Skip to content

Commit 505b86e

Browse files
author
ci.datadog-api-spec
committed
Regenerate client from commit 80ab4e4 of spec repo
1 parent bef6090 commit 505b86e

6 files changed

+157
-8
lines changed

.generator/schemas/v2/openapi.yaml

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -53475,6 +53475,8 @@ components:
5347553475
$ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration'
5347653476
detectionTolerance:
5347753477
$ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance'
53478+
instantaneousBaseline:
53479+
$ref: '#/components/schemas/SecurityMonitoringRuleInstantaneousBaseline'
5347853480
learningDuration:
5347953481
$ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration'
5348053482
learningPeriodBaseline:
@@ -53812,6 +53814,13 @@ components:
5381253814
or credentialed API access.'
5381353815
example: true
5381453816
type: boolean
53817+
SecurityMonitoringRuleInstantaneousBaseline:
53818+
description: When set to true, Datadog uses previous values that fall within
53819+
the defined learning window to construct the baseline, enabling the system
53820+
to establish an accurate baseline more rapidly rather than relying solely
53821+
on gradual learning over time.
53822+
example: false
53823+
type: boolean
5381553824
SecurityMonitoringRuleKeepAlive:
5381653825
description: 'Once a signal is generated, the signal will remain "open" if a
5381753826
case is matched at least once within
@@ -53885,7 +53894,7 @@ components:
5388553894
forgetAfter:
5388653895
$ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter'
5388753896
instantaneousBaseline:
53888-
$ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline'
53897+
$ref: '#/components/schemas/SecurityMonitoringRuleInstantaneousBaseline'
5388953898
learningDuration:
5389053899
$ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningDuration'
5389153900
learningMethod:
@@ -53911,13 +53920,6 @@ components:
5391153920
- TWO_WEEKS
5391253921
- THREE_WEEKS
5391353922
- FOUR_WEEKS
53914-
SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline:
53915-
description: When set to true, Datadog uses previous values that fall within
53916-
the defined learning window to construct the baseline, enabling the system
53917-
to establish an accurate baseline more rapidly rather than relying solely
53918-
on gradual learning over time.
53919-
example: false
53920-
type: boolean
5392153923
SecurityMonitoringRuleNewValueOptionsLearningDuration:
5392253924
default: 0
5392353925
description: 'The duration in days during which values are learned, and after
Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
"""
2+
Create a detection rule with detection method 'anomaly_detection' with enabled feature 'instantaneousBaseline' returns
3+
"OK" response
4+
"""
5+
6+
from datadog_api_client import ApiClient, Configuration
7+
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
8+
from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options import (
9+
SecurityMonitoringRuleAnomalyDetectionOptions,
10+
)
11+
from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options_bucket_duration import (
12+
SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration,
13+
)
14+
from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options_detection_tolerance import (
15+
SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance,
16+
)
17+
from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options_learning_duration import (
18+
SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration,
19+
)
20+
from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate
21+
from datadog_api_client.v2.model.security_monitoring_rule_detection_method import SecurityMonitoringRuleDetectionMethod
22+
from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import (
23+
SecurityMonitoringRuleEvaluationWindow,
24+
)
25+
from datadog_api_client.v2.model.security_monitoring_rule_keep_alive import SecurityMonitoringRuleKeepAlive
26+
from datadog_api_client.v2.model.security_monitoring_rule_max_signal_duration import (
27+
SecurityMonitoringRuleMaxSignalDuration,
28+
)
29+
from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions
30+
from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import (
31+
SecurityMonitoringRuleQueryAggregation,
32+
)
33+
from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
34+
from datadog_api_client.v2.model.security_monitoring_rule_type_create import SecurityMonitoringRuleTypeCreate
35+
from datadog_api_client.v2.model.security_monitoring_standard_data_source import SecurityMonitoringStandardDataSource
36+
from datadog_api_client.v2.model.security_monitoring_standard_rule_create_payload import (
37+
SecurityMonitoringStandardRuleCreatePayload,
38+
)
39+
from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery
40+
41+
body = SecurityMonitoringStandardRuleCreatePayload(
42+
name="Example-Security-Monitoring",
43+
type=SecurityMonitoringRuleTypeCreate.LOG_DETECTION,
44+
is_enabled=True,
45+
queries=[
46+
SecurityMonitoringStandardRuleQuery(
47+
aggregation=SecurityMonitoringRuleQueryAggregation.COUNT,
48+
data_source=SecurityMonitoringStandardDataSource.LOGS,
49+
distinct_fields=[],
50+
group_by_fields=[
51+
"@usr.email",
52+
"@network.client.ip",
53+
],
54+
has_optional_group_by_fields=False,
55+
name="",
56+
query="service:app status:error",
57+
),
58+
],
59+
cases=[
60+
SecurityMonitoringRuleCaseCreate(
61+
name="",
62+
status=SecurityMonitoringRuleSeverity.INFO,
63+
notifications=[],
64+
condition="a > 0.995",
65+
),
66+
],
67+
message="An anomaly detection rule",
68+
options=SecurityMonitoringRuleOptions(
69+
detection_method=SecurityMonitoringRuleDetectionMethod.ANOMALY_DETECTION,
70+
evaluation_window=SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES,
71+
keep_alive=SecurityMonitoringRuleKeepAlive.ONE_HOUR,
72+
max_signal_duration=SecurityMonitoringRuleMaxSignalDuration.ONE_DAY,
73+
anomaly_detection_options=SecurityMonitoringRuleAnomalyDetectionOptions(
74+
bucket_duration=SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration.FIVE_MINUTES,
75+
learning_duration=SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration.ONE_DAY,
76+
detection_tolerance=SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance.THREE,
77+
instantaneous_baseline=True,
78+
),
79+
),
80+
tags=[],
81+
filters=[],
82+
)
83+
84+
configuration = Configuration()
85+
with ApiClient(configuration) as api_client:
86+
api_instance = SecurityMonitoringApi(api_client)
87+
response = api_instance.create_security_monitoring_rule(body=body)
88+
89+
print(response)

src/datadog_api_client/v2/model/security_monitoring_rule_anomaly_detection_options.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,13 +47,15 @@ def openapi_types(_):
4747
return {
4848
"bucket_duration": (SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration,),
4949
"detection_tolerance": (SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance,),
50+
"instantaneous_baseline": (bool,),
5051
"learning_duration": (SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration,),
5152
"learning_period_baseline": (int,),
5253
}
5354

5455
attribute_map = {
5556
"bucket_duration": "bucketDuration",
5657
"detection_tolerance": "detectionTolerance",
58+
"instantaneous_baseline": "instantaneousBaseline",
5759
"learning_duration": "learningDuration",
5860
"learning_period_baseline": "learningPeriodBaseline",
5961
}
@@ -62,6 +64,7 @@ def __init__(
6264
self_,
6365
bucket_duration: Union[SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration, UnsetType] = unset,
6466
detection_tolerance: Union[SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance, UnsetType] = unset,
67+
instantaneous_baseline: Union[bool, UnsetType] = unset,
6568
learning_duration: Union[SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration, UnsetType] = unset,
6669
learning_period_baseline: Union[int, UnsetType] = unset,
6770
**kwargs,
@@ -77,6 +80,9 @@ def __init__(
7780
Higher values require higher deviations before triggering a signal.
7881
:type detection_tolerance: SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance, optional
7982
83+
:param instantaneous_baseline: When set to true, Datadog uses previous values that fall within the defined learning window to construct the baseline, enabling the system to establish an accurate baseline more rapidly rather than relying solely on gradual learning over time.
84+
:type instantaneous_baseline: bool, optional
85+
8086
:param learning_duration: Learning duration in hours. Anomaly detection waits for at least this amount of historical data before it starts evaluating.
8187
:type learning_duration: SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration, optional
8288
@@ -87,6 +93,8 @@ def __init__(
8793
kwargs["bucket_duration"] = bucket_duration
8894
if detection_tolerance is not unset:
8995
kwargs["detection_tolerance"] = detection_tolerance
96+
if instantaneous_baseline is not unset:
97+
kwargs["instantaneous_baseline"] = instantaneous_baseline
9098
if learning_duration is not unset:
9199
kwargs["learning_duration"] = learning_duration
92100
if learning_period_baseline is not unset:
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
2026-02-10T14:48:33.727Z
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
interactions:
2+
- request:
3+
body: '{"cases":[{"condition":"a > 0.995","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"An
4+
anomaly detection rule","name":"Test-Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBa-1770734913","options":{"anomalyDetectionOptions":{"bucketDuration":300,"detectionTolerance":3,"instantaneousBaseline":true,"learningDuration":24},"detectionMethod":"anomaly_detection","evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"name":"","query":"service:app
5+
status:error"}],"tags":[],"type":"log_detection"}'
6+
headers:
7+
accept:
8+
- application/json
9+
content-type:
10+
- application/json
11+
method: POST
12+
uri: https://api.datadoghq.com/api/v2/security_monitoring/rules
13+
response:
14+
body:
15+
string: '{"name":"Test-Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBa-1770734913","createdAt":1770734914087,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"service:app
16+
status:error","groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":1800,"detectionMethod":"anomaly_detection","maxSignalDuration":86400,"keepAlive":3600,"anomalyDetectionOptions":{"bucketDuration":300,"learningDuration":24,"detectionTolerance":3,"instantaneousBaseline":true,"instantaneousBaselineTimeoutMinutes":30}},"cases":[{"name":"","status":"info","notifications":[],"condition":"a
17+
\u003e 0.995"}],"message":"An anomaly detection rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"mtt-vs9-dyl","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"updater":{"handle":"","name":""}}'
18+
headers:
19+
content-type:
20+
- application/json
21+
status:
22+
code: 200
23+
message: OK
24+
- request:
25+
body: null
26+
headers:
27+
accept:
28+
- '*/*'
29+
method: DELETE
30+
uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/mtt-vs9-dyl
31+
response:
32+
body:
33+
string: ''
34+
headers: {}
35+
status:
36+
code: 204
37+
message: No Content
38+
version: 1

tests/v2/features/security_monitoring.feature

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -456,6 +456,17 @@ Feature: Security Monitoring
456456
And the response "options.anomalyDetectionOptions.learningPeriodBaseline" is equal to 10
457457
And the response "options.anomalyDetectionOptions.detectionTolerance" is equal to 3
458458

459+
@team:DataDog/k9-cloud-security-platform
460+
Scenario: Create a detection rule with detection method 'anomaly_detection' with enabled feature 'instantaneousBaseline' returns "OK" response
461+
Given new "CreateSecurityMonitoringRule" request
462+
And body with value {"name":"{{ unique }}","type":"log_detection","isEnabled":true,"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"name":"","query":"service:app status:error"}],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0.995"}],"message":"An anomaly detection rule","options":{"detectionMethod":"anomaly_detection","evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400,"anomalyDetectionOptions":{"bucketDuration":300,"learningDuration":24,"detectionTolerance":3,"instantaneousBaseline":true}},"tags":[],"filters":[]}
463+
When the request is sent
464+
Then the response status is 200 OK
465+
And the response "name" is equal to "{{ unique }}"
466+
And the response "type" is equal to "log_detection"
467+
And the response "options.detectionMethod" is equal to "anomaly_detection"
468+
And the response "options.anomalyDetectionOptions.instantaneousBaseline" is equal to true
469+
459470
@team:DataDog/k9-cloud-security-platform
460471
Scenario: Create a detection rule with detection method 'sequence_detection' returns "OK" response
461472
Given new "CreateSecurityMonitoringRule" request

0 commit comments

Comments
 (0)