diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 2d470c8f2f02..5c2db3b45810 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -30868,9 +30868,10 @@ components: additionalProperties: {} description: The set of attributes recorded for the entity at this revision. The keys depend on the kind of entity. example: + accounts: + - linked-account-123 display_name: Test User - emails: - - user@example.com + email: user@example.com principal_id: user@example.com type: object EntityData: @@ -86488,6 +86489,14 @@ components: type: string x-enum-varnames: - AGGREGATED_DNS + SingleEntityContextResponse: + description: Response from the single entity context endpoint, containing the matching entity. + properties: + data: + $ref: "#/components/schemas/EntityContextEntity" + required: + - data + type: object SlackIntegrationMetadata: description: Incident integration metadata for the Slack integration. properties: @@ -163328,9 +163337,10 @@ paths: - attributes: revisions: - attributes: + accounts: + - linked-account-123 display_name: Test User - emails: - - user@example.com + email: user@example.com principal_id: user@example.com first_seen_at: "2026-04-01T00:00:00Z" last_seen_at: "2026-05-01T00:00:00Z" @@ -163361,7 +163371,98 @@ paths: permissions: - siem_entities_read x-unstable: |- - **Note**: This endpoint is in preview and is subject to change. + **Note**: This endpoint is in Preview and is subject to change. + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). + /api/v2/security_monitoring/entity_context/{id}: + get: + description: |- + Get a single entity from the Cloud SIEM entity context store by its identifier, returning the historical + revisions of the entity in the requested time range. The endpoint can either return revisions across an + interval (`from` / `to`) or the snapshot of the entity at a single point in time (`as_of`); the two modes + are mutually exclusive. + operationId: GetSingleEntityContext + parameters: + - description: The unique identifier of the entity to retrieve. + in: path + name: id + required: true + schema: + example: user@example.com + type: string + - description: |- + The start of the time range to query, as an RFC3339 timestamp or a relative time (for example, `now-7d`). + Defaults to `now-7d`. Ignored when `as_of` is set. + in: query + name: from + required: false + schema: + default: now-7d + example: now-7d + type: string + - description: |- + The end of the time range to query, as an RFC3339 timestamp or a relative time (for example, `now`). + Defaults to `now`. Ignored when `as_of` is set. + in: query + name: to + required: false + schema: + default: now + example: now + type: string + - description: |- + A point in time at which to query the entity revisions, as an RFC3339 timestamp, a Unix timestamp + (in seconds), or a relative time (for example, `now-1d`). When set, `from` and `to` are ignored. + Cannot be combined with custom `from` / `to` values. + example: now-1d + in: query + name: as_of + required: false + schema: + type: string + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + attributes: + revisions: + - attributes: + accounts: + - linked-account-123 + display_name: Test User + email: user@example.com + principal_id: user@example.com + first_seen_at: "2026-04-01T00:00:00Z" + last_seen_at: "2026-05-01T00:00:00Z" + id: user@example.com + type: siem_entity_identity + schema: + $ref: "#/components/schemas/SingleEntityContextResponse" + description: OK + "400": + $ref: "#/components/responses/BadRequestResponse" + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - siem_entities_read + summary: Get a single entity context + tags: ["Security Monitoring"] + x-permission: + operator: OR + permissions: + - siem_entities_read + x-unstable: |- + **Note**: This endpoint is in Preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/rules: get: diff --git a/examples/v2/security-monitoring/GetSingleEntityContext.rb b/examples/v2/security-monitoring/GetSingleEntityContext.rb new file mode 100644 index 000000000000..5b388a088513 --- /dev/null +++ b/examples/v2/security-monitoring/GetSingleEntityContext.rb @@ -0,0 +1,8 @@ +# Get a single entity context returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.get_single_entity_context".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +p api_instance.get_single_entity_context("user@example.com") diff --git a/features/scenarios_model_mapping.rb b/features/scenarios_model_mapping.rb index f9c320310581..846f9b3f56e1 100644 --- a/features/scenarios_model_mapping.rb +++ b/features/scenarios_model_mapping.rb @@ -2314,6 +2314,12 @@ "limit" => "Integer", "page_token" => "String", }, + "v2.GetSingleEntityContext" => { + "id" => "String", + "from" => "String", + "to" => "String", + "as_of" => "String", + }, "v2.ListSecurityMonitoringRules" => { "page_size" => "Integer", "page_number" => "Integer", diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index bae8918780ee..3773f2831e2d 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -1608,6 +1608,30 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-siem + Scenario: Get a single entity context returns "Bad Request" response + Given operation "GetSingleEntityContext" enabled + And new "GetSingleEntityContext" request + And request contains "id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-siem + Scenario: Get a single entity context returns "Not Found" response + Given operation "GetSingleEntityContext" enabled + And new "GetSingleEntityContext" request + And request contains "id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/k9-cloud-siem + Scenario: Get a single entity context returns "OK" response + Given operation "GetSingleEntityContext" enabled + And new "GetSingleEntityContext" request + And request contains "id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 200 OK + @skip-validation @team:DataDog/k9-cloud-siem Scenario: Get a suppression rule returns "Not Found" response Given new "GetSecurityMonitoringSuppression" request diff --git a/features/v2/undo.json b/features/v2/undo.json index 9101d0155cbe..189a08ba69a0 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -7104,6 +7104,12 @@ "type": "safe" } }, + "GetSingleEntityContext": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListSecurityMonitoringRules": { "tag": "Security Monitoring", "undo": { diff --git a/lib/datadog_api_client/configuration.rb b/lib/datadog_api_client/configuration.rb index 832ee7adb038..0550018c4141 100644 --- a/lib/datadog_api_client/configuration.rb +++ b/lib/datadog_api_client/configuration.rb @@ -362,6 +362,7 @@ def initialize "v2.get_security_monitoring_histsignals_by_job_id": false, "v2.get_security_monitoring_integration_config": false, "v2.get_signal_entities": false, + "v2.get_single_entity_context": false, "v2.get_static_analysis_default_rulesets": false, "v2.get_static_analysis_node_types": false, "v2.get_static_analysis_ruleset": false, diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb index 6bcb0f8a7651..450c629a3e3a 100644 --- a/lib/datadog_api_client/inflector.rb +++ b/lib/datadog_api_client/inflector.rb @@ -6430,6 +6430,7 @@ def overrides "v2.single_aggregated_dns_response_data_attributes_group_by_items" => "SingleAggregatedDnsResponseDataAttributesGroupByItems", "v2.single_aggregated_dns_response_data_attributes_metrics_items" => "SingleAggregatedDnsResponseDataAttributesMetricsItems", "v2.single_aggregated_dns_response_data_type" => "SingleAggregatedDnsResponseDataType", + "v2.single_entity_context_response" => "SingleEntityContextResponse", "v2.slack_integration_metadata" => "SlackIntegrationMetadata", "v2.slack_integration_metadata_channel_item" => "SlackIntegrationMetadataChannelItem", "v2.slack_trigger_wrapper" => "SlackTriggerWrapper", diff --git a/lib/datadog_api_client/v2/api/security_monitoring_api.rb b/lib/datadog_api_client/v2/api/security_monitoring_api.rb index f89fba934f5b..02469f6913a7 100644 --- a/lib/datadog_api_client/v2/api/security_monitoring_api.rb +++ b/lib/datadog_api_client/v2/api/security_monitoring_api.rb @@ -5494,6 +5494,86 @@ def get_signal_notification_rules_with_http_info(opts = {}) return data, status_code, headers end + # Get a single entity context. + # + # @see #get_single_entity_context_with_http_info + def get_single_entity_context(id, opts = {}) + data, _status_code, _headers = get_single_entity_context_with_http_info(id, opts) + data + end + + # Get a single entity context. + # + # Get a single entity from the Cloud SIEM entity context store by its identifier, returning the historical + # revisions of the entity in the requested time range. The endpoint can either return revisions across an + # interval (`from` / `to`) or the snapshot of the entity at a single point in time (`as_of`); the two modes + # are mutually exclusive. + # + # @param id [String] The unique identifier of the entity to retrieve. + # @param opts [Hash] the optional parameters + # @option opts [String] :from The start of the time range to query, as an RFC3339 timestamp or a relative time (for example, `now-7d`). Defaults to `now-7d`. Ignored when `as_of` is set. + # @option opts [String] :to The end of the time range to query, as an RFC3339 timestamp or a relative time (for example, `now`). Defaults to `now`. Ignored when `as_of` is set. + # @option opts [String] :as_of A point in time at which to query the entity revisions, as an RFC3339 timestamp, a Unix timestamp (in seconds), or a relative time (for example, `now-1d`). When set, `from` and `to` are ignored. Cannot be combined with custom `from` / `to` values. + # @return [Array<(SingleEntityContextResponse, Integer, Hash)>] SingleEntityContextResponse data, response status code and response headers + def get_single_entity_context_with_http_info(id, opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.get_single_entity_context".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.get_single_entity_context") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.get_single_entity_context")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.get_single_entity_context ...' + end + # verify the required parameter 'id' is set + if @api_client.config.client_side_validation && id.nil? + fail ArgumentError, "Missing the required parameter 'id' when calling SecurityMonitoringAPI.get_single_entity_context" + end + # resource path + local_var_path = '/api/v2/security_monitoring/entity_context/{id}'.sub('{id}', CGI.escape(id.to_s).gsub('%2F', '/')) + + # query parameters + query_params = opts[:query_params] || {} + query_params[:'from'] = opts[:'from'] if !opts[:'from'].nil? + query_params[:'to'] = opts[:'to'] if !opts[:'to'].nil? + query_params[:'as_of'] = opts[:'as_of'] if !opts[:'as_of'].nil? + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'SingleEntityContextResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :get_single_entity_context, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#get_single_entity_context\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Get default rulesets for a language. # # @see #get_static_analysis_default_rulesets_with_http_info diff --git a/lib/datadog_api_client/v2/models/single_entity_context_response.rb b/lib/datadog_api_client/v2/models/single_entity_context_response.rb new file mode 100644 index 000000000000..9d3c031cbbc4 --- /dev/null +++ b/lib/datadog_api_client/v2/models/single_entity_context_response.rb @@ -0,0 +1,123 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Response from the single entity context endpoint, containing the matching entity. + class SingleEntityContextResponse + include BaseGenericModel + + # A single entity returned by the entity context endpoint. + attr_reader :data + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'data' => :'data' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'data' => :'EntityContextEntity' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SingleEntityContextResponse` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'data') + self.data = attributes[:'data'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @data.nil? + true + end + + # Custom attribute writer method with validation + # @param data [Object] Object to be assigned + # @!visibility private + def data=(data) + if data.nil? + fail ArgumentError, 'invalid value for "data", data cannot be nil.' + end + @data = data + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [data, additional_properties].hash + end + end +end