Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[security_monitoring_rule] Support Third Party rules #2231

Merged
merged 10 commits into from
Jan 16, 2024
Merged

[security_monitoring_rule] Support Third Party rules #2231

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b1124ed
Bump Datadog API client to latest commit
pietrodll Jan 5, 2024
4ce45e4
[resource_datadog_security_monitoring_rule] Support Third Party detec…
pietrodll Jan 8, 2024
f745170
[resource_datadog_security_monitoring_rule] Use parseStringArray util…
pietrodll Jan 8, 2024
894aeea
[resource_datadog_security_monitoring_rule] Generate documentation
pietrodll Jan 8, 2024
5bbcee0
[service_level_objective] Generate documentation following API client…
pietrodll Jan 8, 2024
1e4872a
Code review: documentation suggestions
pietrodll Jan 9, 2024
add3f61
Merge branch 'master' into pietrodll/security-monitoring-third-party-…
pietrodll Jan 9, 2024
4d7a215
Re-record security monitoring cassettes
pietrodll Jan 9, 2024
0676ce3
rerecord all failing tests that changed from the PR/go sdk bump, mark…
nkzou Jan 9, 2024
c1dbe1e
Merge branch 'master' into pietrodll/security-monitoring-third-party-…
nkzou Jan 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
490 changes: 365 additions & 125 deletions datadog/resource_datadog_security_monitoring_rule.go
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 0 additions & 1 deletion datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRuleDatasource.freeze
View file
Open in desktop

This file was deleted.

4,268 changes: 0 additions & 4,268 deletions datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRuleDatasource.yaml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_Basic.freeze
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2023-03-17T18:50:07.484182-04:00
2024-01-09T15:28:23.69789+01:00
642 changes: 423 additions & 219 deletions datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_Basic.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_CwsRule.freeze
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2023-03-17T18:45:06.228474-04:00
2024-01-09T15:28:23.690166+01:00
483 changes: 318 additions & 165 deletions datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_CwsRule.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_Import.freeze
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2022-10-13T14:12:00.249011+02:00
2024-01-09T15:28:23.693519+01:00
265 changes: 175 additions & 90 deletions datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_Import.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,92 +1,177 @@
---
version: 2
interactions:
- request:
body: |
{"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"high"}],"hasExtendedTitle":false,"isEnabled":true,"message":"acceptance rule triggered","name":"tf-TestAccDatadogSecurityMonitoringRule_Import-local-1665663120","options":{"decreaseCriticalityBasedOnEnv":false,"detectionMethod":"threshold","evaluationWindow":300,"keepAlive":600,"maxSignalDuration":900},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":["host"],"metric":"","name":"","query":"does not really match much"}],"type":"log_detection"}
form: {}
headers:
Accept:
- application/json
Content-Type:
- application/json
url: https://api.datadoghq.com/api/v2/security_monitoring/rules
method: POST
id: 0
response:
body: |
{"creationAuthorId":1445416,"tags":[],"isEnabled":true,"hasExtendedTitle":false,"message":"acceptance rule triggered","options":{"decreaseCriticalityBasedOnEnv":false,"detectionMethod":"threshold","evaluationWindow":300,"maxSignalDuration":900,"keepAlive":600},"version":1,"createdAt":1665663121765,"filters":[],"queries":[{"query":"does not really match much","groupByFields":["host"],"aggregation":"count","name":"","distinctFields":[]}],"isDeleted":false,"cases":[{"status":"high","notifications":[],"name":"","condition":"a > 0"}],"type":"log_detection","id":"ccr-aoo-xc2","isDefault":false,"name":"tf-TestAccDatadogSecurityMonitoringRule_Import-local-1665663120"}
headers:
Content-Type:
- application/json
status: 200 OK
code: 200
duration: "0ms"
- request:
body: ""
form: {}
headers:
Accept:
- application/json
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/ccr-aoo-xc2
method: GET
id: 1
response:
body: |
{"creationAuthorId":1445416,"tags":[],"isEnabled":true,"hasExtendedTitle":false,"message":"acceptance rule triggered","options":{"decreaseCriticalityBasedOnEnv":false,"detectionMethod":"threshold","evaluationWindow":300,"maxSignalDuration":900,"keepAlive":600},"version":1,"createdAt":1665663121765,"filters":[],"queries":[{"query":"does not really match much","groupByFields":["host"],"aggregation":"count","name":"","distinctFields":[]}],"isDeleted":false,"cases":[{"status":"high","notifications":[],"name":"","condition":"a > 0"}],"type":"log_detection","id":"ccr-aoo-xc2","isDefault":false,"name":"tf-TestAccDatadogSecurityMonitoringRule_Import-local-1665663120"}
headers:
Content-Type:
- application/json
status: 200 OK
code: 200
duration: "0ms"
- request:
body: ""
form: {}
headers:
Accept:
- application/json
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/ccr-aoo-xc2
method: GET
id: 2
response:
body: |
{"creationAuthorId":1445416,"tags":[],"isEnabled":true,"hasExtendedTitle":false,"message":"acceptance rule triggered","options":{"decreaseCriticalityBasedOnEnv":false,"detectionMethod":"threshold","evaluationWindow":300,"maxSignalDuration":900,"keepAlive":600},"version":1,"createdAt":1665663121765,"filters":[],"queries":[{"query":"does not really match much","groupByFields":["host"],"aggregation":"count","name":"","distinctFields":[]}],"isDeleted":false,"cases":[{"status":"high","notifications":[],"name":"","condition":"a > 0"}],"type":"log_detection","id":"ccr-aoo-xc2","isDefault":false,"name":"tf-TestAccDatadogSecurityMonitoringRule_Import-local-1665663120"}
headers:
Content-Type:
- application/json
status: 200 OK
code: 200
duration: "0ms"
- request:
body: ""
form: {}
headers:
Accept:
- '*/*'
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/ccr-aoo-xc2
method: DELETE
id: 3
response:
body: ""
headers: {}
status: 204 No Content
code: 204
duration: "0ms"
- request:
body: ""
form: {}
headers:
Accept:
- application/json
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/ccr-aoo-xc2
method: GET
id: 4
response:
body: |
{"errors":["Threat detection rule not found: ccr-aoo-xc2"]}
headers:
Content-Type:
- application/json
status: 404 Not Found
code: 404
duration: "0ms"
- id: 0
request:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 556
transfer_encoding: []
trailer: {}
host: api.datadoghq.com
remote_addr: ""
request_uri: ""
body: |
{"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"high"}],"hasExtendedTitle":false,"isEnabled":true,"message":"acceptance rule triggered","name":"tf-TestAccDatadogSecurityMonitoringRule_Import-local-1704810503","options":{"decreaseCriticalityBasedOnEnv":false,"detectionMethod":"threshold","evaluationWindow":300,"keepAlive":600,"maxSignalDuration":900},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":["host"],"metric":"","metrics":[],"name":"","query":"does not really match much"}],"type":"log_detection"}
form: {}
headers:
Accept:
- application/json
Content-Type:
- application/json
url: https://api.datadoghq.com/api/v2/security_monitoring/rules
method: POST
response:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
transfer_encoding:
- chunked
trailer: {}
content_length: -1
uncompressed: true
body: |
{"id":"uvq-fjl-nhq","version":1,"name":"tf-TestAccDatadogSecurityMonitoringRule_Import-local-1704810503","createdAt":1704810508005,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"does not really match much","groupByFields":["host"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":600,"maxSignalDuration":900,"detectionMethod":"threshold","evaluationWindow":300,"decreaseCriticalityBasedOnEnv":false},"cases":[{"name":"","status":"high","notifications":[],"condition":"a > 0"}],"message":"acceptance rule triggered","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]}
headers:
Content-Type:
- application/json
status: 200 OK
code: 200
duration: 419.553625ms
- id: 1
request:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 0
transfer_encoding: []
trailer: {}
host: api.datadoghq.com
remote_addr: ""
request_uri: ""
body: ""
form: {}
headers:
Accept:
- application/json
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/uvq-fjl-nhq
method: GET
response:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
transfer_encoding:
- chunked
trailer: {}
content_length: -1
uncompressed: true
body: |
{"id":"uvq-fjl-nhq","version":1,"name":"tf-TestAccDatadogSecurityMonitoringRule_Import-local-1704810503","createdAt":1704810508005,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"does not really match much","groupByFields":["host"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":600,"maxSignalDuration":900,"detectionMethod":"threshold","evaluationWindow":300,"decreaseCriticalityBasedOnEnv":false},"cases":[{"name":"","status":"high","notifications":[],"condition":"a > 0"}],"message":"acceptance rule triggered","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]}
headers:
Content-Type:
- application/json
status: 200 OK
code: 200
duration: 169.987666ms
- id: 2
request:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 0
transfer_encoding: []
trailer: {}
host: api.datadoghq.com
remote_addr: ""
request_uri: ""
body: ""
form: {}
headers:
Accept:
- application/json
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/uvq-fjl-nhq
method: GET
response:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
transfer_encoding:
- chunked
trailer: {}
content_length: -1
uncompressed: true
body: |
{"id":"uvq-fjl-nhq","version":1,"name":"tf-TestAccDatadogSecurityMonitoringRule_Import-local-1704810503","createdAt":1704810508005,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"does not really match much","groupByFields":["host"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":600,"maxSignalDuration":900,"detectionMethod":"threshold","evaluationWindow":300,"decreaseCriticalityBasedOnEnv":false},"cases":[{"name":"","status":"high","notifications":[],"condition":"a > 0"}],"message":"acceptance rule triggered","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]}
headers:
Content-Type:
- application/json
status: 200 OK
code: 200
duration: 287.221584ms
- id: 3
request:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 0
transfer_encoding: []
trailer: {}
host: api.datadoghq.com
remote_addr: ""
request_uri: ""
body: ""
form: {}
headers:
Accept:
- '*/*'
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/uvq-fjl-nhq
method: DELETE
response:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
transfer_encoding: []
trailer: {}
content_length: 0
uncompressed: false
body: ""
headers: {}
status: 204 No Content
code: 204
duration: 170.774292ms
- id: 4
request:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
content_length: 0
transfer_encoding: []
trailer: {}
host: api.datadoghq.com
remote_addr: ""
request_uri: ""
body: ""
form: {}
headers:
Accept:
- application/json
url: https://api.datadoghq.com/api/v2/security_monitoring/rules/uvq-fjl-nhq
method: GET
response:
proto: HTTP/1.1
proto_major: 1
proto_minor: 1
transfer_encoding:
- chunked
trailer: {}
content_length: -1
uncompressed: true
body: |
{"errors":["Threat detection rule not found: uvq-fjl-nhq"]}
headers:
Content-Type:
- application/json
status: 404 Not Found
code: 404
duration: 314.359292ms
2 changes: 1 addition & 1 deletion datadog/tests/cassettes/TestAccDatadogSecurityMonitoringRule_ImpossibleTravelRule.freeze
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2023-03-17T18:49:54.445255-04:00
2024-01-09T15:28:23.69362+01:00
Loading