diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 8a51fd127ec..c4dc79f92fd 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -17831,6 +17831,18 @@ components: CustomCostListResponseMeta: description: Meta for the response from the List Custom Costs endpoints. properties: + count_by_status: + additionalProperties: + format: int64 + type: integer + description: Number of Custom Costs files per status. + type: object + providers: + description: List of available providers. + items: + description: A provider name. + type: string + type: array total_filtered_count: description: Number of Custom Costs files returned by the List Custom Costs endpoint format: int64 @@ -29884,6 +29896,30 @@ components: required: - self type: object + GetIoCIndicatorResponse: + description: Response for the get indicator of compromise endpoint. + properties: + data: + $ref: "#/components/schemas/GetIoCIndicatorResponseData" + type: object + GetIoCIndicatorResponseAttributes: + description: Attributes of the get indicator response. + properties: + data: + $ref: "#/components/schemas/IoCIndicatorDetailed" + type: object + GetIoCIndicatorResponseData: + description: IoC indicator response data object. + properties: + attributes: + $ref: "#/components/schemas/GetIoCIndicatorResponseAttributes" + id: + description: Unique identifier for the response. + type: string + type: + description: Response type identifier. + type: string + type: object GetIssueIncludeQueryParameterItem: description: Relationship object that should be included in the response. enum: @@ -35391,6 +35427,301 @@ components: type: string x-enum-varnames: - INVESTIGATION + IoCExplorerListResponse: + description: Response for the list indicators of compromise endpoint. + properties: + data: + $ref: "#/components/schemas/IoCExplorerListResponseData" + type: object + IoCExplorerListResponseAttributes: + description: Attributes of the IoC Explorer list response. + properties: + data: + description: List of indicators of compromise. + items: + $ref: "#/components/schemas/IoCIndicator" + type: array + metadata: + $ref: "#/components/schemas/IoCExplorerListResponseMetadata" + paging: + $ref: "#/components/schemas/IoCExplorerListResponsePaging" + type: object + IoCExplorerListResponseData: + description: IoC Explorer list response data object. + properties: + attributes: + $ref: "#/components/schemas/IoCExplorerListResponseAttributes" + id: + description: Unique identifier for the response. + type: string + type: + description: Response type identifier. + type: string + type: object + IoCExplorerListResponseMetadata: + description: Response metadata. + properties: + count: + description: Total number of indicators matching the query. + format: int64 + type: integer + type: object + IoCExplorerListResponsePaging: + description: Pagination information. + properties: + offset: + description: Current pagination offset. + format: int64 + type: integer + type: object + IoCGeoLocation: + description: Geographic location information for an IP indicator. + properties: + city: + description: City name. + type: string + country_code: + description: ISO country code. + type: string + country_name: + description: Full country name. + type: string + type: object + IoCIndicator: + description: An indicator of compromise with threat intelligence data. + properties: + as_geo: + $ref: "#/components/schemas/IoCGeoLocation" + as_type: + description: Autonomous system type. + type: string + benign_sources: + description: Threat intelligence sources that flagged this indicator as benign. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + categories: + description: Threat categories associated with the indicator. + items: + type: string + type: array + first_seen: + description: Timestamp when the indicator was first seen. + format: date-time + type: string + id: + description: Unique identifier for the indicator. + type: string + indicator: + description: The indicator value (for example, an IP address or domain). + type: string + indicator_type: + description: Type of indicator (for example, IP address or domain). + type: string + last_seen: + description: Timestamp when the indicator was last seen. + format: date-time + type: string + log_matches: + description: Number of logs that matched this indicator. + format: int64 + type: integer + m_as_type: + $ref: "#/components/schemas/IoCScoreEffect" + m_persistence: + $ref: "#/components/schemas/IoCScoreEffect" + m_signal: + $ref: "#/components/schemas/IoCScoreEffect" + m_sources: + $ref: "#/components/schemas/IoCScoreEffect" + malicious_sources: + description: Threat intelligence sources that flagged this indicator as malicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + max_trust_score: + $ref: "#/components/schemas/IoCScoreEffect" + score: + description: Threat score for the indicator (0-100). + format: double + type: number + signal_matches: + description: Number of security signals that matched this indicator. + format: int64 + type: integer + signal_tier: + description: Signal tier level. + format: int64 + type: integer + suspicious_sources: + description: Threat intelligence sources that flagged this indicator as suspicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + tags: + description: Tags associated with the indicator. + items: + type: string + type: array + type: object + IoCIndicatorDetailed: + description: An indicator of compromise with extended context from your environment. + properties: + additional_data: + additionalProperties: {} + description: Additional domain-specific context from threat intelligence sources. + type: object + as_cidr_block: + description: Autonomous system CIDR block. + type: string + as_geo: + $ref: "#/components/schemas/IoCGeoLocation" + as_number: + description: Autonomous system number. + type: string + as_organization: + description: Autonomous system organization name. + type: string + as_type: + description: Autonomous system type. + type: string + benign_sources: + description: Threat intelligence sources that flagged this indicator as benign. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + categories: + description: Threat categories associated with the indicator. + items: + type: string + type: array + critical_assets: + description: Critical assets associated with this indicator. + items: + type: string + type: array + first_seen: + description: Timestamp when the indicator was first seen. + format: date-time + type: string + hosts: + description: Hosts associated with this indicator. + items: + type: string + type: array + id: + description: Unique identifier for the indicator. + type: string + indicator: + description: The indicator value (for example, an IP address or domain). + type: string + indicator_type: + description: Type of indicator (for example, IP address or domain). + type: string + last_seen: + description: Timestamp when the indicator was last seen. + format: date-time + type: string + log_matches: + description: Number of logs that matched this indicator. + format: int64 + type: integer + log_sources: + description: Log sources where this indicator was observed. + items: + type: string + type: array + m_as_type: + $ref: "#/components/schemas/IoCScoreEffect" + m_persistence: + $ref: "#/components/schemas/IoCScoreEffect" + m_signal: + $ref: "#/components/schemas/IoCScoreEffect" + m_sources: + $ref: "#/components/schemas/IoCScoreEffect" + malicious_sources: + description: Threat intelligence sources that flagged this indicator as malicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + max_trust_score: + $ref: "#/components/schemas/IoCScoreEffect" + score: + description: Threat score for the indicator (0-100). + format: double + type: number + services: + description: Services where this indicator was observed. + items: + type: string + type: array + signal_matches: + description: Number of security signals that matched this indicator. + format: int64 + type: integer + signal_severity: + description: Breakdown of security signals by severity. + items: + $ref: "#/components/schemas/IoCSignalSeverityCount" + type: array + signal_tier: + description: Signal tier level. + format: int64 + type: integer + suspicious_sources: + description: Threat intelligence sources that flagged this indicator as suspicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + tags: + description: Tags associated with the indicator. + items: + type: string + type: array + users: + additionalProperties: + description: List of user identifiers in this category. + items: + type: string + type: array + description: Users associated with this indicator, grouped by category. + type: object + type: object + IoCScoreEffect: + description: Effect of a scoring factor on the indicator's threat score. + enum: + - RAISE_SCORE + - LOWER_SCORE + - NO_EFFECT + type: string + x-enum-varnames: + - RAISE_SCORE + - LOWER_SCORE + - NO_EFFECT + IoCSignalSeverityCount: + description: Count of security signals by severity level. + properties: + count: + description: Number of signals at this severity level. + format: int64 + type: integer + severity: + description: Severity level (for example, critical, high, medium, low, info). + type: string + type: object + IoCSource: + description: A threat intelligence source that has flagged an indicator. + properties: + name: + description: Name of the threat intelligence source. + type: string + type: object Issue: description: The issue matching the request. properties: @@ -86879,6 +87210,18 @@ paths: name: filter[status] schema: type: string + - description: Filter files by name with case-insensitive substring matching. + in: query + name: filter[name] + schema: + type: string + - description: Filter by provider. + in: query + name: filter[provider] + schema: + items: + type: string + type: array - description: Sort key with optional descending prefix in: query name: sort @@ -110601,6 +110944,110 @@ paths: x-unstable: |- **Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9). + /api/v2/security/siem/ioc-explorer: + get: + description: |- + Get a list of indicators of compromise (IoCs) matching the specified filters. + operationId: ListIndicatorsOfCompromise + parameters: + - description: Number of results per page. + in: query + name: limit + required: false + schema: + default: 50 + format: int32 + maximum: 2147483647 + type: integer + - description: Pagination offset. + in: query + name: offset + required: false + schema: + default: 0 + format: int32 + maximum: 2147483647 + type: integer + - description: Search/filter query (supports field:value syntax). + in: query + name: query + required: false + schema: + type: string + - description: "Sort column: score, first_seen_ts_epoch, last_seen_ts_epoch, indicator, indicator_type, signal_count, log_count, category, as_type." + in: query + name: sort[column] + required: false + schema: + default: score + type: string + - description: "Sort order: asc or desc." + in: query + name: sort[order] + required: false + schema: + default: desc + type: string + responses: + "200": + content: + "application/json": + schema: + $ref: "#/components/schemas/IoCExplorerListResponse" + description: OK + "400": + $ref: "#/components/responses/BadRequestResponse" + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_read + summary: List indicators of compromise + tags: ["Security Monitoring"] + x-unstable: |- + **Note**: This endpoint is in beta and may be subject to changes. + Please check the documentation regularly for updates. + /api/v2/security/siem/ioc-explorer/indicator: + get: + description: |- + Get detailed information about a specific indicator of compromise (IoC). + operationId: GetIndicatorOfCompromise + parameters: + - description: The indicator value to look up (for example, an IP address or domain). + in: query + name: indicator + required: true + schema: + type: string + responses: + "200": + content: + "application/json": + schema: + $ref: "#/components/schemas/GetIoCIndicatorResponse" + description: OK + "400": + $ref: "#/components/responses/BadRequestResponse" + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_read + summary: Get an indicator of compromise + tags: ["Security Monitoring"] + x-unstable: |- + **Note**: This endpoint is in beta and may be subject to changes. + Please check the documentation regularly for updates. /api/v2/security/signals/notification_rules: get: description: Returns the list of notification rules for security signals. diff --git a/api/datadog/configuration.go b/api/datadog/configuration.go index d3c959f27a8..1ffb7ae427e 100644 --- a/api/datadog/configuration.go +++ b/api/datadog/configuration.go @@ -706,12 +706,14 @@ func NewConfiguration() *Configuration { "v2.DeleteThreatHuntingJob": false, "v2.GetContentPacksStates": false, "v2.GetFinding": false, + "v2.GetIndicatorOfCompromise": false, "v2.GetRuleVersionHistory": false, "v2.GetSecretsRules": false, "v2.GetSecurityMonitoringHistsignal": false, "v2.GetSecurityMonitoringHistsignalsByJobId": false, "v2.GetThreatHuntingJob": false, "v2.ListFindings": false, + "v2.ListIndicatorsOfCompromise": false, "v2.ListMultipleRulesets": false, "v2.ListScannedAssetsMetadata": false, "v2.ListSecurityMonitoringHistsignals": false, diff --git a/api/datadogV2/api_cloud_cost_management.go b/api/datadogV2/api_cloud_cost_management.go index d1717b7f7de..5fc7662382b 100644 --- a/api/datadogV2/api_cloud_cost_management.go +++ b/api/datadogV2/api_cloud_cost_management.go @@ -8,6 +8,7 @@ import ( _context "context" _nethttp "net/http" _neturl "net/url" + "reflect" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" ) @@ -1836,10 +1837,12 @@ func (a *CloudCostManagementApi) ListCustomAllocationRules(ctx _context.Context) // ListCustomCostsFilesOptionalParameters holds optional parameters for ListCustomCostsFiles. type ListCustomCostsFilesOptionalParameters struct { - PageNumber *int64 - PageSize *int64 - FilterStatus *string - Sort *string + PageNumber *int64 + PageSize *int64 + FilterStatus *string + FilterName *string + FilterProvider *[]string + Sort *string } // NewListCustomCostsFilesOptionalParameters creates an empty struct for parameters. @@ -1866,6 +1869,18 @@ func (r *ListCustomCostsFilesOptionalParameters) WithFilterStatus(filterStatus s return r } +// WithFilterName sets the corresponding parameter name and returns the struct. +func (r *ListCustomCostsFilesOptionalParameters) WithFilterName(filterName string) *ListCustomCostsFilesOptionalParameters { + r.FilterName = &filterName + return r +} + +// WithFilterProvider sets the corresponding parameter name and returns the struct. +func (r *ListCustomCostsFilesOptionalParameters) WithFilterProvider(filterProvider []string) *ListCustomCostsFilesOptionalParameters { + r.FilterProvider = &filterProvider + return r +} + // WithSort sets the corresponding parameter name and returns the struct. func (r *ListCustomCostsFilesOptionalParameters) WithSort(sort string) *ListCustomCostsFilesOptionalParameters { r.Sort = &sort @@ -1908,6 +1923,20 @@ func (a *CloudCostManagementApi) ListCustomCostsFiles(ctx _context.Context, o .. if optionalParams.FilterStatus != nil { localVarQueryParams.Add("filter[status]", datadog.ParameterToString(*optionalParams.FilterStatus, "")) } + if optionalParams.FilterName != nil { + localVarQueryParams.Add("filter[name]", datadog.ParameterToString(*optionalParams.FilterName, "")) + } + if optionalParams.FilterProvider != nil { + t := *optionalParams.FilterProvider + if reflect.TypeOf(t).Kind() == reflect.Slice { + s := reflect.ValueOf(t) + for i := 0; i < s.Len(); i++ { + localVarQueryParams.Add("filter[provider]", datadog.ParameterToString(s.Index(i), "multi")) + } + } else { + localVarQueryParams.Add("filter[provider]", datadog.ParameterToString(t, "multi")) + } + } if optionalParams.Sort != nil { localVarQueryParams.Add("sort", datadog.ParameterToString(*optionalParams.Sort, "")) } diff --git a/api/datadogV2/api_security_monitoring.go b/api/datadogV2/api_security_monitoring.go index f488439815c..84b3d8590b3 100644 --- a/api/datadogV2/api_security_monitoring.go +++ b/api/datadogV2/api_security_monitoring.go @@ -2910,6 +2910,93 @@ func (a *SecurityMonitoringApi) GetFinding(ctx _context.Context, findingId strin return localVarReturnValue, localVarHTTPResponse, nil } +// GetIndicatorOfCompromise Get an indicator of compromise. +// Get detailed information about a specific indicator of compromise (IoC). +func (a *SecurityMonitoringApi) GetIndicatorOfCompromise(ctx _context.Context, indicator string) (GetIoCIndicatorResponse, *_nethttp.Response, error) { + var ( + localVarHTTPMethod = _nethttp.MethodGet + localVarPostBody interface{} + localVarReturnValue GetIoCIndicatorResponse + ) + + operationId := "v2.GetIndicatorOfCompromise" + isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId) + if !isOperationEnabled { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: _fmt.Sprintf("Unstable operation '%s' is disabled", operationId)} + } + if isOperationEnabled && a.Client.Cfg.Debug { + _log.Printf("WARNING: Using unstable operation '%s'", operationId) + } + + localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.GetIndicatorOfCompromise") + if err != nil { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()} + } + + localVarPath := localBasePath + "/api/v2/security/siem/ioc-explorer/indicator" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := _neturl.Values{} + localVarFormParams := _neturl.Values{} + localVarQueryParams.Add("indicator", datadog.ParameterToString(indicator, "")) + localVarHeaderParams["Accept"] = "application/json" + + if a.Client.Cfg.DelegatedTokenConfig != nil { + err = datadog.UseDelegatedTokenAuth(ctx, &localVarHeaderParams, a.Client.Cfg.DelegatedTokenConfig) + if err != nil { + return localVarReturnValue, nil, err + } + } else { + datadog.SetAuthKeys( + ctx, + &localVarHeaderParams, + [2]string{"apiKeyAuth", "DD-API-KEY"}, + [2]string{"appKeyAuth", "DD-APPLICATION-KEY"}, + ) + } + req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.Client.CallAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := datadog.ReadBody(localVarHTTPResponse) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: localVarHTTPResponse.Status, + } + if localVarHTTPResponse.StatusCode == 400 || localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 || localVarHTTPResponse.StatusCode == 429 { + var v APIErrorResponse + err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.ErrorModel = v + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + // GetInvestigationLogQueriesMatchingSignal Get investigation queries for a signal. // Get the list of investigation log queries available for a given security signal. func (a *SecurityMonitoringApi) GetInvestigationLogQueriesMatchingSignal(ctx _context.Context, signalId string) (SecurityMonitoringSignalSuggestedActionsResponse, *_nethttp.Response, error) { @@ -5403,6 +5490,160 @@ func (a *SecurityMonitoringApi) ListFindingsWithPagination(ctx _context.Context, return items, cancel } +// ListIndicatorsOfCompromiseOptionalParameters holds optional parameters for ListIndicatorsOfCompromise. +type ListIndicatorsOfCompromiseOptionalParameters struct { + Limit *int32 + Offset *int32 + Query *string + SortColumn *string + SortOrder *string +} + +// NewListIndicatorsOfCompromiseOptionalParameters creates an empty struct for parameters. +func NewListIndicatorsOfCompromiseOptionalParameters() *ListIndicatorsOfCompromiseOptionalParameters { + this := ListIndicatorsOfCompromiseOptionalParameters{} + return &this +} + +// WithLimit sets the corresponding parameter name and returns the struct. +func (r *ListIndicatorsOfCompromiseOptionalParameters) WithLimit(limit int32) *ListIndicatorsOfCompromiseOptionalParameters { + r.Limit = &limit + return r +} + +// WithOffset sets the corresponding parameter name and returns the struct. +func (r *ListIndicatorsOfCompromiseOptionalParameters) WithOffset(offset int32) *ListIndicatorsOfCompromiseOptionalParameters { + r.Offset = &offset + return r +} + +// WithQuery sets the corresponding parameter name and returns the struct. +func (r *ListIndicatorsOfCompromiseOptionalParameters) WithQuery(query string) *ListIndicatorsOfCompromiseOptionalParameters { + r.Query = &query + return r +} + +// WithSortColumn sets the corresponding parameter name and returns the struct. +func (r *ListIndicatorsOfCompromiseOptionalParameters) WithSortColumn(sortColumn string) *ListIndicatorsOfCompromiseOptionalParameters { + r.SortColumn = &sortColumn + return r +} + +// WithSortOrder sets the corresponding parameter name and returns the struct. +func (r *ListIndicatorsOfCompromiseOptionalParameters) WithSortOrder(sortOrder string) *ListIndicatorsOfCompromiseOptionalParameters { + r.SortOrder = &sortOrder + return r +} + +// ListIndicatorsOfCompromise List indicators of compromise. +// Get a list of indicators of compromise (IoCs) matching the specified filters. +func (a *SecurityMonitoringApi) ListIndicatorsOfCompromise(ctx _context.Context, o ...ListIndicatorsOfCompromiseOptionalParameters) (IoCExplorerListResponse, *_nethttp.Response, error) { + var ( + localVarHTTPMethod = _nethttp.MethodGet + localVarPostBody interface{} + localVarReturnValue IoCExplorerListResponse + optionalParams ListIndicatorsOfCompromiseOptionalParameters + ) + + if len(o) > 1 { + return localVarReturnValue, nil, datadog.ReportError("only one argument of type ListIndicatorsOfCompromiseOptionalParameters is allowed") + } + if len(o) == 1 { + optionalParams = o[0] + } + + operationId := "v2.ListIndicatorsOfCompromise" + isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId) + if !isOperationEnabled { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: _fmt.Sprintf("Unstable operation '%s' is disabled", operationId)} + } + if isOperationEnabled && a.Client.Cfg.Debug { + _log.Printf("WARNING: Using unstable operation '%s'", operationId) + } + + localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.ListIndicatorsOfCompromise") + if err != nil { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()} + } + + localVarPath := localBasePath + "/api/v2/security/siem/ioc-explorer" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := _neturl.Values{} + localVarFormParams := _neturl.Values{} + if optionalParams.Limit != nil { + localVarQueryParams.Add("limit", datadog.ParameterToString(*optionalParams.Limit, "")) + } + if optionalParams.Offset != nil { + localVarQueryParams.Add("offset", datadog.ParameterToString(*optionalParams.Offset, "")) + } + if optionalParams.Query != nil { + localVarQueryParams.Add("query", datadog.ParameterToString(*optionalParams.Query, "")) + } + if optionalParams.SortColumn != nil { + localVarQueryParams.Add("sort[column]", datadog.ParameterToString(*optionalParams.SortColumn, "")) + } + if optionalParams.SortOrder != nil { + localVarQueryParams.Add("sort[order]", datadog.ParameterToString(*optionalParams.SortOrder, "")) + } + localVarHeaderParams["Accept"] = "application/json" + + if a.Client.Cfg.DelegatedTokenConfig != nil { + err = datadog.UseDelegatedTokenAuth(ctx, &localVarHeaderParams, a.Client.Cfg.DelegatedTokenConfig) + if err != nil { + return localVarReturnValue, nil, err + } + } else { + datadog.SetAuthKeys( + ctx, + &localVarHeaderParams, + [2]string{"apiKeyAuth", "DD-API-KEY"}, + [2]string{"appKeyAuth", "DD-APPLICATION-KEY"}, + ) + } + req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.Client.CallAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := datadog.ReadBody(localVarHTTPResponse) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: localVarHTTPResponse.Status, + } + if localVarHTTPResponse.StatusCode == 400 || localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 429 { + var v APIErrorResponse + err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.ErrorModel = v + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + // ListMultipleRulesets Ruleset get multiple. // Get rules for multiple rulesets in batch. func (a *SecurityMonitoringApi) ListMultipleRulesets(ctx _context.Context, body GetMultipleRulesetsRequest) (GetMultipleRulesetsResponse, *_nethttp.Response, error) { diff --git a/api/datadogV2/doc.go b/api/datadogV2/doc.go index 2c519055e85..304e7f1c087 100644 --- a/api/datadogV2/doc.go +++ b/api/datadogV2/doc.go @@ -764,6 +764,7 @@ // - [SecurityMonitoringApi.GetCriticalAssetsAffectingRule] // - [SecurityMonitoringApi.GetCustomFramework] // - [SecurityMonitoringApi.GetFinding] +// - [SecurityMonitoringApi.GetIndicatorOfCompromise] // - [SecurityMonitoringApi.GetInvestigationLogQueriesMatchingSignal] // - [SecurityMonitoringApi.GetResourceEvaluationFilters] // - [SecurityMonitoringApi.GetRuleVersionHistory] @@ -787,6 +788,7 @@ // - [SecurityMonitoringApi.GetVulnerabilityNotificationRules] // - [SecurityMonitoringApi.ListAssetsSBOMs] // - [SecurityMonitoringApi.ListFindings] +// - [SecurityMonitoringApi.ListIndicatorsOfCompromise] // - [SecurityMonitoringApi.ListMultipleRulesets] // - [SecurityMonitoringApi.ListScannedAssetsMetadata] // - [SecurityMonitoringApi.ListSecurityFilters] diff --git a/api/datadogV2/model_custom_cost_list_response_meta.go b/api/datadogV2/model_custom_cost_list_response_meta.go index 2cbdab7f629..c525cf2139d 100644 --- a/api/datadogV2/model_custom_cost_list_response_meta.go +++ b/api/datadogV2/model_custom_cost_list_response_meta.go @@ -10,6 +10,10 @@ import ( // CustomCostListResponseMeta Meta for the response from the List Custom Costs endpoints. type CustomCostListResponseMeta struct { + // Number of Custom Costs files per status. + CountByStatus map[string]int64 `json:"count_by_status,omitempty"` + // List of available providers. + Providers []string `json:"providers,omitempty"` // Number of Custom Costs files returned by the List Custom Costs endpoint TotalFilteredCount *int64 `json:"total_filtered_count,omitempty"` // Version of Custom Costs file @@ -36,6 +40,62 @@ func NewCustomCostListResponseMetaWithDefaults() *CustomCostListResponseMeta { return &this } +// GetCountByStatus returns the CountByStatus field value if set, zero value otherwise. +func (o *CustomCostListResponseMeta) GetCountByStatus() map[string]int64 { + if o == nil || o.CountByStatus == nil { + var ret map[string]int64 + return ret + } + return o.CountByStatus +} + +// GetCountByStatusOk returns a tuple with the CountByStatus field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *CustomCostListResponseMeta) GetCountByStatusOk() (*map[string]int64, bool) { + if o == nil || o.CountByStatus == nil { + return nil, false + } + return &o.CountByStatus, true +} + +// HasCountByStatus returns a boolean if a field has been set. +func (o *CustomCostListResponseMeta) HasCountByStatus() bool { + return o != nil && o.CountByStatus != nil +} + +// SetCountByStatus gets a reference to the given map[string]int64 and assigns it to the CountByStatus field. +func (o *CustomCostListResponseMeta) SetCountByStatus(v map[string]int64) { + o.CountByStatus = v +} + +// GetProviders returns the Providers field value if set, zero value otherwise. +func (o *CustomCostListResponseMeta) GetProviders() []string { + if o == nil || o.Providers == nil { + var ret []string + return ret + } + return o.Providers +} + +// GetProvidersOk returns a tuple with the Providers field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *CustomCostListResponseMeta) GetProvidersOk() (*[]string, bool) { + if o == nil || o.Providers == nil { + return nil, false + } + return &o.Providers, true +} + +// HasProviders returns a boolean if a field has been set. +func (o *CustomCostListResponseMeta) HasProviders() bool { + return o != nil && o.Providers != nil +} + +// SetProviders gets a reference to the given []string and assigns it to the Providers field. +func (o *CustomCostListResponseMeta) SetProviders(v []string) { + o.Providers = v +} + // GetTotalFilteredCount returns the TotalFilteredCount field value if set, zero value otherwise. func (o *CustomCostListResponseMeta) GetTotalFilteredCount() int64 { if o == nil || o.TotalFilteredCount == nil { @@ -98,6 +158,12 @@ func (o CustomCostListResponseMeta) MarshalJSON() ([]byte, error) { if o.UnparsedObject != nil { return datadog.Marshal(o.UnparsedObject) } + if o.CountByStatus != nil { + toSerialize["count_by_status"] = o.CountByStatus + } + if o.Providers != nil { + toSerialize["providers"] = o.Providers + } if o.TotalFilteredCount != nil { toSerialize["total_filtered_count"] = o.TotalFilteredCount } @@ -114,18 +180,22 @@ func (o CustomCostListResponseMeta) MarshalJSON() ([]byte, error) { // UnmarshalJSON deserializes the given payload. func (o *CustomCostListResponseMeta) UnmarshalJSON(bytes []byte) (err error) { all := struct { - TotalFilteredCount *int64 `json:"total_filtered_count,omitempty"` - Version *string `json:"version,omitempty"` + CountByStatus map[string]int64 `json:"count_by_status,omitempty"` + Providers []string `json:"providers,omitempty"` + TotalFilteredCount *int64 `json:"total_filtered_count,omitempty"` + Version *string `json:"version,omitempty"` }{} if err = datadog.Unmarshal(bytes, &all); err != nil { return datadog.Unmarshal(bytes, &o.UnparsedObject) } additionalProperties := make(map[string]interface{}) if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { - datadog.DeleteKeys(additionalProperties, &[]string{"total_filtered_count", "version"}) + datadog.DeleteKeys(additionalProperties, &[]string{"count_by_status", "providers", "total_filtered_count", "version"}) } else { return err } + o.CountByStatus = all.CountByStatus + o.Providers = all.Providers o.TotalFilteredCount = all.TotalFilteredCount o.Version = all.Version diff --git a/api/datadogV2/model_get_io_c_indicator_response.go b/api/datadogV2/model_get_io_c_indicator_response.go new file mode 100644 index 00000000000..8c43ac8dc32 --- /dev/null +++ b/api/datadogV2/model_get_io_c_indicator_response.go @@ -0,0 +1,111 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// GetIoCIndicatorResponse Response for the get indicator of compromise endpoint. +type GetIoCIndicatorResponse struct { + // IoC indicator response data object. + Data *GetIoCIndicatorResponseData `json:"data,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewGetIoCIndicatorResponse instantiates a new GetIoCIndicatorResponse object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewGetIoCIndicatorResponse() *GetIoCIndicatorResponse { + this := GetIoCIndicatorResponse{} + return &this +} + +// NewGetIoCIndicatorResponseWithDefaults instantiates a new GetIoCIndicatorResponse object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewGetIoCIndicatorResponseWithDefaults() *GetIoCIndicatorResponse { + this := GetIoCIndicatorResponse{} + return &this +} + +// GetData returns the Data field value if set, zero value otherwise. +func (o *GetIoCIndicatorResponse) GetData() GetIoCIndicatorResponseData { + if o == nil || o.Data == nil { + var ret GetIoCIndicatorResponseData + return ret + } + return *o.Data +} + +// GetDataOk returns a tuple with the Data field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *GetIoCIndicatorResponse) GetDataOk() (*GetIoCIndicatorResponseData, bool) { + if o == nil || o.Data == nil { + return nil, false + } + return o.Data, true +} + +// HasData returns a boolean if a field has been set. +func (o *GetIoCIndicatorResponse) HasData() bool { + return o != nil && o.Data != nil +} + +// SetData gets a reference to the given GetIoCIndicatorResponseData and assigns it to the Data field. +func (o *GetIoCIndicatorResponse) SetData(v GetIoCIndicatorResponseData) { + o.Data = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o GetIoCIndicatorResponse) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Data != nil { + toSerialize["data"] = o.Data + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *GetIoCIndicatorResponse) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Data *GetIoCIndicatorResponseData `json:"data,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"data"}) + } else { + return err + } + + hasInvalidField := false + if all.Data != nil && all.Data.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Data = all.Data + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_get_io_c_indicator_response_attributes.go b/api/datadogV2/model_get_io_c_indicator_response_attributes.go new file mode 100644 index 00000000000..31da77d8842 --- /dev/null +++ b/api/datadogV2/model_get_io_c_indicator_response_attributes.go @@ -0,0 +1,111 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// GetIoCIndicatorResponseAttributes Attributes of the get indicator response. +type GetIoCIndicatorResponseAttributes struct { + // An indicator of compromise with extended context from your environment. + Data *IoCIndicatorDetailed `json:"data,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewGetIoCIndicatorResponseAttributes instantiates a new GetIoCIndicatorResponseAttributes object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewGetIoCIndicatorResponseAttributes() *GetIoCIndicatorResponseAttributes { + this := GetIoCIndicatorResponseAttributes{} + return &this +} + +// NewGetIoCIndicatorResponseAttributesWithDefaults instantiates a new GetIoCIndicatorResponseAttributes object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewGetIoCIndicatorResponseAttributesWithDefaults() *GetIoCIndicatorResponseAttributes { + this := GetIoCIndicatorResponseAttributes{} + return &this +} + +// GetData returns the Data field value if set, zero value otherwise. +func (o *GetIoCIndicatorResponseAttributes) GetData() IoCIndicatorDetailed { + if o == nil || o.Data == nil { + var ret IoCIndicatorDetailed + return ret + } + return *o.Data +} + +// GetDataOk returns a tuple with the Data field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *GetIoCIndicatorResponseAttributes) GetDataOk() (*IoCIndicatorDetailed, bool) { + if o == nil || o.Data == nil { + return nil, false + } + return o.Data, true +} + +// HasData returns a boolean if a field has been set. +func (o *GetIoCIndicatorResponseAttributes) HasData() bool { + return o != nil && o.Data != nil +} + +// SetData gets a reference to the given IoCIndicatorDetailed and assigns it to the Data field. +func (o *GetIoCIndicatorResponseAttributes) SetData(v IoCIndicatorDetailed) { + o.Data = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o GetIoCIndicatorResponseAttributes) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Data != nil { + toSerialize["data"] = o.Data + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *GetIoCIndicatorResponseAttributes) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Data *IoCIndicatorDetailed `json:"data,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"data"}) + } else { + return err + } + + hasInvalidField := false + if all.Data != nil && all.Data.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Data = all.Data + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_get_io_c_indicator_response_data.go b/api/datadogV2/model_get_io_c_indicator_response_data.go new file mode 100644 index 00000000000..a217a25aa4f --- /dev/null +++ b/api/datadogV2/model_get_io_c_indicator_response_data.go @@ -0,0 +1,181 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// GetIoCIndicatorResponseData IoC indicator response data object. +type GetIoCIndicatorResponseData struct { + // Attributes of the get indicator response. + Attributes *GetIoCIndicatorResponseAttributes `json:"attributes,omitempty"` + // Unique identifier for the response. + Id *string `json:"id,omitempty"` + // Response type identifier. + Type *string `json:"type,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewGetIoCIndicatorResponseData instantiates a new GetIoCIndicatorResponseData object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewGetIoCIndicatorResponseData() *GetIoCIndicatorResponseData { + this := GetIoCIndicatorResponseData{} + return &this +} + +// NewGetIoCIndicatorResponseDataWithDefaults instantiates a new GetIoCIndicatorResponseData object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewGetIoCIndicatorResponseDataWithDefaults() *GetIoCIndicatorResponseData { + this := GetIoCIndicatorResponseData{} + return &this +} + +// GetAttributes returns the Attributes field value if set, zero value otherwise. +func (o *GetIoCIndicatorResponseData) GetAttributes() GetIoCIndicatorResponseAttributes { + if o == nil || o.Attributes == nil { + var ret GetIoCIndicatorResponseAttributes + return ret + } + return *o.Attributes +} + +// GetAttributesOk returns a tuple with the Attributes field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *GetIoCIndicatorResponseData) GetAttributesOk() (*GetIoCIndicatorResponseAttributes, bool) { + if o == nil || o.Attributes == nil { + return nil, false + } + return o.Attributes, true +} + +// HasAttributes returns a boolean if a field has been set. +func (o *GetIoCIndicatorResponseData) HasAttributes() bool { + return o != nil && o.Attributes != nil +} + +// SetAttributes gets a reference to the given GetIoCIndicatorResponseAttributes and assigns it to the Attributes field. +func (o *GetIoCIndicatorResponseData) SetAttributes(v GetIoCIndicatorResponseAttributes) { + o.Attributes = &v +} + +// GetId returns the Id field value if set, zero value otherwise. +func (o *GetIoCIndicatorResponseData) GetId() string { + if o == nil || o.Id == nil { + var ret string + return ret + } + return *o.Id +} + +// GetIdOk returns a tuple with the Id field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *GetIoCIndicatorResponseData) GetIdOk() (*string, bool) { + if o == nil || o.Id == nil { + return nil, false + } + return o.Id, true +} + +// HasId returns a boolean if a field has been set. +func (o *GetIoCIndicatorResponseData) HasId() bool { + return o != nil && o.Id != nil +} + +// SetId gets a reference to the given string and assigns it to the Id field. +func (o *GetIoCIndicatorResponseData) SetId(v string) { + o.Id = &v +} + +// GetType returns the Type field value if set, zero value otherwise. +func (o *GetIoCIndicatorResponseData) GetType() string { + if o == nil || o.Type == nil { + var ret string + return ret + } + return *o.Type +} + +// GetTypeOk returns a tuple with the Type field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *GetIoCIndicatorResponseData) GetTypeOk() (*string, bool) { + if o == nil || o.Type == nil { + return nil, false + } + return o.Type, true +} + +// HasType returns a boolean if a field has been set. +func (o *GetIoCIndicatorResponseData) HasType() bool { + return o != nil && o.Type != nil +} + +// SetType gets a reference to the given string and assigns it to the Type field. +func (o *GetIoCIndicatorResponseData) SetType(v string) { + o.Type = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o GetIoCIndicatorResponseData) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Attributes != nil { + toSerialize["attributes"] = o.Attributes + } + if o.Id != nil { + toSerialize["id"] = o.Id + } + if o.Type != nil { + toSerialize["type"] = o.Type + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *GetIoCIndicatorResponseData) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Attributes *GetIoCIndicatorResponseAttributes `json:"attributes,omitempty"` + Id *string `json:"id,omitempty"` + Type *string `json:"type,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"attributes", "id", "type"}) + } else { + return err + } + + hasInvalidField := false + if all.Attributes != nil && all.Attributes.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Attributes = all.Attributes + o.Id = all.Id + o.Type = all.Type + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_io_c_explorer_list_response.go b/api/datadogV2/model_io_c_explorer_list_response.go new file mode 100644 index 00000000000..5f881b7cae2 --- /dev/null +++ b/api/datadogV2/model_io_c_explorer_list_response.go @@ -0,0 +1,111 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCExplorerListResponse Response for the list indicators of compromise endpoint. +type IoCExplorerListResponse struct { + // IoC Explorer list response data object. + Data *IoCExplorerListResponseData `json:"data,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCExplorerListResponse instantiates a new IoCExplorerListResponse object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCExplorerListResponse() *IoCExplorerListResponse { + this := IoCExplorerListResponse{} + return &this +} + +// NewIoCExplorerListResponseWithDefaults instantiates a new IoCExplorerListResponse object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCExplorerListResponseWithDefaults() *IoCExplorerListResponse { + this := IoCExplorerListResponse{} + return &this +} + +// GetData returns the Data field value if set, zero value otherwise. +func (o *IoCExplorerListResponse) GetData() IoCExplorerListResponseData { + if o == nil || o.Data == nil { + var ret IoCExplorerListResponseData + return ret + } + return *o.Data +} + +// GetDataOk returns a tuple with the Data field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCExplorerListResponse) GetDataOk() (*IoCExplorerListResponseData, bool) { + if o == nil || o.Data == nil { + return nil, false + } + return o.Data, true +} + +// HasData returns a boolean if a field has been set. +func (o *IoCExplorerListResponse) HasData() bool { + return o != nil && o.Data != nil +} + +// SetData gets a reference to the given IoCExplorerListResponseData and assigns it to the Data field. +func (o *IoCExplorerListResponse) SetData(v IoCExplorerListResponseData) { + o.Data = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCExplorerListResponse) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Data != nil { + toSerialize["data"] = o.Data + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCExplorerListResponse) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Data *IoCExplorerListResponseData `json:"data,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"data"}) + } else { + return err + } + + hasInvalidField := false + if all.Data != nil && all.Data.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Data = all.Data + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_io_c_explorer_list_response_attributes.go b/api/datadogV2/model_io_c_explorer_list_response_attributes.go new file mode 100644 index 00000000000..f1190387c79 --- /dev/null +++ b/api/datadogV2/model_io_c_explorer_list_response_attributes.go @@ -0,0 +1,184 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCExplorerListResponseAttributes Attributes of the IoC Explorer list response. +type IoCExplorerListResponseAttributes struct { + // List of indicators of compromise. + Data []IoCIndicator `json:"data,omitempty"` + // Response metadata. + Metadata *IoCExplorerListResponseMetadata `json:"metadata,omitempty"` + // Pagination information. + Paging *IoCExplorerListResponsePaging `json:"paging,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCExplorerListResponseAttributes instantiates a new IoCExplorerListResponseAttributes object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCExplorerListResponseAttributes() *IoCExplorerListResponseAttributes { + this := IoCExplorerListResponseAttributes{} + return &this +} + +// NewIoCExplorerListResponseAttributesWithDefaults instantiates a new IoCExplorerListResponseAttributes object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCExplorerListResponseAttributesWithDefaults() *IoCExplorerListResponseAttributes { + this := IoCExplorerListResponseAttributes{} + return &this +} + +// GetData returns the Data field value if set, zero value otherwise. +func (o *IoCExplorerListResponseAttributes) GetData() []IoCIndicator { + if o == nil || o.Data == nil { + var ret []IoCIndicator + return ret + } + return o.Data +} + +// GetDataOk returns a tuple with the Data field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCExplorerListResponseAttributes) GetDataOk() (*[]IoCIndicator, bool) { + if o == nil || o.Data == nil { + return nil, false + } + return &o.Data, true +} + +// HasData returns a boolean if a field has been set. +func (o *IoCExplorerListResponseAttributes) HasData() bool { + return o != nil && o.Data != nil +} + +// SetData gets a reference to the given []IoCIndicator and assigns it to the Data field. +func (o *IoCExplorerListResponseAttributes) SetData(v []IoCIndicator) { + o.Data = v +} + +// GetMetadata returns the Metadata field value if set, zero value otherwise. +func (o *IoCExplorerListResponseAttributes) GetMetadata() IoCExplorerListResponseMetadata { + if o == nil || o.Metadata == nil { + var ret IoCExplorerListResponseMetadata + return ret + } + return *o.Metadata +} + +// GetMetadataOk returns a tuple with the Metadata field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCExplorerListResponseAttributes) GetMetadataOk() (*IoCExplorerListResponseMetadata, bool) { + if o == nil || o.Metadata == nil { + return nil, false + } + return o.Metadata, true +} + +// HasMetadata returns a boolean if a field has been set. +func (o *IoCExplorerListResponseAttributes) HasMetadata() bool { + return o != nil && o.Metadata != nil +} + +// SetMetadata gets a reference to the given IoCExplorerListResponseMetadata and assigns it to the Metadata field. +func (o *IoCExplorerListResponseAttributes) SetMetadata(v IoCExplorerListResponseMetadata) { + o.Metadata = &v +} + +// GetPaging returns the Paging field value if set, zero value otherwise. +func (o *IoCExplorerListResponseAttributes) GetPaging() IoCExplorerListResponsePaging { + if o == nil || o.Paging == nil { + var ret IoCExplorerListResponsePaging + return ret + } + return *o.Paging +} + +// GetPagingOk returns a tuple with the Paging field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCExplorerListResponseAttributes) GetPagingOk() (*IoCExplorerListResponsePaging, bool) { + if o == nil || o.Paging == nil { + return nil, false + } + return o.Paging, true +} + +// HasPaging returns a boolean if a field has been set. +func (o *IoCExplorerListResponseAttributes) HasPaging() bool { + return o != nil && o.Paging != nil +} + +// SetPaging gets a reference to the given IoCExplorerListResponsePaging and assigns it to the Paging field. +func (o *IoCExplorerListResponseAttributes) SetPaging(v IoCExplorerListResponsePaging) { + o.Paging = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCExplorerListResponseAttributes) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Data != nil { + toSerialize["data"] = o.Data + } + if o.Metadata != nil { + toSerialize["metadata"] = o.Metadata + } + if o.Paging != nil { + toSerialize["paging"] = o.Paging + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCExplorerListResponseAttributes) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Data []IoCIndicator `json:"data,omitempty"` + Metadata *IoCExplorerListResponseMetadata `json:"metadata,omitempty"` + Paging *IoCExplorerListResponsePaging `json:"paging,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"data", "metadata", "paging"}) + } else { + return err + } + + hasInvalidField := false + o.Data = all.Data + if all.Metadata != nil && all.Metadata.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Metadata = all.Metadata + if all.Paging != nil && all.Paging.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Paging = all.Paging + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_io_c_explorer_list_response_data.go b/api/datadogV2/model_io_c_explorer_list_response_data.go new file mode 100644 index 00000000000..4c616aaef92 --- /dev/null +++ b/api/datadogV2/model_io_c_explorer_list_response_data.go @@ -0,0 +1,181 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCExplorerListResponseData IoC Explorer list response data object. +type IoCExplorerListResponseData struct { + // Attributes of the IoC Explorer list response. + Attributes *IoCExplorerListResponseAttributes `json:"attributes,omitempty"` + // Unique identifier for the response. + Id *string `json:"id,omitempty"` + // Response type identifier. + Type *string `json:"type,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCExplorerListResponseData instantiates a new IoCExplorerListResponseData object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCExplorerListResponseData() *IoCExplorerListResponseData { + this := IoCExplorerListResponseData{} + return &this +} + +// NewIoCExplorerListResponseDataWithDefaults instantiates a new IoCExplorerListResponseData object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCExplorerListResponseDataWithDefaults() *IoCExplorerListResponseData { + this := IoCExplorerListResponseData{} + return &this +} + +// GetAttributes returns the Attributes field value if set, zero value otherwise. +func (o *IoCExplorerListResponseData) GetAttributes() IoCExplorerListResponseAttributes { + if o == nil || o.Attributes == nil { + var ret IoCExplorerListResponseAttributes + return ret + } + return *o.Attributes +} + +// GetAttributesOk returns a tuple with the Attributes field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCExplorerListResponseData) GetAttributesOk() (*IoCExplorerListResponseAttributes, bool) { + if o == nil || o.Attributes == nil { + return nil, false + } + return o.Attributes, true +} + +// HasAttributes returns a boolean if a field has been set. +func (o *IoCExplorerListResponseData) HasAttributes() bool { + return o != nil && o.Attributes != nil +} + +// SetAttributes gets a reference to the given IoCExplorerListResponseAttributes and assigns it to the Attributes field. +func (o *IoCExplorerListResponseData) SetAttributes(v IoCExplorerListResponseAttributes) { + o.Attributes = &v +} + +// GetId returns the Id field value if set, zero value otherwise. +func (o *IoCExplorerListResponseData) GetId() string { + if o == nil || o.Id == nil { + var ret string + return ret + } + return *o.Id +} + +// GetIdOk returns a tuple with the Id field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCExplorerListResponseData) GetIdOk() (*string, bool) { + if o == nil || o.Id == nil { + return nil, false + } + return o.Id, true +} + +// HasId returns a boolean if a field has been set. +func (o *IoCExplorerListResponseData) HasId() bool { + return o != nil && o.Id != nil +} + +// SetId gets a reference to the given string and assigns it to the Id field. +func (o *IoCExplorerListResponseData) SetId(v string) { + o.Id = &v +} + +// GetType returns the Type field value if set, zero value otherwise. +func (o *IoCExplorerListResponseData) GetType() string { + if o == nil || o.Type == nil { + var ret string + return ret + } + return *o.Type +} + +// GetTypeOk returns a tuple with the Type field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCExplorerListResponseData) GetTypeOk() (*string, bool) { + if o == nil || o.Type == nil { + return nil, false + } + return o.Type, true +} + +// HasType returns a boolean if a field has been set. +func (o *IoCExplorerListResponseData) HasType() bool { + return o != nil && o.Type != nil +} + +// SetType gets a reference to the given string and assigns it to the Type field. +func (o *IoCExplorerListResponseData) SetType(v string) { + o.Type = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCExplorerListResponseData) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Attributes != nil { + toSerialize["attributes"] = o.Attributes + } + if o.Id != nil { + toSerialize["id"] = o.Id + } + if o.Type != nil { + toSerialize["type"] = o.Type + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCExplorerListResponseData) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Attributes *IoCExplorerListResponseAttributes `json:"attributes,omitempty"` + Id *string `json:"id,omitempty"` + Type *string `json:"type,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"attributes", "id", "type"}) + } else { + return err + } + + hasInvalidField := false + if all.Attributes != nil && all.Attributes.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Attributes = all.Attributes + o.Id = all.Id + o.Type = all.Type + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_io_c_explorer_list_response_metadata.go b/api/datadogV2/model_io_c_explorer_list_response_metadata.go new file mode 100644 index 00000000000..6079afdab26 --- /dev/null +++ b/api/datadogV2/model_io_c_explorer_list_response_metadata.go @@ -0,0 +1,102 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCExplorerListResponseMetadata Response metadata. +type IoCExplorerListResponseMetadata struct { + // Total number of indicators matching the query. + Count *int64 `json:"count,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCExplorerListResponseMetadata instantiates a new IoCExplorerListResponseMetadata object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCExplorerListResponseMetadata() *IoCExplorerListResponseMetadata { + this := IoCExplorerListResponseMetadata{} + return &this +} + +// NewIoCExplorerListResponseMetadataWithDefaults instantiates a new IoCExplorerListResponseMetadata object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCExplorerListResponseMetadataWithDefaults() *IoCExplorerListResponseMetadata { + this := IoCExplorerListResponseMetadata{} + return &this +} + +// GetCount returns the Count field value if set, zero value otherwise. +func (o *IoCExplorerListResponseMetadata) GetCount() int64 { + if o == nil || o.Count == nil { + var ret int64 + return ret + } + return *o.Count +} + +// GetCountOk returns a tuple with the Count field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCExplorerListResponseMetadata) GetCountOk() (*int64, bool) { + if o == nil || o.Count == nil { + return nil, false + } + return o.Count, true +} + +// HasCount returns a boolean if a field has been set. +func (o *IoCExplorerListResponseMetadata) HasCount() bool { + return o != nil && o.Count != nil +} + +// SetCount gets a reference to the given int64 and assigns it to the Count field. +func (o *IoCExplorerListResponseMetadata) SetCount(v int64) { + o.Count = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCExplorerListResponseMetadata) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Count != nil { + toSerialize["count"] = o.Count + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCExplorerListResponseMetadata) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Count *int64 `json:"count,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"count"}) + } else { + return err + } + o.Count = all.Count + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_io_c_explorer_list_response_paging.go b/api/datadogV2/model_io_c_explorer_list_response_paging.go new file mode 100644 index 00000000000..d7509b2ccc5 --- /dev/null +++ b/api/datadogV2/model_io_c_explorer_list_response_paging.go @@ -0,0 +1,102 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCExplorerListResponsePaging Pagination information. +type IoCExplorerListResponsePaging struct { + // Current pagination offset. + Offset *int64 `json:"offset,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCExplorerListResponsePaging instantiates a new IoCExplorerListResponsePaging object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCExplorerListResponsePaging() *IoCExplorerListResponsePaging { + this := IoCExplorerListResponsePaging{} + return &this +} + +// NewIoCExplorerListResponsePagingWithDefaults instantiates a new IoCExplorerListResponsePaging object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCExplorerListResponsePagingWithDefaults() *IoCExplorerListResponsePaging { + this := IoCExplorerListResponsePaging{} + return &this +} + +// GetOffset returns the Offset field value if set, zero value otherwise. +func (o *IoCExplorerListResponsePaging) GetOffset() int64 { + if o == nil || o.Offset == nil { + var ret int64 + return ret + } + return *o.Offset +} + +// GetOffsetOk returns a tuple with the Offset field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCExplorerListResponsePaging) GetOffsetOk() (*int64, bool) { + if o == nil || o.Offset == nil { + return nil, false + } + return o.Offset, true +} + +// HasOffset returns a boolean if a field has been set. +func (o *IoCExplorerListResponsePaging) HasOffset() bool { + return o != nil && o.Offset != nil +} + +// SetOffset gets a reference to the given int64 and assigns it to the Offset field. +func (o *IoCExplorerListResponsePaging) SetOffset(v int64) { + o.Offset = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCExplorerListResponsePaging) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Offset != nil { + toSerialize["offset"] = o.Offset + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCExplorerListResponsePaging) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Offset *int64 `json:"offset,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"offset"}) + } else { + return err + } + o.Offset = all.Offset + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_io_c_geo_location.go b/api/datadogV2/model_io_c_geo_location.go new file mode 100644 index 00000000000..cfdf8736ea9 --- /dev/null +++ b/api/datadogV2/model_io_c_geo_location.go @@ -0,0 +1,172 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCGeoLocation Geographic location information for an IP indicator. +type IoCGeoLocation struct { + // City name. + City *string `json:"city,omitempty"` + // ISO country code. + CountryCode *string `json:"country_code,omitempty"` + // Full country name. + CountryName *string `json:"country_name,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCGeoLocation instantiates a new IoCGeoLocation object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCGeoLocation() *IoCGeoLocation { + this := IoCGeoLocation{} + return &this +} + +// NewIoCGeoLocationWithDefaults instantiates a new IoCGeoLocation object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCGeoLocationWithDefaults() *IoCGeoLocation { + this := IoCGeoLocation{} + return &this +} + +// GetCity returns the City field value if set, zero value otherwise. +func (o *IoCGeoLocation) GetCity() string { + if o == nil || o.City == nil { + var ret string + return ret + } + return *o.City +} + +// GetCityOk returns a tuple with the City field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCGeoLocation) GetCityOk() (*string, bool) { + if o == nil || o.City == nil { + return nil, false + } + return o.City, true +} + +// HasCity returns a boolean if a field has been set. +func (o *IoCGeoLocation) HasCity() bool { + return o != nil && o.City != nil +} + +// SetCity gets a reference to the given string and assigns it to the City field. +func (o *IoCGeoLocation) SetCity(v string) { + o.City = &v +} + +// GetCountryCode returns the CountryCode field value if set, zero value otherwise. +func (o *IoCGeoLocation) GetCountryCode() string { + if o == nil || o.CountryCode == nil { + var ret string + return ret + } + return *o.CountryCode +} + +// GetCountryCodeOk returns a tuple with the CountryCode field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCGeoLocation) GetCountryCodeOk() (*string, bool) { + if o == nil || o.CountryCode == nil { + return nil, false + } + return o.CountryCode, true +} + +// HasCountryCode returns a boolean if a field has been set. +func (o *IoCGeoLocation) HasCountryCode() bool { + return o != nil && o.CountryCode != nil +} + +// SetCountryCode gets a reference to the given string and assigns it to the CountryCode field. +func (o *IoCGeoLocation) SetCountryCode(v string) { + o.CountryCode = &v +} + +// GetCountryName returns the CountryName field value if set, zero value otherwise. +func (o *IoCGeoLocation) GetCountryName() string { + if o == nil || o.CountryName == nil { + var ret string + return ret + } + return *o.CountryName +} + +// GetCountryNameOk returns a tuple with the CountryName field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCGeoLocation) GetCountryNameOk() (*string, bool) { + if o == nil || o.CountryName == nil { + return nil, false + } + return o.CountryName, true +} + +// HasCountryName returns a boolean if a field has been set. +func (o *IoCGeoLocation) HasCountryName() bool { + return o != nil && o.CountryName != nil +} + +// SetCountryName gets a reference to the given string and assigns it to the CountryName field. +func (o *IoCGeoLocation) SetCountryName(v string) { + o.CountryName = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCGeoLocation) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.City != nil { + toSerialize["city"] = o.City + } + if o.CountryCode != nil { + toSerialize["country_code"] = o.CountryCode + } + if o.CountryName != nil { + toSerialize["country_name"] = o.CountryName + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCGeoLocation) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + City *string `json:"city,omitempty"` + CountryCode *string `json:"country_code,omitempty"` + CountryName *string `json:"country_name,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"city", "country_code", "country_name"}) + } else { + return err + } + o.City = all.City + o.CountryCode = all.CountryCode + o.CountryName = all.CountryName + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_io_c_indicator.go b/api/datadogV2/model_io_c_indicator.go new file mode 100644 index 00000000000..5cd9b58d6eb --- /dev/null +++ b/api/datadogV2/model_io_c_indicator.go @@ -0,0 +1,844 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "time" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCIndicator An indicator of compromise with threat intelligence data. +type IoCIndicator struct { + // Geographic location information for an IP indicator. + AsGeo *IoCGeoLocation `json:"as_geo,omitempty"` + // Autonomous system type. + AsType *string `json:"as_type,omitempty"` + // Threat intelligence sources that flagged this indicator as benign. + BenignSources []IoCSource `json:"benign_sources,omitempty"` + // Threat categories associated with the indicator. + Categories []string `json:"categories,omitempty"` + // Timestamp when the indicator was first seen. + FirstSeen *time.Time `json:"first_seen,omitempty"` + // Unique identifier for the indicator. + Id *string `json:"id,omitempty"` + // The indicator value (for example, an IP address or domain). + Indicator *string `json:"indicator,omitempty"` + // Type of indicator (for example, IP address or domain). + IndicatorType *string `json:"indicator_type,omitempty"` + // Timestamp when the indicator was last seen. + LastSeen *time.Time `json:"last_seen,omitempty"` + // Number of logs that matched this indicator. + LogMatches *int64 `json:"log_matches,omitempty"` + // Effect of a scoring factor on the indicator's threat score. + MAsType *IoCScoreEffect `json:"m_as_type,omitempty"` + // Effect of a scoring factor on the indicator's threat score. + MPersistence *IoCScoreEffect `json:"m_persistence,omitempty"` + // Effect of a scoring factor on the indicator's threat score. + MSignal *IoCScoreEffect `json:"m_signal,omitempty"` + // Effect of a scoring factor on the indicator's threat score. + MSources *IoCScoreEffect `json:"m_sources,omitempty"` + // Threat intelligence sources that flagged this indicator as malicious. + MaliciousSources []IoCSource `json:"malicious_sources,omitempty"` + // Effect of a scoring factor on the indicator's threat score. + MaxTrustScore *IoCScoreEffect `json:"max_trust_score,omitempty"` + // Threat score for the indicator (0-100). + Score *float64 `json:"score,omitempty"` + // Number of security signals that matched this indicator. + SignalMatches *int64 `json:"signal_matches,omitempty"` + // Signal tier level. + SignalTier *int64 `json:"signal_tier,omitempty"` + // Threat intelligence sources that flagged this indicator as suspicious. + SuspiciousSources []IoCSource `json:"suspicious_sources,omitempty"` + // Tags associated with the indicator. + Tags []string `json:"tags,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCIndicator instantiates a new IoCIndicator object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCIndicator() *IoCIndicator { + this := IoCIndicator{} + return &this +} + +// NewIoCIndicatorWithDefaults instantiates a new IoCIndicator object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCIndicatorWithDefaults() *IoCIndicator { + this := IoCIndicator{} + return &this +} + +// GetAsGeo returns the AsGeo field value if set, zero value otherwise. +func (o *IoCIndicator) GetAsGeo() IoCGeoLocation { + if o == nil || o.AsGeo == nil { + var ret IoCGeoLocation + return ret + } + return *o.AsGeo +} + +// GetAsGeoOk returns a tuple with the AsGeo field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetAsGeoOk() (*IoCGeoLocation, bool) { + if o == nil || o.AsGeo == nil { + return nil, false + } + return o.AsGeo, true +} + +// HasAsGeo returns a boolean if a field has been set. +func (o *IoCIndicator) HasAsGeo() bool { + return o != nil && o.AsGeo != nil +} + +// SetAsGeo gets a reference to the given IoCGeoLocation and assigns it to the AsGeo field. +func (o *IoCIndicator) SetAsGeo(v IoCGeoLocation) { + o.AsGeo = &v +} + +// GetAsType returns the AsType field value if set, zero value otherwise. +func (o *IoCIndicator) GetAsType() string { + if o == nil || o.AsType == nil { + var ret string + return ret + } + return *o.AsType +} + +// GetAsTypeOk returns a tuple with the AsType field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetAsTypeOk() (*string, bool) { + if o == nil || o.AsType == nil { + return nil, false + } + return o.AsType, true +} + +// HasAsType returns a boolean if a field has been set. +func (o *IoCIndicator) HasAsType() bool { + return o != nil && o.AsType != nil +} + +// SetAsType gets a reference to the given string and assigns it to the AsType field. +func (o *IoCIndicator) SetAsType(v string) { + o.AsType = &v +} + +// GetBenignSources returns the BenignSources field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *IoCIndicator) GetBenignSources() []IoCSource { + if o == nil { + var ret []IoCSource + return ret + } + return o.BenignSources +} + +// GetBenignSourcesOk returns a tuple with the BenignSources field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned. +func (o *IoCIndicator) GetBenignSourcesOk() (*[]IoCSource, bool) { + if o == nil || o.BenignSources == nil { + return nil, false + } + return &o.BenignSources, true +} + +// HasBenignSources returns a boolean if a field has been set. +func (o *IoCIndicator) HasBenignSources() bool { + return o != nil && o.BenignSources != nil +} + +// SetBenignSources gets a reference to the given []IoCSource and assigns it to the BenignSources field. +func (o *IoCIndicator) SetBenignSources(v []IoCSource) { + o.BenignSources = v +} + +// GetCategories returns the Categories field value if set, zero value otherwise. +func (o *IoCIndicator) GetCategories() []string { + if o == nil || o.Categories == nil { + var ret []string + return ret + } + return o.Categories +} + +// GetCategoriesOk returns a tuple with the Categories field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetCategoriesOk() (*[]string, bool) { + if o == nil || o.Categories == nil { + return nil, false + } + return &o.Categories, true +} + +// HasCategories returns a boolean if a field has been set. +func (o *IoCIndicator) HasCategories() bool { + return o != nil && o.Categories != nil +} + +// SetCategories gets a reference to the given []string and assigns it to the Categories field. +func (o *IoCIndicator) SetCategories(v []string) { + o.Categories = v +} + +// GetFirstSeen returns the FirstSeen field value if set, zero value otherwise. +func (o *IoCIndicator) GetFirstSeen() time.Time { + if o == nil || o.FirstSeen == nil { + var ret time.Time + return ret + } + return *o.FirstSeen +} + +// GetFirstSeenOk returns a tuple with the FirstSeen field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetFirstSeenOk() (*time.Time, bool) { + if o == nil || o.FirstSeen == nil { + return nil, false + } + return o.FirstSeen, true +} + +// HasFirstSeen returns a boolean if a field has been set. +func (o *IoCIndicator) HasFirstSeen() bool { + return o != nil && o.FirstSeen != nil +} + +// SetFirstSeen gets a reference to the given time.Time and assigns it to the FirstSeen field. +func (o *IoCIndicator) SetFirstSeen(v time.Time) { + o.FirstSeen = &v +} + +// GetId returns the Id field value if set, zero value otherwise. +func (o *IoCIndicator) GetId() string { + if o == nil || o.Id == nil { + var ret string + return ret + } + return *o.Id +} + +// GetIdOk returns a tuple with the Id field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetIdOk() (*string, bool) { + if o == nil || o.Id == nil { + return nil, false + } + return o.Id, true +} + +// HasId returns a boolean if a field has been set. +func (o *IoCIndicator) HasId() bool { + return o != nil && o.Id != nil +} + +// SetId gets a reference to the given string and assigns it to the Id field. +func (o *IoCIndicator) SetId(v string) { + o.Id = &v +} + +// GetIndicator returns the Indicator field value if set, zero value otherwise. +func (o *IoCIndicator) GetIndicator() string { + if o == nil || o.Indicator == nil { + var ret string + return ret + } + return *o.Indicator +} + +// GetIndicatorOk returns a tuple with the Indicator field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetIndicatorOk() (*string, bool) { + if o == nil || o.Indicator == nil { + return nil, false + } + return o.Indicator, true +} + +// HasIndicator returns a boolean if a field has been set. +func (o *IoCIndicator) HasIndicator() bool { + return o != nil && o.Indicator != nil +} + +// SetIndicator gets a reference to the given string and assigns it to the Indicator field. +func (o *IoCIndicator) SetIndicator(v string) { + o.Indicator = &v +} + +// GetIndicatorType returns the IndicatorType field value if set, zero value otherwise. +func (o *IoCIndicator) GetIndicatorType() string { + if o == nil || o.IndicatorType == nil { + var ret string + return ret + } + return *o.IndicatorType +} + +// GetIndicatorTypeOk returns a tuple with the IndicatorType field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetIndicatorTypeOk() (*string, bool) { + if o == nil || o.IndicatorType == nil { + return nil, false + } + return o.IndicatorType, true +} + +// HasIndicatorType returns a boolean if a field has been set. +func (o *IoCIndicator) HasIndicatorType() bool { + return o != nil && o.IndicatorType != nil +} + +// SetIndicatorType gets a reference to the given string and assigns it to the IndicatorType field. +func (o *IoCIndicator) SetIndicatorType(v string) { + o.IndicatorType = &v +} + +// GetLastSeen returns the LastSeen field value if set, zero value otherwise. +func (o *IoCIndicator) GetLastSeen() time.Time { + if o == nil || o.LastSeen == nil { + var ret time.Time + return ret + } + return *o.LastSeen +} + +// GetLastSeenOk returns a tuple with the LastSeen field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetLastSeenOk() (*time.Time, bool) { + if o == nil || o.LastSeen == nil { + return nil, false + } + return o.LastSeen, true +} + +// HasLastSeen returns a boolean if a field has been set. +func (o *IoCIndicator) HasLastSeen() bool { + return o != nil && o.LastSeen != nil +} + +// SetLastSeen gets a reference to the given time.Time and assigns it to the LastSeen field. +func (o *IoCIndicator) SetLastSeen(v time.Time) { + o.LastSeen = &v +} + +// GetLogMatches returns the LogMatches field value if set, zero value otherwise. +func (o *IoCIndicator) GetLogMatches() int64 { + if o == nil || o.LogMatches == nil { + var ret int64 + return ret + } + return *o.LogMatches +} + +// GetLogMatchesOk returns a tuple with the LogMatches field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetLogMatchesOk() (*int64, bool) { + if o == nil || o.LogMatches == nil { + return nil, false + } + return o.LogMatches, true +} + +// HasLogMatches returns a boolean if a field has been set. +func (o *IoCIndicator) HasLogMatches() bool { + return o != nil && o.LogMatches != nil +} + +// SetLogMatches gets a reference to the given int64 and assigns it to the LogMatches field. +func (o *IoCIndicator) SetLogMatches(v int64) { + o.LogMatches = &v +} + +// GetMAsType returns the MAsType field value if set, zero value otherwise. +func (o *IoCIndicator) GetMAsType() IoCScoreEffect { + if o == nil || o.MAsType == nil { + var ret IoCScoreEffect + return ret + } + return *o.MAsType +} + +// GetMAsTypeOk returns a tuple with the MAsType field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetMAsTypeOk() (*IoCScoreEffect, bool) { + if o == nil || o.MAsType == nil { + return nil, false + } + return o.MAsType, true +} + +// HasMAsType returns a boolean if a field has been set. +func (o *IoCIndicator) HasMAsType() bool { + return o != nil && o.MAsType != nil +} + +// SetMAsType gets a reference to the given IoCScoreEffect and assigns it to the MAsType field. +func (o *IoCIndicator) SetMAsType(v IoCScoreEffect) { + o.MAsType = &v +} + +// GetMPersistence returns the MPersistence field value if set, zero value otherwise. +func (o *IoCIndicator) GetMPersistence() IoCScoreEffect { + if o == nil || o.MPersistence == nil { + var ret IoCScoreEffect + return ret + } + return *o.MPersistence +} + +// GetMPersistenceOk returns a tuple with the MPersistence field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetMPersistenceOk() (*IoCScoreEffect, bool) { + if o == nil || o.MPersistence == nil { + return nil, false + } + return o.MPersistence, true +} + +// HasMPersistence returns a boolean if a field has been set. +func (o *IoCIndicator) HasMPersistence() bool { + return o != nil && o.MPersistence != nil +} + +// SetMPersistence gets a reference to the given IoCScoreEffect and assigns it to the MPersistence field. +func (o *IoCIndicator) SetMPersistence(v IoCScoreEffect) { + o.MPersistence = &v +} + +// GetMSignal returns the MSignal field value if set, zero value otherwise. +func (o *IoCIndicator) GetMSignal() IoCScoreEffect { + if o == nil || o.MSignal == nil { + var ret IoCScoreEffect + return ret + } + return *o.MSignal +} + +// GetMSignalOk returns a tuple with the MSignal field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetMSignalOk() (*IoCScoreEffect, bool) { + if o == nil || o.MSignal == nil { + return nil, false + } + return o.MSignal, true +} + +// HasMSignal returns a boolean if a field has been set. +func (o *IoCIndicator) HasMSignal() bool { + return o != nil && o.MSignal != nil +} + +// SetMSignal gets a reference to the given IoCScoreEffect and assigns it to the MSignal field. +func (o *IoCIndicator) SetMSignal(v IoCScoreEffect) { + o.MSignal = &v +} + +// GetMSources returns the MSources field value if set, zero value otherwise. +func (o *IoCIndicator) GetMSources() IoCScoreEffect { + if o == nil || o.MSources == nil { + var ret IoCScoreEffect + return ret + } + return *o.MSources +} + +// GetMSourcesOk returns a tuple with the MSources field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetMSourcesOk() (*IoCScoreEffect, bool) { + if o == nil || o.MSources == nil { + return nil, false + } + return o.MSources, true +} + +// HasMSources returns a boolean if a field has been set. +func (o *IoCIndicator) HasMSources() bool { + return o != nil && o.MSources != nil +} + +// SetMSources gets a reference to the given IoCScoreEffect and assigns it to the MSources field. +func (o *IoCIndicator) SetMSources(v IoCScoreEffect) { + o.MSources = &v +} + +// GetMaliciousSources returns the MaliciousSources field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *IoCIndicator) GetMaliciousSources() []IoCSource { + if o == nil { + var ret []IoCSource + return ret + } + return o.MaliciousSources +} + +// GetMaliciousSourcesOk returns a tuple with the MaliciousSources field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned. +func (o *IoCIndicator) GetMaliciousSourcesOk() (*[]IoCSource, bool) { + if o == nil || o.MaliciousSources == nil { + return nil, false + } + return &o.MaliciousSources, true +} + +// HasMaliciousSources returns a boolean if a field has been set. +func (o *IoCIndicator) HasMaliciousSources() bool { + return o != nil && o.MaliciousSources != nil +} + +// SetMaliciousSources gets a reference to the given []IoCSource and assigns it to the MaliciousSources field. +func (o *IoCIndicator) SetMaliciousSources(v []IoCSource) { + o.MaliciousSources = v +} + +// GetMaxTrustScore returns the MaxTrustScore field value if set, zero value otherwise. +func (o *IoCIndicator) GetMaxTrustScore() IoCScoreEffect { + if o == nil || o.MaxTrustScore == nil { + var ret IoCScoreEffect + return ret + } + return *o.MaxTrustScore +} + +// GetMaxTrustScoreOk returns a tuple with the MaxTrustScore field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetMaxTrustScoreOk() (*IoCScoreEffect, bool) { + if o == nil || o.MaxTrustScore == nil { + return nil, false + } + return o.MaxTrustScore, true +} + +// HasMaxTrustScore returns a boolean if a field has been set. +func (o *IoCIndicator) HasMaxTrustScore() bool { + return o != nil && o.MaxTrustScore != nil +} + +// SetMaxTrustScore gets a reference to the given IoCScoreEffect and assigns it to the MaxTrustScore field. +func (o *IoCIndicator) SetMaxTrustScore(v IoCScoreEffect) { + o.MaxTrustScore = &v +} + +// GetScore returns the Score field value if set, zero value otherwise. +func (o *IoCIndicator) GetScore() float64 { + if o == nil || o.Score == nil { + var ret float64 + return ret + } + return *o.Score +} + +// GetScoreOk returns a tuple with the Score field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetScoreOk() (*float64, bool) { + if o == nil || o.Score == nil { + return nil, false + } + return o.Score, true +} + +// HasScore returns a boolean if a field has been set. +func (o *IoCIndicator) HasScore() bool { + return o != nil && o.Score != nil +} + +// SetScore gets a reference to the given float64 and assigns it to the Score field. +func (o *IoCIndicator) SetScore(v float64) { + o.Score = &v +} + +// GetSignalMatches returns the SignalMatches field value if set, zero value otherwise. +func (o *IoCIndicator) GetSignalMatches() int64 { + if o == nil || o.SignalMatches == nil { + var ret int64 + return ret + } + return *o.SignalMatches +} + +// GetSignalMatchesOk returns a tuple with the SignalMatches field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetSignalMatchesOk() (*int64, bool) { + if o == nil || o.SignalMatches == nil { + return nil, false + } + return o.SignalMatches, true +} + +// HasSignalMatches returns a boolean if a field has been set. +func (o *IoCIndicator) HasSignalMatches() bool { + return o != nil && o.SignalMatches != nil +} + +// SetSignalMatches gets a reference to the given int64 and assigns it to the SignalMatches field. +func (o *IoCIndicator) SetSignalMatches(v int64) { + o.SignalMatches = &v +} + +// GetSignalTier returns the SignalTier field value if set, zero value otherwise. +func (o *IoCIndicator) GetSignalTier() int64 { + if o == nil || o.SignalTier == nil { + var ret int64 + return ret + } + return *o.SignalTier +} + +// GetSignalTierOk returns a tuple with the SignalTier field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetSignalTierOk() (*int64, bool) { + if o == nil || o.SignalTier == nil { + return nil, false + } + return o.SignalTier, true +} + +// HasSignalTier returns a boolean if a field has been set. +func (o *IoCIndicator) HasSignalTier() bool { + return o != nil && o.SignalTier != nil +} + +// SetSignalTier gets a reference to the given int64 and assigns it to the SignalTier field. +func (o *IoCIndicator) SetSignalTier(v int64) { + o.SignalTier = &v +} + +// GetSuspiciousSources returns the SuspiciousSources field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *IoCIndicator) GetSuspiciousSources() []IoCSource { + if o == nil { + var ret []IoCSource + return ret + } + return o.SuspiciousSources +} + +// GetSuspiciousSourcesOk returns a tuple with the SuspiciousSources field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned. +func (o *IoCIndicator) GetSuspiciousSourcesOk() (*[]IoCSource, bool) { + if o == nil || o.SuspiciousSources == nil { + return nil, false + } + return &o.SuspiciousSources, true +} + +// HasSuspiciousSources returns a boolean if a field has been set. +func (o *IoCIndicator) HasSuspiciousSources() bool { + return o != nil && o.SuspiciousSources != nil +} + +// SetSuspiciousSources gets a reference to the given []IoCSource and assigns it to the SuspiciousSources field. +func (o *IoCIndicator) SetSuspiciousSources(v []IoCSource) { + o.SuspiciousSources = v +} + +// GetTags returns the Tags field value if set, zero value otherwise. +func (o *IoCIndicator) GetTags() []string { + if o == nil || o.Tags == nil { + var ret []string + return ret + } + return o.Tags +} + +// GetTagsOk returns a tuple with the Tags field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetTagsOk() (*[]string, bool) { + if o == nil || o.Tags == nil { + return nil, false + } + return &o.Tags, true +} + +// HasTags returns a boolean if a field has been set. +func (o *IoCIndicator) HasTags() bool { + return o != nil && o.Tags != nil +} + +// SetTags gets a reference to the given []string and assigns it to the Tags field. +func (o *IoCIndicator) SetTags(v []string) { + o.Tags = v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCIndicator) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.AsGeo != nil { + toSerialize["as_geo"] = o.AsGeo + } + if o.AsType != nil { + toSerialize["as_type"] = o.AsType + } + if o.BenignSources != nil { + toSerialize["benign_sources"] = o.BenignSources + } + if o.Categories != nil { + toSerialize["categories"] = o.Categories + } + if o.FirstSeen != nil { + if o.FirstSeen.Nanosecond() == 0 { + toSerialize["first_seen"] = o.FirstSeen.Format("2006-01-02T15:04:05Z07:00") + } else { + toSerialize["first_seen"] = o.FirstSeen.Format("2006-01-02T15:04:05.000Z07:00") + } + } + if o.Id != nil { + toSerialize["id"] = o.Id + } + if o.Indicator != nil { + toSerialize["indicator"] = o.Indicator + } + if o.IndicatorType != nil { + toSerialize["indicator_type"] = o.IndicatorType + } + if o.LastSeen != nil { + if o.LastSeen.Nanosecond() == 0 { + toSerialize["last_seen"] = o.LastSeen.Format("2006-01-02T15:04:05Z07:00") + } else { + toSerialize["last_seen"] = o.LastSeen.Format("2006-01-02T15:04:05.000Z07:00") + } + } + if o.LogMatches != nil { + toSerialize["log_matches"] = o.LogMatches + } + if o.MAsType != nil { + toSerialize["m_as_type"] = o.MAsType + } + if o.MPersistence != nil { + toSerialize["m_persistence"] = o.MPersistence + } + if o.MSignal != nil { + toSerialize["m_signal"] = o.MSignal + } + if o.MSources != nil { + toSerialize["m_sources"] = o.MSources + } + if o.MaliciousSources != nil { + toSerialize["malicious_sources"] = o.MaliciousSources + } + if o.MaxTrustScore != nil { + toSerialize["max_trust_score"] = o.MaxTrustScore + } + if o.Score != nil { + toSerialize["score"] = o.Score + } + if o.SignalMatches != nil { + toSerialize["signal_matches"] = o.SignalMatches + } + if o.SignalTier != nil { + toSerialize["signal_tier"] = o.SignalTier + } + if o.SuspiciousSources != nil { + toSerialize["suspicious_sources"] = o.SuspiciousSources + } + if o.Tags != nil { + toSerialize["tags"] = o.Tags + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCIndicator) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + AsGeo *IoCGeoLocation `json:"as_geo,omitempty"` + AsType *string `json:"as_type,omitempty"` + BenignSources []IoCSource `json:"benign_sources,omitempty"` + Categories []string `json:"categories,omitempty"` + FirstSeen *time.Time `json:"first_seen,omitempty"` + Id *string `json:"id,omitempty"` + Indicator *string `json:"indicator,omitempty"` + IndicatorType *string `json:"indicator_type,omitempty"` + LastSeen *time.Time `json:"last_seen,omitempty"` + LogMatches *int64 `json:"log_matches,omitempty"` + MAsType *IoCScoreEffect `json:"m_as_type,omitempty"` + MPersistence *IoCScoreEffect `json:"m_persistence,omitempty"` + MSignal *IoCScoreEffect `json:"m_signal,omitempty"` + MSources *IoCScoreEffect `json:"m_sources,omitempty"` + MaliciousSources []IoCSource `json:"malicious_sources,omitempty"` + MaxTrustScore *IoCScoreEffect `json:"max_trust_score,omitempty"` + Score *float64 `json:"score,omitempty"` + SignalMatches *int64 `json:"signal_matches,omitempty"` + SignalTier *int64 `json:"signal_tier,omitempty"` + SuspiciousSources []IoCSource `json:"suspicious_sources,omitempty"` + Tags []string `json:"tags,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"as_geo", "as_type", "benign_sources", "categories", "first_seen", "id", "indicator", "indicator_type", "last_seen", "log_matches", "m_as_type", "m_persistence", "m_signal", "m_sources", "malicious_sources", "max_trust_score", "score", "signal_matches", "signal_tier", "suspicious_sources", "tags"}) + } else { + return err + } + + hasInvalidField := false + if all.AsGeo != nil && all.AsGeo.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.AsGeo = all.AsGeo + o.AsType = all.AsType + o.BenignSources = all.BenignSources + o.Categories = all.Categories + o.FirstSeen = all.FirstSeen + o.Id = all.Id + o.Indicator = all.Indicator + o.IndicatorType = all.IndicatorType + o.LastSeen = all.LastSeen + o.LogMatches = all.LogMatches + if all.MAsType != nil && !all.MAsType.IsValid() { + hasInvalidField = true + } else { + o.MAsType = all.MAsType + } + if all.MPersistence != nil && !all.MPersistence.IsValid() { + hasInvalidField = true + } else { + o.MPersistence = all.MPersistence + } + if all.MSignal != nil && !all.MSignal.IsValid() { + hasInvalidField = true + } else { + o.MSignal = all.MSignal + } + if all.MSources != nil && !all.MSources.IsValid() { + hasInvalidField = true + } else { + o.MSources = all.MSources + } + o.MaliciousSources = all.MaliciousSources + if all.MaxTrustScore != nil && !all.MaxTrustScore.IsValid() { + hasInvalidField = true + } else { + o.MaxTrustScore = all.MaxTrustScore + } + o.Score = all.Score + o.SignalMatches = all.SignalMatches + o.SignalTier = all.SignalTier + o.SuspiciousSources = all.SuspiciousSources + o.Tags = all.Tags + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_io_c_indicator_detailed.go b/api/datadogV2/model_io_c_indicator_detailed.go new file mode 100644 index 00000000000..4862cfdd66b --- /dev/null +++ b/api/datadogV2/model_io_c_indicator_detailed.go @@ -0,0 +1,1194 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "time" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCIndicatorDetailed An indicator of compromise with extended context from your environment. +type IoCIndicatorDetailed struct { + // Additional domain-specific context from threat intelligence sources. + AdditionalData map[string]interface{} `json:"additional_data,omitempty"` + // Autonomous system CIDR block. + AsCidrBlock *string `json:"as_cidr_block,omitempty"` + // Geographic location information for an IP indicator. + AsGeo *IoCGeoLocation `json:"as_geo,omitempty"` + // Autonomous system number. + AsNumber *string `json:"as_number,omitempty"` + // Autonomous system organization name. + AsOrganization *string `json:"as_organization,omitempty"` + // Autonomous system type. + AsType *string `json:"as_type,omitempty"` + // Threat intelligence sources that flagged this indicator as benign. + BenignSources []IoCSource `json:"benign_sources,omitempty"` + // Threat categories associated with the indicator. + Categories []string `json:"categories,omitempty"` + // Critical assets associated with this indicator. + CriticalAssets []string `json:"critical_assets,omitempty"` + // Timestamp when the indicator was first seen. + FirstSeen *time.Time `json:"first_seen,omitempty"` + // Hosts associated with this indicator. + Hosts []string `json:"hosts,omitempty"` + // Unique identifier for the indicator. + Id *string `json:"id,omitempty"` + // The indicator value (for example, an IP address or domain). + Indicator *string `json:"indicator,omitempty"` + // Type of indicator (for example, IP address or domain). + IndicatorType *string `json:"indicator_type,omitempty"` + // Timestamp when the indicator was last seen. + LastSeen *time.Time `json:"last_seen,omitempty"` + // Number of logs that matched this indicator. + LogMatches *int64 `json:"log_matches,omitempty"` + // Log sources where this indicator was observed. + LogSources []string `json:"log_sources,omitempty"` + // Effect of a scoring factor on the indicator's threat score. + MAsType *IoCScoreEffect `json:"m_as_type,omitempty"` + // Effect of a scoring factor on the indicator's threat score. + MPersistence *IoCScoreEffect `json:"m_persistence,omitempty"` + // Effect of a scoring factor on the indicator's threat score. + MSignal *IoCScoreEffect `json:"m_signal,omitempty"` + // Effect of a scoring factor on the indicator's threat score. + MSources *IoCScoreEffect `json:"m_sources,omitempty"` + // Threat intelligence sources that flagged this indicator as malicious. + MaliciousSources []IoCSource `json:"malicious_sources,omitempty"` + // Effect of a scoring factor on the indicator's threat score. + MaxTrustScore *IoCScoreEffect `json:"max_trust_score,omitempty"` + // Threat score for the indicator (0-100). + Score *float64 `json:"score,omitempty"` + // Services where this indicator was observed. + Services []string `json:"services,omitempty"` + // Number of security signals that matched this indicator. + SignalMatches *int64 `json:"signal_matches,omitempty"` + // Breakdown of security signals by severity. + SignalSeverity []IoCSignalSeverityCount `json:"signal_severity,omitempty"` + // Signal tier level. + SignalTier *int64 `json:"signal_tier,omitempty"` + // Threat intelligence sources that flagged this indicator as suspicious. + SuspiciousSources []IoCSource `json:"suspicious_sources,omitempty"` + // Tags associated with the indicator. + Tags []string `json:"tags,omitempty"` + // Users associated with this indicator, grouped by category. + Users map[string][]string `json:"users,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCIndicatorDetailed instantiates a new IoCIndicatorDetailed object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCIndicatorDetailed() *IoCIndicatorDetailed { + this := IoCIndicatorDetailed{} + return &this +} + +// NewIoCIndicatorDetailedWithDefaults instantiates a new IoCIndicatorDetailed object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCIndicatorDetailedWithDefaults() *IoCIndicatorDetailed { + this := IoCIndicatorDetailed{} + return &this +} + +// GetAdditionalData returns the AdditionalData field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetAdditionalData() map[string]interface{} { + if o == nil || o.AdditionalData == nil { + var ret map[string]interface{} + return ret + } + return o.AdditionalData +} + +// GetAdditionalDataOk returns a tuple with the AdditionalData field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetAdditionalDataOk() (*map[string]interface{}, bool) { + if o == nil || o.AdditionalData == nil { + return nil, false + } + return &o.AdditionalData, true +} + +// HasAdditionalData returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasAdditionalData() bool { + return o != nil && o.AdditionalData != nil +} + +// SetAdditionalData gets a reference to the given map[string]interface{} and assigns it to the AdditionalData field. +func (o *IoCIndicatorDetailed) SetAdditionalData(v map[string]interface{}) { + o.AdditionalData = v +} + +// GetAsCidrBlock returns the AsCidrBlock field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetAsCidrBlock() string { + if o == nil || o.AsCidrBlock == nil { + var ret string + return ret + } + return *o.AsCidrBlock +} + +// GetAsCidrBlockOk returns a tuple with the AsCidrBlock field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetAsCidrBlockOk() (*string, bool) { + if o == nil || o.AsCidrBlock == nil { + return nil, false + } + return o.AsCidrBlock, true +} + +// HasAsCidrBlock returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasAsCidrBlock() bool { + return o != nil && o.AsCidrBlock != nil +} + +// SetAsCidrBlock gets a reference to the given string and assigns it to the AsCidrBlock field. +func (o *IoCIndicatorDetailed) SetAsCidrBlock(v string) { + o.AsCidrBlock = &v +} + +// GetAsGeo returns the AsGeo field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetAsGeo() IoCGeoLocation { + if o == nil || o.AsGeo == nil { + var ret IoCGeoLocation + return ret + } + return *o.AsGeo +} + +// GetAsGeoOk returns a tuple with the AsGeo field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetAsGeoOk() (*IoCGeoLocation, bool) { + if o == nil || o.AsGeo == nil { + return nil, false + } + return o.AsGeo, true +} + +// HasAsGeo returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasAsGeo() bool { + return o != nil && o.AsGeo != nil +} + +// SetAsGeo gets a reference to the given IoCGeoLocation and assigns it to the AsGeo field. +func (o *IoCIndicatorDetailed) SetAsGeo(v IoCGeoLocation) { + o.AsGeo = &v +} + +// GetAsNumber returns the AsNumber field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetAsNumber() string { + if o == nil || o.AsNumber == nil { + var ret string + return ret + } + return *o.AsNumber +} + +// GetAsNumberOk returns a tuple with the AsNumber field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetAsNumberOk() (*string, bool) { + if o == nil || o.AsNumber == nil { + return nil, false + } + return o.AsNumber, true +} + +// HasAsNumber returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasAsNumber() bool { + return o != nil && o.AsNumber != nil +} + +// SetAsNumber gets a reference to the given string and assigns it to the AsNumber field. +func (o *IoCIndicatorDetailed) SetAsNumber(v string) { + o.AsNumber = &v +} + +// GetAsOrganization returns the AsOrganization field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetAsOrganization() string { + if o == nil || o.AsOrganization == nil { + var ret string + return ret + } + return *o.AsOrganization +} + +// GetAsOrganizationOk returns a tuple with the AsOrganization field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetAsOrganizationOk() (*string, bool) { + if o == nil || o.AsOrganization == nil { + return nil, false + } + return o.AsOrganization, true +} + +// HasAsOrganization returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasAsOrganization() bool { + return o != nil && o.AsOrganization != nil +} + +// SetAsOrganization gets a reference to the given string and assigns it to the AsOrganization field. +func (o *IoCIndicatorDetailed) SetAsOrganization(v string) { + o.AsOrganization = &v +} + +// GetAsType returns the AsType field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetAsType() string { + if o == nil || o.AsType == nil { + var ret string + return ret + } + return *o.AsType +} + +// GetAsTypeOk returns a tuple with the AsType field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetAsTypeOk() (*string, bool) { + if o == nil || o.AsType == nil { + return nil, false + } + return o.AsType, true +} + +// HasAsType returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasAsType() bool { + return o != nil && o.AsType != nil +} + +// SetAsType gets a reference to the given string and assigns it to the AsType field. +func (o *IoCIndicatorDetailed) SetAsType(v string) { + o.AsType = &v +} + +// GetBenignSources returns the BenignSources field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *IoCIndicatorDetailed) GetBenignSources() []IoCSource { + if o == nil { + var ret []IoCSource + return ret + } + return o.BenignSources +} + +// GetBenignSourcesOk returns a tuple with the BenignSources field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned. +func (o *IoCIndicatorDetailed) GetBenignSourcesOk() (*[]IoCSource, bool) { + if o == nil || o.BenignSources == nil { + return nil, false + } + return &o.BenignSources, true +} + +// HasBenignSources returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasBenignSources() bool { + return o != nil && o.BenignSources != nil +} + +// SetBenignSources gets a reference to the given []IoCSource and assigns it to the BenignSources field. +func (o *IoCIndicatorDetailed) SetBenignSources(v []IoCSource) { + o.BenignSources = v +} + +// GetCategories returns the Categories field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetCategories() []string { + if o == nil || o.Categories == nil { + var ret []string + return ret + } + return o.Categories +} + +// GetCategoriesOk returns a tuple with the Categories field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetCategoriesOk() (*[]string, bool) { + if o == nil || o.Categories == nil { + return nil, false + } + return &o.Categories, true +} + +// HasCategories returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasCategories() bool { + return o != nil && o.Categories != nil +} + +// SetCategories gets a reference to the given []string and assigns it to the Categories field. +func (o *IoCIndicatorDetailed) SetCategories(v []string) { + o.Categories = v +} + +// GetCriticalAssets returns the CriticalAssets field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetCriticalAssets() []string { + if o == nil || o.CriticalAssets == nil { + var ret []string + return ret + } + return o.CriticalAssets +} + +// GetCriticalAssetsOk returns a tuple with the CriticalAssets field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetCriticalAssetsOk() (*[]string, bool) { + if o == nil || o.CriticalAssets == nil { + return nil, false + } + return &o.CriticalAssets, true +} + +// HasCriticalAssets returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasCriticalAssets() bool { + return o != nil && o.CriticalAssets != nil +} + +// SetCriticalAssets gets a reference to the given []string and assigns it to the CriticalAssets field. +func (o *IoCIndicatorDetailed) SetCriticalAssets(v []string) { + o.CriticalAssets = v +} + +// GetFirstSeen returns the FirstSeen field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetFirstSeen() time.Time { + if o == nil || o.FirstSeen == nil { + var ret time.Time + return ret + } + return *o.FirstSeen +} + +// GetFirstSeenOk returns a tuple with the FirstSeen field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetFirstSeenOk() (*time.Time, bool) { + if o == nil || o.FirstSeen == nil { + return nil, false + } + return o.FirstSeen, true +} + +// HasFirstSeen returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasFirstSeen() bool { + return o != nil && o.FirstSeen != nil +} + +// SetFirstSeen gets a reference to the given time.Time and assigns it to the FirstSeen field. +func (o *IoCIndicatorDetailed) SetFirstSeen(v time.Time) { + o.FirstSeen = &v +} + +// GetHosts returns the Hosts field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetHosts() []string { + if o == nil || o.Hosts == nil { + var ret []string + return ret + } + return o.Hosts +} + +// GetHostsOk returns a tuple with the Hosts field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetHostsOk() (*[]string, bool) { + if o == nil || o.Hosts == nil { + return nil, false + } + return &o.Hosts, true +} + +// HasHosts returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasHosts() bool { + return o != nil && o.Hosts != nil +} + +// SetHosts gets a reference to the given []string and assigns it to the Hosts field. +func (o *IoCIndicatorDetailed) SetHosts(v []string) { + o.Hosts = v +} + +// GetId returns the Id field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetId() string { + if o == nil || o.Id == nil { + var ret string + return ret + } + return *o.Id +} + +// GetIdOk returns a tuple with the Id field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetIdOk() (*string, bool) { + if o == nil || o.Id == nil { + return nil, false + } + return o.Id, true +} + +// HasId returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasId() bool { + return o != nil && o.Id != nil +} + +// SetId gets a reference to the given string and assigns it to the Id field. +func (o *IoCIndicatorDetailed) SetId(v string) { + o.Id = &v +} + +// GetIndicator returns the Indicator field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetIndicator() string { + if o == nil || o.Indicator == nil { + var ret string + return ret + } + return *o.Indicator +} + +// GetIndicatorOk returns a tuple with the Indicator field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetIndicatorOk() (*string, bool) { + if o == nil || o.Indicator == nil { + return nil, false + } + return o.Indicator, true +} + +// HasIndicator returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasIndicator() bool { + return o != nil && o.Indicator != nil +} + +// SetIndicator gets a reference to the given string and assigns it to the Indicator field. +func (o *IoCIndicatorDetailed) SetIndicator(v string) { + o.Indicator = &v +} + +// GetIndicatorType returns the IndicatorType field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetIndicatorType() string { + if o == nil || o.IndicatorType == nil { + var ret string + return ret + } + return *o.IndicatorType +} + +// GetIndicatorTypeOk returns a tuple with the IndicatorType field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetIndicatorTypeOk() (*string, bool) { + if o == nil || o.IndicatorType == nil { + return nil, false + } + return o.IndicatorType, true +} + +// HasIndicatorType returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasIndicatorType() bool { + return o != nil && o.IndicatorType != nil +} + +// SetIndicatorType gets a reference to the given string and assigns it to the IndicatorType field. +func (o *IoCIndicatorDetailed) SetIndicatorType(v string) { + o.IndicatorType = &v +} + +// GetLastSeen returns the LastSeen field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetLastSeen() time.Time { + if o == nil || o.LastSeen == nil { + var ret time.Time + return ret + } + return *o.LastSeen +} + +// GetLastSeenOk returns a tuple with the LastSeen field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetLastSeenOk() (*time.Time, bool) { + if o == nil || o.LastSeen == nil { + return nil, false + } + return o.LastSeen, true +} + +// HasLastSeen returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasLastSeen() bool { + return o != nil && o.LastSeen != nil +} + +// SetLastSeen gets a reference to the given time.Time and assigns it to the LastSeen field. +func (o *IoCIndicatorDetailed) SetLastSeen(v time.Time) { + o.LastSeen = &v +} + +// GetLogMatches returns the LogMatches field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetLogMatches() int64 { + if o == nil || o.LogMatches == nil { + var ret int64 + return ret + } + return *o.LogMatches +} + +// GetLogMatchesOk returns a tuple with the LogMatches field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetLogMatchesOk() (*int64, bool) { + if o == nil || o.LogMatches == nil { + return nil, false + } + return o.LogMatches, true +} + +// HasLogMatches returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasLogMatches() bool { + return o != nil && o.LogMatches != nil +} + +// SetLogMatches gets a reference to the given int64 and assigns it to the LogMatches field. +func (o *IoCIndicatorDetailed) SetLogMatches(v int64) { + o.LogMatches = &v +} + +// GetLogSources returns the LogSources field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetLogSources() []string { + if o == nil || o.LogSources == nil { + var ret []string + return ret + } + return o.LogSources +} + +// GetLogSourcesOk returns a tuple with the LogSources field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetLogSourcesOk() (*[]string, bool) { + if o == nil || o.LogSources == nil { + return nil, false + } + return &o.LogSources, true +} + +// HasLogSources returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasLogSources() bool { + return o != nil && o.LogSources != nil +} + +// SetLogSources gets a reference to the given []string and assigns it to the LogSources field. +func (o *IoCIndicatorDetailed) SetLogSources(v []string) { + o.LogSources = v +} + +// GetMAsType returns the MAsType field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetMAsType() IoCScoreEffect { + if o == nil || o.MAsType == nil { + var ret IoCScoreEffect + return ret + } + return *o.MAsType +} + +// GetMAsTypeOk returns a tuple with the MAsType field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetMAsTypeOk() (*IoCScoreEffect, bool) { + if o == nil || o.MAsType == nil { + return nil, false + } + return o.MAsType, true +} + +// HasMAsType returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasMAsType() bool { + return o != nil && o.MAsType != nil +} + +// SetMAsType gets a reference to the given IoCScoreEffect and assigns it to the MAsType field. +func (o *IoCIndicatorDetailed) SetMAsType(v IoCScoreEffect) { + o.MAsType = &v +} + +// GetMPersistence returns the MPersistence field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetMPersistence() IoCScoreEffect { + if o == nil || o.MPersistence == nil { + var ret IoCScoreEffect + return ret + } + return *o.MPersistence +} + +// GetMPersistenceOk returns a tuple with the MPersistence field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetMPersistenceOk() (*IoCScoreEffect, bool) { + if o == nil || o.MPersistence == nil { + return nil, false + } + return o.MPersistence, true +} + +// HasMPersistence returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasMPersistence() bool { + return o != nil && o.MPersistence != nil +} + +// SetMPersistence gets a reference to the given IoCScoreEffect and assigns it to the MPersistence field. +func (o *IoCIndicatorDetailed) SetMPersistence(v IoCScoreEffect) { + o.MPersistence = &v +} + +// GetMSignal returns the MSignal field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetMSignal() IoCScoreEffect { + if o == nil || o.MSignal == nil { + var ret IoCScoreEffect + return ret + } + return *o.MSignal +} + +// GetMSignalOk returns a tuple with the MSignal field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetMSignalOk() (*IoCScoreEffect, bool) { + if o == nil || o.MSignal == nil { + return nil, false + } + return o.MSignal, true +} + +// HasMSignal returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasMSignal() bool { + return o != nil && o.MSignal != nil +} + +// SetMSignal gets a reference to the given IoCScoreEffect and assigns it to the MSignal field. +func (o *IoCIndicatorDetailed) SetMSignal(v IoCScoreEffect) { + o.MSignal = &v +} + +// GetMSources returns the MSources field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetMSources() IoCScoreEffect { + if o == nil || o.MSources == nil { + var ret IoCScoreEffect + return ret + } + return *o.MSources +} + +// GetMSourcesOk returns a tuple with the MSources field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetMSourcesOk() (*IoCScoreEffect, bool) { + if o == nil || o.MSources == nil { + return nil, false + } + return o.MSources, true +} + +// HasMSources returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasMSources() bool { + return o != nil && o.MSources != nil +} + +// SetMSources gets a reference to the given IoCScoreEffect and assigns it to the MSources field. +func (o *IoCIndicatorDetailed) SetMSources(v IoCScoreEffect) { + o.MSources = &v +} + +// GetMaliciousSources returns the MaliciousSources field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *IoCIndicatorDetailed) GetMaliciousSources() []IoCSource { + if o == nil { + var ret []IoCSource + return ret + } + return o.MaliciousSources +} + +// GetMaliciousSourcesOk returns a tuple with the MaliciousSources field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned. +func (o *IoCIndicatorDetailed) GetMaliciousSourcesOk() (*[]IoCSource, bool) { + if o == nil || o.MaliciousSources == nil { + return nil, false + } + return &o.MaliciousSources, true +} + +// HasMaliciousSources returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasMaliciousSources() bool { + return o != nil && o.MaliciousSources != nil +} + +// SetMaliciousSources gets a reference to the given []IoCSource and assigns it to the MaliciousSources field. +func (o *IoCIndicatorDetailed) SetMaliciousSources(v []IoCSource) { + o.MaliciousSources = v +} + +// GetMaxTrustScore returns the MaxTrustScore field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetMaxTrustScore() IoCScoreEffect { + if o == nil || o.MaxTrustScore == nil { + var ret IoCScoreEffect + return ret + } + return *o.MaxTrustScore +} + +// GetMaxTrustScoreOk returns a tuple with the MaxTrustScore field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetMaxTrustScoreOk() (*IoCScoreEffect, bool) { + if o == nil || o.MaxTrustScore == nil { + return nil, false + } + return o.MaxTrustScore, true +} + +// HasMaxTrustScore returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasMaxTrustScore() bool { + return o != nil && o.MaxTrustScore != nil +} + +// SetMaxTrustScore gets a reference to the given IoCScoreEffect and assigns it to the MaxTrustScore field. +func (o *IoCIndicatorDetailed) SetMaxTrustScore(v IoCScoreEffect) { + o.MaxTrustScore = &v +} + +// GetScore returns the Score field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetScore() float64 { + if o == nil || o.Score == nil { + var ret float64 + return ret + } + return *o.Score +} + +// GetScoreOk returns a tuple with the Score field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetScoreOk() (*float64, bool) { + if o == nil || o.Score == nil { + return nil, false + } + return o.Score, true +} + +// HasScore returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasScore() bool { + return o != nil && o.Score != nil +} + +// SetScore gets a reference to the given float64 and assigns it to the Score field. +func (o *IoCIndicatorDetailed) SetScore(v float64) { + o.Score = &v +} + +// GetServices returns the Services field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetServices() []string { + if o == nil || o.Services == nil { + var ret []string + return ret + } + return o.Services +} + +// GetServicesOk returns a tuple with the Services field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetServicesOk() (*[]string, bool) { + if o == nil || o.Services == nil { + return nil, false + } + return &o.Services, true +} + +// HasServices returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasServices() bool { + return o != nil && o.Services != nil +} + +// SetServices gets a reference to the given []string and assigns it to the Services field. +func (o *IoCIndicatorDetailed) SetServices(v []string) { + o.Services = v +} + +// GetSignalMatches returns the SignalMatches field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetSignalMatches() int64 { + if o == nil || o.SignalMatches == nil { + var ret int64 + return ret + } + return *o.SignalMatches +} + +// GetSignalMatchesOk returns a tuple with the SignalMatches field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetSignalMatchesOk() (*int64, bool) { + if o == nil || o.SignalMatches == nil { + return nil, false + } + return o.SignalMatches, true +} + +// HasSignalMatches returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasSignalMatches() bool { + return o != nil && o.SignalMatches != nil +} + +// SetSignalMatches gets a reference to the given int64 and assigns it to the SignalMatches field. +func (o *IoCIndicatorDetailed) SetSignalMatches(v int64) { + o.SignalMatches = &v +} + +// GetSignalSeverity returns the SignalSeverity field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetSignalSeverity() []IoCSignalSeverityCount { + if o == nil || o.SignalSeverity == nil { + var ret []IoCSignalSeverityCount + return ret + } + return o.SignalSeverity +} + +// GetSignalSeverityOk returns a tuple with the SignalSeverity field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetSignalSeverityOk() (*[]IoCSignalSeverityCount, bool) { + if o == nil || o.SignalSeverity == nil { + return nil, false + } + return &o.SignalSeverity, true +} + +// HasSignalSeverity returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasSignalSeverity() bool { + return o != nil && o.SignalSeverity != nil +} + +// SetSignalSeverity gets a reference to the given []IoCSignalSeverityCount and assigns it to the SignalSeverity field. +func (o *IoCIndicatorDetailed) SetSignalSeverity(v []IoCSignalSeverityCount) { + o.SignalSeverity = v +} + +// GetSignalTier returns the SignalTier field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetSignalTier() int64 { + if o == nil || o.SignalTier == nil { + var ret int64 + return ret + } + return *o.SignalTier +} + +// GetSignalTierOk returns a tuple with the SignalTier field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetSignalTierOk() (*int64, bool) { + if o == nil || o.SignalTier == nil { + return nil, false + } + return o.SignalTier, true +} + +// HasSignalTier returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasSignalTier() bool { + return o != nil && o.SignalTier != nil +} + +// SetSignalTier gets a reference to the given int64 and assigns it to the SignalTier field. +func (o *IoCIndicatorDetailed) SetSignalTier(v int64) { + o.SignalTier = &v +} + +// GetSuspiciousSources returns the SuspiciousSources field value if set, zero value otherwise (both if not set or set to explicit null). +func (o *IoCIndicatorDetailed) GetSuspiciousSources() []IoCSource { + if o == nil { + var ret []IoCSource + return ret + } + return o.SuspiciousSources +} + +// GetSuspiciousSourcesOk returns a tuple with the SuspiciousSources field value if set, nil otherwise +// and a boolean to check if the value has been set. +// NOTE: If the value is an explicit nil, `nil, true` will be returned. +func (o *IoCIndicatorDetailed) GetSuspiciousSourcesOk() (*[]IoCSource, bool) { + if o == nil || o.SuspiciousSources == nil { + return nil, false + } + return &o.SuspiciousSources, true +} + +// HasSuspiciousSources returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasSuspiciousSources() bool { + return o != nil && o.SuspiciousSources != nil +} + +// SetSuspiciousSources gets a reference to the given []IoCSource and assigns it to the SuspiciousSources field. +func (o *IoCIndicatorDetailed) SetSuspiciousSources(v []IoCSource) { + o.SuspiciousSources = v +} + +// GetTags returns the Tags field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetTags() []string { + if o == nil || o.Tags == nil { + var ret []string + return ret + } + return o.Tags +} + +// GetTagsOk returns a tuple with the Tags field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetTagsOk() (*[]string, bool) { + if o == nil || o.Tags == nil { + return nil, false + } + return &o.Tags, true +} + +// HasTags returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasTags() bool { + return o != nil && o.Tags != nil +} + +// SetTags gets a reference to the given []string and assigns it to the Tags field. +func (o *IoCIndicatorDetailed) SetTags(v []string) { + o.Tags = v +} + +// GetUsers returns the Users field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetUsers() map[string][]string { + if o == nil || o.Users == nil { + var ret map[string][]string + return ret + } + return o.Users +} + +// GetUsersOk returns a tuple with the Users field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetUsersOk() (*map[string][]string, bool) { + if o == nil || o.Users == nil { + return nil, false + } + return &o.Users, true +} + +// HasUsers returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasUsers() bool { + return o != nil && o.Users != nil +} + +// SetUsers gets a reference to the given map[string][]string and assigns it to the Users field. +func (o *IoCIndicatorDetailed) SetUsers(v map[string][]string) { + o.Users = v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCIndicatorDetailed) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.AdditionalData != nil { + toSerialize["additional_data"] = o.AdditionalData + } + if o.AsCidrBlock != nil { + toSerialize["as_cidr_block"] = o.AsCidrBlock + } + if o.AsGeo != nil { + toSerialize["as_geo"] = o.AsGeo + } + if o.AsNumber != nil { + toSerialize["as_number"] = o.AsNumber + } + if o.AsOrganization != nil { + toSerialize["as_organization"] = o.AsOrganization + } + if o.AsType != nil { + toSerialize["as_type"] = o.AsType + } + if o.BenignSources != nil { + toSerialize["benign_sources"] = o.BenignSources + } + if o.Categories != nil { + toSerialize["categories"] = o.Categories + } + if o.CriticalAssets != nil { + toSerialize["critical_assets"] = o.CriticalAssets + } + if o.FirstSeen != nil { + if o.FirstSeen.Nanosecond() == 0 { + toSerialize["first_seen"] = o.FirstSeen.Format("2006-01-02T15:04:05Z07:00") + } else { + toSerialize["first_seen"] = o.FirstSeen.Format("2006-01-02T15:04:05.000Z07:00") + } + } + if o.Hosts != nil { + toSerialize["hosts"] = o.Hosts + } + if o.Id != nil { + toSerialize["id"] = o.Id + } + if o.Indicator != nil { + toSerialize["indicator"] = o.Indicator + } + if o.IndicatorType != nil { + toSerialize["indicator_type"] = o.IndicatorType + } + if o.LastSeen != nil { + if o.LastSeen.Nanosecond() == 0 { + toSerialize["last_seen"] = o.LastSeen.Format("2006-01-02T15:04:05Z07:00") + } else { + toSerialize["last_seen"] = o.LastSeen.Format("2006-01-02T15:04:05.000Z07:00") + } + } + if o.LogMatches != nil { + toSerialize["log_matches"] = o.LogMatches + } + if o.LogSources != nil { + toSerialize["log_sources"] = o.LogSources + } + if o.MAsType != nil { + toSerialize["m_as_type"] = o.MAsType + } + if o.MPersistence != nil { + toSerialize["m_persistence"] = o.MPersistence + } + if o.MSignal != nil { + toSerialize["m_signal"] = o.MSignal + } + if o.MSources != nil { + toSerialize["m_sources"] = o.MSources + } + if o.MaliciousSources != nil { + toSerialize["malicious_sources"] = o.MaliciousSources + } + if o.MaxTrustScore != nil { + toSerialize["max_trust_score"] = o.MaxTrustScore + } + if o.Score != nil { + toSerialize["score"] = o.Score + } + if o.Services != nil { + toSerialize["services"] = o.Services + } + if o.SignalMatches != nil { + toSerialize["signal_matches"] = o.SignalMatches + } + if o.SignalSeverity != nil { + toSerialize["signal_severity"] = o.SignalSeverity + } + if o.SignalTier != nil { + toSerialize["signal_tier"] = o.SignalTier + } + if o.SuspiciousSources != nil { + toSerialize["suspicious_sources"] = o.SuspiciousSources + } + if o.Tags != nil { + toSerialize["tags"] = o.Tags + } + if o.Users != nil { + toSerialize["users"] = o.Users + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCIndicatorDetailed) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + AdditionalData map[string]interface{} `json:"additional_data,omitempty"` + AsCidrBlock *string `json:"as_cidr_block,omitempty"` + AsGeo *IoCGeoLocation `json:"as_geo,omitempty"` + AsNumber *string `json:"as_number,omitempty"` + AsOrganization *string `json:"as_organization,omitempty"` + AsType *string `json:"as_type,omitempty"` + BenignSources []IoCSource `json:"benign_sources,omitempty"` + Categories []string `json:"categories,omitempty"` + CriticalAssets []string `json:"critical_assets,omitempty"` + FirstSeen *time.Time `json:"first_seen,omitempty"` + Hosts []string `json:"hosts,omitempty"` + Id *string `json:"id,omitempty"` + Indicator *string `json:"indicator,omitempty"` + IndicatorType *string `json:"indicator_type,omitempty"` + LastSeen *time.Time `json:"last_seen,omitempty"` + LogMatches *int64 `json:"log_matches,omitempty"` + LogSources []string `json:"log_sources,omitempty"` + MAsType *IoCScoreEffect `json:"m_as_type,omitempty"` + MPersistence *IoCScoreEffect `json:"m_persistence,omitempty"` + MSignal *IoCScoreEffect `json:"m_signal,omitempty"` + MSources *IoCScoreEffect `json:"m_sources,omitempty"` + MaliciousSources []IoCSource `json:"malicious_sources,omitempty"` + MaxTrustScore *IoCScoreEffect `json:"max_trust_score,omitempty"` + Score *float64 `json:"score,omitempty"` + Services []string `json:"services,omitempty"` + SignalMatches *int64 `json:"signal_matches,omitempty"` + SignalSeverity []IoCSignalSeverityCount `json:"signal_severity,omitempty"` + SignalTier *int64 `json:"signal_tier,omitempty"` + SuspiciousSources []IoCSource `json:"suspicious_sources,omitempty"` + Tags []string `json:"tags,omitempty"` + Users map[string][]string `json:"users,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"additional_data", "as_cidr_block", "as_geo", "as_number", "as_organization", "as_type", "benign_sources", "categories", "critical_assets", "first_seen", "hosts", "id", "indicator", "indicator_type", "last_seen", "log_matches", "log_sources", "m_as_type", "m_persistence", "m_signal", "m_sources", "malicious_sources", "max_trust_score", "score", "services", "signal_matches", "signal_severity", "signal_tier", "suspicious_sources", "tags", "users"}) + } else { + return err + } + + hasInvalidField := false + o.AdditionalData = all.AdditionalData + o.AsCidrBlock = all.AsCidrBlock + if all.AsGeo != nil && all.AsGeo.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.AsGeo = all.AsGeo + o.AsNumber = all.AsNumber + o.AsOrganization = all.AsOrganization + o.AsType = all.AsType + o.BenignSources = all.BenignSources + o.Categories = all.Categories + o.CriticalAssets = all.CriticalAssets + o.FirstSeen = all.FirstSeen + o.Hosts = all.Hosts + o.Id = all.Id + o.Indicator = all.Indicator + o.IndicatorType = all.IndicatorType + o.LastSeen = all.LastSeen + o.LogMatches = all.LogMatches + o.LogSources = all.LogSources + if all.MAsType != nil && !all.MAsType.IsValid() { + hasInvalidField = true + } else { + o.MAsType = all.MAsType + } + if all.MPersistence != nil && !all.MPersistence.IsValid() { + hasInvalidField = true + } else { + o.MPersistence = all.MPersistence + } + if all.MSignal != nil && !all.MSignal.IsValid() { + hasInvalidField = true + } else { + o.MSignal = all.MSignal + } + if all.MSources != nil && !all.MSources.IsValid() { + hasInvalidField = true + } else { + o.MSources = all.MSources + } + o.MaliciousSources = all.MaliciousSources + if all.MaxTrustScore != nil && !all.MaxTrustScore.IsValid() { + hasInvalidField = true + } else { + o.MaxTrustScore = all.MaxTrustScore + } + o.Score = all.Score + o.Services = all.Services + o.SignalMatches = all.SignalMatches + o.SignalSeverity = all.SignalSeverity + o.SignalTier = all.SignalTier + o.SuspiciousSources = all.SuspiciousSources + o.Tags = all.Tags + o.Users = all.Users + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_io_c_score_effect.go b/api/datadogV2/model_io_c_score_effect.go new file mode 100644 index 00000000000..cbda0f3c15b --- /dev/null +++ b/api/datadogV2/model_io_c_score_effect.go @@ -0,0 +1,68 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "fmt" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCScoreEffect Effect of a scoring factor on the indicator's threat score. +type IoCScoreEffect string + +// List of IoCScoreEffect. +const ( + IOCSCOREEFFECT_RAISE_SCORE IoCScoreEffect = "RAISE_SCORE" + IOCSCOREEFFECT_LOWER_SCORE IoCScoreEffect = "LOWER_SCORE" + IOCSCOREEFFECT_NO_EFFECT IoCScoreEffect = "NO_EFFECT" +) + +var allowedIoCScoreEffectEnumValues = []IoCScoreEffect{ + IOCSCOREEFFECT_RAISE_SCORE, + IOCSCOREEFFECT_LOWER_SCORE, + IOCSCOREEFFECT_NO_EFFECT, +} + +// GetAllowedValues reeturns the list of possible values. +func (v *IoCScoreEffect) GetAllowedValues() []IoCScoreEffect { + return allowedIoCScoreEffectEnumValues +} + +// UnmarshalJSON deserializes the given payload. +func (v *IoCScoreEffect) UnmarshalJSON(src []byte) error { + var value string + err := datadog.Unmarshal(src, &value) + if err != nil { + return err + } + *v = IoCScoreEffect(value) + return nil +} + +// NewIoCScoreEffectFromValue returns a pointer to a valid IoCScoreEffect +// for the value passed as argument, or an error if the value passed is not allowed by the enum. +func NewIoCScoreEffectFromValue(v string) (*IoCScoreEffect, error) { + ev := IoCScoreEffect(v) + if ev.IsValid() { + return &ev, nil + } + return nil, fmt.Errorf("invalid value '%v' for IoCScoreEffect: valid values are %v", v, allowedIoCScoreEffectEnumValues) +} + +// IsValid return true if the value is valid for the enum, false otherwise. +func (v IoCScoreEffect) IsValid() bool { + for _, existing := range allowedIoCScoreEffectEnumValues { + if existing == v { + return true + } + } + return false +} + +// Ptr returns reference to IoCScoreEffect value. +func (v IoCScoreEffect) Ptr() *IoCScoreEffect { + return &v +} diff --git a/api/datadogV2/model_io_c_signal_severity_count.go b/api/datadogV2/model_io_c_signal_severity_count.go new file mode 100644 index 00000000000..b7f164c0160 --- /dev/null +++ b/api/datadogV2/model_io_c_signal_severity_count.go @@ -0,0 +1,137 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCSignalSeverityCount Count of security signals by severity level. +type IoCSignalSeverityCount struct { + // Number of signals at this severity level. + Count *int64 `json:"count,omitempty"` + // Severity level (for example, critical, high, medium, low, info). + Severity *string `json:"severity,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCSignalSeverityCount instantiates a new IoCSignalSeverityCount object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCSignalSeverityCount() *IoCSignalSeverityCount { + this := IoCSignalSeverityCount{} + return &this +} + +// NewIoCSignalSeverityCountWithDefaults instantiates a new IoCSignalSeverityCount object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCSignalSeverityCountWithDefaults() *IoCSignalSeverityCount { + this := IoCSignalSeverityCount{} + return &this +} + +// GetCount returns the Count field value if set, zero value otherwise. +func (o *IoCSignalSeverityCount) GetCount() int64 { + if o == nil || o.Count == nil { + var ret int64 + return ret + } + return *o.Count +} + +// GetCountOk returns a tuple with the Count field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCSignalSeverityCount) GetCountOk() (*int64, bool) { + if o == nil || o.Count == nil { + return nil, false + } + return o.Count, true +} + +// HasCount returns a boolean if a field has been set. +func (o *IoCSignalSeverityCount) HasCount() bool { + return o != nil && o.Count != nil +} + +// SetCount gets a reference to the given int64 and assigns it to the Count field. +func (o *IoCSignalSeverityCount) SetCount(v int64) { + o.Count = &v +} + +// GetSeverity returns the Severity field value if set, zero value otherwise. +func (o *IoCSignalSeverityCount) GetSeverity() string { + if o == nil || o.Severity == nil { + var ret string + return ret + } + return *o.Severity +} + +// GetSeverityOk returns a tuple with the Severity field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCSignalSeverityCount) GetSeverityOk() (*string, bool) { + if o == nil || o.Severity == nil { + return nil, false + } + return o.Severity, true +} + +// HasSeverity returns a boolean if a field has been set. +func (o *IoCSignalSeverityCount) HasSeverity() bool { + return o != nil && o.Severity != nil +} + +// SetSeverity gets a reference to the given string and assigns it to the Severity field. +func (o *IoCSignalSeverityCount) SetSeverity(v string) { + o.Severity = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCSignalSeverityCount) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Count != nil { + toSerialize["count"] = o.Count + } + if o.Severity != nil { + toSerialize["severity"] = o.Severity + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCSignalSeverityCount) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Count *int64 `json:"count,omitempty"` + Severity *string `json:"severity,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"count", "severity"}) + } else { + return err + } + o.Count = all.Count + o.Severity = all.Severity + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_io_c_source.go b/api/datadogV2/model_io_c_source.go new file mode 100644 index 00000000000..ace8d829a83 --- /dev/null +++ b/api/datadogV2/model_io_c_source.go @@ -0,0 +1,102 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCSource A threat intelligence source that has flagged an indicator. +type IoCSource struct { + // Name of the threat intelligence source. + Name *string `json:"name,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCSource instantiates a new IoCSource object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCSource() *IoCSource { + this := IoCSource{} + return &this +} + +// NewIoCSourceWithDefaults instantiates a new IoCSource object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCSourceWithDefaults() *IoCSource { + this := IoCSource{} + return &this +} + +// GetName returns the Name field value if set, zero value otherwise. +func (o *IoCSource) GetName() string { + if o == nil || o.Name == nil { + var ret string + return ret + } + return *o.Name +} + +// GetNameOk returns a tuple with the Name field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCSource) GetNameOk() (*string, bool) { + if o == nil || o.Name == nil { + return nil, false + } + return o.Name, true +} + +// HasName returns a boolean if a field has been set. +func (o *IoCSource) HasName() bool { + return o != nil && o.Name != nil +} + +// SetName gets a reference to the given string and assigns it to the Name field. +func (o *IoCSource) SetName(v string) { + o.Name = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCSource) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Name != nil { + toSerialize["name"] = o.Name + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCSource) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Name *string `json:"name,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"name"}) + } else { + return err + } + o.Name = all.Name + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/examples/v2/security-monitoring/GetIndicatorOfCompromise.go b/examples/v2/security-monitoring/GetIndicatorOfCompromise.go new file mode 100644 index 00000000000..bc23889c27d --- /dev/null +++ b/examples/v2/security-monitoring/GetIndicatorOfCompromise.go @@ -0,0 +1,30 @@ +// Get an indicator of compromise returns "OK" response + +package main + +import ( + "context" + "encoding/json" + "fmt" + "os" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" + "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" +) + +func main() { + ctx := datadog.NewDefaultContext(context.Background()) + configuration := datadog.NewConfiguration() + configuration.SetUnstableOperationEnabled("v2.GetIndicatorOfCompromise", true) + apiClient := datadog.NewAPIClient(configuration) + api := datadogV2.NewSecurityMonitoringApi(apiClient) + resp, r, err := api.GetIndicatorOfCompromise(ctx, "masscan/1.3 (https://github.com/robertdavidgraham/masscan)") + + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetIndicatorOfCompromise`: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + + responseContent, _ := json.MarshalIndent(resp, "", " ") + fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetIndicatorOfCompromise`:\n%s\n", responseContent) +} diff --git a/examples/v2/security-monitoring/ListIndicatorsOfCompromise.go b/examples/v2/security-monitoring/ListIndicatorsOfCompromise.go new file mode 100644 index 00000000000..32ef713dc70 --- /dev/null +++ b/examples/v2/security-monitoring/ListIndicatorsOfCompromise.go @@ -0,0 +1,30 @@ +// List indicators of compromise returns "OK" response + +package main + +import ( + "context" + "encoding/json" + "fmt" + "os" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" + "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" +) + +func main() { + ctx := datadog.NewDefaultContext(context.Background()) + configuration := datadog.NewConfiguration() + configuration.SetUnstableOperationEnabled("v2.ListIndicatorsOfCompromise", true) + apiClient := datadog.NewAPIClient(configuration) + api := datadogV2.NewSecurityMonitoringApi(apiClient) + resp, r, err := api.ListIndicatorsOfCompromise(ctx, *datadogV2.NewListIndicatorsOfCompromiseOptionalParameters().WithLimit(1)) + + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.ListIndicatorsOfCompromise`: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + + responseContent, _ := json.MarshalIndent(resp, "", " ") + fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.ListIndicatorsOfCompromise`:\n%s\n", responseContent) +} diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_Not_Found_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_Not_Found_response.freeze new file mode 100644 index 00000000000..55d3aa91a89 --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_Not_Found_response.freeze @@ -0,0 +1 @@ +2026-04-14T18:22:17.027Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_Not_Found_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_Not_Found_response.yaml new file mode 100644 index 00000000000..2b420e06410 --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_Not_Found_response.yaml @@ -0,0 +1,19 @@ +interactions: +- request: + body: '' + form: {} + headers: + Accept: + - application/json + id: 0 + method: GET + url: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=this-indicator-does-not-exist.invalid + response: + body: '{"errors":[{"title":"Generic Error","detail":"indicator not found"}]}' + code: 404 + duration: 0ms + headers: + Content-Type: + - application/vnd.api+json + status: 404 Not Found +version: 2 diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.freeze new file mode 100644 index 00000000000..fc8ed109ad7 --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.freeze @@ -0,0 +1 @@ +2026-04-14T18:22:29.733Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.yaml new file mode 100644 index 00000000000..045ff9b37a9 --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.yaml @@ -0,0 +1,22 @@ +interactions: +- request: + body: '' + form: {} + headers: + Accept: + - application/json + id: 0 + method: GET + url: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=masscan%2F1.3%20%28https%3A%2F%2Fgithub.com%2Frobertdavidgraham%2Fmasscan%29 + response: + body: '{"data":{"id":"65a31893-cc59-4125-9424-44f7ba083e53","type":"get_indicator_response","attributes":{"data":{"id":"masscan/1.3 + (https://github.com/robertdavidgraham/masscan)","indicator":"masscan/1.3 (https://github.com/robertdavidgraham/masscan)","indicator_type":"User + Agent","score":4,"as_type":"hosting","malicious_sources":null,"suspicious_sources":[{"name":"Datadog + Threat Research"}],"benign_sources":null,"categories":["scanner"],"tags":[],"signal_matches":0,"log_matches":45,"first_seen":"2025-01-08T23:24:45Z","last_seen":"2026-04-10T14:36:20Z","signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"NO_EFFECT","m_persistence":"RAISE_SCORE","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","log_sources":[],"services":[],"signal_severity":[],"users":{},"critical_assets":[],"hosts":[],"as_number":"","as_organization":"","as_cidr_block":""}}}}' + code: 200 + duration: 0ms + headers: + Content-Type: + - application/vnd.api+json + status: 200 OK +version: 2 diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_Bad_Request_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_Bad_Request_response.freeze new file mode 100644 index 00000000000..307d03acb4b --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_Bad_Request_response.freeze @@ -0,0 +1 @@ +2026-04-14T18:22:40.711Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_Bad_Request_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_Bad_Request_response.yaml new file mode 100644 index 00000000000..f9e3a842807 --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_Bad_Request_response.yaml @@ -0,0 +1,21 @@ +interactions: +- request: + body: '' + form: {} + headers: + Accept: + - application/json + id: 0 + method: GET + url: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer?query=invalid%3A%3A%3Aquery + response: + body: '{"errors":[{"title":"Generic Error","detail":"invalid query: invalid query: + syntax error: no viable alternative at input ''invalid::'' at line 1 and char + position 8"}]}' + code: 400 + duration: 0ms + headers: + Content-Type: + - application/vnd.api+json + status: 400 Bad Request +version: 2 diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.freeze new file mode 100644 index 00000000000..5814ac627e4 --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.freeze @@ -0,0 +1 @@ +2026-04-14T18:22:48.392Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.yaml new file mode 100644 index 00000000000..f8a7945bb36 --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.yaml @@ -0,0 +1,21 @@ +interactions: +- request: + body: '' + form: {} + headers: + Accept: + - application/json + id: 0 + method: GET + url: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer?limit=1 + response: + body: '{"data":{"id":"a4e3b616-e180-4b47-a379-43da9c5b300e","type":"ioc_explorer_response","attributes":{"data":[{"id":"43.228.157.121","indicator":"43.228.157.121","indicator_type":"IP + Address","score":8,"as_type":"hosting","malicious_sources":[{"name":"threatfox"}],"suspicious_sources":[{"name":"tor"},{"name":"SPUR"}],"benign_sources":null,"categories":["malware","tor","hosting_proxy"],"tags":[],"signal_matches":0,"log_matches":14,"signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"RAISE_SCORE","m_persistence":"NO_EFFECT","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","as_geo":{"city":"Frankfurt + am Main","country_code":"DE","country_name":"Germany"}}],"metadata":{"count":25091},"paging":{"offset":1}}}}' + code: 200 + duration: 0ms + headers: + Content-Type: + - application/vnd.api+json + status: 200 OK +version: 2 diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature index 1fdee4f141b..ac7b626e0d3 100644 --- a/tests/scenarios/features/v2/security_monitoring.feature +++ b/tests/scenarios/features/v2/security_monitoring.feature @@ -1298,6 +1298,30 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "data[0].attributes.name" is equal to "suppression2 {{ unique_hash }}" + @generated @skip @team:DataDog/k9-cloud-siem + Scenario: Get an indicator of compromise returns "Bad Request" response + Given operation "GetIndicatorOfCompromise" enabled + And new "GetIndicatorOfCompromise" request + And request contains "indicator" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: Get an indicator of compromise returns "Not Found" response + Given operation "GetIndicatorOfCompromise" enabled + And new "GetIndicatorOfCompromise" request + And request contains "indicator" parameter with value "this-indicator-does-not-exist.invalid" + When the request is sent + Then the response status is 404 Not Found + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: Get an indicator of compromise returns "OK" response + Given operation "GetIndicatorOfCompromise" enabled + And new "GetIndicatorOfCompromise" request + And request contains "indicator" parameter with value "masscan/1.3 (https://github.com/robertdavidgraham/masscan)" + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-siem Scenario: Get content pack states returns "Not Found" response Given operation "GetContentPacksStates" enabled @@ -1573,6 +1597,22 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: List indicators of compromise returns "Bad Request" response + Given operation "ListIndicatorsOfCompromise" enabled + And new "ListIndicatorsOfCompromise" request + And request contains "query" parameter with value "invalid:::query" + When the request is sent + Then the response status is 400 Bad Request + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: List indicators of compromise returns "OK" response + Given operation "ListIndicatorsOfCompromise" enabled + And new "ListIndicatorsOfCompromise" request + And request contains "limit" parameter with value 1 + When the request is sent + Then the response status is 200 OK + @team:DataDog/k9-cloud-siem Scenario: List resource filters returns "Bad Request" response Given new "GetResourceEvaluationFilters" request diff --git a/tests/scenarios/features/v2/undo.json b/tests/scenarios/features/v2/undo.json index 02b5c2d4c59..c7ef9624df9 100644 --- a/tests/scenarios/features/v2/undo.json +++ b/tests/scenarios/features/v2/undo.json @@ -5283,6 +5283,18 @@ "type": "safe" } }, + "ListIndicatorsOfCompromise": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "GetIndicatorOfCompromise": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "GetSignalNotificationRules": { "tag": "Security Monitoring", "undo": {