diff --git a/.apigentools-info b/.apigentools-info index bd380bdc6d..2fcbea8342 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2024-05-23 19:28:57.806361", - "spec_repo_commit": "b9b11fda" + "regenerated": "2024-05-28 16:29:25.422563", + "spec_repo_commit": "9445af96" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2024-05-23 19:28:57.823164", - "spec_repo_commit": "b9b11fda" + "regenerated": "2024-05-28 16:29:25.439213", + "spec_repo_commit": "9445af96" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index df914f1937..86a5176f5e 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -17407,6 +17407,47 @@ components: - GEO_DATA - EVENT_COUNT - NONE + SecurityMonitoringRuleQueryPayload: + description: Payload to test a rule query with the expected result. + properties: + expectedResult: + description: Expected result of the test. + example: true + type: boolean + index: + description: Index of the query under test. + example: 0 + format: int64 + minimum: 0 + type: integer + payload: + $ref: '#/components/schemas/SecurityMonitoringRuleQueryPayloadData' + type: object + SecurityMonitoringRuleQueryPayloadData: + additionalProperties: {} + description: Payload used to test the rule query. + properties: + ddsource: + description: Source of the payload. + example: nginx + type: string + ddtags: + description: Tags associated with your data. + example: env:staging,version:5.1 + type: string + hostname: + description: The name of the originating host of the log. + example: i-012345678 + type: string + message: + description: The message of the payload. + example: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World + type: string + service: + description: The name of the application or service generating the data. + example: payment + type: string + type: object SecurityMonitoringRuleResponse: description: Create a new rule. oneOf: @@ -17428,6 +17469,31 @@ components: - MEDIUM - HIGH - CRITICAL + SecurityMonitoringRuleTestRequest: + description: Test the rule queries of a rule. + properties: + rule: + $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload' + ruleQueryPayloads: + description: Data payloads used to test rules query with the expected result. + items: + $ref: '#/components/schemas/SecurityMonitoringRuleQueryPayload' + type: array + type: object + SecurityMonitoringRuleTestResponse: + description: Result of the test of the rule queries. + properties: + results: + description: 'Assert results are returned in the same order as the rule + query payloads. + + For each payload, it returns True if the result matched the expected result, + + False otherwise.' + items: + type: boolean + type: array + type: object SecurityMonitoringRuleThirdPartyOptions: description: Options on third party rules. properties: @@ -32551,6 +32617,42 @@ paths: tags: - Security Monitoring x-codegen-request-body-name: body + /api/v2/security_monitoring/rules/test: + post: + description: Test a rule. + operationId: TestSecurityMonitoringRule + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringRuleTestRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringRuleTestResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '401': + $ref: '#/components/responses/ConcurrentModificationResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_write + summary: Test a rule + tags: + - Security Monitoring + x-codegen-request-body-name: body /api/v2/security_monitoring/rules/validation: post: description: Validate a detection rule. @@ -32672,6 +32774,44 @@ paths: tags: - Security Monitoring x-codegen-request-body-name: body + /api/v2/security_monitoring/rules/{rule_id}/test: + post: + description: Test an existing rule. + operationId: TestExistingSecurityMonitoringRule + parameters: + - $ref: '#/components/parameters/SecurityMonitoringRuleID' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringRuleTestRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringRuleTestResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '401': + $ref: '#/components/responses/ConcurrentModificationResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_write + summary: Test an existing rule + tags: + - Security Monitoring + x-codegen-request-body-name: body /api/v2/security_monitoring/signals: get: description: 'The list endpoint returns security signals that match a search diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index 1787e05cd3..5d4e86e510 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -7862,6 +7862,20 @@ security\_monitoring\_rule\_query\_aggregation :members: :show-inheritance: +security\_monitoring\_rule\_query\_payload +------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_query_payload + :members: + :show-inheritance: + +security\_monitoring\_rule\_query\_payload\_data +------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_query_payload_data + :members: + :show-inheritance: + security\_monitoring\_rule\_response ------------------------------------ @@ -7876,6 +7890,20 @@ security\_monitoring\_rule\_severity :members: :show-inheritance: +security\_monitoring\_rule\_test\_request +----------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_test_request + :members: + :show-inheritance: + +security\_monitoring\_rule\_test\_response +------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_test_response + :members: + :show-inheritance: + security\_monitoring\_rule\_third\_party\_options ------------------------------------------------- diff --git a/examples/v2/security-monitoring/TestExistingSecurityMonitoringRule.py b/examples/v2/security-monitoring/TestExistingSecurityMonitoringRule.py new file mode 100644 index 0000000000..c378557f2a --- /dev/null +++ b/examples/v2/security-monitoring/TestExistingSecurityMonitoringRule.py @@ -0,0 +1,34 @@ +""" +Test an existing rule returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi +from datadog_api_client.v2.model.security_monitoring_rule_query_payload import SecurityMonitoringRuleQueryPayload +from datadog_api_client.v2.model.security_monitoring_rule_query_payload_data import ( + SecurityMonitoringRuleQueryPayloadData, +) +from datadog_api_client.v2.model.security_monitoring_rule_test_request import SecurityMonitoringRuleTestRequest + +body = SecurityMonitoringRuleTestRequest( + rule_query_payloads=[ + SecurityMonitoringRuleQueryPayload( + expected_result=True, + index=0, + payload=SecurityMonitoringRuleQueryPayloadData( + ddsource="nginx", + ddtags="env:staging,version:5.1", + hostname="i-012345678", + message="2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", + service="payment", + ), + ), + ], +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.test_existing_security_monitoring_rule(rule_id="rule_id", body=body) + + print(response) diff --git a/examples/v2/security-monitoring/TestSecurityMonitoringRule.py b/examples/v2/security-monitoring/TestSecurityMonitoringRule.py new file mode 100644 index 0000000000..6682a65983 --- /dev/null +++ b/examples/v2/security-monitoring/TestSecurityMonitoringRule.py @@ -0,0 +1,91 @@ +""" +Test a rule returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi +from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate +from datadog_api_client.v2.model.security_monitoring_rule_detection_method import SecurityMonitoringRuleDetectionMethod +from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import ( + SecurityMonitoringRuleEvaluationWindow, +) +from datadog_api_client.v2.model.security_monitoring_rule_keep_alive import SecurityMonitoringRuleKeepAlive +from datadog_api_client.v2.model.security_monitoring_rule_max_signal_duration import ( + SecurityMonitoringRuleMaxSignalDuration, +) +from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions +from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import ( + SecurityMonitoringRuleQueryAggregation, +) +from datadog_api_client.v2.model.security_monitoring_rule_query_payload import SecurityMonitoringRuleQueryPayload +from datadog_api_client.v2.model.security_monitoring_rule_query_payload_data import ( + SecurityMonitoringRuleQueryPayloadData, +) +from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity +from datadog_api_client.v2.model.security_monitoring_rule_test_request import SecurityMonitoringRuleTestRequest +from datadog_api_client.v2.model.security_monitoring_rule_type_create import SecurityMonitoringRuleTypeCreate +from datadog_api_client.v2.model.security_monitoring_standard_rule_create_payload import ( + SecurityMonitoringStandardRuleCreatePayload, +) +from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery + +body = SecurityMonitoringRuleTestRequest( + rule=SecurityMonitoringStandardRuleCreatePayload( + cases=[ + SecurityMonitoringRuleCaseCreate( + name="", + status=SecurityMonitoringRuleSeverity.INFO, + notifications=[], + condition="a > 0", + ), + ], + has_extended_title=True, + is_enabled=True, + message="My security monitoring rule message.", + name="My security monitoring rule.", + options=SecurityMonitoringRuleOptions( + decrease_criticality_based_on_env=False, + detection_method=SecurityMonitoringRuleDetectionMethod.THRESHOLD, + evaluation_window=SecurityMonitoringRuleEvaluationWindow.ZERO_MINUTES, + keep_alive=SecurityMonitoringRuleKeepAlive.ZERO_MINUTES, + max_signal_duration=SecurityMonitoringRuleMaxSignalDuration.ZERO_MINUTES, + ), + queries=[ + SecurityMonitoringStandardRuleQuery( + query="source:source_here", + group_by_fields=[ + "@userIdentity.assumed_role", + ], + distinct_fields=[], + aggregation=SecurityMonitoringRuleQueryAggregation.COUNT, + name="", + ), + ], + tags=[ + "env:prod", + "team:security", + ], + type=SecurityMonitoringRuleTypeCreate.LOG_DETECTION, + ), + rule_query_payloads=[ + SecurityMonitoringRuleQueryPayload( + expected_result=True, + index=0, + payload=SecurityMonitoringRuleQueryPayloadData( + ddsource="source_here", + ddtags="env:staging,version:5.1", + hostname="i-012345678", + message="2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", + service="payment", + user_identity=dict([("assumed_role", "fake assumed_role")]), + ), + ), + ], +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.test_security_monitoring_rule(body=body) + + print(response) diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index 9362ac5762..2ca2407a55 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -44,6 +44,8 @@ SecurityMonitoringSignalRuleCreatePayload, ) from datadog_api_client.v2.model.cloud_configuration_rule_create_payload import CloudConfigurationRuleCreatePayload +from datadog_api_client.v2.model.security_monitoring_rule_test_response import SecurityMonitoringRuleTestResponse +from datadog_api_client.v2.model.security_monitoring_rule_test_request import SecurityMonitoringRuleTestRequest from datadog_api_client.v2.model.security_monitoring_rule_update_payload import SecurityMonitoringRuleUpdatePayload from datadog_api_client.v2.model.security_monitoring_signals_list_response import SecurityMonitoringSignalsListResponse from datadog_api_client.v2.model.security_monitoring_signals_sort import SecurityMonitoringSignalsSort @@ -636,6 +638,52 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._test_existing_security_monitoring_rule_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringRuleTestResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/rules/{rule_id}/test", + "operation_id": "test_existing_security_monitoring_rule", + "http_method": "POST", + "version": "v2", + }, + params_map={ + "rule_id": { + "required": True, + "openapi_types": (str,), + "attribute": "rule_id", + "location": "path", + }, + "body": { + "required": True, + "openapi_types": (SecurityMonitoringRuleTestRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + + self._test_security_monitoring_rule_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringRuleTestResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/rules/test", + "operation_id": "test_security_monitoring_rule", + "http_method": "POST", + "version": "v2", + }, + params_map={ + "body": { + "required": True, + "openapi_types": (SecurityMonitoringRuleTestRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + self._update_security_filter_endpoint = _Endpoint( settings={ "response_type": (SecurityFilterResponse,), @@ -1456,6 +1504,43 @@ def search_security_monitoring_signals_with_pagination( } return endpoint.call_with_http_info_paginated(pagination) + def test_existing_security_monitoring_rule( + self, + rule_id: str, + body: SecurityMonitoringRuleTestRequest, + ) -> SecurityMonitoringRuleTestResponse: + """Test an existing rule. + + Test an existing rule. + + :param rule_id: The ID of the rule. + :type rule_id: str + :type body: SecurityMonitoringRuleTestRequest + :rtype: SecurityMonitoringRuleTestResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["rule_id"] = rule_id + + kwargs["body"] = body + + return self._test_existing_security_monitoring_rule_endpoint.call_with_http_info(**kwargs) + + def test_security_monitoring_rule( + self, + body: SecurityMonitoringRuleTestRequest, + ) -> SecurityMonitoringRuleTestResponse: + """Test a rule. + + Test a rule. + + :type body: SecurityMonitoringRuleTestRequest + :rtype: SecurityMonitoringRuleTestResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["body"] = body + + return self._test_security_monitoring_rule_endpoint.call_with_http_info(**kwargs) + def update_security_filter( self, security_filter_id: str, diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_query_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_query_payload.py new file mode 100644 index 0000000000..0901585d15 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_query_payload.py @@ -0,0 +1,72 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_rule_query_payload_data import ( + SecurityMonitoringRuleQueryPayloadData, + ) + + +class SecurityMonitoringRuleQueryPayload(ModelNormal): + validations = { + "index": { + "inclusive_minimum": 0, + }, + } + + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_rule_query_payload_data import ( + SecurityMonitoringRuleQueryPayloadData, + ) + + return { + "expected_result": (bool,), + "index": (int,), + "payload": (SecurityMonitoringRuleQueryPayloadData,), + } + + attribute_map = { + "expected_result": "expectedResult", + "index": "index", + "payload": "payload", + } + + def __init__( + self_, + expected_result: Union[bool, UnsetType] = unset, + index: Union[int, UnsetType] = unset, + payload: Union[SecurityMonitoringRuleQueryPayloadData, UnsetType] = unset, + **kwargs, + ): + """ + Payload to test a rule query with the expected result. + + :param expected_result: Expected result of the test. + :type expected_result: bool, optional + + :param index: Index of the query under test. + :type index: int, optional + + :param payload: Payload used to test the rule query. + :type payload: SecurityMonitoringRuleQueryPayloadData, optional + """ + if expected_result is not unset: + kwargs["expected_result"] = expected_result + if index is not unset: + kwargs["index"] = index + if payload is not unset: + kwargs["payload"] = payload + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_query_payload_data.py b/src/datadog_api_client/v2/model/security_monitoring_rule_query_payload_data.py new file mode 100644 index 0000000000..7236f4a69e --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_query_payload_data.py @@ -0,0 +1,91 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + date, + datetime, + none_type, + unset, + UnsetType, + UUID, +) + + +class SecurityMonitoringRuleQueryPayloadData(ModelNormal): + @cached_property + def additional_properties_type(_): + return ( + bool, + date, + datetime, + dict, + float, + int, + list, + str, + UUID, + none_type, + ) + + @cached_property + def openapi_types(_): + return { + "ddsource": (str,), + "ddtags": (str,), + "hostname": (str,), + "message": (str,), + "service": (str,), + } + + attribute_map = { + "ddsource": "ddsource", + "ddtags": "ddtags", + "hostname": "hostname", + "message": "message", + "service": "service", + } + + def __init__( + self_, + ddsource: Union[str, UnsetType] = unset, + ddtags: Union[str, UnsetType] = unset, + hostname: Union[str, UnsetType] = unset, + message: Union[str, UnsetType] = unset, + service: Union[str, UnsetType] = unset, + **kwargs, + ): + """ + Payload used to test the rule query. + + :param ddsource: Source of the payload. + :type ddsource: str, optional + + :param ddtags: Tags associated with your data. + :type ddtags: str, optional + + :param hostname: The name of the originating host of the log. + :type hostname: str, optional + + :param message: The message of the payload. + :type message: str, optional + + :param service: The name of the application or service generating the data. + :type service: str, optional + """ + if ddsource is not unset: + kwargs["ddsource"] = ddsource + if ddtags is not unset: + kwargs["ddtags"] = ddtags + if hostname is not unset: + kwargs["hostname"] = hostname + if message is not unset: + kwargs["message"] = message + if service is not unset: + kwargs["service"] = service + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_test_request.py b/src/datadog_api_client/v2/model/security_monitoring_rule_test_request.py new file mode 100644 index 0000000000..6993aced10 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_test_request.py @@ -0,0 +1,73 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_rule_create_payload import SecurityMonitoringRuleCreatePayload + from datadog_api_client.v2.model.security_monitoring_rule_query_payload import SecurityMonitoringRuleQueryPayload + from datadog_api_client.v2.model.security_monitoring_standard_rule_create_payload import ( + SecurityMonitoringStandardRuleCreatePayload, + ) + from datadog_api_client.v2.model.security_monitoring_signal_rule_create_payload import ( + SecurityMonitoringSignalRuleCreatePayload, + ) + from datadog_api_client.v2.model.cloud_configuration_rule_create_payload import CloudConfigurationRuleCreatePayload + + +class SecurityMonitoringRuleTestRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_rule_create_payload import ( + SecurityMonitoringRuleCreatePayload, + ) + from datadog_api_client.v2.model.security_monitoring_rule_query_payload import ( + SecurityMonitoringRuleQueryPayload, + ) + + return { + "rule": (SecurityMonitoringRuleCreatePayload,), + "rule_query_payloads": ([SecurityMonitoringRuleQueryPayload],), + } + + attribute_map = { + "rule": "rule", + "rule_query_payloads": "ruleQueryPayloads", + } + + def __init__( + self_, + rule: Union[ + SecurityMonitoringRuleCreatePayload, + SecurityMonitoringStandardRuleCreatePayload, + SecurityMonitoringSignalRuleCreatePayload, + CloudConfigurationRuleCreatePayload, + UnsetType, + ] = unset, + rule_query_payloads: Union[List[SecurityMonitoringRuleQueryPayload], UnsetType] = unset, + **kwargs, + ): + """ + Test the rule queries of a rule. + + :param rule: Create a new rule. + :type rule: SecurityMonitoringRuleCreatePayload, optional + + :param rule_query_payloads: Data payloads used to test rules query with the expected result. + :type rule_query_payloads: [SecurityMonitoringRuleQueryPayload], optional + """ + if rule is not unset: + kwargs["rule"] = rule + if rule_query_payloads is not unset: + kwargs["rule_query_payloads"] = rule_query_payloads + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_test_response.py b/src/datadog_api_client/v2/model/security_monitoring_rule_test_response.py new file mode 100644 index 0000000000..e275217211 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_test_response.py @@ -0,0 +1,38 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +class SecurityMonitoringRuleTestResponse(ModelNormal): + @cached_property + def openapi_types(_): + return { + "results": ([bool],), + } + + attribute_map = { + "results": "results", + } + + def __init__(self_, results: Union[List[bool], UnsetType] = unset, **kwargs): + """ + Result of the test of the rule queries. + + :param results: Assert results are returned in the same order as the rule query payloads. + For each payload, it returns True if the result matched the expected result, + False otherwise. + :type results: [bool], optional + """ + if results is not unset: + kwargs["results"] = results + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 1d0762917a..d036bb72d1 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -1330,8 +1330,14 @@ from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import ( SecurityMonitoringRuleQueryAggregation, ) +from datadog_api_client.v2.model.security_monitoring_rule_query_payload import SecurityMonitoringRuleQueryPayload +from datadog_api_client.v2.model.security_monitoring_rule_query_payload_data import ( + SecurityMonitoringRuleQueryPayloadData, +) from datadog_api_client.v2.model.security_monitoring_rule_response import SecurityMonitoringRuleResponse from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity +from datadog_api_client.v2.model.security_monitoring_rule_test_request import SecurityMonitoringRuleTestRequest +from datadog_api_client.v2.model.security_monitoring_rule_test_response import SecurityMonitoringRuleTestResponse from datadog_api_client.v2.model.security_monitoring_rule_third_party_options import ( SecurityMonitoringRuleThirdPartyOptions, ) @@ -2924,8 +2930,12 @@ "SecurityMonitoringRuleOptions", "SecurityMonitoringRuleQuery", "SecurityMonitoringRuleQueryAggregation", + "SecurityMonitoringRuleQueryPayload", + "SecurityMonitoringRuleQueryPayloadData", "SecurityMonitoringRuleResponse", "SecurityMonitoringRuleSeverity", + "SecurityMonitoringRuleTestRequest", + "SecurityMonitoringRuleTestResponse", "SecurityMonitoringRuleThirdPartyOptions", "SecurityMonitoringRuleTypeCreate", "SecurityMonitoringRuleTypeRead", diff --git a/tests/v2/cassettes/test_scenarios/test_test_a_rule_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_test_a_rule_returns_ok_response.frozen new file mode 100644 index 0000000000..bfd0854244 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_test_a_rule_returns_ok_response.frozen @@ -0,0 +1 @@ +2024-05-28T11:40:33.484Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_test_a_rule_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_test_a_rule_returns_ok_response.yaml new file mode 100644 index 0000000000..64e0a1b4df --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_test_a_rule_returns_ok_response.yaml @@ -0,0 +1,25 @@ +interactions: +- request: + body: '{"rule":{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My + security monitoring rule message.","name":"My security monitoring rule.","options":{"decreaseCriticalityBasedOnEnv":false,"detectionMethod":"threshold","evaluationWindow":0,"keepAlive":0,"maxSignalDuration":0},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":["@userIdentity.assumed_role"],"name":"","query":"source:source_here"}],"tags":["env:prod","team:security"],"type":"log_detection"},"ruleQueryPayloads":[{"expectedResult":true,"index":0,"payload":{"ddsource":"source_here","ddtags":"env:staging,version:5.1","hostname":"i-012345678","message":"2019-11-19T14:37:58,995 + INFO [process.name][20081] Hello World","service":"payment","userIdentity":{"assumed_role":"fake + assumed_role"}}}]}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/test + response: + body: + string: '{"results":[true]} + + ' + headers: + content-type: + - application/json + status: + code: 200 + message: OK +version: 1 diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index 837998edb8..284dd5543c 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -507,6 +507,52 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Test a rule returns "Bad Request" response + Given new "TestSecurityMonitoringRule" request + And body with value {"rule": {"cases": [], "filters": [{"action": "require"}], "hasExtendedTitle": true, "isEnabled": true, "message": "", "name": "My security monitoring rule.", "options": {"decreaseCriticalityBasedOnEnv": false, "detectionMethod": "threshold", "evaluationWindow": 0, "hardcodedEvaluatorType": "log4shell", "impossibleTravelOptions": {"baselineUserLocations": true}, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0, "learningMethod": "duration", "learningThreshold": 0}, "thirdPartyRuleOptions": {"defaultNotifications": [], "defaultStatus": "critical", "rootQueries": [{"groupByFields": [], "query": "source:cloudtrail"}]}}, "queries": [], "tags": ["env:prod", "team:security"], "thirdPartyCases": [], "type": "application_security"}, "ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} + When the request is sent + Then the response status is 400 Bad Request + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Test a rule returns "Not Found" response + Given new "TestSecurityMonitoringRule" request + And body with value {"rule": {"cases": [], "filters": [{"action": "require"}], "hasExtendedTitle": true, "isEnabled": true, "message": "", "name": "My security monitoring rule.", "options": {"decreaseCriticalityBasedOnEnv": false, "detectionMethod": "threshold", "evaluationWindow": 0, "hardcodedEvaluatorType": "log4shell", "impossibleTravelOptions": {"baselineUserLocations": true}, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0, "learningMethod": "duration", "learningThreshold": 0}, "thirdPartyRuleOptions": {"defaultNotifications": [], "defaultStatus": "critical", "rootQueries": [{"groupByFields": [], "query": "source:cloudtrail"}]}}, "queries": [], "tags": ["env:prod", "team:security"], "thirdPartyCases": [], "type": "application_security"}, "ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} + When the request is sent + Then the response status is 404 Not Found + + @skip-go @skip-java @skip-ruby @skip-typescript @team:DataDog/k9-cloud-security-platform + Scenario: Test a rule returns "OK" response + Given new "TestSecurityMonitoringRule" request + And body with value {"rule": {"cases": [{"name": "","status": "info","notifications": [],"condition": "a > 0"}],"hasExtendedTitle": true,"isEnabled": true,"message": "My security monitoring rule message.","name": "My security monitoring rule.","options": {"decreaseCriticalityBasedOnEnv": false,"detectionMethod": "threshold","evaluationWindow": 0,"keepAlive": 0,"maxSignalDuration": 0},"queries": [{"query": "source:source_here","groupByFields": ["@userIdentity.assumed_role"],"distinctFields": [],"aggregation": "count","name": ""}],"tags": ["env:prod", "team:security"],"type": "log_detection"}, "ruleQueryPayloads": [{"expectedResult": true,"index": 0,"payload": {"ddsource": "source_here","ddtags": "env:staging,version:5.1","hostname": "i-012345678","message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World","service": "payment","userIdentity": {"assumed_role" : "fake assumed_role"}}}]} + When the request is sent + Then the response status is 200 OK + And the response "results[0]" is equal to true + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Test an existing rule returns "Bad Request" response + Given new "TestExistingSecurityMonitoringRule" request + And request contains "rule_id" parameter from "REPLACE.ME" + And body with value {"ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} + When the request is sent + Then the response status is 400 Bad Request + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Test an existing rule returns "Not Found" response + Given new "TestExistingSecurityMonitoringRule" request + And request contains "rule_id" parameter from "REPLACE.ME" + And body with value {"ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} + When the request is sent + Then the response status is 404 Not Found + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Test an existing rule returns "OK" response + Given new "TestExistingSecurityMonitoringRule" request + And request contains "rule_id" parameter from "REPLACE.ME" + And body with value {"ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} + When the request is sent + Then the response status is 200 OK + @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Update a cloud configuration rule's details returns "OK" response Given new "UpdateSecurityMonitoringRule" request diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index 2b113708cd..64b171c6ab 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -1751,6 +1751,12 @@ "type": "unsafe" } }, + "TestSecurityMonitoringRule": { + "tag": "Security Monitoring", + "undo": { + "type": "idempotent" + } + }, "ValidateSecurityMonitoringRule": { "tag": "Security Monitoring", "undo": { @@ -1775,6 +1781,12 @@ "type": "idempotent" } }, + "TestExistingSecurityMonitoringRule": { + "tag": "Security Monitoring", + "undo": { + "type": "idempotent" + } + }, "ListSecurityMonitoringSignals": { "tag": "Security Monitoring", "undo": {