Security Monitoring - Define specific payload for rule validation/tes…

…ting (#1987) Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com> Co-authored-by: api-clients-generation-pipeline[bot] <54105614+api-clients-generation-pipeline[bot]@users.noreply.github.com>
DataDog · Jun 4, 2024 · a8fcbf1 · a8fcbf1
1 parent 4753b55
commit a8fcbf1
Show file tree

Hide file tree

Showing 20 changed files with 1,080 additions and 55 deletions.
diff --git a/.apigentools-info b/.apigentools-info
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-05-29 19:13:05.254760",
-            "spec_repo_commit": "e834e6d7"
+            "regenerated": "2024-06-03 16:54:47.128661",
+            "spec_repo_commit": "df6778e5"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-05-29 19:13:05.272010",
-            "spec_repo_commit": "e834e6d7"
+            "regenerated": "2024-06-03 16:54:47.145931",
+            "spec_repo_commit": "df6778e5"
         }
     }
 }
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -3961,6 +3961,68 @@ components:
       required:
       - complianceRuleOptions
       type: object
+    CloudConfigurationRulePayload:
+      description: The payload of a cloud configuration rule.
+      properties:
+        cases:
+          description: 'Description of generated findings and signals (severity and
+            channels to be notified in case of a signal). Must contain exactly one
+            item.
+
+            '
+          items:
+            $ref: '#/components/schemas/CloudConfigurationRuleCaseCreate'
+          type: array
+        complianceSignalOptions:
+          $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
+        filters:
+          description: Additional queries to filter matched events before they are
+            processed.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringFilter'
+          type: array
+        isEnabled:
+          description: Whether the rule is enabled.
+          example: true
+          type: boolean
+        message:
+          description: Message in markdown format for generated findings and signals.
+          example: '#Description
+
+            Explanation of the rule.
+
+
+            #Remediation
+
+            How to fix the security issue.
+
+            '
+          type: string
+        name:
+          description: The name of the rule.
+          example: My security monitoring rule.
+          type: string
+        options:
+          $ref: '#/components/schemas/CloudConfigurationRuleOptions'
+        tags:
+          description: Tags for generated findings and signals.
+          example:
+          - env:prod
+          - team:security
+          items:
+            description: Tag.
+            type: string
+          type: array
+        type:
+          $ref: '#/components/schemas/CloudConfigurationRuleType'
+      required:
+      - name
+      - isEnabled
+      - options
+      - complianceSignalOptions
+      - cases
+      - message
+      type: object
     CloudConfigurationRuleType:
       description: The rule type.
       enum:
@@ -17469,11 +17531,16 @@ components:
       - MEDIUM
       - HIGH
       - CRITICAL
+    SecurityMonitoringRuleTestPayload:
+      description: Test a rule.
+      oneOf:
+      - $ref: '#/components/schemas/SecurityMonitoringStandardRuleTestPayload'
     SecurityMonitoringRuleTestRequest:
-      description: Test the rule queries of a rule.
+      description: Test the rule queries of a rule (rule property is ignored when
+        applied to an existing rule)
       properties:
         rule:
-          $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload'
+          $ref: '#/components/schemas/SecurityMonitoringRuleTestPayload'
         ruleQueryPayloads:
           description: Data payloads used to test rules query with the expected result.
           items:
@@ -17544,6 +17611,13 @@ components:
       - WORKLOAD_SECURITY
       - CLOUD_CONFIGURATION
       - APPLICATION_SECURITY
+    SecurityMonitoringRuleTypeTest:
+      description: The rule type.
+      enum:
+      - log_detection
+      type: string
+      x-enum-varnames:
+      - LOG_DETECTION
     SecurityMonitoringRuleUpdatePayload:
       description: Update an existing rule.
       properties:
@@ -17589,8 +17663,8 @@ components:
             type: string
           type: array
         thirdPartyCases:
-          description: Cases for generating signals from third party rules. Only available
-            for third party rules.
+          description: Cases for generating signals from third-party rules. Only available
+            for third-party rules.
           example: []
           items:
             $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCase'
@@ -17602,6 +17676,12 @@ components:
           maximum: 2147483647
           type: integer
       type: object
+    SecurityMonitoringRuleValidatePayload:
+      description: Validate a rule.
+      oneOf:
+      - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload'
+      - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload'
+      - $ref: '#/components/schemas/CloudConfigurationRulePayload'
     SecurityMonitoringSignal:
       description: Object description of a security signal.
       properties:
@@ -17854,6 +17934,66 @@ components:
       - cases
       - message
       type: object
+    SecurityMonitoringSignalRulePayload:
+      description: The payload of a signal correlation rule.
+      properties:
+        cases:
+          description: Cases for generating signals.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
+          type: array
+        filters:
+          description: Additional queries to filter matched events before they are
+            processed. This field is deprecated for log detection, signal correlation,
+            and workload security rules.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringFilter'
+          type: array
+        hasExtendedTitle:
+          description: Whether the notifications include the triggering group-by values
+            in their title.
+          example: true
+          type: boolean
+        isEnabled:
+          description: Whether the rule is enabled.
+          example: true
+          type: boolean
+        message:
+          description: Message for generated signals.
+          example: ''
+          type: string
+        name:
+          description: The name of the rule.
+          example: My security monitoring rule.
+          type: string
+        options:
+          $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
+        queries:
+          description: Queries for selecting signals which are part of the rule.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery'
+          type: array
+        tags:
+          description: Tags for generated signals.
+          example:
+          - env:prod
+          - team:security
+          items:
+            description: Tag.
+            type: string
+          type: array
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringSignalRuleType'
+      required:
+      - name
+      - isEnabled
+      - queries
+      - options
+      - cases
+      - message
+      type: object
     SecurityMonitoringSignalRuleQuery:
       description: Query for matching rule on signals.
       properties:
@@ -18228,8 +18368,75 @@ components:
             type: string
           type: array
         thirdPartyCases:
-          description: Cases for generating signals from third party rules. Only available
-            for third party rules.
+          description: Cases for generating signals from third-party rules. Only available
+            for third-party rules.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate'
+          type: array
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringRuleTypeCreate'
+      required:
+      - name
+      - isEnabled
+      - queries
+      - options
+      - cases
+      - message
+      type: object
+    SecurityMonitoringStandardRulePayload:
+      description: The payload of a rule.
+      properties:
+        cases:
+          description: Cases for generating signals.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
+          type: array
+        filters:
+          description: Additional queries to filter matched events before they are
+            processed. This field is deprecated for log detection, signal correlation,
+            and workload security rules.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringFilter'
+          type: array
+        hasExtendedTitle:
+          description: Whether the notifications include the triggering group-by values
+            in their title.
+          example: true
+          type: boolean
+        isEnabled:
+          description: Whether the rule is enabled.
+          example: true
+          type: boolean
+        message:
+          description: Message for generated signals.
+          example: ''
+          type: string
+        name:
+          description: The name of the rule.
+          example: My security monitoring rule.
+          type: string
+        options:
+          $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
+        queries:
+          description: Queries for selecting logs which are part of the rule.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
+          type: array
+        tags:
+          description: Tags for generated signals.
+          example:
+          - env:prod
+          - team:security
+          items:
+            description: Tag.
+            type: string
+          type: array
+        thirdPartyCases:
+          description: Cases for generating signals from third-party rules. Only available
+            for third-party rules.
           example: []
           items:
             $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate'
@@ -18365,8 +18572,8 @@ components:
             type: string
           type: array
         thirdPartyCases:
-          description: Cases for generating signals from third party rules. Only available
-            for third party rules.
+          description: Cases for generating signals from third-party rules. Only available
+            for third-party rules.
           example: []
           items:
             $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCase'
@@ -18381,6 +18588,73 @@ components:
           description: The version of the rule.
           format: int64
           type: integer
+    SecurityMonitoringStandardRuleTestPayload:
+      description: The payload of a rule to test
+      properties:
+        cases:
+          description: Cases for generating signals.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
+          type: array
+        filters:
+          description: Additional queries to filter matched events before they are
+            processed. This field is deprecated for log detection, signal correlation,
+            and workload security rules.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringFilter'
+          type: array
+        hasExtendedTitle:
+          description: Whether the notifications include the triggering group-by values
+            in their title.
+          example: true
+          type: boolean
+        isEnabled:
+          description: Whether the rule is enabled.
+          example: true
+          type: boolean
+        message:
+          description: Message for generated signals.
+          example: ''
+          type: string
+        name:
+          description: The name of the rule.
+          example: My security monitoring rule.
+          type: string
+        options:
+          $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
+        queries:
+          description: Queries for selecting logs which are part of the rule.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
+          type: array
+        tags:
+          description: Tags for generated signals.
+          example:
+          - env:prod
+          - team:security
+          items:
+            description: Tag.
+            type: string
+          type: array
+        thirdPartyCases:
+          description: Cases for generating signals from third-party rules. Only available
+            for third-party rules.
+          example: []
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate'
+          type: array
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringRuleTypeTest'
+      required:
+      - name
+      - isEnabled
+      - queries
+      - options
+      - cases
+      - message
+      type: object
     SecurityMonitoringSuppression:
       description: The suppression rule's properties.
       properties:
@@ -32660,7 +32934,7 @@ paths:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload'
+              $ref: '#/components/schemas/SecurityMonitoringRuleValidatePayload'
         required: true
       responses:
         '204':