From b071902e1296f60c22770b227c18d7ddbdcd0769 Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Mon, 8 Jun 2026 15:06:52 +0000 Subject: [PATCH] Regenerate client from commit e6354d0 of spec repo --- .generator/schemas/v2/openapi.yaml | 223 ++++++++++++++++ api/datadog/configuration.go | 1 + api/datadogV2/api_security_monitoring.go | 190 ++++++++++++- api/datadogV2/doc.go | 1 + api/datadogV2/model_io_c_indicator.go | 111 +++++++- .../model_io_c_indicator_detailed.go | 146 +++++++++- api/datadogV2/model_io_c_triage_event.go | 178 +++++++++++++ .../model_io_c_triage_write_request.go | 110 ++++++++ ...el_io_c_triage_write_request_attributes.go | 133 +++++++++ .../model_io_c_triage_write_request_data.go | 144 ++++++++++ .../model_io_c_triage_write_response.go | 111 ++++++++ ...l_io_c_triage_write_response_attributes.go | 252 ++++++++++++++++++ .../model_io_c_triage_write_response_data.go | 185 +++++++++++++ .../CreateIoCTriageState.go | 39 +++ .../GetIndicatorOfCompromise.go | 2 +- ..._state_returns_Bad_Request_response.freeze | 1 + ...ge_state_returns_Bad_Request_response.yaml | 22 ++ ...iage_state_returns_Created_response.freeze | 1 + ...triage_state_returns_Created_response.yaml | 22 ++ ...r_of_compromise_returns_OK_response.freeze | 2 +- ...tor_of_compromise_returns_OK_response.yaml | 8 +- ...s_of_compromise_returns_OK_response.freeze | 2 +- ...ors_of_compromise_returns_OK_response.yaml | 5 +- .../features/v2/security_monitoring.feature | 19 +- tests/scenarios/features/v2/undo.json | 6 + 25 files changed, 1894 insertions(+), 20 deletions(-) create mode 100644 api/datadogV2/model_io_c_triage_event.go create mode 100644 api/datadogV2/model_io_c_triage_write_request.go create mode 100644 api/datadogV2/model_io_c_triage_write_request_attributes.go create mode 100644 api/datadogV2/model_io_c_triage_write_request_data.go create mode 100644 api/datadogV2/model_io_c_triage_write_response.go create mode 100644 api/datadogV2/model_io_c_triage_write_response_attributes.go create mode 100644 api/datadogV2/model_io_c_triage_write_response_data.go create mode 100644 examples/v2/security-monitoring/CreateIoCTriageState.go create mode 100644 tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Bad_Request_response.freeze create mode 100644 tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Bad_Request_response.yaml create mode 100644 tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Created_response.freeze create mode 100644 tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Created_response.yaml diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 2d470c8f2f0..2d1f24f0905 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -44181,6 +44181,16 @@ components: items: type: string type: array + triage_state: + description: "Current triage state of the indicator: not_reviewed or reviewed." + type: string + triaged_at: + description: Timestamp when the indicator was last triaged. + format: date-time + type: string + triaged_by: + description: UUID of the user who last triaged the indicator. + type: string type: object IoCIndicatorDetailed: description: An indicator of compromise with extended context from your environment. @@ -44299,6 +44309,21 @@ components: items: type: string type: array + triage_history: + description: Full triage history timeline. Returned only when `include_triage_history` is true. + items: + $ref: "#/components/schemas/IoCTriageEvent" + type: array + triage_state: + description: "Current triage state of the indicator: not_reviewed or reviewed." + type: string + triaged_at: + description: Timestamp when the indicator was last triaged. + format: date-time + type: string + triaged_by: + description: UUID of the user who last triaged the indicator. + type: string users: additionalProperties: description: List of user identifiers in this category. @@ -44337,6 +44362,97 @@ components: description: Name of the threat intelligence source. type: string type: object + IoCTriageEvent: + description: A single entry in an indicator's triage history timeline. + properties: + triage_state: + description: "Triage state set by this action: not_reviewed or reviewed." + type: string + triaged_at: + description: Timestamp when this triage action occurred. + format: date-time + type: string + triaged_by: + description: UUID of the user who performed this triage action. + type: string + type: object + IoCTriageWriteRequest: + description: Request body for creating or updating an indicator triage state. + properties: + data: + $ref: "#/components/schemas/IoCTriageWriteRequestData" + required: + - data + type: object + IoCTriageWriteRequestAttributes: + description: Attributes for setting an indicator's triage state. + properties: + indicator: + description: The indicator value to triage (for example, an IP address or domain). + example: "192.0.2.1" + type: string + triage_state: + description: "The triage state to set: not_reviewed or reviewed." + example: reviewed + type: string + required: + - indicator + - triage_state + type: object + IoCTriageWriteRequestData: + description: Data object for the triage write request. + properties: + attributes: + $ref: "#/components/schemas/IoCTriageWriteRequestAttributes" + type: + default: ioc_triage_state + description: Triage state resource type. + example: ioc_triage_state + type: string + required: + - type + - attributes + type: object + IoCTriageWriteResponse: + description: Response for the create indicator triage state endpoint. + properties: + data: + $ref: "#/components/schemas/IoCTriageWriteResponseData" + type: object + IoCTriageWriteResponseAttributes: + description: Attributes of a created or updated triage state. + properties: + created_at: + description: Timestamp when the triage record was created. + format: date-time + type: string + indicator: + description: The indicator value that was triaged. + type: string + triage_state: + description: "The triage state that was set: not_reviewed or reviewed." + type: string + triaged_at: + description: Timestamp when the triage state was set. + format: date-time + type: string + triaged_by: + description: UUID of the user who set the triage state. + type: string + type: object + IoCTriageWriteResponseData: + description: Data object of the triage write response. + properties: + attributes: + $ref: "#/components/schemas/IoCTriageWriteResponseAttributes" + id: + description: Unique identifier for the triage state record. + type: string + type: + default: ioc_triage_state + description: Triage state resource type. + type: string + type: object Issue: description: The issue matching the request. properties: @@ -159560,6 +159676,25 @@ paths: schema: default: desc type: string + - description: When true, return only OCSF field-based matches. When false, return regex/message-based matches. + in: query + name: ocsf + required: false + schema: + default: true + type: boolean + - description: Filter indicators whose triage state was updated by a specific user UUID. + in: query + name: worked_by + required: false + schema: + type: string + - description: "Filter by triage state: not_reviewed or reviewed." + in: query + name: triage_state + required: false + schema: + type: string responses: "200": content: @@ -159611,6 +159746,38 @@ paths: required: true schema: type: string + - description: When true, return only OCSF field-based matches. When false, return regex/message-based matches. + in: query + name: ocsf + required: false + schema: + default: true + type: boolean + - description: Include full triage history for the indicator. + in: query + name: include_triage_history + required: false + schema: + default: false + type: boolean + - description: Maximum number of triage history events returned. Only applied when `include_triage_history` is true. + in: query + name: triage_history_limit + required: false + schema: + default: 50 + format: int32 + maximum: 1000 + minimum: 1 + type: integer + - description: Pagination offset into the triage history. Only applied when `include_triage_history` is true. + in: query + name: triage_history_offset + required: false + schema: + default: 0 + format: int32 + type: integer responses: "200": content: @@ -159648,6 +159815,62 @@ paths: x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. + /api/v2/security/siem/ioc-explorer/triage: + post: + description: |- + Set the triage state of an indicator of compromise (IoC). This creates or + updates the triage state for the indicator in your organization. + operationId: CreateIoCTriageState + requestBody: + content: + "application/json": + examples: + default: + value: + data: + attributes: + indicator: "192.0.2.1" + triage_state: reviewed + type: ioc_triage_state + schema: + $ref: "#/components/schemas/IoCTriageWriteRequest" + description: The triage state to set for the indicator. + required: true + responses: + "201": + content: + "application/json": + examples: + default: + value: + data: + attributes: + created_at: "2026-06-04T12:00:00Z" + indicator: "192.0.2.1" + triage_state: reviewed + triaged_at: "2026-06-04T12:00:00Z" + triaged_by: 11111111-2222-3333-4444-555555555555 + id: abc-123 + type: ioc_triage_state + schema: + $ref: "#/components/schemas/IoCTriageWriteResponse" + description: Created + "400": + $ref: "#/components/responses/BadRequestResponse" + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_write + summary: Create or update an indicator triage state + tags: ["Security Monitoring"] + x-unstable: |- + **Note**: This endpoint is in beta and may be subject to changes. + Please check the documentation regularly for updates. /api/v2/security/signals/notification_rules: get: description: Returns the list of notification rules for security signals. diff --git a/api/datadog/configuration.go b/api/datadog/configuration.go index 2ec902edc12..7f44ea87723 100644 --- a/api/datadog/configuration.go +++ b/api/datadog/configuration.go @@ -801,6 +801,7 @@ func NewConfiguration() *Configuration { "v2.CancelHistoricalJob": false, "v2.ConvertJobResultToSignal": false, "v2.ConvertSecurityMonitoringTerraformResource": false, + "v2.CreateIoCTriageState": false, "v2.CreateSampleLogGenerationSubscription": false, "v2.CreateSecurityMonitoringDataset": false, "v2.CreateSecurityMonitoringIntegrationConfig": false, diff --git a/api/datadogV2/api_security_monitoring.go b/api/datadogV2/api_security_monitoring.go index d1cf28cbb8c..9436a6532b6 100644 --- a/api/datadogV2/api_security_monitoring.go +++ b/api/datadogV2/api_security_monitoring.go @@ -1720,6 +1720,96 @@ func (a *SecurityMonitoringApi) CreateCustomFramework(ctx _context.Context, body return localVarReturnValue, localVarHTTPResponse, nil } +// CreateIoCTriageState Create or update an indicator triage state. +// Set the triage state of an indicator of compromise (IoC). This creates or +// updates the triage state for the indicator in your organization. +func (a *SecurityMonitoringApi) CreateIoCTriageState(ctx _context.Context, body IoCTriageWriteRequest) (IoCTriageWriteResponse, *_nethttp.Response, error) { + var ( + localVarHTTPMethod = _nethttp.MethodPost + localVarPostBody interface{} + localVarReturnValue IoCTriageWriteResponse + ) + + operationId := "v2.CreateIoCTriageState" + isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId) + if !isOperationEnabled { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: _fmt.Sprintf("Unstable operation '%s' is disabled", operationId)} + } + if isOperationEnabled && a.Client.Cfg.Debug { + _log.Printf("WARNING: Using unstable operation '%s'", operationId) + } + + localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.CreateIoCTriageState") + if err != nil { + return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()} + } + + localVarPath := localBasePath + "/api/v2/security/siem/ioc-explorer/triage" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := _neturl.Values{} + localVarFormParams := _neturl.Values{} + localVarHeaderParams["Content-Type"] = "application/json" + localVarHeaderParams["Accept"] = "application/json" + + // body params + localVarPostBody = &body + if a.Client.Cfg.DelegatedTokenConfig != nil { + err = datadog.UseDelegatedTokenAuth(ctx, &localVarHeaderParams, a.Client.Cfg.DelegatedTokenConfig) + if err != nil { + return localVarReturnValue, nil, err + } + } else { + datadog.SetAuthKeys( + ctx, + &localVarHeaderParams, + [2]string{"apiKeyAuth", "DD-API-KEY"}, + [2]string{"appKeyAuth", "DD-APPLICATION-KEY"}, + ) + } + req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil) + if err != nil { + return localVarReturnValue, nil, err + } + + localVarHTTPResponse, err := a.Client.CallAPI(req) + if err != nil || localVarHTTPResponse == nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + localVarBody, err := datadog.ReadBody(localVarHTTPResponse) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, err + } + + if localVarHTTPResponse.StatusCode >= 300 { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: localVarHTTPResponse.Status, + } + if localVarHTTPResponse.StatusCode == 400 || localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 429 { + var v APIErrorResponse + err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + return localVarReturnValue, localVarHTTPResponse, newErr + } + newErr.ErrorModel = v + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type")) + if err != nil { + newErr := datadog.GenericOpenAPIError{ + ErrorBody: localVarBody, + ErrorMessage: err.Error(), + } + return localVarReturnValue, localVarHTTPResponse, newErr + } + + return localVarReturnValue, localVarHTTPResponse, nil +} + // CreateJiraIssues Create Jira issues for security findings. // Create Jira issues for security findings. // This operation creates a case in Datadog and a Jira issue linked to that case for bidirectional sync between Datadog and Jira. To configure the Jira integration, see [Bidirectional ticket syncing with Jira](https://docs.datadoghq.com/security/ticketing_integrations/#bidirectional-ticket-syncing-with-jira). You can create up to 50 Jira issues per request and associate up to 50 security findings per Jira issue. Security findings that are already attached to another Jira issue will be detached from their previous Jira issue and attached to the newly created Jira issue. @@ -4879,15 +4969,61 @@ func (a *SecurityMonitoringApi) GetHistoricalJob(ctx _context.Context, jobId str return localVarReturnValue, localVarHTTPResponse, nil } +// GetIndicatorOfCompromiseOptionalParameters holds optional parameters for GetIndicatorOfCompromise. +type GetIndicatorOfCompromiseOptionalParameters struct { + Ocsf *bool + IncludeTriageHistory *bool + TriageHistoryLimit *int32 + TriageHistoryOffset *int32 +} + +// NewGetIndicatorOfCompromiseOptionalParameters creates an empty struct for parameters. +func NewGetIndicatorOfCompromiseOptionalParameters() *GetIndicatorOfCompromiseOptionalParameters { + this := GetIndicatorOfCompromiseOptionalParameters{} + return &this +} + +// WithOcsf sets the corresponding parameter name and returns the struct. +func (r *GetIndicatorOfCompromiseOptionalParameters) WithOcsf(ocsf bool) *GetIndicatorOfCompromiseOptionalParameters { + r.Ocsf = &ocsf + return r +} + +// WithIncludeTriageHistory sets the corresponding parameter name and returns the struct. +func (r *GetIndicatorOfCompromiseOptionalParameters) WithIncludeTriageHistory(includeTriageHistory bool) *GetIndicatorOfCompromiseOptionalParameters { + r.IncludeTriageHistory = &includeTriageHistory + return r +} + +// WithTriageHistoryLimit sets the corresponding parameter name and returns the struct. +func (r *GetIndicatorOfCompromiseOptionalParameters) WithTriageHistoryLimit(triageHistoryLimit int32) *GetIndicatorOfCompromiseOptionalParameters { + r.TriageHistoryLimit = &triageHistoryLimit + return r +} + +// WithTriageHistoryOffset sets the corresponding parameter name and returns the struct. +func (r *GetIndicatorOfCompromiseOptionalParameters) WithTriageHistoryOffset(triageHistoryOffset int32) *GetIndicatorOfCompromiseOptionalParameters { + r.TriageHistoryOffset = &triageHistoryOffset + return r +} + // GetIndicatorOfCompromise Get an indicator of compromise. // Get detailed information about a specific indicator of compromise (IoC). -func (a *SecurityMonitoringApi) GetIndicatorOfCompromise(ctx _context.Context, indicator string) (GetIoCIndicatorResponse, *_nethttp.Response, error) { +func (a *SecurityMonitoringApi) GetIndicatorOfCompromise(ctx _context.Context, indicator string, o ...GetIndicatorOfCompromiseOptionalParameters) (GetIoCIndicatorResponse, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodGet localVarPostBody interface{} localVarReturnValue GetIoCIndicatorResponse + optionalParams GetIndicatorOfCompromiseOptionalParameters ) + if len(o) > 1 { + return localVarReturnValue, nil, datadog.ReportError("only one argument of type GetIndicatorOfCompromiseOptionalParameters is allowed") + } + if len(o) == 1 { + optionalParams = o[0] + } + operationId := "v2.GetIndicatorOfCompromise" isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId) if !isOperationEnabled { @@ -4908,6 +5044,18 @@ func (a *SecurityMonitoringApi) GetIndicatorOfCompromise(ctx _context.Context, i localVarQueryParams := _neturl.Values{} localVarFormParams := _neturl.Values{} localVarQueryParams.Add("indicator", datadog.ParameterToString(indicator, "")) + if optionalParams.Ocsf != nil { + localVarQueryParams.Add("ocsf", datadog.ParameterToString(*optionalParams.Ocsf, "")) + } + if optionalParams.IncludeTriageHistory != nil { + localVarQueryParams.Add("include_triage_history", datadog.ParameterToString(*optionalParams.IncludeTriageHistory, "")) + } + if optionalParams.TriageHistoryLimit != nil { + localVarQueryParams.Add("triage_history_limit", datadog.ParameterToString(*optionalParams.TriageHistoryLimit, "")) + } + if optionalParams.TriageHistoryOffset != nil { + localVarQueryParams.Add("triage_history_offset", datadog.ParameterToString(*optionalParams.TriageHistoryOffset, "")) + } localVarHeaderParams["Accept"] = "application/json" if a.Client.Cfg.DelegatedTokenConfig != nil { @@ -8461,11 +8609,14 @@ func (a *SecurityMonitoringApi) ListHistoricalJobs(ctx _context.Context, o ...Li // ListIndicatorsOfCompromiseOptionalParameters holds optional parameters for ListIndicatorsOfCompromise. type ListIndicatorsOfCompromiseOptionalParameters struct { - Limit *int32 - Offset *int32 - Query *string - SortColumn *string - SortOrder *string + Limit *int32 + Offset *int32 + Query *string + SortColumn *string + SortOrder *string + Ocsf *bool + WorkedBy *string + TriageState *string } // NewListIndicatorsOfCompromiseOptionalParameters creates an empty struct for parameters. @@ -8504,6 +8655,24 @@ func (r *ListIndicatorsOfCompromiseOptionalParameters) WithSortOrder(sortOrder s return r } +// WithOcsf sets the corresponding parameter name and returns the struct. +func (r *ListIndicatorsOfCompromiseOptionalParameters) WithOcsf(ocsf bool) *ListIndicatorsOfCompromiseOptionalParameters { + r.Ocsf = &ocsf + return r +} + +// WithWorkedBy sets the corresponding parameter name and returns the struct. +func (r *ListIndicatorsOfCompromiseOptionalParameters) WithWorkedBy(workedBy string) *ListIndicatorsOfCompromiseOptionalParameters { + r.WorkedBy = &workedBy + return r +} + +// WithTriageState sets the corresponding parameter name and returns the struct. +func (r *ListIndicatorsOfCompromiseOptionalParameters) WithTriageState(triageState string) *ListIndicatorsOfCompromiseOptionalParameters { + r.TriageState = &triageState + return r +} + // ListIndicatorsOfCompromise List indicators of compromise. // Get a list of indicators of compromise (IoCs) matching the specified filters. func (a *SecurityMonitoringApi) ListIndicatorsOfCompromise(ctx _context.Context, o ...ListIndicatorsOfCompromiseOptionalParameters) (IoCExplorerListResponse, *_nethttp.Response, error) { @@ -8555,6 +8724,15 @@ func (a *SecurityMonitoringApi) ListIndicatorsOfCompromise(ctx _context.Context, if optionalParams.SortOrder != nil { localVarQueryParams.Add("sort[order]", datadog.ParameterToString(*optionalParams.SortOrder, "")) } + if optionalParams.Ocsf != nil { + localVarQueryParams.Add("ocsf", datadog.ParameterToString(*optionalParams.Ocsf, "")) + } + if optionalParams.WorkedBy != nil { + localVarQueryParams.Add("worked_by", datadog.ParameterToString(*optionalParams.WorkedBy, "")) + } + if optionalParams.TriageState != nil { + localVarQueryParams.Add("triage_state", datadog.ParameterToString(*optionalParams.TriageState, "")) + } localVarHeaderParams["Accept"] = "application/json" if a.Client.Cfg.DelegatedTokenConfig != nil { diff --git a/api/datadogV2/doc.go b/api/datadogV2/doc.go index 7378152a951..b6c09767053 100644 --- a/api/datadogV2/doc.go +++ b/api/datadogV2/doc.go @@ -939,6 +939,7 @@ // - [SecurityMonitoringApi.ConvertSecurityMonitoringTerraformResource] // - [SecurityMonitoringApi.CreateCases] // - [SecurityMonitoringApi.CreateCustomFramework] +// - [SecurityMonitoringApi.CreateIoCTriageState] // - [SecurityMonitoringApi.CreateJiraIssues] // - [SecurityMonitoringApi.CreateSampleLogGenerationSubscription] // - [SecurityMonitoringApi.CreateSecurityFilter] diff --git a/api/datadogV2/model_io_c_indicator.go b/api/datadogV2/model_io_c_indicator.go index ae5f4f7b668..6c1f8895b20 100644 --- a/api/datadogV2/model_io_c_indicator.go +++ b/api/datadogV2/model_io_c_indicator.go @@ -54,6 +54,12 @@ type IoCIndicator struct { SuspiciousSources []IoCSource `json:"suspicious_sources,omitempty"` // Tags associated with the indicator. Tags []string `json:"tags,omitempty"` + // Current triage state of the indicator: not_reviewed or reviewed. + TriageState *string `json:"triage_state,omitempty"` + // Timestamp when the indicator was last triaged. + TriagedAt *time.Time `json:"triaged_at,omitempty"` + // UUID of the user who last triaged the indicator. + TriagedBy *string `json:"triaged_by,omitempty"` // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct UnparsedObject map[string]interface{} `json:"-"` AdditionalProperties map[string]interface{} `json:"-"` @@ -667,6 +673,90 @@ func (o *IoCIndicator) SetTags(v []string) { o.Tags = v } +// GetTriageState returns the TriageState field value if set, zero value otherwise. +func (o *IoCIndicator) GetTriageState() string { + if o == nil || o.TriageState == nil { + var ret string + return ret + } + return *o.TriageState +} + +// GetTriageStateOk returns a tuple with the TriageState field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetTriageStateOk() (*string, bool) { + if o == nil || o.TriageState == nil { + return nil, false + } + return o.TriageState, true +} + +// HasTriageState returns a boolean if a field has been set. +func (o *IoCIndicator) HasTriageState() bool { + return o != nil && o.TriageState != nil +} + +// SetTriageState gets a reference to the given string and assigns it to the TriageState field. +func (o *IoCIndicator) SetTriageState(v string) { + o.TriageState = &v +} + +// GetTriagedAt returns the TriagedAt field value if set, zero value otherwise. +func (o *IoCIndicator) GetTriagedAt() time.Time { + if o == nil || o.TriagedAt == nil { + var ret time.Time + return ret + } + return *o.TriagedAt +} + +// GetTriagedAtOk returns a tuple with the TriagedAt field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetTriagedAtOk() (*time.Time, bool) { + if o == nil || o.TriagedAt == nil { + return nil, false + } + return o.TriagedAt, true +} + +// HasTriagedAt returns a boolean if a field has been set. +func (o *IoCIndicator) HasTriagedAt() bool { + return o != nil && o.TriagedAt != nil +} + +// SetTriagedAt gets a reference to the given time.Time and assigns it to the TriagedAt field. +func (o *IoCIndicator) SetTriagedAt(v time.Time) { + o.TriagedAt = &v +} + +// GetTriagedBy returns the TriagedBy field value if set, zero value otherwise. +func (o *IoCIndicator) GetTriagedBy() string { + if o == nil || o.TriagedBy == nil { + var ret string + return ret + } + return *o.TriagedBy +} + +// GetTriagedByOk returns a tuple with the TriagedBy field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicator) GetTriagedByOk() (*string, bool) { + if o == nil || o.TriagedBy == nil { + return nil, false + } + return o.TriagedBy, true +} + +// HasTriagedBy returns a boolean if a field has been set. +func (o *IoCIndicator) HasTriagedBy() bool { + return o != nil && o.TriagedBy != nil +} + +// SetTriagedBy gets a reference to the given string and assigns it to the TriagedBy field. +func (o *IoCIndicator) SetTriagedBy(v string) { + o.TriagedBy = &v +} + // MarshalJSON serializes the struct using spec logic. func (o IoCIndicator) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} @@ -744,6 +834,19 @@ func (o IoCIndicator) MarshalJSON() ([]byte, error) { if o.Tags != nil { toSerialize["tags"] = o.Tags } + if o.TriageState != nil { + toSerialize["triage_state"] = o.TriageState + } + if o.TriagedAt != nil { + if o.TriagedAt.Nanosecond() == 0 { + toSerialize["triaged_at"] = o.TriagedAt.Format("2006-01-02T15:04:05Z07:00") + } else { + toSerialize["triaged_at"] = o.TriagedAt.Format("2006-01-02T15:04:05.000Z07:00") + } + } + if o.TriagedBy != nil { + toSerialize["triaged_by"] = o.TriagedBy + } for key, value := range o.AdditionalProperties { toSerialize[key] = value @@ -775,13 +878,16 @@ func (o *IoCIndicator) UnmarshalJSON(bytes []byte) (err error) { SignalTier *int64 `json:"signal_tier,omitempty"` SuspiciousSources []IoCSource `json:"suspicious_sources,omitempty"` Tags []string `json:"tags,omitempty"` + TriageState *string `json:"triage_state,omitempty"` + TriagedAt *time.Time `json:"triaged_at,omitempty"` + TriagedBy *string `json:"triaged_by,omitempty"` }{} if err = datadog.Unmarshal(bytes, &all); err != nil { return datadog.Unmarshal(bytes, &o.UnparsedObject) } additionalProperties := make(map[string]interface{}) if err = datadog.UnmarshalUseNumber(bytes, &additionalProperties); err == nil { - datadog.DeleteKeys(additionalProperties, &[]string{"as_geo", "as_type", "benign_sources", "categories", "first_seen", "id", "indicator", "indicator_type", "last_seen", "log_matches", "m_as_type", "m_persistence", "m_signal", "m_sources", "malicious_sources", "max_trust_score", "score", "signal_matches", "signal_tier", "suspicious_sources", "tags"}) + datadog.DeleteKeys(additionalProperties, &[]string{"as_geo", "as_type", "benign_sources", "categories", "first_seen", "id", "indicator", "indicator_type", "last_seen", "log_matches", "m_as_type", "m_persistence", "m_signal", "m_sources", "malicious_sources", "max_trust_score", "score", "signal_matches", "signal_tier", "suspicious_sources", "tags", "triage_state", "triaged_at", "triaged_by"}) } else { return err } @@ -831,6 +937,9 @@ func (o *IoCIndicator) UnmarshalJSON(bytes []byte) (err error) { o.SignalTier = all.SignalTier o.SuspiciousSources = all.SuspiciousSources o.Tags = all.Tags + o.TriageState = all.TriageState + o.TriagedAt = all.TriagedAt + o.TriagedBy = all.TriagedBy if len(additionalProperties) > 0 { o.AdditionalProperties = additionalProperties diff --git a/api/datadogV2/model_io_c_indicator_detailed.go b/api/datadogV2/model_io_c_indicator_detailed.go index 5fa492e649c..27762c9049a 100644 --- a/api/datadogV2/model_io_c_indicator_detailed.go +++ b/api/datadogV2/model_io_c_indicator_detailed.go @@ -72,6 +72,14 @@ type IoCIndicatorDetailed struct { SuspiciousSources []IoCSource `json:"suspicious_sources,omitempty"` // Tags associated with the indicator. Tags []string `json:"tags,omitempty"` + // Full triage history timeline. Returned only when `include_triage_history` is true. + TriageHistory []IoCTriageEvent `json:"triage_history,omitempty"` + // Current triage state of the indicator: not_reviewed or reviewed. + TriageState *string `json:"triage_state,omitempty"` + // Timestamp when the indicator was last triaged. + TriagedAt *time.Time `json:"triaged_at,omitempty"` + // UUID of the user who last triaged the indicator. + TriagedBy *string `json:"triaged_by,omitempty"` // Users associated with this indicator, grouped by category. Users map[string][]string `json:"users,omitempty"` // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct @@ -939,6 +947,118 @@ func (o *IoCIndicatorDetailed) SetTags(v []string) { o.Tags = v } +// GetTriageHistory returns the TriageHistory field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetTriageHistory() []IoCTriageEvent { + if o == nil || o.TriageHistory == nil { + var ret []IoCTriageEvent + return ret + } + return o.TriageHistory +} + +// GetTriageHistoryOk returns a tuple with the TriageHistory field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetTriageHistoryOk() (*[]IoCTriageEvent, bool) { + if o == nil || o.TriageHistory == nil { + return nil, false + } + return &o.TriageHistory, true +} + +// HasTriageHistory returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasTriageHistory() bool { + return o != nil && o.TriageHistory != nil +} + +// SetTriageHistory gets a reference to the given []IoCTriageEvent and assigns it to the TriageHistory field. +func (o *IoCIndicatorDetailed) SetTriageHistory(v []IoCTriageEvent) { + o.TriageHistory = v +} + +// GetTriageState returns the TriageState field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetTriageState() string { + if o == nil || o.TriageState == nil { + var ret string + return ret + } + return *o.TriageState +} + +// GetTriageStateOk returns a tuple with the TriageState field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetTriageStateOk() (*string, bool) { + if o == nil || o.TriageState == nil { + return nil, false + } + return o.TriageState, true +} + +// HasTriageState returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasTriageState() bool { + return o != nil && o.TriageState != nil +} + +// SetTriageState gets a reference to the given string and assigns it to the TriageState field. +func (o *IoCIndicatorDetailed) SetTriageState(v string) { + o.TriageState = &v +} + +// GetTriagedAt returns the TriagedAt field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetTriagedAt() time.Time { + if o == nil || o.TriagedAt == nil { + var ret time.Time + return ret + } + return *o.TriagedAt +} + +// GetTriagedAtOk returns a tuple with the TriagedAt field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetTriagedAtOk() (*time.Time, bool) { + if o == nil || o.TriagedAt == nil { + return nil, false + } + return o.TriagedAt, true +} + +// HasTriagedAt returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasTriagedAt() bool { + return o != nil && o.TriagedAt != nil +} + +// SetTriagedAt gets a reference to the given time.Time and assigns it to the TriagedAt field. +func (o *IoCIndicatorDetailed) SetTriagedAt(v time.Time) { + o.TriagedAt = &v +} + +// GetTriagedBy returns the TriagedBy field value if set, zero value otherwise. +func (o *IoCIndicatorDetailed) GetTriagedBy() string { + if o == nil || o.TriagedBy == nil { + var ret string + return ret + } + return *o.TriagedBy +} + +// GetTriagedByOk returns a tuple with the TriagedBy field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCIndicatorDetailed) GetTriagedByOk() (*string, bool) { + if o == nil || o.TriagedBy == nil { + return nil, false + } + return o.TriagedBy, true +} + +// HasTriagedBy returns a boolean if a field has been set. +func (o *IoCIndicatorDetailed) HasTriagedBy() bool { + return o != nil && o.TriagedBy != nil +} + +// SetTriagedBy gets a reference to the given string and assigns it to the TriagedBy field. +func (o *IoCIndicatorDetailed) SetTriagedBy(v string) { + o.TriagedBy = &v +} + // GetUsers returns the Users field value if set, zero value otherwise. func (o *IoCIndicatorDetailed) GetUsers() map[string][]string { if o == nil || o.Users == nil { @@ -1071,6 +1191,22 @@ func (o IoCIndicatorDetailed) MarshalJSON() ([]byte, error) { if o.Tags != nil { toSerialize["tags"] = o.Tags } + if o.TriageHistory != nil { + toSerialize["triage_history"] = o.TriageHistory + } + if o.TriageState != nil { + toSerialize["triage_state"] = o.TriageState + } + if o.TriagedAt != nil { + if o.TriagedAt.Nanosecond() == 0 { + toSerialize["triaged_at"] = o.TriagedAt.Format("2006-01-02T15:04:05Z07:00") + } else { + toSerialize["triaged_at"] = o.TriagedAt.Format("2006-01-02T15:04:05.000Z07:00") + } + } + if o.TriagedBy != nil { + toSerialize["triaged_by"] = o.TriagedBy + } if o.Users != nil { toSerialize["users"] = o.Users } @@ -1114,6 +1250,10 @@ func (o *IoCIndicatorDetailed) UnmarshalJSON(bytes []byte) (err error) { SignalTier *int64 `json:"signal_tier,omitempty"` SuspiciousSources []IoCSource `json:"suspicious_sources,omitempty"` Tags []string `json:"tags,omitempty"` + TriageHistory []IoCTriageEvent `json:"triage_history,omitempty"` + TriageState *string `json:"triage_state,omitempty"` + TriagedAt *time.Time `json:"triaged_at,omitempty"` + TriagedBy *string `json:"triaged_by,omitempty"` Users map[string][]string `json:"users,omitempty"` }{} if err = datadog.Unmarshal(bytes, &all); err != nil { @@ -1121,7 +1261,7 @@ func (o *IoCIndicatorDetailed) UnmarshalJSON(bytes []byte) (err error) { } additionalProperties := make(map[string]interface{}) if err = datadog.UnmarshalUseNumber(bytes, &additionalProperties); err == nil { - datadog.DeleteKeys(additionalProperties, &[]string{"additional_data", "as_cidr_block", "as_geo", "as_number", "as_organization", "as_type", "benign_sources", "categories", "critical_assets", "first_seen", "hosts", "id", "indicator", "indicator_type", "last_seen", "log_matches", "log_sources", "m_as_type", "m_persistence", "m_signal", "m_sources", "malicious_sources", "max_trust_score", "score", "services", "signal_matches", "signal_severity", "signal_tier", "suspicious_sources", "tags", "users"}) + datadog.DeleteKeys(additionalProperties, &[]string{"additional_data", "as_cidr_block", "as_geo", "as_number", "as_organization", "as_type", "benign_sources", "categories", "critical_assets", "first_seen", "hosts", "id", "indicator", "indicator_type", "last_seen", "log_matches", "log_sources", "m_as_type", "m_persistence", "m_signal", "m_sources", "malicious_sources", "max_trust_score", "score", "services", "signal_matches", "signal_severity", "signal_tier", "suspicious_sources", "tags", "triage_history", "triage_state", "triaged_at", "triaged_by", "users"}) } else { return err } @@ -1180,6 +1320,10 @@ func (o *IoCIndicatorDetailed) UnmarshalJSON(bytes []byte) (err error) { o.SignalTier = all.SignalTier o.SuspiciousSources = all.SuspiciousSources o.Tags = all.Tags + o.TriageHistory = all.TriageHistory + o.TriageState = all.TriageState + o.TriagedAt = all.TriagedAt + o.TriagedBy = all.TriagedBy o.Users = all.Users if len(additionalProperties) > 0 { diff --git a/api/datadogV2/model_io_c_triage_event.go b/api/datadogV2/model_io_c_triage_event.go new file mode 100644 index 00000000000..b0039db0382 --- /dev/null +++ b/api/datadogV2/model_io_c_triage_event.go @@ -0,0 +1,178 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "time" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCTriageEvent A single entry in an indicator's triage history timeline. +type IoCTriageEvent struct { + // Triage state set by this action: not_reviewed or reviewed. + TriageState *string `json:"triage_state,omitempty"` + // Timestamp when this triage action occurred. + TriagedAt *time.Time `json:"triaged_at,omitempty"` + // UUID of the user who performed this triage action. + TriagedBy *string `json:"triaged_by,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCTriageEvent instantiates a new IoCTriageEvent object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCTriageEvent() *IoCTriageEvent { + this := IoCTriageEvent{} + return &this +} + +// NewIoCTriageEventWithDefaults instantiates a new IoCTriageEvent object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCTriageEventWithDefaults() *IoCTriageEvent { + this := IoCTriageEvent{} + return &this +} + +// GetTriageState returns the TriageState field value if set, zero value otherwise. +func (o *IoCTriageEvent) GetTriageState() string { + if o == nil || o.TriageState == nil { + var ret string + return ret + } + return *o.TriageState +} + +// GetTriageStateOk returns a tuple with the TriageState field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageEvent) GetTriageStateOk() (*string, bool) { + if o == nil || o.TriageState == nil { + return nil, false + } + return o.TriageState, true +} + +// HasTriageState returns a boolean if a field has been set. +func (o *IoCTriageEvent) HasTriageState() bool { + return o != nil && o.TriageState != nil +} + +// SetTriageState gets a reference to the given string and assigns it to the TriageState field. +func (o *IoCTriageEvent) SetTriageState(v string) { + o.TriageState = &v +} + +// GetTriagedAt returns the TriagedAt field value if set, zero value otherwise. +func (o *IoCTriageEvent) GetTriagedAt() time.Time { + if o == nil || o.TriagedAt == nil { + var ret time.Time + return ret + } + return *o.TriagedAt +} + +// GetTriagedAtOk returns a tuple with the TriagedAt field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageEvent) GetTriagedAtOk() (*time.Time, bool) { + if o == nil || o.TriagedAt == nil { + return nil, false + } + return o.TriagedAt, true +} + +// HasTriagedAt returns a boolean if a field has been set. +func (o *IoCTriageEvent) HasTriagedAt() bool { + return o != nil && o.TriagedAt != nil +} + +// SetTriagedAt gets a reference to the given time.Time and assigns it to the TriagedAt field. +func (o *IoCTriageEvent) SetTriagedAt(v time.Time) { + o.TriagedAt = &v +} + +// GetTriagedBy returns the TriagedBy field value if set, zero value otherwise. +func (o *IoCTriageEvent) GetTriagedBy() string { + if o == nil || o.TriagedBy == nil { + var ret string + return ret + } + return *o.TriagedBy +} + +// GetTriagedByOk returns a tuple with the TriagedBy field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageEvent) GetTriagedByOk() (*string, bool) { + if o == nil || o.TriagedBy == nil { + return nil, false + } + return o.TriagedBy, true +} + +// HasTriagedBy returns a boolean if a field has been set. +func (o *IoCTriageEvent) HasTriagedBy() bool { + return o != nil && o.TriagedBy != nil +} + +// SetTriagedBy gets a reference to the given string and assigns it to the TriagedBy field. +func (o *IoCTriageEvent) SetTriagedBy(v string) { + o.TriagedBy = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCTriageEvent) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.TriageState != nil { + toSerialize["triage_state"] = o.TriageState + } + if o.TriagedAt != nil { + if o.TriagedAt.Nanosecond() == 0 { + toSerialize["triaged_at"] = o.TriagedAt.Format("2006-01-02T15:04:05Z07:00") + } else { + toSerialize["triaged_at"] = o.TriagedAt.Format("2006-01-02T15:04:05.000Z07:00") + } + } + if o.TriagedBy != nil { + toSerialize["triaged_by"] = o.TriagedBy + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCTriageEvent) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + TriageState *string `json:"triage_state,omitempty"` + TriagedAt *time.Time `json:"triaged_at,omitempty"` + TriagedBy *string `json:"triaged_by,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.UnmarshalUseNumber(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"triage_state", "triaged_at", "triaged_by"}) + } else { + return err + } + o.TriageState = all.TriageState + o.TriagedAt = all.TriagedAt + o.TriagedBy = all.TriagedBy + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_io_c_triage_write_request.go b/api/datadogV2/model_io_c_triage_write_request.go new file mode 100644 index 00000000000..b917e742335 --- /dev/null +++ b/api/datadogV2/model_io_c_triage_write_request.go @@ -0,0 +1,110 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "fmt" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCTriageWriteRequest Request body for creating or updating an indicator triage state. +type IoCTriageWriteRequest struct { + // Data object for the triage write request. + Data IoCTriageWriteRequestData `json:"data"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCTriageWriteRequest instantiates a new IoCTriageWriteRequest object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCTriageWriteRequest(data IoCTriageWriteRequestData) *IoCTriageWriteRequest { + this := IoCTriageWriteRequest{} + this.Data = data + return &this +} + +// NewIoCTriageWriteRequestWithDefaults instantiates a new IoCTriageWriteRequest object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCTriageWriteRequestWithDefaults() *IoCTriageWriteRequest { + this := IoCTriageWriteRequest{} + return &this +} + +// GetData returns the Data field value. +func (o *IoCTriageWriteRequest) GetData() IoCTriageWriteRequestData { + if o == nil { + var ret IoCTriageWriteRequestData + return ret + } + return o.Data +} + +// GetDataOk returns a tuple with the Data field value +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteRequest) GetDataOk() (*IoCTriageWriteRequestData, bool) { + if o == nil { + return nil, false + } + return &o.Data, true +} + +// SetData sets field value. +func (o *IoCTriageWriteRequest) SetData(v IoCTriageWriteRequestData) { + o.Data = v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCTriageWriteRequest) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + toSerialize["data"] = o.Data + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCTriageWriteRequest) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Data *IoCTriageWriteRequestData `json:"data"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + if all.Data == nil { + return fmt.Errorf("required field data missing") + } + additionalProperties := make(map[string]interface{}) + if err = datadog.UnmarshalUseNumber(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"data"}) + } else { + return err + } + + hasInvalidField := false + if all.Data.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Data = *all.Data + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_io_c_triage_write_request_attributes.go b/api/datadogV2/model_io_c_triage_write_request_attributes.go new file mode 100644 index 00000000000..8d4412ea963 --- /dev/null +++ b/api/datadogV2/model_io_c_triage_write_request_attributes.go @@ -0,0 +1,133 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "fmt" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCTriageWriteRequestAttributes Attributes for setting an indicator's triage state. +type IoCTriageWriteRequestAttributes struct { + // The indicator value to triage (for example, an IP address or domain). + Indicator string `json:"indicator"` + // The triage state to set: not_reviewed or reviewed. + TriageState string `json:"triage_state"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCTriageWriteRequestAttributes instantiates a new IoCTriageWriteRequestAttributes object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCTriageWriteRequestAttributes(indicator string, triageState string) *IoCTriageWriteRequestAttributes { + this := IoCTriageWriteRequestAttributes{} + this.Indicator = indicator + this.TriageState = triageState + return &this +} + +// NewIoCTriageWriteRequestAttributesWithDefaults instantiates a new IoCTriageWriteRequestAttributes object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCTriageWriteRequestAttributesWithDefaults() *IoCTriageWriteRequestAttributes { + this := IoCTriageWriteRequestAttributes{} + return &this +} + +// GetIndicator returns the Indicator field value. +func (o *IoCTriageWriteRequestAttributes) GetIndicator() string { + if o == nil { + var ret string + return ret + } + return o.Indicator +} + +// GetIndicatorOk returns a tuple with the Indicator field value +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteRequestAttributes) GetIndicatorOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.Indicator, true +} + +// SetIndicator sets field value. +func (o *IoCTriageWriteRequestAttributes) SetIndicator(v string) { + o.Indicator = v +} + +// GetTriageState returns the TriageState field value. +func (o *IoCTriageWriteRequestAttributes) GetTriageState() string { + if o == nil { + var ret string + return ret + } + return o.TriageState +} + +// GetTriageStateOk returns a tuple with the TriageState field value +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteRequestAttributes) GetTriageStateOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.TriageState, true +} + +// SetTriageState sets field value. +func (o *IoCTriageWriteRequestAttributes) SetTriageState(v string) { + o.TriageState = v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCTriageWriteRequestAttributes) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + toSerialize["indicator"] = o.Indicator + toSerialize["triage_state"] = o.TriageState + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCTriageWriteRequestAttributes) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Indicator *string `json:"indicator"` + TriageState *string `json:"triage_state"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + if all.Indicator == nil { + return fmt.Errorf("required field indicator missing") + } + if all.TriageState == nil { + return fmt.Errorf("required field triage_state missing") + } + additionalProperties := make(map[string]interface{}) + if err = datadog.UnmarshalUseNumber(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"indicator", "triage_state"}) + } else { + return err + } + o.Indicator = *all.Indicator + o.TriageState = *all.TriageState + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_io_c_triage_write_request_data.go b/api/datadogV2/model_io_c_triage_write_request_data.go new file mode 100644 index 00000000000..542263784b2 --- /dev/null +++ b/api/datadogV2/model_io_c_triage_write_request_data.go @@ -0,0 +1,144 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "fmt" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCTriageWriteRequestData Data object for the triage write request. +type IoCTriageWriteRequestData struct { + // Attributes for setting an indicator's triage state. + Attributes IoCTriageWriteRequestAttributes `json:"attributes"` + // Triage state resource type. + Type string `json:"type"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCTriageWriteRequestData instantiates a new IoCTriageWriteRequestData object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCTriageWriteRequestData(attributes IoCTriageWriteRequestAttributes, typeVar string) *IoCTriageWriteRequestData { + this := IoCTriageWriteRequestData{} + this.Attributes = attributes + this.Type = typeVar + return &this +} + +// NewIoCTriageWriteRequestDataWithDefaults instantiates a new IoCTriageWriteRequestData object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCTriageWriteRequestDataWithDefaults() *IoCTriageWriteRequestData { + this := IoCTriageWriteRequestData{} + var typeVar string = "ioc_triage_state" + this.Type = typeVar + return &this +} + +// GetAttributes returns the Attributes field value. +func (o *IoCTriageWriteRequestData) GetAttributes() IoCTriageWriteRequestAttributes { + if o == nil { + var ret IoCTriageWriteRequestAttributes + return ret + } + return o.Attributes +} + +// GetAttributesOk returns a tuple with the Attributes field value +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteRequestData) GetAttributesOk() (*IoCTriageWriteRequestAttributes, bool) { + if o == nil { + return nil, false + } + return &o.Attributes, true +} + +// SetAttributes sets field value. +func (o *IoCTriageWriteRequestData) SetAttributes(v IoCTriageWriteRequestAttributes) { + o.Attributes = v +} + +// GetType returns the Type field value. +func (o *IoCTriageWriteRequestData) GetType() string { + if o == nil { + var ret string + return ret + } + return o.Type +} + +// GetTypeOk returns a tuple with the Type field value +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteRequestData) GetTypeOk() (*string, bool) { + if o == nil { + return nil, false + } + return &o.Type, true +} + +// SetType sets field value. +func (o *IoCTriageWriteRequestData) SetType(v string) { + o.Type = v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCTriageWriteRequestData) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + toSerialize["attributes"] = o.Attributes + toSerialize["type"] = o.Type + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCTriageWriteRequestData) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Attributes *IoCTriageWriteRequestAttributes `json:"attributes"` + Type *string `json:"type"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + if all.Attributes == nil { + return fmt.Errorf("required field attributes missing") + } + if all.Type == nil { + return fmt.Errorf("required field type missing") + } + additionalProperties := make(map[string]interface{}) + if err = datadog.UnmarshalUseNumber(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"attributes", "type"}) + } else { + return err + } + + hasInvalidField := false + if all.Attributes.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Attributes = *all.Attributes + o.Type = *all.Type + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_io_c_triage_write_response.go b/api/datadogV2/model_io_c_triage_write_response.go new file mode 100644 index 00000000000..1911a1254d8 --- /dev/null +++ b/api/datadogV2/model_io_c_triage_write_response.go @@ -0,0 +1,111 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCTriageWriteResponse Response for the create indicator triage state endpoint. +type IoCTriageWriteResponse struct { + // Data object of the triage write response. + Data *IoCTriageWriteResponseData `json:"data,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCTriageWriteResponse instantiates a new IoCTriageWriteResponse object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCTriageWriteResponse() *IoCTriageWriteResponse { + this := IoCTriageWriteResponse{} + return &this +} + +// NewIoCTriageWriteResponseWithDefaults instantiates a new IoCTriageWriteResponse object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCTriageWriteResponseWithDefaults() *IoCTriageWriteResponse { + this := IoCTriageWriteResponse{} + return &this +} + +// GetData returns the Data field value if set, zero value otherwise. +func (o *IoCTriageWriteResponse) GetData() IoCTriageWriteResponseData { + if o == nil || o.Data == nil { + var ret IoCTriageWriteResponseData + return ret + } + return *o.Data +} + +// GetDataOk returns a tuple with the Data field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteResponse) GetDataOk() (*IoCTriageWriteResponseData, bool) { + if o == nil || o.Data == nil { + return nil, false + } + return o.Data, true +} + +// HasData returns a boolean if a field has been set. +func (o *IoCTriageWriteResponse) HasData() bool { + return o != nil && o.Data != nil +} + +// SetData gets a reference to the given IoCTriageWriteResponseData and assigns it to the Data field. +func (o *IoCTriageWriteResponse) SetData(v IoCTriageWriteResponseData) { + o.Data = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCTriageWriteResponse) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Data != nil { + toSerialize["data"] = o.Data + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCTriageWriteResponse) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Data *IoCTriageWriteResponseData `json:"data,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.UnmarshalUseNumber(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"data"}) + } else { + return err + } + + hasInvalidField := false + if all.Data != nil && all.Data.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Data = all.Data + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/api/datadogV2/model_io_c_triage_write_response_attributes.go b/api/datadogV2/model_io_c_triage_write_response_attributes.go new file mode 100644 index 00000000000..2a201a71334 --- /dev/null +++ b/api/datadogV2/model_io_c_triage_write_response_attributes.go @@ -0,0 +1,252 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "time" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCTriageWriteResponseAttributes Attributes of a created or updated triage state. +type IoCTriageWriteResponseAttributes struct { + // Timestamp when the triage record was created. + CreatedAt *time.Time `json:"created_at,omitempty"` + // The indicator value that was triaged. + Indicator *string `json:"indicator,omitempty"` + // The triage state that was set: not_reviewed or reviewed. + TriageState *string `json:"triage_state,omitempty"` + // Timestamp when the triage state was set. + TriagedAt *time.Time `json:"triaged_at,omitempty"` + // UUID of the user who set the triage state. + TriagedBy *string `json:"triaged_by,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCTriageWriteResponseAttributes instantiates a new IoCTriageWriteResponseAttributes object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCTriageWriteResponseAttributes() *IoCTriageWriteResponseAttributes { + this := IoCTriageWriteResponseAttributes{} + return &this +} + +// NewIoCTriageWriteResponseAttributesWithDefaults instantiates a new IoCTriageWriteResponseAttributes object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCTriageWriteResponseAttributesWithDefaults() *IoCTriageWriteResponseAttributes { + this := IoCTriageWriteResponseAttributes{} + return &this +} + +// GetCreatedAt returns the CreatedAt field value if set, zero value otherwise. +func (o *IoCTriageWriteResponseAttributes) GetCreatedAt() time.Time { + if o == nil || o.CreatedAt == nil { + var ret time.Time + return ret + } + return *o.CreatedAt +} + +// GetCreatedAtOk returns a tuple with the CreatedAt field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteResponseAttributes) GetCreatedAtOk() (*time.Time, bool) { + if o == nil || o.CreatedAt == nil { + return nil, false + } + return o.CreatedAt, true +} + +// HasCreatedAt returns a boolean if a field has been set. +func (o *IoCTriageWriteResponseAttributes) HasCreatedAt() bool { + return o != nil && o.CreatedAt != nil +} + +// SetCreatedAt gets a reference to the given time.Time and assigns it to the CreatedAt field. +func (o *IoCTriageWriteResponseAttributes) SetCreatedAt(v time.Time) { + o.CreatedAt = &v +} + +// GetIndicator returns the Indicator field value if set, zero value otherwise. +func (o *IoCTriageWriteResponseAttributes) GetIndicator() string { + if o == nil || o.Indicator == nil { + var ret string + return ret + } + return *o.Indicator +} + +// GetIndicatorOk returns a tuple with the Indicator field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteResponseAttributes) GetIndicatorOk() (*string, bool) { + if o == nil || o.Indicator == nil { + return nil, false + } + return o.Indicator, true +} + +// HasIndicator returns a boolean if a field has been set. +func (o *IoCTriageWriteResponseAttributes) HasIndicator() bool { + return o != nil && o.Indicator != nil +} + +// SetIndicator gets a reference to the given string and assigns it to the Indicator field. +func (o *IoCTriageWriteResponseAttributes) SetIndicator(v string) { + o.Indicator = &v +} + +// GetTriageState returns the TriageState field value if set, zero value otherwise. +func (o *IoCTriageWriteResponseAttributes) GetTriageState() string { + if o == nil || o.TriageState == nil { + var ret string + return ret + } + return *o.TriageState +} + +// GetTriageStateOk returns a tuple with the TriageState field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteResponseAttributes) GetTriageStateOk() (*string, bool) { + if o == nil || o.TriageState == nil { + return nil, false + } + return o.TriageState, true +} + +// HasTriageState returns a boolean if a field has been set. +func (o *IoCTriageWriteResponseAttributes) HasTriageState() bool { + return o != nil && o.TriageState != nil +} + +// SetTriageState gets a reference to the given string and assigns it to the TriageState field. +func (o *IoCTriageWriteResponseAttributes) SetTriageState(v string) { + o.TriageState = &v +} + +// GetTriagedAt returns the TriagedAt field value if set, zero value otherwise. +func (o *IoCTriageWriteResponseAttributes) GetTriagedAt() time.Time { + if o == nil || o.TriagedAt == nil { + var ret time.Time + return ret + } + return *o.TriagedAt +} + +// GetTriagedAtOk returns a tuple with the TriagedAt field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteResponseAttributes) GetTriagedAtOk() (*time.Time, bool) { + if o == nil || o.TriagedAt == nil { + return nil, false + } + return o.TriagedAt, true +} + +// HasTriagedAt returns a boolean if a field has been set. +func (o *IoCTriageWriteResponseAttributes) HasTriagedAt() bool { + return o != nil && o.TriagedAt != nil +} + +// SetTriagedAt gets a reference to the given time.Time and assigns it to the TriagedAt field. +func (o *IoCTriageWriteResponseAttributes) SetTriagedAt(v time.Time) { + o.TriagedAt = &v +} + +// GetTriagedBy returns the TriagedBy field value if set, zero value otherwise. +func (o *IoCTriageWriteResponseAttributes) GetTriagedBy() string { + if o == nil || o.TriagedBy == nil { + var ret string + return ret + } + return *o.TriagedBy +} + +// GetTriagedByOk returns a tuple with the TriagedBy field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteResponseAttributes) GetTriagedByOk() (*string, bool) { + if o == nil || o.TriagedBy == nil { + return nil, false + } + return o.TriagedBy, true +} + +// HasTriagedBy returns a boolean if a field has been set. +func (o *IoCTriageWriteResponseAttributes) HasTriagedBy() bool { + return o != nil && o.TriagedBy != nil +} + +// SetTriagedBy gets a reference to the given string and assigns it to the TriagedBy field. +func (o *IoCTriageWriteResponseAttributes) SetTriagedBy(v string) { + o.TriagedBy = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCTriageWriteResponseAttributes) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.CreatedAt != nil { + if o.CreatedAt.Nanosecond() == 0 { + toSerialize["created_at"] = o.CreatedAt.Format("2006-01-02T15:04:05Z07:00") + } else { + toSerialize["created_at"] = o.CreatedAt.Format("2006-01-02T15:04:05.000Z07:00") + } + } + if o.Indicator != nil { + toSerialize["indicator"] = o.Indicator + } + if o.TriageState != nil { + toSerialize["triage_state"] = o.TriageState + } + if o.TriagedAt != nil { + if o.TriagedAt.Nanosecond() == 0 { + toSerialize["triaged_at"] = o.TriagedAt.Format("2006-01-02T15:04:05Z07:00") + } else { + toSerialize["triaged_at"] = o.TriagedAt.Format("2006-01-02T15:04:05.000Z07:00") + } + } + if o.TriagedBy != nil { + toSerialize["triaged_by"] = o.TriagedBy + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCTriageWriteResponseAttributes) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + CreatedAt *time.Time `json:"created_at,omitempty"` + Indicator *string `json:"indicator,omitempty"` + TriageState *string `json:"triage_state,omitempty"` + TriagedAt *time.Time `json:"triaged_at,omitempty"` + TriagedBy *string `json:"triaged_by,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.UnmarshalUseNumber(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"created_at", "indicator", "triage_state", "triaged_at", "triaged_by"}) + } else { + return err + } + o.CreatedAt = all.CreatedAt + o.Indicator = all.Indicator + o.TriageState = all.TriageState + o.TriagedAt = all.TriagedAt + o.TriagedBy = all.TriagedBy + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + return nil +} diff --git a/api/datadogV2/model_io_c_triage_write_response_data.go b/api/datadogV2/model_io_c_triage_write_response_data.go new file mode 100644 index 00000000000..bbdfd9132b0 --- /dev/null +++ b/api/datadogV2/model_io_c_triage_write_response_data.go @@ -0,0 +1,185 @@ +// Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2019-Present Datadog, Inc. + +package datadogV2 + +import ( + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" +) + +// IoCTriageWriteResponseData Data object of the triage write response. +type IoCTriageWriteResponseData struct { + // Attributes of a created or updated triage state. + Attributes *IoCTriageWriteResponseAttributes `json:"attributes,omitempty"` + // Unique identifier for the triage state record. + Id *string `json:"id,omitempty"` + // Triage state resource type. + Type *string `json:"type,omitempty"` + // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct + UnparsedObject map[string]interface{} `json:"-"` + AdditionalProperties map[string]interface{} `json:"-"` +} + +// NewIoCTriageWriteResponseData instantiates a new IoCTriageWriteResponseData object. +// This constructor will assign default values to properties that have it defined, +// and makes sure properties required by API are set, but the set of arguments +// will change when the set of required properties is changed. +func NewIoCTriageWriteResponseData() *IoCTriageWriteResponseData { + this := IoCTriageWriteResponseData{} + var typeVar string = "ioc_triage_state" + this.Type = &typeVar + return &this +} + +// NewIoCTriageWriteResponseDataWithDefaults instantiates a new IoCTriageWriteResponseData object. +// This constructor will only assign default values to properties that have it defined, +// but it doesn't guarantee that properties required by API are set. +func NewIoCTriageWriteResponseDataWithDefaults() *IoCTriageWriteResponseData { + this := IoCTriageWriteResponseData{} + var typeVar string = "ioc_triage_state" + this.Type = &typeVar + return &this +} + +// GetAttributes returns the Attributes field value if set, zero value otherwise. +func (o *IoCTriageWriteResponseData) GetAttributes() IoCTriageWriteResponseAttributes { + if o == nil || o.Attributes == nil { + var ret IoCTriageWriteResponseAttributes + return ret + } + return *o.Attributes +} + +// GetAttributesOk returns a tuple with the Attributes field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteResponseData) GetAttributesOk() (*IoCTriageWriteResponseAttributes, bool) { + if o == nil || o.Attributes == nil { + return nil, false + } + return o.Attributes, true +} + +// HasAttributes returns a boolean if a field has been set. +func (o *IoCTriageWriteResponseData) HasAttributes() bool { + return o != nil && o.Attributes != nil +} + +// SetAttributes gets a reference to the given IoCTriageWriteResponseAttributes and assigns it to the Attributes field. +func (o *IoCTriageWriteResponseData) SetAttributes(v IoCTriageWriteResponseAttributes) { + o.Attributes = &v +} + +// GetId returns the Id field value if set, zero value otherwise. +func (o *IoCTriageWriteResponseData) GetId() string { + if o == nil || o.Id == nil { + var ret string + return ret + } + return *o.Id +} + +// GetIdOk returns a tuple with the Id field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteResponseData) GetIdOk() (*string, bool) { + if o == nil || o.Id == nil { + return nil, false + } + return o.Id, true +} + +// HasId returns a boolean if a field has been set. +func (o *IoCTriageWriteResponseData) HasId() bool { + return o != nil && o.Id != nil +} + +// SetId gets a reference to the given string and assigns it to the Id field. +func (o *IoCTriageWriteResponseData) SetId(v string) { + o.Id = &v +} + +// GetType returns the Type field value if set, zero value otherwise. +func (o *IoCTriageWriteResponseData) GetType() string { + if o == nil || o.Type == nil { + var ret string + return ret + } + return *o.Type +} + +// GetTypeOk returns a tuple with the Type field value if set, nil otherwise +// and a boolean to check if the value has been set. +func (o *IoCTriageWriteResponseData) GetTypeOk() (*string, bool) { + if o == nil || o.Type == nil { + return nil, false + } + return o.Type, true +} + +// HasType returns a boolean if a field has been set. +func (o *IoCTriageWriteResponseData) HasType() bool { + return o != nil && o.Type != nil +} + +// SetType gets a reference to the given string and assigns it to the Type field. +func (o *IoCTriageWriteResponseData) SetType(v string) { + o.Type = &v +} + +// MarshalJSON serializes the struct using spec logic. +func (o IoCTriageWriteResponseData) MarshalJSON() ([]byte, error) { + toSerialize := map[string]interface{}{} + if o.UnparsedObject != nil { + return datadog.Marshal(o.UnparsedObject) + } + if o.Attributes != nil { + toSerialize["attributes"] = o.Attributes + } + if o.Id != nil { + toSerialize["id"] = o.Id + } + if o.Type != nil { + toSerialize["type"] = o.Type + } + + for key, value := range o.AdditionalProperties { + toSerialize[key] = value + } + return datadog.Marshal(toSerialize) +} + +// UnmarshalJSON deserializes the given payload. +func (o *IoCTriageWriteResponseData) UnmarshalJSON(bytes []byte) (err error) { + all := struct { + Attributes *IoCTriageWriteResponseAttributes `json:"attributes,omitempty"` + Id *string `json:"id,omitempty"` + Type *string `json:"type,omitempty"` + }{} + if err = datadog.Unmarshal(bytes, &all); err != nil { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + additionalProperties := make(map[string]interface{}) + if err = datadog.UnmarshalUseNumber(bytes, &additionalProperties); err == nil { + datadog.DeleteKeys(additionalProperties, &[]string{"attributes", "id", "type"}) + } else { + return err + } + + hasInvalidField := false + if all.Attributes != nil && all.Attributes.UnparsedObject != nil && o.UnparsedObject == nil { + hasInvalidField = true + } + o.Attributes = all.Attributes + o.Id = all.Id + o.Type = all.Type + + if len(additionalProperties) > 0 { + o.AdditionalProperties = additionalProperties + } + + if hasInvalidField { + return datadog.Unmarshal(bytes, &o.UnparsedObject) + } + + return nil +} diff --git a/examples/v2/security-monitoring/CreateIoCTriageState.go b/examples/v2/security-monitoring/CreateIoCTriageState.go new file mode 100644 index 00000000000..bc0e767adf0 --- /dev/null +++ b/examples/v2/security-monitoring/CreateIoCTriageState.go @@ -0,0 +1,39 @@ +// Create or update an indicator triage state returns "Created" response + +package main + +import ( + "context" + "encoding/json" + "fmt" + "os" + + "github.com/DataDog/datadog-api-client-go/v2/api/datadog" + "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" +) + +func main() { + body := datadogV2.IoCTriageWriteRequest{ + Data: datadogV2.IoCTriageWriteRequestData{ + Attributes: datadogV2.IoCTriageWriteRequestAttributes{ + Indicator: "192.0.2.1", + TriageState: "reviewed", + }, + Type: "ioc_triage_state", + }, + } + ctx := datadog.NewDefaultContext(context.Background()) + configuration := datadog.NewConfiguration() + configuration.SetUnstableOperationEnabled("v2.CreateIoCTriageState", true) + apiClient := datadog.NewAPIClient(configuration) + api := datadogV2.NewSecurityMonitoringApi(apiClient) + resp, r, err := api.CreateIoCTriageState(ctx, body) + + if err != nil { + fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateIoCTriageState`: %v\n", err) + fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) + } + + responseContent, _ := json.MarshalIndent(resp, "", " ") + fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateIoCTriageState`:\n%s\n", responseContent) +} diff --git a/examples/v2/security-monitoring/GetIndicatorOfCompromise.go b/examples/v2/security-monitoring/GetIndicatorOfCompromise.go index bc23889c27d..84594d45515 100644 --- a/examples/v2/security-monitoring/GetIndicatorOfCompromise.go +++ b/examples/v2/security-monitoring/GetIndicatorOfCompromise.go @@ -18,7 +18,7 @@ func main() { configuration.SetUnstableOperationEnabled("v2.GetIndicatorOfCompromise", true) apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewSecurityMonitoringApi(apiClient) - resp, r, err := api.GetIndicatorOfCompromise(ctx, "masscan/1.3 (https://github.com/robertdavidgraham/masscan)") + resp, r, err := api.GetIndicatorOfCompromise(ctx, "192.0.2.1", *datadogV2.NewGetIndicatorOfCompromiseOptionalParameters().WithIncludeTriageHistory(true)) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetIndicatorOfCompromise`: %v\n", err) diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Bad_Request_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Bad_Request_response.freeze new file mode 100644 index 00000000000..d6a26ed39db --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Bad_Request_response.freeze @@ -0,0 +1 @@ +2026-06-05T12:20:47.940Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Bad_Request_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Bad_Request_response.yaml new file mode 100644 index 00000000000..c296c845185 --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Bad_Request_response.yaml @@ -0,0 +1,22 @@ +interactions: +- request: + body: | + {"data":{"attributes":{"indicator":"192.0.2.1","triage_state":"invalid_state"},"type":"ioc_triage_state"}} + form: {} + headers: + Accept: + - application/json + Content-Type: + - application/json + id: 0 + method: POST + url: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/triage + response: + body: '{"errors":[{"title":"Generic Error","detail":"invalid triage_state"}]}' + code: 400 + duration: 0ms + headers: + Content-Type: + - application/vnd.api+json + status: 400 Bad Request +version: 2 diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Created_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Created_response.freeze new file mode 100644 index 00000000000..0ac630dda1e --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Created_response.freeze @@ -0,0 +1 @@ +2026-06-05T12:22:26.137Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Created_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Created_response.yaml new file mode 100644 index 00000000000..93f842b2c3f --- /dev/null +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Create_or_update_an_indicator_triage_state_returns_Created_response.yaml @@ -0,0 +1,22 @@ +interactions: +- request: + body: | + {"data":{"attributes":{"indicator":"192.0.2.1","triage_state":"reviewed"},"type":"ioc_triage_state"}} + form: {} + headers: + Accept: + - application/json + Content-Type: + - application/json + id: 0 + method: POST + url: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/triage + response: + body: '{"data":{"id":"2e6eff68-4ffa-4cab-b9bb-d9ce1ef3b42a","type":"ioc_triage_state","attributes":{"created_at":"2026-06-05T12:22:26.488248Z","indicator":"192.0.2.1","triage_state":"reviewed","triaged_at":"2026-06-05T12:22:26.488248Z","triaged_by":"dc6535c4-0b70-47aa-9c6a-9b0fc0be3f19"}}}' + code: 201 + duration: 0ms + headers: + Content-Type: + - application/vnd.api+json + status: 201 Created +version: 2 diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.freeze index fc8ed109ad7..3dc6b0aa0a0 100644 --- a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.freeze +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.freeze @@ -1 +1 @@ -2026-04-14T18:22:29.733Z \ No newline at end of file +2026-06-05T12:58:33.985Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.yaml index 045ff9b37a9..28a3795fc60 100644 --- a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.yaml +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_Get_an_indicator_of_compromise_returns_OK_response.yaml @@ -7,12 +7,10 @@ interactions: - application/json id: 0 method: GET - url: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=masscan%2F1.3%20%28https%3A%2F%2Fgithub.com%2Frobertdavidgraham%2Fmasscan%29 + url: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=192.0.2.1&include_triage_history=true response: - body: '{"data":{"id":"65a31893-cc59-4125-9424-44f7ba083e53","type":"get_indicator_response","attributes":{"data":{"id":"masscan/1.3 - (https://github.com/robertdavidgraham/masscan)","indicator":"masscan/1.3 (https://github.com/robertdavidgraham/masscan)","indicator_type":"User - Agent","score":4,"as_type":"hosting","malicious_sources":null,"suspicious_sources":[{"name":"Datadog - Threat Research"}],"benign_sources":null,"categories":["scanner"],"tags":[],"signal_matches":0,"log_matches":45,"first_seen":"2025-01-08T23:24:45Z","last_seen":"2026-04-10T14:36:20Z","signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"NO_EFFECT","m_persistence":"RAISE_SCORE","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","log_sources":[],"services":[],"signal_severity":[],"users":{},"critical_assets":[],"hosts":[],"as_number":"","as_organization":"","as_cidr_block":""}}}}' + body: '{"data":{"id":"b38eb8e1-61c8-470f-be58-f41531a7c134","type":"get_indicator_response","attributes":{"data":{"id":"192.0.2.1","indicator":"192.0.2.1","indicator_type":"IP + Address","score":4,"as_type":"hosting","malicious_sources":null,"suspicious_sources":[{"name":"SOURCE1"}],"benign_sources":null,"categories":["hosting_proxy"],"tags":[],"signal_matches":1,"log_matches":7,"signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"NO_EFFECT","m_persistence":"NO_EFFECT","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","triage_state":"reviewed","triaged_at":"2026-06-03T18:55:42.108938Z","triaged_by":"00000000-0000-0000-0000-000000000000","log_sources":[],"services":[],"signal_severity":[{"severity":"info","count":1}],"users":{},"critical_assets":[],"hosts":[],"additional_data":{},"triage_history":[{"triaged_at":"2026-06-03T18:55:42.108938Z","triaged_by":"00000000-0000-0000-0000-000000000000","triage_state":"reviewed"},{"triaged_at":"2026-06-03T13:32:14.735424Z","triaged_by":"00000000-0000-0000-0000-000000000000","triage_state":"reviewed"}]}}}}' code: 200 duration: 0ms headers: diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.freeze b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.freeze index 5814ac627e4..b1bf7726a10 100644 --- a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.freeze +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.freeze @@ -1 +1 @@ -2026-04-14T18:22:48.392Z \ No newline at end of file +2026-06-05T12:32:21.136Z \ No newline at end of file diff --git a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.yaml b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.yaml index f8a7945bb36..d46efb5ecad 100644 --- a/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.yaml +++ b/tests/scenarios/cassettes/TestScenarios/v2/Feature_Security_Monitoring/Scenario_List_indicators_of_compromise_returns_OK_response.yaml @@ -9,9 +9,8 @@ interactions: method: GET url: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer?limit=1 response: - body: '{"data":{"id":"a4e3b616-e180-4b47-a379-43da9c5b300e","type":"ioc_explorer_response","attributes":{"data":[{"id":"43.228.157.121","indicator":"43.228.157.121","indicator_type":"IP - Address","score":8,"as_type":"hosting","malicious_sources":[{"name":"threatfox"}],"suspicious_sources":[{"name":"tor"},{"name":"SPUR"}],"benign_sources":null,"categories":["malware","tor","hosting_proxy"],"tags":[],"signal_matches":0,"log_matches":14,"signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"RAISE_SCORE","m_persistence":"NO_EFFECT","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","as_geo":{"city":"Frankfurt - am Main","country_code":"DE","country_name":"Germany"}}],"metadata":{"count":25091},"paging":{"offset":1}}}}' + body: '{"data":{"id":"22b62903-4053-42ed-9448-c750da2ecd81","type":"ioc_explorer_response","attributes":{"data":[{"id":"192.0.2.1","indicator":"192.0.2.1","indicator_type":"IP + Address","score":4,"as_type":"hosting","malicious_sources":null,"suspicious_sources":[{"name":"SOURCE1"}],"benign_sources":null,"categories":["hosting_proxy"],"tags":[],"signal_matches":1,"log_matches":7,"signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"NO_EFFECT","m_persistence":"NO_EFFECT","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","triage_state":"reviewed","triaged_at":"2026-06-03T18:55:42.108938Z","triaged_by":"00000000-0000-0000-0000-000000000000"}],"metadata":{"count":585},"paging":{"offset":1}}}}' code: 200 duration: 0ms headers: diff --git a/tests/scenarios/features/v2/security_monitoring.feature b/tests/scenarios/features/v2/security_monitoring.feature index bae8918780e..7e4a21f8c64 100644 --- a/tests/scenarios/features/v2/security_monitoring.feature +++ b/tests/scenarios/features/v2/security_monitoring.feature @@ -954,6 +954,22 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: Create or update an indicator triage state returns "Bad Request" response + Given operation "CreateIoCTriageState" enabled + And new "CreateIoCTriageState" request + And body with value {"data": {"attributes": {"indicator": "192.0.2.1", "triage_state": "invalid_state"}, "type": "ioc_triage_state"}} + When the request is sent + Then the response status is 400 Bad Request + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: Create or update an indicator triage state returns "Created" response + Given operation "CreateIoCTriageState" enabled + And new "CreateIoCTriageState" request + And body with value {"data": {"attributes": {"indicator": "192.0.2.1", "triage_state": "reviewed"}, "type": "ioc_triage_state"}} + When the request is sent + Then the response status is 201 Created + @generated @skip @team:DataDog/k9-cloud-siem Scenario: Deactivate content pack returns "Accepted" response Given operation "DeactivateContentPack" enabled @@ -1730,7 +1746,8 @@ Feature: Security Monitoring Scenario: Get an indicator of compromise returns "OK" response Given operation "GetIndicatorOfCompromise" enabled And new "GetIndicatorOfCompromise" request - And request contains "indicator" parameter with value "masscan/1.3 (https://github.com/robertdavidgraham/masscan)" + And request contains "indicator" parameter with value "192.0.2.1" + And request contains "include_triage_history" parameter with value true When the request is sent Then the response status is 200 OK diff --git a/tests/scenarios/features/v2/undo.json b/tests/scenarios/features/v2/undo.json index 9101d0155cb..e5e1b9ed262 100644 --- a/tests/scenarios/features/v2/undo.json +++ b/tests/scenarios/features/v2/undo.json @@ -6706,6 +6706,12 @@ "type": "safe" } }, + "CreateIoCTriageState": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "GetSignalNotificationRules": { "tag": "Security Monitoring", "undo": {