diff --git a/.apigentools-info b/.apigentools-info index 89dc0fb6a9b..bf09a3bd0e6 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.4", - "regenerated": "2022-09-16 08:46:36.930376", - "spec_repo_commit": "f1faacea" + "regenerated": "2022-09-19 13:43:27.842645", + "spec_repo_commit": "99b9d241" }, "v2": { "apigentools_version": "1.6.4", - "regenerated": "2022-09-16 08:46:36.947672", - "spec_repo_commit": "f1faacea" + "regenerated": "2022-09-19 13:43:27.855850", + "spec_repo_commit": "99b9d241" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 1d5411b1cc8..bc2725ed234 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -7051,6 +7051,12 @@ components: - cases - message type: object + SecurityMonitoringRuleCreatePayloadCommon: + description: Create a new rule. + oneOf: + - $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload' + - $ref: '#/components/schemas/SecurityMonitoringSignalCorrelationRuleCreatePayload' + type: object SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv: description: 'If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise. @@ -7273,6 +7279,31 @@ components: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' type: object SecurityMonitoringRuleQuery: + description: Query for matching rule. + oneOf: + - $ref: '#/components/schemas/SecurityMonitoringRuleQueryStandard' + - $ref: '#/components/schemas/SecurityMonitoringRuleQuerySignal' + type: object + SecurityMonitoringRuleQueryAggregation: + description: The aggregation type. + enum: + - count + - cardinality + - sum + - max + - new_value + - geo_data + - event_count + type: string + x-enum-varnames: + - COUNT + - CARDINALITY + - SUM + - MAX + - NEW_VALUE + - GEO_DATA + - EVENT_COUNT + SecurityMonitoringRuleQueryCreate: description: Query for matching rule. properties: aggregation: @@ -7306,26 +7337,75 @@ components: type: string query: description: Query to run on logs. + example: a > 3 type: string + required: + - query type: object - SecurityMonitoringRuleQueryAggregation: - description: The aggregation type. - enum: - - count - - cardinality - - sum - - max - - new_value - - geo_data - type: string - x-enum-varnames: - - COUNT - - CARDINALITY - - SUM - - MAX - - NEW_VALUE - - GEO_DATA - SecurityMonitoringRuleQueryCreate: + SecurityMonitoringRuleQuerySignal: + description: Query for matching rule on signals + properties: + aggregation: + $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' + correlatedByFields: + description: Fields to group by. + items: + description: Field. + type: string + type: array + correlatedQueryIndex: + description: Index of the rule query used to retrieve the correlated field. + format: int32 + maximum: 9 + type: integer + metrics: + description: Group of target fields to aggregate over when using the new + value aggregations. + items: + description: Field. + type: string + type: array + name: + description: Name of the query. + type: string + ruleId: + description: RuleId to match on signals. + type: string + type: object + SecurityMonitoringRuleQuerySignalCreate: + description: Query for matching rule on signals + properties: + aggregation: + $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' + correlatedByFields: + description: Fields to group by. + items: + description: Field. + type: string + type: array + correlatedQueryIndex: + description: Index of the rule query used to retrieve the correlated field. + format: int32 + maximum: 9 + type: integer + metrics: + description: Group of target fields to aggregate over when using the new + value aggregations. + items: + description: Field. + type: string + type: array + name: + description: Name of the query. + type: string + ruleId: + description: RuleId to match on signals. + example: d3f-ru1-e1d + type: string + required: + - ruleId + type: object + SecurityMonitoringRuleQueryStandard: description: Query for matching rule. properties: aggregation: @@ -7359,10 +7439,7 @@ components: type: string query: description: Query to run on logs. - example: a > 3 type: string - required: - - query type: object SecurityMonitoringRuleResponse: description: Rule. @@ -7460,12 +7537,14 @@ components: description: The rule type. enum: - log_detection + - signal_correlation - infrastructure_configuration - workload_security - cloud_configuration type: string x-enum-varnames: - LOG_DETECTION + - SIGNAL_CORRELATION - INFRASTRUCTURE_CONFIGURATION - WORKLOAD_SECURITY - CLOUD_CONFIGURATION @@ -7609,6 +7688,72 @@ components: format: date-time type: string type: object + SecurityMonitoringSignalCorrelationRuleCreatePayload: + description: Create a new signal correlation rule. + properties: + cases: + description: Cases for generating signals. + example: [] + items: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate' + type: array + filters: + description: Additional queries to filter matched events before they are + processed. + items: + $ref: '#/components/schemas/SecurityMonitoringFilter' + type: array + hasExtendedTitle: + description: Whether the notifications include the triggering group-by values + in their title. + example: true + type: boolean + isEnabled: + description: Whether the rule is enabled. + example: true + type: boolean + message: + description: Message for generated signals. + example: '' + type: string + name: + description: The name of the rule. + example: My security monitoring rule. + type: string + options: + $ref: '#/components/schemas/SecurityMonitoringRuleOptions' + queries: + description: Queries for selecting signals which are part of the rule. + example: [] + items: + $ref: '#/components/schemas/SecurityMonitoringRuleQuerySignalCreate' + type: array + tags: + description: Tags for generated signals. + example: + - env:prod + - team:security + items: + description: Tag. + type: string + type: array + type: + $ref: '#/components/schemas/SecurityMonitoringSignalCorrelationRuleTypeCreate' + required: + - name + - isEnabled + - queries + - options + - cases + - message + type: object + SecurityMonitoringSignalCorrelationRuleTypeCreate: + description: The rule type. + enum: + - signal_correlation + type: string + x-enum-varnames: + - SIGNAL_CORRELATION SecurityMonitoringSignalIncidentIds: description: Array of incidents that are associated with this signal. items: @@ -12625,7 +12770,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload' + $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayloadCommon' required: true responses: '200': diff --git a/api/datadogV2/api_security_monitoring.go b/api/datadogV2/api_security_monitoring.go index e23e94ede30..b33188fae24 100644 --- a/api/datadogV2/api_security_monitoring.go +++ b/api/datadogV2/api_security_monitoring.go @@ -148,10 +148,10 @@ func (a *SecurityMonitoringApi) createSecurityFilterExecute(r apiCreateSecurityF type apiCreateSecurityMonitoringRuleRequest struct { ctx _context.Context - body *SecurityMonitoringRuleCreatePayload + body *SecurityMonitoringRuleCreatePayloadCommon } -func (a *SecurityMonitoringApi) buildCreateSecurityMonitoringRuleRequest(ctx _context.Context, body SecurityMonitoringRuleCreatePayload) (apiCreateSecurityMonitoringRuleRequest, error) { +func (a *SecurityMonitoringApi) buildCreateSecurityMonitoringRuleRequest(ctx _context.Context, body SecurityMonitoringRuleCreatePayloadCommon) (apiCreateSecurityMonitoringRuleRequest, error) { req := apiCreateSecurityMonitoringRuleRequest{ ctx: ctx, body: &body, @@ -161,7 +161,7 @@ func (a *SecurityMonitoringApi) buildCreateSecurityMonitoringRuleRequest(ctx _co // CreateSecurityMonitoringRule Create a detection rule. // Create a detection rule. -func (a *SecurityMonitoringApi) CreateSecurityMonitoringRule(ctx _context.Context, body SecurityMonitoringRuleCreatePayload) (SecurityMonitoringRuleResponse, *_nethttp.Response, error) { +func (a *SecurityMonitoringApi) CreateSecurityMonitoringRule(ctx _context.Context, body SecurityMonitoringRuleCreatePayloadCommon) (SecurityMonitoringRuleResponse, *_nethttp.Response, error) { req, err := a.buildCreateSecurityMonitoringRuleRequest(ctx, body) if err != nil { var localVarReturnValue SecurityMonitoringRuleResponse diff --git a/api/datadogV2/model_security_monitoring_rule_create_payload_common.go b/api/datadogV2/model_security_monitoring_rule_create_payload_common.go new file mode 100644 index 00000000000..51656be2256 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_rule_create_payload_common.go @@ -0,0 +1,155 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "encoding/json" +) + +// SecurityMonitoringRuleCreatePayloadCommon - Create a new rule. +type SecurityMonitoringRuleCreatePayloadCommon struct { + SecurityMonitoringRuleCreatePayload *SecurityMonitoringRuleCreatePayload + SecurityMonitoringSignalCorrelationRuleCreatePayload *SecurityMonitoringSignalCorrelationRuleCreatePayload + + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject interface{} +} + +// SecurityMonitoringRuleCreatePayloadAsSecurityMonitoringRuleCreatePayloadCommon is a convenience function that returns SecurityMonitoringRuleCreatePayload wrapped in SecurityMonitoringRuleCreatePayloadCommon. +func SecurityMonitoringRuleCreatePayloadAsSecurityMonitoringRuleCreatePayloadCommon(v *SecurityMonitoringRuleCreatePayload) SecurityMonitoringRuleCreatePayloadCommon { + return SecurityMonitoringRuleCreatePayloadCommon{SecurityMonitoringRuleCreatePayload: v} +} + +// SecurityMonitoringSignalCorrelationRuleCreatePayloadAsSecurityMonitoringRuleCreatePayloadCommon is a convenience function that returns SecurityMonitoringSignalCorrelationRuleCreatePayload wrapped in SecurityMonitoringRuleCreatePayloadCommon. +func SecurityMonitoringSignalCorrelationRuleCreatePayloadAsSecurityMonitoringRuleCreatePayloadCommon(v *SecurityMonitoringSignalCorrelationRuleCreatePayload) SecurityMonitoringRuleCreatePayloadCommon { + return SecurityMonitoringRuleCreatePayloadCommon{SecurityMonitoringSignalCorrelationRuleCreatePayload: v} +} + +// UnmarshalJSON turns data into one of the pointers in the struct. +func (obj *SecurityMonitoringRuleCreatePayloadCommon) UnmarshalJSON(data []byte) error { + var err error + match := 0 + // try to unmarshal data into SecurityMonitoringRuleCreatePayload + err = json.Unmarshal(data, &obj.SecurityMonitoringRuleCreatePayload) + if err == nil { + if obj.SecurityMonitoringRuleCreatePayload != nil && obj.SecurityMonitoringRuleCreatePayload.UnparsedObject == nil { + jsonSecurityMonitoringRuleCreatePayload, _ := json.Marshal(obj.SecurityMonitoringRuleCreatePayload) + if string(jsonSecurityMonitoringRuleCreatePayload) == "{}" { // empty struct + obj.SecurityMonitoringRuleCreatePayload = nil + } else { + match++ + } + } else { + obj.SecurityMonitoringRuleCreatePayload = nil + } + } else { + obj.SecurityMonitoringRuleCreatePayload = nil + } + + // try to unmarshal data into SecurityMonitoringSignalCorrelationRuleCreatePayload + err = json.Unmarshal(data, &obj.SecurityMonitoringSignalCorrelationRuleCreatePayload) + if err == nil { + if obj.SecurityMonitoringSignalCorrelationRuleCreatePayload != nil && obj.SecurityMonitoringSignalCorrelationRuleCreatePayload.UnparsedObject == nil { + jsonSecurityMonitoringSignalCorrelationRuleCreatePayload, _ := json.Marshal(obj.SecurityMonitoringSignalCorrelationRuleCreatePayload) + if string(jsonSecurityMonitoringSignalCorrelationRuleCreatePayload) == "{}" { // empty struct + obj.SecurityMonitoringSignalCorrelationRuleCreatePayload = nil + } else { + match++ + } + } else { + obj.SecurityMonitoringSignalCorrelationRuleCreatePayload = nil + } + } else { + obj.SecurityMonitoringSignalCorrelationRuleCreatePayload = nil + } + + if match != 1 { // more than 1 match + // reset to nil + obj.SecurityMonitoringRuleCreatePayload = nil + obj.SecurityMonitoringSignalCorrelationRuleCreatePayload = nil + return json.Unmarshal(data, &obj.UnparsedObject) + } + return nil // exactly one match +} + +// MarshalJSON turns data from the first non-nil pointers in the struct to JSON. +func (obj SecurityMonitoringRuleCreatePayloadCommon) MarshalJSON() ([]byte, error) { + if obj.SecurityMonitoringRuleCreatePayload != nil { + return json.Marshal(&obj.SecurityMonitoringRuleCreatePayload) + } + + if obj.SecurityMonitoringSignalCorrelationRuleCreatePayload != nil { + return json.Marshal(&obj.SecurityMonitoringSignalCorrelationRuleCreatePayload) + } + + if obj.UnparsedObject != nil { + return json.Marshal(obj.UnparsedObject) + } + return nil, nil // no data in oneOf schemas +} + +// GetActualInstance returns the actual instance. +func (obj *SecurityMonitoringRuleCreatePayloadCommon) GetActualInstance() interface{} { + if obj.SecurityMonitoringRuleCreatePayload != nil { + return obj.SecurityMonitoringRuleCreatePayload + } + + if obj.SecurityMonitoringSignalCorrelationRuleCreatePayload != nil { + return obj.SecurityMonitoringSignalCorrelationRuleCreatePayload + } + + // all schemas are nil + return nil +} + +// NullableSecurityMonitoringRuleCreatePayloadCommon handles when a null is used for SecurityMonitoringRuleCreatePayloadCommon. +type NullableSecurityMonitoringRuleCreatePayloadCommon struct { + value *SecurityMonitoringRuleCreatePayloadCommon + isSet bool +} + +// Get returns the associated value. +func (v NullableSecurityMonitoringRuleCreatePayloadCommon) Get() *SecurityMonitoringRuleCreatePayloadCommon { + return v.value +} + +// Set changes the value and indicates it's been called. +func (v *NullableSecurityMonitoringRuleCreatePayloadCommon) Set(val *SecurityMonitoringRuleCreatePayloadCommon) { + v.value = val + v.isSet = true +} + +// IsSet returns whether Set has been called. +func (v NullableSecurityMonitoringRuleCreatePayloadCommon) IsSet() bool { + return v.isSet +} + +// Unset sets the value to nil and resets the set flag/ +func (v *NullableSecurityMonitoringRuleCreatePayloadCommon) Unset() { + v.value = nil + v.isSet = false +} + +// NewNullableSecurityMonitoringRuleCreatePayloadCommon initializes the struct as if Set has been called. +func NewNullableSecurityMonitoringRuleCreatePayloadCommon(val *SecurityMonitoringRuleCreatePayloadCommon) *NullableSecurityMonitoringRuleCreatePayloadCommon { + return &NullableSecurityMonitoringRuleCreatePayloadCommon{value: val, isSet: true} +} + +// MarshalJSON serializes the associated value. +func (v NullableSecurityMonitoringRuleCreatePayloadCommon) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +// UnmarshalJSON deserializes the payload and sets the flag as if Set has been called. +func (v *NullableSecurityMonitoringRuleCreatePayloadCommon) UnmarshalJSON(src []byte) error { + v.isSet = true + + // this object is nullable so check if the payload is null or empty string + if string(src) == "" || string(src) == "{}" { + return nil + } + + return json.Unmarshal(src, &v.value) +} diff --git a/api/datadogV2/model_security_monitoring_rule_query.go b/api/datadogV2/model_security_monitoring_rule_query.go index 771c76e900c..70225b2c136 100644 --- a/api/datadogV2/model_security_monitoring_rule_query.go +++ b/api/datadogV2/model_security_monitoring_rule_query.go @@ -8,338 +8,148 @@ import ( "encoding/json" ) -// SecurityMonitoringRuleQuery Query for matching rule. +// SecurityMonitoringRuleQuery - Query for matching rule. type SecurityMonitoringRuleQuery struct { - // The aggregation type. - Aggregation *SecurityMonitoringRuleQueryAggregation `json:"aggregation,omitempty"` - // Field for which the cardinality is measured. Sent as an array. - DistinctFields []string `json:"distinctFields,omitempty"` - // Fields to group by. - GroupByFields []string `json:"groupByFields,omitempty"` - // The target field to aggregate over when using the sum or max - // aggregations. - Metric *string `json:"metric,omitempty"` - // Group of target fields to aggregate over when using the new value aggregations. - Metrics []string `json:"metrics,omitempty"` - // Name of the query. - Name *string `json:"name,omitempty"` - // Query to run on logs. - Query *string `json:"query,omitempty"` - // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct - UnparsedObject map[string]interface{} `json:-` - AdditionalProperties map[string]interface{} -} - -// NewSecurityMonitoringRuleQuery instantiates a new SecurityMonitoringRuleQuery object. -// This constructor will assign default values to properties that have it defined, -// and makes sure properties required by API are set, but the set of arguments -// will change when the set of required properties is changed. -func NewSecurityMonitoringRuleQuery() *SecurityMonitoringRuleQuery { - this := SecurityMonitoringRuleQuery{} - return &this -} - -// NewSecurityMonitoringRuleQueryWithDefaults instantiates a new SecurityMonitoringRuleQuery object. -// This constructor will only assign default values to properties that have it defined, -// but it doesn't guarantee that properties required by API are set. -func NewSecurityMonitoringRuleQueryWithDefaults() *SecurityMonitoringRuleQuery { - this := SecurityMonitoringRuleQuery{} - return &this -} - -// GetAggregation returns the Aggregation field value if set, zero value otherwise. -func (o *SecurityMonitoringRuleQuery) GetAggregation() SecurityMonitoringRuleQueryAggregation { - if o == nil || o.Aggregation == nil { - var ret SecurityMonitoringRuleQueryAggregation - return ret - } - return *o.Aggregation -} - -// GetAggregationOk returns a tuple with the Aggregation field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *SecurityMonitoringRuleQuery) GetAggregationOk() (*SecurityMonitoringRuleQueryAggregation, bool) { - if o == nil || o.Aggregation == nil { - return nil, false - } - return o.Aggregation, true -} - -// HasAggregation returns a boolean if a field has been set. -func (o *SecurityMonitoringRuleQuery) HasAggregation() bool { - if o != nil && o.Aggregation != nil { - return true - } - - return false -} - -// SetAggregation gets a reference to the given SecurityMonitoringRuleQueryAggregation and assigns it to the Aggregation field. -func (o *SecurityMonitoringRuleQuery) SetAggregation(v SecurityMonitoringRuleQueryAggregation) { - o.Aggregation = &v -} - -// GetDistinctFields returns the DistinctFields field value if set, zero value otherwise. -func (o *SecurityMonitoringRuleQuery) GetDistinctFields() []string { - if o == nil || o.DistinctFields == nil { - var ret []string - return ret - } - return o.DistinctFields -} + SecurityMonitoringRuleQueryStandard *SecurityMonitoringRuleQueryStandard + SecurityMonitoringRuleQuerySignal *SecurityMonitoringRuleQuerySignal -// GetDistinctFieldsOk returns a tuple with the DistinctFields field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *SecurityMonitoringRuleQuery) GetDistinctFieldsOk() (*[]string, bool) { - if o == nil || o.DistinctFields == nil { - return nil, false - } - return &o.DistinctFields, true -} - -// HasDistinctFields returns a boolean if a field has been set. -func (o *SecurityMonitoringRuleQuery) HasDistinctFields() bool { - if o != nil && o.DistinctFields != nil { - return true + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject interface{} +} + +// SecurityMonitoringRuleQueryStandardAsSecurityMonitoringRuleQuery is a convenience function that returns SecurityMonitoringRuleQueryStandard wrapped in SecurityMonitoringRuleQuery. +func SecurityMonitoringRuleQueryStandardAsSecurityMonitoringRuleQuery(v *SecurityMonitoringRuleQueryStandard) SecurityMonitoringRuleQuery { + return SecurityMonitoringRuleQuery{SecurityMonitoringRuleQueryStandard: v} +} + +// SecurityMonitoringRuleQuerySignalAsSecurityMonitoringRuleQuery is a convenience function that returns SecurityMonitoringRuleQuerySignal wrapped in SecurityMonitoringRuleQuery. +func SecurityMonitoringRuleQuerySignalAsSecurityMonitoringRuleQuery(v *SecurityMonitoringRuleQuerySignal) SecurityMonitoringRuleQuery { + return SecurityMonitoringRuleQuery{SecurityMonitoringRuleQuerySignal: v} +} + +// UnmarshalJSON turns data into one of the pointers in the struct. +func (obj *SecurityMonitoringRuleQuery) UnmarshalJSON(data []byte) error { + var err error + match := 0 + // try to unmarshal data into SecurityMonitoringRuleQueryStandard + err = json.Unmarshal(data, &obj.SecurityMonitoringRuleQueryStandard) + if err == nil { + if obj.SecurityMonitoringRuleQueryStandard != nil && obj.SecurityMonitoringRuleQueryStandard.UnparsedObject == nil { + jsonSecurityMonitoringRuleQueryStandard, _ := json.Marshal(obj.SecurityMonitoringRuleQueryStandard) + if string(jsonSecurityMonitoringRuleQueryStandard) == "{}" { // empty struct + obj.SecurityMonitoringRuleQueryStandard = nil + } else { + match++ + } + } else { + obj.SecurityMonitoringRuleQueryStandard = nil + } + } else { + obj.SecurityMonitoringRuleQueryStandard = nil + } + + // try to unmarshal data into SecurityMonitoringRuleQuerySignal + err = json.Unmarshal(data, &obj.SecurityMonitoringRuleQuerySignal) + if err == nil { + if obj.SecurityMonitoringRuleQuerySignal != nil && obj.SecurityMonitoringRuleQuerySignal.UnparsedObject == nil { + jsonSecurityMonitoringRuleQuerySignal, _ := json.Marshal(obj.SecurityMonitoringRuleQuerySignal) + if string(jsonSecurityMonitoringRuleQuerySignal) == "{}" { // empty struct + obj.SecurityMonitoringRuleQuerySignal = nil + } else { + match++ + } + } else { + obj.SecurityMonitoringRuleQuerySignal = nil + } + } else { + obj.SecurityMonitoringRuleQuerySignal = nil } - return false -} - -// SetDistinctFields gets a reference to the given []string and assigns it to the DistinctFields field. -func (o *SecurityMonitoringRuleQuery) SetDistinctFields(v []string) { - o.DistinctFields = v -} - -// GetGroupByFields returns the GroupByFields field value if set, zero value otherwise. -func (o *SecurityMonitoringRuleQuery) GetGroupByFields() []string { - if o == nil || o.GroupByFields == nil { - var ret []string - return ret + if match != 1 { // more than 1 match + // reset to nil + obj.SecurityMonitoringRuleQueryStandard = nil + obj.SecurityMonitoringRuleQuerySignal = nil + return json.Unmarshal(data, &obj.UnparsedObject) } - return o.GroupByFields + return nil // exactly one match } -// GetGroupByFieldsOk returns a tuple with the GroupByFields field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *SecurityMonitoringRuleQuery) GetGroupByFieldsOk() (*[]string, bool) { - if o == nil || o.GroupByFields == nil { - return nil, false +// MarshalJSON turns data from the first non-nil pointers in the struct to JSON. +func (obj SecurityMonitoringRuleQuery) MarshalJSON() ([]byte, error) { + if obj.SecurityMonitoringRuleQueryStandard != nil { + return json.Marshal(&obj.SecurityMonitoringRuleQueryStandard) } - return &o.GroupByFields, true -} -// HasGroupByFields returns a boolean if a field has been set. -func (o *SecurityMonitoringRuleQuery) HasGroupByFields() bool { - if o != nil && o.GroupByFields != nil { - return true + if obj.SecurityMonitoringRuleQuerySignal != nil { + return json.Marshal(&obj.SecurityMonitoringRuleQuerySignal) } - return false -} - -// SetGroupByFields gets a reference to the given []string and assigns it to the GroupByFields field. -func (o *SecurityMonitoringRuleQuery) SetGroupByFields(v []string) { - o.GroupByFields = v -} - -// GetMetric returns the Metric field value if set, zero value otherwise. -func (o *SecurityMonitoringRuleQuery) GetMetric() string { - if o == nil || o.Metric == nil { - var ret string - return ret + if obj.UnparsedObject != nil { + return json.Marshal(obj.UnparsedObject) } - return *o.Metric + return nil, nil // no data in oneOf schemas } -// GetMetricOk returns a tuple with the Metric field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *SecurityMonitoringRuleQuery) GetMetricOk() (*string, bool) { - if o == nil || o.Metric == nil { - return nil, false +// GetActualInstance returns the actual instance. +func (obj *SecurityMonitoringRuleQuery) GetActualInstance() interface{} { + if obj.SecurityMonitoringRuleQueryStandard != nil { + return obj.SecurityMonitoringRuleQueryStandard } - return o.Metric, true -} -// HasMetric returns a boolean if a field has been set. -func (o *SecurityMonitoringRuleQuery) HasMetric() bool { - if o != nil && o.Metric != nil { - return true + if obj.SecurityMonitoringRuleQuerySignal != nil { + return obj.SecurityMonitoringRuleQuerySignal } - return false -} - -// SetMetric gets a reference to the given string and assigns it to the Metric field. -func (o *SecurityMonitoringRuleQuery) SetMetric(v string) { - o.Metric = &v -} - -// GetMetrics returns the Metrics field value if set, zero value otherwise. -func (o *SecurityMonitoringRuleQuery) GetMetrics() []string { - if o == nil || o.Metrics == nil { - var ret []string - return ret - } - return o.Metrics -} - -// GetMetricsOk returns a tuple with the Metrics field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *SecurityMonitoringRuleQuery) GetMetricsOk() (*[]string, bool) { - if o == nil || o.Metrics == nil { - return nil, false - } - return &o.Metrics, true -} - -// HasMetrics returns a boolean if a field has been set. -func (o *SecurityMonitoringRuleQuery) HasMetrics() bool { - if o != nil && o.Metrics != nil { - return true - } - - return false + // all schemas are nil + return nil } -// SetMetrics gets a reference to the given []string and assigns it to the Metrics field. -func (o *SecurityMonitoringRuleQuery) SetMetrics(v []string) { - o.Metrics = v +// NullableSecurityMonitoringRuleQuery handles when a null is used for SecurityMonitoringRuleQuery. +type NullableSecurityMonitoringRuleQuery struct { + value *SecurityMonitoringRuleQuery + isSet bool } -// GetName returns the Name field value if set, zero value otherwise. -func (o *SecurityMonitoringRuleQuery) GetName() string { - if o == nil || o.Name == nil { - var ret string - return ret - } - return *o.Name +// Get returns the associated value. +func (v NullableSecurityMonitoringRuleQuery) Get() *SecurityMonitoringRuleQuery { + return v.value } -// GetNameOk returns a tuple with the Name field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *SecurityMonitoringRuleQuery) GetNameOk() (*string, bool) { - if o == nil || o.Name == nil { - return nil, false - } - return o.Name, true +// Set changes the value and indicates it's been called. +func (v *NullableSecurityMonitoringRuleQuery) Set(val *SecurityMonitoringRuleQuery) { + v.value = val + v.isSet = true } -// HasName returns a boolean if a field has been set. -func (o *SecurityMonitoringRuleQuery) HasName() bool { - if o != nil && o.Name != nil { - return true - } - - return false +// IsSet returns whether Set has been called. +func (v NullableSecurityMonitoringRuleQuery) IsSet() bool { + return v.isSet } -// SetName gets a reference to the given string and assigns it to the Name field. -func (o *SecurityMonitoringRuleQuery) SetName(v string) { - o.Name = &v +// Unset sets the value to nil and resets the set flag/ +func (v *NullableSecurityMonitoringRuleQuery) Unset() { + v.value = nil + v.isSet = false } -// GetQuery returns the Query field value if set, zero value otherwise. -func (o *SecurityMonitoringRuleQuery) GetQuery() string { - if o == nil || o.Query == nil { - var ret string - return ret - } - return *o.Query +// NewNullableSecurityMonitoringRuleQuery initializes the struct as if Set has been called. +func NewNullableSecurityMonitoringRuleQuery(val *SecurityMonitoringRuleQuery) *NullableSecurityMonitoringRuleQuery { + return &NullableSecurityMonitoringRuleQuery{value: val, isSet: true} } -// GetQueryOk returns a tuple with the Query field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *SecurityMonitoringRuleQuery) GetQueryOk() (*string, bool) { - if o == nil || o.Query == nil { - return nil, false - } - return o.Query, true +// MarshalJSON serializes the associated value. +func (v NullableSecurityMonitoringRuleQuery) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) } -// HasQuery returns a boolean if a field has been set. -func (o *SecurityMonitoringRuleQuery) HasQuery() bool { - if o != nil && o.Query != nil { - return true - } +// UnmarshalJSON deserializes the payload and sets the flag as if Set has been called. +func (v *NullableSecurityMonitoringRuleQuery) UnmarshalJSON(src []byte) error { + v.isSet = true - return false -} - -// SetQuery gets a reference to the given string and assigns it to the Query field. -func (o *SecurityMonitoringRuleQuery) SetQuery(v string) { - o.Query = &v -} - -// MarshalJSON serializes the struct using spec logic. -func (o SecurityMonitoringRuleQuery) MarshalJSON() ([]byte, error) { - toSerialize := map[string]interface{}{} - if o.UnparsedObject != nil { - return json.Marshal(o.UnparsedObject) - } - if o.Aggregation != nil { - toSerialize["aggregation"] = o.Aggregation - } - if o.DistinctFields != nil { - toSerialize["distinctFields"] = o.DistinctFields - } - if o.GroupByFields != nil { - toSerialize["groupByFields"] = o.GroupByFields - } - if o.Metric != nil { - toSerialize["metric"] = o.Metric - } - if o.Metrics != nil { - toSerialize["metrics"] = o.Metrics - } - if o.Name != nil { - toSerialize["name"] = o.Name - } - if o.Query != nil { - toSerialize["query"] = o.Query - } - - for key, value := range o.AdditionalProperties { - toSerialize[key] = value - } - return json.Marshal(toSerialize) -} - -// UnmarshalJSON deserializes the given payload. -func (o *SecurityMonitoringRuleQuery) UnmarshalJSON(bytes []byte) (err error) { - raw := map[string]interface{}{} - all := struct { - Aggregation *SecurityMonitoringRuleQueryAggregation `json:"aggregation,omitempty"` - DistinctFields []string `json:"distinctFields,omitempty"` - GroupByFields []string `json:"groupByFields,omitempty"` - Metric *string `json:"metric,omitempty"` - Metrics []string `json:"metrics,omitempty"` - Name *string `json:"name,omitempty"` - Query *string `json:"query,omitempty"` - }{} - err = json.Unmarshal(bytes, &all) - if err != nil { - err = json.Unmarshal(bytes, &raw) - if err != nil { - return err - } - o.UnparsedObject = raw + // this object is nullable so check if the payload is null or empty string + if string(src) == "" || string(src) == "{}" { return nil } - if v := all.Aggregation; v != nil && !v.IsValid() { - err = json.Unmarshal(bytes, &raw) - if err != nil { - return err - } - o.UnparsedObject = raw - return nil - } - o.Aggregation = all.Aggregation - o.DistinctFields = all.DistinctFields - o.GroupByFields = all.GroupByFields - o.Metric = all.Metric - o.Metrics = all.Metrics - o.Name = all.Name - o.Query = all.Query - return nil + + return json.Unmarshal(src, &v.value) } diff --git a/api/datadogV2/model_security_monitoring_rule_query_aggregation.go b/api/datadogV2/model_security_monitoring_rule_query_aggregation.go index 60cfacdcf4a..985159d4601 100644 --- a/api/datadogV2/model_security_monitoring_rule_query_aggregation.go +++ b/api/datadogV2/model_security_monitoring_rule_query_aggregation.go @@ -20,6 +20,7 @@ const ( SECURITYMONITORINGRULEQUERYAGGREGATION_MAX SecurityMonitoringRuleQueryAggregation = "max" SECURITYMONITORINGRULEQUERYAGGREGATION_NEW_VALUE SecurityMonitoringRuleQueryAggregation = "new_value" SECURITYMONITORINGRULEQUERYAGGREGATION_GEO_DATA SecurityMonitoringRuleQueryAggregation = "geo_data" + SECURITYMONITORINGRULEQUERYAGGREGATION_EVENT_COUNT SecurityMonitoringRuleQueryAggregation = "event_count" ) var allowedSecurityMonitoringRuleQueryAggregationEnumValues = []SecurityMonitoringRuleQueryAggregation{ @@ -29,6 +30,7 @@ var allowedSecurityMonitoringRuleQueryAggregationEnumValues = []SecurityMonitori SECURITYMONITORINGRULEQUERYAGGREGATION_MAX, SECURITYMONITORINGRULEQUERYAGGREGATION_NEW_VALUE, SECURITYMONITORINGRULEQUERYAGGREGATION_GEO_DATA, + SECURITYMONITORINGRULEQUERYAGGREGATION_EVENT_COUNT, } // GetAllowedValues reeturns the list of possible values. diff --git a/api/datadogV2/model_security_monitoring_rule_query_signal.go b/api/datadogV2/model_security_monitoring_rule_query_signal.go new file mode 100644 index 00000000000..a4b681a6f6e --- /dev/null +++ b/api/datadogV2/model_security_monitoring_rule_query_signal.go @@ -0,0 +1,305 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "encoding/json" +) + +// SecurityMonitoringRuleQuerySignal Query for matching rule on signals +type SecurityMonitoringRuleQuerySignal struct { + // The aggregation type. + Aggregation *SecurityMonitoringRuleQueryAggregation `json:"aggregation,omitempty"` + // Fields to group by. + CorrelatedByFields []string `json:"correlatedByFields,omitempty"` + // Index of the rule query used to retrieve the correlated field. + CorrelatedQueryIndex *int32 `json:"correlatedQueryIndex,omitempty"` + // Group of target fields to aggregate over when using the new value aggregations. + Metrics []string `json:"metrics,omitempty"` + // Name of the query. + Name *string `json:"name,omitempty"` + // RuleId to match on signals. + RuleId *string `json:"ruleId,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:-` + AdditionalProperties map[string]interface{} +} + +// NewSecurityMonitoringRuleQuerySignal instantiates a new SecurityMonitoringRuleQuerySignal object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringRuleQuerySignal() *SecurityMonitoringRuleQuerySignal { + this := SecurityMonitoringRuleQuerySignal{} + return &this +} + +// NewSecurityMonitoringRuleQuerySignalWithDefaults instantiates a new SecurityMonitoringRuleQuerySignal object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringRuleQuerySignalWithDefaults() *SecurityMonitoringRuleQuerySignal { + this := SecurityMonitoringRuleQuerySignal{} + return &this +} + +// GetAggregation returns the Aggregation field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignal) GetAggregation() SecurityMonitoringRuleQueryAggregation { + if o == nil || o.Aggregation == nil { + var ret SecurityMonitoringRuleQueryAggregation + return ret + } + return *o.Aggregation +} + +// GetAggregationOk returns a tuple with the Aggregation field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignal) GetAggregationOk() (*SecurityMonitoringRuleQueryAggregation, bool) { + if o == nil || o.Aggregation == nil { + return nil, false + } + return o.Aggregation, true +} + +// HasAggregation returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignal) HasAggregation() bool { + if o != nil && o.Aggregation != nil { + return true + } + + return false +} + +// SetAggregation gets a reference to the given SecurityMonitoringRuleQueryAggregation and assigns it to the Aggregation field. +func (o *SecurityMonitoringRuleQuerySignal) SetAggregation(v SecurityMonitoringRuleQueryAggregation) { + o.Aggregation = &v +} + +// GetCorrelatedByFields returns the CorrelatedByFields field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignal) GetCorrelatedByFields() []string { + if o == nil || o.CorrelatedByFields == nil { + var ret []string + return ret + } + return o.CorrelatedByFields +} + +// GetCorrelatedByFieldsOk returns a tuple with the CorrelatedByFields field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignal) GetCorrelatedByFieldsOk() (*[]string, bool) { + if o == nil || o.CorrelatedByFields == nil { + return nil, false + } + return &o.CorrelatedByFields, true +} + +// HasCorrelatedByFields returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignal) HasCorrelatedByFields() bool { + if o != nil && o.CorrelatedByFields != nil { + return true + } + + return false +} + +// SetCorrelatedByFields gets a reference to the given []string and assigns it to the CorrelatedByFields field. +func (o *SecurityMonitoringRuleQuerySignal) SetCorrelatedByFields(v []string) { + o.CorrelatedByFields = v +} + +// GetCorrelatedQueryIndex returns the CorrelatedQueryIndex field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignal) GetCorrelatedQueryIndex() int32 { + if o == nil || o.CorrelatedQueryIndex == nil { + var ret int32 + return ret + } + return *o.CorrelatedQueryIndex +} + +// GetCorrelatedQueryIndexOk returns a tuple with the CorrelatedQueryIndex field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignal) GetCorrelatedQueryIndexOk() (*int32, bool) { + if o == nil || o.CorrelatedQueryIndex == nil { + return nil, false + } + return o.CorrelatedQueryIndex, true +} + +// HasCorrelatedQueryIndex returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignal) HasCorrelatedQueryIndex() bool { + if o != nil && o.CorrelatedQueryIndex != nil { + return true + } + + return false +} + +// SetCorrelatedQueryIndex gets a reference to the given int32 and assigns it to the CorrelatedQueryIndex field. +func (o *SecurityMonitoringRuleQuerySignal) SetCorrelatedQueryIndex(v int32) { + o.CorrelatedQueryIndex = &v +} + +// GetMetrics returns the Metrics field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignal) GetMetrics() []string { + if o == nil || o.Metrics == nil { + var ret []string + return ret + } + return o.Metrics +} + +// GetMetricsOk returns a tuple with the Metrics field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignal) GetMetricsOk() (*[]string, bool) { + if o == nil || o.Metrics == nil { + return nil, false + } + return &o.Metrics, true +} + +// HasMetrics returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignal) HasMetrics() bool { + if o != nil && o.Metrics != nil { + return true + } + + return false +} + +// SetMetrics gets a reference to the given []string and assigns it to the Metrics field. +func (o *SecurityMonitoringRuleQuerySignal) SetMetrics(v []string) { + o.Metrics = v +} + +// GetName returns the Name field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignal) GetName() string { + if o == nil || o.Name == nil { + var ret string + return ret + } + return *o.Name +} + +// GetNameOk returns a tuple with the Name field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignal) GetNameOk() (*string, bool) { + if o == nil || o.Name == nil { + return nil, false + } + return o.Name, true +} + +// HasName returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignal) HasName() bool { + if o != nil && o.Name != nil { + return true + } + + return false +} + +// SetName gets a reference to the given string and assigns it to the Name field. +func (o *SecurityMonitoringRuleQuerySignal) SetName(v string) { + o.Name = &v +} + +// GetRuleId returns the RuleId field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignal) GetRuleId() string { + if o == nil || o.RuleId == nil { + var ret string + return ret + } + return *o.RuleId +} + +// GetRuleIdOk returns a tuple with the RuleId field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignal) GetRuleIdOk() (*string, bool) { + if o == nil || o.RuleId == nil { + return nil, false + } + return o.RuleId, true +} + +// HasRuleId returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignal) HasRuleId() bool { + if o != nil && o.RuleId != nil { + return true + } + + return false +} + +// SetRuleId gets a reference to the given string and assigns it to the RuleId field. +func (o *SecurityMonitoringRuleQuerySignal) SetRuleId(v string) { + o.RuleId = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringRuleQuerySignal) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return json.Marshal(o.UnparsedObject) + } + if o.Aggregation != nil { + toSerialize["aggregation"] = o.Aggregation + } + if o.CorrelatedByFields != nil { + toSerialize["correlatedByFields"] = o.CorrelatedByFields + } + if o.CorrelatedQueryIndex != nil { + toSerialize["correlatedQueryIndex"] = o.CorrelatedQueryIndex + } + if o.Metrics != nil { + toSerialize["metrics"] = o.Metrics + } + if o.Name != nil { + toSerialize["name"] = o.Name + } + if o.RuleId != nil { + toSerialize["ruleId"] = o.RuleId + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return json.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringRuleQuerySignal) UnmarshalJSON(bytes []byte) (err error) { + raw := map[string]interface{}{} + all := struct { + Aggregation *SecurityMonitoringRuleQueryAggregation `json:"aggregation,omitempty"` + CorrelatedByFields []string `json:"correlatedByFields,omitempty"` + CorrelatedQueryIndex *int32 `json:"correlatedQueryIndex,omitempty"` + Metrics []string `json:"metrics,omitempty"` + Name *string `json:"name,omitempty"` + RuleId *string `json:"ruleId,omitempty"` + }{} + err = json.Unmarshal(bytes, &all) + if err != nil { + err = json.Unmarshal(bytes, &raw) + if err != nil { + return err + } + o.UnparsedObject = raw + return nil + } + if v := all.Aggregation; v != nil && !v.IsValid() { + err = json.Unmarshal(bytes, &raw) + if err != nil { + return err + } + o.UnparsedObject = raw + return nil + } + o.Aggregation = all.Aggregation + o.CorrelatedByFields = all.CorrelatedByFields + o.CorrelatedQueryIndex = all.CorrelatedQueryIndex + o.Metrics = all.Metrics + o.Name = all.Name + o.RuleId = all.RuleId + return nil +} diff --git a/api/datadogV2/model_security_monitoring_rule_query_signal_create.go b/api/datadogV2/model_security_monitoring_rule_query_signal_create.go new file mode 100644 index 00000000000..3b0f7e6cd72 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_rule_query_signal_create.go @@ -0,0 +1,306 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "encoding/json" + "fmt" +) + +// SecurityMonitoringRuleQuerySignalCreate Query for matching rule on signals +type SecurityMonitoringRuleQuerySignalCreate struct { + // The aggregation type. + Aggregation *SecurityMonitoringRuleQueryAggregation `json:"aggregation,omitempty"` + // Fields to group by. + CorrelatedByFields []string `json:"correlatedByFields,omitempty"` + // Index of the rule query used to retrieve the correlated field. + CorrelatedQueryIndex *int32 `json:"correlatedQueryIndex,omitempty"` + // Group of target fields to aggregate over when using the new value aggregations. + Metrics []string `json:"metrics,omitempty"` + // Name of the query. + Name *string `json:"name,omitempty"` + // RuleId to match on signals. + RuleId string `json:"ruleId"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:-` + AdditionalProperties map[string]interface{} +} + +// NewSecurityMonitoringRuleQuerySignalCreate instantiates a new SecurityMonitoringRuleQuerySignalCreate object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringRuleQuerySignalCreate(ruleId string) *SecurityMonitoringRuleQuerySignalCreate { + this := SecurityMonitoringRuleQuerySignalCreate{} + this.RuleId = ruleId + return &this +} + +// NewSecurityMonitoringRuleQuerySignalCreateWithDefaults instantiates a new SecurityMonitoringRuleQuerySignalCreate object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringRuleQuerySignalCreateWithDefaults() *SecurityMonitoringRuleQuerySignalCreate { + this := SecurityMonitoringRuleQuerySignalCreate{} + return &this +} + +// GetAggregation returns the Aggregation field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetAggregation() SecurityMonitoringRuleQueryAggregation { + if o == nil || o.Aggregation == nil { + var ret SecurityMonitoringRuleQueryAggregation + return ret + } + return *o.Aggregation +} + +// GetAggregationOk returns a tuple with the Aggregation field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetAggregationOk() (*SecurityMonitoringRuleQueryAggregation, bool) { + if o == nil || o.Aggregation == nil { + return nil, false + } + return o.Aggregation, true +} + +// HasAggregation returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) HasAggregation() bool { + if o != nil && o.Aggregation != nil { + return true + } + + return false +} + +// SetAggregation gets a reference to the given SecurityMonitoringRuleQueryAggregation and assigns it to the Aggregation field. +func (o *SecurityMonitoringRuleQuerySignalCreate) SetAggregation(v SecurityMonitoringRuleQueryAggregation) { + o.Aggregation = &v +} + +// GetCorrelatedByFields returns the CorrelatedByFields field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetCorrelatedByFields() []string { + if o == nil || o.CorrelatedByFields == nil { + var ret []string + return ret + } + return o.CorrelatedByFields +} + +// GetCorrelatedByFieldsOk returns a tuple with the CorrelatedByFields field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetCorrelatedByFieldsOk() (*[]string, bool) { + if o == nil || o.CorrelatedByFields == nil { + return nil, false + } + return &o.CorrelatedByFields, true +} + +// HasCorrelatedByFields returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) HasCorrelatedByFields() bool { + if o != nil && o.CorrelatedByFields != nil { + return true + } + + return false +} + +// SetCorrelatedByFields gets a reference to the given []string and assigns it to the CorrelatedByFields field. +func (o *SecurityMonitoringRuleQuerySignalCreate) SetCorrelatedByFields(v []string) { + o.CorrelatedByFields = v +} + +// GetCorrelatedQueryIndex returns the CorrelatedQueryIndex field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetCorrelatedQueryIndex() int32 { + if o == nil || o.CorrelatedQueryIndex == nil { + var ret int32 + return ret + } + return *o.CorrelatedQueryIndex +} + +// GetCorrelatedQueryIndexOk returns a tuple with the CorrelatedQueryIndex field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetCorrelatedQueryIndexOk() (*int32, bool) { + if o == nil || o.CorrelatedQueryIndex == nil { + return nil, false + } + return o.CorrelatedQueryIndex, true +} + +// HasCorrelatedQueryIndex returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) HasCorrelatedQueryIndex() bool { + if o != nil && o.CorrelatedQueryIndex != nil { + return true + } + + return false +} + +// SetCorrelatedQueryIndex gets a reference to the given int32 and assigns it to the CorrelatedQueryIndex field. +func (o *SecurityMonitoringRuleQuerySignalCreate) SetCorrelatedQueryIndex(v int32) { + o.CorrelatedQueryIndex = &v +} + +// GetMetrics returns the Metrics field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetMetrics() []string { + if o == nil || o.Metrics == nil { + var ret []string + return ret + } + return o.Metrics +} + +// GetMetricsOk returns a tuple with the Metrics field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetMetricsOk() (*[]string, bool) { + if o == nil || o.Metrics == nil { + return nil, false + } + return &o.Metrics, true +} + +// HasMetrics returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) HasMetrics() bool { + if o != nil && o.Metrics != nil { + return true + } + + return false +} + +// SetMetrics gets a reference to the given []string and assigns it to the Metrics field. +func (o *SecurityMonitoringRuleQuerySignalCreate) SetMetrics(v []string) { + o.Metrics = v +} + +// GetName returns the Name field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetName() string { + if o == nil || o.Name == nil { + var ret string + return ret + } + return *o.Name +} + +// GetNameOk returns a tuple with the Name field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetNameOk() (*string, bool) { + if o == nil || o.Name == nil { + return nil, false + } + return o.Name, true +} + +// HasName returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) HasName() bool { + if o != nil && o.Name != nil { + return true + } + + return false +} + +// SetName gets a reference to the given string and assigns it to the Name field. +func (o *SecurityMonitoringRuleQuerySignalCreate) SetName(v string) { + o.Name = &v +} + +// GetRuleId returns the RuleId field value. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetRuleId() string { + if o == nil { + var ret string + return ret + } + return o.RuleId +} + +// GetRuleIdOk returns a tuple with the RuleId field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQuerySignalCreate) GetRuleIdOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.RuleId, true +} + +// SetRuleId sets field value. +func (o *SecurityMonitoringRuleQuerySignalCreate) SetRuleId(v string) { + o.RuleId = v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringRuleQuerySignalCreate) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return json.Marshal(o.UnparsedObject) + } + if o.Aggregation != nil { + toSerialize["aggregation"] = o.Aggregation + } + if o.CorrelatedByFields != nil { + toSerialize["correlatedByFields"] = o.CorrelatedByFields + } + if o.CorrelatedQueryIndex != nil { + toSerialize["correlatedQueryIndex"] = o.CorrelatedQueryIndex + } + if o.Metrics != nil { + toSerialize["metrics"] = o.Metrics + } + if o.Name != nil { + toSerialize["name"] = o.Name + } + toSerialize["ruleId"] = o.RuleId + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return json.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringRuleQuerySignalCreate) UnmarshalJSON(bytes []byte) (err error) { + raw := map[string]interface{}{} + required := struct { + RuleId *string `json:"ruleId"` + }{} + all := struct { + Aggregation *SecurityMonitoringRuleQueryAggregation `json:"aggregation,omitempty"` + CorrelatedByFields []string `json:"correlatedByFields,omitempty"` + CorrelatedQueryIndex *int32 `json:"correlatedQueryIndex,omitempty"` + Metrics []string `json:"metrics,omitempty"` + Name *string `json:"name,omitempty"` + RuleId string `json:"ruleId"` + }{} + err = json.Unmarshal(bytes, &required) + if err != nil { + return err + } + if required.RuleId == nil { + return fmt.Errorf("Required field ruleId missing") + } + err = json.Unmarshal(bytes, &all) + if err != nil { + err = json.Unmarshal(bytes, &raw) + if err != nil { + return err + } + o.UnparsedObject = raw + return nil + } + if v := all.Aggregation; v != nil && !v.IsValid() { + err = json.Unmarshal(bytes, &raw) + if err != nil { + return err + } + o.UnparsedObject = raw + return nil + } + o.Aggregation = all.Aggregation + o.CorrelatedByFields = all.CorrelatedByFields + o.CorrelatedQueryIndex = all.CorrelatedQueryIndex + o.Metrics = all.Metrics + o.Name = all.Name + o.RuleId = all.RuleId + return nil +} diff --git a/api/datadogV2/model_security_monitoring_rule_query_standard.go b/api/datadogV2/model_security_monitoring_rule_query_standard.go new file mode 100644 index 00000000000..f4c8c90816c --- /dev/null +++ b/api/datadogV2/model_security_monitoring_rule_query_standard.go @@ -0,0 +1,345 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "encoding/json" +) + +// SecurityMonitoringRuleQueryStandard Query for matching rule. +type SecurityMonitoringRuleQueryStandard struct { + // The aggregation type. + Aggregation *SecurityMonitoringRuleQueryAggregation `json:"aggregation,omitempty"` + // Field for which the cardinality is measured. Sent as an array. + DistinctFields []string `json:"distinctFields,omitempty"` + // Fields to group by. + GroupByFields []string `json:"groupByFields,omitempty"` + // The target field to aggregate over when using the sum or max + // aggregations. + Metric *string `json:"metric,omitempty"` + // Group of target fields to aggregate over when using the new value aggregations. + Metrics []string `json:"metrics,omitempty"` + // Name of the query. + Name *string `json:"name,omitempty"` + // Query to run on logs. + Query *string `json:"query,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:-` + AdditionalProperties map[string]interface{} +} + +// NewSecurityMonitoringRuleQueryStandard instantiates a new SecurityMonitoringRuleQueryStandard object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringRuleQueryStandard() *SecurityMonitoringRuleQueryStandard { + this := SecurityMonitoringRuleQueryStandard{} + return &this +} + +// NewSecurityMonitoringRuleQueryStandardWithDefaults instantiates a new SecurityMonitoringRuleQueryStandard object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringRuleQueryStandardWithDefaults() *SecurityMonitoringRuleQueryStandard { + this := SecurityMonitoringRuleQueryStandard{} + return &this +} + +// GetAggregation returns the Aggregation field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryStandard) GetAggregation() SecurityMonitoringRuleQueryAggregation { + if o == nil || o.Aggregation == nil { + var ret SecurityMonitoringRuleQueryAggregation + return ret + } + return *o.Aggregation +} + +// GetAggregationOk returns a tuple with the Aggregation field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryStandard) GetAggregationOk() (*SecurityMonitoringRuleQueryAggregation, bool) { + if o == nil || o.Aggregation == nil { + return nil, false + } + return o.Aggregation, true +} + +// HasAggregation returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryStandard) HasAggregation() bool { + if o != nil && o.Aggregation != nil { + return true + } + + return false +} + +// SetAggregation gets a reference to the given SecurityMonitoringRuleQueryAggregation and assigns it to the Aggregation field. +func (o *SecurityMonitoringRuleQueryStandard) SetAggregation(v SecurityMonitoringRuleQueryAggregation) { + o.Aggregation = &v +} + +// GetDistinctFields returns the DistinctFields field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryStandard) GetDistinctFields() []string { + if o == nil || o.DistinctFields == nil { + var ret []string + return ret + } + return o.DistinctFields +} + +// GetDistinctFieldsOk returns a tuple with the DistinctFields field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryStandard) GetDistinctFieldsOk() (*[]string, bool) { + if o == nil || o.DistinctFields == nil { + return nil, false + } + return &o.DistinctFields, true +} + +// HasDistinctFields returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryStandard) HasDistinctFields() bool { + if o != nil && o.DistinctFields != nil { + return true + } + + return false +} + +// SetDistinctFields gets a reference to the given []string and assigns it to the DistinctFields field. +func (o *SecurityMonitoringRuleQueryStandard) SetDistinctFields(v []string) { + o.DistinctFields = v +} + +// GetGroupByFields returns the GroupByFields field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryStandard) GetGroupByFields() []string { + if o == nil || o.GroupByFields == nil { + var ret []string + return ret + } + return o.GroupByFields +} + +// GetGroupByFieldsOk returns a tuple with the GroupByFields field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryStandard) GetGroupByFieldsOk() (*[]string, bool) { + if o == nil || o.GroupByFields == nil { + return nil, false + } + return &o.GroupByFields, true +} + +// HasGroupByFields returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryStandard) HasGroupByFields() bool { + if o != nil && o.GroupByFields != nil { + return true + } + + return false +} + +// SetGroupByFields gets a reference to the given []string and assigns it to the GroupByFields field. +func (o *SecurityMonitoringRuleQueryStandard) SetGroupByFields(v []string) { + o.GroupByFields = v +} + +// GetMetric returns the Metric field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryStandard) GetMetric() string { + if o == nil || o.Metric == nil { + var ret string + return ret + } + return *o.Metric +} + +// GetMetricOk returns a tuple with the Metric field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryStandard) GetMetricOk() (*string, bool) { + if o == nil || o.Metric == nil { + return nil, false + } + return o.Metric, true +} + +// HasMetric returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryStandard) HasMetric() bool { + if o != nil && o.Metric != nil { + return true + } + + return false +} + +// SetMetric gets a reference to the given string and assigns it to the Metric field. +func (o *SecurityMonitoringRuleQueryStandard) SetMetric(v string) { + o.Metric = &v +} + +// GetMetrics returns the Metrics field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryStandard) GetMetrics() []string { + if o == nil || o.Metrics == nil { + var ret []string + return ret + } + return o.Metrics +} + +// GetMetricsOk returns a tuple with the Metrics field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryStandard) GetMetricsOk() (*[]string, bool) { + if o == nil || o.Metrics == nil { + return nil, false + } + return &o.Metrics, true +} + +// HasMetrics returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryStandard) HasMetrics() bool { + if o != nil && o.Metrics != nil { + return true + } + + return false +} + +// SetMetrics gets a reference to the given []string and assigns it to the Metrics field. +func (o *SecurityMonitoringRuleQueryStandard) SetMetrics(v []string) { + o.Metrics = v +} + +// GetName returns the Name field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryStandard) GetName() string { + if o == nil || o.Name == nil { + var ret string + return ret + } + return *o.Name +} + +// GetNameOk returns a tuple with the Name field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryStandard) GetNameOk() (*string, bool) { + if o == nil || o.Name == nil { + return nil, false + } + return o.Name, true +} + +// HasName returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryStandard) HasName() bool { + if o != nil && o.Name != nil { + return true + } + + return false +} + +// SetName gets a reference to the given string and assigns it to the Name field. +func (o *SecurityMonitoringRuleQueryStandard) SetName(v string) { + o.Name = &v +} + +// GetQuery returns the Query field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryStandard) GetQuery() string { + if o == nil || o.Query == nil { + var ret string + return ret + } + return *o.Query +} + +// GetQueryOk returns a tuple with the Query field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryStandard) GetQueryOk() (*string, bool) { + if o == nil || o.Query == nil { + return nil, false + } + return o.Query, true +} + +// HasQuery returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryStandard) HasQuery() bool { + if o != nil && o.Query != nil { + return true + } + + return false +} + +// SetQuery gets a reference to the given string and assigns it to the Query field. +func (o *SecurityMonitoringRuleQueryStandard) SetQuery(v string) { + o.Query = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringRuleQueryStandard) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return json.Marshal(o.UnparsedObject) + } + if o.Aggregation != nil { + toSerialize["aggregation"] = o.Aggregation + } + if o.DistinctFields != nil { + toSerialize["distinctFields"] = o.DistinctFields + } + if o.GroupByFields != nil { + toSerialize["groupByFields"] = o.GroupByFields + } + if o.Metric != nil { + toSerialize["metric"] = o.Metric + } + if o.Metrics != nil { + toSerialize["metrics"] = o.Metrics + } + if o.Name != nil { + toSerialize["name"] = o.Name + } + if o.Query != nil { + toSerialize["query"] = o.Query + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return json.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringRuleQueryStandard) UnmarshalJSON(bytes []byte) (err error) { + raw := map[string]interface{}{} + all := struct { + Aggregation *SecurityMonitoringRuleQueryAggregation `json:"aggregation,omitempty"` + DistinctFields []string `json:"distinctFields,omitempty"` + GroupByFields []string `json:"groupByFields,omitempty"` + Metric *string `json:"metric,omitempty"` + Metrics []string `json:"metrics,omitempty"` + Name *string `json:"name,omitempty"` + Query *string `json:"query,omitempty"` + }{} + err = json.Unmarshal(bytes, &all) + if err != nil { + err = json.Unmarshal(bytes, &raw) + if err != nil { + return err + } + o.UnparsedObject = raw + return nil + } + if v := all.Aggregation; v != nil && !v.IsValid() { + err = json.Unmarshal(bytes, &raw) + if err != nil { + return err + } + o.UnparsedObject = raw + return nil + } + o.Aggregation = all.Aggregation + o.DistinctFields = all.DistinctFields + o.GroupByFields = all.GroupByFields + o.Metric = all.Metric + o.Metrics = all.Metrics + o.Name = all.Name + o.Query = all.Query + return nil +} diff --git a/api/datadogV2/model_security_monitoring_rule_type_read.go b/api/datadogV2/model_security_monitoring_rule_type_read.go index ebb138fd0af..60de0a95ce7 100644 --- a/api/datadogV2/model_security_monitoring_rule_type_read.go +++ b/api/datadogV2/model_security_monitoring_rule_type_read.go @@ -15,6 +15,7 @@ type SecurityMonitoringRuleTypeRead string // List of SecurityMonitoringRuleTypeRead. const ( SECURITYMONITORINGRULETYPEREAD_LOG_DETECTION SecurityMonitoringRuleTypeRead = "log_detection" + SECURITYMONITORINGRULETYPEREAD_SIGNAL_CORRELATION SecurityMonitoringRuleTypeRead = "signal_correlation" SECURITYMONITORINGRULETYPEREAD_INFRASTRUCTURE_CONFIGURATION SecurityMonitoringRuleTypeRead = "infrastructure_configuration" SECURITYMONITORINGRULETYPEREAD_WORKLOAD_SECURITY SecurityMonitoringRuleTypeRead = "workload_security" SECURITYMONITORINGRULETYPEREAD_CLOUD_CONFIGURATION SecurityMonitoringRuleTypeRead = "cloud_configuration" @@ -22,6 +23,7 @@ const ( var allowedSecurityMonitoringRuleTypeReadEnumValues = []SecurityMonitoringRuleTypeRead{ SECURITYMONITORINGRULETYPEREAD_LOG_DETECTION, + SECURITYMONITORINGRULETYPEREAD_SIGNAL_CORRELATION, SECURITYMONITORINGRULETYPEREAD_INFRASTRUCTURE_CONFIGURATION, SECURITYMONITORINGRULETYPEREAD_WORKLOAD_SECURITY, SECURITYMONITORINGRULETYPEREAD_CLOUD_CONFIGURATION, diff --git a/api/datadogV2/model_security_monitoring_signal_correlation_rule_create_payload.go b/api/datadogV2/model_security_monitoring_signal_correlation_rule_create_payload.go new file mode 100644 index 00000000000..ae4170095a2 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_signal_correlation_rule_create_payload.go @@ -0,0 +1,439 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "encoding/json" + "fmt" +) + +// SecurityMonitoringSignalCorrelationRuleCreatePayload Create a new signal correlation rule. +type SecurityMonitoringSignalCorrelationRuleCreatePayload struct { + // Cases for generating signals. + Cases []SecurityMonitoringRuleCaseCreate `json:"cases"` + // Additional queries to filter matched events before they are processed. + Filters []SecurityMonitoringFilter `json:"filters,omitempty"` + // Whether the notifications include the triggering group-by values in their title. + HasExtendedTitle *bool `json:"hasExtendedTitle,omitempty"` + // Whether the rule is enabled. + IsEnabled bool `json:"isEnabled"` + // Message for generated signals. + Message string `json:"message"` + // The name of the rule. + Name string `json:"name"` + // Options on rules. + Options SecurityMonitoringRuleOptions `json:"options"` + // Queries for selecting signals which are part of the rule. + Queries []SecurityMonitoringRuleQuerySignalCreate `json:"queries"` + // Tags for generated signals. + Tags []string `json:"tags,omitempty"` + // The rule type. + Type *SecurityMonitoringSignalCorrelationRuleTypeCreate `json:"type,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:-` + AdditionalProperties map[string]interface{} +} + +// NewSecurityMonitoringSignalCorrelationRuleCreatePayload instantiates a new SecurityMonitoringSignalCorrelationRuleCreatePayload object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringSignalCorrelationRuleCreatePayload(cases []SecurityMonitoringRuleCaseCreate, isEnabled bool, message string, name string, options SecurityMonitoringRuleOptions, queries []SecurityMonitoringRuleQuerySignalCreate) *SecurityMonitoringSignalCorrelationRuleCreatePayload { + this := SecurityMonitoringSignalCorrelationRuleCreatePayload{} + this.Cases = cases + this.IsEnabled = isEnabled + this.Message = message + this.Name = name + this.Options = options + this.Queries = queries + return &this +} + +// NewSecurityMonitoringSignalCorrelationRuleCreatePayloadWithDefaults instantiates a new SecurityMonitoringSignalCorrelationRuleCreatePayload object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringSignalCorrelationRuleCreatePayloadWithDefaults() *SecurityMonitoringSignalCorrelationRuleCreatePayload { + this := SecurityMonitoringSignalCorrelationRuleCreatePayload{} + return &this +} + +// GetCases returns the Cases field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetCases() []SecurityMonitoringRuleCaseCreate { + if o == nil { + var ret []SecurityMonitoringRuleCaseCreate + return ret + } + return o.Cases +} + +// GetCasesOk returns a tuple with the Cases field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetCasesOk() (*[]SecurityMonitoringRuleCaseCreate, bool) { + if o == nil { + return nil, false + } + return &o.Cases, true +} + +// SetCases sets field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) SetCases(v []SecurityMonitoringRuleCaseCreate) { + o.Cases = v +} + +// GetFilters returns the Filters field value if set, zero value otherwise. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetFilters() []SecurityMonitoringFilter { + if o == nil || o.Filters == nil { + var ret []SecurityMonitoringFilter + return ret + } + return o.Filters +} + +// GetFiltersOk returns a tuple with the Filters field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetFiltersOk() (*[]SecurityMonitoringFilter, bool) { + if o == nil || o.Filters == nil { + return nil, false + } + return &o.Filters, true +} + +// HasFilters returns a boolean if a field has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) HasFilters() bool { + if o != nil && o.Filters != nil { + return true + } + + return false +} + +// SetFilters gets a reference to the given []SecurityMonitoringFilter and assigns it to the Filters field. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) SetFilters(v []SecurityMonitoringFilter) { + o.Filters = v +} + +// GetHasExtendedTitle returns the HasExtendedTitle field value if set, zero value otherwise. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetHasExtendedTitle() bool { + if o == nil || o.HasExtendedTitle == nil { + var ret bool + return ret + } + return *o.HasExtendedTitle +} + +// GetHasExtendedTitleOk returns a tuple with the HasExtendedTitle field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetHasExtendedTitleOk() (*bool, bool) { + if o == nil || o.HasExtendedTitle == nil { + return nil, false + } + return o.HasExtendedTitle, true +} + +// HasHasExtendedTitle returns a boolean if a field has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) HasHasExtendedTitle() bool { + if o != nil && o.HasExtendedTitle != nil { + return true + } + + return false +} + +// SetHasExtendedTitle gets a reference to the given bool and assigns it to the HasExtendedTitle field. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) SetHasExtendedTitle(v bool) { + o.HasExtendedTitle = &v +} + +// GetIsEnabled returns the IsEnabled field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetIsEnabled() bool { + if o == nil { + var ret bool + return ret + } + return o.IsEnabled +} + +// GetIsEnabledOk returns a tuple with the IsEnabled field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetIsEnabledOk() (*bool, bool) { + if o == nil { + return nil, false + } + return &o.IsEnabled, true +} + +// SetIsEnabled sets field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) SetIsEnabled(v bool) { + o.IsEnabled = v +} + +// GetMessage returns the Message field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetMessage() string { + if o == nil { + var ret string + return ret + } + return o.Message +} + +// GetMessageOk returns a tuple with the Message field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetMessageOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.Message, true +} + +// SetMessage sets field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) SetMessage(v string) { + o.Message = v +} + +// GetName returns the Name field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetName() string { + if o == nil { + var ret string + return ret + } + return o.Name +} + +// GetNameOk returns a tuple with the Name field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetNameOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.Name, true +} + +// SetName sets field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) SetName(v string) { + o.Name = v +} + +// GetOptions returns the Options field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetOptions() SecurityMonitoringRuleOptions { + if o == nil { + var ret SecurityMonitoringRuleOptions + return ret + } + return o.Options +} + +// GetOptionsOk returns a tuple with the Options field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetOptionsOk() (*SecurityMonitoringRuleOptions, bool) { + if o == nil { + return nil, false + } + return &o.Options, true +} + +// SetOptions sets field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) SetOptions(v SecurityMonitoringRuleOptions) { + o.Options = v +} + +// GetQueries returns the Queries field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetQueries() []SecurityMonitoringRuleQuerySignalCreate { + if o == nil { + var ret []SecurityMonitoringRuleQuerySignalCreate + return ret + } + return o.Queries +} + +// GetQueriesOk returns a tuple with the Queries field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetQueriesOk() (*[]SecurityMonitoringRuleQuerySignalCreate, bool) { + if o == nil { + return nil, false + } + return &o.Queries, true +} + +// SetQueries sets field value. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) SetQueries(v []SecurityMonitoringRuleQuerySignalCreate) { + o.Queries = v +} + +// GetTags returns the Tags field value if set, zero value otherwise. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetTags() []string { + if o == nil || o.Tags == nil { + var ret []string + return ret + } + return o.Tags +} + +// GetTagsOk returns a tuple with the Tags field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetTagsOk() (*[]string, bool) { + if o == nil || o.Tags == nil { + return nil, false + } + return &o.Tags, true +} + +// HasTags returns a boolean if a field has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) HasTags() bool { + if o != nil && o.Tags != nil { + return true + } + + return false +} + +// SetTags gets a reference to the given []string and assigns it to the Tags field. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) SetTags(v []string) { + o.Tags = v +} + +// GetType returns the Type field value if set, zero value otherwise. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetType() SecurityMonitoringSignalCorrelationRuleTypeCreate { + if o == nil || o.Type == nil { + var ret SecurityMonitoringSignalCorrelationRuleTypeCreate + return ret + } + return *o.Type +} + +// GetTypeOk returns a tuple with the Type field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) GetTypeOk() (*SecurityMonitoringSignalCorrelationRuleTypeCreate, bool) { + if o == nil || o.Type == nil { + return nil, false + } + return o.Type, true +} + +// HasType returns a boolean if a field has been set. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) HasType() bool { + if o != nil && o.Type != nil { + return true + } + + return false +} + +// SetType gets a reference to the given SecurityMonitoringSignalCorrelationRuleTypeCreate and assigns it to the Type field. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) SetType(v SecurityMonitoringSignalCorrelationRuleTypeCreate) { + o.Type = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringSignalCorrelationRuleCreatePayload) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return json.Marshal(o.UnparsedObject) + } + toSerialize["cases"] = o.Cases + if o.Filters != nil { + toSerialize["filters"] = o.Filters + } + if o.HasExtendedTitle != nil { + toSerialize["hasExtendedTitle"] = o.HasExtendedTitle + } + toSerialize["isEnabled"] = o.IsEnabled + toSerialize["message"] = o.Message + toSerialize["name"] = o.Name + toSerialize["options"] = o.Options + toSerialize["queries"] = o.Queries + if o.Tags != nil { + toSerialize["tags"] = o.Tags + } + if o.Type != nil { + toSerialize["type"] = o.Type + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return json.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringSignalCorrelationRuleCreatePayload) UnmarshalJSON(bytes []byte) (err error) { + raw := map[string]interface{}{} + required := struct { + Cases *[]SecurityMonitoringRuleCaseCreate `json:"cases"` + IsEnabled *bool `json:"isEnabled"` + Message *string `json:"message"` + Name *string `json:"name"` + Options *SecurityMonitoringRuleOptions `json:"options"` + Queries *[]SecurityMonitoringRuleQuerySignalCreate `json:"queries"` + }{} + all := struct { + Cases []SecurityMonitoringRuleCaseCreate `json:"cases"` + Filters []SecurityMonitoringFilter `json:"filters,omitempty"` + HasExtendedTitle *bool `json:"hasExtendedTitle,omitempty"` + IsEnabled bool `json:"isEnabled"` + Message string `json:"message"` + Name string `json:"name"` + Options SecurityMonitoringRuleOptions `json:"options"` + Queries []SecurityMonitoringRuleQuerySignalCreate `json:"queries"` + Tags []string `json:"tags,omitempty"` + Type *SecurityMonitoringSignalCorrelationRuleTypeCreate `json:"type,omitempty"` + }{} + err = json.Unmarshal(bytes, &required) + if err != nil { + return err + } + if required.Cases == nil { + return fmt.Errorf("Required field cases missing") + } + if required.IsEnabled == nil { + return fmt.Errorf("Required field isEnabled missing") + } + if required.Message == nil { + return fmt.Errorf("Required field message missing") + } + if required.Name == nil { + return fmt.Errorf("Required field name missing") + } + if required.Options == nil { + return fmt.Errorf("Required field options missing") + } + if required.Queries == nil { + return fmt.Errorf("Required field queries missing") + } + err = json.Unmarshal(bytes, &all) + if err != nil { + err = json.Unmarshal(bytes, &raw) + if err != nil { + return err + } + o.UnparsedObject = raw + return nil + } + if v := all.Type; v != nil && !v.IsValid() { + err = json.Unmarshal(bytes, &raw) + if err != nil { + return err + } + o.UnparsedObject = raw + return nil + } + o.Cases = all.Cases + o.Filters = all.Filters + o.HasExtendedTitle = all.HasExtendedTitle + o.IsEnabled = all.IsEnabled + o.Message = all.Message + o.Name = all.Name + if all.Options.UnparsedObject != nil && o.UnparsedObject == nil { + err = json.Unmarshal(bytes, &raw) + if err != nil { + return err + } + o.UnparsedObject = raw + } + o.Options = all.Options + o.Queries = all.Queries + o.Tags = all.Tags + o.Type = all.Type + return nil +} diff --git a/api/datadogV2/model_security_monitoring_signal_correlation_rule_type_create.go b/api/datadogV2/model_security_monitoring_signal_correlation_rule_type_create.go new file mode 100644 index 00000000000..af5d431cbb0 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_signal_correlation_rule_type_create.go @@ -0,0 +1,107 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "encoding/json" + "fmt" +) + +// SecurityMonitoringSignalCorrelationRuleTypeCreate The rule type. +type SecurityMonitoringSignalCorrelationRuleTypeCreate string + +// List of SecurityMonitoringSignalCorrelationRuleTypeCreate. +const ( + SECURITYMONITORINGSIGNALCORRELATIONRULETYPECREATE_SIGNAL_CORRELATION SecurityMonitoringSignalCorrelationRuleTypeCreate = "signal_correlation" +) + +var allowedSecurityMonitoringSignalCorrelationRuleTypeCreateEnumValues = []SecurityMonitoringSignalCorrelationRuleTypeCreate{ + SECURITYMONITORINGSIGNALCORRELATIONRULETYPECREATE_SIGNAL_CORRELATION, +} + +// GetAllowedValues reeturns the list of possible values. +func (v *SecurityMonitoringSignalCorrelationRuleTypeCreate) GetAllowedValues() []SecurityMonitoringSignalCorrelationRuleTypeCreate { + return allowedSecurityMonitoringSignalCorrelationRuleTypeCreateEnumValues +} + +// UnmarshalJSON deserializes the given payload. +func (v *SecurityMonitoringSignalCorrelationRuleTypeCreate) UnmarshalJSON(src []byte) error { + var value string + err := json.Unmarshal(src, &value) + if err != nil { + return err + } + *v = SecurityMonitoringSignalCorrelationRuleTypeCreate(value) + return nil +} + +// NewSecurityMonitoringSignalCorrelationRuleTypeCreateFromValue returns a pointer to a valid SecurityMonitoringSignalCorrelationRuleTypeCreate +// for the value passed as argument, or an error if the value passed is not allowed by the enum. +func NewSecurityMonitoringSignalCorrelationRuleTypeCreateFromValue(v string) (*SecurityMonitoringSignalCorrelationRuleTypeCreate, error) { + ev := SecurityMonitoringSignalCorrelationRuleTypeCreate(v) + if ev.IsValid() { + return &ev, nil + } + return nil, fmt.Errorf("invalid value '%v' for SecurityMonitoringSignalCorrelationRuleTypeCreate: valid values are %v", v, allowedSecurityMonitoringSignalCorrelationRuleTypeCreateEnumValues) +} + +// IsValid return true if the value is valid for the enum, false otherwise. +func (v SecurityMonitoringSignalCorrelationRuleTypeCreate) IsValid() bool { + for _, existing := range allowedSecurityMonitoringSignalCorrelationRuleTypeCreateEnumValues { + if existing == v { + return true + } + } + return false +} + +// Ptr returns reference to SecurityMonitoringSignalCorrelationRuleTypeCreate value. +func (v SecurityMonitoringSignalCorrelationRuleTypeCreate) Ptr() *SecurityMonitoringSignalCorrelationRuleTypeCreate { + return &v +} + +// NullableSecurityMonitoringSignalCorrelationRuleTypeCreate handles when a null is used for SecurityMonitoringSignalCorrelationRuleTypeCreate. +type NullableSecurityMonitoringSignalCorrelationRuleTypeCreate struct { + value *SecurityMonitoringSignalCorrelationRuleTypeCreate + isSet bool +} + +// Get returns the associated value. +func (v NullableSecurityMonitoringSignalCorrelationRuleTypeCreate) Get() *SecurityMonitoringSignalCorrelationRuleTypeCreate { + return v.value +} + +// Set changes the value and indicates it's been called. +func (v *NullableSecurityMonitoringSignalCorrelationRuleTypeCreate) Set(val *SecurityMonitoringSignalCorrelationRuleTypeCreate) { + v.value = val + v.isSet = true +} + +// IsSet returns whether Set has been called. +func (v NullableSecurityMonitoringSignalCorrelationRuleTypeCreate) IsSet() bool { + return v.isSet +} + +// Unset sets the value to nil and resets the set flag. +func (v *NullableSecurityMonitoringSignalCorrelationRuleTypeCreate) Unset() { + v.value = nil + v.isSet = false +} + +// NewNullableSecurityMonitoringSignalCorrelationRuleTypeCreate initializes the struct as if Set has been called. +func NewNullableSecurityMonitoringSignalCorrelationRuleTypeCreate(val *SecurityMonitoringSignalCorrelationRuleTypeCreate) *NullableSecurityMonitoringSignalCorrelationRuleTypeCreate { + return &NullableSecurityMonitoringSignalCorrelationRuleTypeCreate{value: val, isSet: true} +} + +// MarshalJSON serializes the associated value. +func (v NullableSecurityMonitoringSignalCorrelationRuleTypeCreate) MarshalJSON() ([]byte, error) { + return json.Marshal(v.value) +} + +// UnmarshalJSON deserializes the payload and sets the flag as if Set has been called. +func (v *NullableSecurityMonitoringSignalCorrelationRuleTypeCreate) UnmarshalJSON(src []byte) error { + v.isSet = true + return json.Unmarshal(src, &v.value) +} diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule.go b/examples/v2/security-monitoring/CreateSecurityMonitoringRule.go index 0f437084de9..59db649ba9a 100644 --- a/examples/v2/security-monitoring/CreateSecurityMonitoringRule.go +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule.go @@ -13,35 +13,37 @@ import ( ) func main() { - body := datadogV2.SecurityMonitoringRuleCreatePayload{ - Name: "Example-Create_a_detection_rule_returns_OK_response", - Queries: []datadogV2.SecurityMonitoringRuleQueryCreate{ - { - Query: "@test:true", - Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_COUNT.Ptr(), - GroupByFields: []string{}, - DistinctFields: []string{}, - Metric: datadog.PtrString(""), + body := datadogV2.SecurityMonitoringRuleCreatePayloadCommon{ + SecurityMonitoringRuleCreatePayload: &datadogV2.SecurityMonitoringRuleCreatePayload{ + Name: "Example-Create_a_detection_rule_returns_OK_response", + Queries: []datadogV2.SecurityMonitoringRuleQueryCreate{ + { + Query: "@test:true", + Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_COUNT.Ptr(), + GroupByFields: []string{}, + DistinctFields: []string{}, + Metric: datadog.PtrString(""), + }, }, - }, - Filters: []datadogV2.SecurityMonitoringFilter{}, - Cases: []datadogV2.SecurityMonitoringRuleCaseCreate{ - { - Name: datadog.PtrString(""), - Status: datadogV2.SECURITYMONITORINGRULESEVERITY_INFO, - Condition: datadog.PtrString("a > 0"), - Notifications: []string{}, + Filters: []datadogV2.SecurityMonitoringFilter{}, + Cases: []datadogV2.SecurityMonitoringRuleCaseCreate{ + { + Name: datadog.PtrString(""), + Status: datadogV2.SECURITYMONITORINGRULESEVERITY_INFO, + Condition: datadog.PtrString("a > 0"), + Notifications: []string{}, + }, }, - }, - Options: datadogV2.SecurityMonitoringRuleOptions{ - EvaluationWindow: datadogV2.SECURITYMONITORINGRULEEVALUATIONWINDOW_FIFTEEN_MINUTES.Ptr(), - KeepAlive: datadogV2.SECURITYMONITORINGRULEKEEPALIVE_ONE_HOUR.Ptr(), - MaxSignalDuration: datadogV2.SECURITYMONITORINGRULEMAXSIGNALDURATION_ONE_DAY.Ptr(), - }, - Message: "Test rule", - Tags: []string{}, - IsEnabled: true, - } + Options: datadogV2.SecurityMonitoringRuleOptions{ + EvaluationWindow: datadogV2.SECURITYMONITORINGRULEEVALUATIONWINDOW_FIFTEEN_MINUTES.Ptr(), + KeepAlive: datadogV2.SECURITYMONITORINGRULEKEEPALIVE_ONE_HOUR.Ptr(), + MaxSignalDuration: datadogV2.SECURITYMONITORINGRULEMAXSIGNALDURATION_ONE_DAY.Ptr(), + }, + Message: "Test rule", + Tags: []string{}, + IsEnabled: true, + Type: datadogV2.SECURITYMONITORINGRULETYPECREATE_LOG_DETECTION.Ptr(), + }} ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_461183901.go b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_461183901.go index 9e60a8ea904..394b42d7138 100644 --- a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_461183901.go +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_461183901.go @@ -13,42 +13,43 @@ import ( ) func main() { - body := datadogV2.SecurityMonitoringRuleCreatePayload{ - Queries: []datadogV2.SecurityMonitoringRuleQueryCreate{ - { - Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_GEO_DATA.Ptr(), - GroupByFields: []string{ - "@usr.id", + body := datadogV2.SecurityMonitoringRuleCreatePayloadCommon{ + SecurityMonitoringRuleCreatePayload: &datadogV2.SecurityMonitoringRuleCreatePayload{ + Queries: []datadogV2.SecurityMonitoringRuleQueryCreate{ + { + Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_GEO_DATA.Ptr(), + GroupByFields: []string{ + "@usr.id", + }, + DistinctFields: []string{}, + Metric: datadog.PtrString("@network.client.geoip"), + Query: "*", }, - DistinctFields: []string{}, - Metric: datadog.PtrString("@network.client.geoip"), - Query: "*", }, - }, - Cases: []datadogV2.SecurityMonitoringRuleCaseCreate{ - { - Name: datadog.PtrString(""), - Status: datadogV2.SECURITYMONITORINGRULESEVERITY_INFO, - Notifications: []string{}, + Cases: []datadogV2.SecurityMonitoringRuleCaseCreate{ + { + Name: datadog.PtrString(""), + Status: datadogV2.SECURITYMONITORINGRULESEVERITY_INFO, + Notifications: []string{}, + }, }, - }, - HasExtendedTitle: datadog.PtrBool(true), - Message: "test", - IsEnabled: true, - Options: datadogV2.SecurityMonitoringRuleOptions{ - MaxSignalDuration: datadogV2.SECURITYMONITORINGRULEMAXSIGNALDURATION_ONE_DAY.Ptr(), - EvaluationWindow: datadogV2.SECURITYMONITORINGRULEEVALUATIONWINDOW_FIFTEEN_MINUTES.Ptr(), - KeepAlive: datadogV2.SECURITYMONITORINGRULEKEEPALIVE_ONE_HOUR.Ptr(), - DetectionMethod: datadogV2.SECURITYMONITORINGRULEDETECTIONMETHOD_IMPOSSIBLE_TRAVEL.Ptr(), - ImpossibleTravelOptions: &datadogV2.SecurityMonitoringRuleImpossibleTravelOptions{ - BaselineUserLocations: datadog.PtrBool(false), + HasExtendedTitle: datadog.PtrBool(true), + Message: "test", + IsEnabled: true, + Options: datadogV2.SecurityMonitoringRuleOptions{ + MaxSignalDuration: datadogV2.SECURITYMONITORINGRULEMAXSIGNALDURATION_ONE_DAY.Ptr(), + EvaluationWindow: datadogV2.SECURITYMONITORINGRULEEVALUATIONWINDOW_FIFTEEN_MINUTES.Ptr(), + KeepAlive: datadogV2.SECURITYMONITORINGRULEKEEPALIVE_ONE_HOUR.Ptr(), + DetectionMethod: datadogV2.SECURITYMONITORINGRULEDETECTIONMETHOD_IMPOSSIBLE_TRAVEL.Ptr(), + ImpossibleTravelOptions: &datadogV2.SecurityMonitoringRuleImpossibleTravelOptions{ + BaselineUserLocations: datadog.PtrBool(false), + }, }, - }, - Name: "Example-Create_a_detection_rule_with_type_impossible_travel_returns_OK_response", - Type: datadogV2.SECURITYMONITORINGRULETYPECREATE_LOG_DETECTION.Ptr(), - Tags: []string{}, - Filters: []datadogV2.SecurityMonitoringFilter{}, - } + Name: "Example-Create_a_detection_rule_with_type_impossible_travel_returns_OK_response", + Type: datadogV2.SECURITYMONITORINGRULETYPECREATE_LOG_DETECTION.Ptr(), + Tags: []string{}, + Filters: []datadogV2.SecurityMonitoringFilter{}, + }} ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_498211763.go b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_498211763.go index 160aa77fac3..531c1746bd1 100644 --- a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_498211763.go +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_498211763.go @@ -13,36 +13,37 @@ import ( ) func main() { - body := datadogV2.SecurityMonitoringRuleCreatePayload{ - Name: "Example-Create_a_detection_rule_with_type_workload_security_returns_OK_response", - Queries: []datadogV2.SecurityMonitoringRuleQueryCreate{ - { - Query: "@test:true", - Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_COUNT.Ptr(), - GroupByFields: []string{}, - DistinctFields: []string{}, - Metric: datadog.PtrString(""), + body := datadogV2.SecurityMonitoringRuleCreatePayloadCommon{ + SecurityMonitoringRuleCreatePayload: &datadogV2.SecurityMonitoringRuleCreatePayload{ + Name: "Example-Create_a_detection_rule_with_type_workload_security_returns_OK_response", + Queries: []datadogV2.SecurityMonitoringRuleQueryCreate{ + { + Query: "@test:true", + Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_COUNT.Ptr(), + GroupByFields: []string{}, + DistinctFields: []string{}, + Metric: datadog.PtrString(""), + }, }, - }, - Filters: []datadogV2.SecurityMonitoringFilter{}, - Cases: []datadogV2.SecurityMonitoringRuleCaseCreate{ - { - Name: datadog.PtrString(""), - Status: datadogV2.SECURITYMONITORINGRULESEVERITY_INFO, - Condition: datadog.PtrString("a > 0"), - Notifications: []string{}, + Filters: []datadogV2.SecurityMonitoringFilter{}, + Cases: []datadogV2.SecurityMonitoringRuleCaseCreate{ + { + Name: datadog.PtrString(""), + Status: datadogV2.SECURITYMONITORINGRULESEVERITY_INFO, + Condition: datadog.PtrString("a > 0"), + Notifications: []string{}, + }, }, - }, - Options: datadogV2.SecurityMonitoringRuleOptions{ - EvaluationWindow: datadogV2.SECURITYMONITORINGRULEEVALUATIONWINDOW_FIFTEEN_MINUTES.Ptr(), - KeepAlive: datadogV2.SECURITYMONITORINGRULEKEEPALIVE_ONE_HOUR.Ptr(), - MaxSignalDuration: datadogV2.SECURITYMONITORINGRULEMAXSIGNALDURATION_ONE_DAY.Ptr(), - }, - Message: "Test rule", - Tags: []string{}, - IsEnabled: true, - Type: datadogV2.SECURITYMONITORINGRULETYPECREATE_WORKLOAD_SECURITY.Ptr(), - } + Options: datadogV2.SecurityMonitoringRuleOptions{ + EvaluationWindow: datadogV2.SECURITYMONITORINGRULEEVALUATIONWINDOW_FIFTEEN_MINUTES.Ptr(), + KeepAlive: datadogV2.SECURITYMONITORINGRULEKEEPALIVE_ONE_HOUR.Ptr(), + MaxSignalDuration: datadogV2.SECURITYMONITORINGRULEMAXSIGNALDURATION_ONE_DAY.Ptr(), + }, + Message: "Test rule", + Tags: []string{}, + IsEnabled: true, + Type: datadogV2.SECURITYMONITORINGRULETYPECREATE_WORKLOAD_SECURITY.Ptr(), + }} ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_914562040.go b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_914562040.go new file mode 100644 index 00000000000..94cfd7810e4 --- /dev/null +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_914562040.go @@ -0,0 +1,74 @@ +// Create a detection rule with type 'signal_correlation' returns "OK" response + +package main + +import ( + "context" + "encoding/json" + "fmt" + "os" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" + "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" +) + +func main() { + // there is a valid "security_rule" in the system + SecurityRuleID := os.Getenv("SECURITY_RULE_ID") + + // there is a valid "security_rule_bis" in the system + SecurityRuleBisID := os.Getenv("SECURITY_RULE_BIS_ID") + + body := datadogV2.SecurityMonitoringRuleCreatePayloadCommon{ + SecurityMonitoringSignalCorrelationRuleCreatePayload: &datadogV2.SecurityMonitoringSignalCorrelationRuleCreatePayload{ + Name: "Example-Create_a_detection_rule_with_type_signal_correlation_returns_OK_response_signal_rule", + Queries: []datadogV2.SecurityMonitoringRuleQuerySignalCreate{ + { + RuleId: SecurityRuleID, + Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_EVENT_COUNT.Ptr(), + CorrelatedByFields: []string{ + "host", + }, + CorrelatedQueryIndex: datadog.PtrInt32(1), + }, + { + RuleId: SecurityRuleBisID, + Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_EVENT_COUNT.Ptr(), + CorrelatedByFields: []string{ + "host", + }, + }, + }, + Filters: []datadogV2.SecurityMonitoringFilter{}, + Cases: []datadogV2.SecurityMonitoringRuleCaseCreate{ + { + Name: datadog.PtrString(""), + Status: datadogV2.SECURITYMONITORINGRULESEVERITY_INFO, + Condition: datadog.PtrString("a > 0 && b > 0"), + Notifications: []string{}, + }, + }, + Options: datadogV2.SecurityMonitoringRuleOptions{ + EvaluationWindow: datadogV2.SECURITYMONITORINGRULEEVALUATIONWINDOW_FIFTEEN_MINUTES.Ptr(), + KeepAlive: datadogV2.SECURITYMONITORINGRULEKEEPALIVE_ONE_HOUR.Ptr(), + MaxSignalDuration: datadogV2.SECURITYMONITORINGRULEMAXSIGNALDURATION_ONE_DAY.Ptr(), + }, + Message: "Test signal correlation rule", + Tags: []string{}, + IsEnabled: true, + Type: datadogV2.SECURITYMONITORINGSIGNALCORRELATIONRULETYPECREATE_SIGNAL_CORRELATION.Ptr(), + }} + ctx := datadog.NewDefaultContext(context.Background()) + configuration := datadog.NewConfiguration() + apiClient := datadog.NewAPIClient(configuration) + api := datadogV2.NewSecurityMonitoringApi(apiClient) + resp, r, err := api.CreateSecurityMonitoringRule(ctx, body) + + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringRule`: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + + responseContent, _ := json.MarshalIndent(resp, "", " ") + fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringRule`:\n%s\n", responseContent) +} diff --git a/examples/v2/security-monitoring/UpdateSecurityMonitoringRule.go b/examples/v2/security-monitoring/UpdateSecurityMonitoringRule.go index d4829da04b8..8ac09402130 100644 --- a/examples/v2/security-monitoring/UpdateSecurityMonitoringRule.go +++ b/examples/v2/security-monitoring/UpdateSecurityMonitoringRule.go @@ -44,12 +44,13 @@ func main() { }, }, Queries: []datadogV2.SecurityMonitoringRuleQuery{ - { - Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_COUNT.Ptr(), - DistinctFields: []string{}, - GroupByFields: []string{}, - Metrics: []string{}, - }, + datadogV2.SecurityMonitoringRuleQuery{ + SecurityMonitoringRuleQueryStandard: &datadogV2.SecurityMonitoringRuleQueryStandard{ + Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_COUNT.Ptr(), + DistinctFields: []string{}, + GroupByFields: []string{}, + Metrics: []string{}, + }}, }, Tags: []string{}, Version: datadog.PtrInt32(1), diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_Bad_Request_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_Bad_Request_response.freeze index b9b28ab32fd..87754c038e4 100644 --- a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_Bad_Request_response.freeze +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_Bad_Request_response.freeze @@ -1 +1 @@ -2022-01-06T00:52:08.681Z \ No newline at end of file +2022-09-19T13:40:09.181Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_Bad_Request_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_Bad_Request_response.yaml index 792120efd7e..f89cde9c3ea 100644 --- a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_Bad_Request_response.yaml +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_Bad_Request_response.yaml @@ -1,7 +1,7 @@ interactions: - request: body: | - {"cases":[{"status":"info"}],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_returns_Bad_Request_response-1641430328","options":{},"queries":[{"query":""}],"tags":[]} + {"cases":[{"status":"info"}],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_returns_Bad_Request_response-1663594809","options":{},"queries":[{"query":""}],"tags":[]} form: {} headers: Accept: @@ -11,7 +11,9 @@ interactions: method: POST url: https://api.datadoghq.com/api/v2/security_monitoring/rules response: - body: '{"errors":["Internal error"]}' + body: '{"errors":["Internal error"]} + + ' code: 400 duration: '' headers: diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.freeze index 89727a7fd5a..590e18e64d6 100644 --- a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.freeze +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.freeze @@ -1 +1 @@ -2022-05-12T09:53:07.126Z \ No newline at end of file +2022-09-19T11:07:29.388Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.yaml index 195d50cad41..eb4ce715b6e 100644 --- a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.yaml +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.yaml @@ -1,7 +1,7 @@ interactions: - request: body: | - {"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_returns_OK_response-1652349187","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metric":"","query":"@test:true"}],"tags":[]} + {"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_returns_OK_response-1663585649","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metric":"","query":"@test:true"}],"tags":[],"type":"log_detection"} form: {} headers: Accept: @@ -12,8 +12,8 @@ interactions: url: https://api.datadoghq.com/api/v2/security_monitoring/rules response: body: '{"creationAuthorId":1445416,"tags":[],"isEnabled":true,"hasExtendedTitle":false,"message":"Test - rule","options":{"detectionMethod":"threshold","evaluationWindow":900,"maxSignalDuration":86400,"keepAlive":3600},"version":1,"createdAt":1652349187595,"filters":[],"queries":[{"distinctFields":[],"name":"","metric":"","aggregation":"count","groupByFields":[],"query":"@test:true"}],"isDeleted":false,"cases":[{"status":"info","notifications":[],"name":"","condition":"a - > 0"}],"type":"log_detection","id":"8tp-n1t-i19","isDefault":false,"name":"Test-Create_a_detection_rule_returns_OK_response-1652349187"} + rule","options":{"detectionMethod":"threshold","evaluationWindow":900,"maxSignalDuration":86400,"keepAlive":3600},"version":1,"createdAt":1663585649754,"filters":[],"queries":[{"query":"@test:true","groupByFields":[],"aggregation":"count","name":"","distinctFields":[]}],"isDeleted":false,"cases":[{"status":"info","notifications":[],"name":"","condition":"a + > 0"}],"type":"log_detection","id":"nax-jvc-f8c","isDefault":false,"name":"Test-Create_a_detection_rule_returns_OK_response-1663585649"} ' code: 200 @@ -29,7 +29,7 @@ interactions: Accept: - '*/*' method: DELETE - url: https://api.datadoghq.com/api/v2/security_monitoring/rules/8tp-n1t-i19 + url: https://api.datadoghq.com/api/v2/security_monitoring/rules/nax-jvc-f8c response: body: '' code: 204 diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_with_type_signal_correlation_returns_OK_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_with_type_signal_correlation_returns_OK_response.freeze new file mode 100644 index 00000000000..0a94991971c --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_with_type_signal_correlation_returns_OK_response.freeze @@ -0,0 +1 @@ +2022-09-19T10:52:17.321Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_with_type_signal_correlation_returns_OK_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_with_type_signal_correlation_returns_OK_response.yaml new file mode 100644 index 00000000000..d96833f6bfb --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_with_type_signal_correlation_returns_OK_response.yaml @@ -0,0 +1,113 @@ +interactions: +- request: + body: | + {"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_with_type_signal_correlation_returns_OK_response-1663584737","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metric":"","query":"@test:true"}],"tags":[],"type":"log_detection"} + form: {} + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + url: https://api.datadoghq.com/api/v2/security_monitoring/rules + response: + body: '{"creationAuthorId":1445416,"tags":[],"isEnabled":true,"hasExtendedTitle":false,"message":"Test + rule","options":{"detectionMethod":"threshold","evaluationWindow":900,"maxSignalDuration":86400,"keepAlive":3600},"version":1,"createdAt":1663584737718,"filters":[],"queries":[{"query":"@test:true","groupByFields":[],"aggregation":"count","name":"","distinctFields":[]}],"isDeleted":false,"cases":[{"status":"info","notifications":[],"name":"","condition":"a + > 0"}],"type":"log_detection","id":"wjo-ehv-wku","isDefault":false,"name":"Test-Create_a_detection_rule_with_type_signal_correlation_returns_OK_response-1663584737"} + + ' + code: 200 + duration: '' + headers: + Content-Type: + - application/json + status: 200 OK +- request: + body: | + {"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule Bis","name":"Test-Create_a_detection_rule_with_type_signal_correlation_returns_OK_response-1663584737_bis","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metric":"","query":"@test:false"}],"tags":[],"type":"log_detection"} + form: {} + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + url: https://api.datadoghq.com/api/v2/security_monitoring/rules + response: + body: '{"creationAuthorId":1445416,"tags":[],"isEnabled":true,"hasExtendedTitle":false,"message":"Test + rule Bis","options":{"detectionMethod":"threshold","evaluationWindow":900,"maxSignalDuration":86400,"keepAlive":3600},"version":1,"createdAt":1663584738121,"filters":[],"queries":[{"query":"@test:false","groupByFields":[],"aggregation":"count","name":"","distinctFields":[]}],"isDeleted":false,"cases":[{"status":"info","notifications":[],"name":"","condition":"a + > 0"}],"type":"log_detection","id":"mfw-y8s-dhf","isDefault":false,"name":"Test-Create_a_detection_rule_with_type_signal_correlation_returns_OK_response-1663584737_bis"} + + ' + code: 200 + duration: '' + headers: + Content-Type: + - application/json + status: 200 OK +- request: + body: | + {"cases":[{"condition":"a \u003e 0 \u0026\u0026 b \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test signal correlation rule","name":"Test-Create_a_detection_rule_with_type_signal_correlation_returns_OK_response-1663584737_signal_rule","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"event_count","correlatedByFields":["host"],"correlatedQueryIndex":1,"ruleId":"wjo-ehv-wku"},{"aggregation":"event_count","correlatedByFields":["host"],"ruleId":"mfw-y8s-dhf"}],"tags":[],"type":"signal_correlation"} + form: {} + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + url: https://api.datadoghq.com/api/v2/security_monitoring/rules + response: + body: '{"creationAuthorId":1445416,"tags":[],"isEnabled":true,"hasExtendedTitle":false,"message":"Test + signal correlation rule","options":{"detectionMethod":"threshold","evaluationWindow":900,"maxSignalDuration":86400,"keepAlive":3600},"version":1,"createdAt":1663584738582,"filters":[],"queries":[{"distinctFields":[],"correlatedByFields":["host"],"name":"","ruleId":"wjo-ehv-wku","aggregation":"event_count","groupByFields":[],"correlatedQueryIndex":1},{"distinctFields":[],"correlatedByFields":["host"],"name":"","ruleId":"mfw-y8s-dhf","aggregation":"event_count","groupByFields":[]}],"isDeleted":false,"cases":[{"status":"info","notifications":[],"name":"","condition":"a + > 0 && b > 0"}],"type":"signal_correlation","id":"rrg-f60-8ru","isDefault":false,"name":"Test-Create_a_detection_rule_with_type_signal_correlation_returns_OK_response-1663584737_signal_rule"} + + ' + code: 200 + duration: '' + headers: + Content-Type: + - application/json + status: 200 OK +- request: + body: '' + form: {} + headers: + Accept: + - '*/*' + method: DELETE + url: https://api.datadoghq.com/api/v2/security_monitoring/rules/rrg-f60-8ru + response: + body: '' + code: 204 + duration: '' + headers: {} + status: 204 No Content +- request: + body: '' + form: {} + headers: + Accept: + - '*/*' + method: DELETE + url: https://api.datadoghq.com/api/v2/security_monitoring/rules/mfw-y8s-dhf + response: + body: '' + code: 204 + duration: '' + headers: {} + status: 204 No Content +- request: + body: '' + form: {} + headers: + Accept: + - '*/*' + method: DELETE + url: https://api.datadoghq.com/api/v2/security_monitoring/rules/wjo-ehv-wku + response: + body: '' + code: 204 + duration: '' + headers: {} + status: 204 No Content +version: 1 diff --git a/tests/scenarios/features/v2/given.json b/tests/scenarios/features/v2/given.json index e8efb57464a..0a3a34949a3 100644 --- a/tests/scenarios/features/v2/given.json +++ b/tests/scenarios/features/v2/given.json @@ -218,6 +218,18 @@ "tag": "Security Monitoring", "operationId": "CreateSecurityMonitoringRule" }, + { + "parameters": [ + { + "name": "body", + "value": "{\n \"name\": \"{{ unique }}_bis\",\n \"queries\": [{\n \"query\": \"@test:false\",\n \"aggregation\": \"count\",\n \"groupByFields\": [],\n \"distinctFields\": [],\n \"metric\": \"\"\n }],\n \"filters\": [],\n \"cases\": [{\n \"name\": \"\",\n \"status\": \"info\",\n \"condition\": \"a > 0\",\n \"notifications\": []\n }],\n \"options\": {\n \"evaluationWindow\": 900,\n \"keepAlive\": 3600,\n \"maxSignalDuration\": 86400\n },\n \"message\": \"Test rule Bis\",\n \"tags\": [],\n \"isEnabled\": true,\n \"type\": \"log_detection\"\n}" + } + ], + "step": "there is a valid \"security_rule_bis\" in the system", + "key": "security_rule_bis", + "tag": "Security Monitoring", + "operationId": "CreateSecurityMonitoringRule" + }, { "parameters": [ { diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature index b08bad9ca1f..777bee244a1 100644 --- a/tests/scenarios/features/v2/security_monitoring.feature +++ b/tests/scenarios/features/v2/security_monitoring.feature @@ -65,7 +65,7 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule returns "OK" response Given new "CreateSecurityMonitoringRule" request - And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true} + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection"} When the request is sent Then the response status is 200 OK @@ -76,6 +76,15 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/k9-cloud-security-platform + Scenario: Create a detection rule with type 'signal_correlation' returns "OK" response + Given there is a valid "security_rule" in the system + And there is a valid "security_rule_bis" in the system + And new "CreateSecurityMonitoringRule" request + And body with value {"name":"{{ unique }}_signal_rule", "queries":[{"ruleId":"{{ security_rule.id }}","aggregation":"event_count","correlatedByFields":["host"],"correlatedQueryIndex":1}, {"ruleId":"{{ security_rule_bis.id }}","aggregation":"event_count","correlatedByFields":["host"]}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0 && b > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test signal correlation rule","tags":[],"isEnabled":true, "type": "signal_correlation"} + When the request is sent + Then the response status is 200 OK + @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule with type 'workload_security' returns "OK" response Given new "CreateSecurityMonitoringRule" request