diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index d57aebc821..a8908359f4 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -52613,6 +52613,153 @@ components: x-enum-varnames: - DONE - TIMEOUT + SecurityMonitoringContentPackActivation: + description: The activation status of a content pack + enum: + - never_activated + - activated + - deactivated + example: activated + type: string + x-enum-varnames: + - NEVER_ACTIVATED + - ACTIVATED + - DEACTIVATED + SecurityMonitoringContentPackIntegrationStatus: + description: The installation status of the related integration + enum: + - installed + - available + - partially_installed + - detected + - error + example: installed + type: string + x-enum-varnames: + - INSTALLED + - AVAILABLE + - PARTIALLY_INSTALLED + - DETECTED + - ERROR + SecurityMonitoringContentPackStateAttributes: + description: Attributes of a content pack state + properties: + cloud_siem_index_incorrect: + description: Whether the cloud SIEM index configuration is incorrect (only + applies to certain pricing models) + example: false + type: boolean + cp_activation: + $ref: '#/components/schemas/SecurityMonitoringContentPackActivation' + filters_configured_for_logs: + description: Whether filters (Security Filters or Index Query depending + on the pricing model) are configured for logs + example: true + type: boolean + integration_installed_status: + $ref: '#/components/schemas/SecurityMonitoringContentPackIntegrationStatus' + logs_last_collected: + $ref: '#/components/schemas/SecurityMonitoringContentPackTimestampBucket' + logs_seen_from_any_index: + description: Whether logs have been seen from any index + example: true + type: boolean + state: + $ref: '#/components/schemas/SecurityMonitoringContentPackStatus' + required: + - state + - cp_activation + - logs_seen_from_any_index + - logs_last_collected + - cloud_siem_index_incorrect + - filters_configured_for_logs + type: object + SecurityMonitoringContentPackStateData: + description: Content pack state data. + properties: + attributes: + $ref: '#/components/schemas/SecurityMonitoringContentPackStateAttributes' + id: + description: The content pack identifier. + example: aws-cloudtrail + type: string + type: + $ref: '#/components/schemas/SecurityMonitoringContentPackStateType' + required: + - id + - type + - attributes + type: object + SecurityMonitoringContentPackStateMeta: + description: Metadata for content pack states + properties: + cloud_siem_index_incorrect: + description: Whether the cloud SIEM index configuration is incorrect at + the organization level + example: false + type: boolean + sku: + $ref: '#/components/schemas/SecurityMonitoringSKU' + required: + - cloud_siem_index_incorrect + - sku + type: object + SecurityMonitoringContentPackStateType: + description: Type for content pack state object + enum: + - content_pack_state + example: content_pack_state + type: string + x-enum-varnames: + - CONTENT_PACK_STATE + SecurityMonitoringContentPackStatesResponse: + description: Response containing content pack states. + properties: + data: + description: Array of content pack states. + items: + $ref: '#/components/schemas/SecurityMonitoringContentPackStateData' + type: array + meta: + $ref: '#/components/schemas/SecurityMonitoringContentPackStateMeta' + required: + - data + - meta + type: object + SecurityMonitoringContentPackStatus: + description: The current status of a content pack + enum: + - install + - activate + - initializing + - active + - warning + - broken + example: active + type: string + x-enum-varnames: + - INSTALL + - ACTIVATE + - INITIALIZING + - ACTIVE + - WARNING + - BROKEN + SecurityMonitoringContentPackTimestampBucket: + description: Timestamp bucket indicating when logs were last collected + enum: + - not_seen + - within_24_hours + - within_24_to_72_hours + - over_72h_to_30d + - over_30d + example: within_24_hours + type: string + x-enum-varnames: + - NOT_SEEN + - WITHIN_24_HOURS + - WITHIN_24_TO_72_HOURS + - OVER_72H_TO_30D + - OVER_30D SecurityMonitoringCriticalAsset: description: The critical asset's properties. properties: @@ -53740,6 +53887,18 @@ components: - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload' - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload' - $ref: '#/components/schemas/CloudConfigurationRulePayload' + SecurityMonitoringSKU: + description: The SIEM pricing model (SKU) for the organization + enum: + - per_gb_analyzed + - per_event_in_siem_index_2023 + - add_on_2024 + example: add_on_2024 + type: string + x-enum-varnames: + - PER_GB_ANALYZED + - PER_EVENT_IN_SIEM_INDEX_2023 + - ADD_ON_2024 SecurityMonitoringSchedulingOptions: description: Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs. @@ -94103,6 +94262,123 @@ paths: summary: Get a suppression's version history tags: - Security Monitoring + /api/v2/security_monitoring/content_packs/states: + get: + description: 'Get the activation and configuration states for all security monitoring + content packs. + + This endpoint returns status information about each content pack including + activation state, + + integration status, and log collection status.' + operationId: GetContentPacksStates + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringContentPackStatesResponse' + description: OK + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Forbidden + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Not Found + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Get content pack states + tags: + - Security Monitoring + x-unstable: '**Note**: This endpoint is in preview and is subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' + /api/v2/security_monitoring/content_packs/{content_pack_id}/activate: + put: + description: 'Activate a security monitoring content pack. This operation configures + the necessary + + log filters or security filters depending on the pricing model and updates + the content + + pack activation state.' + operationId: ActivateContentPack + parameters: + - description: The ID of the content pack to activate. + in: path + name: content_pack_id + required: true + schema: + example: aws-cloudtrail + type: string + responses: + '202': + description: Accepted + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Forbidden + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Not Found + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Activate content pack + tags: + - Security Monitoring + x-unstable: '**Note**: This endpoint is in preview and is subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' + /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate: + put: + description: 'Deactivate a security monitoring content pack. This operation + removes the content pack''s + + configuration from log filters or security filters and updates the content + pack activation state.' + operationId: DeactivateContentPack + parameters: + - description: The ID of the content pack to deactivate. + in: path + name: content_pack_id + required: true + schema: + example: aws-cloudtrail + type: string + responses: + '202': + description: Accepted + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Forbidden + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Not Found + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + summary: Deactivate content pack + tags: + - Security Monitoring + x-unstable: '**Note**: This endpoint is in preview and is subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security_monitoring/rules: get: description: List rules. diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index ffad1767ea..fe0c2aa3ef 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -23195,6 +23195,69 @@ datadog\_api\_client.v2.model.security\_findings\_status module :members: :show-inheritance: +datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_activation module +------------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_activation + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_integration\_status module +--------------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_integration_status + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_state\_attributes module +------------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_state_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_state\_data module +------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_state_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_state\_meta module +------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_state_meta + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_state\_type module +------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_state_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_states\_response module +------------------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_states_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_status module +-------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_status + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_timestamp\_bucket module +------------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_timestamp_bucket + :members: + :show-inheritance: + datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset module -------------------------------------------------------------------------- @@ -23888,6 +23951,13 @@ datadog\_api\_client.v2.model.security\_monitoring\_signals\_sort module :members: :show-inheritance: +datadog\_api\_client.v2.model.security\_monitoring\_sku module +-------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_sku + :members: + :show-inheritance: + datadog\_api\_client.v2.model.security\_monitoring\_standard\_data\_source module --------------------------------------------------------------------------------- diff --git a/examples/v2/security-monitoring/ActivateContentPack.py b/examples/v2/security-monitoring/ActivateContentPack.py new file mode 100644 index 0000000000..2602e7aca2 --- /dev/null +++ b/examples/v2/security-monitoring/ActivateContentPack.py @@ -0,0 +1,14 @@ +""" +Activate content pack returns "Accepted" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +configuration.unstable_operations["activate_content_pack"] = True +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + api_instance.activate_content_pack( + content_pack_id="aws-cloudtrail", + ) diff --git a/examples/v2/security-monitoring/DeactivateContentPack.py b/examples/v2/security-monitoring/DeactivateContentPack.py new file mode 100644 index 0000000000..32350d4e4e --- /dev/null +++ b/examples/v2/security-monitoring/DeactivateContentPack.py @@ -0,0 +1,14 @@ +""" +Deactivate content pack returns "Accepted" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +configuration.unstable_operations["deactivate_content_pack"] = True +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + api_instance.deactivate_content_pack( + content_pack_id="aws-cloudtrail", + ) diff --git a/examples/v2/security-monitoring/GetContentPacksStates.py b/examples/v2/security-monitoring/GetContentPacksStates.py new file mode 100644 index 0000000000..3aa2107239 --- /dev/null +++ b/examples/v2/security-monitoring/GetContentPacksStates.py @@ -0,0 +1,14 @@ +""" +Get content pack states returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +configuration.unstable_operations["get_content_packs_states"] = True +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.get_content_packs_states() + + print(response) diff --git a/src/datadog_api_client/configuration.py b/src/datadog_api_client/configuration.py index 48cc86d250..f4ec0cd2a5 100644 --- a/src/datadog_api_client/configuration.py +++ b/src/datadog_api_client/configuration.py @@ -266,9 +266,12 @@ def __init__( "v2.get_open_api": False, "v2.list_apis": False, "v2.update_open_api": False, + "v2.activate_content_pack": False, "v2.cancel_threat_hunting_job": False, "v2.convert_job_result_to_signal": False, + "v2.deactivate_content_pack": False, "v2.delete_threat_hunting_job": False, + "v2.get_content_packs_states": False, "v2.get_finding": False, "v2.get_rule_version_history": False, "v2.get_secrets_rules": False, diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index 5602b278a5..a60c987ce6 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -102,6 +102,9 @@ SecurityMonitoringSuppressionUpdateRequest, ) from datadog_api_client.v2.model.get_suppression_version_history_response import GetSuppressionVersionHistoryResponse +from datadog_api_client.v2.model.security_monitoring_content_pack_states_response import ( + SecurityMonitoringContentPackStatesResponse, +) from datadog_api_client.v2.model.security_monitoring_list_rules_response import SecurityMonitoringListRulesResponse from datadog_api_client.v2.model.security_monitoring_rule_response import SecurityMonitoringRuleResponse from datadog_api_client.v2.model.security_monitoring_rule_bulk_export_payload import ( @@ -154,6 +157,29 @@ def __init__(self, api_client=None): api_client = ApiClient(Configuration()) self.api_client = api_client + self._activate_content_pack_endpoint = _Endpoint( + settings={ + "response_type": None, + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/security_monitoring/content_packs/{content_pack_id}/activate", + "operation_id": "activate_content_pack", + "http_method": "PUT", + "version": "v2", + }, + params_map={ + "content_pack_id": { + "required": True, + "openapi_types": (str,), + "attribute": "content_pack_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["*/*"], + }, + api_client=api_client, + ) + self._attach_case_endpoint = _Endpoint( settings={ "response_type": (FindingCaseResponse,), @@ -486,6 +512,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._deactivate_content_pack_endpoint = _Endpoint( + settings={ + "response_type": None, + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate", + "operation_id": "deactivate_content_pack", + "http_method": "PUT", + "version": "v2", + }, + params_map={ + "content_pack_id": { + "required": True, + "openapi_types": (str,), + "attribute": "content_pack_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["*/*"], + }, + api_client=api_client, + ) + self._delete_custom_framework_endpoint = _Endpoint( settings={ "response_type": (DeleteCustomFrameworkResponse,), @@ -774,6 +823,22 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._get_content_packs_states_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringContentPackStatesResponse,), + "auth": ["apiKeyAuth", "appKeyAuth"], + "endpoint_path": "/api/v2/security_monitoring/content_packs/states", + "operation_id": "get_content_packs_states", + "http_method": "GET", + "version": "v2", + }, + params_map={}, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._get_critical_assets_affecting_rule_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringCriticalAssetsResponse,), @@ -2607,6 +2672,25 @@ def __init__(self, api_client=None): api_client=api_client, ) + def activate_content_pack( + self, + content_pack_id: str, + ) -> None: + """Activate content pack. + + Activate a security monitoring content pack. This operation configures the necessary + log filters or security filters depending on the pricing model and updates the content + pack activation state. + + :param content_pack_id: The ID of the content pack to activate. + :type content_pack_id: str + :rtype: None + """ + kwargs: Dict[str, Any] = {} + kwargs["content_pack_id"] = content_pack_id + + return self._activate_content_pack_endpoint.call_with_http_info(**kwargs) + def attach_case( self, case_id: str, @@ -2909,6 +2993,24 @@ def create_vulnerability_notification_rule( return self._create_vulnerability_notification_rule_endpoint.call_with_http_info(**kwargs) + def deactivate_content_pack( + self, + content_pack_id: str, + ) -> None: + """Deactivate content pack. + + Deactivate a security monitoring content pack. This operation removes the content pack's + configuration from log filters or security filters and updates the content pack activation state. + + :param content_pack_id: The ID of the content pack to deactivate. + :type content_pack_id: str + :rtype: None + """ + kwargs: Dict[str, Any] = {} + kwargs["content_pack_id"] = content_pack_id + + return self._deactivate_content_pack_endpoint.call_with_http_info(**kwargs) + def delete_custom_framework( self, handle: str, @@ -3133,6 +3235,20 @@ def edit_security_monitoring_signal_state( return self._edit_security_monitoring_signal_state_endpoint.call_with_http_info(**kwargs) + def get_content_packs_states( + self, + ) -> SecurityMonitoringContentPackStatesResponse: + """Get content pack states. + + Get the activation and configuration states for all security monitoring content packs. + This endpoint returns status information about each content pack including activation state, + integration status, and log collection status. + + :rtype: SecurityMonitoringContentPackStatesResponse + """ + kwargs: Dict[str, Any] = {} + return self._get_content_packs_states_endpoint.call_with_http_info(**kwargs) + def get_critical_assets_affecting_rule( self, rule_id: str, diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py new file mode 100644 index 0000000000..735b621113 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py @@ -0,0 +1,41 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringContentPackActivation(ModelSimple): + """ + The activation status of a content pack + + :param value: Must be one of ["never_activated", "activated", "deactivated"]. + :type value: str + """ + + allowed_values = { + "never_activated", + "activated", + "deactivated", + } + NEVER_ACTIVATED: ClassVar["SecurityMonitoringContentPackActivation"] + ACTIVATED: ClassVar["SecurityMonitoringContentPackActivation"] + DEACTIVATED: ClassVar["SecurityMonitoringContentPackActivation"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringContentPackActivation.NEVER_ACTIVATED = SecurityMonitoringContentPackActivation("never_activated") +SecurityMonitoringContentPackActivation.ACTIVATED = SecurityMonitoringContentPackActivation("activated") +SecurityMonitoringContentPackActivation.DEACTIVATED = SecurityMonitoringContentPackActivation("deactivated") diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py new file mode 100644 index 0000000000..50ce284b88 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py @@ -0,0 +1,49 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringContentPackIntegrationStatus(ModelSimple): + """ + The installation status of the related integration + + :param value: Must be one of ["installed", "available", "partially_installed", "detected", "error"]. + :type value: str + """ + + allowed_values = { + "installed", + "available", + "partially_installed", + "detected", + "error", + } + INSTALLED: ClassVar["SecurityMonitoringContentPackIntegrationStatus"] + AVAILABLE: ClassVar["SecurityMonitoringContentPackIntegrationStatus"] + PARTIALLY_INSTALLED: ClassVar["SecurityMonitoringContentPackIntegrationStatus"] + DETECTED: ClassVar["SecurityMonitoringContentPackIntegrationStatus"] + ERROR: ClassVar["SecurityMonitoringContentPackIntegrationStatus"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringContentPackIntegrationStatus.INSTALLED = SecurityMonitoringContentPackIntegrationStatus("installed") +SecurityMonitoringContentPackIntegrationStatus.AVAILABLE = SecurityMonitoringContentPackIntegrationStatus("available") +SecurityMonitoringContentPackIntegrationStatus.PARTIALLY_INSTALLED = SecurityMonitoringContentPackIntegrationStatus( + "partially_installed" +) +SecurityMonitoringContentPackIntegrationStatus.DETECTED = SecurityMonitoringContentPackIntegrationStatus("detected") +SecurityMonitoringContentPackIntegrationStatus.ERROR = SecurityMonitoringContentPackIntegrationStatus("error") diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py new file mode 100644 index 0000000000..ed09ca55db --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py @@ -0,0 +1,109 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_content_pack_activation import ( + SecurityMonitoringContentPackActivation, + ) + from datadog_api_client.v2.model.security_monitoring_content_pack_integration_status import ( + SecurityMonitoringContentPackIntegrationStatus, + ) + from datadog_api_client.v2.model.security_monitoring_content_pack_timestamp_bucket import ( + SecurityMonitoringContentPackTimestampBucket, + ) + from datadog_api_client.v2.model.security_monitoring_content_pack_status import SecurityMonitoringContentPackStatus + + +class SecurityMonitoringContentPackStateAttributes(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_content_pack_activation import ( + SecurityMonitoringContentPackActivation, + ) + from datadog_api_client.v2.model.security_monitoring_content_pack_integration_status import ( + SecurityMonitoringContentPackIntegrationStatus, + ) + from datadog_api_client.v2.model.security_monitoring_content_pack_timestamp_bucket import ( + SecurityMonitoringContentPackTimestampBucket, + ) + from datadog_api_client.v2.model.security_monitoring_content_pack_status import ( + SecurityMonitoringContentPackStatus, + ) + + return { + "cloud_siem_index_incorrect": (bool,), + "cp_activation": (SecurityMonitoringContentPackActivation,), + "filters_configured_for_logs": (bool,), + "integration_installed_status": (SecurityMonitoringContentPackIntegrationStatus,), + "logs_last_collected": (SecurityMonitoringContentPackTimestampBucket,), + "logs_seen_from_any_index": (bool,), + "state": (SecurityMonitoringContentPackStatus,), + } + + attribute_map = { + "cloud_siem_index_incorrect": "cloud_siem_index_incorrect", + "cp_activation": "cp_activation", + "filters_configured_for_logs": "filters_configured_for_logs", + "integration_installed_status": "integration_installed_status", + "logs_last_collected": "logs_last_collected", + "logs_seen_from_any_index": "logs_seen_from_any_index", + "state": "state", + } + + def __init__( + self_, + cloud_siem_index_incorrect: bool, + cp_activation: SecurityMonitoringContentPackActivation, + filters_configured_for_logs: bool, + logs_last_collected: SecurityMonitoringContentPackTimestampBucket, + logs_seen_from_any_index: bool, + state: SecurityMonitoringContentPackStatus, + integration_installed_status: Union[SecurityMonitoringContentPackIntegrationStatus, UnsetType] = unset, + **kwargs, + ): + """ + Attributes of a content pack state + + :param cloud_siem_index_incorrect: Whether the cloud SIEM index configuration is incorrect (only applies to certain pricing models) + :type cloud_siem_index_incorrect: bool + + :param cp_activation: The activation status of a content pack + :type cp_activation: SecurityMonitoringContentPackActivation + + :param filters_configured_for_logs: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + :type filters_configured_for_logs: bool + + :param integration_installed_status: The installation status of the related integration + :type integration_installed_status: SecurityMonitoringContentPackIntegrationStatus, optional + + :param logs_last_collected: Timestamp bucket indicating when logs were last collected + :type logs_last_collected: SecurityMonitoringContentPackTimestampBucket + + :param logs_seen_from_any_index: Whether logs have been seen from any index + :type logs_seen_from_any_index: bool + + :param state: The current status of a content pack + :type state: SecurityMonitoringContentPackStatus + """ + if integration_installed_status is not unset: + kwargs["integration_installed_status"] = integration_installed_status + super().__init__(kwargs) + + self_.cloud_siem_index_incorrect = cloud_siem_index_incorrect + self_.cp_activation = cp_activation + self_.filters_configured_for_logs = filters_configured_for_logs + self_.logs_last_collected = logs_last_collected + self_.logs_seen_from_any_index = logs_seen_from_any_index + self_.state = state diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_data.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_data.py new file mode 100644 index 0000000000..3781c8a4f2 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_data.py @@ -0,0 +1,68 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_content_pack_state_attributes import ( + SecurityMonitoringContentPackStateAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_content_pack_state_type import ( + SecurityMonitoringContentPackStateType, + ) + + +class SecurityMonitoringContentPackStateData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_content_pack_state_attributes import ( + SecurityMonitoringContentPackStateAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_content_pack_state_type import ( + SecurityMonitoringContentPackStateType, + ) + + return { + "attributes": (SecurityMonitoringContentPackStateAttributes,), + "id": (str,), + "type": (SecurityMonitoringContentPackStateType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__( + self_, + attributes: SecurityMonitoringContentPackStateAttributes, + id: str, + type: SecurityMonitoringContentPackStateType, + **kwargs, + ): + """ + Content pack state data. + + :param attributes: Attributes of a content pack state + :type attributes: SecurityMonitoringContentPackStateAttributes + + :param id: The content pack identifier. + :type id: str + + :param type: Type for content pack state object + :type type: SecurityMonitoringContentPackStateType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.id = id + self_.type = type diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py new file mode 100644 index 0000000000..3b9aac7ffc --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py @@ -0,0 +1,46 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_sku import SecurityMonitoringSKU + + +class SecurityMonitoringContentPackStateMeta(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_sku import SecurityMonitoringSKU + + return { + "cloud_siem_index_incorrect": (bool,), + "sku": (SecurityMonitoringSKU,), + } + + attribute_map = { + "cloud_siem_index_incorrect": "cloud_siem_index_incorrect", + "sku": "sku", + } + + def __init__(self_, cloud_siem_index_incorrect: bool, sku: SecurityMonitoringSKU, **kwargs): + """ + Metadata for content pack states + + :param cloud_siem_index_incorrect: Whether the cloud SIEM index configuration is incorrect at the organization level + :type cloud_siem_index_incorrect: bool + + :param sku: The SIEM pricing model (SKU) for the organization + :type sku: SecurityMonitoringSKU + """ + super().__init__(kwargs) + + self_.cloud_siem_index_incorrect = cloud_siem_index_incorrect + self_.sku = sku diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_type.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_type.py new file mode 100644 index 0000000000..c5b9467eae --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringContentPackStateType(ModelSimple): + """ + Type for content pack state object + + :param value: If omitted defaults to "content_pack_state". Must be one of ["content_pack_state"]. + :type value: str + """ + + allowed_values = { + "content_pack_state", + } + CONTENT_PACK_STATE: ClassVar["SecurityMonitoringContentPackStateType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringContentPackStateType.CONTENT_PACK_STATE = SecurityMonitoringContentPackStateType("content_pack_state") diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_states_response.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_states_response.py new file mode 100644 index 0000000000..ac5e949b7a --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_states_response.py @@ -0,0 +1,61 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_content_pack_state_data import ( + SecurityMonitoringContentPackStateData, + ) + from datadog_api_client.v2.model.security_monitoring_content_pack_state_meta import ( + SecurityMonitoringContentPackStateMeta, + ) + + +class SecurityMonitoringContentPackStatesResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_content_pack_state_data import ( + SecurityMonitoringContentPackStateData, + ) + from datadog_api_client.v2.model.security_monitoring_content_pack_state_meta import ( + SecurityMonitoringContentPackStateMeta, + ) + + return { + "data": ([SecurityMonitoringContentPackStateData],), + "meta": (SecurityMonitoringContentPackStateMeta,), + } + + attribute_map = { + "data": "data", + "meta": "meta", + } + + def __init__( + self_, + data: List[SecurityMonitoringContentPackStateData], + meta: SecurityMonitoringContentPackStateMeta, + **kwargs, + ): + """ + Response containing content pack states. + + :param data: Array of content pack states. + :type data: [SecurityMonitoringContentPackStateData] + + :param meta: Metadata for content pack states + :type meta: SecurityMonitoringContentPackStateMeta + """ + super().__init__(kwargs) + + self_.data = data + self_.meta = meta diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py new file mode 100644 index 0000000000..a8f83bec1d --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py @@ -0,0 +1,50 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringContentPackStatus(ModelSimple): + """ + The current status of a content pack + + :param value: Must be one of ["install", "activate", "initializing", "active", "warning", "broken"]. + :type value: str + """ + + allowed_values = { + "install", + "activate", + "initializing", + "active", + "warning", + "broken", + } + INSTALL: ClassVar["SecurityMonitoringContentPackStatus"] + ACTIVATE: ClassVar["SecurityMonitoringContentPackStatus"] + INITIALIZING: ClassVar["SecurityMonitoringContentPackStatus"] + ACTIVE: ClassVar["SecurityMonitoringContentPackStatus"] + WARNING: ClassVar["SecurityMonitoringContentPackStatus"] + BROKEN: ClassVar["SecurityMonitoringContentPackStatus"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringContentPackStatus.INSTALL = SecurityMonitoringContentPackStatus("install") +SecurityMonitoringContentPackStatus.ACTIVATE = SecurityMonitoringContentPackStatus("activate") +SecurityMonitoringContentPackStatus.INITIALIZING = SecurityMonitoringContentPackStatus("initializing") +SecurityMonitoringContentPackStatus.ACTIVE = SecurityMonitoringContentPackStatus("active") +SecurityMonitoringContentPackStatus.WARNING = SecurityMonitoringContentPackStatus("warning") +SecurityMonitoringContentPackStatus.BROKEN = SecurityMonitoringContentPackStatus("broken") diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py new file mode 100644 index 0000000000..672ce48dcd --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py @@ -0,0 +1,53 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringContentPackTimestampBucket(ModelSimple): + """ + Timestamp bucket indicating when logs were last collected + + :param value: Must be one of ["not_seen", "within_24_hours", "within_24_to_72_hours", "over_72h_to_30d", "over_30d"]. + :type value: str + """ + + allowed_values = { + "not_seen", + "within_24_hours", + "within_24_to_72_hours", + "over_72h_to_30d", + "over_30d", + } + NOT_SEEN: ClassVar["SecurityMonitoringContentPackTimestampBucket"] + WITHIN_24_HOURS: ClassVar["SecurityMonitoringContentPackTimestampBucket"] + WITHIN_24_TO_72_HOURS: ClassVar["SecurityMonitoringContentPackTimestampBucket"] + OVER_72H_TO_30D: ClassVar["SecurityMonitoringContentPackTimestampBucket"] + OVER_30D: ClassVar["SecurityMonitoringContentPackTimestampBucket"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringContentPackTimestampBucket.NOT_SEEN = SecurityMonitoringContentPackTimestampBucket("not_seen") +SecurityMonitoringContentPackTimestampBucket.WITHIN_24_HOURS = SecurityMonitoringContentPackTimestampBucket( + "within_24_hours" +) +SecurityMonitoringContentPackTimestampBucket.WITHIN_24_TO_72_HOURS = SecurityMonitoringContentPackTimestampBucket( + "within_24_to_72_hours" +) +SecurityMonitoringContentPackTimestampBucket.OVER_72H_TO_30D = SecurityMonitoringContentPackTimestampBucket( + "over_72h_to_30d" +) +SecurityMonitoringContentPackTimestampBucket.OVER_30D = SecurityMonitoringContentPackTimestampBucket("over_30d") diff --git a/src/datadog_api_client/v2/model/security_monitoring_sku.py b/src/datadog_api_client/v2/model/security_monitoring_sku.py new file mode 100644 index 0000000000..82a8815a64 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_sku.py @@ -0,0 +1,41 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringSKU(ModelSimple): + """ + The SIEM pricing model (SKU) for the organization + + :param value: Must be one of ["per_gb_analyzed", "per_event_in_siem_index_2023", "add_on_2024"]. + :type value: str + """ + + allowed_values = { + "per_gb_analyzed", + "per_event_in_siem_index_2023", + "add_on_2024", + } + PER_GB_ANALYZED: ClassVar["SecurityMonitoringSKU"] + PER_EVENT_IN_SIEM_INDEX_2023: ClassVar["SecurityMonitoringSKU"] + ADD_ON_2024: ClassVar["SecurityMonitoringSKU"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringSKU.PER_GB_ANALYZED = SecurityMonitoringSKU("per_gb_analyzed") +SecurityMonitoringSKU.PER_EVENT_IN_SIEM_INDEX_2023 = SecurityMonitoringSKU("per_event_in_siem_index_2023") +SecurityMonitoringSKU.ADD_ON_2024 = SecurityMonitoringSKU("add_on_2024") diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 4b959f4c32..400d568fb4 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -4650,6 +4650,31 @@ from datadog_api_client.v2.model.security_findings_search_request_page import SecurityFindingsSearchRequestPage from datadog_api_client.v2.model.security_findings_sort import SecurityFindingsSort from datadog_api_client.v2.model.security_findings_status import SecurityFindingsStatus +from datadog_api_client.v2.model.security_monitoring_content_pack_activation import ( + SecurityMonitoringContentPackActivation, +) +from datadog_api_client.v2.model.security_monitoring_content_pack_integration_status import ( + SecurityMonitoringContentPackIntegrationStatus, +) +from datadog_api_client.v2.model.security_monitoring_content_pack_state_attributes import ( + SecurityMonitoringContentPackStateAttributes, +) +from datadog_api_client.v2.model.security_monitoring_content_pack_state_data import ( + SecurityMonitoringContentPackStateData, +) +from datadog_api_client.v2.model.security_monitoring_content_pack_state_meta import ( + SecurityMonitoringContentPackStateMeta, +) +from datadog_api_client.v2.model.security_monitoring_content_pack_state_type import ( + SecurityMonitoringContentPackStateType, +) +from datadog_api_client.v2.model.security_monitoring_content_pack_states_response import ( + SecurityMonitoringContentPackStatesResponse, +) +from datadog_api_client.v2.model.security_monitoring_content_pack_status import SecurityMonitoringContentPackStatus +from datadog_api_client.v2.model.security_monitoring_content_pack_timestamp_bucket import ( + SecurityMonitoringContentPackTimestampBucket, +) from datadog_api_client.v2.model.security_monitoring_critical_asset import SecurityMonitoringCriticalAsset from datadog_api_client.v2.model.security_monitoring_critical_asset_attributes import ( SecurityMonitoringCriticalAssetAttributes, @@ -4782,6 +4807,7 @@ from datadog_api_client.v2.model.security_monitoring_rule_type_test import SecurityMonitoringRuleTypeTest from datadog_api_client.v2.model.security_monitoring_rule_update_payload import SecurityMonitoringRuleUpdatePayload from datadog_api_client.v2.model.security_monitoring_rule_validate_payload import SecurityMonitoringRuleValidatePayload +from datadog_api_client.v2.model.security_monitoring_sku import SecurityMonitoringSKU from datadog_api_client.v2.model.security_monitoring_scheduling_options import SecurityMonitoringSchedulingOptions from datadog_api_client.v2.model.security_monitoring_signal import SecurityMonitoringSignal from datadog_api_client.v2.model.security_monitoring_signal_archive_reason import SecurityMonitoringSignalArchiveReason @@ -9264,6 +9290,15 @@ "SecurityFindingsSearchRequestPage", "SecurityFindingsSort", "SecurityFindingsStatus", + "SecurityMonitoringContentPackActivation", + "SecurityMonitoringContentPackIntegrationStatus", + "SecurityMonitoringContentPackStateAttributes", + "SecurityMonitoringContentPackStateData", + "SecurityMonitoringContentPackStateMeta", + "SecurityMonitoringContentPackStateType", + "SecurityMonitoringContentPackStatesResponse", + "SecurityMonitoringContentPackStatus", + "SecurityMonitoringContentPackTimestampBucket", "SecurityMonitoringCriticalAsset", "SecurityMonitoringCriticalAssetAttributes", "SecurityMonitoringCriticalAssetCreateAttributes", @@ -9328,6 +9363,7 @@ "SecurityMonitoringRuleTypeTest", "SecurityMonitoringRuleUpdatePayload", "SecurityMonitoringRuleValidatePayload", + "SecurityMonitoringSKU", "SecurityMonitoringSchedulingOptions", "SecurityMonitoringSignal", "SecurityMonitoringSignalArchiveReason", diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index ccc027734e..df5e32bcc4 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -9,6 +9,22 @@ Feature: Security Monitoring And a valid "appKeyAuth" key in the system And an instance of "SecurityMonitoring" API + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Activate content pack returns "Accepted" response + Given operation "ActivateContentPack" enabled + And new "ActivateContentPack" request + And request contains "content_pack_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 202 Accepted + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Activate content pack returns "Not Found" response + Given operation "ActivateContentPack" enabled + And new "ActivateContentPack" request + And request contains "content_pack_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + @team:DataDog/k9-investigation Scenario: Attach security finding to a Jira issue returns "OK" response Given new "AttachJiraIssue" request @@ -681,6 +697,22 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Deactivate content pack returns "Accepted" response + Given operation "DeactivateContentPack" enabled + And new "DeactivateContentPack" request + And request contains "content_pack_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 202 Accepted + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Deactivate content pack returns "Not Found" response + Given operation "DeactivateContentPack" enabled + And new "DeactivateContentPack" request + And request contains "content_pack_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + @team:DataDog/k9-cloud-security-platform Scenario: Delete a critical asset returns "Not Found" response Given new "DeleteSecurityMonitoringCriticalAsset" request @@ -1225,6 +1257,20 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "data[0].attributes.name" is equal to "suppression2 {{ unique_hash }}" + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get content pack states returns "Not Found" response + Given operation "GetContentPacksStates" enabled + And new "GetContentPacksStates" request + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get content pack states returns "OK" response + Given operation "GetContentPacksStates" enabled + And new "GetContentPacksStates" request + When the request is sent + Then the response status is 200 OK + @skip @team:DataDog/k9-cloud-security-platform Scenario: Get critical assets affecting a specific rule returns "Not Found" response Given new "GetCriticalAssetsAffectingRule" request diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index 030260c0f8..7e549784ee 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -4537,6 +4537,24 @@ "type": "safe" } }, + "GetContentPacksStates": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "ActivateContentPack": { + "tag": "Security Monitoring", + "undo": { + "type": "idempotent" + } + }, + "DeactivateContentPack": { + "tag": "Security Monitoring", + "undo": { + "type": "idempotent" + } + }, "ListSecurityMonitoringRules": { "tag": "Security Monitoring", "undo": {