diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 2d470c8f2f02..2d1f24f09051 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -44181,6 +44181,16 @@ components: items: type: string type: array + triage_state: + description: "Current triage state of the indicator: not_reviewed or reviewed." + type: string + triaged_at: + description: Timestamp when the indicator was last triaged. + format: date-time + type: string + triaged_by: + description: UUID of the user who last triaged the indicator. + type: string type: object IoCIndicatorDetailed: description: An indicator of compromise with extended context from your environment. @@ -44299,6 +44309,21 @@ components: items: type: string type: array + triage_history: + description: Full triage history timeline. Returned only when `include_triage_history` is true. + items: + $ref: "#/components/schemas/IoCTriageEvent" + type: array + triage_state: + description: "Current triage state of the indicator: not_reviewed or reviewed." + type: string + triaged_at: + description: Timestamp when the indicator was last triaged. + format: date-time + type: string + triaged_by: + description: UUID of the user who last triaged the indicator. + type: string users: additionalProperties: description: List of user identifiers in this category. @@ -44337,6 +44362,97 @@ components: description: Name of the threat intelligence source. type: string type: object + IoCTriageEvent: + description: A single entry in an indicator's triage history timeline. + properties: + triage_state: + description: "Triage state set by this action: not_reviewed or reviewed." + type: string + triaged_at: + description: Timestamp when this triage action occurred. + format: date-time + type: string + triaged_by: + description: UUID of the user who performed this triage action. + type: string + type: object + IoCTriageWriteRequest: + description: Request body for creating or updating an indicator triage state. + properties: + data: + $ref: "#/components/schemas/IoCTriageWriteRequestData" + required: + - data + type: object + IoCTriageWriteRequestAttributes: + description: Attributes for setting an indicator's triage state. + properties: + indicator: + description: The indicator value to triage (for example, an IP address or domain). + example: "192.0.2.1" + type: string + triage_state: + description: "The triage state to set: not_reviewed or reviewed." + example: reviewed + type: string + required: + - indicator + - triage_state + type: object + IoCTriageWriteRequestData: + description: Data object for the triage write request. + properties: + attributes: + $ref: "#/components/schemas/IoCTriageWriteRequestAttributes" + type: + default: ioc_triage_state + description: Triage state resource type. + example: ioc_triage_state + type: string + required: + - type + - attributes + type: object + IoCTriageWriteResponse: + description: Response for the create indicator triage state endpoint. + properties: + data: + $ref: "#/components/schemas/IoCTriageWriteResponseData" + type: object + IoCTriageWriteResponseAttributes: + description: Attributes of a created or updated triage state. + properties: + created_at: + description: Timestamp when the triage record was created. + format: date-time + type: string + indicator: + description: The indicator value that was triaged. + type: string + triage_state: + description: "The triage state that was set: not_reviewed or reviewed." + type: string + triaged_at: + description: Timestamp when the triage state was set. + format: date-time + type: string + triaged_by: + description: UUID of the user who set the triage state. + type: string + type: object + IoCTriageWriteResponseData: + description: Data object of the triage write response. + properties: + attributes: + $ref: "#/components/schemas/IoCTriageWriteResponseAttributes" + id: + description: Unique identifier for the triage state record. + type: string + type: + default: ioc_triage_state + description: Triage state resource type. + type: string + type: object Issue: description: The issue matching the request. properties: @@ -159560,6 +159676,25 @@ paths: schema: default: desc type: string + - description: When true, return only OCSF field-based matches. When false, return regex/message-based matches. + in: query + name: ocsf + required: false + schema: + default: true + type: boolean + - description: Filter indicators whose triage state was updated by a specific user UUID. + in: query + name: worked_by + required: false + schema: + type: string + - description: "Filter by triage state: not_reviewed or reviewed." + in: query + name: triage_state + required: false + schema: + type: string responses: "200": content: @@ -159611,6 +159746,38 @@ paths: required: true schema: type: string + - description: When true, return only OCSF field-based matches. When false, return regex/message-based matches. + in: query + name: ocsf + required: false + schema: + default: true + type: boolean + - description: Include full triage history for the indicator. + in: query + name: include_triage_history + required: false + schema: + default: false + type: boolean + - description: Maximum number of triage history events returned. Only applied when `include_triage_history` is true. + in: query + name: triage_history_limit + required: false + schema: + default: 50 + format: int32 + maximum: 1000 + minimum: 1 + type: integer + - description: Pagination offset into the triage history. Only applied when `include_triage_history` is true. + in: query + name: triage_history_offset + required: false + schema: + default: 0 + format: int32 + type: integer responses: "200": content: @@ -159648,6 +159815,62 @@ paths: x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. + /api/v2/security/siem/ioc-explorer/triage: + post: + description: |- + Set the triage state of an indicator of compromise (IoC). This creates or + updates the triage state for the indicator in your organization. + operationId: CreateIoCTriageState + requestBody: + content: + "application/json": + examples: + default: + value: + data: + attributes: + indicator: "192.0.2.1" + triage_state: reviewed + type: ioc_triage_state + schema: + $ref: "#/components/schemas/IoCTriageWriteRequest" + description: The triage state to set for the indicator. + required: true + responses: + "201": + content: + "application/json": + examples: + default: + value: + data: + attributes: + created_at: "2026-06-04T12:00:00Z" + indicator: "192.0.2.1" + triage_state: reviewed + triaged_at: "2026-06-04T12:00:00Z" + triaged_by: 11111111-2222-3333-4444-555555555555 + id: abc-123 + type: ioc_triage_state + schema: + $ref: "#/components/schemas/IoCTriageWriteResponse" + description: Created + "400": + $ref: "#/components/responses/BadRequestResponse" + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_write + summary: Create or update an indicator triage state + tags: ["Security Monitoring"] + x-unstable: |- + **Note**: This endpoint is in beta and may be subject to changes. + Please check the documentation regularly for updates. /api/v2/security/signals/notification_rules: get: description: Returns the list of notification rules for security signals. diff --git a/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Bad-Request-response.frozen new file mode 100644 index 000000000000..d6a26ed39dbc --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Bad-Request-response.frozen @@ -0,0 +1 @@ +2026-06-05T12:20:47.940Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Bad-Request-response.yml new file mode 100644 index 000000000000..68339cc5bf2c --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Bad-Request-response.yml @@ -0,0 +1,24 @@ +http_interactions: +- recorded_at: Fri, 05 Jun 2026 12:20:47 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"indicator":"192.0.2.1","triage_state":"invalid_state"},"type":"ioc_triage_state"}}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/triage + response: + body: + encoding: UTF-8 + string: '{"errors":[{"title":"Generic Error","detail":"invalid triage_state"}]}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 400 + message: Bad Request +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Created-response.frozen b/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Created-response.frozen new file mode 100644 index 000000000000..0ac630dda1e8 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Created-response.frozen @@ -0,0 +1 @@ +2026-06-05T12:22:26.137Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Created-response.yml b/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Created-response.yml new file mode 100644 index 000000000000..7d077605fa26 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Create-or-update-an-indicator-triage-state-returns-Created-response.yml @@ -0,0 +1,24 @@ +http_interactions: +- recorded_at: Fri, 05 Jun 2026 12:22:26 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"indicator":"192.0.2.1","triage_state":"reviewed"},"type":"ioc_triage_state"}}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/triage + response: + body: + encoding: UTF-8 + string: '{"data":{"id":"2e6eff68-4ffa-4cab-b9bb-d9ce1ef3b42a","type":"ioc_triage_state","attributes":{"created_at":"2026-06-05T12:22:26.488248Z","indicator":"192.0.2.1","triage_state":"reviewed","triaged_at":"2026-06-05T12:22:26.488248Z","triaged_by":"dc6535c4-0b70-47aa-9c6a-9b0fc0be3f19"}}}' + headers: + Content-Type: + - application/vnd.api+json + status: + code: 201 + message: Created +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.frozen index fc8ed109ad7d..3dc6b0aa0a0d 100644 --- a/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.frozen @@ -1 +1 @@ -2026-04-14T18:22:29.733Z \ No newline at end of file +2026-06-05T12:58:33.985Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.yml index 2d315a527790..8f508cef9a75 100644 --- a/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Get-an-indicator-of-compromise-returns-OK-response.yml @@ -1,19 +1,17 @@ http_interactions: -- recorded_at: Tue, 14 Apr 2026 18:22:29 GMT +- recorded_at: Fri, 05 Jun 2026 12:58:33 GMT request: body: null headers: Accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=masscan%2F1.3%20%28https%3A%2F%2Fgithub.com%2Frobertdavidgraham%2Fmasscan%29 + uri: https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=192.0.2.1&include_triage_history=true response: body: encoding: UTF-8 - string: '{"data":{"id":"65a31893-cc59-4125-9424-44f7ba083e53","type":"get_indicator_response","attributes":{"data":{"id":"masscan/1.3 - (https://github.com/robertdavidgraham/masscan)","indicator":"masscan/1.3 (https://github.com/robertdavidgraham/masscan)","indicator_type":"User - Agent","score":4,"as_type":"hosting","malicious_sources":null,"suspicious_sources":[{"name":"Datadog - Threat Research"}],"benign_sources":null,"categories":["scanner"],"tags":[],"signal_matches":0,"log_matches":45,"first_seen":"2025-01-08T23:24:45Z","last_seen":"2026-04-10T14:36:20Z","signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"NO_EFFECT","m_persistence":"RAISE_SCORE","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","log_sources":[],"services":[],"signal_severity":[],"users":{},"critical_assets":[],"hosts":[],"as_number":"","as_organization":"","as_cidr_block":""}}}}' + string: '{"data":{"id":"b38eb8e1-61c8-470f-be58-f41531a7c134","type":"get_indicator_response","attributes":{"data":{"id":"192.0.2.1","indicator":"192.0.2.1","indicator_type":"IP + Address","score":4,"as_type":"hosting","malicious_sources":null,"suspicious_sources":[{"name":"SOURCE1"}],"benign_sources":null,"categories":["hosting_proxy"],"tags":[],"signal_matches":1,"log_matches":7,"signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"NO_EFFECT","m_persistence":"NO_EFFECT","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","triage_state":"reviewed","triaged_at":"2026-06-03T18:55:42.108938Z","triaged_by":"00000000-0000-0000-0000-000000000000","log_sources":[],"services":[],"signal_severity":[{"severity":"info","count":1}],"users":{},"critical_assets":[],"hosts":[],"additional_data":{},"triage_history":[{"triaged_at":"2026-06-03T18:55:42.108938Z","triaged_by":"00000000-0000-0000-0000-000000000000","triage_state":"reviewed"},{"triaged_at":"2026-06-03T13:32:14.735424Z","triaged_by":"00000000-0000-0000-0000-000000000000","triage_state":"reviewed"}]}}}}' headers: Content-Type: - application/vnd.api+json diff --git a/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.frozen index 5814ac627e4a..b1bf7726a109 100644 --- a/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.frozen @@ -1 +1 @@ -2026-04-14T18:22:48.392Z \ No newline at end of file +2026-06-05T12:32:21.136Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.yml index dc75b5a6b97b..37d1cf9aca19 100644 --- a/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/List-indicators-of-compromise-returns-OK-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Tue, 14 Apr 2026 18:22:48 GMT +- recorded_at: Fri, 05 Jun 2026 12:32:21 GMT request: body: null headers: @@ -10,9 +10,8 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"data":{"id":"a4e3b616-e180-4b47-a379-43da9c5b300e","type":"ioc_explorer_response","attributes":{"data":[{"id":"43.228.157.121","indicator":"43.228.157.121","indicator_type":"IP - Address","score":8,"as_type":"hosting","malicious_sources":[{"name":"threatfox"}],"suspicious_sources":[{"name":"tor"},{"name":"SPUR"}],"benign_sources":null,"categories":["malware","tor","hosting_proxy"],"tags":[],"signal_matches":0,"log_matches":14,"signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"RAISE_SCORE","m_persistence":"NO_EFFECT","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","as_geo":{"city":"Frankfurt - am Main","country_code":"DE","country_name":"Germany"}}],"metadata":{"count":25091},"paging":{"offset":1}}}}' + string: '{"data":{"id":"22b62903-4053-42ed-9448-c750da2ecd81","type":"ioc_explorer_response","attributes":{"data":[{"id":"192.0.2.1","indicator":"192.0.2.1","indicator_type":"IP + Address","score":4,"as_type":"hosting","malicious_sources":null,"suspicious_sources":[{"name":"SOURCE1"}],"benign_sources":null,"categories":["hosting_proxy"],"tags":[],"signal_matches":1,"log_matches":7,"signal_tier":0,"max_trust_score":"RAISE_SCORE","m_sources":"NO_EFFECT","m_persistence":"NO_EFFECT","m_signal":"NO_EFFECT","m_as_type":"NO_EFFECT","triage_state":"reviewed","triaged_at":"2026-06-03T18:55:42.108938Z","triaged_by":"00000000-0000-0000-0000-000000000000"}],"metadata":{"count":585},"paging":{"offset":1}}}}' headers: Content-Type: - application/vnd.api+json diff --git a/examples/v2/security-monitoring/CreateIoCTriageState.rb b/examples/v2/security-monitoring/CreateIoCTriageState.rb new file mode 100644 index 000000000000..fc82bb5c1706 --- /dev/null +++ b/examples/v2/security-monitoring/CreateIoCTriageState.rb @@ -0,0 +1,18 @@ +# Create or update an indicator triage state returns "Created" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.create_io_c_triage_state".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +body = DatadogAPIClient::V2::IoCTriageWriteRequest.new({ + data: DatadogAPIClient::V2::IoCTriageWriteRequestData.new({ + attributes: DatadogAPIClient::V2::IoCTriageWriteRequestAttributes.new({ + indicator: "192.0.2.1", + triage_state: "reviewed", + }), + type: "ioc_triage_state", + }), +}) +p api_instance.create_io_c_triage_state(body) diff --git a/examples/v2/security-monitoring/GetIndicatorOfCompromise.rb b/examples/v2/security-monitoring/GetIndicatorOfCompromise.rb index d7cb0568d777..6960a33efefa 100644 --- a/examples/v2/security-monitoring/GetIndicatorOfCompromise.rb +++ b/examples/v2/security-monitoring/GetIndicatorOfCompromise.rb @@ -5,4 +5,7 @@ config.unstable_operations["v2.get_indicator_of_compromise".to_sym] = true end api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new -p api_instance.get_indicator_of_compromise("masscan/1.3 (https://github.com/robertdavidgraham/masscan)") +opts = { + include_triage_history: true, +} +p api_instance.get_indicator_of_compromise("192.0.2.1", opts) diff --git a/features/scenarios_model_mapping.rb b/features/scenarios_model_mapping.rb index f9c320310581..960340b773af 100644 --- a/features/scenarios_model_mapping.rb +++ b/features/scenarios_model_mapping.rb @@ -2091,9 +2091,19 @@ "query" => "String", "sort_column" => "String", "sort_order" => "String", + "ocsf" => "Boolean", + "worked_by" => "String", + "triage_state" => "String", }, "v2.GetIndicatorOfCompromise" => { "indicator" => "String", + "ocsf" => "Boolean", + "include_triage_history" => "Boolean", + "triage_history_limit" => "Integer", + "triage_history_offset" => "Integer", + }, + "v2.CreateIoCTriageState" => { + "body" => "IoCTriageWriteRequest", }, "v2.CreateSignalNotificationRule" => { "body" => "CreateNotificationRuleParameters", diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index bae8918780ee..7e4a21f8c64a 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -954,6 +954,22 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: Create or update an indicator triage state returns "Bad Request" response + Given operation "CreateIoCTriageState" enabled + And new "CreateIoCTriageState" request + And body with value {"data": {"attributes": {"indicator": "192.0.2.1", "triage_state": "invalid_state"}, "type": "ioc_triage_state"}} + When the request is sent + Then the response status is 400 Bad Request + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: Create or update an indicator triage state returns "Created" response + Given operation "CreateIoCTriageState" enabled + And new "CreateIoCTriageState" request + And body with value {"data": {"attributes": {"indicator": "192.0.2.1", "triage_state": "reviewed"}, "type": "ioc_triage_state"}} + When the request is sent + Then the response status is 201 Created + @generated @skip @team:DataDog/k9-cloud-siem Scenario: Deactivate content pack returns "Accepted" response Given operation "DeactivateContentPack" enabled @@ -1730,7 +1746,8 @@ Feature: Security Monitoring Scenario: Get an indicator of compromise returns "OK" response Given operation "GetIndicatorOfCompromise" enabled And new "GetIndicatorOfCompromise" request - And request contains "indicator" parameter with value "masscan/1.3 (https://github.com/robertdavidgraham/masscan)" + And request contains "indicator" parameter with value "192.0.2.1" + And request contains "include_triage_history" parameter with value true When the request is sent Then the response status is 200 OK diff --git a/features/v2/undo.json b/features/v2/undo.json index 9101d0155cbe..e5e1b9ed2625 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -6706,6 +6706,12 @@ "type": "safe" } }, + "CreateIoCTriageState": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "GetSignalNotificationRules": { "tag": "Security Monitoring", "undo": { diff --git a/lib/datadog_api_client/configuration.rb b/lib/datadog_api_client/configuration.rb index 832ee7adb038..25d93f97aa95 100644 --- a/lib/datadog_api_client/configuration.rb +++ b/lib/datadog_api_client/configuration.rb @@ -336,6 +336,7 @@ def initialize "v2.cancel_historical_job": false, "v2.convert_job_result_to_signal": false, "v2.convert_security_monitoring_terraform_resource": false, + "v2.create_io_c_triage_state": false, "v2.create_sample_log_generation_subscription": false, "v2.create_security_monitoring_dataset": false, "v2.create_security_monitoring_integration_config": false, diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb index 6bcb0f8a7651..97040c136e67 100644 --- a/lib/datadog_api_client/inflector.rb +++ b/lib/datadog_api_client/inflector.rb @@ -3711,6 +3711,13 @@ def overrides "v2.io_c_score_effect" => "IoCScoreEffect", "v2.io_c_signal_severity_count" => "IoCSignalSeverityCount", "v2.io_c_source" => "IoCSource", + "v2.io_c_triage_event" => "IoCTriageEvent", + "v2.io_c_triage_write_request" => "IoCTriageWriteRequest", + "v2.io_c_triage_write_request_attributes" => "IoCTriageWriteRequestAttributes", + "v2.io_c_triage_write_request_data" => "IoCTriageWriteRequestData", + "v2.io_c_triage_write_response" => "IoCTriageWriteResponse", + "v2.io_c_triage_write_response_attributes" => "IoCTriageWriteResponseAttributes", + "v2.io_c_triage_write_response_data" => "IoCTriageWriteResponseData", "v2.ios_sourcemap_attributes" => "IOSSourcemapAttributes", "v2.ios_sourcemap_data" => "IOSSourcemapData", "v2.ip_allowlist_attributes" => "IPAllowlistAttributes", diff --git a/lib/datadog_api_client/v2/api/security_monitoring_api.rb b/lib/datadog_api_client/v2/api/security_monitoring_api.rb index f89fba934f5b..a4149af7d188 100644 --- a/lib/datadog_api_client/v2/api/security_monitoring_api.rb +++ b/lib/datadog_api_client/v2/api/security_monitoring_api.rb @@ -1470,6 +1470,80 @@ def create_custom_framework_with_http_info(body, opts = {}) return data, status_code, headers end + # Create or update an indicator triage state. + # + # @see #create_io_c_triage_state_with_http_info + def create_io_c_triage_state(body, opts = {}) + data, _status_code, _headers = create_io_c_triage_state_with_http_info(body, opts) + data + end + + # Create or update an indicator triage state. + # + # Set the triage state of an indicator of compromise (IoC). This creates or + # updates the triage state for the indicator in your organization. + # + # @param body [IoCTriageWriteRequest] The triage state to set for the indicator. + # @param opts [Hash] the optional parameters + # @return [Array<(IoCTriageWriteResponse, Integer, Hash)>] IoCTriageWriteResponse data, response status code and response headers + def create_io_c_triage_state_with_http_info(body, opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.create_io_c_triage_state".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.create_io_c_triage_state") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.create_io_c_triage_state")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.create_io_c_triage_state ...' + end + # verify the required parameter 'body' is set + if @api_client.config.client_side_validation && body.nil? + fail ArgumentError, "Missing the required parameter 'body' when calling SecurityMonitoringAPI.create_io_c_triage_state" + end + # resource path + local_var_path = '/api/v2/security/siem/ioc-explorer/triage' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + # HTTP header 'Content-Type' + header_params['Content-Type'] = @api_client.select_header_content_type(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] || @api_client.object_to_http_body(body) + + # return_type + return_type = opts[:debug_return_type] || 'IoCTriageWriteResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :create_io_c_triage_state, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Post, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#create_io_c_triage_state\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Create Jira issues for security findings. # # @see #create_jira_issues_with_http_info @@ -4097,6 +4171,10 @@ def get_indicator_of_compromise(indicator, opts = {}) # # @param indicator [String] The indicator value to look up (for example, an IP address or domain). # @param opts [Hash] the optional parameters + # @option opts [Boolean] :ocsf When true, return only OCSF field-based matches. When false, return regex/message-based matches. + # @option opts [Boolean] :include_triage_history Include full triage history for the indicator. + # @option opts [Integer] :triage_history_limit Maximum number of triage history events returned. Only applied when `include_triage_history` is true. + # @option opts [Integer] :triage_history_offset Pagination offset into the triage history. Only applied when `include_triage_history` is true. # @return [Array<(GetIoCIndicatorResponse, Integer, Hash)>] GetIoCIndicatorResponse data, response status code and response headers def get_indicator_of_compromise_with_http_info(indicator, opts = {}) unstable_enabled = @api_client.config.unstable_operations["v2.get_indicator_of_compromise".to_sym] @@ -4113,12 +4191,22 @@ def get_indicator_of_compromise_with_http_info(indicator, opts = {}) if @api_client.config.client_side_validation && indicator.nil? fail ArgumentError, "Missing the required parameter 'indicator' when calling SecurityMonitoringAPI.get_indicator_of_compromise" end + if @api_client.config.client_side_validation && !opts[:'triage_history_limit'].nil? && opts[:'triage_history_limit'] > 1000 + fail ArgumentError, 'invalid value for "opts[:"triage_history_limit"]" when calling SecurityMonitoringAPI.get_indicator_of_compromise, must be smaller than or equal to 1000.' + end + if @api_client.config.client_side_validation && !opts[:'triage_history_limit'].nil? && opts[:'triage_history_limit'] < 1 + fail ArgumentError, 'invalid value for "opts[:"triage_history_limit"]" when calling SecurityMonitoringAPI.get_indicator_of_compromise, must be greater than or equal to 1.' + end # resource path local_var_path = '/api/v2/security/siem/ioc-explorer/indicator' # query parameters query_params = opts[:query_params] || {} query_params[:'indicator'] = indicator + query_params[:'ocsf'] = opts[:'ocsf'] if !opts[:'ocsf'].nil? + query_params[:'include_triage_history'] = opts[:'include_triage_history'] if !opts[:'include_triage_history'].nil? + query_params[:'triage_history_limit'] = opts[:'triage_history_limit'] if !opts[:'triage_history_limit'].nil? + query_params[:'triage_history_offset'] = opts[:'triage_history_offset'] if !opts[:'triage_history_offset'].nil? # header parameters header_params = opts[:header_params] || {} @@ -6542,6 +6630,9 @@ def list_indicators_of_compromise(opts = {}) # @option opts [String] :query Search/filter query (supports field:value syntax). # @option opts [String] :sort_column Sort column: score, first_seen_ts_epoch, last_seen_ts_epoch, indicator, indicator_type, signal_count, log_count, category, as_type. # @option opts [String] :sort_order Sort order: asc or desc. + # @option opts [Boolean] :ocsf When true, return only OCSF field-based matches. When false, return regex/message-based matches. + # @option opts [String] :worked_by Filter indicators whose triage state was updated by a specific user UUID. + # @option opts [String] :triage_state Filter by triage state: not_reviewed or reviewed. # @return [Array<(IoCExplorerListResponse, Integer, Hash)>] IoCExplorerListResponse data, response status code and response headers def list_indicators_of_compromise_with_http_info(opts = {}) unstable_enabled = @api_client.config.unstable_operations["v2.list_indicators_of_compromise".to_sym] @@ -6570,6 +6661,9 @@ def list_indicators_of_compromise_with_http_info(opts = {}) query_params[:'query'] = opts[:'query'] if !opts[:'query'].nil? query_params[:'sort[column]'] = opts[:'sort_column'] if !opts[:'sort_column'].nil? query_params[:'sort[order]'] = opts[:'sort_order'] if !opts[:'sort_order'].nil? + query_params[:'ocsf'] = opts[:'ocsf'] if !opts[:'ocsf'].nil? + query_params[:'worked_by'] = opts[:'worked_by'] if !opts[:'worked_by'].nil? + query_params[:'triage_state'] = opts[:'triage_state'] if !opts[:'triage_state'].nil? # header parameters header_params = opts[:header_params] || {} diff --git a/lib/datadog_api_client/v2/models/io_c_indicator.rb b/lib/datadog_api_client/v2/models/io_c_indicator.rb index 1a7ab2b5551e..77e9b2670fa5 100644 --- a/lib/datadog_api_client/v2/models/io_c_indicator.rb +++ b/lib/datadog_api_client/v2/models/io_c_indicator.rb @@ -84,6 +84,15 @@ class IoCIndicator # Tags associated with the indicator. attr_accessor :tags + # Current triage state of the indicator: not_reviewed or reviewed. + attr_accessor :triage_state + + # Timestamp when the indicator was last triaged. + attr_accessor :triaged_at + + # UUID of the user who last triaged the indicator. + attr_accessor :triaged_by + attr_accessor :additional_properties # Attribute mapping from ruby-style variable name to JSON key. @@ -110,7 +119,10 @@ def self.attribute_map :'signal_matches' => :'signal_matches', :'signal_tier' => :'signal_tier', :'suspicious_sources' => :'suspicious_sources', - :'tags' => :'tags' + :'tags' => :'tags', + :'triage_state' => :'triage_state', + :'triaged_at' => :'triaged_at', + :'triaged_by' => :'triaged_by' } end @@ -138,7 +150,10 @@ def self.openapi_types :'signal_matches' => :'Integer', :'signal_tier' => :'Integer', :'suspicious_sources' => :'Array', - :'tags' => :'Array' + :'tags' => :'Array', + :'triage_state' => :'String', + :'triaged_at' => :'Time', + :'triaged_by' => :'String' } end @@ -263,6 +278,18 @@ def initialize(attributes = {}) self.tags = value end end + + if attributes.key?(:'triage_state') + self.triage_state = attributes[:'triage_state'] + end + + if attributes.key?(:'triaged_at') + self.triaged_at = attributes[:'triaged_at'] + end + + if attributes.key?(:'triaged_by') + self.triaged_by = attributes[:'triaged_by'] + end end # Returns the object in the form of hash, with additionalProperties support. @@ -312,6 +339,9 @@ def ==(o) signal_tier == o.signal_tier && suspicious_sources == o.suspicious_sources && tags == o.tags && + triage_state == o.triage_state && + triaged_at == o.triaged_at && + triaged_by == o.triaged_by && additional_properties == o.additional_properties end @@ -319,7 +349,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [as_geo, as_type, benign_sources, categories, first_seen, id, indicator, indicator_type, last_seen, log_matches, m_as_type, m_persistence, m_signal, m_sources, malicious_sources, max_trust_score, score, signal_matches, signal_tier, suspicious_sources, tags, additional_properties].hash + [as_geo, as_type, benign_sources, categories, first_seen, id, indicator, indicator_type, last_seen, log_matches, m_as_type, m_persistence, m_signal, m_sources, malicious_sources, max_trust_score, score, signal_matches, signal_tier, suspicious_sources, tags, triage_state, triaged_at, triaged_by, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/io_c_indicator_detailed.rb b/lib/datadog_api_client/v2/models/io_c_indicator_detailed.rb index cdf7447b6c73..a78ff4a679c9 100644 --- a/lib/datadog_api_client/v2/models/io_c_indicator_detailed.rb +++ b/lib/datadog_api_client/v2/models/io_c_indicator_detailed.rb @@ -111,6 +111,18 @@ class IoCIndicatorDetailed # Tags associated with the indicator. attr_accessor :tags + # Full triage history timeline. Returned only when `include_triage_history` is true. + attr_accessor :triage_history + + # Current triage state of the indicator: not_reviewed or reviewed. + attr_accessor :triage_state + + # Timestamp when the indicator was last triaged. + attr_accessor :triaged_at + + # UUID of the user who last triaged the indicator. + attr_accessor :triaged_by + # Users associated with this indicator, grouped by category. attr_accessor :users @@ -150,6 +162,10 @@ def self.attribute_map :'signal_tier' => :'signal_tier', :'suspicious_sources' => :'suspicious_sources', :'tags' => :'tags', + :'triage_history' => :'triage_history', + :'triage_state' => :'triage_state', + :'triaged_at' => :'triaged_at', + :'triaged_by' => :'triaged_by', :'users' => :'users' } end @@ -188,6 +204,10 @@ def self.openapi_types :'signal_tier' => :'Integer', :'suspicious_sources' => :'Array', :'tags' => :'Array', + :'triage_history' => :'Array', + :'triage_state' => :'String', + :'triaged_at' => :'Time', + :'triaged_by' => :'String', :'users' => :'Hash>' } end @@ -360,6 +380,24 @@ def initialize(attributes = {}) end end + if attributes.key?(:'triage_history') + if (value = attributes[:'triage_history']).is_a?(Array) + self.triage_history = value + end + end + + if attributes.key?(:'triage_state') + self.triage_state = attributes[:'triage_state'] + end + + if attributes.key?(:'triaged_at') + self.triaged_at = attributes[:'triaged_at'] + end + + if attributes.key?(:'triaged_by') + self.triaged_by = attributes[:'triaged_by'] + end + if attributes.key?(:'users') self.users = attributes[:'users'] end @@ -421,6 +459,10 @@ def ==(o) signal_tier == o.signal_tier && suspicious_sources == o.suspicious_sources && tags == o.tags && + triage_history == o.triage_history && + triage_state == o.triage_state && + triaged_at == o.triaged_at && + triaged_by == o.triaged_by && users == o.users && additional_properties == o.additional_properties end @@ -429,7 +471,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [additional_data, as_cidr_block, as_geo, as_number, as_organization, as_type, benign_sources, categories, critical_assets, first_seen, hosts, id, indicator, indicator_type, last_seen, log_matches, log_sources, m_as_type, m_persistence, m_signal, m_sources, malicious_sources, max_trust_score, score, services, signal_matches, signal_severity, signal_tier, suspicious_sources, tags, users, additional_properties].hash + [additional_data, as_cidr_block, as_geo, as_number, as_organization, as_type, benign_sources, categories, critical_assets, first_seen, hosts, id, indicator, indicator_type, last_seen, log_matches, log_sources, m_as_type, m_persistence, m_signal, m_sources, malicious_sources, max_trust_score, score, services, signal_matches, signal_severity, signal_tier, suspicious_sources, tags, triage_history, triage_state, triaged_at, triaged_by, users, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/io_c_triage_event.rb b/lib/datadog_api_client/v2/models/io_c_triage_event.rb new file mode 100644 index 000000000000..5825adbc1b13 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_triage_event.rb @@ -0,0 +1,125 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # A single entry in an indicator's triage history timeline. + class IoCTriageEvent + include BaseGenericModel + + # Triage state set by this action: not_reviewed or reviewed. + attr_accessor :triage_state + + # Timestamp when this triage action occurred. + attr_accessor :triaged_at + + # UUID of the user who performed this triage action. + attr_accessor :triaged_by + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'triage_state' => :'triage_state', + :'triaged_at' => :'triaged_at', + :'triaged_by' => :'triaged_by' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'triage_state' => :'String', + :'triaged_at' => :'Time', + :'triaged_by' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCTriageEvent` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'triage_state') + self.triage_state = attributes[:'triage_state'] + end + + if attributes.key?(:'triaged_at') + self.triaged_at = attributes[:'triaged_at'] + end + + if attributes.key?(:'triaged_by') + self.triaged_by = attributes[:'triaged_by'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + triage_state == o.triage_state && + triaged_at == o.triaged_at && + triaged_by == o.triaged_by && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [triage_state, triaged_at, triaged_by, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_triage_write_request.rb b/lib/datadog_api_client/v2/models/io_c_triage_write_request.rb new file mode 100644 index 000000000000..f360f73bc682 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_triage_write_request.rb @@ -0,0 +1,123 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Request body for creating or updating an indicator triage state. + class IoCTriageWriteRequest + include BaseGenericModel + + # Data object for the triage write request. + attr_reader :data + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'data' => :'data' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'data' => :'IoCTriageWriteRequestData' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCTriageWriteRequest` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'data') + self.data = attributes[:'data'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @data.nil? + true + end + + # Custom attribute writer method with validation + # @param data [Object] Object to be assigned + # @!visibility private + def data=(data) + if data.nil? + fail ArgumentError, 'invalid value for "data", data cannot be nil.' + end + @data = data + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [data, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_triage_write_request_attributes.rb b/lib/datadog_api_client/v2/models/io_c_triage_write_request_attributes.rb new file mode 100644 index 000000000000..d721a40e1684 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_triage_write_request_attributes.rb @@ -0,0 +1,144 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Attributes for setting an indicator's triage state. + class IoCTriageWriteRequestAttributes + include BaseGenericModel + + # The indicator value to triage (for example, an IP address or domain). + attr_reader :indicator + + # The triage state to set: not_reviewed or reviewed. + attr_reader :triage_state + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'indicator' => :'indicator', + :'triage_state' => :'triage_state' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'indicator' => :'String', + :'triage_state' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCTriageWriteRequestAttributes` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'indicator') + self.indicator = attributes[:'indicator'] + end + + if attributes.key?(:'triage_state') + self.triage_state = attributes[:'triage_state'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @indicator.nil? + return false if @triage_state.nil? + true + end + + # Custom attribute writer method with validation + # @param indicator [Object] Object to be assigned + # @!visibility private + def indicator=(indicator) + if indicator.nil? + fail ArgumentError, 'invalid value for "indicator", indicator cannot be nil.' + end + @indicator = indicator + end + + # Custom attribute writer method with validation + # @param triage_state [Object] Object to be assigned + # @!visibility private + def triage_state=(triage_state) + if triage_state.nil? + fail ArgumentError, 'invalid value for "triage_state", triage_state cannot be nil.' + end + @triage_state = triage_state + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + indicator == o.indicator && + triage_state == o.triage_state && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [indicator, triage_state, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_triage_write_request_data.rb b/lib/datadog_api_client/v2/models/io_c_triage_write_request_data.rb new file mode 100644 index 000000000000..5d5c3bd565a4 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_triage_write_request_data.rb @@ -0,0 +1,144 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Data object for the triage write request. + class IoCTriageWriteRequestData + include BaseGenericModel + + # Attributes for setting an indicator's triage state. + attr_reader :attributes + + # Triage state resource type. + attr_reader :type + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'attributes' => :'attributes', + :'type' => :'type' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'attributes' => :'IoCTriageWriteRequestAttributes', + :'type' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCTriageWriteRequestData` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @attributes.nil? + return false if @type.nil? + true + end + + # Custom attribute writer method with validation + # @param attributes [Object] Object to be assigned + # @!visibility private + def attributes=(attributes) + if attributes.nil? + fail ArgumentError, 'invalid value for "attributes", attributes cannot be nil.' + end + @attributes = attributes + end + + # Custom attribute writer method with validation + # @param type [Object] Object to be assigned + # @!visibility private + def type=(type) + if type.nil? + fail ArgumentError, 'invalid value for "type", type cannot be nil.' + end + @type = type + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + type == o.type && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [attributes, type, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_triage_write_response.rb b/lib/datadog_api_client/v2/models/io_c_triage_write_response.rb new file mode 100644 index 000000000000..0992092f5bfb --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_triage_write_response.rb @@ -0,0 +1,105 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Response for the create indicator triage state endpoint. + class IoCTriageWriteResponse + include BaseGenericModel + + # Data object of the triage write response. + attr_accessor :data + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'data' => :'data' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'data' => :'IoCTriageWriteResponseData' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCTriageWriteResponse` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'data') + self.data = attributes[:'data'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [data, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_triage_write_response_attributes.rb b/lib/datadog_api_client/v2/models/io_c_triage_write_response_attributes.rb new file mode 100644 index 000000000000..639710c17883 --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_triage_write_response_attributes.rb @@ -0,0 +1,145 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Attributes of a created or updated triage state. + class IoCTriageWriteResponseAttributes + include BaseGenericModel + + # Timestamp when the triage record was created. + attr_accessor :created_at + + # The indicator value that was triaged. + attr_accessor :indicator + + # The triage state that was set: not_reviewed or reviewed. + attr_accessor :triage_state + + # Timestamp when the triage state was set. + attr_accessor :triaged_at + + # UUID of the user who set the triage state. + attr_accessor :triaged_by + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'created_at' => :'created_at', + :'indicator' => :'indicator', + :'triage_state' => :'triage_state', + :'triaged_at' => :'triaged_at', + :'triaged_by' => :'triaged_by' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'created_at' => :'Time', + :'indicator' => :'String', + :'triage_state' => :'String', + :'triaged_at' => :'Time', + :'triaged_by' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCTriageWriteResponseAttributes` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'created_at') + self.created_at = attributes[:'created_at'] + end + + if attributes.key?(:'indicator') + self.indicator = attributes[:'indicator'] + end + + if attributes.key?(:'triage_state') + self.triage_state = attributes[:'triage_state'] + end + + if attributes.key?(:'triaged_at') + self.triaged_at = attributes[:'triaged_at'] + end + + if attributes.key?(:'triaged_by') + self.triaged_by = attributes[:'triaged_by'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + created_at == o.created_at && + indicator == o.indicator && + triage_state == o.triage_state && + triaged_at == o.triaged_at && + triaged_by == o.triaged_by && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [created_at, indicator, triage_state, triaged_at, triaged_by, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/io_c_triage_write_response_data.rb b/lib/datadog_api_client/v2/models/io_c_triage_write_response_data.rb new file mode 100644 index 000000000000..ade3e4d07ddd --- /dev/null +++ b/lib/datadog_api_client/v2/models/io_c_triage_write_response_data.rb @@ -0,0 +1,125 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Data object of the triage write response. + class IoCTriageWriteResponseData + include BaseGenericModel + + # Attributes of a created or updated triage state. + attr_accessor :attributes + + # Unique identifier for the triage state record. + attr_accessor :id + + # Triage state resource type. + attr_accessor :type + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'attributes' => :'attributes', + :'id' => :'id', + :'type' => :'type' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'attributes' => :'IoCTriageWriteResponseAttributes', + :'id' => :'String', + :'type' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::IoCTriageWriteResponseData` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + id == o.id && + type == o.type && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [attributes, id, type, additional_properties].hash + end + end +end