diff --git a/.apigentools-info b/.apigentools-info index 86f828fc1fb..14d28ad23bf 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2024-09-30 14:37:39.238144", - "spec_repo_commit": "60bc9127" + "regenerated": "2024-09-30 19:44:25.864590", + "spec_repo_commit": "909e369c" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2024-09-30 14:37:39.252667", - "spec_repo_commit": "60bc9127" + "regenerated": "2024-09-30 19:44:25.879560", + "spec_repo_commit": "909e369c" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index fc61f2c6e41..ce325fb6281 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -19089,6 +19089,25 @@ components: meta: $ref: '#/components/schemas/ResponseMetaAttributes' type: object + SecurityMonitoringReferenceTable: + description: Reference table for the rule. + properties: + checkPresence: + description: Whether to include or exclude the matched values. + type: boolean + columnName: + description: The name of the column in the reference table. + type: string + logFieldPath: + description: The field in the log to match against the reference table. + type: string + ruleQueryName: + description: The name of the rule query to apply the reference table to. + type: string + tableName: + description: The name of the reference table. + type: string + type: object SecurityMonitoringRuleCase: description: Case when signal is generated. properties: @@ -19594,6 +19613,11 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringRuleQuery' type: array + referenceTables: + description: Reference tables for the rule. + items: + $ref: '#/components/schemas/SecurityMonitoringReferenceTable' + type: array tags: description: Tags for generated signals. items: @@ -20298,6 +20322,11 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array + referenceTables: + description: Reference tables for the rule. + items: + $ref: '#/components/schemas/SecurityMonitoringReferenceTable' + type: array tags: description: Tags for generated signals. example: @@ -20365,6 +20394,11 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array + referenceTables: + description: Reference tables for the rule. + items: + $ref: '#/components/schemas/SecurityMonitoringReferenceTable' + type: array tags: description: Tags for generated signals. example: @@ -20505,6 +20539,11 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array + referenceTables: + description: Reference tables for the rule. + items: + $ref: '#/components/schemas/SecurityMonitoringReferenceTable' + type: array tags: description: Tags for generated signals. items: @@ -20569,6 +20608,11 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery' type: array + referenceTables: + description: Reference tables for the rule. + items: + $ref: '#/components/schemas/SecurityMonitoringReferenceTable' + type: array tags: description: Tags for generated signals. example: diff --git a/api/datadogV2/model_security_monitoring_reference_table.go b/api/datadogV2/model_security_monitoring_reference_table.go new file mode 100644 index 00000000000..54474c81c63 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_reference_table.go @@ -0,0 +1,242 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// SecurityMonitoringReferenceTable Reference table for the rule. +type SecurityMonitoringReferenceTable struct { + // Whether to include or exclude the matched values. + CheckPresence *bool `json:"checkPresence,omitempty"` + // The name of the column in the reference table. + ColumnName *string `json:"columnName,omitempty"` + // The field in the log to match against the reference table. + LogFieldPath *string `json:"logFieldPath,omitempty"` + // The name of the rule query to apply the reference table to. + RuleQueryName *string `json:"ruleQueryName,omitempty"` + // The name of the reference table. + TableName *string `json:"tableName,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewSecurityMonitoringReferenceTable instantiates a new SecurityMonitoringReferenceTable object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringReferenceTable() *SecurityMonitoringReferenceTable { + this := SecurityMonitoringReferenceTable{} + return &this +} + +// NewSecurityMonitoringReferenceTableWithDefaults instantiates a new SecurityMonitoringReferenceTable object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringReferenceTableWithDefaults() *SecurityMonitoringReferenceTable { + this := SecurityMonitoringReferenceTable{} + return &this +} + +// GetCheckPresence returns the CheckPresence field value if set, zero value otherwise. +func (o *SecurityMonitoringReferenceTable) GetCheckPresence() bool { + if o == nil || o.CheckPresence == nil { + var ret bool + return ret + } + return *o.CheckPresence +} + +// GetCheckPresenceOk returns a tuple with the CheckPresence field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringReferenceTable) GetCheckPresenceOk() (*bool, bool) { + if o == nil || o.CheckPresence == nil { + return nil, false + } + return o.CheckPresence, true +} + +// HasCheckPresence returns a boolean if a field has been set. +func (o *SecurityMonitoringReferenceTable) HasCheckPresence() bool { + return o != nil && o.CheckPresence != nil +} + +// SetCheckPresence gets a reference to the given bool and assigns it to the CheckPresence field. +func (o *SecurityMonitoringReferenceTable) SetCheckPresence(v bool) { + o.CheckPresence = &v +} + +// GetColumnName returns the ColumnName field value if set, zero value otherwise. +func (o *SecurityMonitoringReferenceTable) GetColumnName() string { + if o == nil || o.ColumnName == nil { + var ret string + return ret + } + return *o.ColumnName +} + +// GetColumnNameOk returns a tuple with the ColumnName field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringReferenceTable) GetColumnNameOk() (*string, bool) { + if o == nil || o.ColumnName == nil { + return nil, false + } + return o.ColumnName, true +} + +// HasColumnName returns a boolean if a field has been set. +func (o *SecurityMonitoringReferenceTable) HasColumnName() bool { + return o != nil && o.ColumnName != nil +} + +// SetColumnName gets a reference to the given string and assigns it to the ColumnName field. +func (o *SecurityMonitoringReferenceTable) SetColumnName(v string) { + o.ColumnName = &v +} + +// GetLogFieldPath returns the LogFieldPath field value if set, zero value otherwise. +func (o *SecurityMonitoringReferenceTable) GetLogFieldPath() string { + if o == nil || o.LogFieldPath == nil { + var ret string + return ret + } + return *o.LogFieldPath +} + +// GetLogFieldPathOk returns a tuple with the LogFieldPath field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringReferenceTable) GetLogFieldPathOk() (*string, bool) { + if o == nil || o.LogFieldPath == nil { + return nil, false + } + return o.LogFieldPath, true +} + +// HasLogFieldPath returns a boolean if a field has been set. +func (o *SecurityMonitoringReferenceTable) HasLogFieldPath() bool { + return o != nil && o.LogFieldPath != nil +} + +// SetLogFieldPath gets a reference to the given string and assigns it to the LogFieldPath field. +func (o *SecurityMonitoringReferenceTable) SetLogFieldPath(v string) { + o.LogFieldPath = &v +} + +// GetRuleQueryName returns the RuleQueryName field value if set, zero value otherwise. +func (o *SecurityMonitoringReferenceTable) GetRuleQueryName() string { + if o == nil || o.RuleQueryName == nil { + var ret string + return ret + } + return *o.RuleQueryName +} + +// GetRuleQueryNameOk returns a tuple with the RuleQueryName field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringReferenceTable) GetRuleQueryNameOk() (*string, bool) { + if o == nil || o.RuleQueryName == nil { + return nil, false + } + return o.RuleQueryName, true +} + +// HasRuleQueryName returns a boolean if a field has been set. +func (o *SecurityMonitoringReferenceTable) HasRuleQueryName() bool { + return o != nil && o.RuleQueryName != nil +} + +// SetRuleQueryName gets a reference to the given string and assigns it to the RuleQueryName field. +func (o *SecurityMonitoringReferenceTable) SetRuleQueryName(v string) { + o.RuleQueryName = &v +} + +// GetTableName returns the TableName field value if set, zero value otherwise. +func (o *SecurityMonitoringReferenceTable) GetTableName() string { + if o == nil || o.TableName == nil { + var ret string + return ret + } + return *o.TableName +} + +// GetTableNameOk returns a tuple with the TableName field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringReferenceTable) GetTableNameOk() (*string, bool) { + if o == nil || o.TableName == nil { + return nil, false + } + return o.TableName, true +} + +// HasTableName returns a boolean if a field has been set. +func (o *SecurityMonitoringReferenceTable) HasTableName() bool { + return o != nil && o.TableName != nil +} + +// SetTableName gets a reference to the given string and assigns it to the TableName field. +func (o *SecurityMonitoringReferenceTable) SetTableName(v string) { + o.TableName = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringReferenceTable) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.CheckPresence != nil { + toSerialize["checkPresence"] = o.CheckPresence + } + if o.ColumnName != nil { + toSerialize["columnName"] = o.ColumnName + } + if o.LogFieldPath != nil { + toSerialize["logFieldPath"] = o.LogFieldPath + } + if o.RuleQueryName != nil { + toSerialize["ruleQueryName"] = o.RuleQueryName + } + if o.TableName != nil { + toSerialize["tableName"] = o.TableName + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringReferenceTable) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + CheckPresence *bool `json:"checkPresence,omitempty"` + ColumnName *string `json:"columnName,omitempty"` + LogFieldPath *string `json:"logFieldPath,omitempty"` + RuleQueryName *string `json:"ruleQueryName,omitempty"` + TableName *string `json:"tableName,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"checkPresence", "columnName", "logFieldPath", "ruleQueryName", "tableName"}) + } else { + return err + } + o.CheckPresence = all.CheckPresence + o.ColumnName = all.ColumnName + o.LogFieldPath = all.LogFieldPath + o.RuleQueryName = all.RuleQueryName + o.TableName = all.TableName + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_security_monitoring_rule_update_payload.go b/api/datadogV2/model_security_monitoring_rule_update_payload.go index cb912eae9cc..e8f2a4de0ae 100644 --- a/api/datadogV2/model_security_monitoring_rule_update_payload.go +++ b/api/datadogV2/model_security_monitoring_rule_update_payload.go @@ -28,6 +28,8 @@ type SecurityMonitoringRuleUpdatePayload struct { Options *SecurityMonitoringRuleOptions `json:"options,omitempty"` // Queries for selecting logs which are part of the rule. Queries []SecurityMonitoringRuleQuery `json:"queries,omitempty"` + // Reference tables for the rule. + ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"` // Tags for generated signals. Tags []string `json:"tags,omitempty"` // Cases for generating signals from third-party rules. Only available for third-party rules. @@ -308,6 +310,34 @@ func (o *SecurityMonitoringRuleUpdatePayload) SetQueries(v []SecurityMonitoringR o.Queries = v } +// GetReferenceTables returns the ReferenceTables field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleUpdatePayload) GetReferenceTables() []SecurityMonitoringReferenceTable { + if o == nil || o.ReferenceTables == nil { + var ret []SecurityMonitoringReferenceTable + return ret + } + return o.ReferenceTables +} + +// GetReferenceTablesOk returns a tuple with the ReferenceTables field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleUpdatePayload) GetReferenceTablesOk() (*[]SecurityMonitoringReferenceTable, bool) { + if o == nil || o.ReferenceTables == nil { + return nil, false + } + return &o.ReferenceTables, true +} + +// HasReferenceTables returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleUpdatePayload) HasReferenceTables() bool { + return o != nil && o.ReferenceTables != nil +} + +// SetReferenceTables gets a reference to the given []SecurityMonitoringReferenceTable and assigns it to the ReferenceTables field. +func (o *SecurityMonitoringRuleUpdatePayload) SetReferenceTables(v []SecurityMonitoringReferenceTable) { + o.ReferenceTables = v +} + // GetTags returns the Tags field value if set, zero value otherwise. func (o *SecurityMonitoringRuleUpdatePayload) GetTags() []string { if o == nil || o.Tags == nil { @@ -425,6 +455,9 @@ func (o SecurityMonitoringRuleUpdatePayload) MarshalJSON() ([]byte, error) { if o.Queries != nil { toSerialize["queries"] = o.Queries } + if o.ReferenceTables != nil { + toSerialize["referenceTables"] = o.ReferenceTables + } if o.Tags != nil { toSerialize["tags"] = o.Tags } @@ -453,6 +486,7 @@ func (o *SecurityMonitoringRuleUpdatePayload) UnmarshalJSON(bytes []byte) (err e Name *string `json:"name,omitempty"` Options *SecurityMonitoringRuleOptions `json:"options,omitempty"` Queries []SecurityMonitoringRuleQuery `json:"queries,omitempty"` + ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"` Tags []string `json:"tags,omitempty"` ThirdPartyCases []SecurityMonitoringThirdPartyRuleCase `json:"thirdPartyCases,omitempty"` Version *int32 `json:"version,omitempty"` @@ -462,7 +496,7 @@ func (o *SecurityMonitoringRuleUpdatePayload) UnmarshalJSON(bytes []byte) (err e } additionalProperties := make(map[string]interface{}) if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { - datadog.DeleteKeys(additionalProperties, &[]string{"cases", "complianceSignalOptions", "filters", "hasExtendedTitle", "isEnabled", "message", "name", "options", "queries", "tags", "thirdPartyCases", "version"}) + datadog.DeleteKeys(additionalProperties, &[]string{"cases", "complianceSignalOptions", "filters", "hasExtendedTitle", "isEnabled", "message", "name", "options", "queries", "referenceTables", "tags", "thirdPartyCases", "version"}) } else { return err } @@ -483,6 +517,7 @@ func (o *SecurityMonitoringRuleUpdatePayload) UnmarshalJSON(bytes []byte) (err e } o.Options = all.Options o.Queries = all.Queries + o.ReferenceTables = all.ReferenceTables o.Tags = all.Tags o.ThirdPartyCases = all.ThirdPartyCases o.Version = all.Version diff --git a/api/datadogV2/model_security_monitoring_standard_rule_create_payload.go b/api/datadogV2/model_security_monitoring_standard_rule_create_payload.go index 19a9c1488bd..5a47b80da83 100644 --- a/api/datadogV2/model_security_monitoring_standard_rule_create_payload.go +++ b/api/datadogV2/model_security_monitoring_standard_rule_create_payload.go @@ -28,6 +28,8 @@ type SecurityMonitoringStandardRuleCreatePayload struct { Options SecurityMonitoringRuleOptions `json:"options"` // Queries for selecting logs which are part of the rule. Queries []SecurityMonitoringStandardRuleQuery `json:"queries"` + // Reference tables for the rule. + ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"` // Tags for generated signals. Tags []string `json:"tags,omitempty"` // Cases for generating signals from third-party rules. Only available for third-party rules. @@ -256,6 +258,34 @@ func (o *SecurityMonitoringStandardRuleCreatePayload) SetQueries(v []SecurityMon o.Queries = v } +// GetReferenceTables returns the ReferenceTables field value if set, zero value otherwise. +func (o *SecurityMonitoringStandardRuleCreatePayload) GetReferenceTables() []SecurityMonitoringReferenceTable { + if o == nil || o.ReferenceTables == nil { + var ret []SecurityMonitoringReferenceTable + return ret + } + return o.ReferenceTables +} + +// GetReferenceTablesOk returns a tuple with the ReferenceTables field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringStandardRuleCreatePayload) GetReferenceTablesOk() (*[]SecurityMonitoringReferenceTable, bool) { + if o == nil || o.ReferenceTables == nil { + return nil, false + } + return &o.ReferenceTables, true +} + +// HasReferenceTables returns a boolean if a field has been set. +func (o *SecurityMonitoringStandardRuleCreatePayload) HasReferenceTables() bool { + return o != nil && o.ReferenceTables != nil +} + +// SetReferenceTables gets a reference to the given []SecurityMonitoringReferenceTable and assigns it to the ReferenceTables field. +func (o *SecurityMonitoringStandardRuleCreatePayload) SetReferenceTables(v []SecurityMonitoringReferenceTable) { + o.ReferenceTables = v +} + // GetTags returns the Tags field value if set, zero value otherwise. func (o *SecurityMonitoringStandardRuleCreatePayload) GetTags() []string { if o == nil || o.Tags == nil { @@ -358,6 +388,9 @@ func (o SecurityMonitoringStandardRuleCreatePayload) MarshalJSON() ([]byte, erro toSerialize["name"] = o.Name toSerialize["options"] = o.Options toSerialize["queries"] = o.Queries + if o.ReferenceTables != nil { + toSerialize["referenceTables"] = o.ReferenceTables + } if o.Tags != nil { toSerialize["tags"] = o.Tags } @@ -385,6 +418,7 @@ func (o *SecurityMonitoringStandardRuleCreatePayload) UnmarshalJSON(bytes []byte Name *string `json:"name"` Options *SecurityMonitoringRuleOptions `json:"options"` Queries *[]SecurityMonitoringStandardRuleQuery `json:"queries"` + ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"` Tags []string `json:"tags,omitempty"` ThirdPartyCases []SecurityMonitoringThirdPartyRuleCaseCreate `json:"thirdPartyCases,omitempty"` Type *SecurityMonitoringRuleTypeCreate `json:"type,omitempty"` @@ -412,7 +446,7 @@ func (o *SecurityMonitoringStandardRuleCreatePayload) UnmarshalJSON(bytes []byte } additionalProperties := make(map[string]interface{}) if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { - datadog.DeleteKeys(additionalProperties, &[]string{"cases", "filters", "hasExtendedTitle", "isEnabled", "message", "name", "options", "queries", "tags", "thirdPartyCases", "type"}) + datadog.DeleteKeys(additionalProperties, &[]string{"cases", "filters", "hasExtendedTitle", "isEnabled", "message", "name", "options", "queries", "referenceTables", "tags", "thirdPartyCases", "type"}) } else { return err } @@ -429,6 +463,7 @@ func (o *SecurityMonitoringStandardRuleCreatePayload) UnmarshalJSON(bytes []byte } o.Options = *all.Options o.Queries = *all.Queries + o.ReferenceTables = all.ReferenceTables o.Tags = all.Tags o.ThirdPartyCases = all.ThirdPartyCases if all.Type != nil && !all.Type.IsValid() { diff --git a/api/datadogV2/model_security_monitoring_standard_rule_payload.go b/api/datadogV2/model_security_monitoring_standard_rule_payload.go index 0161120322d..3e0411772a6 100644 --- a/api/datadogV2/model_security_monitoring_standard_rule_payload.go +++ b/api/datadogV2/model_security_monitoring_standard_rule_payload.go @@ -28,6 +28,8 @@ type SecurityMonitoringStandardRulePayload struct { Options SecurityMonitoringRuleOptions `json:"options"` // Queries for selecting logs which are part of the rule. Queries []SecurityMonitoringStandardRuleQuery `json:"queries"` + // Reference tables for the rule. + ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"` // Tags for generated signals. Tags []string `json:"tags,omitempty"` // Cases for generating signals from third-party rules. Only available for third-party rules. @@ -256,6 +258,34 @@ func (o *SecurityMonitoringStandardRulePayload) SetQueries(v []SecurityMonitorin o.Queries = v } +// GetReferenceTables returns the ReferenceTables field value if set, zero value otherwise. +func (o *SecurityMonitoringStandardRulePayload) GetReferenceTables() []SecurityMonitoringReferenceTable { + if o == nil || o.ReferenceTables == nil { + var ret []SecurityMonitoringReferenceTable + return ret + } + return o.ReferenceTables +} + +// GetReferenceTablesOk returns a tuple with the ReferenceTables field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringStandardRulePayload) GetReferenceTablesOk() (*[]SecurityMonitoringReferenceTable, bool) { + if o == nil || o.ReferenceTables == nil { + return nil, false + } + return &o.ReferenceTables, true +} + +// HasReferenceTables returns a boolean if a field has been set. +func (o *SecurityMonitoringStandardRulePayload) HasReferenceTables() bool { + return o != nil && o.ReferenceTables != nil +} + +// SetReferenceTables gets a reference to the given []SecurityMonitoringReferenceTable and assigns it to the ReferenceTables field. +func (o *SecurityMonitoringStandardRulePayload) SetReferenceTables(v []SecurityMonitoringReferenceTable) { + o.ReferenceTables = v +} + // GetTags returns the Tags field value if set, zero value otherwise. func (o *SecurityMonitoringStandardRulePayload) GetTags() []string { if o == nil || o.Tags == nil { @@ -358,6 +388,9 @@ func (o SecurityMonitoringStandardRulePayload) MarshalJSON() ([]byte, error) { toSerialize["name"] = o.Name toSerialize["options"] = o.Options toSerialize["queries"] = o.Queries + if o.ReferenceTables != nil { + toSerialize["referenceTables"] = o.ReferenceTables + } if o.Tags != nil { toSerialize["tags"] = o.Tags } @@ -385,6 +418,7 @@ func (o *SecurityMonitoringStandardRulePayload) UnmarshalJSON(bytes []byte) (err Name *string `json:"name"` Options *SecurityMonitoringRuleOptions `json:"options"` Queries *[]SecurityMonitoringStandardRuleQuery `json:"queries"` + ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"` Tags []string `json:"tags,omitempty"` ThirdPartyCases []SecurityMonitoringThirdPartyRuleCaseCreate `json:"thirdPartyCases,omitempty"` Type *SecurityMonitoringRuleTypeCreate `json:"type,omitempty"` @@ -412,7 +446,7 @@ func (o *SecurityMonitoringStandardRulePayload) UnmarshalJSON(bytes []byte) (err } additionalProperties := make(map[string]interface{}) if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { - datadog.DeleteKeys(additionalProperties, &[]string{"cases", "filters", "hasExtendedTitle", "isEnabled", "message", "name", "options", "queries", "tags", "thirdPartyCases", "type"}) + datadog.DeleteKeys(additionalProperties, &[]string{"cases", "filters", "hasExtendedTitle", "isEnabled", "message", "name", "options", "queries", "referenceTables", "tags", "thirdPartyCases", "type"}) } else { return err } @@ -429,6 +463,7 @@ func (o *SecurityMonitoringStandardRulePayload) UnmarshalJSON(bytes []byte) (err } o.Options = *all.Options o.Queries = *all.Queries + o.ReferenceTables = all.ReferenceTables o.Tags = all.Tags o.ThirdPartyCases = all.ThirdPartyCases if all.Type != nil && !all.Type.IsValid() { diff --git a/api/datadogV2/model_security_monitoring_standard_rule_response.go b/api/datadogV2/model_security_monitoring_standard_rule_response.go index 801256e9560..930f0d09b29 100644 --- a/api/datadogV2/model_security_monitoring_standard_rule_response.go +++ b/api/datadogV2/model_security_monitoring_standard_rule_response.go @@ -42,6 +42,8 @@ type SecurityMonitoringStandardRuleResponse struct { Options *SecurityMonitoringRuleOptions `json:"options,omitempty"` // Queries for selecting logs which are part of the rule. Queries []SecurityMonitoringStandardRuleQuery `json:"queries,omitempty"` + // Reference tables for the rule. + ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"` // Tags for generated signals. Tags []string `json:"tags,omitempty"` // Cases for generating signals from third-party rules. Only available for third-party rules. @@ -522,6 +524,34 @@ func (o *SecurityMonitoringStandardRuleResponse) SetQueries(v []SecurityMonitori o.Queries = v } +// GetReferenceTables returns the ReferenceTables field value if set, zero value otherwise. +func (o *SecurityMonitoringStandardRuleResponse) GetReferenceTables() []SecurityMonitoringReferenceTable { + if o == nil || o.ReferenceTables == nil { + var ret []SecurityMonitoringReferenceTable + return ret + } + return o.ReferenceTables +} + +// GetReferenceTablesOk returns a tuple with the ReferenceTables field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringStandardRuleResponse) GetReferenceTablesOk() (*[]SecurityMonitoringReferenceTable, bool) { + if o == nil || o.ReferenceTables == nil { + return nil, false + } + return &o.ReferenceTables, true +} + +// HasReferenceTables returns a boolean if a field has been set. +func (o *SecurityMonitoringStandardRuleResponse) HasReferenceTables() bool { + return o != nil && o.ReferenceTables != nil +} + +// SetReferenceTables gets a reference to the given []SecurityMonitoringReferenceTable and assigns it to the ReferenceTables field. +func (o *SecurityMonitoringStandardRuleResponse) SetReferenceTables(v []SecurityMonitoringReferenceTable) { + o.ReferenceTables = v +} + // GetTags returns the Tags field value if set, zero value otherwise. func (o *SecurityMonitoringStandardRuleResponse) GetTags() []string { if o == nil || o.Tags == nil { @@ -716,6 +746,9 @@ func (o SecurityMonitoringStandardRuleResponse) MarshalJSON() ([]byte, error) { if o.Queries != nil { toSerialize["queries"] = o.Queries } + if o.ReferenceTables != nil { + toSerialize["referenceTables"] = o.ReferenceTables + } if o.Tags != nil { toSerialize["tags"] = o.Tags } @@ -757,6 +790,7 @@ func (o *SecurityMonitoringStandardRuleResponse) UnmarshalJSON(bytes []byte) (er Name *string `json:"name,omitempty"` Options *SecurityMonitoringRuleOptions `json:"options,omitempty"` Queries []SecurityMonitoringStandardRuleQuery `json:"queries,omitempty"` + ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"` Tags []string `json:"tags,omitempty"` ThirdPartyCases []SecurityMonitoringThirdPartyRuleCase `json:"thirdPartyCases,omitempty"` Type *SecurityMonitoringRuleTypeRead `json:"type,omitempty"` @@ -768,7 +802,7 @@ func (o *SecurityMonitoringStandardRuleResponse) UnmarshalJSON(bytes []byte) (er } additionalProperties := make(map[string]interface{}) if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { - datadog.DeleteKeys(additionalProperties, &[]string{"cases", "complianceSignalOptions", "createdAt", "creationAuthorId", "defaultTags", "deprecationDate", "filters", "hasExtendedTitle", "id", "isDefault", "isDeleted", "isEnabled", "message", "name", "options", "queries", "tags", "thirdPartyCases", "type", "updateAuthorId", "version"}) + datadog.DeleteKeys(additionalProperties, &[]string{"cases", "complianceSignalOptions", "createdAt", "creationAuthorId", "defaultTags", "deprecationDate", "filters", "hasExtendedTitle", "id", "isDefault", "isDeleted", "isEnabled", "message", "name", "options", "queries", "referenceTables", "tags", "thirdPartyCases", "type", "updateAuthorId", "version"}) } else { return err } @@ -796,6 +830,7 @@ func (o *SecurityMonitoringStandardRuleResponse) UnmarshalJSON(bytes []byte) (er } o.Options = all.Options o.Queries = all.Queries + o.ReferenceTables = all.ReferenceTables o.Tags = all.Tags o.ThirdPartyCases = all.ThirdPartyCases if all.Type != nil && !all.Type.IsValid() { diff --git a/api/datadogV2/model_security_monitoring_standard_rule_test_payload.go b/api/datadogV2/model_security_monitoring_standard_rule_test_payload.go index ea153a2fe1c..a6b7744f1bb 100644 --- a/api/datadogV2/model_security_monitoring_standard_rule_test_payload.go +++ b/api/datadogV2/model_security_monitoring_standard_rule_test_payload.go @@ -28,6 +28,8 @@ type SecurityMonitoringStandardRuleTestPayload struct { Options SecurityMonitoringRuleOptions `json:"options"` // Queries for selecting logs which are part of the rule. Queries []SecurityMonitoringStandardRuleQuery `json:"queries"` + // Reference tables for the rule. + ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"` // Tags for generated signals. Tags []string `json:"tags,omitempty"` // Cases for generating signals from third-party rules. Only available for third-party rules. @@ -256,6 +258,34 @@ func (o *SecurityMonitoringStandardRuleTestPayload) SetQueries(v []SecurityMonit o.Queries = v } +// GetReferenceTables returns the ReferenceTables field value if set, zero value otherwise. +func (o *SecurityMonitoringStandardRuleTestPayload) GetReferenceTables() []SecurityMonitoringReferenceTable { + if o == nil || o.ReferenceTables == nil { + var ret []SecurityMonitoringReferenceTable + return ret + } + return o.ReferenceTables +} + +// GetReferenceTablesOk returns a tuple with the ReferenceTables field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringStandardRuleTestPayload) GetReferenceTablesOk() (*[]SecurityMonitoringReferenceTable, bool) { + if o == nil || o.ReferenceTables == nil { + return nil, false + } + return &o.ReferenceTables, true +} + +// HasReferenceTables returns a boolean if a field has been set. +func (o *SecurityMonitoringStandardRuleTestPayload) HasReferenceTables() bool { + return o != nil && o.ReferenceTables != nil +} + +// SetReferenceTables gets a reference to the given []SecurityMonitoringReferenceTable and assigns it to the ReferenceTables field. +func (o *SecurityMonitoringStandardRuleTestPayload) SetReferenceTables(v []SecurityMonitoringReferenceTable) { + o.ReferenceTables = v +} + // GetTags returns the Tags field value if set, zero value otherwise. func (o *SecurityMonitoringStandardRuleTestPayload) GetTags() []string { if o == nil || o.Tags == nil { @@ -358,6 +388,9 @@ func (o SecurityMonitoringStandardRuleTestPayload) MarshalJSON() ([]byte, error) toSerialize["name"] = o.Name toSerialize["options"] = o.Options toSerialize["queries"] = o.Queries + if o.ReferenceTables != nil { + toSerialize["referenceTables"] = o.ReferenceTables + } if o.Tags != nil { toSerialize["tags"] = o.Tags } @@ -385,6 +418,7 @@ func (o *SecurityMonitoringStandardRuleTestPayload) UnmarshalJSON(bytes []byte) Name *string `json:"name"` Options *SecurityMonitoringRuleOptions `json:"options"` Queries *[]SecurityMonitoringStandardRuleQuery `json:"queries"` + ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"` Tags []string `json:"tags,omitempty"` ThirdPartyCases []SecurityMonitoringThirdPartyRuleCaseCreate `json:"thirdPartyCases,omitempty"` Type *SecurityMonitoringRuleTypeTest `json:"type,omitempty"` @@ -412,7 +446,7 @@ func (o *SecurityMonitoringStandardRuleTestPayload) UnmarshalJSON(bytes []byte) } additionalProperties := make(map[string]interface{}) if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { - datadog.DeleteKeys(additionalProperties, &[]string{"cases", "filters", "hasExtendedTitle", "isEnabled", "message", "name", "options", "queries", "tags", "thirdPartyCases", "type"}) + datadog.DeleteKeys(additionalProperties, &[]string{"cases", "filters", "hasExtendedTitle", "isEnabled", "message", "name", "options", "queries", "referenceTables", "tags", "thirdPartyCases", "type"}) } else { return err } @@ -429,6 +463,7 @@ func (o *SecurityMonitoringStandardRuleTestPayload) UnmarshalJSON(bytes []byte) } o.Options = *all.Options o.Queries = *all.Queries + o.ReferenceTables = all.ReferenceTables o.Tags = all.Tags o.ThirdPartyCases = all.ThirdPartyCases if all.Type != nil && !all.Type.IsValid() { diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule.go b/examples/v2/security-monitoring/CreateSecurityMonitoringRule.go index 73baeee1333..f76eebd6de3 100644 --- a/examples/v2/security-monitoring/CreateSecurityMonitoringRule.go +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule.go @@ -43,6 +43,15 @@ func main() { Tags: []string{}, IsEnabled: true, Type: datadogV2.SECURITYMONITORINGRULETYPECREATE_LOG_DETECTION.Ptr(), + ReferenceTables: []datadogV2.SecurityMonitoringReferenceTable{ + { + TableName: datadog.PtrString("synthetics_test_reference_table_dont_delete"), + ColumnName: datadog.PtrString("value"), + LogFieldPath: datadog.PtrString("testtag"), + CheckPresence: datadog.PtrBool(true), + RuleQueryName: datadog.PtrString("a"), + }, + }, }} ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.freeze index 701307e250d..76923cce50c 100644 --- a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.freeze +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.freeze @@ -1 +1 @@ -2024-05-10T16:34:28.650Z \ No newline at end of file +2024-09-11T18:14:46.491Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.yaml index 05ed1a68b7a..9181c929a2b 100644 --- a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.yaml +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_a_detection_rule_returns_OK_response.yaml @@ -1,7 +1,7 @@ interactions: - request: body: | - {"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_returns_OK_response-1715358868","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metric":"","query":"@test:true"}],"tags":[],"type":"log_detection"} + {"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_returns_OK_response-1726078486","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metric":"","query":"@test:true"}],"referenceTables":[{"checkPresence":true,"columnName":"value","logFieldPath":"testtag","ruleQueryName":"a","tableName":"synthetics_test_reference_table_dont_delete"}],"tags":[],"type":"log_detection"} form: {} headers: Accept: @@ -12,8 +12,8 @@ interactions: method: POST url: https://api.datadoghq.com/api/v2/security_monitoring/rules response: - body: '{"id":"oka-fqr-yqa","version":1,"name":"Test-Create_a_detection_rule_returns_OK_response-1715358868","createdAt":1715358869030,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a - > 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]} + body: '{"id":"5br-mto-gse","version":1,"name":"Test-Create_a_detection_rule_returns_OK_response-1726078486","createdAt":1726078486689,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + > 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"referenceTables":[{"tableName":"synthetics_test_reference_table_dont_delete","columnName":"value","logFieldPath":"testtag","checkPresence":true,"ruleQueryName":"a"}]} ' code: 200 @@ -30,7 +30,7 @@ interactions: - '*/*' id: 1 method: DELETE - url: https://api.datadoghq.com/api/v2/security_monitoring/rules/oka-fqr-yqa + url: https://api.datadoghq.com/api/v2/security_monitoring/rules/5br-mto-gse response: body: '' code: 204 diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature index dc66166540c..27e45dd3c2b 100644 --- a/tests/scenarios/features/v2/security_monitoring.feature +++ b/tests/scenarios/features/v2/security_monitoring.feature @@ -123,12 +123,13 @@ Feature: Security Monitoring @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule returns "OK" response Given new "CreateSecurityMonitoringRule" request - And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection"} + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "referenceTables":[{"tableName": "synthetics_test_reference_table_dont_delete", "columnName": "value", "logFieldPath":"testtag", "checkPresence":true, "ruleQueryName":"a"}]} When the request is sent Then the response status is 200 OK And the response "name" is equal to "{{ unique }}" And the response "type" is equal to "log_detection" And the response "message" is equal to "Test rule" + And the response "referenceTables" is equal to [{"tableName": "synthetics_test_reference_table_dont_delete", "columnName": "value", "logFieldPath":"testtag", "checkPresence":true, "ruleQueryName":"a"}] @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule with detection method 'third_party' returns "OK" response