-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathThreatHuntingJobQuery.ts
More file actions
110 lines (103 loc) · 3.05 KB
/
ThreatHuntingJobQuery.ts
File metadata and controls
110 lines (103 loc) · 3.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/**
* Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
* This product includes software developed at Datadog (https://www.datadoghq.com/).
* Copyright 2020-Present Datadog, Inc.
*/
import { SecurityMonitoringRuleQueryAggregation } from "./SecurityMonitoringRuleQueryAggregation";
import { SecurityMonitoringStandardDataSource } from "./SecurityMonitoringStandardDataSource";
import { AttributeTypeMap } from "../../datadog-api-client-common/util";
/**
* Query for selecting logs analyzed by the threat hunting job.
*/
export class ThreatHuntingJobQuery {
/**
* The aggregation type.
*/
"aggregation"?: SecurityMonitoringRuleQueryAggregation;
/**
* Source of events, either logs, audit trail, security signals, or Datadog events. `app_sec_spans` is deprecated in favor of `spans`.
*/
"dataSource"?: SecurityMonitoringStandardDataSource;
/**
* Field for which the cardinality is measured. Sent as an array.
*/
"distinctFields"?: Array<string>;
/**
* Fields to group by.
*/
"groupByFields"?: Array<string>;
/**
* When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values.
*/
"hasOptionalGroupByFields"?: boolean;
/**
* Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values.
*/
"metrics"?: Array<string>;
/**
* Name of the query.
*/
"name"?: string;
/**
* Query to run on logs.
*/
"query"?: string;
/**
* A container for additional, undeclared properties.
* This is a holder for any undeclared properties as specified with
* the 'additionalProperties' keyword in the OAS document.
*/
"additionalProperties"?: { [key: string]: any };
/**
* @ignore
*/
"_unparsed"?: boolean;
/**
* @ignore
*/
static readonly attributeTypeMap: AttributeTypeMap = {
aggregation: {
baseName: "aggregation",
type: "SecurityMonitoringRuleQueryAggregation",
},
dataSource: {
baseName: "dataSource",
type: "SecurityMonitoringStandardDataSource",
},
distinctFields: {
baseName: "distinctFields",
type: "Array<string>",
},
groupByFields: {
baseName: "groupByFields",
type: "Array<string>",
},
hasOptionalGroupByFields: {
baseName: "hasOptionalGroupByFields",
type: "boolean",
},
metrics: {
baseName: "metrics",
type: "Array<string>",
},
name: {
baseName: "name",
type: "string",
},
query: {
baseName: "query",
type: "string",
},
additionalProperties: {
baseName: "additionalProperties",
type: "{ [key: string]: any; }",
},
};
/**
* @ignore
*/
static getAttributeTypeMap(): AttributeTypeMap {
return ThreatHuntingJobQuery.attributeTypeMap;
}
public constructor() {}
}