diff --git a/.apigentools-info b/.apigentools-info index 924fa5103eb..ed24a35c15f 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2024-05-23 19:28:50.831479", - "spec_repo_commit": "b9b11fda" + "regenerated": "2024-05-28 16:29:22.979941", + "spec_repo_commit": "9445af96" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2024-05-23 19:28:50.850499", - "spec_repo_commit": "b9b11fda" + "regenerated": "2024-05-28 16:29:22.997842", + "spec_repo_commit": "9445af96" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index df914f19377..86a5176f5e9 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -17407,6 +17407,47 @@ components: - GEO_DATA - EVENT_COUNT - NONE + SecurityMonitoringRuleQueryPayload: + description: Payload to test a rule query with the expected result. + properties: + expectedResult: + description: Expected result of the test. + example: true + type: boolean + index: + description: Index of the query under test. + example: 0 + format: int64 + minimum: 0 + type: integer + payload: + $ref: '#/components/schemas/SecurityMonitoringRuleQueryPayloadData' + type: object + SecurityMonitoringRuleQueryPayloadData: + additionalProperties: {} + description: Payload used to test the rule query. + properties: + ddsource: + description: Source of the payload. + example: nginx + type: string + ddtags: + description: Tags associated with your data. + example: env:staging,version:5.1 + type: string + hostname: + description: The name of the originating host of the log. + example: i-012345678 + type: string + message: + description: The message of the payload. + example: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World + type: string + service: + description: The name of the application or service generating the data. + example: payment + type: string + type: object SecurityMonitoringRuleResponse: description: Create a new rule. oneOf: @@ -17428,6 +17469,31 @@ components: - MEDIUM - HIGH - CRITICAL + SecurityMonitoringRuleTestRequest: + description: Test the rule queries of a rule. + properties: + rule: + $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload' + ruleQueryPayloads: + description: Data payloads used to test rules query with the expected result. + items: + $ref: '#/components/schemas/SecurityMonitoringRuleQueryPayload' + type: array + type: object + SecurityMonitoringRuleTestResponse: + description: Result of the test of the rule queries. + properties: + results: + description: 'Assert results are returned in the same order as the rule + query payloads. + + For each payload, it returns True if the result matched the expected result, + + False otherwise.' + items: + type: boolean + type: array + type: object SecurityMonitoringRuleThirdPartyOptions: description: Options on third party rules. properties: @@ -32551,6 +32617,42 @@ paths: tags: - Security Monitoring x-codegen-request-body-name: body + /api/v2/security_monitoring/rules/test: + post: + description: Test a rule. + operationId: TestSecurityMonitoringRule + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringRuleTestRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringRuleTestResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '401': + $ref: '#/components/responses/ConcurrentModificationResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_write + summary: Test a rule + tags: + - Security Monitoring + x-codegen-request-body-name: body /api/v2/security_monitoring/rules/validation: post: description: Validate a detection rule. @@ -32672,6 +32774,44 @@ paths: tags: - Security Monitoring x-codegen-request-body-name: body + /api/v2/security_monitoring/rules/{rule_id}/test: + post: + description: Test an existing rule. + operationId: TestExistingSecurityMonitoringRule + parameters: + - $ref: '#/components/parameters/SecurityMonitoringRuleID' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringRuleTestRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringRuleTestResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '401': + $ref: '#/components/responses/ConcurrentModificationResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_write + summary: Test an existing rule + tags: + - Security Monitoring + x-codegen-request-body-name: body /api/v2/security_monitoring/signals: get: description: 'The list endpoint returns security signals that match a search diff --git a/api/datadogV2/api_security_monitoring.go b/api/datadogV2/api_security_monitoring.go index 42d66b23088..750aadabf00 100644 --- a/api/datadogV2/api_security_monitoring.go +++ b/api/datadogV2/api_security_monitoring.go @@ -2043,6 +2043,153 @@ func (a *SecurityMonitoringApi) SearchSecurityMonitoringSignalsWithPagination(ct return items, cancel } +// TestExistingSecurityMonitoringRule Test an existing rule. +// Test an existing rule. +func (a *SecurityMonitoringApi) TestExistingSecurityMonitoringRule(ctx _context.Context, ruleId string, body SecurityMonitoringRuleTestRequest) (SecurityMonitoringRuleTestResponse, *_nethttp.Response, error) { + var ( + localVarHTTPMethod = _nethttp.MethodPost + localVarPostBody interface{} + localVarReturnValue SecurityMonitoringRuleTestResponse + ) + + localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.TestExistingSecurityMonitoringRule") + if err != nil { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()} + } + + localVarPath := localBasePath + "/api/v2/security_monitoring/rules/{rule_id}/test" + localVarPath = strings.Replace(localVarPath, "{"+"rule_id"+"}", _neturl.PathEscape(datadog.ParameterToString(ruleId, "")), -1) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := _neturl.Values{} + localVarFormParams := _neturl.Values{} + localVarHeaderParams["Content-Type"] = "application/json" + localVarHeaderParams["Accept"] = "application/json" + + // body params + localVarPostBody = &body + datadog.SetAuthKeys( + ctx, + &localVarHeaderParams, + [2]string{"apiKeyAuth", "DD-API-KEY"}, + [2]string{"appKeyAuth", "DD-APPLICATION-KEY"}, + ) + req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.Client.CallAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := datadog.ReadBody(localVarHTTPResponse) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: localVarHTTPResponse.Status, + } + if localVarHTTPResponse.StatusCode == 400 || localVarHTTPResponse.StatusCode == 401 || localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 || localVarHTTPResponse.StatusCode == 429 { + var v APIErrorResponse + err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.ErrorModel = v + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + +// TestSecurityMonitoringRule Test a rule. +// Test a rule. +func (a *SecurityMonitoringApi) TestSecurityMonitoringRule(ctx _context.Context, body SecurityMonitoringRuleTestRequest) (SecurityMonitoringRuleTestResponse, *_nethttp.Response, error) { + var ( + localVarHTTPMethod = _nethttp.MethodPost + localVarPostBody interface{} + localVarReturnValue SecurityMonitoringRuleTestResponse + ) + + localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.TestSecurityMonitoringRule") + if err != nil { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()} + } + + localVarPath := localBasePath + "/api/v2/security_monitoring/rules/test" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := _neturl.Values{} + localVarFormParams := _neturl.Values{} + localVarHeaderParams["Content-Type"] = "application/json" + localVarHeaderParams["Accept"] = "application/json" + + // body params + localVarPostBody = &body + datadog.SetAuthKeys( + ctx, + &localVarHeaderParams, + [2]string{"apiKeyAuth", "DD-API-KEY"}, + [2]string{"appKeyAuth", "DD-APPLICATION-KEY"}, + ) + req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.Client.CallAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := datadog.ReadBody(localVarHTTPResponse) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: localVarHTTPResponse.Status, + } + if localVarHTTPResponse.StatusCode == 400 || localVarHTTPResponse.StatusCode == 401 || localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 || localVarHTTPResponse.StatusCode == 429 { + var v APIErrorResponse + err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.ErrorModel = v + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + // UpdateSecurityFilter Update a security filter. // Update a specific security filter. // Returns the security filter object when the request is successful. diff --git a/api/datadogV2/doc.go b/api/datadogV2/doc.go index 019df1e14a6..aab4804ac3d 100644 --- a/api/datadogV2/doc.go +++ b/api/datadogV2/doc.go @@ -259,6 +259,8 @@ // - [SecurityMonitoringApi.ListSecurityMonitoringSuppressions] // - [SecurityMonitoringApi.MuteFindings] // - [SecurityMonitoringApi.SearchSecurityMonitoringSignals] +// - [SecurityMonitoringApi.TestExistingSecurityMonitoringRule] +// - [SecurityMonitoringApi.TestSecurityMonitoringRule] // - [SecurityMonitoringApi.UpdateSecurityFilter] // - [SecurityMonitoringApi.UpdateSecurityMonitoringRule] // - [SecurityMonitoringApi.UpdateSecurityMonitoringSuppression] diff --git a/api/datadogV2/model_security_monitoring_rule_query_payload.go b/api/datadogV2/model_security_monitoring_rule_query_payload.go new file mode 100644 index 00000000000..bdb9a530a64 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_rule_query_payload.go @@ -0,0 +1,181 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// SecurityMonitoringRuleQueryPayload Payload to test a rule query with the expected result. +type SecurityMonitoringRuleQueryPayload struct { + // Expected result of the test. + ExpectedResult *bool `json:"expectedResult,omitempty"` + // Index of the query under test. + Index *int64 `json:"index,omitempty"` + // Payload used to test the rule query. + Payload *SecurityMonitoringRuleQueryPayloadData `json:"payload,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} +} + +// NewSecurityMonitoringRuleQueryPayload instantiates a new SecurityMonitoringRuleQueryPayload object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringRuleQueryPayload() *SecurityMonitoringRuleQueryPayload { + this := SecurityMonitoringRuleQueryPayload{} + return &this +} + +// NewSecurityMonitoringRuleQueryPayloadWithDefaults instantiates a new SecurityMonitoringRuleQueryPayload object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringRuleQueryPayloadWithDefaults() *SecurityMonitoringRuleQueryPayload { + this := SecurityMonitoringRuleQueryPayload{} + return &this +} + +// GetExpectedResult returns the ExpectedResult field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryPayload) GetExpectedResult() bool { + if o == nil || o.ExpectedResult == nil { + var ret bool + return ret + } + return *o.ExpectedResult +} + +// GetExpectedResultOk returns a tuple with the ExpectedResult field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryPayload) GetExpectedResultOk() (*bool, bool) { + if o == nil || o.ExpectedResult == nil { + return nil, false + } + return o.ExpectedResult, true +} + +// HasExpectedResult returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryPayload) HasExpectedResult() bool { + return o != nil && o.ExpectedResult != nil +} + +// SetExpectedResult gets a reference to the given bool and assigns it to the ExpectedResult field. +func (o *SecurityMonitoringRuleQueryPayload) SetExpectedResult(v bool) { + o.ExpectedResult = &v +} + +// GetIndex returns the Index field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryPayload) GetIndex() int64 { + if o == nil || o.Index == nil { + var ret int64 + return ret + } + return *o.Index +} + +// GetIndexOk returns a tuple with the Index field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryPayload) GetIndexOk() (*int64, bool) { + if o == nil || o.Index == nil { + return nil, false + } + return o.Index, true +} + +// HasIndex returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryPayload) HasIndex() bool { + return o != nil && o.Index != nil +} + +// SetIndex gets a reference to the given int64 and assigns it to the Index field. +func (o *SecurityMonitoringRuleQueryPayload) SetIndex(v int64) { + o.Index = &v +} + +// GetPayload returns the Payload field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryPayload) GetPayload() SecurityMonitoringRuleQueryPayloadData { + if o == nil || o.Payload == nil { + var ret SecurityMonitoringRuleQueryPayloadData + return ret + } + return *o.Payload +} + +// GetPayloadOk returns a tuple with the Payload field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryPayload) GetPayloadOk() (*SecurityMonitoringRuleQueryPayloadData, bool) { + if o == nil || o.Payload == nil { + return nil, false + } + return o.Payload, true +} + +// HasPayload returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryPayload) HasPayload() bool { + return o != nil && o.Payload != nil +} + +// SetPayload gets a reference to the given SecurityMonitoringRuleQueryPayloadData and assigns it to the Payload field. +func (o *SecurityMonitoringRuleQueryPayload) SetPayload(v SecurityMonitoringRuleQueryPayloadData) { + o.Payload = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringRuleQueryPayload) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.ExpectedResult != nil { + toSerialize["expectedResult"] = o.ExpectedResult + } + if o.Index != nil { + toSerialize["index"] = o.Index + } + if o.Payload != nil { + toSerialize["payload"] = o.Payload + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringRuleQueryPayload) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + ExpectedResult *bool `json:"expectedResult,omitempty"` + Index *int64 `json:"index,omitempty"` + Payload *SecurityMonitoringRuleQueryPayloadData `json:"payload,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"expectedResult", "index", "payload"}) + } else { + return err + } + + hasInvalidField := false + o.ExpectedResult = all.ExpectedResult + o.Index = all.Index + if all.Payload != nil && all.Payload.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Payload = all.Payload + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_security_monitoring_rule_query_payload_data.go b/api/datadogV2/model_security_monitoring_rule_query_payload_data.go new file mode 100644 index 00000000000..0c2fbba8740 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_rule_query_payload_data.go @@ -0,0 +1,242 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// SecurityMonitoringRuleQueryPayloadData Payload used to test the rule query. +type SecurityMonitoringRuleQueryPayloadData struct { + // Source of the payload. + Ddsource *string `json:"ddsource,omitempty"` + // Tags associated with your data. + Ddtags *string `json:"ddtags,omitempty"` + // The name of the originating host of the log. + Hostname *string `json:"hostname,omitempty"` + // The message of the payload. + Message *string `json:"message,omitempty"` + // The name of the application or service generating the data. + Service *string `json:"service,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} +} + +// NewSecurityMonitoringRuleQueryPayloadData instantiates a new SecurityMonitoringRuleQueryPayloadData object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringRuleQueryPayloadData() *SecurityMonitoringRuleQueryPayloadData { + this := SecurityMonitoringRuleQueryPayloadData{} + return &this +} + +// NewSecurityMonitoringRuleQueryPayloadDataWithDefaults instantiates a new SecurityMonitoringRuleQueryPayloadData object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringRuleQueryPayloadDataWithDefaults() *SecurityMonitoringRuleQueryPayloadData { + this := SecurityMonitoringRuleQueryPayloadData{} + return &this +} + +// GetDdsource returns the Ddsource field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryPayloadData) GetDdsource() string { + if o == nil || o.Ddsource == nil { + var ret string + return ret + } + return *o.Ddsource +} + +// GetDdsourceOk returns a tuple with the Ddsource field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryPayloadData) GetDdsourceOk() (*string, bool) { + if o == nil || o.Ddsource == nil { + return nil, false + } + return o.Ddsource, true +} + +// HasDdsource returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryPayloadData) HasDdsource() bool { + return o != nil && o.Ddsource != nil +} + +// SetDdsource gets a reference to the given string and assigns it to the Ddsource field. +func (o *SecurityMonitoringRuleQueryPayloadData) SetDdsource(v string) { + o.Ddsource = &v +} + +// GetDdtags returns the Ddtags field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryPayloadData) GetDdtags() string { + if o == nil || o.Ddtags == nil { + var ret string + return ret + } + return *o.Ddtags +} + +// GetDdtagsOk returns a tuple with the Ddtags field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryPayloadData) GetDdtagsOk() (*string, bool) { + if o == nil || o.Ddtags == nil { + return nil, false + } + return o.Ddtags, true +} + +// HasDdtags returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryPayloadData) HasDdtags() bool { + return o != nil && o.Ddtags != nil +} + +// SetDdtags gets a reference to the given string and assigns it to the Ddtags field. +func (o *SecurityMonitoringRuleQueryPayloadData) SetDdtags(v string) { + o.Ddtags = &v +} + +// GetHostname returns the Hostname field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryPayloadData) GetHostname() string { + if o == nil || o.Hostname == nil { + var ret string + return ret + } + return *o.Hostname +} + +// GetHostnameOk returns a tuple with the Hostname field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryPayloadData) GetHostnameOk() (*string, bool) { + if o == nil || o.Hostname == nil { + return nil, false + } + return o.Hostname, true +} + +// HasHostname returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryPayloadData) HasHostname() bool { + return o != nil && o.Hostname != nil +} + +// SetHostname gets a reference to the given string and assigns it to the Hostname field. +func (o *SecurityMonitoringRuleQueryPayloadData) SetHostname(v string) { + o.Hostname = &v +} + +// GetMessage returns the Message field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryPayloadData) GetMessage() string { + if o == nil || o.Message == nil { + var ret string + return ret + } + return *o.Message +} + +// GetMessageOk returns a tuple with the Message field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryPayloadData) GetMessageOk() (*string, bool) { + if o == nil || o.Message == nil { + return nil, false + } + return o.Message, true +} + +// HasMessage returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryPayloadData) HasMessage() bool { + return o != nil && o.Message != nil +} + +// SetMessage gets a reference to the given string and assigns it to the Message field. +func (o *SecurityMonitoringRuleQueryPayloadData) SetMessage(v string) { + o.Message = &v +} + +// GetService returns the Service field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleQueryPayloadData) GetService() string { + if o == nil || o.Service == nil { + var ret string + return ret + } + return *o.Service +} + +// GetServiceOk returns a tuple with the Service field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleQueryPayloadData) GetServiceOk() (*string, bool) { + if o == nil || o.Service == nil { + return nil, false + } + return o.Service, true +} + +// HasService returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleQueryPayloadData) HasService() bool { + return o != nil && o.Service != nil +} + +// SetService gets a reference to the given string and assigns it to the Service field. +func (o *SecurityMonitoringRuleQueryPayloadData) SetService(v string) { + o.Service = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringRuleQueryPayloadData) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Ddsource != nil { + toSerialize["ddsource"] = o.Ddsource + } + if o.Ddtags != nil { + toSerialize["ddtags"] = o.Ddtags + } + if o.Hostname != nil { + toSerialize["hostname"] = o.Hostname + } + if o.Message != nil { + toSerialize["message"] = o.Message + } + if o.Service != nil { + toSerialize["service"] = o.Service + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringRuleQueryPayloadData) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Ddsource *string `json:"ddsource,omitempty"` + Ddtags *string `json:"ddtags,omitempty"` + Hostname *string `json:"hostname,omitempty"` + Message *string `json:"message,omitempty"` + Service *string `json:"service,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"ddsource", "ddtags", "hostname", "message", "service"}) + } else { + return err + } + o.Ddsource = all.Ddsource + o.Ddtags = all.Ddtags + o.Hostname = all.Hostname + o.Message = all.Message + o.Service = all.Service + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_security_monitoring_rule_test_request.go b/api/datadogV2/model_security_monitoring_rule_test_request.go new file mode 100644 index 00000000000..d9240aad2e9 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_rule_test_request.go @@ -0,0 +1,137 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// SecurityMonitoringRuleTestRequest Test the rule queries of a rule. +type SecurityMonitoringRuleTestRequest struct { + // Create a new rule. + Rule *SecurityMonitoringRuleCreatePayload `json:"rule,omitempty"` + // Data payloads used to test rules query with the expected result. + RuleQueryPayloads []SecurityMonitoringRuleQueryPayload `json:"ruleQueryPayloads,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} +} + +// NewSecurityMonitoringRuleTestRequest instantiates a new SecurityMonitoringRuleTestRequest object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringRuleTestRequest() *SecurityMonitoringRuleTestRequest { + this := SecurityMonitoringRuleTestRequest{} + return &this +} + +// NewSecurityMonitoringRuleTestRequestWithDefaults instantiates a new SecurityMonitoringRuleTestRequest object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringRuleTestRequestWithDefaults() *SecurityMonitoringRuleTestRequest { + this := SecurityMonitoringRuleTestRequest{} + return &this +} + +// GetRule returns the Rule field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleTestRequest) GetRule() SecurityMonitoringRuleCreatePayload { + if o == nil || o.Rule == nil { + var ret SecurityMonitoringRuleCreatePayload + return ret + } + return *o.Rule +} + +// GetRuleOk returns a tuple with the Rule field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleTestRequest) GetRuleOk() (*SecurityMonitoringRuleCreatePayload, bool) { + if o == nil || o.Rule == nil { + return nil, false + } + return o.Rule, true +} + +// HasRule returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleTestRequest) HasRule() bool { + return o != nil && o.Rule != nil +} + +// SetRule gets a reference to the given SecurityMonitoringRuleCreatePayload and assigns it to the Rule field. +func (o *SecurityMonitoringRuleTestRequest) SetRule(v SecurityMonitoringRuleCreatePayload) { + o.Rule = &v +} + +// GetRuleQueryPayloads returns the RuleQueryPayloads field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleTestRequest) GetRuleQueryPayloads() []SecurityMonitoringRuleQueryPayload { + if o == nil || o.RuleQueryPayloads == nil { + var ret []SecurityMonitoringRuleQueryPayload + return ret + } + return o.RuleQueryPayloads +} + +// GetRuleQueryPayloadsOk returns a tuple with the RuleQueryPayloads field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleTestRequest) GetRuleQueryPayloadsOk() (*[]SecurityMonitoringRuleQueryPayload, bool) { + if o == nil || o.RuleQueryPayloads == nil { + return nil, false + } + return &o.RuleQueryPayloads, true +} + +// HasRuleQueryPayloads returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleTestRequest) HasRuleQueryPayloads() bool { + return o != nil && o.RuleQueryPayloads != nil +} + +// SetRuleQueryPayloads gets a reference to the given []SecurityMonitoringRuleQueryPayload and assigns it to the RuleQueryPayloads field. +func (o *SecurityMonitoringRuleTestRequest) SetRuleQueryPayloads(v []SecurityMonitoringRuleQueryPayload) { + o.RuleQueryPayloads = v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringRuleTestRequest) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Rule != nil { + toSerialize["rule"] = o.Rule + } + if o.RuleQueryPayloads != nil { + toSerialize["ruleQueryPayloads"] = o.RuleQueryPayloads + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringRuleTestRequest) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Rule *SecurityMonitoringRuleCreatePayload `json:"rule,omitempty"` + RuleQueryPayloads []SecurityMonitoringRuleQueryPayload `json:"ruleQueryPayloads,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"rule", "ruleQueryPayloads"}) + } else { + return err + } + o.Rule = all.Rule + o.RuleQueryPayloads = all.RuleQueryPayloads + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_security_monitoring_rule_test_response.go b/api/datadogV2/model_security_monitoring_rule_test_response.go new file mode 100644 index 00000000000..c4f80a66245 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_rule_test_response.go @@ -0,0 +1,104 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// SecurityMonitoringRuleTestResponse Result of the test of the rule queries. +type SecurityMonitoringRuleTestResponse struct { + // Assert results are returned in the same order as the rule query payloads. + // For each payload, it returns True if the result matched the expected result, + // False otherwise. + Results []bool `json:"results,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} +} + +// NewSecurityMonitoringRuleTestResponse instantiates a new SecurityMonitoringRuleTestResponse object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringRuleTestResponse() *SecurityMonitoringRuleTestResponse { + this := SecurityMonitoringRuleTestResponse{} + return &this +} + +// NewSecurityMonitoringRuleTestResponseWithDefaults instantiates a new SecurityMonitoringRuleTestResponse object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringRuleTestResponseWithDefaults() *SecurityMonitoringRuleTestResponse { + this := SecurityMonitoringRuleTestResponse{} + return &this +} + +// GetResults returns the Results field value if set, zero value otherwise. +func (o *SecurityMonitoringRuleTestResponse) GetResults() []bool { + if o == nil || o.Results == nil { + var ret []bool + return ret + } + return o.Results +} + +// GetResultsOk returns a tuple with the Results field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringRuleTestResponse) GetResultsOk() (*[]bool, bool) { + if o == nil || o.Results == nil { + return nil, false + } + return &o.Results, true +} + +// HasResults returns a boolean if a field has been set. +func (o *SecurityMonitoringRuleTestResponse) HasResults() bool { + return o != nil && o.Results != nil +} + +// SetResults gets a reference to the given []bool and assigns it to the Results field. +func (o *SecurityMonitoringRuleTestResponse) SetResults(v []bool) { + o.Results = v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringRuleTestResponse) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Results != nil { + toSerialize["results"] = o.Results + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringRuleTestResponse) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Results []bool `json:"results,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"results"}) + } else { + return err + } + o.Results = all.Results + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/examples/v2/security-monitoring/TestExistingSecurityMonitoringRule.go b/examples/v2/security-monitoring/TestExistingSecurityMonitoringRule.go new file mode 100644 index 00000000000..041d4faa1d7 --- /dev/null +++ b/examples/v2/security-monitoring/TestExistingSecurityMonitoringRule.go @@ -0,0 +1,44 @@ +// Test an existing rule returns "OK" response + +package main + +import ( + "context" + "encoding/json" + "fmt" + "os" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" + "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" +) + +func main() { + body := datadogV2.SecurityMonitoringRuleTestRequest{ + RuleQueryPayloads: []datadogV2.SecurityMonitoringRuleQueryPayload{ + { + ExpectedResult: datadog.PtrBool(true), + Index: datadog.PtrInt64(0), + Payload: &datadogV2.SecurityMonitoringRuleQueryPayloadData{ + Ddsource: datadog.PtrString("nginx"), + Ddtags: datadog.PtrString("env:staging,version:5.1"), + Hostname: datadog.PtrString("i-012345678"), + Message: datadog.PtrString("2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World"), + Service: datadog.PtrString("payment"), + }, + }, + }, + } + ctx := datadog.NewDefaultContext(context.Background()) + configuration := datadog.NewConfiguration() + apiClient := datadog.NewAPIClient(configuration) + api := datadogV2.NewSecurityMonitoringApi(apiClient) + resp, r, err := api.TestExistingSecurityMonitoringRule(ctx, "rule_id", body) + + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.TestExistingSecurityMonitoringRule`: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + + responseContent, _ := json.MarshalIndent(resp, "", " ") + fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.TestExistingSecurityMonitoringRule`:\n%s\n", responseContent) +} diff --git a/examples/v2/security-monitoring/TestSecurityMonitoringRule.go b/examples/v2/security-monitoring/TestSecurityMonitoringRule.go new file mode 100644 index 00000000000..b1e625960ea --- /dev/null +++ b/examples/v2/security-monitoring/TestSecurityMonitoringRule.go @@ -0,0 +1,82 @@ +// Test a rule returns "OK" response + +package main + +import ( + "context" + "encoding/json" + "fmt" + "os" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" + "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" +) + +func main() { + body := datadogV2.SecurityMonitoringRuleTestRequest{ + Rule: &datadogV2.SecurityMonitoringRuleCreatePayload{ + SecurityMonitoringStandardRuleCreatePayload: &datadogV2.SecurityMonitoringStandardRuleCreatePayload{ + Cases: []datadogV2.SecurityMonitoringRuleCaseCreate{ + { + Name: datadog.PtrString(""), + Status: datadogV2.SECURITYMONITORINGRULESEVERITY_INFO, + Notifications: []string{}, + Condition: datadog.PtrString("a > 0"), + }, + }, + HasExtendedTitle: datadog.PtrBool(true), + IsEnabled: true, + Message: "My security monitoring rule message.", + Name: "My security monitoring rule.", + Options: datadogV2.SecurityMonitoringRuleOptions{ + DecreaseCriticalityBasedOnEnv: datadog.PtrBool(false), + DetectionMethod: datadogV2.SECURITYMONITORINGRULEDETECTIONMETHOD_THRESHOLD.Ptr(), + EvaluationWindow: datadogV2.SECURITYMONITORINGRULEEVALUATIONWINDOW_ZERO_MINUTES.Ptr(), + KeepAlive: datadogV2.SECURITYMONITORINGRULEKEEPALIVE_ZERO_MINUTES.Ptr(), + MaxSignalDuration: datadogV2.SECURITYMONITORINGRULEMAXSIGNALDURATION_ZERO_MINUTES.Ptr(), + }, + Queries: []datadogV2.SecurityMonitoringStandardRuleQuery{ + { + Query: datadog.PtrString("source:source_here"), + GroupByFields: []string{ + "@userIdentity.assumed_role", + }, + DistinctFields: []string{}, + Aggregation: datadogV2.SECURITYMONITORINGRULEQUERYAGGREGATION_COUNT.Ptr(), + Name: datadog.PtrString(""), + }, + }, + Tags: []string{ + "env:prod", + "team:security", + }, + Type: datadogV2.SECURITYMONITORINGRULETYPECREATE_LOG_DETECTION.Ptr(), + }}, + RuleQueryPayloads: []datadogV2.SecurityMonitoringRuleQueryPayload{ + { + ExpectedResult: datadog.PtrBool(true), + Index: datadog.PtrInt64(0), + Payload: &datadogV2.SecurityMonitoringRuleQueryPayloadData{ + Ddsource: datadog.PtrString("source_here"), + Ddtags: datadog.PtrString("env:staging,version:5.1"), + Hostname: datadog.PtrString("i-012345678"), + Message: datadog.PtrString("2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World"), + Service: datadog.PtrString("payment"), + }, + }, + }, + } + ctx := datadog.NewDefaultContext(context.Background()) + configuration := datadog.NewConfiguration() + apiClient := datadog.NewAPIClient(configuration) + api := datadogV2.NewSecurityMonitoringApi(apiClient) + resp, r, err := api.TestSecurityMonitoringRule(ctx, body) + + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.TestSecurityMonitoringRule`: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + + responseContent, _ := json.MarshalIndent(resp, "", " ") + fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.TestSecurityMonitoringRule`:\n%s\n", responseContent) +} diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Test_a_rule_returns_OK_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Test_a_rule_returns_OK_response.freeze new file mode 100644 index 00000000000..bfd08542442 --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Test_a_rule_returns_OK_response.freeze @@ -0,0 +1 @@ +2024-05-28T11:40:33.484Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Test_a_rule_returns_OK_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Test_a_rule_returns_OK_response.yaml new file mode 100644 index 00000000000..2b3e0d167d9 --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Test_a_rule_returns_OK_response.yaml @@ -0,0 +1,24 @@ +interactions: +- request: + body: | + {"rule":{"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule message.","name":"My security monitoring rule.","options":{"decreaseCriticalityBasedOnEnv":false,"detectionMethod":"threshold","evaluationWindow":0,"keepAlive":0,"maxSignalDuration":0},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":["@userIdentity.assumed_role"],"name":"","query":"source:source_here"}],"tags":["env:prod","team:security"],"type":"log_detection"},"ruleQueryPayloads":[{"expectedResult":true,"index":0,"payload":{"ddsource":"source_here","ddtags":"env:staging,version:5.1","hostname":"i-012345678","message":"2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World","service":"payment","userIdentity":{"assumed_role":"fake assumed_role"}}}]} + form: {} + headers: + Accept: + - application/json + Content-Type: + - application/json + id: 0 + method: POST + url: https://api.datadoghq.com/api/v2/security_monitoring/rules/test + response: + body: '{"results":[true]} + + ' + code: 200 + duration: 0ms + headers: + Content-Type: + - application/json + status: 200 OK +version: 2 diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature index 837998edb83..284dd5543cc 100644 --- a/tests/scenarios/features/v2/security_monitoring.feature +++ b/tests/scenarios/features/v2/security_monitoring.feature @@ -507,6 +507,52 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Test a rule returns "Bad Request" response + Given new "TestSecurityMonitoringRule" request + And body with value {"rule": {"cases": [], "filters": [{"action": "require"}], "hasExtendedTitle": true, "isEnabled": true, "message": "", "name": "My security monitoring rule.", "options": {"decreaseCriticalityBasedOnEnv": false, "detectionMethod": "threshold", "evaluationWindow": 0, "hardcodedEvaluatorType": "log4shell", "impossibleTravelOptions": {"baselineUserLocations": true}, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0, "learningMethod": "duration", "learningThreshold": 0}, "thirdPartyRuleOptions": {"defaultNotifications": [], "defaultStatus": "critical", "rootQueries": [{"groupByFields": [], "query": "source:cloudtrail"}]}}, "queries": [], "tags": ["env:prod", "team:security"], "thirdPartyCases": [], "type": "application_security"}, "ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} + When the request is sent + Then the response status is 400 Bad Request + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Test a rule returns "Not Found" response + Given new "TestSecurityMonitoringRule" request + And body with value {"rule": {"cases": [], "filters": [{"action": "require"}], "hasExtendedTitle": true, "isEnabled": true, "message": "", "name": "My security monitoring rule.", "options": {"decreaseCriticalityBasedOnEnv": false, "detectionMethod": "threshold", "evaluationWindow": 0, "hardcodedEvaluatorType": "log4shell", "impossibleTravelOptions": {"baselineUserLocations": true}, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0, "learningMethod": "duration", "learningThreshold": 0}, "thirdPartyRuleOptions": {"defaultNotifications": [], "defaultStatus": "critical", "rootQueries": [{"groupByFields": [], "query": "source:cloudtrail"}]}}, "queries": [], "tags": ["env:prod", "team:security"], "thirdPartyCases": [], "type": "application_security"}, "ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} + When the request is sent + Then the response status is 404 Not Found + + @skip-go @skip-java @skip-ruby @skip-typescript @team:DataDog/k9-cloud-security-platform + Scenario: Test a rule returns "OK" response + Given new "TestSecurityMonitoringRule" request + And body with value {"rule": {"cases": [{"name": "","status": "info","notifications": [],"condition": "a > 0"}],"hasExtendedTitle": true,"isEnabled": true,"message": "My security monitoring rule message.","name": "My security monitoring rule.","options": {"decreaseCriticalityBasedOnEnv": false,"detectionMethod": "threshold","evaluationWindow": 0,"keepAlive": 0,"maxSignalDuration": 0},"queries": [{"query": "source:source_here","groupByFields": ["@userIdentity.assumed_role"],"distinctFields": [],"aggregation": "count","name": ""}],"tags": ["env:prod", "team:security"],"type": "log_detection"}, "ruleQueryPayloads": [{"expectedResult": true,"index": 0,"payload": {"ddsource": "source_here","ddtags": "env:staging,version:5.1","hostname": "i-012345678","message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World","service": "payment","userIdentity": {"assumed_role" : "fake assumed_role"}}}]} + When the request is sent + Then the response status is 200 OK + And the response "results[0]" is equal to true + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Test an existing rule returns "Bad Request" response + Given new "TestExistingSecurityMonitoringRule" request + And request contains "rule_id" parameter from "REPLACE.ME" + And body with value {"ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} + When the request is sent + Then the response status is 400 Bad Request + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Test an existing rule returns "Not Found" response + Given new "TestExistingSecurityMonitoringRule" request + And request contains "rule_id" parameter from "REPLACE.ME" + And body with value {"ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} + When the request is sent + Then the response status is 404 Not Found + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Test an existing rule returns "OK" response + Given new "TestExistingSecurityMonitoringRule" request + And request contains "rule_id" parameter from "REPLACE.ME" + And body with value {"ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} + When the request is sent + Then the response status is 200 OK + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Update a cloud configuration rule's details returns "OK" response Given new "UpdateSecurityMonitoringRule" request diff --git a/tests/scenarios/features/v2/undo.json b/tests/scenarios/features/v2/undo.json index 2b113708cd4..64b171c6ab8 100644 --- a/tests/scenarios/features/v2/undo.json +++ b/tests/scenarios/features/v2/undo.json @@ -1751,6 +1751,12 @@ "type": "unsafe" } }, + "TestSecurityMonitoringRule": { + "tag": "Security Monitoring", + "undo": { + "type": "idempotent" + } + }, "ValidateSecurityMonitoringRule": { "tag": "Security Monitoring", "undo": { @@ -1775,6 +1781,12 @@ "type": "idempotent" } }, + "TestExistingSecurityMonitoringRule": { + "tag": "Security Monitoring", + "undo": { + "type": "idempotent" + } + }, "ListSecurityMonitoringSignals": { "tag": "Security Monitoring", "undo": {