Add OpenAPI documentation for list and get indicators of compromise endpoints (DataDog#3967)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.generator/schemas/v2/openapi.yaml

@@ -706,12 +706,14 @@ func NewConfiguration() *Configuration {
 			"v2.DeleteThreatHuntingJob":                  false,
 			"v2.GetContentPacksStates":                   false,
 			"v2.GetFinding":                              false,
+			"v2.GetIndicatorOfCompromise":                false,
 			"v2.GetRuleVersionHistory":                   false,
 			"v2.GetSecretsRules":                         false,
 			"v2.GetSecurityMonitoringHistsignal":         false,
 			"v2.GetSecurityMonitoringHistsignalsByJobId": false,
 			"v2.GetThreatHuntingJob":                     false,
 			"v2.ListFindings":                            false,
+			"v2.ListIndicatorsOfCompromise":              false,
 			"v2.ListMultipleRulesets":                    false,
 			"v2.ListScannedAssetsMetadata":               false,
 			"v2.ListSecurityMonitoringHistsignals":       false,

api/datadog/configuration.go

@@ -2910,6 +2910,93 @@ func (a *SecurityMonitoringApi) GetFinding(ctx _context.Context, findingId strin
 	return localVarReturnValue, localVarHTTPResponse, nil
 }
 
+// GetIndicatorOfCompromise Get an indicator of compromise.
+// Get detailed information about a specific indicator of compromise (IoC).
+func (a *SecurityMonitoringApi) GetIndicatorOfCompromise(ctx _context.Context, indicator string) (GetIoCIndicatorResponse, *_nethttp.Response, error) {
+	var (
+		localVarHTTPMethod  = _nethttp.MethodGet
+		localVarPostBody    interface{}
+		localVarReturnValue GetIoCIndicatorResponse
+	)
+
+	operationId := "v2.GetIndicatorOfCompromise"
+	isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId)
+	if !isOperationEnabled {
+		return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: _fmt.Sprintf("Unstable operation '%s' is disabled", operationId)}
+	}
+	if isOperationEnabled && a.Client.Cfg.Debug {
+		_log.Printf("WARNING: Using unstable operation '%s'", operationId)
+	}
+
+	localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.GetIndicatorOfCompromise")
+	if err != nil {
+		return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v2/security/siem/ioc-explorer/indicator"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := _neturl.Values{}
+	localVarFormParams := _neturl.Values{}
+	localVarQueryParams.Add("indicator", datadog.ParameterToString(indicator, ""))
+	localVarHeaderParams["Accept"] = "application/json"
+
+	if a.Client.Cfg.DelegatedTokenConfig != nil {
+		err = datadog.UseDelegatedTokenAuth(ctx, &localVarHeaderParams, a.Client.Cfg.DelegatedTokenConfig)
+		if err != nil {
+			return localVarReturnValue, nil, err
+		}
+	} else {
+		datadog.SetAuthKeys(
+			ctx,
+			&localVarHeaderParams,
+			[2]string{"apiKeyAuth", "DD-API-KEY"},
+			[2]string{"appKeyAuth", "DD-APPLICATION-KEY"},
+		)
+	}
+	req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.Client.CallAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := datadog.ReadBody(localVarHTTPResponse)
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := datadog.GenericOpenAPIError{
+			ErrorBody:    localVarBody,
+			ErrorMessage: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 || localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 || localVarHTTPResponse.StatusCode == 429 {
+			var v APIErrorResponse
+			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.ErrorModel = v
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := datadog.GenericOpenAPIError{
+			ErrorBody:    localVarBody,
+			ErrorMessage: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
 // GetInvestigationLogQueriesMatchingSignal Get investigation queries for a signal.
 // Get the list of investigation log queries available for a given security signal.
 func (a *SecurityMonitoringApi) GetInvestigationLogQueriesMatchingSignal(ctx _context.Context, signalId string) (SecurityMonitoringSignalSuggestedActionsResponse, *_nethttp.Response, error) {
@@ -5403,6 +5490,160 @@ func (a *SecurityMonitoringApi) ListFindingsWithPagination(ctx _context.Context,
 	return items, cancel
 }
 
+// ListIndicatorsOfCompromiseOptionalParameters holds optional parameters for ListIndicatorsOfCompromise.
+type ListIndicatorsOfCompromiseOptionalParameters struct {
+	Limit      *int32
+	Offset     *int32
+	Query      *string
+	SortColumn *string
+	SortOrder  *string
+}
+
+// NewListIndicatorsOfCompromiseOptionalParameters creates an empty struct for parameters.
+func NewListIndicatorsOfCompromiseOptionalParameters() *ListIndicatorsOfCompromiseOptionalParameters {
+	this := ListIndicatorsOfCompromiseOptionalParameters{}
+	return &this
+}
+
+// WithLimit sets the corresponding parameter name and returns the struct.
+func (r *ListIndicatorsOfCompromiseOptionalParameters) WithLimit(limit int32) *ListIndicatorsOfCompromiseOptionalParameters {
+	r.Limit = &limit
+	return r
+}
+
+// WithOffset sets the corresponding parameter name and returns the struct.
+func (r *ListIndicatorsOfCompromiseOptionalParameters) WithOffset(offset int32) *ListIndicatorsOfCompromiseOptionalParameters {
+	r.Offset = &offset
+	return r
+}
+
+// WithQuery sets the corresponding parameter name and returns the struct.
+func (r *ListIndicatorsOfCompromiseOptionalParameters) WithQuery(query string) *ListIndicatorsOfCompromiseOptionalParameters {
+	r.Query = &query
+	return r
+}
+
+// WithSortColumn sets the corresponding parameter name and returns the struct.
+func (r *ListIndicatorsOfCompromiseOptionalParameters) WithSortColumn(sortColumn string) *ListIndicatorsOfCompromiseOptionalParameters {
+	r.SortColumn = &sortColumn
+	return r
+}
+
+// WithSortOrder sets the corresponding parameter name and returns the struct.
+func (r *ListIndicatorsOfCompromiseOptionalParameters) WithSortOrder(sortOrder string) *ListIndicatorsOfCompromiseOptionalParameters {
+	r.SortOrder = &sortOrder
+	return r
+}
+
+// ListIndicatorsOfCompromise List indicators of compromise.
+// Get a list of indicators of compromise (IoCs) matching the specified filters.
+func (a *SecurityMonitoringApi) ListIndicatorsOfCompromise(ctx _context.Context, o ...ListIndicatorsOfCompromiseOptionalParameters) (IoCExplorerListResponse, *_nethttp.Response, error) {
+	var (
+		localVarHTTPMethod  = _nethttp.MethodGet
+		localVarPostBody    interface{}
+		localVarReturnValue IoCExplorerListResponse
+		optionalParams      ListIndicatorsOfCompromiseOptionalParameters
+	)
+
+	if len(o) > 1 {
+		return localVarReturnValue, nil, datadog.ReportError("only one argument of type ListIndicatorsOfCompromiseOptionalParameters is allowed")
+	}
+	if len(o) == 1 {
+		optionalParams = o[0]
+	}
+
+	operationId := "v2.ListIndicatorsOfCompromise"
+	isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId)
+	if !isOperationEnabled {
+		return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: _fmt.Sprintf("Unstable operation '%s' is disabled", operationId)}
+	}
+	if isOperationEnabled && a.Client.Cfg.Debug {
+		_log.Printf("WARNING: Using unstable operation '%s'", operationId)
+	}
+
+	localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.ListIndicatorsOfCompromise")
+	if err != nil {
+		return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v2/security/siem/ioc-explorer"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := _neturl.Values{}
+	localVarFormParams := _neturl.Values{}
+	if optionalParams.Limit != nil {
+		localVarQueryParams.Add("limit", datadog.ParameterToString(*optionalParams.Limit, ""))
+	}
+	if optionalParams.Offset != nil {
+		localVarQueryParams.Add("offset", datadog.ParameterToString(*optionalParams.Offset, ""))
+	}
+	if optionalParams.Query != nil {
+		localVarQueryParams.Add("query", datadog.ParameterToString(*optionalParams.Query, ""))
+	}
+	if optionalParams.SortColumn != nil {
+		localVarQueryParams.Add("sort[column]", datadog.ParameterToString(*optionalParams.SortColumn, ""))
+	}
+	if optionalParams.SortOrder != nil {
+		localVarQueryParams.Add("sort[order]", datadog.ParameterToString(*optionalParams.SortOrder, ""))
+	}
+	localVarHeaderParams["Accept"] = "application/json"
+
+	if a.Client.Cfg.DelegatedTokenConfig != nil {
+		err = datadog.UseDelegatedTokenAuth(ctx, &localVarHeaderParams, a.Client.Cfg.DelegatedTokenConfig)
+		if err != nil {
+			return localVarReturnValue, nil, err
+		}
+	} else {
+		datadog.SetAuthKeys(
+			ctx,
+			&localVarHeaderParams,
+			[2]string{"apiKeyAuth", "DD-API-KEY"},
+			[2]string{"appKeyAuth", "DD-APPLICATION-KEY"},
+		)
+	}
+	req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.Client.CallAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := datadog.ReadBody(localVarHTTPResponse)
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := datadog.GenericOpenAPIError{
+			ErrorBody:    localVarBody,
+			ErrorMessage: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 || localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 429 {
+			var v APIErrorResponse
+			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.ErrorModel = v
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := datadog.GenericOpenAPIError{
+			ErrorBody:    localVarBody,
+			ErrorMessage: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
 // ListMultipleRulesets Ruleset get multiple.
 // Get rules for multiple rulesets in batch.
 func (a *SecurityMonitoringApi) ListMultipleRulesets(ctx _context.Context, body GetMultipleRulesetsRequest) (GetMultipleRulesetsResponse, *_nethttp.Response, error) {

api/datadogV2/api_security_monitoring.go

@@ -764,6 +764,7 @@
 //   - [SecurityMonitoringApi.GetCriticalAssetsAffectingRule]
 //   - [SecurityMonitoringApi.GetCustomFramework]
 //   - [SecurityMonitoringApi.GetFinding]
+//   - [SecurityMonitoringApi.GetIndicatorOfCompromise]
 //   - [SecurityMonitoringApi.GetInvestigationLogQueriesMatchingSignal]
 //   - [SecurityMonitoringApi.GetResourceEvaluationFilters]
 //   - [SecurityMonitoringApi.GetRuleVersionHistory]
@@ -787,6 +788,7 @@
 //   - [SecurityMonitoringApi.GetVulnerabilityNotificationRules]
 //   - [SecurityMonitoringApi.ListAssetsSBOMs]
 //   - [SecurityMonitoringApi.ListFindings]
+//   - [SecurityMonitoringApi.ListIndicatorsOfCompromise]
 //   - [SecurityMonitoringApi.ListMultipleRulesets]
 //   - [SecurityMonitoringApi.ListScannedAssetsMetadata]
 //   - [SecurityMonitoringApi.ListSecurityFilters]

api/datadogV2/doc.go

@@ -0,0 +1,111 @@
+// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2019-Present Datadog, Inc.
+
+package datadogV2
+
+import (
+	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
+)
+
+// GetIoCIndicatorResponse Response for the get indicator of compromise endpoint.
+type GetIoCIndicatorResponse struct {
+	// IoC indicator response data object.
+	Data *GetIoCIndicatorResponseData `json:"data,omitempty"`
+	// UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct
+	UnparsedObject       map[string]interface{} `json:"-"`
+	AdditionalProperties map[string]interface{} `json:"-"`
+}
+
+// NewGetIoCIndicatorResponse instantiates a new GetIoCIndicatorResponse object.
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed.
+func NewGetIoCIndicatorResponse() *GetIoCIndicatorResponse {
+	this := GetIoCIndicatorResponse{}
+	return &this
+}
+
+// NewGetIoCIndicatorResponseWithDefaults instantiates a new GetIoCIndicatorResponse object.
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set.
+func NewGetIoCIndicatorResponseWithDefaults() *GetIoCIndicatorResponse {
+	this := GetIoCIndicatorResponse{}
+	return &this
+}
+
+// GetData returns the Data field value if set, zero value otherwise.
+func (o *GetIoCIndicatorResponse) GetData() GetIoCIndicatorResponseData {
+	if o == nil || o.Data == nil {
+		var ret GetIoCIndicatorResponseData
+		return ret
+	}
+	return *o.Data
+}
+
+// GetDataOk returns a tuple with the Data field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *GetIoCIndicatorResponse) GetDataOk() (*GetIoCIndicatorResponseData, bool) {
+	if o == nil || o.Data == nil {
+		return nil, false
+	}
+	return o.Data, true
+}
+
+// HasData returns a boolean if a field has been set.
+func (o *GetIoCIndicatorResponse) HasData() bool {
+	return o != nil && o.Data != nil
+}
+
+// SetData gets a reference to the given GetIoCIndicatorResponseData and assigns it to the Data field.
+func (o *GetIoCIndicatorResponse) SetData(v GetIoCIndicatorResponseData) {
+	o.Data = &v
+}
+
+// MarshalJSON serializes the struct using spec logic.
+func (o GetIoCIndicatorResponse) MarshalJSON() ([]byte, error) {
+	toSerialize := map[string]interface{}{}
+	if o.UnparsedObject != nil {
+		return datadog.Marshal(o.UnparsedObject)
+	}
+	if o.Data != nil {
+		toSerialize["data"] = o.Data
+	}
+
+	for key, value := range o.AdditionalProperties {
+		toSerialize[key] = value
+	}
+	return datadog.Marshal(toSerialize)
+}
+
+// UnmarshalJSON deserializes the given payload.
+func (o *GetIoCIndicatorResponse) UnmarshalJSON(bytes []byte) (err error) {
+	all := struct {
+		Data *GetIoCIndicatorResponseData `json:"data,omitempty"`
+	}{}
+	if err = datadog.Unmarshal(bytes, &all); err != nil {
+		return datadog.Unmarshal(bytes, &o.UnparsedObject)
+	}
+	additionalProperties := make(map[string]interface{})
+	if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil {
+		datadog.DeleteKeys(additionalProperties, &[]string{"data"})
+	} else {
+		return err
+	}
+
+	hasInvalidField := false
+	if all.Data != nil && all.Data.UnparsedObject != nil && o.UnparsedObject == nil {
+		hasInvalidField = true
+	}
+	o.Data = all.Data
+
+	if len(additionalProperties) > 0 {
+		o.AdditionalProperties = additionalProperties
+	}
+
+	if hasInvalidField {
+		return datadog.Unmarshal(bytes, &o.UnparsedObject)
+	}
+
+	return nil
+}