum
       - max
       - new_value
+      - none
       type: string
       x-enum-varnames:
       - COUNT
       - CARDINALITY
       - SUM
       - MAX
       - NEW_VALUE
+      - NONE
     SecurityMonitoringRuleQueryCreate:
       description: Query for matching rule.
       properties:
@@ -5049,6 +5055,32 @@ components:
       - MEDIUM
       - HIGH
       - CRITICAL
+    SecurityMonitoringRuleThirdPartyOptions:
+      description: Options for third-party rules.
+      properties:
+        defaultNotifications:
+          description: Notification targets for the root query.
+          items:
+            description: Notification
+            type: string
+          type: array
+        defaultStatus:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
+        firstSeenOverride:
+          description: '(Optional): the name of an attribute to override the first
+            seen value of the third party signal.'
+          type: string
+        lastSeenOverride:
+          description: '(Optional): the name of an attribute to override the last
+            seen value of the third party signal.'
+          type: string
+        rootQuery:
+          description: Root query of the rule.
+          type: string
+        signalId:
+          description: Optional mapping of the third-party signal ID.
+          type: string
+      type: object
     SecurityMonitoringRuleTypeCreate:
       description: The rule type.
       enum:

@@ -0,0 +1 @@
+2022-01-18T13:36:07.397Z
@@ -448,6 +448,7 @@ All URIs are relative to *https://api.datadoghq.com*
 - [DatadogAPIClient::V2::SecurityMonitoringRuleQueryCreate](SecurityMonitoringRuleQueryCreate.md)
 - [DatadogAPIClient::V2::SecurityMonitoringRuleResponse](SecurityMonitoringRuleResponse.md)
 - [DatadogAPIClient::V2::SecurityMonitoringRuleSeverity](SecurityMonitoringRuleSeverity.md)
+- [DatadogAPIClient::V2::SecurityMonitoringRuleThirdPartyOptions](SecurityMonitoringRuleThirdPartyOptions.md)
 - [DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate](SecurityMonitoringRuleTypeCreate.md)
 - [DatadogAPIClient::V2::SecurityMonitoringRuleTypeRead](SecurityMonitoringRuleTypeRead.md)
 - [DatadogAPIClient::V2::SecurityMonitoringRuleUpdatePayload](SecurityMonitoringRuleUpdatePayload.md)

@@ -2,13 +2,14 @@
 
 ## Properties
 
-| Name                    | Type                                                                                      | Description | Notes      |
-| ----------------------- | ----------------------------------------------------------------------------------------- | ----------- | ---------- |
-| **detection_method**    | [**SecurityMonitoringRuleDetectionMethod**](SecurityMonitoringRuleDetectionMethod.md)     |             | [optional] |
-| **evaluation_window**   | [**SecurityMonitoringRuleEvaluationWindow**](SecurityMonitoringRuleEvaluationWindow.md)   |             | [optional] |
-| **keep_alive**          | [**SecurityMonitoringRuleKeepAlive**](SecurityMonitoringRuleKeepAlive.md)                 |             | [optional] |
-| **max_signal_duration** | [**SecurityMonitoringRuleMaxSignalDuration**](SecurityMonitoringRuleMaxSignalDuration.md) |             | [optional] |
-| **new_value_options**   | [**SecurityMonitoringRuleNewValueOptions**](SecurityMonitoringRuleNewValueOptions.md)     |             | [optional] |
+| Name                         | Type                                                                                      | Description | Notes      |
+| ---------------------------- | ----------------------------------------------------------------------------------------- | ----------- | ---------- |
+| **detection_method**         | [**SecurityMonitoringRuleDetectionMethod**](SecurityMonitoringRuleDetectionMethod.md)     |             | [optional] |
+| **evaluation_window**        | [**SecurityMonitoringRuleEvaluationWindow**](SecurityMonitoringRuleEvaluationWindow.md)   |             | [optional] |
+| **keep_alive**               | [**SecurityMonitoringRuleKeepAlive**](SecurityMonitoringRuleKeepAlive.md)                 |             | [optional] |
+| **max_signal_duration**      | [**SecurityMonitoringRuleMaxSignalDuration**](SecurityMonitoringRuleMaxSignalDuration.md) |             | [optional] |
+| **new_value_options**        | [**SecurityMonitoringRuleNewValueOptions**](SecurityMonitoringRuleNewValueOptions.md)     |             | [optional] |
+| **third_party_rule_options** | [**SecurityMonitoringRuleThirdPartyOptions**](SecurityMonitoringRuleThirdPartyOptions.md) |             | [optional] |
 
 ## Example
 
@@ -20,6 +21,7 @@ instance = DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new(
   evaluation_window: null,
   keep_alive: null,
   max_signal_duration: null,
-  new_value_options: null
+  new_value_options: null,
+  third_party_rule_options: null
 )
 ```
@@ -0,0 +1,27 @@
+# DatadogAPIClient::V2::SecurityMonitoringRuleThirdPartyOptions
+
+## Properties
+
+| Name                      | Type                                                                    | Description                                                                                      | Notes      |
+| ------------------------- | ----------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | ---------- |
+| **default_notifications** | **Array&lt;String&gt;**                                                 | Notification targets for the root query.                                                         | [optional] |
+| **default_status**        | [**SecurityMonitoringRuleSeverity**](SecurityMonitoringRuleSeverity.md) |                                                                                                  | [optional] |
+| **first_seen_override**   | **String**                                                              | (Optional): the name of an attribute to override the first seen value of the third party signal. | [optional] |
+| **last_seen_override**    | **String**                                                              | (Optional): the name of an attribute to override the last seen value of the third party signal.  | [optional] |
+| **root_query**            | **String**                                                              | Root query of the rule.                                                                          | [optional] |
+| **signal_id**             | **String**                                                              | Optional mapping of the third-party signal ID.                                                   | [optional] |
+
+## Example
+
+```ruby
+require 'datadog_api_client/v2'
+
+instance = DatadogAPIClient::V2::SecurityMonitoringRuleThirdPartyOptions.new(
+  default_notifications: null,
+  default_status: null,
+  first_seen_override: null,
+  last_seen_override: null,
+  root_query: null,
+  signal_id: null
+)
+```
@@ -0,0 +1,38 @@
+# Create a detection rule with detection method "third_party" returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringRuleCreatePayload.new({
+  name: "Example-Create_a_detection_rule_with_detection_method_third_party_returns_OK_response",
+  queries: [
+    DatadogAPIClient::V2::SecurityMonitoringRuleQueryCreate.new({
+      query: "@test:true",
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::NONE,
+      group_by_fields: [],
+      distinct_fields: [],
+    }),
+  ],
+  filters: [],
+  cases: [
+    DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
+      name: "",
+      status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
+      notifications: [],
+    }),
+  ],
+  options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
+    detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::THIRD_PARTY,
+    evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::ZERO_MINUTES,
+    keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR,
+    max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY,
+    third_party_rule_options: DatadogAPIClient::V2::SecurityMonitoringRuleThirdPartyOptions.new({
+      root_query: "@pop",
+      default_status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::LOW,
+    }),
+  }),
+  message: "Example-Create_a_detection_rule_with_detection_method_third_party_returns_OK_response message",
+  tags: [],
+  is_enabled: true,
+})
+p api_instance.create_security_monitoring_rule(body)
@@ -21,6 +21,13 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 200 OK
 
+  @team:DataDog/security-monitoring
+  Scenario: Create a detection rule with detection method "third_party" returns "OK" response
+    Given new "CreateSecurityMonitoringRule" request
+    And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"none","groupByFields":[],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[]}],"options":{"detectionMethod":"third_party","evaluationWindow": 0, "keepAlive":3600,"maxSignalDuration":86400, "thirdPartyRuleOptions":{"rootQuery":"@pop","defaultStatus":"low"}},"message":"{{ unique}} message","tags":[],"isEnabled":true}
+    When the request is sent
+    Then the response status is 200 OK
+
   @team:DataDog/security-monitoring
   Scenario: Create a detection rule with type 'workload_security' returns "OK" response
     Given new "CreateSecurityMonitoringRule" request
@@ -207,22 +214,22 @@ Feature: Security Monitoring
   Scenario: Update an existing rule returns "Bad Request" response
     Given new "UpdateSecurityMonitoringRule" request
     And request contains "rule_id" parameter from "REPLACE.ME"
-    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}}, "queries": [{"aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
+    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}, "thirdPartyRuleOptions": {"defaultNotifications": [null], "defaultStatus": "critical", "firstSeenOverride": null, "lastSeenOverride": null, "rootQuery": null, "signalId": null}}, "queries": [{"aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
     When the request is sent
     Then the response status is 400 Bad Request
 
   @generated @skip @team:DataDog/security-monitoring
   Scenario: Update an existing rule returns "Not Found" response
     Given new "UpdateSecurityMonitoringRule" request
     And request contains "rule_id" parameter from "REPLACE.ME"
-    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}}, "queries": [{"aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
+    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}, "thirdPartyRuleOptions": {"defaultNotifications": [null], "defaultStatus": "critical", "firstSeenOverride": null, "lastSeenOverride": null, "rootQuery": null, "signalId": null}}, "queries": [{"aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
     When the request is sent
     Then the response status is 404 Not Found
 
   @generated @skip @team:DataDog/security-monitoring
   Scenario: Update an existing rule returns "OK" response
     Given new "UpdateSecurityMonitoringRule" request
     And request contains "rule_id" parameter from "REPLACE.ME"
-    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}}, "queries": [{"aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
+    And body with value {"cases": [{"condition": null, "name": null, "notifications": [null], "status": "critical"}], "filters": [{"action": "require", "query": null}], "hasExtendedTitle": true, "isEnabled": null, "message": null, "name": null, "options": {"detectionMethod": "threshold", "evaluationWindow": 0, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0}, "thirdPartyRuleOptions": {"defaultNotifications": [null], "defaultStatus": "critical", "firstSeenOverride": null, "lastSeenOverride": null, "rootQuery": null, "signalId": null}}, "queries": [{"aggregation": "count", "distinctFields": [null], "groupByFields": [null], "metric": null, "name": null, "query": null}], "tags": [null], "version": 1}
     When the request is sent
     Then the response status is 200 OK
@@ -328,6 +328,7 @@
 require 'datadog_api_client/v2/models/security_monitoring_rule_query_create'
 require 'datadog_api_client/v2/models/security_monitoring_rule_response'
 require 'datadog_api_client/v2/models/security_monitoring_rule_severity'
+require 'datadog_api_client/v2/models/security_monitoring_rule_third_party_options'
 require 'datadog_api_client/v2/models/security_monitoring_rule_type_create'
 require 'datadog_api_client/v2/models/security_monitoring_rule_type_read'
 require 'datadog_api_client/v2/models/security_monitoring_rule_update_payload'

@@ -21,6 +21,7 @@ class SecurityMonitoringRuleDetectionMethod
     THRESHOLD = "threshold".freeze
     NEW_VALUE = "new_value".freeze
     ANOMALY_DETECTION = "anomaly_detection".freeze
+    THIRD_PARTY = "third_party".freeze
 
     # Builds the enum from string
     # @param [String] The enum value in the form of the string