diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 8a51fd127ec1..800c3477a46c 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -29884,6 +29884,30 @@ components: required: - self type: object + GetIoCIndicatorResponse: + description: Response for the get indicator of compromise endpoint. + properties: + data: + $ref: "#/components/schemas/GetIoCIndicatorResponseData" + type: object + GetIoCIndicatorResponseAttributes: + description: Attributes of the get indicator response. + properties: + data: + $ref: "#/components/schemas/IoCIndicatorDetailed" + type: object + GetIoCIndicatorResponseData: + description: IoC indicator response data object. + properties: + attributes: + $ref: "#/components/schemas/GetIoCIndicatorResponseAttributes" + id: + description: Unique identifier for the response. + type: string + type: + description: Response type identifier. + type: string + type: object GetIssueIncludeQueryParameterItem: description: Relationship object that should be included in the response. enum: @@ -35391,6 +35415,301 @@ components: type: string x-enum-varnames: - INVESTIGATION + IoCExplorerListResponse: + description: Response for the list indicators of compromise endpoint. + properties: + data: + $ref: "#/components/schemas/IoCExplorerListResponseData" + type: object + IoCExplorerListResponseAttributes: + description: Attributes of the IoC Explorer list response. + properties: + data: + description: List of indicators of compromise. + items: + $ref: "#/components/schemas/IoCIndicator" + type: array + metadata: + $ref: "#/components/schemas/IoCExplorerListResponseMetadata" + paging: + $ref: "#/components/schemas/IoCExplorerListResponsePaging" + type: object + IoCExplorerListResponseData: + description: IoC Explorer list response data object. + properties: + attributes: + $ref: "#/components/schemas/IoCExplorerListResponseAttributes" + id: + description: Unique identifier for the response. + type: string + type: + description: Response type identifier. + type: string + type: object + IoCExplorerListResponseMetadata: + description: Response metadata. + properties: + count: + description: Total number of indicators matching the query. + format: int64 + type: integer + type: object + IoCExplorerListResponsePaging: + description: Pagination information. + properties: + offset: + description: Current pagination offset. + format: int64 + type: integer + type: object + IoCGeoLocation: + description: Geographic location information for an IP indicator. + properties: + city: + description: City name. + type: string + country_code: + description: ISO country code. + type: string + country_name: + description: Full country name. + type: string + type: object + IoCIndicator: + description: An indicator of compromise with threat intelligence data. + properties: + as_geo: + $ref: "#/components/schemas/IoCGeoLocation" + as_type: + description: Autonomous system type. + type: string + benign_sources: + description: Threat intelligence sources that flagged this indicator as benign. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + categories: + description: Threat categories associated with the indicator. + items: + type: string + type: array + first_seen: + description: Timestamp when the indicator was first seen. + format: date-time + type: string + id: + description: Unique identifier for the indicator. + type: string + indicator: + description: The indicator value (for example, an IP address or domain). + type: string + indicator_type: + description: Type of indicator (for example, IP address or domain). + type: string + last_seen: + description: Timestamp when the indicator was last seen. + format: date-time + type: string + log_matches: + description: Number of logs that matched this indicator. + format: int64 + type: integer + m_as_type: + $ref: "#/components/schemas/IoCScoreEffect" + m_persistence: + $ref: "#/components/schemas/IoCScoreEffect" + m_signal: + $ref: "#/components/schemas/IoCScoreEffect" + m_sources: + $ref: "#/components/schemas/IoCScoreEffect" + malicious_sources: + description: Threat intelligence sources that flagged this indicator as malicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + max_trust_score: + $ref: "#/components/schemas/IoCScoreEffect" + score: + description: Threat score for the indicator (0-100). + format: double + type: number + signal_matches: + description: Number of security signals that matched this indicator. + format: int64 + type: integer + signal_tier: + description: Signal tier level. + format: int64 + type: integer + suspicious_sources: + description: Threat intelligence sources that flagged this indicator as suspicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + tags: + description: Tags associated with the indicator. + items: + type: string + type: array + type: object + IoCIndicatorDetailed: + description: An indicator of compromise with extended context from your environment. + properties: + additional_data: + additionalProperties: {} + description: Additional domain-specific context from threat intelligence sources. + type: object + as_cidr_block: + description: Autonomous system CIDR block. + type: string + as_geo: + $ref: "#/components/schemas/IoCGeoLocation" + as_number: + description: Autonomous system number. + type: string + as_organization: + description: Autonomous system organization name. + type: string + as_type: + description: Autonomous system type. + type: string + benign_sources: + description: Threat intelligence sources that flagged this indicator as benign. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + categories: + description: Threat categories associated with the indicator. + items: + type: string + type: array + critical_assets: + description: Critical assets associated with this indicator. + items: + type: string + type: array + first_seen: + description: Timestamp when the indicator was first seen. + format: date-time + type: string + hosts: + description: Hosts associated with this indicator. + items: + type: string + type: array + id: + description: Unique identifier for the indicator. + type: string + indicator: + description: The indicator value (for example, an IP address or domain). + type: string + indicator_type: + description: Type of indicator (for example, IP address or domain). + type: string + last_seen: + description: Timestamp when the indicator was last seen. + format: date-time + type: string + log_matches: + description: Number of logs that matched this indicator. + format: int64 + type: integer + log_sources: + description: Log sources where this indicator was observed. + items: + type: string + type: array + m_as_type: + $ref: "#/components/schemas/IoCScoreEffect" + m_persistence: + $ref: "#/components/schemas/IoCScoreEffect" + m_signal: + $ref: "#/components/schemas/IoCScoreEffect" + m_sources: + $ref: "#/components/schemas/IoCScoreEffect" + malicious_sources: + description: Threat intelligence sources that flagged this indicator as malicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + max_trust_score: + $ref: "#/components/schemas/IoCScoreEffect" + score: + description: Threat score for the indicator (0-100). + format: double + type: number + services: + description: Services where this indicator was observed. + items: + type: string + type: array + signal_matches: + description: Number of security signals that matched this indicator. + format: int64 + type: integer + signal_severity: + description: Breakdown of security signals by severity. + items: + $ref: "#/components/schemas/IoCSignalSeverityCount" + type: array + signal_tier: + description: Signal tier level. + format: int64 + type: integer + suspicious_sources: + description: Threat intelligence sources that flagged this indicator as suspicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + tags: + description: Tags associated with the indicator. + items: + type: string + type: array + users: + additionalProperties: + description: List of user identifiers in this category. + items: + type: string + type: array + description: Users associated with this indicator, grouped by category. + type: object + type: object + IoCScoreEffect: + description: Effect of a scoring factor on the indicator's threat score. + enum: + - RAISE_SCORE + - LOWER_SCORE + - NO_EFFECT + type: string + x-enum-varnames: + - RAISE_SCORE + - LOWER_SCORE + - NO_EFFECT + IoCSignalSeverityCount: + description: Count of security signals by severity level. + properties: + count: + description: Number of signals at this severity level. + format: int64 + type: integer + severity: + description: Severity level (for example, critical, high, medium, low, info). + type: string + type: object + IoCSource: + description: A threat intelligence source that has flagged an indicator. + properties: + name: + description: Name of the threat intelligence source. + type: string + type: object Issue: description: The issue matching the request. properties: @@ -110601,6 +110920,110 @@ paths: x-unstable: |- **Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9). + /api/v2/security/siem/ioc-explorer: + get: + description: |- + Get a list of indicators of compromise (IoCs) matching the specified filters. + operationId: ListIndicatorsOfCompromise + parameters: + - description: Number of results per page. + in: query + name: limit + required: false + schema: + default: 50 + format: int32 + maximum: 2147483647 + type: integer + - description: Pagination offset. + in: query + name: offset + required: false + schema: + default: 0 + format: int32 + maximum: 2147483647 + type: integer + - description: Search/filter query (supports field:value syntax). + in: query + name: query + required: false + schema: + type: string + - description: "Sort column: score, first_seen_ts_epoch, last_seen_ts_epoch, indicator, indicator_type, signal_count, log_count, category, as_type." + in: query + name: sort[column] + required: false + schema: + default: score + type: string + - description: "Sort order: asc or desc." + in: query + name: sort[order] + required: false + schema: + default: desc + type: string + responses: + "200": + content: + "application/json": + schema: + $ref: "#/components/schemas/IoCExplorerListResponse" + description: OK + "400": + $ref: "#/components/responses/BadRequestResponse" + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_read + summary: List indicators of compromise + tags: ["Security Monitoring"] + x-unstable: |- + **Note**: This endpoint is in beta and may be subject to changes. + Please check the documentation regularly for updates. + /api/v2/security/siem/ioc-explorer/indicator: + get: + description: |- + Get detailed information about a specific indicator of compromise (IoC). + operationId: GetIndicatorOfCompromise + parameters: + - description: The indicator value to look up (for example, an IP address or domain). + in: query + name: indicator + required: true + schema: + type: string + responses: + "200": + content: + "application/json": + schema: + $ref: "#/components/schemas/GetIoCIndicatorResponse" + description: OK + "400": + $ref: "#/components/responses/BadRequestResponse" + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_read + summary: Get an indicator of compromise + tags: ["Security Monitoring"] + x-unstable: |- + **Note**: This endpoint is in beta and may be subject to changes. + Please check the documentation regularly for updates. /api/v2/security/signals/notification_rules: get: description: Returns the list of notification rules for security signals. diff --git a/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-Not-Found-response.frozen new file mode 100644 index 000000000000..55d3aa91a891 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-Not-Found-response.frozen @@ -0,0 +1 @@ +2026-04-14T18:22:17.027Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-Not-Found-response.yml b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-Not-Found-response.yml new file mode 100644 index 000000000000..8452ee6f8060 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-Not-Found-response.yml @@ -0,0 +1,20 @@ +http_interactions: +- recorded_at: Tue, 14 Apr 2026 18:22:17 GMT + request: + body: null + headers: + Accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=this-indicator-does-not-exist.invalid + response: + body: + encoding: UTF-8 + string: '{"errors":[{"title":"Generic Error","detail":"indicator not found"}]}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 404 + message: Not Found +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.frozen new file mode 100644 index 000000000000..fc8ed109ad7d --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.frozen @@ -0,0 +1 @@ +2026-04-14T18:22:29.733Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.yml new file mode 100644 index 000000000000..2d315a527790 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.yml @@ -0,0 +1,23 @@ +http_interactions: +- recorded_at: Tue, 14 Apr 2026 18:22:29 GMT + request: + body: null + headers: + Accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=masscan%2F1.3%20%28https%3A%2F%2Fgithub.com%2Frobertdavidgraham%2Fmasscan%29 + response: + body: + encoding: UTF-8 + string: '{"data":{"id":"65a31893-cc59-4125-9424-44f7ba083e53","type":"get_indicator_response","attributes":{"data":{"id":"masscan/1.3 + (https://github.com/robertdavidgraham/masscan)","indicator":"masscan/1.3 (https://github.com/robertdavidgraham/masscan)","indicator_type":"User + Agent","score":4,"as_type":"hosting","malicious_sources":null,"suspicious_sources":[{"name":"Datadog + Threat Research"}],"benign_sources":null,"categories":["scanner"],"tags":[],"signal_matches":0,"log_matches":45,"first_seen":"2025-01-08T23:24:45Z","last_seen":"2026-04-10T14:36:20Z","signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"NO_EFFECT","m_persistence":"RAISE_SCORE","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","log_sources":[],"services":[],"signal_severity":[],"users":{},"critical_assets":[],"hosts":[],"as_number":"","as_organization":"","as_cidr_block":""}}}}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 200 + message: OK +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-Bad-Request-response.frozen new file mode 100644 index 000000000000..307d03acb4bd --- /dev/null +++ b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-Bad-Request-response.frozen @@ -0,0 +1 @@ +2026-04-14T18:22:40.711Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-Bad-Request-response.yml new file mode 100644 index 000000000000..235efa3851d1 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-Bad-Request-response.yml @@ -0,0 +1,22 @@ +http_interactions: +- recorded_at: Tue, 14 Apr 2026 18:22:40 GMT + request: + body: null + headers: + Accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer?query=invalid%3A%3A%3Aquery + response: + body: + encoding: UTF-8 + string: '{"errors":[{"title":"Generic Error","detail":"invalid query: invalid + query: syntax error: no viable alternative at input ''invalid::'' at line + 1 and char position 8"}]}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 400 + message: Bad Request +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.frozen new file mode 100644 index 000000000000..5814ac627e4a --- /dev/null +++ b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.frozen @@ -0,0 +1 @@ +2026-04-14T18:22:48.392Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.yml new file mode 100644 index 000000000000..dc75b5a6b97b --- /dev/null +++ b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.yml @@ -0,0 +1,22 @@ +http_interactions: +- recorded_at: Tue, 14 Apr 2026 18:22:48 GMT + request: + body: null + headers: + Accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer?limit=1 + response: + body: + encoding: UTF-8 + string: '{"data":{"id":"a4e3b616-e180-4b47-a379-43da9c5b300e","type":"ioc_explorer_response","attributes":{"data":[{"id":"43.228.157.121","indicator":"43.228.157.121","indicator_type":"IP + Address","score":8,"as_type":"hosting","malicious_sources":[{"name":"threatfox"}],"suspicious_sources":[{"name":"tor"},{"name":"SPUR"}],"benign_sources":null,"categories":["malware","tor","hosting_proxy"],"tags":[],"signal_matches":0,"log_matches":14,"signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"RAISE_SCORE","m_persistence":"NO_EFFECT","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","as_geo":{"city":"Frankfurt + am Main","country_code":"DE","country_name":"Germany"}}],"metadata":{"count":25091},"paging":{"offset":1}}}}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 200 + message: OK +recorded_with: VCR 6.0.0 diff --git a/examples/v2/security-monitoring/GetIndicatorOfCompromise.rb b/examples/v2/security-monitoring/GetIndicatorOfCompromise.rb new file mode 100644 index 000000000000..d7cb0568d777 --- /dev/null +++ b/examples/v2/security-monitoring/GetIndicatorOfCompromise.rb @@ -0,0 +1,8 @@ +# Get an indicator of compromise returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.get_indicator_of_compromise".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +p api_instance.get_indicator_of_compromise("masscan/1.3 (https://github.com/robertdavidgraham/masscan)") diff --git a/examples/v2/security-monitoring/ListIndicatorsOfCompromise.rb b/examples/v2/security-monitoring/ListIndicatorsOfCompromise.rb new file mode 100644 index 000000000000..ad44ec34b6ee --- /dev/null +++ b/examples/v2/security-monitoring/ListIndicatorsOfCompromise.rb @@ -0,0 +1,11 @@ +# List indicators of compromise returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.list_indicators_of_compromise".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +opts = { + limit: 1, +} +p api_instance.list_indicators_of_compromise(opts) diff --git a/features/scenarios_model_mapping.rb b/features/scenarios_model_mapping.rb index 2724d129a6a1..92509adc28e8 100644 --- a/features/scenarios_model_mapping.rb +++ b/features/scenarios_model_mapping.rb @@ -1594,6 +1594,16 @@ "filter_last_success_origin" => "String", "filter_last_success_env" => "String", }, + "v2.ListIndicatorsOfCompromise" => { + "limit" => "Integer", + "offset" => "Integer", + "query" => "String", + "sort_column" => "String", + "sort_order" => "String", + }, + "v2.GetIndicatorOfCompromise" => { + "indicator" => "String", + }, "v2.CreateSignalNotificationRule" => { "body" => "CreateNotificationRuleParameters", }, diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 1fdee4f141b9..ac7b626e0d39 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -1298,6 +1298,30 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "data[0].attributes.name" is equal to "suppression2 {{ unique_hash }}" + @generated @skip @team:DataDog/k9-cloud-siem + Scenario: Get an indicator of compromise returns "Bad Request" response + Given operation "GetIndicatorOfCompromise" enabled + And new "GetIndicatorOfCompromise" request + And request contains "indicator" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: Get an indicator of compromise returns "Not Found" response + Given operation "GetIndicatorOfCompromise" enabled + And new "GetIndicatorOfCompromise" request + And request contains "indicator" parameter with value "this-indicator-does-not-exist.invalid" + When the request is sent + Then the response status is 404 Not Found + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: Get an indicator of compromise returns "OK" response + Given operation "GetIndicatorOfCompromise" enabled + And new "GetIndicatorOfCompromise" request + And request contains "indicator" parameter with value "masscan/1.3 (https://github.com/robertdavidgraham/masscan)" + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-siem Scenario: Get content pack states returns "Not Found" response Given operation "GetContentPacksStates" enabled @@ -1573,6 +1597,22 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: List indicators of compromise returns "Bad Request" response + Given operation "ListIndicatorsOfCompromise" enabled + And new "ListIndicatorsOfCompromise" request + And request contains "query" parameter with value "invalid:::query" + When the request is sent + Then the response status is 400 Bad Request + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: List indicators of compromise returns "OK" response + Given operation "ListIndicatorsOfCompromise" enabled + And new "ListIndicatorsOfCompromise" request + And request contains "limit" parameter with value 1 + When the request is sent + Then the response status is 200 OK + @team:DataDog/k9-cloud-siem Scenario: List resource filters returns "Bad Request" response Given new "GetResourceEvaluationFilters" request diff --git a/features/v2/undo.json b/features/v2/undo.json index 02b5c2d4c59c..c7ef9624df90 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -5283,6 +5283,18 @@ "type": "safe" } }, + "ListIndicatorsOfCompromise": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "GetIndicatorOfCompromise": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "GetSignalNotificationRules": { "tag": "Security Monitoring", "undo": { diff --git a/lib/datadog_api_client/configuration.rb b/lib/datadog_api_client/configuration.rb index da7021b252fe..89f5b3e5b536 100644 --- a/lib/datadog_api_client/configuration.rb +++ b/lib/datadog_api_client/configuration.rb @@ -246,12 +246,14 @@ def initialize "v2.delete_threat_hunting_job": false, "v2.get_content_packs_states": false, "v2.get_finding": false, + "v2.get_indicator_of_compromise": false, "v2.get_rule_version_history": false, "v2.get_secrets_rules": false, "v2.get_security_monitoring_histsignal": false, "v2.get_security_monitoring_histsignals_by_job_id": false, "v2.get_threat_hunting_job": false, "v2.list_findings": false, + "v2.list_indicators_of_compromise": false, "v2.list_multiple_rulesets": false, "v2.list_scanned_assets_metadata": false, "v2.list_security_monitoring_histsignals": false, diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb index b33506479bc1..d29acef8c25c 100644 --- a/lib/datadog_api_client/inflector.rb +++ b/lib/datadog_api_client/inflector.rb @@ -2871,6 +2871,9 @@ def overrides "v2.get_investigation_response_data" => "GetInvestigationResponseData", "v2.get_investigation_response_data_attributes" => "GetInvestigationResponseDataAttributes", "v2.get_investigation_response_links" => "GetInvestigationResponseLinks", + "v2.get_io_c_indicator_response" => "GetIoCIndicatorResponse", + "v2.get_io_c_indicator_response_attributes" => "GetIoCIndicatorResponseAttributes", + "v2.get_io_c_indicator_response_data" => "GetIoCIndicatorResponseData", "v2.get_issue_include_query_parameter_item" => "GetIssueIncludeQueryParameterItem", "v2.get_mapping_response" => "GetMappingResponse", "v2.get_mapping_response_data" => "GetMappingResponseData", @@ -3231,6 +3234,17 @@ def overrides "v2.interface_attributes_status" => "InterfaceAttributesStatus", "v2.investigation_conclusion" => "InvestigationConclusion", "v2.investigation_type" => "InvestigationType", + "v2.io_c_explorer_list_response" => "IoCExplorerListResponse", + "v2.io_c_explorer_list_response_attributes" => "IoCExplorerListResponseAttributes", + "v2.io_c_explorer_list_response_data" => "IoCExplorerListResponseData", + "v2.io_c_explorer_list_response_metadata" => "IoCExplorerListResponseMetadata", + "v2.io_c_explorer_list_response_paging" => "IoCExplorerListResponsePaging", + "v2.io_c_geo_location" => "IoCGeoLocation", + "v2.io_c_indicator" => "IoCIndicator", + "v2.io_c_indicator_detailed" => "IoCIndicatorDetailed", + "v2.io_c_score_effect" => "IoCScoreEffect", + "v2.io_c_signal_severity_count" => "IoCSignalSeverityCount", + "v2.io_c_source" => "IoCSource", "v2.ip_allowlist_attributes" => "IPAllowlistAttributes", "v2.ip_allowlist_data" => "IPAllowlistData", "v2.ip_allowlist_entry" => "IPAllowlistEntry", diff --git a/lib/datadog_api_client/v2/api/security_monitoring_api.rb b/lib/datadog_api_client/v2/api/security_monitoring_api.rb index 7089c5958b6f..ad3c60d17c8d 100644 --- a/lib/datadog_api_client/v2/api/security_monitoring_api.rb +++ b/lib/datadog_api_client/v2/api/security_monitoring_api.rb @@ -2504,6 +2504,78 @@ def get_finding_with_http_info(finding_id, opts = {}) return data, status_code, headers end + # Get an indicator of compromise. + # + # @see #get_indicator_of_compromise_with_http_info + def get_indicator_of_compromise(indicator, opts = {}) + data, _status_code, _headers = get_indicator_of_compromise_with_http_info(indicator, opts) + data + end + + # Get an indicator of compromise. + # + # Get detailed information about a specific indicator of compromise (IoC). + # + # @param indicator [String] The indicator value to look up (for example, an IP address or domain). + # @param opts [Hash] the optional parameters + # @return [Array<(GetIoCIndicatorResponse, Integer, Hash)>] GetIoCIndicatorResponse data, response status code and response headers + def get_indicator_of_compromise_with_http_info(indicator, opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.get_indicator_of_compromise".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.get_indicator_of_compromise") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.get_indicator_of_compromise")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.get_indicator_of_compromise ...' + end + # verify the required parameter 'indicator' is set + if @api_client.config.client_side_validation && indicator.nil? + fail ArgumentError, "Missing the required parameter 'indicator' when calling SecurityMonitoringAPI.get_indicator_of_compromise" + end + # resource path + local_var_path = '/api/v2/security/siem/ioc-explorer/indicator' + + # query parameters + query_params = opts[:query_params] || {} + query_params[:'indicator'] = indicator + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'GetIoCIndicatorResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :get_indicator_of_compromise, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#get_indicator_of_compromise\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Get investigation queries for a signal. # # @see #get_investigation_log_queries_matching_signal_with_http_info @@ -4213,6 +4285,88 @@ def list_findings_with_pagination(opts = {}) end end + # List indicators of compromise. + # + # @see #list_indicators_of_compromise_with_http_info + def list_indicators_of_compromise(opts = {}) + data, _status_code, _headers = list_indicators_of_compromise_with_http_info(opts) + data + end + + # List indicators of compromise. + # + # Get a list of indicators of compromise (IoCs) matching the specified filters. + # + # @param opts [Hash] the optional parameters + # @option opts [Integer] :limit Number of results per page. + # @option opts [Integer] :offset Pagination offset. + # @option opts [String] :query Search/filter query (supports field:value syntax). + # @option opts [String] :sort_column Sort column: score, first_seen_ts_epoch, last_seen_ts_epoch, indicator, indicator_type, signal_count, log_count, category, as_type. + # @option opts [String] :sort_order Sort order: asc or desc. + # @return [Array<(IoCExplorerListResponse, Integer, Hash)>] IoCExplorerListResponse data, response status code and response headers + def list_indicators_of_compromise_with_http_info(opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.list_indicators_of_compromise".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.list_indicators_of_compromise") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.list_indicators_of_compromise")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.list_indicators_of_compromise ...' + end + if @api_client.config.client_side_validation && !opts[:'limit'].nil? && opts[:'limit'] > 2147483647 + fail ArgumentError, 'invalid value for "opts[:"limit"]" when calling SecurityMonitoringAPI.list_indicators_of_compromise, must be smaller than or equal to 2147483647.' + end + if @api_client.config.client_side_validation && !opts[:'offset'].nil? && opts[:'offset'] > 2147483647 + fail ArgumentError, 'invalid value for "opts[:"offset"]" when calling SecurityMonitoringAPI.list_indicators_of_compromise, must be smaller than or equal to 2147483647.' + end + # resource path + local_var_path = '/api/v2/security/siem/ioc-explorer' + + # query parameters + query_params = opts[:query_params] || {} + query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil? + query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil? + query_params[:'query'] = opts[:'query'] if !opts[:'query'].nil? + query_params[:'sort[column]'] = opts[:'sort_column'] if !opts[:'sort_column'].nil? + query_params[:'sort[order]'] = opts[:'sort_order'] if !opts[:'sort_order'].nil? + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'IoCExplorerListResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :list_indicators_of_compromise, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#list_indicators_of_compromise\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Ruleset get multiple. # # @see #list_multiple_rulesets_with_http_info diff --git a/lib/datadog_api_client/v2/models/get_io_c_indicator_response.rb b/lib/datadog_api_client/v2/models/get_io_c_indicator_response.rb new file mode 100644 index 000000000000..4dff194a0ebb --- /dev/null +++ b/lib/datadog_api_client/v2/models/get_io_c_indicator_response.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Response for the get indicator of compromise endpoint. + class GetIoCIndicatorResponse + include BaseGenericModel + + # IoC indicator response data object. + attr_accessor :data + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'data' => :'data' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'data' => :'GetIoCIndicatorResponseData' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::GetIoCIndicatorResponse` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'data') + self.data = attributes[:'data'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [data, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/get_io_c_indicator_response_attributes.rb b/lib/datadog_api_client/v2/models/get_io_c_indicator_response_attributes.rb new file mode 100644 index 000000000000..2d877086521b --- /dev/null +++ b/lib/datadog_api_client/v2/models/get_io_c_indicator_response_attributes.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Attributes of the get indicator response. + class GetIoCIndicatorResponseAttributes + include BaseGenericModel + + # An indicator of compromise with extended context from your environment. + attr_accessor :data + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'data' => :'data' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'data' => :'IoCIndicatorDetailed' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::GetIoCIndicatorResponseAttributes` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'data') + self.data = attributes[:'data'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [data, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/get_io_c_indicator_response_data.rb b/lib/datadog_api_client/v2/models/get_io_c_indicator_response_data.rb new file mode 100644 index 000000000000..34c825ee7489 --- /dev/null +++ b/lib/datadog_api_client/v2/models/get_io_c_indicator_response_data.rb @@ -0,0 +1,125 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # IoC indicator response data object. + class GetIoCIndicatorResponseData + include BaseGenericModel + + # Attributes of the get indicator response. + attr_accessor :attributes + + # Unique identifier for the response. + attr_accessor :id + + # Response type identifier. + attr_accessor :type + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'attributes' => :'attributes', + :'id' => :'id', + :'type' => :'type' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'attributes' => :'GetIoCIndicatorResponseAttributes', + :'id' => :'String', + :'type' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::GetIoCIndicatorResponseData` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + id == o.id && + type == o.type && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [attributes, id, type, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_explorer_list_response.rb b/lib/datadog_api_client/v2/models/io_c_explorer_list_response.rb new file mode 100644 index 000000000000..e48d7b35348d --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_explorer_list_response.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Response for the list indicators of compromise endpoint. + class IoCExplorerListResponse + include BaseGenericModel + + # IoC Explorer list response data object. + attr_accessor :data + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'data' => :'data' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'data' => :'IoCExplorerListResponseData' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCExplorerListResponse` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'data') + self.data = attributes[:'data'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [data, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_explorer_list_response_attributes.rb b/lib/datadog_api_client/v2/models/io_c_explorer_list_response_attributes.rb new file mode 100644 index 000000000000..dbea13cc546e --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_explorer_list_response_attributes.rb @@ -0,0 +1,127 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Attributes of the IoC Explorer list response. + class IoCExplorerListResponseAttributes + include BaseGenericModel + + # List of indicators of compromise. + attr_accessor :data + + # Response metadata. + attr_accessor :metadata + + # Pagination information. + attr_accessor :paging + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'data' => :'data', + :'metadata' => :'metadata', + :'paging' => :'paging' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'data' => :'Array', + :'metadata' => :'IoCExplorerListResponseMetadata', + :'paging' => :'IoCExplorerListResponsePaging' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCExplorerListResponseAttributes` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'data') + if (value = attributes[:'data']).is_a?(Array) + self.data = value + end + end + + if attributes.key?(:'metadata') + self.metadata = attributes[:'metadata'] + end + + if attributes.key?(:'paging') + self.paging = attributes[:'paging'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data && + metadata == o.metadata && + paging == o.paging && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [data, metadata, paging, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_explorer_list_response_data.rb b/lib/datadog_api_client/v2/models/io_c_explorer_list_response_data.rb new file mode 100644 index 000000000000..c64d1f4f2454 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_explorer_list_response_data.rb @@ -0,0 +1,125 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # IoC Explorer list response data object. + class IoCExplorerListResponseData + include BaseGenericModel + + # Attributes of the IoC Explorer list response. + attr_accessor :attributes + + # Unique identifier for the response. + attr_accessor :id + + # Response type identifier. + attr_accessor :type + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'attributes' => :'attributes', + :'id' => :'id', + :'type' => :'type' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'attributes' => :'IoCExplorerListResponseAttributes', + :'id' => :'String', + :'type' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCExplorerListResponseData` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + id == o.id && + type == o.type && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [attributes, id, type, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_explorer_list_response_metadata.rb b/lib/datadog_api_client/v2/models/io_c_explorer_list_response_metadata.rb new file mode 100644 index 000000000000..742c4b840bf9 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_explorer_list_response_metadata.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Response metadata. + class IoCExplorerListResponseMetadata + include BaseGenericModel + + # Total number of indicators matching the query. + attr_accessor :count + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'count' => :'count' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'count' => :'Integer' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCExplorerListResponseMetadata` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'count') + self.count = attributes[:'count'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + count == o.count && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [count, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_explorer_list_response_paging.rb b/lib/datadog_api_client/v2/models/io_c_explorer_list_response_paging.rb new file mode 100644 index 000000000000..4935d8882c5e --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_explorer_list_response_paging.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Pagination information. + class IoCExplorerListResponsePaging + include BaseGenericModel + + # Current pagination offset. + attr_accessor :offset + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'offset' => :'offset' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'offset' => :'Integer' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCExplorerListResponsePaging` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'offset') + self.offset = attributes[:'offset'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + offset == o.offset && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [offset, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_geo_location.rb b/lib/datadog_api_client/v2/models/io_c_geo_location.rb new file mode 100644 index 000000000000..98911b1e46c1 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_geo_location.rb @@ -0,0 +1,125 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Geographic location information for an IP indicator. + class IoCGeoLocation + include BaseGenericModel + + # City name. + attr_accessor :city + + # ISO country code. + attr_accessor :country_code + + # Full country name. + attr_accessor :country_name + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'city' => :'city', + :'country_code' => :'country_code', + :'country_name' => :'country_name' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'city' => :'String', + :'country_code' => :'String', + :'country_name' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCGeoLocation` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'city') + self.city = attributes[:'city'] + end + + if attributes.key?(:'country_code') + self.country_code = attributes[:'country_code'] + end + + if attributes.key?(:'country_name') + self.country_name = attributes[:'country_name'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + city == o.city && + country_code == o.country_code && + country_name == o.country_name && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [city, country_code, country_name, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_indicator.rb b/lib/datadog_api_client/v2/models/io_c_indicator.rb new file mode 100644 index 000000000000..1a7ab2b5551e --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_indicator.rb @@ -0,0 +1,325 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # An indicator of compromise with threat intelligence data. + class IoCIndicator + include BaseGenericModel + + # Geographic location information for an IP indicator. + attr_accessor :as_geo + + # Autonomous system type. + attr_accessor :as_type + + # Threat intelligence sources that flagged this indicator as benign. + attr_accessor :benign_sources + + # Threat categories associated with the indicator. + attr_accessor :categories + + # Timestamp when the indicator was first seen. + attr_accessor :first_seen + + # Unique identifier for the indicator. + attr_accessor :id + + # The indicator value (for example, an IP address or domain). + attr_accessor :indicator + + # Type of indicator (for example, IP address or domain). + attr_accessor :indicator_type + + # Timestamp when the indicator was last seen. + attr_accessor :last_seen + + # Number of logs that matched this indicator. + attr_accessor :log_matches + + # Effect of a scoring factor on the indicator's threat score. + attr_accessor :m_as_type + + # Effect of a scoring factor on the indicator's threat score. + attr_accessor :m_persistence + + # Effect of a scoring factor on the indicator's threat score. + attr_accessor :m_signal + + # Effect of a scoring factor on the indicator's threat score. + attr_accessor :m_sources + + # Threat intelligence sources that flagged this indicator as malicious. + attr_accessor :malicious_sources + + # Effect of a scoring factor on the indicator's threat score. + attr_accessor :max_trust_score + + # Threat score for the indicator (0-100). + attr_accessor :score + + # Number of security signals that matched this indicator. + attr_accessor :signal_matches + + # Signal tier level. + attr_accessor :signal_tier + + # Threat intelligence sources that flagged this indicator as suspicious. + attr_accessor :suspicious_sources + + # Tags associated with the indicator. + attr_accessor :tags + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'as_geo' => :'as_geo', + :'as_type' => :'as_type', + :'benign_sources' => :'benign_sources', + :'categories' => :'categories', + :'first_seen' => :'first_seen', + :'id' => :'id', + :'indicator' => :'indicator', + :'indicator_type' => :'indicator_type', + :'last_seen' => :'last_seen', + :'log_matches' => :'log_matches', + :'m_as_type' => :'m_as_type', + :'m_persistence' => :'m_persistence', + :'m_signal' => :'m_signal', + :'m_sources' => :'m_sources', + :'malicious_sources' => :'malicious_sources', + :'max_trust_score' => :'max_trust_score', + :'score' => :'score', + :'signal_matches' => :'signal_matches', + :'signal_tier' => :'signal_tier', + :'suspicious_sources' => :'suspicious_sources', + :'tags' => :'tags' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'as_geo' => :'IoCGeoLocation', + :'as_type' => :'String', + :'benign_sources' => :'Array', + :'categories' => :'Array', + :'first_seen' => :'Time', + :'id' => :'String', + :'indicator' => :'String', + :'indicator_type' => :'String', + :'last_seen' => :'Time', + :'log_matches' => :'Integer', + :'m_as_type' => :'IoCScoreEffect', + :'m_persistence' => :'IoCScoreEffect', + :'m_signal' => :'IoCScoreEffect', + :'m_sources' => :'IoCScoreEffect', + :'malicious_sources' => :'Array', + :'max_trust_score' => :'IoCScoreEffect', + :'score' => :'Float', + :'signal_matches' => :'Integer', + :'signal_tier' => :'Integer', + :'suspicious_sources' => :'Array', + :'tags' => :'Array' + } + end + + # List of attributes with nullable: true + # @!visibility private + def self.openapi_nullable + Set.new([ + :'benign_sources', + :'malicious_sources', + :'suspicious_sources', + ]) + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCIndicator` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'as_geo') + self.as_geo = attributes[:'as_geo'] + end + + if attributes.key?(:'as_type') + self.as_type = attributes[:'as_type'] + end + + if attributes.key?(:'benign_sources') + if (value = attributes[:'benign_sources']).is_a?(Array) + self.benign_sources = value + end + end + + if attributes.key?(:'categories') + if (value = attributes[:'categories']).is_a?(Array) + self.categories = value + end + end + + if attributes.key?(:'first_seen') + self.first_seen = attributes[:'first_seen'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'indicator') + self.indicator = attributes[:'indicator'] + end + + if attributes.key?(:'indicator_type') + self.indicator_type = attributes[:'indicator_type'] + end + + if attributes.key?(:'last_seen') + self.last_seen = attributes[:'last_seen'] + end + + if attributes.key?(:'log_matches') + self.log_matches = attributes[:'log_matches'] + end + + if attributes.key?(:'m_as_type') + self.m_as_type = attributes[:'m_as_type'] + end + + if attributes.key?(:'m_persistence') + self.m_persistence = attributes[:'m_persistence'] + end + + if attributes.key?(:'m_signal') + self.m_signal = attributes[:'m_signal'] + end + + if attributes.key?(:'m_sources') + self.m_sources = attributes[:'m_sources'] + end + + if attributes.key?(:'malicious_sources') + if (value = attributes[:'malicious_sources']).is_a?(Array) + self.malicious_sources = value + end + end + + if attributes.key?(:'max_trust_score') + self.max_trust_score = attributes[:'max_trust_score'] + end + + if attributes.key?(:'score') + self.score = attributes[:'score'] + end + + if attributes.key?(:'signal_matches') + self.signal_matches = attributes[:'signal_matches'] + end + + if attributes.key?(:'signal_tier') + self.signal_tier = attributes[:'signal_tier'] + end + + if attributes.key?(:'suspicious_sources') + if (value = attributes[:'suspicious_sources']).is_a?(Array) + self.suspicious_sources = value + end + end + + if attributes.key?(:'tags') + if (value = attributes[:'tags']).is_a?(Array) + self.tags = value + end + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + as_geo == o.as_geo && + as_type == o.as_type && + benign_sources == o.benign_sources && + categories == o.categories && + first_seen == o.first_seen && + id == o.id && + indicator == o.indicator && + indicator_type == o.indicator_type && + last_seen == o.last_seen && + log_matches == o.log_matches && + m_as_type == o.m_as_type && + m_persistence == o.m_persistence && + m_signal == o.m_signal && + m_sources == o.m_sources && + malicious_sources == o.malicious_sources && + max_trust_score == o.max_trust_score && + score == o.score && + signal_matches == o.signal_matches && + signal_tier == o.signal_tier && + suspicious_sources == o.suspicious_sources && + tags == o.tags && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [as_geo, as_type, benign_sources, categories, first_seen, id, indicator, indicator_type, last_seen, log_matches, m_as_type, m_persistence, m_signal, m_sources, malicious_sources, max_trust_score, score, signal_matches, signal_tier, suspicious_sources, tags, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_indicator_detailed.rb b/lib/datadog_api_client/v2/models/io_c_indicator_detailed.rb new file mode 100644 index 000000000000..cdf7447b6c73 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_indicator_detailed.rb @@ -0,0 +1,435 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # An indicator of compromise with extended context from your environment. + class IoCIndicatorDetailed + include BaseGenericModel + + # Additional domain-specific context from threat intelligence sources. + attr_accessor :additional_data + + # Autonomous system CIDR block. + attr_accessor :as_cidr_block + + # Geographic location information for an IP indicator. + attr_accessor :as_geo + + # Autonomous system number. + attr_accessor :as_number + + # Autonomous system organization name. + attr_accessor :as_organization + + # Autonomous system type. + attr_accessor :as_type + + # Threat intelligence sources that flagged this indicator as benign. + attr_accessor :benign_sources + + # Threat categories associated with the indicator. + attr_accessor :categories + + # Critical assets associated with this indicator. + attr_accessor :critical_assets + + # Timestamp when the indicator was first seen. + attr_accessor :first_seen + + # Hosts associated with this indicator. + attr_accessor :hosts + + # Unique identifier for the indicator. + attr_accessor :id + + # The indicator value (for example, an IP address or domain). + attr_accessor :indicator + + # Type of indicator (for example, IP address or domain). + attr_accessor :indicator_type + + # Timestamp when the indicator was last seen. + attr_accessor :last_seen + + # Number of logs that matched this indicator. + attr_accessor :log_matches + + # Log sources where this indicator was observed. + attr_accessor :log_sources + + # Effect of a scoring factor on the indicator's threat score. + attr_accessor :m_as_type + + # Effect of a scoring factor on the indicator's threat score. + attr_accessor :m_persistence + + # Effect of a scoring factor on the indicator's threat score. + attr_accessor :m_signal + + # Effect of a scoring factor on the indicator's threat score. + attr_accessor :m_sources + + # Threat intelligence sources that flagged this indicator as malicious. + attr_accessor :malicious_sources + + # Effect of a scoring factor on the indicator's threat score. + attr_accessor :max_trust_score + + # Threat score for the indicator (0-100). + attr_accessor :score + + # Services where this indicator was observed. + attr_accessor :services + + # Number of security signals that matched this indicator. + attr_accessor :signal_matches + + # Breakdown of security signals by severity. + attr_accessor :signal_severity + + # Signal tier level. + attr_accessor :signal_tier + + # Threat intelligence sources that flagged this indicator as suspicious. + attr_accessor :suspicious_sources + + # Tags associated with the indicator. + attr_accessor :tags + + # Users associated with this indicator, grouped by category. + attr_accessor :users + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'additional_data' => :'additional_data', + :'as_cidr_block' => :'as_cidr_block', + :'as_geo' => :'as_geo', + :'as_number' => :'as_number', + :'as_organization' => :'as_organization', + :'as_type' => :'as_type', + :'benign_sources' => :'benign_sources', + :'categories' => :'categories', + :'critical_assets' => :'critical_assets', + :'first_seen' => :'first_seen', + :'hosts' => :'hosts', + :'id' => :'id', + :'indicator' => :'indicator', + :'indicator_type' => :'indicator_type', + :'last_seen' => :'last_seen', + :'log_matches' => :'log_matches', + :'log_sources' => :'log_sources', + :'m_as_type' => :'m_as_type', + :'m_persistence' => :'m_persistence', + :'m_signal' => :'m_signal', + :'m_sources' => :'m_sources', + :'malicious_sources' => :'malicious_sources', + :'max_trust_score' => :'max_trust_score', + :'score' => :'score', + :'services' => :'services', + :'signal_matches' => :'signal_matches', + :'signal_severity' => :'signal_severity', + :'signal_tier' => :'signal_tier', + :'suspicious_sources' => :'suspicious_sources', + :'tags' => :'tags', + :'users' => :'users' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'additional_data' => :'Hash', + :'as_cidr_block' => :'String', + :'as_geo' => :'IoCGeoLocation', + :'as_number' => :'String', + :'as_organization' => :'String', + :'as_type' => :'String', + :'benign_sources' => :'Array', + :'categories' => :'Array', + :'critical_assets' => :'Array', + :'first_seen' => :'Time', + :'hosts' => :'Array', + :'id' => :'String', + :'indicator' => :'String', + :'indicator_type' => :'String', + :'last_seen' => :'Time', + :'log_matches' => :'Integer', + :'log_sources' => :'Array', + :'m_as_type' => :'IoCScoreEffect', + :'m_persistence' => :'IoCScoreEffect', + :'m_signal' => :'IoCScoreEffect', + :'m_sources' => :'IoCScoreEffect', + :'malicious_sources' => :'Array', + :'max_trust_score' => :'IoCScoreEffect', + :'score' => :'Float', + :'services' => :'Array', + :'signal_matches' => :'Integer', + :'signal_severity' => :'Array', + :'signal_tier' => :'Integer', + :'suspicious_sources' => :'Array', + :'tags' => :'Array', + :'users' => :'Hash>' + } + end + + # List of attributes with nullable: true + # @!visibility private + def self.openapi_nullable + Set.new([ + :'benign_sources', + :'malicious_sources', + :'suspicious_sources', + ]) + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCIndicatorDetailed` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'additional_data') + self.additional_data = attributes[:'additional_data'] + end + + if attributes.key?(:'as_cidr_block') + self.as_cidr_block = attributes[:'as_cidr_block'] + end + + if attributes.key?(:'as_geo') + self.as_geo = attributes[:'as_geo'] + end + + if attributes.key?(:'as_number') + self.as_number = attributes[:'as_number'] + end + + if attributes.key?(:'as_organization') + self.as_organization = attributes[:'as_organization'] + end + + if attributes.key?(:'as_type') + self.as_type = attributes[:'as_type'] + end + + if attributes.key?(:'benign_sources') + if (value = attributes[:'benign_sources']).is_a?(Array) + self.benign_sources = value + end + end + + if attributes.key?(:'categories') + if (value = attributes[:'categories']).is_a?(Array) + self.categories = value + end + end + + if attributes.key?(:'critical_assets') + if (value = attributes[:'critical_assets']).is_a?(Array) + self.critical_assets = value + end + end + + if attributes.key?(:'first_seen') + self.first_seen = attributes[:'first_seen'] + end + + if attributes.key?(:'hosts') + if (value = attributes[:'hosts']).is_a?(Array) + self.hosts = value + end + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'indicator') + self.indicator = attributes[:'indicator'] + end + + if attributes.key?(:'indicator_type') + self.indicator_type = attributes[:'indicator_type'] + end + + if attributes.key?(:'last_seen') + self.last_seen = attributes[:'last_seen'] + end + + if attributes.key?(:'log_matches') + self.log_matches = attributes[:'log_matches'] + end + + if attributes.key?(:'log_sources') + if (value = attributes[:'log_sources']).is_a?(Array) + self.log_sources = value + end + end + + if attributes.key?(:'m_as_type') + self.m_as_type = attributes[:'m_as_type'] + end + + if attributes.key?(:'m_persistence') + self.m_persistence = attributes[:'m_persistence'] + end + + if attributes.key?(:'m_signal') + self.m_signal = attributes[:'m_signal'] + end + + if attributes.key?(:'m_sources') + self.m_sources = attributes[:'m_sources'] + end + + if attributes.key?(:'malicious_sources') + if (value = attributes[:'malicious_sources']).is_a?(Array) + self.malicious_sources = value + end + end + + if attributes.key?(:'max_trust_score') + self.max_trust_score = attributes[:'max_trust_score'] + end + + if attributes.key?(:'score') + self.score = attributes[:'score'] + end + + if attributes.key?(:'services') + if (value = attributes[:'services']).is_a?(Array) + self.services = value + end + end + + if attributes.key?(:'signal_matches') + self.signal_matches = attributes[:'signal_matches'] + end + + if attributes.key?(:'signal_severity') + if (value = attributes[:'signal_severity']).is_a?(Array) + self.signal_severity = value + end + end + + if attributes.key?(:'signal_tier') + self.signal_tier = attributes[:'signal_tier'] + end + + if attributes.key?(:'suspicious_sources') + if (value = attributes[:'suspicious_sources']).is_a?(Array) + self.suspicious_sources = value + end + end + + if attributes.key?(:'tags') + if (value = attributes[:'tags']).is_a?(Array) + self.tags = value + end + end + + if attributes.key?(:'users') + self.users = attributes[:'users'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + additional_data == o.additional_data && + as_cidr_block == o.as_cidr_block && + as_geo == o.as_geo && + as_number == o.as_number && + as_organization == o.as_organization && + as_type == o.as_type && + benign_sources == o.benign_sources && + categories == o.categories && + critical_assets == o.critical_assets && + first_seen == o.first_seen && + hosts == o.hosts && + id == o.id && + indicator == o.indicator && + indicator_type == o.indicator_type && + last_seen == o.last_seen && + log_matches == o.log_matches && + log_sources == o.log_sources && + m_as_type == o.m_as_type && + m_persistence == o.m_persistence && + m_signal == o.m_signal && + m_sources == o.m_sources && + malicious_sources == o.malicious_sources && + max_trust_score == o.max_trust_score && + score == o.score && + services == o.services && + signal_matches == o.signal_matches && + signal_severity == o.signal_severity && + signal_tier == o.signal_tier && + suspicious_sources == o.suspicious_sources && + tags == o.tags && + users == o.users && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [additional_data, as_cidr_block, as_geo, as_number, as_organization, as_type, benign_sources, categories, critical_assets, first_seen, hosts, id, indicator, indicator_type, last_seen, log_matches, log_sources, m_as_type, m_persistence, m_signal, m_sources, malicious_sources, max_trust_score, score, services, signal_matches, signal_severity, signal_tier, suspicious_sources, tags, users, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_score_effect.rb b/lib/datadog_api_client/v2/models/io_c_score_effect.rb new file mode 100644 index 000000000000..f29ac66760d9 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_score_effect.rb @@ -0,0 +1,28 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Effect of a scoring factor on the indicator's threat score. + class IoCScoreEffect + include BaseEnumModel + + RAISE_SCORE = "RAISE_SCORE".freeze + LOWER_SCORE = "LOWER_SCORE".freeze + NO_EFFECT = "NO_EFFECT".freeze + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_signal_severity_count.rb b/lib/datadog_api_client/v2/models/io_c_signal_severity_count.rb new file mode 100644 index 000000000000..5d36a43bd66c --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_signal_severity_count.rb @@ -0,0 +1,115 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Count of security signals by severity level. + class IoCSignalSeverityCount + include BaseGenericModel + + # Number of signals at this severity level. + attr_accessor :count + + # Severity level (for example, critical, high, medium, low, info). + attr_accessor :severity + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'count' => :'count', + :'severity' => :'severity' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'count' => :'Integer', + :'severity' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCSignalSeverityCount` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'count') + self.count = attributes[:'count'] + end + + if attributes.key?(:'severity') + self.severity = attributes[:'severity'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + count == o.count && + severity == o.severity && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [count, severity, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_source.rb b/lib/datadog_api_client/v2/models/io_c_source.rb new file mode 100644 index 000000000000..2ca19e8cddc5 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_source.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # A threat intelligence source that has flagged an indicator. + class IoCSource + include BaseGenericModel + + # Name of the threat intelligence source. + attr_accessor :name + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'name' => :'name' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'name' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCSource` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + name == o.name && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [name, additional_properties].hash + end + end +end