Skip to content

Commit d3756c4

Browse files
author
ci.datadog-api-spec
committed
Regenerate client from commit 0736290 of spec repo
1 parent bef6090 commit d3756c4

8 files changed

+156
-32
lines changed

.generator/schemas/v2/openapi.yaml

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -40869,8 +40869,6 @@ components:
4086940869
type: integer
4087040870
type:
4087140871
$ref: '#/components/schemas/ObservabilityPipelineBufferOptionsMemoryType'
40872-
when_full:
40873-
$ref: '#/components/schemas/ObservabilityPipelineBufferOptionsWhenFull'
4087440872
type: object
4087540873
ObservabilityPipelineMemoryBufferSizeOptions:
4087640874
description: Options for configuring a memory buffer by queue length.
@@ -40882,8 +40880,6 @@ components:
4088240880
type: integer
4088340881
type:
4088440882
$ref: '#/components/schemas/ObservabilityPipelineBufferOptionsMemoryType'
40885-
when_full:
40886-
$ref: '#/components/schemas/ObservabilityPipelineBufferOptionsWhenFull'
4088740883
type: object
4088840884
ObservabilityPipelineMetadataEntry:
4088940885
description: A custom metadata entry.
@@ -53475,6 +53471,8 @@ components:
5347553471
$ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration'
5347653472
detectionTolerance:
5347753473
$ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance'
53474+
instantaneousBaseline:
53475+
$ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsInstantaneousBaseline'
5347853476
learningDuration:
5347953477
$ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration'
5348053478
learningPeriodBaseline:
@@ -53526,6 +53524,13 @@ components:
5352653524
- THREE
5352753525
- FOUR
5352853526
- FIVE
53527+
SecurityMonitoringRuleAnomalyDetectionOptionsInstantaneousBaseline:
53528+
description: When set to true, Datadog uses previous values that fall within
53529+
the defined learning window to construct the baseline, enabling the system
53530+
to establish an accurate baseline more rapidly rather than relying solely
53531+
on gradual learning over time.
53532+
example: false
53533+
type: boolean
5352953534
SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration:
5353053535
description: Learning duration in hours. Anomaly detection waits for at least
5353153536
this amount of historical data before it starts evaluating.
Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
"""
2+
Create a detection rule with detection method 'anomaly_detection' with enabled feature 'instantaneousBaseline' returns
3+
"OK" response
4+
"""
5+
6+
from datadog_api_client import ApiClient, Configuration
7+
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
8+
from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options import (
9+
SecurityMonitoringRuleAnomalyDetectionOptions,
10+
)
11+
from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options_bucket_duration import (
12+
SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration,
13+
)
14+
from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options_detection_tolerance import (
15+
SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance,
16+
)
17+
from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options_learning_duration import (
18+
SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration,
19+
)
20+
from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate
21+
from datadog_api_client.v2.model.security_monitoring_rule_detection_method import SecurityMonitoringRuleDetectionMethod
22+
from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import (
23+
SecurityMonitoringRuleEvaluationWindow,
24+
)
25+
from datadog_api_client.v2.model.security_monitoring_rule_keep_alive import SecurityMonitoringRuleKeepAlive
26+
from datadog_api_client.v2.model.security_monitoring_rule_max_signal_duration import (
27+
SecurityMonitoringRuleMaxSignalDuration,
28+
)
29+
from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions
30+
from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import (
31+
SecurityMonitoringRuleQueryAggregation,
32+
)
33+
from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
34+
from datadog_api_client.v2.model.security_monitoring_rule_type_create import SecurityMonitoringRuleTypeCreate
35+
from datadog_api_client.v2.model.security_monitoring_standard_data_source import SecurityMonitoringStandardDataSource
36+
from datadog_api_client.v2.model.security_monitoring_standard_rule_create_payload import (
37+
SecurityMonitoringStandardRuleCreatePayload,
38+
)
39+
from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery
40+
41+
body = SecurityMonitoringStandardRuleCreatePayload(
42+
name="Example-Security-Monitoring",
43+
type=SecurityMonitoringRuleTypeCreate.LOG_DETECTION,
44+
is_enabled=True,
45+
queries=[
46+
SecurityMonitoringStandardRuleQuery(
47+
aggregation=SecurityMonitoringRuleQueryAggregation.COUNT,
48+
data_source=SecurityMonitoringStandardDataSource.LOGS,
49+
distinct_fields=[],
50+
group_by_fields=[
51+
"@usr.email",
52+
"@network.client.ip",
53+
],
54+
has_optional_group_by_fields=False,
55+
name="",
56+
query="service:app status:error",
57+
),
58+
],
59+
cases=[
60+
SecurityMonitoringRuleCaseCreate(
61+
name="",
62+
status=SecurityMonitoringRuleSeverity.INFO,
63+
notifications=[],
64+
condition="a > 0.995",
65+
),
66+
],
67+
message="An anomaly detection rule",
68+
options=SecurityMonitoringRuleOptions(
69+
detection_method=SecurityMonitoringRuleDetectionMethod.ANOMALY_DETECTION,
70+
evaluation_window=SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES,
71+
keep_alive=SecurityMonitoringRuleKeepAlive.ONE_HOUR,
72+
max_signal_duration=SecurityMonitoringRuleMaxSignalDuration.ONE_DAY,
73+
anomaly_detection_options=SecurityMonitoringRuleAnomalyDetectionOptions(
74+
bucket_duration=SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration.FIVE_MINUTES,
75+
learning_duration=SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration.ONE_DAY,
76+
detection_tolerance=SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance.THREE,
77+
instantaneous_baseline=True,
78+
),
79+
),
80+
tags=[],
81+
filters=[],
82+
)
83+
84+
configuration = Configuration()
85+
with ApiClient(configuration) as api_client:
86+
api_instance = SecurityMonitoringApi(api_client)
87+
response = api_instance.create_security_monitoring_rule(body=body)
88+
89+
print(response)

src/datadog_api_client/v2/model/observability_pipeline_memory_buffer_options.py

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,6 @@
1717
from datadog_api_client.v2.model.observability_pipeline_buffer_options_memory_type import (
1818
ObservabilityPipelineBufferOptionsMemoryType,
1919
)
20-
from datadog_api_client.v2.model.observability_pipeline_buffer_options_when_full import (
21-
ObservabilityPipelineBufferOptionsWhenFull,
22-
)
2320

2421

2522
class ObservabilityPipelineMemoryBufferOptions(ModelNormal):
@@ -28,27 +25,21 @@ def openapi_types(_):
2825
from datadog_api_client.v2.model.observability_pipeline_buffer_options_memory_type import (
2926
ObservabilityPipelineBufferOptionsMemoryType,
3027
)
31-
from datadog_api_client.v2.model.observability_pipeline_buffer_options_when_full import (
32-
ObservabilityPipelineBufferOptionsWhenFull,
33-
)
3428

3529
return {
3630
"max_size": (int,),
3731
"type": (ObservabilityPipelineBufferOptionsMemoryType,),
38-
"when_full": (ObservabilityPipelineBufferOptionsWhenFull,),
3932
}
4033

4134
attribute_map = {
4235
"max_size": "max_size",
4336
"type": "type",
44-
"when_full": "when_full",
4537
}
4638

4739
def __init__(
4840
self_,
4941
max_size: Union[int, UnsetType] = unset,
5042
type: Union[ObservabilityPipelineBufferOptionsMemoryType, UnsetType] = unset,
51-
when_full: Union[ObservabilityPipelineBufferOptionsWhenFull, UnsetType] = unset,
5243
**kwargs,
5344
):
5445
"""
@@ -59,14 +50,9 @@ def __init__(
5950
6051
:param type: The type of the buffer that will be configured, a memory buffer.
6152
:type type: ObservabilityPipelineBufferOptionsMemoryType, optional
62-
63-
:param when_full: Behavior when the buffer is full (block and stop accepting new events, or drop new events)
64-
:type when_full: ObservabilityPipelineBufferOptionsWhenFull, optional
6553
"""
6654
if max_size is not unset:
6755
kwargs["max_size"] = max_size
6856
if type is not unset:
6957
kwargs["type"] = type
70-
if when_full is not unset:
71-
kwargs["when_full"] = when_full
7258
super().__init__(kwargs)

src/datadog_api_client/v2/model/observability_pipeline_memory_buffer_size_options.py

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,6 @@
1717
from datadog_api_client.v2.model.observability_pipeline_buffer_options_memory_type import (
1818
ObservabilityPipelineBufferOptionsMemoryType,
1919
)
20-
from datadog_api_client.v2.model.observability_pipeline_buffer_options_when_full import (
21-
ObservabilityPipelineBufferOptionsWhenFull,
22-
)
2320

2421

2522
class ObservabilityPipelineMemoryBufferSizeOptions(ModelNormal):
@@ -28,27 +25,21 @@ def openapi_types(_):
2825
from datadog_api_client.v2.model.observability_pipeline_buffer_options_memory_type import (
2926
ObservabilityPipelineBufferOptionsMemoryType,
3027
)
31-
from datadog_api_client.v2.model.observability_pipeline_buffer_options_when_full import (
32-
ObservabilityPipelineBufferOptionsWhenFull,
33-
)
3428

3529
return {
3630
"max_events": (int,),
3731
"type": (ObservabilityPipelineBufferOptionsMemoryType,),
38-
"when_full": (ObservabilityPipelineBufferOptionsWhenFull,),
3932
}
4033

4134
attribute_map = {
4235
"max_events": "max_events",
4336
"type": "type",
44-
"when_full": "when_full",
4537
}
4638

4739
def __init__(
4840
self_,
4941
max_events: Union[int, UnsetType] = unset,
5042
type: Union[ObservabilityPipelineBufferOptionsMemoryType, UnsetType] = unset,
51-
when_full: Union[ObservabilityPipelineBufferOptionsWhenFull, UnsetType] = unset,
5243
**kwargs,
5344
):
5445
"""
@@ -59,14 +50,9 @@ def __init__(
5950
6051
:param type: The type of the buffer that will be configured, a memory buffer.
6152
:type type: ObservabilityPipelineBufferOptionsMemoryType, optional
62-
63-
:param when_full: Behavior when the buffer is full (block and stop accepting new events, or drop new events)
64-
:type when_full: ObservabilityPipelineBufferOptionsWhenFull, optional
6553
"""
6654
if max_events is not unset:
6755
kwargs["max_events"] = max_events
6856
if type is not unset:
6957
kwargs["type"] = type
70-
if when_full is not unset:
71-
kwargs["when_full"] = when_full
7258
super().__init__(kwargs)

src/datadog_api_client/v2/model/security_monitoring_rule_anomaly_detection_options.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,13 +47,15 @@ def openapi_types(_):
4747
return {
4848
"bucket_duration": (SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration,),
4949
"detection_tolerance": (SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance,),
50+
"instantaneous_baseline": (bool,),
5051
"learning_duration": (SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration,),
5152
"learning_period_baseline": (int,),
5253
}
5354

5455
attribute_map = {
5556
"bucket_duration": "bucketDuration",
5657
"detection_tolerance": "detectionTolerance",
58+
"instantaneous_baseline": "instantaneousBaseline",
5759
"learning_duration": "learningDuration",
5860
"learning_period_baseline": "learningPeriodBaseline",
5961
}
@@ -62,6 +64,7 @@ def __init__(
6264
self_,
6365
bucket_duration: Union[SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration, UnsetType] = unset,
6466
detection_tolerance: Union[SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance, UnsetType] = unset,
67+
instantaneous_baseline: Union[bool, UnsetType] = unset,
6568
learning_duration: Union[SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration, UnsetType] = unset,
6669
learning_period_baseline: Union[int, UnsetType] = unset,
6770
**kwargs,
@@ -77,6 +80,9 @@ def __init__(
7780
Higher values require higher deviations before triggering a signal.
7881
:type detection_tolerance: SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance, optional
7982
83+
:param instantaneous_baseline: When set to true, Datadog uses previous values that fall within the defined learning window to construct the baseline, enabling the system to establish an accurate baseline more rapidly rather than relying solely on gradual learning over time.
84+
:type instantaneous_baseline: bool, optional
85+
8086
:param learning_duration: Learning duration in hours. Anomaly detection waits for at least this amount of historical data before it starts evaluating.
8187
:type learning_duration: SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration, optional
8288
@@ -87,6 +93,8 @@ def __init__(
8793
kwargs["bucket_duration"] = bucket_duration
8894
if detection_tolerance is not unset:
8995
kwargs["detection_tolerance"] = detection_tolerance
96+
if instantaneous_baseline is not unset:
97+
kwargs["instantaneous_baseline"] = instantaneous_baseline
9098
if learning_duration is not unset:
9199
kwargs["learning_duration"] = learning_duration
92100
if learning_period_baseline is not unset:
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
2026-02-10T14:48:33.727Z
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
interactions:
2+
- request:
3+
body: '{"cases":[{"condition":"a > 0.995","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"An
4+
anomaly detection rule","name":"Test-Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBa-1770734913","options":{"anomalyDetectionOptions":{"bucketDuration":300,"detectionTolerance":3,"instantaneousBaseline":true,"learningDuration":24},"detectionMethod":"anomaly_detection","evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"name":"","query":"service:app
5+
status:error"}],"tags":[],"type":"log_detection"}'
6+
headers:
7+
accept:
8+
- application/json
9+
content-type:
10+
- application/json
11+
method: POST
12+
uri: https://api.datadoghq.com/api/v2/security_monitoring/rules
13+
response:
14+
body:
15+
string: '{"name":"Test-Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBa-1770734913","createdAt":1770734914087,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"service:app
16+
status:error","groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":1800,"detectionMethod":"anomaly_detection","maxSignalDuration":86400,"keepAlive":3600,"anomalyDetectionOptions":{"bucketDuration":300,"learningDuration":24,"detectionTolerance":3,"instantaneousBaseline":true,"instantaneousBaselineTimeoutMinutes":30}},"cases":[{"name":"","status":"info","notifications":[],"condition":"a
17+
\u003e 0.995"}],"message":"An anomaly detection rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"mtt-vs9-dyl","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"updater":{"handle":"","name":""}}'
18+
headers:
19+
content-type:
20+
- application/json
21+
status:
22+
code: 200
23+
message: OK
24+
- request:
25+
body: null
26+
headers:
27+
accept:
28+
- '*/*'
29+
method: DELETE
30+
uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/mtt-vs9-dyl
31+
response:
32+
body:
33+
string: ''
34+
headers: {}
35+
status:
36+
code: 204
37+
message: No Content
38+
version: 1

tests/v2/features/security_monitoring.feature

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -456,6 +456,17 @@ Feature: Security Monitoring
456456
And the response "options.anomalyDetectionOptions.learningPeriodBaseline" is equal to 10
457457
And the response "options.anomalyDetectionOptions.detectionTolerance" is equal to 3
458458

459+
@team:DataDog/k9-cloud-security-platform
460+
Scenario: Create a detection rule with detection method 'anomaly_detection' with enabled feature 'instantaneousBaseline' returns "OK" response
461+
Given new "CreateSecurityMonitoringRule" request
462+
And body with value {"name":"{{ unique }}","type":"log_detection","isEnabled":true,"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"name":"","query":"service:app status:error"}],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0.995"}],"message":"An anomaly detection rule","options":{"detectionMethod":"anomaly_detection","evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400,"anomalyDetectionOptions":{"bucketDuration":300,"learningDuration":24,"detectionTolerance":3,"instantaneousBaseline":true}},"tags":[],"filters":[]}
463+
When the request is sent
464+
Then the response status is 200 OK
465+
And the response "name" is equal to "{{ unique }}"
466+
And the response "type" is equal to "log_detection"
467+
And the response "options.detectionMethod" is equal to "anomaly_detection"
468+
And the response "options.anomalyDetectionOptions.instantaneousBaseline" is equal to true
469+
459470
@team:DataDog/k9-cloud-security-platform
460471
Scenario: Create a detection rule with detection method 'sequence_detection' returns "OK" response
461472
Given new "CreateSecurityMonitoringRule" request

0 commit comments

Comments
 (0)