Skip to content

Commit df79171

Browse files
api-clients-generation-pipeline[bot]ci.datadog-api-spec
api-clients-generation-pipeline[bot]
and
ci.datadog-api-spec
authored
Regenerate client from commit b980d49f of spec repo (#2401)
Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>
1 parent f042b08 commit df79171

24 files changed

Lines changed: 485 additions & 4 deletions

.apigentools-info

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,13 @@
44
"spec_versions": {
55
"v1": {
66
"apigentools_version": "1.6.6",
7-
"regenerated": "2025-02-10 19:09:31.767881",
8-
"spec_repo_commit": "824f78a1"
7+
"regenerated": "2025-02-11 09:59:39.979801",
8+
"spec_repo_commit": "b980d49f"
99
},
1010
"v2": {
1111
"apigentools_version": "1.6.6",
12-
"regenerated": "2025-02-10 19:09:31.783166",
13-
"spec_repo_commit": "824f78a1"
12+
"regenerated": "2025-02-11 09:59:39.994561",
13+
"spec_repo_commit": "b980d49f"
1414
}
1515
}
1616
}

.generator/schemas/v2/openapi.yaml

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15657,6 +15657,15 @@ components:
1565715657
example: 1729843470000
1565815658
format: int64
1565915659
type: integer
15660+
groupSignalsBy:
15661+
description: Additional grouping to perform on top of the existing groups
15662+
in the query section. Must be a subset of the existing groups.
15663+
example:
15664+
- service
15665+
items:
15666+
description: Field to group by.
15667+
type: string
15668+
type: array
1566015669
index:
1566115670
description: Index used to load the data.
1566215671
example: cloud_siem
@@ -24242,6 +24251,11 @@ components:
2424224251
SecurityMonitoringRuleCase:
2424324252
description: Case when signal is generated.
2424424253
properties:
24254+
actions:
24255+
description: Action to perform for each rule case.
24256+
items:
24257+
$ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
24258+
type: array
2424524259
condition:
2424624260
description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`)
2424724261
to determine if a signal should be generated
@@ -24260,9 +24274,42 @@ components:
2426024274
status:
2426124275
$ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
2426224276
type: object
24277+
SecurityMonitoringRuleCaseAction:
24278+
description: Action to perform when a signal is triggered. Only available for
24279+
Application Security rule type.
24280+
properties:
24281+
options:
24282+
$ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptions'
24283+
type:
24284+
$ref: '#/components/schemas/SecurityMonitoringRuleCaseActionType'
24285+
type: object
24286+
SecurityMonitoringRuleCaseActionOptions:
24287+
description: Options for the rule action
24288+
properties:
24289+
duration:
24290+
description: Duration of the action in seconds. 0 indicates no expiration.
24291+
example: 0
24292+
format: int64
24293+
minimum: 0
24294+
type: integer
24295+
type: object
24296+
SecurityMonitoringRuleCaseActionType:
24297+
description: The action type.
24298+
enum:
24299+
- block_ip
24300+
- block_user
24301+
type: string
24302+
x-enum-varnames:
24303+
- BLOCK_IP
24304+
- BLOCK_USER
2426324305
SecurityMonitoringRuleCaseCreate:
2426424306
description: Case when signal is generated.
2426524307
properties:
24308+
actions:
24309+
description: Action to perform for each rule case.
24310+
items:
24311+
$ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
24312+
type: array
2426624313
condition:
2426724314
description: 'A case contains logical operations (`>`,`>=`, `&&`, `||`)
2426824315
to determine if a signal should be generated
@@ -24724,6 +24771,15 @@ components:
2472424771
items:
2472524772
$ref: '#/components/schemas/SecurityMonitoringFilter'
2472624773
type: array
24774+
groupSignalsBy:
24775+
description: Additional grouping to perform on top of the existing groups
24776+
in the query section. Must be a subset of the existing groups.
24777+
example:
24778+
- service
24779+
items:
24780+
description: Field to group by.
24781+
type: string
24782+
type: array
2472724783
hasExtendedTitle:
2472824784
description: Whether the notifications include the triggering group-by values
2472924785
in their title.
@@ -25429,6 +25485,15 @@ components:
2542925485
items:
2543025486
$ref: '#/components/schemas/SecurityMonitoringFilter'
2543125487
type: array
25488+
groupSignalsBy:
25489+
description: Additional grouping to perform on top of the existing groups
25490+
in the query section. Must be a subset of the existing groups.
25491+
example:
25492+
- service
25493+
items:
25494+
description: Field to group by.
25495+
type: string
25496+
type: array
2543225497
hasExtendedTitle:
2543325498
description: Whether the notifications include the triggering group-by values
2543425499
in their title.
@@ -25501,6 +25566,15 @@ components:
2550125566
items:
2550225567
$ref: '#/components/schemas/SecurityMonitoringFilter'
2550325568
type: array
25569+
groupSignalsBy:
25570+
description: Additional grouping to perform on top of the existing groups
25571+
in the query section. Must be a subset of the existing groups.
25572+
example:
25573+
- service
25574+
items:
25575+
description: Field to group by.
25576+
type: string
25577+
type: array
2550425578
hasExtendedTitle:
2550525579
description: Whether the notifications include the triggering group-by values
2550625580
in their title.
@@ -25642,6 +25716,15 @@ components:
2564225716
items:
2564325717
$ref: '#/components/schemas/SecurityMonitoringFilter'
2564425718
type: array
25719+
groupSignalsBy:
25720+
description: Additional grouping to perform on top of the existing groups
25721+
in the query section. Must be a subset of the existing groups.
25722+
example:
25723+
- service
25724+
items:
25725+
description: Field to group by.
25726+
type: string
25727+
type: array
2564525728
hasExtendedTitle:
2564625729
description: Whether the notifications include the triggering group-by values
2564725730
in their title.
@@ -25719,6 +25802,15 @@ components:
2571925802
items:
2572025803
$ref: '#/components/schemas/SecurityMonitoringFilter'
2572125804
type: array
25805+
groupSignalsBy:
25806+
description: Additional grouping to perform on top of the existing groups
25807+
in the query section. Must be a subset of the existing groups.
25808+
example:
25809+
- service
25810+
items:
25811+
description: Field to group by.
25812+
type: string
25813+
type: array
2572225814
hasExtendedTitle:
2572325815
description: Whether the notifications include the triggering group-by values
2572425816
in their title.

docs/datadog_api_client.v2.model.rst

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10686,6 +10686,27 @@ datadog\_api\_client.v2.model.security\_monitoring\_rule\_case module
1068610686
:members:
1068710687
:show-inheritance:
1068810688

10689+
datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_action module
10690+
-----------------------------------------------------------------------------
10691+
10692+
.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_case_action
10693+
:members:
10694+
:show-inheritance:
10695+
10696+
datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_action\_options module
10697+
--------------------------------------------------------------------------------------
10698+
10699+
.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_case_action_options
10700+
:members:
10701+
:show-inheritance:
10702+
10703+
datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_action\_type module
10704+
-----------------------------------------------------------------------------------
10705+
10706+
.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_case_action_type
10707+
:members:
10708+
:show-inheritance:
10709+
1068910710
datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_create module
1069010711
-----------------------------------------------------------------------------
1069110712

examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.py

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
"""
2+
Create a detection rule with type 'application_security 'returns "OK" response
3+
"""
4+
5+
from datadog_api_client import ApiClient, Configuration
6+
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
7+
from datadog_api_client.v2.model.security_monitoring_rule_case_action import SecurityMonitoringRuleCaseAction
8+
from datadog_api_client.v2.model.security_monitoring_rule_case_action_options import (
9+
SecurityMonitoringRuleCaseActionOptions,
10+
)
11+
from datadog_api_client.v2.model.security_monitoring_rule_case_action_type import SecurityMonitoringRuleCaseActionType
12+
from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate
13+
from datadog_api_client.v2.model.security_monitoring_rule_detection_method import SecurityMonitoringRuleDetectionMethod
14+
from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import (
15+
SecurityMonitoringRuleEvaluationWindow,
16+
)
17+
from datadog_api_client.v2.model.security_monitoring_rule_keep_alive import SecurityMonitoringRuleKeepAlive
18+
from datadog_api_client.v2.model.security_monitoring_rule_max_signal_duration import (
19+
SecurityMonitoringRuleMaxSignalDuration,
20+
)
21+
from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions
22+
from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import (
23+
SecurityMonitoringRuleQueryAggregation,
24+
)
25+
from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
26+
from datadog_api_client.v2.model.security_monitoring_rule_type_create import SecurityMonitoringRuleTypeCreate
27+
from datadog_api_client.v2.model.security_monitoring_standard_rule_create_payload import (
28+
SecurityMonitoringStandardRuleCreatePayload,
29+
)
30+
from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery
31+
32+
body = SecurityMonitoringStandardRuleCreatePayload(
33+
type=SecurityMonitoringRuleTypeCreate.APPLICATION_SECURITY,
34+
name="Example-Security-Monitoring_appsec_rule",
35+
queries=[
36+
SecurityMonitoringStandardRuleQuery(
37+
query="@appsec.security_activity:business_logic.users.login.failure",
38+
aggregation=SecurityMonitoringRuleQueryAggregation.COUNT,
39+
group_by_fields=[
40+
"service",
41+
"@http.client_ip",
42+
],
43+
distinct_fields=[],
44+
),
45+
],
46+
filters=[],
47+
cases=[
48+
SecurityMonitoringRuleCaseCreate(
49+
name="",
50+
status=SecurityMonitoringRuleSeverity.INFO,
51+
notifications=[],
52+
condition="a > 100000",
53+
actions=[
54+
SecurityMonitoringRuleCaseAction(
55+
type=SecurityMonitoringRuleCaseActionType.BLOCK_IP,
56+
options=SecurityMonitoringRuleCaseActionOptions(
57+
duration=900,
58+
),
59+
),
60+
],
61+
),
62+
],
63+
options=SecurityMonitoringRuleOptions(
64+
keep_alive=SecurityMonitoringRuleKeepAlive.ONE_HOUR,
65+
max_signal_duration=SecurityMonitoringRuleMaxSignalDuration.ONE_DAY,
66+
evaluation_window=SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES,
67+
detection_method=SecurityMonitoringRuleDetectionMethod.THRESHOLD,
68+
),
69+
is_enabled=True,
70+
message="Test rule",
71+
tags=[],
72+
group_signals_by=[
73+
"service",
74+
],
75+
)
76+
77+
configuration = Configuration()
78+
with ApiClient(configuration) as api_client:
79+
api_instance = SecurityMonitoringApi(api_client)
80+
response = api_instance.create_security_monitoring_rule(body=body)
81+
82+
print(response)

src/datadog_api_client/v2/model/job_definition.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ def openapi_types(_):
4040
"calculated_fields": ([CalculatedField],),
4141
"cases": ([SecurityMonitoringRuleCaseCreate],),
4242
"_from": (int,),
43+
"group_signals_by": ([str],),
4344
"index": (str,),
4445
"message": (str,),
4546
"name": (str,),
@@ -56,6 +57,7 @@ def openapi_types(_):
5657
"calculated_fields": "calculatedFields",
5758
"cases": "cases",
5859
"_from": "from",
60+
"group_signals_by": "groupSignalsBy",
5961
"index": "index",
6062
"message": "message",
6163
"name": "name",
@@ -78,6 +80,7 @@ def __init__(
7880
queries: List[HistoricalJobQuery],
7981
to: int,
8082
calculated_fields: Union[List[CalculatedField], UnsetType] = unset,
83+
group_signals_by: Union[List[str], UnsetType] = unset,
8184
options: Union[HistoricalJobOptions, UnsetType] = unset,
8285
reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset,
8386
tags: Union[List[str], UnsetType] = unset,
@@ -97,6 +100,9 @@ def __init__(
97100
:param _from: Starting time of data analyzed by the job.
98101
:type _from: int
99102
103+
:param group_signals_by: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups.
104+
:type group_signals_by: [str], optional
105+
100106
:param index: Index used to load the data.
101107
:type index: str
102108
@@ -129,6 +135,8 @@ def __init__(
129135
"""
130136
if calculated_fields is not unset:
131137
kwargs["calculated_fields"] = calculated_fields
138+
if group_signals_by is not unset:
139+
kwargs["group_signals_by"] = group_signals_by
132140
if options is not unset:
133141
kwargs["options"] = options
134142
if reference_tables is not unset:

src/datadog_api_client/v2/model/security_monitoring_rule_case.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,22 +14,26 @@
1414

1515

1616
if TYPE_CHECKING:
17+
from datadog_api_client.v2.model.security_monitoring_rule_case_action import SecurityMonitoringRuleCaseAction
1718
from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
1819

1920

2021
class SecurityMonitoringRuleCase(ModelNormal):
2122
@cached_property
2223
def openapi_types(_):
24+
from datadog_api_client.v2.model.security_monitoring_rule_case_action import SecurityMonitoringRuleCaseAction
2325
from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
2426

2527
return {
28+
"actions": ([SecurityMonitoringRuleCaseAction],),
2629
"condition": (str,),
2730
"name": (str,),
2831
"notifications": ([str],),
2932
"status": (SecurityMonitoringRuleSeverity,),
3033
}
3134

3235
attribute_map = {
36+
"actions": "actions",
3337
"condition": "condition",
3438
"name": "name",
3539
"notifications": "notifications",
@@ -38,6 +42,7 @@ def openapi_types(_):
3842

3943
def __init__(
4044
self_,
45+
actions: Union[List[SecurityMonitoringRuleCaseAction], UnsetType] = unset,
4146
condition: Union[str, UnsetType] = unset,
4247
name: Union[str, UnsetType] = unset,
4348
notifications: Union[List[str], UnsetType] = unset,
@@ -47,6 +52,9 @@ def __init__(
4752
"""
4853
Case when signal is generated.
4954
55+
:param actions: Action to perform for each rule case.
56+
:type actions: [SecurityMonitoringRuleCaseAction], optional
57+
5058
:param condition: A rule case contains logical operations ( ``>`` , ``>=`` , ``&&`` , ``||`` ) to determine if a signal should be generated
5159
based on the event counts in the previously defined queries.
5260
:type condition: str, optional
@@ -60,6 +68,8 @@ def __init__(
6068
:param status: Severity of the Security Signal.
6169
:type status: SecurityMonitoringRuleSeverity, optional
6270
"""
71+
if actions is not unset:
72+
kwargs["actions"] = actions
6373
if condition is not unset:
6474
kwargs["condition"] = condition
6575
if name is not unset:

0 commit comments

Comments
 (0)