diff --git a/.generator/schemas/v1/openapi.yaml b/.generator/schemas/v1/openapi.yaml index 5f6006a6baa..2562b6db95b 100644 --- a/.generator/schemas/v1/openapi.yaml +++ b/.generator/schemas/v1/openapi.yaml @@ -2782,6 +2782,7 @@ components: peer_tags: description: Tags to query for a specific downstream entity (peer.service, peer.db_instance, peer.s3, peer.s3.bucket, etc.). items: + description: "A tag identifying a specific downstream entity (for example: peer.service, peer.db_instance)." example: "peer.service:my-service" type: string type: array @@ -6647,6 +6648,7 @@ components: sources: additionalProperties: items: + description: A fallback source attribute name. type: string type: array description: Fallback sources used to populate value of field. @@ -6695,6 +6697,7 @@ components: description: Optional list of profiles to modify the schema. example: ["security_control", "host"] items: + description: A profile name that modifies the schema behavior. type: string type: array schema_type: @@ -7808,6 +7811,7 @@ components: description: Columns to group results by. example: ["col1", "col2"] items: + description: A column name to group results by. type: string type: array model_type_override: @@ -7827,6 +7831,7 @@ components: description: Optional grouping fields for aggregation. example: ["entity_id"] items: + description: A field name to group results by. type: string type: array measure: @@ -11161,8 +11166,10 @@ components: description: Product Analytics audience account subquery. properties: name: + description: The name of the account subquery. type: string query: + description: The query string for the account subquery. type: string type: object ProductAnalyticsAudienceFilters: @@ -11173,6 +11180,7 @@ components: $ref: "#/components/schemas/ProductAnalyticsAudienceAccountSubquery" type: array filter_condition: + description: An optional filter condition applied to the audience subquery. type: string segments: items: @@ -11184,26 +11192,33 @@ components: type: array type: object ProductAnalyticsAudienceOccurrenceFilter: + description: Filter applied to occurrence counts when building a Product Analytics audience. properties: operator: + description: "The comparison operator used for the occurrence filter (for example: `gt`, `lt`, `eq`)." type: string value: + description: The threshold value to compare occurrence counts against. type: string type: object ProductAnalyticsAudienceSegmentSubquery: description: Product Analytics audience segment subquery. properties: name: + description: The name of the segment subquery. type: string segment_id: + description: The unique identifier of the segment. type: string type: object ProductAnalyticsAudienceUserSubquery: description: Product Analytics audience user subquery. properties: name: + description: The name of the user subquery. type: string query: + description: The query string for the user subquery. type: string type: object QuerySortOrder: @@ -11772,6 +11787,7 @@ components: - $ref: "#/components/schemas/SLOCountDefinitionWithBadEventsFormula" SLOCountDefinitionWithBadEventsFormula: additionalProperties: false + description: SLO count definition using a bad events formula alongside a good events formula. properties: bad_events_formula: $ref: "#/components/schemas/SLOFormula" @@ -11798,6 +11814,7 @@ components: type: object SLOCountDefinitionWithTotalEventsFormula: additionalProperties: false + description: SLO count definition using a total events formula alongside a good events formula. properties: good_events_formula: $ref: "#/components/schemas/SLOFormula" @@ -13004,6 +13021,7 @@ components: description: Fields to group by. example: ["source", "destination"] items: + description: A field name to group by. type: string type: array limit: @@ -13626,6 +13644,7 @@ components: Always included in service level objective responses (but may be empty). example: ["env:prod", "app:core"] items: + description: A tag associated with the service level objective. type: string type: array created_at: @@ -13649,6 +13668,7 @@ components: env_tags: description: Tags with the `env` tag key. items: + description: A tag with the `env` tag key. type: string type: array groups: @@ -13693,6 +13713,7 @@ components: service_tags: description: Tags with the `service` tag key. items: + description: A tag with the `service` tag key. type: string type: array slo_type: @@ -13702,6 +13723,7 @@ components: team_tags: description: Tags with the `team` tag key. items: + description: A tag with the `team` tag key. type: string type: array thresholds: @@ -14712,6 +14734,7 @@ components: description: The tag values. example: ["env"] items: + description: A tag value string. minLength: 1 type: string type: array @@ -17989,6 +18012,7 @@ components: blockedRequestPatterns: description: Array of URL patterns to block. items: + description: A URL pattern to block during the Synthetic test. type: string type: array checkCertificateRevocation: diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 45c7a5c5909..97b99b1a5fa 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -2095,6 +2095,13 @@ components: properties: data: $ref: "#/components/schemas/AWSCloudAuthPersonaMappingsData" + example: + - attributes: + account_identifier: "test@test.com" + account_uuid: "12bbdc5c-5966-47e0-8733-285f9e44bcf4" + arn_pattern: "arn:aws:iam::123456789012:user/testuser" + id: "c5c758c6-18c2-4484-ae3f-46b84128404a" + type: aws_cloud_auth_config required: - data type: object @@ -25792,6 +25799,7 @@ components: description: Tags associated with the feature flag. example: [] items: + description: A tag associated with the feature flag. type: string type: array updated_at: @@ -25845,6 +25853,7 @@ components: - "test-feature-flag" - "env-search-term" items: + description: A query string targeting the environment. type: string type: array is_production: @@ -31066,6 +31075,11 @@ components: properties: data: $ref: "#/components/schemas/IncidentHandlesResponseData" + example: + - attributes: + name: "@incident-sev-1" + id: "12ceee6d-a7c0-4407-bc54-30e54140d7f0" + type: incident_handles included: $ref: "#/components/schemas/IncidentHandleIncludedResponse" required: @@ -35458,6 +35472,12 @@ components: properties: data: $ref: "#/components/schemas/JiraAccountsData" + example: + - attributes: + consumer_key: "consumer-key-1" + instance_url: "https://example.atlassian.net" + id: "account-1" + type: jira-account meta: $ref: "#/components/schemas/JiraAccountsMeta" required: @@ -35779,6 +35799,17 @@ components: properties: data: $ref: "#/components/schemas/JiraIssueTemplatesData" + example: + - attributes: + fields: + description: + payload: "Test Description" + type: "json" + issue_type_id: "10001" + name: "Bug Report Template" + project_id: "PROJECT-1" + id: "65b3341b-0680-47f9-a6d4-134db45c603e" + type: jira-issue-template included: $ref: "#/components/schemas/JiraAccountsData" required: @@ -37848,6 +37879,14 @@ components: properties: data: $ref: "#/components/schemas/ListFindingsData" + example: + - attributes: + evaluation: fail + resource: "arn:aws:s3:::my-bucket" + resource_type: aws_s3_bucket + status: open + id: "abc-123-xyz" + type: finding meta: $ref: "#/components/schemas/ListFindingsMeta" required: @@ -48485,6 +48524,12 @@ components: properties: data: $ref: "#/components/schemas/OutcomesBatchResponseData" + example: + - attributes: + service_name: my-service + state: pass + id: "outcome-abc123" + type: rule-outcome meta: $ref: "#/components/schemas/OutcomesBatchResponseMeta" required: @@ -59454,6 +59499,17 @@ components: required: - data type: object + SecurityMonitoringSignalInvestigationQueryTemplateVariables: + additionalProperties: + items: + description: A value for this template variable extracted from the signal. + type: string + type: array + description: Template variables applied to the investigation log query, mapping attribute paths to values extracted from the signal. + example: + "@userIdentity.arn": + - foo + type: object SecurityMonitoringSignalListRequest: description: The request for a security signal list. properties: @@ -59839,6 +59895,82 @@ components: required: - data type: object + SecurityMonitoringSignalSuggestedAction: + description: A suggested action for a security signal. + properties: + attributes: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionAttributes" + id: + description: The unique ID of the suggested action. + example: w00-t10-992 + type: string + type: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionType" + required: + - id + - type + - attributes + type: object + SecurityMonitoringSignalSuggestedActionAttributes: + description: Attributes of a suggested action for a security signal. The available fields depend on the action type. + properties: + name: + description: The name of the investigation log query. + example: Cloudtrail events for user ARN + type: string + query_filter: + description: The log query filter for the investigation. + example: 'source:cloudtrail @userIdentity.arn:"foo"' + type: string + template_variables: + $ref: "#/components/schemas/SecurityMonitoringSignalInvestigationQueryTemplateVariables" + title: + description: The title of the recommended blog post. + example: Monitor Okta logs to track system access and unusual activity + type: string + url: + description: The URL of the suggested action. + example: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + type: string + type: object + SecurityMonitoringSignalSuggestedActionList: + description: List of suggested actions for a security signal. + example: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + items: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedAction" + type: array + SecurityMonitoringSignalSuggestedActionType: + description: The type of the suggested action resource. + enum: + - investigation_log_queries + - recommended_blog_posts + example: investigation_log_queries + type: string + x-enum-varnames: + - INVESTIGATION_LOG_QUERIES + - RECOMMENDED_BLOG_POSTS + SecurityMonitoringSignalSuggestedActionsResponse: + description: Response with suggested actions for a security signal. + properties: + data: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionList" + required: + - data + type: object SecurityMonitoringSignalTriageAttributes: description: Attributes describing a triage state update operation over a security signal. properties: @@ -62797,6 +62929,13 @@ components: properties: data: $ref: "#/components/schemas/ServiceNowAssignmentGroupsData" + example: + - attributes: + group_name: "IT Operations" + group_sys_id: "abc123def456" + instance_id: "65b3341b-0680-47f9-a6d4-134db45c603e" + id: "65b3341b-0680-47f9-a6d4-134db45c603e" + type: assignment_groups required: - data type: object @@ -62904,6 +63043,13 @@ components: properties: data: $ref: "#/components/schemas/ServiceNowBusinessServicesData" + example: + - attributes: + instance_id: "65b3341b-0680-47f9-a6d4-134db45c603e" + service_name: "IT Support" + service_sys_id: "abc123def456" + id: "65b3341b-0680-47f9-a6d4-134db45c603e" + type: business_services required: - data type: object @@ -62960,6 +63106,11 @@ components: properties: data: $ref: "#/components/schemas/ServiceNowInstancesData" + example: + - attributes: + instance_name: "my-servicenow-instance" + id: "65b3341b-0680-47f9-a6d4-134db45c603e" + type: instance required: - data type: object @@ -63205,6 +63356,13 @@ components: properties: data: $ref: "#/components/schemas/ServiceNowTemplatesData" + example: + - attributes: + handle_name: "incident-template" + instance_id: "65b3341b-0680-47f9-a6d4-134db45c603e" + servicenow_tablename: "incident" + id: "65b3341b-0680-47f9-a6d4-134db45c603e" + type: servicenow_templates required: - data type: object @@ -63331,6 +63489,14 @@ components: properties: data: $ref: "#/components/schemas/ServiceNowUsersData" + example: + - attributes: + email: "john.doe@example.com" + instance_id: "65b3341b-0680-47f9-a6d4-134db45c603e" + user_name: "john.doe" + user_sys_id: "abc123def456" + id: "65b3341b-0680-47f9-a6d4-134db45c603e" + type: users required: - data type: object @@ -106864,6 +107030,54 @@ paths: operator: OR permissions: - security_monitoring_signals_write + /api/v2/security_monitoring/signals/{signal_id}/investigation_queries: + get: + description: Get the list of investigation log queries available for a given security signal. + operationId: GetInvestigationLogQueriesMatchingSignal + parameters: + - $ref: "#/components/parameters/SignalID" + responses: + "200": + content: + application/json: + example: + data: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + schema: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionsResponse" + description: OK + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_read + - security_monitoring_signals_read + summary: Get investigation queries for a signal + tags: ["Security Monitoring"] + x-permission: + operator: AND + permissions: + - security_monitoring_rules_read + - security_monitoring_signals_read /api/v2/security_monitoring/signals/{signal_id}/state: patch: description: |- @@ -106904,6 +107118,54 @@ paths: operator: OR permissions: - security_monitoring_signals_write + /api/v2/security_monitoring/signals/{signal_id}/suggested_actions: + get: + description: Get the list of suggested actions for a given security signal. + operationId: GetSuggestedActionsMatchingSignal + parameters: + - $ref: "#/components/parameters/SignalID" + responses: + "200": + content: + application/json: + example: + data: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + schema: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionsResponse" + description: OK + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_read + - security_monitoring_signals_read + summary: Get suggested actions for a signal + tags: ["Security Monitoring"] + x-permission: + operator: AND + permissions: + - security_monitoring_rules_read + - security_monitoring_signals_read /api/v2/sensitive-data-scanner/config: get: description: List all the Scanning groups in your organization. diff --git a/api/datadogV1/model_product_analytics_audience_account_subquery.go b/api/datadogV1/model_product_analytics_audience_account_subquery.go index c729d75395d..849990c6e4c 100644 --- a/api/datadogV1/model_product_analytics_audience_account_subquery.go +++ b/api/datadogV1/model_product_analytics_audience_account_subquery.go @@ -10,9 +10,9 @@ import ( // ProductAnalyticsAudienceAccountSubquery Product Analytics audience account subquery. type ProductAnalyticsAudienceAccountSubquery struct { - // + // The name of the account subquery. Name *string `json:"name,omitempty"` - // + // The query string for the account subquery. Query *string `json:"query,omitempty"` // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct UnparsedObject map[string]interface{} `json:"-"` diff --git a/api/datadogV1/model_product_analytics_audience_filters.go b/api/datadogV1/model_product_analytics_audience_filters.go index 13cfe0813d5..a73642bd88d 100644 --- a/api/datadogV1/model_product_analytics_audience_filters.go +++ b/api/datadogV1/model_product_analytics_audience_filters.go @@ -12,7 +12,7 @@ import ( type ProductAnalyticsAudienceFilters struct { // Accounts []ProductAnalyticsAudienceAccountSubquery `json:"accounts,omitempty"` - // + // An optional filter condition applied to the audience subquery. FilterCondition *string `json:"filter_condition,omitempty"` // Segments []ProductAnalyticsAudienceSegmentSubquery `json:"segments,omitempty"` diff --git a/api/datadogV1/model_product_analytics_audience_occurrence_filter.go b/api/datadogV1/model_product_analytics_audience_occurrence_filter.go index dd3b26be3f5..97aa5f76252 100644 --- a/api/datadogV1/model_product_analytics_audience_occurrence_filter.go +++ b/api/datadogV1/model_product_analytics_audience_occurrence_filter.go @@ -8,11 +8,11 @@ import ( "github.com/DataDog/datadog-api-client-go/v2/api/datadog" ) -// ProductAnalyticsAudienceOccurrenceFilter +// ProductAnalyticsAudienceOccurrenceFilter Filter applied to occurrence counts when building a Product Analytics audience. type ProductAnalyticsAudienceOccurrenceFilter struct { - // + // The comparison operator used for the occurrence filter (for example: `gt`, `lt`, `eq`). Operator *string `json:"operator,omitempty"` - // + // The threshold value to compare occurrence counts against. Value *string `json:"value,omitempty"` // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct UnparsedObject map[string]interface{} `json:"-"` diff --git a/api/datadogV1/model_product_analytics_audience_segment_subquery.go b/api/datadogV1/model_product_analytics_audience_segment_subquery.go index 69a4c30bc6f..783db6faa5c 100644 --- a/api/datadogV1/model_product_analytics_audience_segment_subquery.go +++ b/api/datadogV1/model_product_analytics_audience_segment_subquery.go @@ -10,9 +10,9 @@ import ( // ProductAnalyticsAudienceSegmentSubquery Product Analytics audience segment subquery. type ProductAnalyticsAudienceSegmentSubquery struct { - // + // The name of the segment subquery. Name *string `json:"name,omitempty"` - // + // The unique identifier of the segment. SegmentId *string `json:"segment_id,omitempty"` // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct UnparsedObject map[string]interface{} `json:"-"` diff --git a/api/datadogV1/model_product_analytics_audience_user_subquery.go b/api/datadogV1/model_product_analytics_audience_user_subquery.go index 2499c2ebab0..481b9037d8a 100644 --- a/api/datadogV1/model_product_analytics_audience_user_subquery.go +++ b/api/datadogV1/model_product_analytics_audience_user_subquery.go @@ -10,9 +10,9 @@ import ( // ProductAnalyticsAudienceUserSubquery Product Analytics audience user subquery. type ProductAnalyticsAudienceUserSubquery struct { - // + // The name of the user subquery. Name *string `json:"name,omitempty"` - // + // The query string for the user subquery. Query *string `json:"query,omitempty"` // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct UnparsedObject map[string]interface{} `json:"-"` diff --git a/api/datadogV1/model_sankey_rum_query.go b/api/datadogV1/model_sankey_rum_query.go index 2dc429ec40a..9e8a156355d 100644 --- a/api/datadogV1/model_sankey_rum_query.go +++ b/api/datadogV1/model_sankey_rum_query.go @@ -24,7 +24,7 @@ type SankeyRumQuery struct { Mode SankeyRumQueryMode `json:"mode"` // Number of steps. NumberOfSteps *int64 `json:"number_of_steps,omitempty"` - // + // Filter applied to occurrence counts when building a Product Analytics audience. Occurrences *ProductAnalyticsAudienceOccurrenceFilter `json:"occurrences,omitempty"` // Query string. QueryString string `json:"query_string"` diff --git a/api/datadogV1/model_slo_count_definition_with_bad_events_formula.go b/api/datadogV1/model_slo_count_definition_with_bad_events_formula.go index 369b3c4675c..cd62b7916c3 100644 --- a/api/datadogV1/model_slo_count_definition_with_bad_events_formula.go +++ b/api/datadogV1/model_slo_count_definition_with_bad_events_formula.go @@ -10,7 +10,7 @@ import ( "github.com/DataDog/datadog-api-client-go/v2/api/datadog" ) -// SLOCountDefinitionWithBadEventsFormula +// SLOCountDefinitionWithBadEventsFormula SLO count definition using a bad events formula alongside a good events formula. type SLOCountDefinitionWithBadEventsFormula struct { // A formula that specifies how to combine the results of multiple queries. BadEventsFormula SLOFormula `json:"bad_events_formula"` diff --git a/api/datadogV1/model_slo_count_definition_with_total_events_formula.go b/api/datadogV1/model_slo_count_definition_with_total_events_formula.go index 3060d4095b7..71463af31de 100644 --- a/api/datadogV1/model_slo_count_definition_with_total_events_formula.go +++ b/api/datadogV1/model_slo_count_definition_with_total_events_formula.go @@ -10,7 +10,7 @@ import ( "github.com/DataDog/datadog-api-client-go/v2/api/datadog" ) -// SLOCountDefinitionWithTotalEventsFormula +// SLOCountDefinitionWithTotalEventsFormula SLO count definition using a total events formula alongside a good events formula. type SLOCountDefinitionWithTotalEventsFormula struct { // A formula that specifies how to combine the results of multiple queries. GoodEventsFormula SLOFormula `json:"good_events_formula"` diff --git a/api/datadogV2/api_security_monitoring.go b/api/datadogV2/api_security_monitoring.go index 87e4ec8c8e1..f488439815c 100644 --- a/api/datadogV2/api_security_monitoring.go +++ b/api/datadogV2/api_security_monitoring.go @@ -2910,6 +2910,84 @@ func (a *SecurityMonitoringApi) GetFinding(ctx _context.Context, findingId strin return localVarReturnValue, localVarHTTPResponse, nil } +// GetInvestigationLogQueriesMatchingSignal Get investigation queries for a signal. +// Get the list of investigation log queries available for a given security signal. +func (a *SecurityMonitoringApi) GetInvestigationLogQueriesMatchingSignal(ctx _context.Context, signalId string) (SecurityMonitoringSignalSuggestedActionsResponse, *_nethttp.Response, error) { + var ( + localVarHTTPMethod = _nethttp.MethodGet + localVarPostBody interface{} + localVarReturnValue SecurityMonitoringSignalSuggestedActionsResponse + ) + + localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.GetInvestigationLogQueriesMatchingSignal") + if err != nil { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()} + } + + localVarPath := localBasePath + "/api/v2/security_monitoring/signals/{signal_id}/investigation_queries" + localVarPath = datadog.ReplacePathParameter(localVarPath, "{signal_id}", _neturl.PathEscape(datadog.ParameterToString(signalId, ""))) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := _neturl.Values{} + localVarFormParams := _neturl.Values{} + localVarHeaderParams["Accept"] = "application/json" + + if a.Client.Cfg.DelegatedTokenConfig != nil { + err = datadog.UseDelegatedTokenAuth(ctx, &localVarHeaderParams, a.Client.Cfg.DelegatedTokenConfig) + if err != nil { + return localVarReturnValue, nil, err + } + } else { + datadog.SetAuthKeys( + ctx, + &localVarHeaderParams, + [2]string{"apiKeyAuth", "DD-API-KEY"}, + [2]string{"appKeyAuth", "DD-APPLICATION-KEY"}, + ) + } + req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.Client.CallAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := datadog.ReadBody(localVarHTTPResponse) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: localVarHTTPResponse.Status, + } + if localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 || localVarHTTPResponse.StatusCode == 429 { + var v APIErrorResponse + err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.ErrorModel = v + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + // GetResourceEvaluationFiltersOptionalParameters holds optional parameters for GetResourceEvaluationFilters. type GetResourceEvaluationFiltersOptionalParameters struct { CloudProvider *string @@ -4172,6 +4250,84 @@ func (a *SecurityMonitoringApi) GetSignalNotificationRules(ctx _context.Context) return localVarReturnValue, localVarHTTPResponse, nil } +// GetSuggestedActionsMatchingSignal Get suggested actions for a signal. +// Get the list of suggested actions for a given security signal. +func (a *SecurityMonitoringApi) GetSuggestedActionsMatchingSignal(ctx _context.Context, signalId string) (SecurityMonitoringSignalSuggestedActionsResponse, *_nethttp.Response, error) { + var ( + localVarHTTPMethod = _nethttp.MethodGet + localVarPostBody interface{} + localVarReturnValue SecurityMonitoringSignalSuggestedActionsResponse + ) + + localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.GetSuggestedActionsMatchingSignal") + if err != nil { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()} + } + + localVarPath := localBasePath + "/api/v2/security_monitoring/signals/{signal_id}/suggested_actions" + localVarPath = datadog.ReplacePathParameter(localVarPath, "{signal_id}", _neturl.PathEscape(datadog.ParameterToString(signalId, ""))) + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := _neturl.Values{} + localVarFormParams := _neturl.Values{} + localVarHeaderParams["Accept"] = "application/json" + + if a.Client.Cfg.DelegatedTokenConfig != nil { + err = datadog.UseDelegatedTokenAuth(ctx, &localVarHeaderParams, a.Client.Cfg.DelegatedTokenConfig) + if err != nil { + return localVarReturnValue, nil, err + } + } else { + datadog.SetAuthKeys( + ctx, + &localVarHeaderParams, + [2]string{"apiKeyAuth", "DD-API-KEY"}, + [2]string{"appKeyAuth", "DD-APPLICATION-KEY"}, + ) + } + req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.Client.CallAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := datadog.ReadBody(localVarHTTPResponse) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: localVarHTTPResponse.Status, + } + if localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 || localVarHTTPResponse.StatusCode == 429 { + var v APIErrorResponse + err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.ErrorModel = v + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + // GetSuppressionVersionHistoryOptionalParameters holds optional parameters for GetSuppressionVersionHistory. type GetSuppressionVersionHistoryOptionalParameters struct { PageSize *int64 diff --git a/api/datadogV2/doc.go b/api/datadogV2/doc.go index 630a7535de0..a2ac7c304f2 100644 --- a/api/datadogV2/doc.go +++ b/api/datadogV2/doc.go @@ -723,6 +723,7 @@ // - [SecurityMonitoringApi.GetCriticalAssetsAffectingRule] // - [SecurityMonitoringApi.GetCustomFramework] // - [SecurityMonitoringApi.GetFinding] +// - [SecurityMonitoringApi.GetInvestigationLogQueriesMatchingSignal] // - [SecurityMonitoringApi.GetResourceEvaluationFilters] // - [SecurityMonitoringApi.GetRuleVersionHistory] // - [SecurityMonitoringApi.GetSBOM] @@ -736,6 +737,7 @@ // - [SecurityMonitoringApi.GetSecurityMonitoringSuppression] // - [SecurityMonitoringApi.GetSignalNotificationRule] // - [SecurityMonitoringApi.GetSignalNotificationRules] +// - [SecurityMonitoringApi.GetSuggestedActionsMatchingSignal] // - [SecurityMonitoringApi.GetSuppressionVersionHistory] // - [SecurityMonitoringApi.GetSuppressionsAffectingFutureRule] // - [SecurityMonitoringApi.GetSuppressionsAffectingRule] diff --git a/api/datadogV2/model_security_monitoring_signal_suggested_action.go b/api/datadogV2/model_security_monitoring_signal_suggested_action.go new file mode 100644 index 00000000000..cead149eb98 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_signal_suggested_action.go @@ -0,0 +1,178 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "fmt" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// SecurityMonitoringSignalSuggestedAction A suggested action for a security signal. +type SecurityMonitoringSignalSuggestedAction struct { + // Attributes of a suggested action for a security signal. The available fields depend on the action type. + Attributes SecurityMonitoringSignalSuggestedActionAttributes `json:"attributes"` + // The unique ID of the suggested action. + Id string `json:"id"` + // The type of the suggested action resource. + Type SecurityMonitoringSignalSuggestedActionType `json:"type"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewSecurityMonitoringSignalSuggestedAction instantiates a new SecurityMonitoringSignalSuggestedAction object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringSignalSuggestedAction(attributes SecurityMonitoringSignalSuggestedActionAttributes, id string, typeVar SecurityMonitoringSignalSuggestedActionType) *SecurityMonitoringSignalSuggestedAction { + this := SecurityMonitoringSignalSuggestedAction{} + this.Attributes = attributes + this.Id = id + this.Type = typeVar + return &this +} + +// NewSecurityMonitoringSignalSuggestedActionWithDefaults instantiates a new SecurityMonitoringSignalSuggestedAction object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringSignalSuggestedActionWithDefaults() *SecurityMonitoringSignalSuggestedAction { + this := SecurityMonitoringSignalSuggestedAction{} + return &this +} + +// GetAttributes returns the Attributes field value. +func (o *SecurityMonitoringSignalSuggestedAction) GetAttributes() SecurityMonitoringSignalSuggestedActionAttributes { + if o == nil { + var ret SecurityMonitoringSignalSuggestedActionAttributes + return ret + } + return o.Attributes +} + +// GetAttributesOk returns a tuple with the Attributes field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalSuggestedAction) GetAttributesOk() (*SecurityMonitoringSignalSuggestedActionAttributes, bool) { + if o == nil { + return nil, false + } + return &o.Attributes, true +} + +// SetAttributes sets field value. +func (o *SecurityMonitoringSignalSuggestedAction) SetAttributes(v SecurityMonitoringSignalSuggestedActionAttributes) { + o.Attributes = v +} + +// GetId returns the Id field value. +func (o *SecurityMonitoringSignalSuggestedAction) GetId() string { + if o == nil { + var ret string + return ret + } + return o.Id +} + +// GetIdOk returns a tuple with the Id field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalSuggestedAction) GetIdOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.Id, true +} + +// SetId sets field value. +func (o *SecurityMonitoringSignalSuggestedAction) SetId(v string) { + o.Id = v +} + +// GetType returns the Type field value. +func (o *SecurityMonitoringSignalSuggestedAction) GetType() SecurityMonitoringSignalSuggestedActionType { + if o == nil { + var ret SecurityMonitoringSignalSuggestedActionType + return ret + } + return o.Type +} + +// GetTypeOk returns a tuple with the Type field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalSuggestedAction) GetTypeOk() (*SecurityMonitoringSignalSuggestedActionType, bool) { + if o == nil { + return nil, false + } + return &o.Type, true +} + +// SetType sets field value. +func (o *SecurityMonitoringSignalSuggestedAction) SetType(v SecurityMonitoringSignalSuggestedActionType) { + o.Type = v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringSignalSuggestedAction) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + toSerialize["attributes"] = o.Attributes + toSerialize["id"] = o.Id + toSerialize["type"] = o.Type + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringSignalSuggestedAction) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Attributes *SecurityMonitoringSignalSuggestedActionAttributes `json:"attributes"` + Id *string `json:"id"` + Type *SecurityMonitoringSignalSuggestedActionType `json:"type"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + if all.Attributes == nil { + return fmt.Errorf("required field attributes missing") + } + if all.Id == nil { + return fmt.Errorf("required field id missing") + } + if all.Type == nil { + return fmt.Errorf("required field type missing") + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"attributes", "id", "type"}) + } else { + return err + } + + hasInvalidField := false + if all.Attributes.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Attributes = *all.Attributes + o.Id = *all.Id + if !all.Type.IsValid() { + hasInvalidField = true + } else { + o.Type = *all.Type + } + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_security_monitoring_signal_suggested_action_attributes.go b/api/datadogV2/model_security_monitoring_signal_suggested_action_attributes.go new file mode 100644 index 00000000000..8d4007cac81 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_signal_suggested_action_attributes.go @@ -0,0 +1,242 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// SecurityMonitoringSignalSuggestedActionAttributes Attributes of a suggested action for a security signal. The available fields depend on the action type. +type SecurityMonitoringSignalSuggestedActionAttributes struct { + // The name of the investigation log query. + Name *string `json:"name,omitempty"` + // The log query filter for the investigation. + QueryFilter *string `json:"query_filter,omitempty"` + // Template variables applied to the investigation log query, mapping attribute paths to values extracted from the signal. + TemplateVariables map[string][]string `json:"template_variables,omitempty"` + // The title of the recommended blog post. + Title *string `json:"title,omitempty"` + // The URL of the suggested action. + Url *string `json:"url,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewSecurityMonitoringSignalSuggestedActionAttributes instantiates a new SecurityMonitoringSignalSuggestedActionAttributes object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringSignalSuggestedActionAttributes() *SecurityMonitoringSignalSuggestedActionAttributes { + this := SecurityMonitoringSignalSuggestedActionAttributes{} + return &this +} + +// NewSecurityMonitoringSignalSuggestedActionAttributesWithDefaults instantiates a new SecurityMonitoringSignalSuggestedActionAttributes object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringSignalSuggestedActionAttributesWithDefaults() *SecurityMonitoringSignalSuggestedActionAttributes { + this := SecurityMonitoringSignalSuggestedActionAttributes{} + return &this +} + +// GetName returns the Name field value if set, zero value otherwise. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) GetName() string { + if o == nil || o.Name == nil { + var ret string + return ret + } + return *o.Name +} + +// GetNameOk returns a tuple with the Name field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) GetNameOk() (*string, bool) { + if o == nil || o.Name == nil { + return nil, false + } + return o.Name, true +} + +// HasName returns a boolean if a field has been set. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) HasName() bool { + return o != nil && o.Name != nil +} + +// SetName gets a reference to the given string and assigns it to the Name field. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) SetName(v string) { + o.Name = &v +} + +// GetQueryFilter returns the QueryFilter field value if set, zero value otherwise. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) GetQueryFilter() string { + if o == nil || o.QueryFilter == nil { + var ret string + return ret + } + return *o.QueryFilter +} + +// GetQueryFilterOk returns a tuple with the QueryFilter field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) GetQueryFilterOk() (*string, bool) { + if o == nil || o.QueryFilter == nil { + return nil, false + } + return o.QueryFilter, true +} + +// HasQueryFilter returns a boolean if a field has been set. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) HasQueryFilter() bool { + return o != nil && o.QueryFilter != nil +} + +// SetQueryFilter gets a reference to the given string and assigns it to the QueryFilter field. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) SetQueryFilter(v string) { + o.QueryFilter = &v +} + +// GetTemplateVariables returns the TemplateVariables field value if set, zero value otherwise. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) GetTemplateVariables() map[string][]string { + if o == nil || o.TemplateVariables == nil { + var ret map[string][]string + return ret + } + return o.TemplateVariables +} + +// GetTemplateVariablesOk returns a tuple with the TemplateVariables field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) GetTemplateVariablesOk() (*map[string][]string, bool) { + if o == nil || o.TemplateVariables == nil { + return nil, false + } + return &o.TemplateVariables, true +} + +// HasTemplateVariables returns a boolean if a field has been set. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) HasTemplateVariables() bool { + return o != nil && o.TemplateVariables != nil +} + +// SetTemplateVariables gets a reference to the given map[string][]string and assigns it to the TemplateVariables field. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) SetTemplateVariables(v map[string][]string) { + o.TemplateVariables = v +} + +// GetTitle returns the Title field value if set, zero value otherwise. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) GetTitle() string { + if o == nil || o.Title == nil { + var ret string + return ret + } + return *o.Title +} + +// GetTitleOk returns a tuple with the Title field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) GetTitleOk() (*string, bool) { + if o == nil || o.Title == nil { + return nil, false + } + return o.Title, true +} + +// HasTitle returns a boolean if a field has been set. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) HasTitle() bool { + return o != nil && o.Title != nil +} + +// SetTitle gets a reference to the given string and assigns it to the Title field. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) SetTitle(v string) { + o.Title = &v +} + +// GetUrl returns the Url field value if set, zero value otherwise. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) GetUrl() string { + if o == nil || o.Url == nil { + var ret string + return ret + } + return *o.Url +} + +// GetUrlOk returns a tuple with the Url field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) GetUrlOk() (*string, bool) { + if o == nil || o.Url == nil { + return nil, false + } + return o.Url, true +} + +// HasUrl returns a boolean if a field has been set. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) HasUrl() bool { + return o != nil && o.Url != nil +} + +// SetUrl gets a reference to the given string and assigns it to the Url field. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) SetUrl(v string) { + o.Url = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringSignalSuggestedActionAttributes) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Name != nil { + toSerialize["name"] = o.Name + } + if o.QueryFilter != nil { + toSerialize["query_filter"] = o.QueryFilter + } + if o.TemplateVariables != nil { + toSerialize["template_variables"] = o.TemplateVariables + } + if o.Title != nil { + toSerialize["title"] = o.Title + } + if o.Url != nil { + toSerialize["url"] = o.Url + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringSignalSuggestedActionAttributes) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Name *string `json:"name,omitempty"` + QueryFilter *string `json:"query_filter,omitempty"` + TemplateVariables map[string][]string `json:"template_variables,omitempty"` + Title *string `json:"title,omitempty"` + Url *string `json:"url,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"name", "query_filter", "template_variables", "title", "url"}) + } else { + return err + } + o.Name = all.Name + o.QueryFilter = all.QueryFilter + o.TemplateVariables = all.TemplateVariables + o.Title = all.Title + o.Url = all.Url + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_security_monitoring_signal_suggested_action_type.go b/api/datadogV2/model_security_monitoring_signal_suggested_action_type.go new file mode 100644 index 00000000000..c25080a0819 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_signal_suggested_action_type.go @@ -0,0 +1,66 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "fmt" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// SecurityMonitoringSignalSuggestedActionType The type of the suggested action resource. +type SecurityMonitoringSignalSuggestedActionType string + +// List of SecurityMonitoringSignalSuggestedActionType. +const ( + SECURITYMONITORINGSIGNALSUGGESTEDACTIONTYPE_INVESTIGATION_LOG_QUERIES SecurityMonitoringSignalSuggestedActionType = "investigation_log_queries" + SECURITYMONITORINGSIGNALSUGGESTEDACTIONTYPE_RECOMMENDED_BLOG_POSTS SecurityMonitoringSignalSuggestedActionType = "recommended_blog_posts" +) + +var allowedSecurityMonitoringSignalSuggestedActionTypeEnumValues = []SecurityMonitoringSignalSuggestedActionType{ + SECURITYMONITORINGSIGNALSUGGESTEDACTIONTYPE_INVESTIGATION_LOG_QUERIES, + SECURITYMONITORINGSIGNALSUGGESTEDACTIONTYPE_RECOMMENDED_BLOG_POSTS, +} + +// GetAllowedValues reeturns the list of possible values. +func (v *SecurityMonitoringSignalSuggestedActionType) GetAllowedValues() []SecurityMonitoringSignalSuggestedActionType { + return allowedSecurityMonitoringSignalSuggestedActionTypeEnumValues +} + +// UnmarshalJSON deserializes the given payload. +func (v *SecurityMonitoringSignalSuggestedActionType) UnmarshalJSON(src []byte) error { + var value string + err := datadog.Unmarshal(src, &value) + if err != nil { + return err + } + *v = SecurityMonitoringSignalSuggestedActionType(value) + return nil +} + +// NewSecurityMonitoringSignalSuggestedActionTypeFromValue returns a pointer to a valid SecurityMonitoringSignalSuggestedActionType +// for the value passed as argument, or an error if the value passed is not allowed by the enum. +func NewSecurityMonitoringSignalSuggestedActionTypeFromValue(v string) (*SecurityMonitoringSignalSuggestedActionType, error) { + ev := SecurityMonitoringSignalSuggestedActionType(v) + if ev.IsValid() { + return &ev, nil + } + return nil, fmt.Errorf("invalid value '%v' for SecurityMonitoringSignalSuggestedActionType: valid values are %v", v, allowedSecurityMonitoringSignalSuggestedActionTypeEnumValues) +} + +// IsValid return true if the value is valid for the enum, false otherwise. +func (v SecurityMonitoringSignalSuggestedActionType) IsValid() bool { + for _, existing := range allowedSecurityMonitoringSignalSuggestedActionTypeEnumValues { + if existing == v { + return true + } + } + return false +} + +// Ptr returns reference to SecurityMonitoringSignalSuggestedActionType value. +func (v SecurityMonitoringSignalSuggestedActionType) Ptr() *SecurityMonitoringSignalSuggestedActionType { + return &v +} diff --git a/api/datadogV2/model_security_monitoring_signal_suggested_actions_response.go b/api/datadogV2/model_security_monitoring_signal_suggested_actions_response.go new file mode 100644 index 00000000000..4e93e1d12b5 --- /dev/null +++ b/api/datadogV2/model_security_monitoring_signal_suggested_actions_response.go @@ -0,0 +1,101 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "fmt" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// SecurityMonitoringSignalSuggestedActionsResponse Response with suggested actions for a security signal. +type SecurityMonitoringSignalSuggestedActionsResponse struct { + // List of suggested actions for a security signal. + Data []SecurityMonitoringSignalSuggestedAction `json:"data"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewSecurityMonitoringSignalSuggestedActionsResponse instantiates a new SecurityMonitoringSignalSuggestedActionsResponse object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewSecurityMonitoringSignalSuggestedActionsResponse(data []SecurityMonitoringSignalSuggestedAction) *SecurityMonitoringSignalSuggestedActionsResponse { + this := SecurityMonitoringSignalSuggestedActionsResponse{} + this.Data = data + return &this +} + +// NewSecurityMonitoringSignalSuggestedActionsResponseWithDefaults instantiates a new SecurityMonitoringSignalSuggestedActionsResponse object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewSecurityMonitoringSignalSuggestedActionsResponseWithDefaults() *SecurityMonitoringSignalSuggestedActionsResponse { + this := SecurityMonitoringSignalSuggestedActionsResponse{} + return &this +} + +// GetData returns the Data field value. +func (o *SecurityMonitoringSignalSuggestedActionsResponse) GetData() []SecurityMonitoringSignalSuggestedAction { + if o == nil { + var ret []SecurityMonitoringSignalSuggestedAction + return ret + } + return o.Data +} + +// GetDataOk returns a tuple with the Data field value +// and a boolean to check if the value has been set. +func (o *SecurityMonitoringSignalSuggestedActionsResponse) GetDataOk() (*[]SecurityMonitoringSignalSuggestedAction, bool) { + if o == nil { + return nil, false + } + return &o.Data, true +} + +// SetData sets field value. +func (o *SecurityMonitoringSignalSuggestedActionsResponse) SetData(v []SecurityMonitoringSignalSuggestedAction) { + o.Data = v +} + +// MarshalJSON serializes the struct using spec logic. +func (o SecurityMonitoringSignalSuggestedActionsResponse) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + toSerialize["data"] = o.Data + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *SecurityMonitoringSignalSuggestedActionsResponse) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Data *[]SecurityMonitoringSignalSuggestedAction `json:"data"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + if all.Data == nil { + return fmt.Errorf("required field data missing") + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"data"}) + } else { + return err + } + o.Data = *all.Data + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.go b/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.go new file mode 100644 index 00000000000..7665ebfb2e8 --- /dev/null +++ b/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.go @@ -0,0 +1,29 @@ +// Get investigation queries for a signal returns "OK" response + +package main + +import ( + "context" + "encoding/json" + "fmt" + "os" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" + "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" +) + +func main() { + ctx := datadog.NewDefaultContext(context.Background()) + configuration := datadog.NewConfiguration() + apiClient := datadog.NewAPIClient(configuration) + api := datadogV2.NewSecurityMonitoringApi(apiClient) + resp, r, err := api.GetInvestigationLogQueriesMatchingSignal(ctx, "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE") + + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetInvestigationLogQueriesMatchingSignal`: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + + responseContent, _ := json.MarshalIndent(resp, "", " ") + fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetInvestigationLogQueriesMatchingSignal`:\n%s\n", responseContent) +} diff --git a/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.go b/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.go new file mode 100644 index 00000000000..fa55fdc6956 --- /dev/null +++ b/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.go @@ -0,0 +1,29 @@ +// Get suggested actions for a signal returns "OK" response + +package main + +import ( + "context" + "encoding/json" + "fmt" + "os" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" + "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" +) + +func main() { + ctx := datadog.NewDefaultContext(context.Background()) + configuration := datadog.NewConfiguration() + apiClient := datadog.NewAPIClient(configuration) + api := datadogV2.NewSecurityMonitoringApi(apiClient) + resp, r, err := api.GetSuggestedActionsMatchingSignal(ctx, "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE") + + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSuggestedActionsMatchingSignal`: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + + responseContent, _ := json.MarshalIndent(resp, "", " ") + fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSuggestedActionsMatchingSignal`:\n%s\n", responseContent) +} diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature index afd6da263a9..1fdee4f141b 100644 --- a/tests/scenarios/features/v2/security_monitoring.feature +++ b/tests/scenarios/features/v2/security_monitoring.feature @@ -1371,6 +1371,25 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 Notification rule details. + @generated @skip @team:DataDog/k9-cloud-siem + Scenario: Get investigation queries for a signal returns "Not Found" response + Given new "GetInvestigationLogQueriesMatchingSignal" request + And request contains "signal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @skip @team:DataDog/k9-cloud-siem + Scenario: Get investigation queries for a signal returns "OK" response + Given new "GetInvestigationLogQueriesMatchingSignal" request + And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" + When the request is sent + Then the response status is 200 OK + And the response "data[0].type" is equal to "investigation_log_queries" + And the response "data[0]" has field "id" + And the response "data[0].attributes" has field "name" + And the response "data[0].attributes" has field "query_filter" + And the response "data[0].attributes" has field "url" + @skip-go @skip-java @skip-ruby @team:DataDog/k9-cloud-siem Scenario: Get rule version history returns "OK" response Given operation "GetRuleVersionHistory" enabled @@ -1384,6 +1403,29 @@ Feature: Security Monitoring And the response "data.attributes.count" is equal to 1 And the response "data.attributes.data[1].rule.name" has the same value as "security_rule.name" + @generated @skip @team:DataDog/k9-cloud-siem + Scenario: Get suggested actions for a signal returns "Not Found" response + Given new "GetSuggestedActionsMatchingSignal" request + And request contains "signal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @skip @team:DataDog/k9-cloud-siem + Scenario: Get suggested actions for a signal returns "OK" response + Given new "GetSuggestedActionsMatchingSignal" request + And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" + When the request is sent + Then the response status is 200 OK + And the response "data[0].type" is equal to "investigation_log_queries" + And the response "data[0]" has field "id" + And the response "data[0].attributes" has field "name" + And the response "data[0].attributes" has field "query_filter" + And the response "data[0].attributes" has field "url" + And the response "data[1].type" is equal to "recommended_blog_posts" + And the response "data[1]" has field "id" + And the response "data[1].attributes" has field "title" + And the response "data[1].attributes" has field "url" + @team:DataDog/k9-cloud-siem Scenario: Get suppressions affecting a specific rule returns "Not Found" response Given new "GetSuppressionsAffectingRule" request diff --git a/tests/scenarios/features/v2/undo.json b/tests/scenarios/features/v2/undo.json index 124d2e60cb4..02afc91a4bb 100644 --- a/tests/scenarios/features/v2/undo.json +++ b/tests/scenarios/features/v2/undo.json @@ -5374,12 +5374,24 @@ "type": "idempotent" } }, + "GetInvestigationLogQueriesMatchingSignal": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "EditSecurityMonitoringSignalState": { "tag": "Security Monitoring", "undo": { "type": "idempotent" } }, + "GetSuggestedActionsMatchingSignal": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListScanningGroups": { "tag": "Sensitive Data Scanner", "undo": {