Skip to content

Add custom fields to Rule update/validate API public documentation. #2357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 18, 2025
Merged

Add custom fields to Rule update/validate API public documentation. #2357

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions .generator/schemas/v2/openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7302,6 +7302,14 @@ components:
type: array
complianceSignalOptions:
$ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
customMessage:
description: Custom/Overridden message for generated signals (used in case
of Default rule update).
type: string
customName:
description: Custom/Overridden name of the rule (used in case of Default
rule update).
type: string
filters:
description: Additional queries to filter matched events before they are
processed.
Expand Down Expand Up @@ -32993,6 +33001,8 @@ components:

based on the event counts in the previously defined queries.'
type: string
customStatus:
$ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
name:
description: Name of the case.
type: string
Expand Down Expand Up @@ -33519,6 +33529,13 @@ components:
type: array
complianceSignalOptions:
$ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
customMessage:
description: Custom/Overridden Message for generated signals (used in case
of Default rule update).
type: string
customName:
description: Custom/Overridden name (used in case of Default rule update).
type: string
filters:
description: Additional queries to filter matched events before they are
processed. This field is deprecated for log detection, signal correlation,
Expand Down Expand Up @@ -33850,6 +33867,14 @@ components:
items:
$ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
type: array
customMessage:
description: Custom/Overridden message for generated signals (used in case
of Default rule update).
type: string
customName:
description: Custom/Overridden name of the rule (used in case of Default
rule update).
type: string
filters:
description: Additional queries to filter matched events before they are
processed. This field is deprecated for log detection, signal correlation,
Expand Down Expand Up @@ -33949,6 +33974,14 @@ components:
description: User ID of the user who created the rule.
format: int64
type: integer
customMessage:
description: Custom/Overridden message for generated signals (used in case
of Default rule update).
type: string
customName:
description: Custom/Overridden name of the rule (used in case of Default
rule update).
type: string
deprecationDate:
description: When the rule will be deprecated, timestamp in milliseconds.
format: int64
Expand Down Expand Up @@ -34336,6 +34369,14 @@ components:
items:
$ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
type: array
customMessage:
description: Custom/Overridden message for generated signals (used in case
of Default rule update).
type: string
customName:
description: Custom/Overridden name of the rule (used in case of Default
rule update).
type: string
filters:
description: Additional queries to filter matched events before they are
processed. This field is deprecated for log detection, signal correlation,
Expand Down Expand Up @@ -34413,6 +34454,10 @@ components:
properties:
aggregation:
$ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation'
customQueryExtension:
description: Query extension to append to the logs query.
example: a > 3
type: string
dataSource:
$ref: '#/components/schemas/SecurityMonitoringStandardDataSource'
distinctFields:
Expand Down Expand Up @@ -34476,6 +34521,14 @@ components:
description: User ID of the user who created the rule.
format: int64
type: integer
customMessage:
description: Custom/Overridden message for generated signals (used in case
of Default rule update).
type: string
customName:
description: Custom/Overridden name of the rule (used in case of Default
rule update).
type: string
defaultTags:
description: Default Tags for default rules (included in tags)
example:
Expand Down Expand Up @@ -34922,6 +34975,8 @@ components:
SecurityMonitoringThirdPartyRuleCase:
description: Case when signal is generated by a third party rule.
properties:
customStatus:
$ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
name:
description: Name of the case.
type: string
Expand Down
16 changes: 16 additions & 0 deletions services/security_monitoring/src/v2/models/CloudConfigurationRulePayload.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,14 @@ export class CloudConfigurationRulePayload {
* How to generate compliance signals. Useful for cloud_configuration rules only.
*/
"complianceSignalOptions": CloudConfigurationRuleComplianceSignalOptions;
/**
* Custom/Overridden message for generated signals (used in case of Default rule update).
*/
"customMessage"?: string;
/**
* Custom/Overridden name of the rule (used in case of Default rule update).
*/
"customName"?: string;
/**
* Additional queries to filter matched events before they are processed.
*/
Expand Down Expand Up @@ -71,6 +79,14 @@ export class CloudConfigurationRulePayload {
type: "CloudConfigurationRuleComplianceSignalOptions",
required: true,
},
customMessage: {
baseName: "customMessage",
type: "string",
},
customName: {
baseName: "customName",
type: "string",
},
filters: {
baseName: "filters",
type: "Array<SecurityMonitoringFilter>",
Expand Down
8 changes: 8 additions & 0 deletions services/security_monitoring/src/v2/models/SecurityMonitoringRuleCase.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ export class SecurityMonitoringRuleCase {
* based on the event counts in the previously defined queries.
*/
"condition"?: string;
/**
* Severity of the Security Signal.
*/
"customStatus"?: SecurityMonitoringRuleSeverity;
/**
* Name of the case.
*/
Expand Down Expand Up @@ -51,6 +55,10 @@ export class SecurityMonitoringRuleCase {
baseName: "condition",
type: "string",
},
customStatus: {
baseName: "customStatus",
type: "SecurityMonitoringRuleSeverity",
},
name: {
baseName: "name",
type: "string",
Expand Down
16 changes: 16 additions & 0 deletions services/security_monitoring/src/v2/models/SecurityMonitoringRuleUpdatePayload.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,14 @@ export class SecurityMonitoringRuleUpdatePayload {
* How to generate compliance signals. Useful for cloud_configuration rules only.
*/
"complianceSignalOptions"?: CloudConfigurationRuleComplianceSignalOptions;
/**
* Custom/Overridden Message for generated signals (used in case of Default rule update).
*/
"customMessage"?: string;
/**
* Custom/Overridden name (used in case of Default rule update).
*/
"customName"?: string;
/**
* Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
*/
Expand Down Expand Up @@ -91,6 +99,14 @@ export class SecurityMonitoringRuleUpdatePayload {
baseName: "complianceSignalOptions",
type: "CloudConfigurationRuleComplianceSignalOptions",
},
customMessage: {
baseName: "customMessage",
type: "string",
},
customName: {
baseName: "customName",
type: "string",
},
filters: {
baseName: "filters",
type: "Array<SecurityMonitoringFilter>",
Expand Down
16 changes: 16 additions & 0 deletions services/security_monitoring/src/v2/models/SecurityMonitoringSignalRulePayload.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,14 @@ export class SecurityMonitoringSignalRulePayload {
* Cases for generating signals.
*/
"cases": Array<SecurityMonitoringRuleCaseCreate>;
/**
* Custom/Overridden message for generated signals (used in case of Default rule update).
*/
"customMessage"?: string;
/**
* Custom/Overridden name of the rule (used in case of Default rule update).
*/
"customName"?: string;
/**
* Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
*/
Expand Down Expand Up @@ -70,6 +78,14 @@ export class SecurityMonitoringSignalRulePayload {
type: "Array<SecurityMonitoringRuleCaseCreate>",
required: true,
},
customMessage: {
baseName: "customMessage",
type: "string",
},
customName: {
baseName: "customName",
type: "string",
},
filters: {
baseName: "filters",
type: "Array<SecurityMonitoringFilter>",
Expand Down
16 changes: 16 additions & 0 deletions services/security_monitoring/src/v2/models/SecurityMonitoringSignalRuleResponse.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,14 @@ export class SecurityMonitoringSignalRuleResponse {
* User ID of the user who created the rule.
*/
"creationAuthorId"?: number;
/**
* Custom/Overridden message for generated signals (used in case of Default rule update).
*/
"customMessage"?: string;
/**
* Custom/Overridden name of the rule (used in case of Default rule update).
*/
"customName"?: string;
/**
* When the rule will be deprecated, timestamp in milliseconds.
*/
Expand Down Expand Up @@ -111,6 +119,14 @@ export class SecurityMonitoringSignalRuleResponse {
type: "number",
format: "int64",
},
customMessage: {
baseName: "customMessage",
type: "string",
},
customName: {
baseName: "customName",
type: "string",
},
deprecationDate: {
baseName: "deprecationDate",
type: "number",
Expand Down
16 changes: 16 additions & 0 deletions services/security_monitoring/src/v2/models/SecurityMonitoringStandardRulePayload.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,14 @@ export class SecurityMonitoringStandardRulePayload {
* Cases for generating signals.
*/
"cases": Array<SecurityMonitoringRuleCaseCreate>;
/**
* Custom/Overridden message for generated signals (used in case of Default rule update).
*/
"customMessage"?: string;
/**
* Custom/Overridden name of the rule (used in case of Default rule update).
*/
"customName"?: string;
/**
* Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
*/
Expand Down Expand Up @@ -84,6 +92,14 @@ export class SecurityMonitoringStandardRulePayload {
type: "Array<SecurityMonitoringRuleCaseCreate>",
required: true,
},
customMessage: {
baseName: "customMessage",
type: "string",
},
customName: {
baseName: "customName",
type: "string",
},
filters: {
baseName: "filters",
type: "Array<SecurityMonitoringFilter>",
Expand Down
8 changes: 8 additions & 0 deletions services/security_monitoring/src/v2/models/SecurityMonitoringStandardRuleQuery.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ export class SecurityMonitoringStandardRuleQuery {
* The aggregation type.
*/
"aggregation"?: SecurityMonitoringRuleQueryAggregation;
/**
* Query extension to append to the logs query.
*/
"customQueryExtension"?: string;
/**
* Source of events, either logs, audit trail, or Datadog events.
*/
Expand Down Expand Up @@ -63,6 +67,10 @@ export class SecurityMonitoringStandardRuleQuery {
baseName: "aggregation",
type: "SecurityMonitoringRuleQueryAggregation",
},
customQueryExtension: {
baseName: "customQueryExtension",
type: "string",
},
dataSource: {
baseName: "dataSource",
type: "SecurityMonitoringStandardDataSource",
Expand Down
16 changes: 16 additions & 0 deletions services/security_monitoring/src/v2/models/SecurityMonitoringStandardRuleResponse.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@ export class SecurityMonitoringStandardRuleResponse {
* User ID of the user who created the rule.
*/
"creationAuthorId"?: number;
/**
* Custom/Overridden message for generated signals (used in case of Default rule update).
*/
"customMessage"?: string;
/**
* Custom/Overridden name of the rule (used in case of Default rule update).
*/
"customName"?: string;
/**
* Default Tags for default rules (included in tags)
*/
Expand Down Expand Up @@ -142,6 +150,14 @@ export class SecurityMonitoringStandardRuleResponse {
type: "number",
format: "int64",
},
customMessage: {
baseName: "customMessage",
type: "string",
},
customName: {
baseName: "customName",
type: "string",
},
defaultTags: {
baseName: "defaultTags",
type: "Array<string>",
Expand Down
8 changes: 8 additions & 0 deletions services/security_monitoring/src/v2/models/SecurityMonitoringThirdPartyRuleCase.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ import { SecurityMonitoringRuleSeverity } from "./SecurityMonitoringRuleSeverity
* Case when signal is generated by a third party rule.
*/
export class SecurityMonitoringThirdPartyRuleCase {
/**
* Severity of the Security Signal.
*/
"customStatus"?: SecurityMonitoringRuleSeverity;
/**
* Name of the case.
*/
Expand Down Expand Up @@ -37,6 +41,10 @@ export class SecurityMonitoringThirdPartyRuleCase {
* @ignore
*/
static readonly attributeTypeMap: AttributeTypeMap = {
customStatus: {
baseName: "customStatus",
type: "SecurityMonitoringRuleSeverity",
},
name: {
baseName: "name",
type: "string",
Expand Down