From 1f270d44bd1815cce477c85bf31807f12623c541 Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Thu, 16 Apr 2026 13:27:15 +0000 Subject: [PATCH] Regenerate client from commit c21727e of spec repo --- .generator/schemas/v2/openapi.yaml | 423 ++++++++++++++++++ .../frozen.json | 1 + .../recording.har | 62 +++ .../frozen.json | 1 + .../recording.har | 62 +++ .../frozen.json | 1 + .../recording.har | 62 +++ .../frozen.json | 1 + .../recording.har | 62 +++ .../GetIndicatorOfCompromise.ts | 22 + .../ListIndicatorsOfCompromise.ts | 22 + features/support/scenarios_model_mapping.ts | 30 ++ features/v2/security_monitoring.feature | 40 ++ features/v2/undo.json | 12 + .../configuration.ts | 2 + .../apis/SecurityMonitoringApi.ts | 335 ++++++++++++++ packages/datadog-api-client-v2/index.ts | 16 + .../models/GetIoCIndicatorResponse.ts | 53 +++ .../GetIoCIndicatorResponseAttributes.ts | 53 +++ .../models/GetIoCIndicatorResponseData.ts | 69 +++ .../models/IoCExplorerListResponse.ts | 53 +++ .../IoCExplorerListResponseAttributes.ts | 71 +++ .../models/IoCExplorerListResponseData.ts | 69 +++ .../models/IoCExplorerListResponseMetadata.ts | 53 +++ .../models/IoCExplorerListResponsePaging.ts | 53 +++ .../models/IoCGeoLocation.ts | 68 +++ .../models/IoCIndicator.ts | 221 +++++++++ .../models/IoCIndicatorDetailed.ts | 302 +++++++++++++ .../models/IoCScoreEffect.ts | 20 + .../models/IoCSignalSeverityCount.ts | 61 +++ .../datadog-api-client-v2/models/IoCSource.ts | 52 +++ .../models/ObjectSerializer.ts | 27 ++ 32 files changed, 2379 insertions(+) create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-Not-Found-response_2981717965/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-Not-Found-response_2981717965/recording.har create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-OK-response_2670867212/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-OK-response_2670867212/recording.har create mode 100644 cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-Bad-Request-response_209392928/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-Bad-Request-response_209392928/recording.har create mode 100644 cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-OK-response_3833256302/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-OK-response_3833256302/recording.har create mode 100644 examples/v2/security-monitoring/GetIndicatorOfCompromise.ts create mode 100644 examples/v2/security-monitoring/ListIndicatorsOfCompromise.ts create mode 100644 packages/datadog-api-client-v2/models/GetIoCIndicatorResponse.ts create mode 100644 packages/datadog-api-client-v2/models/GetIoCIndicatorResponseAttributes.ts create mode 100644 packages/datadog-api-client-v2/models/GetIoCIndicatorResponseData.ts create mode 100644 packages/datadog-api-client-v2/models/IoCExplorerListResponse.ts create mode 100644 packages/datadog-api-client-v2/models/IoCExplorerListResponseAttributes.ts create mode 100644 packages/datadog-api-client-v2/models/IoCExplorerListResponseData.ts create mode 100644 packages/datadog-api-client-v2/models/IoCExplorerListResponseMetadata.ts create mode 100644 packages/datadog-api-client-v2/models/IoCExplorerListResponsePaging.ts create mode 100644 packages/datadog-api-client-v2/models/IoCGeoLocation.ts create mode 100644 packages/datadog-api-client-v2/models/IoCIndicator.ts create mode 100644 packages/datadog-api-client-v2/models/IoCIndicatorDetailed.ts create mode 100644 packages/datadog-api-client-v2/models/IoCScoreEffect.ts create mode 100644 packages/datadog-api-client-v2/models/IoCSignalSeverityCount.ts create mode 100644 packages/datadog-api-client-v2/models/IoCSource.ts diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 8a51fd127ec1..800c3477a46c 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -29884,6 +29884,30 @@ components: required: - self type: object + GetIoCIndicatorResponse: + description: Response for the get indicator of compromise endpoint. + properties: + data: + $ref: "#/components/schemas/GetIoCIndicatorResponseData" + type: object + GetIoCIndicatorResponseAttributes: + description: Attributes of the get indicator response. + properties: + data: + $ref: "#/components/schemas/IoCIndicatorDetailed" + type: object + GetIoCIndicatorResponseData: + description: IoC indicator response data object. + properties: + attributes: + $ref: "#/components/schemas/GetIoCIndicatorResponseAttributes" + id: + description: Unique identifier for the response. + type: string + type: + description: Response type identifier. + type: string + type: object GetIssueIncludeQueryParameterItem: description: Relationship object that should be included in the response. enum: @@ -35391,6 +35415,301 @@ components: type: string x-enum-varnames: - INVESTIGATION + IoCExplorerListResponse: + description: Response for the list indicators of compromise endpoint. + properties: + data: + $ref: "#/components/schemas/IoCExplorerListResponseData" + type: object + IoCExplorerListResponseAttributes: + description: Attributes of the IoC Explorer list response. + properties: + data: + description: List of indicators of compromise. + items: + $ref: "#/components/schemas/IoCIndicator" + type: array + metadata: + $ref: "#/components/schemas/IoCExplorerListResponseMetadata" + paging: + $ref: "#/components/schemas/IoCExplorerListResponsePaging" + type: object + IoCExplorerListResponseData: + description: IoC Explorer list response data object. + properties: + attributes: + $ref: "#/components/schemas/IoCExplorerListResponseAttributes" + id: + description: Unique identifier for the response. + type: string + type: + description: Response type identifier. + type: string + type: object + IoCExplorerListResponseMetadata: + description: Response metadata. + properties: + count: + description: Total number of indicators matching the query. + format: int64 + type: integer + type: object + IoCExplorerListResponsePaging: + description: Pagination information. + properties: + offset: + description: Current pagination offset. + format: int64 + type: integer + type: object + IoCGeoLocation: + description: Geographic location information for an IP indicator. + properties: + city: + description: City name. + type: string + country_code: + description: ISO country code. + type: string + country_name: + description: Full country name. + type: string + type: object + IoCIndicator: + description: An indicator of compromise with threat intelligence data. + properties: + as_geo: + $ref: "#/components/schemas/IoCGeoLocation" + as_type: + description: Autonomous system type. + type: string + benign_sources: + description: Threat intelligence sources that flagged this indicator as benign. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + categories: + description: Threat categories associated with the indicator. + items: + type: string + type: array + first_seen: + description: Timestamp when the indicator was first seen. + format: date-time + type: string + id: + description: Unique identifier for the indicator. + type: string + indicator: + description: The indicator value (for example, an IP address or domain). + type: string + indicator_type: + description: Type of indicator (for example, IP address or domain). + type: string + last_seen: + description: Timestamp when the indicator was last seen. + format: date-time + type: string + log_matches: + description: Number of logs that matched this indicator. + format: int64 + type: integer + m_as_type: + $ref: "#/components/schemas/IoCScoreEffect" + m_persistence: + $ref: "#/components/schemas/IoCScoreEffect" + m_signal: + $ref: "#/components/schemas/IoCScoreEffect" + m_sources: + $ref: "#/components/schemas/IoCScoreEffect" + malicious_sources: + description: Threat intelligence sources that flagged this indicator as malicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + max_trust_score: + $ref: "#/components/schemas/IoCScoreEffect" + score: + description: Threat score for the indicator (0-100). + format: double + type: number + signal_matches: + description: Number of security signals that matched this indicator. + format: int64 + type: integer + signal_tier: + description: Signal tier level. + format: int64 + type: integer + suspicious_sources: + description: Threat intelligence sources that flagged this indicator as suspicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + tags: + description: Tags associated with the indicator. + items: + type: string + type: array + type: object + IoCIndicatorDetailed: + description: An indicator of compromise with extended context from your environment. + properties: + additional_data: + additionalProperties: {} + description: Additional domain-specific context from threat intelligence sources. + type: object + as_cidr_block: + description: Autonomous system CIDR block. + type: string + as_geo: + $ref: "#/components/schemas/IoCGeoLocation" + as_number: + description: Autonomous system number. + type: string + as_organization: + description: Autonomous system organization name. + type: string + as_type: + description: Autonomous system type. + type: string + benign_sources: + description: Threat intelligence sources that flagged this indicator as benign. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + categories: + description: Threat categories associated with the indicator. + items: + type: string + type: array + critical_assets: + description: Critical assets associated with this indicator. + items: + type: string + type: array + first_seen: + description: Timestamp when the indicator was first seen. + format: date-time + type: string + hosts: + description: Hosts associated with this indicator. + items: + type: string + type: array + id: + description: Unique identifier for the indicator. + type: string + indicator: + description: The indicator value (for example, an IP address or domain). + type: string + indicator_type: + description: Type of indicator (for example, IP address or domain). + type: string + last_seen: + description: Timestamp when the indicator was last seen. + format: date-time + type: string + log_matches: + description: Number of logs that matched this indicator. + format: int64 + type: integer + log_sources: + description: Log sources where this indicator was observed. + items: + type: string + type: array + m_as_type: + $ref: "#/components/schemas/IoCScoreEffect" + m_persistence: + $ref: "#/components/schemas/IoCScoreEffect" + m_signal: + $ref: "#/components/schemas/IoCScoreEffect" + m_sources: + $ref: "#/components/schemas/IoCScoreEffect" + malicious_sources: + description: Threat intelligence sources that flagged this indicator as malicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + max_trust_score: + $ref: "#/components/schemas/IoCScoreEffect" + score: + description: Threat score for the indicator (0-100). + format: double + type: number + services: + description: Services where this indicator was observed. + items: + type: string + type: array + signal_matches: + description: Number of security signals that matched this indicator. + format: int64 + type: integer + signal_severity: + description: Breakdown of security signals by severity. + items: + $ref: "#/components/schemas/IoCSignalSeverityCount" + type: array + signal_tier: + description: Signal tier level. + format: int64 + type: integer + suspicious_sources: + description: Threat intelligence sources that flagged this indicator as suspicious. + items: + $ref: "#/components/schemas/IoCSource" + nullable: true + type: array + tags: + description: Tags associated with the indicator. + items: + type: string + type: array + users: + additionalProperties: + description: List of user identifiers in this category. + items: + type: string + type: array + description: Users associated with this indicator, grouped by category. + type: object + type: object + IoCScoreEffect: + description: Effect of a scoring factor on the indicator's threat score. + enum: + - RAISE_SCORE + - LOWER_SCORE + - NO_EFFECT + type: string + x-enum-varnames: + - RAISE_SCORE + - LOWER_SCORE + - NO_EFFECT + IoCSignalSeverityCount: + description: Count of security signals by severity level. + properties: + count: + description: Number of signals at this severity level. + format: int64 + type: integer + severity: + description: Severity level (for example, critical, high, medium, low, info). + type: string + type: object + IoCSource: + description: A threat intelligence source that has flagged an indicator. + properties: + name: + description: Name of the threat intelligence source. + type: string + type: object Issue: description: The issue matching the request. properties: @@ -110601,6 +110920,110 @@ paths: x-unstable: |- **Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9). + /api/v2/security/siem/ioc-explorer: + get: + description: |- + Get a list of indicators of compromise (IoCs) matching the specified filters. + operationId: ListIndicatorsOfCompromise + parameters: + - description: Number of results per page. + in: query + name: limit + required: false + schema: + default: 50 + format: int32 + maximum: 2147483647 + type: integer + - description: Pagination offset. + in: query + name: offset + required: false + schema: + default: 0 + format: int32 + maximum: 2147483647 + type: integer + - description: Search/filter query (supports field:value syntax). + in: query + name: query + required: false + schema: + type: string + - description: "Sort column: score, first_seen_ts_epoch, last_seen_ts_epoch, indicator, indicator_type, signal_count, log_count, category, as_type." + in: query + name: sort[column] + required: false + schema: + default: score + type: string + - description: "Sort order: asc or desc." + in: query + name: sort[order] + required: false + schema: + default: desc + type: string + responses: + "200": + content: + "application/json": + schema: + $ref: "#/components/schemas/IoCExplorerListResponse" + description: OK + "400": + $ref: "#/components/responses/BadRequestResponse" + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_read + summary: List indicators of compromise + tags: ["Security Monitoring"] + x-unstable: |- + **Note**: This endpoint is in beta and may be subject to changes. + Please check the documentation regularly for updates. + /api/v2/security/siem/ioc-explorer/indicator: + get: + description: |- + Get detailed information about a specific indicator of compromise (IoC). + operationId: GetIndicatorOfCompromise + parameters: + - description: The indicator value to look up (for example, an IP address or domain). + in: query + name: indicator + required: true + schema: + type: string + responses: + "200": + content: + "application/json": + schema: + $ref: "#/components/schemas/GetIoCIndicatorResponse" + description: OK + "400": + $ref: "#/components/responses/BadRequestResponse" + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_signals_read + summary: Get an indicator of compromise + tags: ["Security Monitoring"] + x-unstable: |- + **Note**: This endpoint is in beta and may be subject to changes. + Please check the documentation regularly for updates. /api/v2/security/signals/notification_rules: get: description: Returns the list of notification rules for security signals. diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-Not-Found-response_2981717965/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-Not-Found-response_2981717965/frozen.json new file mode 100644 index 000000000000..797d57a97e9c --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-Not-Found-response_2981717965/frozen.json @@ -0,0 +1 @@ +"2026-04-14T18:22:17.027Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-Not-Found-response_2981717965/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-Not-Found-response_2981717965/recording.har new file mode 100644 index 000000000000..93159eddc90d --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-Not-Found-response_2981717965/recording.har @@ -0,0 +1,62 @@ +{ + "log": { + "_recordingName": "Security Monitoring/Get an indicator of compromise returns \"Not Found\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "729cc78d9a0ee7c3573d0a0a57a4612f", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 612, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "indicator", + "value": "this-indicator-does-not-exist.invalid" + } + ], + "url": "https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=this-indicator-does-not-exist.invalid" + }, + "response": { + "bodySize": 69, + "content": { + "mimeType": "application/vnd.api+json", + "size": 69, + "text": "{\"errors\":[{\"title\":\"Generic Error\",\"detail\":\"indicator not found\"}]}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 524, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 404, + "statusText": "Not Found" + }, + "startedDateTime": "2026-04-14T18:22:17.037Z", + "time": 999 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-OK-response_2670867212/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-OK-response_2670867212/frozen.json new file mode 100644 index 000000000000..423e0b5260f1 --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-OK-response_2670867212/frozen.json @@ -0,0 +1 @@ +"2026-04-14T18:22:29.733Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-OK-response_2670867212/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-OK-response_2670867212/recording.har new file mode 100644 index 000000000000..a4bcdc37041a --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-an-indicator-of-compromise-returns-OK-response_2670867212/recording.har @@ -0,0 +1,62 @@ +{ + "log": { + "_recordingName": "Security Monitoring/Get an indicator of compromise returns \"OK\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "46983f3852589614d88dbeb54245e244", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 653, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "indicator", + "value": "masscan/1.3 (https://github.com/robertdavidgraham/masscan)" + } + ], + "url": "https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=masscan%2F1.3%20%28https%3A%2F%2Fgithub.com%2Frobertdavidgraham%2Fmasscan%29" + }, + "response": { + "bodySize": 855, + "content": { + "mimeType": "application/vnd.api+json", + "size": 855, + "text": "{\"data\":{\"id\":\"65a31893-cc59-4125-9424-44f7ba083e53\",\"type\":\"get_indicator_response\",\"attributes\":{\"data\":{\"id\":\"masscan/1.3 (https://github.com/robertdavidgraham/masscan)\",\"indicator\":\"masscan/1.3 (https://github.com/robertdavidgraham/masscan)\",\"indicator_type\":\"User Agent\",\"score\":4,\"as_type\":\"hosting\",\"malicious_sources\":null,\"suspicious_sources\":[{\"name\":\"Datadog Threat Research\"}],\"benign_sources\":null,\"categories\":[\"scanner\"],\"tags\":[],\"signal_matches\":0,\"log_matches\":45,\"first_seen\":\"2025-01-08T23:24:45Z\",\"last_seen\":\"2026-04-10T14:36:20Z\",\"signal_tier\":0,\"max_trust_score\":\"RAISE_SCORE\",\"m_sources\":\"NO_EFFECT\",\"m_persistence\":\"RAISE_SCORE\",\"m_signal\":\"NO_EFFECT\",\"m_as_type\":\"NO_EFFECT\",\"log_sources\":[],\"services\":[],\"signal_severity\":[],\"users\":{},\"critical_assets\":[],\"hosts\":[],\"as_number\":\"\",\"as_organization\":\"\",\"as_cidr_block\":\"\"}}}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 526, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-04-14T18:22:29.744Z", + "time": 1461 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-Bad-Request-response_209392928/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-Bad-Request-response_209392928/frozen.json new file mode 100644 index 000000000000..944ab78e0cca --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-Bad-Request-response_209392928/frozen.json @@ -0,0 +1 @@ +"2026-04-14T18:22:40.711Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-Bad-Request-response_209392928/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-Bad-Request-response_209392928/recording.har new file mode 100644 index 000000000000..e0107774b7a5 --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-Bad-Request-response_209392928/recording.har @@ -0,0 +1,62 @@ +{ + "log": { + "_recordingName": "Security Monitoring/List indicators of compromise returns \"Bad Request\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "02b5fd499f5dcaf4c0c97eb95adecf70", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 586, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "query", + "value": "invalid:::query" + } + ], + "url": "https://api.datadoghq.com/api/v2/security/siem/ioc-explorer?query=invalid%3A%3A%3Aquery" + }, + "response": { + "bodySize": 166, + "content": { + "mimeType": "application/vnd.api+json", + "size": 166, + "text": "{\"errors\":[{\"title\":\"Generic Error\",\"detail\":\"invalid query: invalid query: syntax error: no viable alternative at input 'invalid::' at line 1 and char position 8\"}]}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 525, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 400, + "statusText": "Bad Request" + }, + "startedDateTime": "2026-04-14T18:22:40.719Z", + "time": 507 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-OK-response_3833256302/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-OK-response_3833256302/frozen.json new file mode 100644 index 000000000000..ca550773048a --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-OK-response_3833256302/frozen.json @@ -0,0 +1 @@ +"2026-04-14T18:22:48.392Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-OK-response_3833256302/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-OK-response_3833256302/recording.har new file mode 100644 index 000000000000..e8c108af894a --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/List-indicators-of-compromise-returns-OK-response_3833256302/recording.har @@ -0,0 +1,62 @@ +{ + "log": { + "_recordingName": "Security Monitoring/List indicators of compromise returns \"OK\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "6fab925a65ec0cad89aaa6c228f598ee", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + } + ], + "headersSize": 566, + "httpVersion": "HTTP/1.1", + "method": "GET", + "queryString": [ + { + "name": "limit", + "value": "1" + } + ], + "url": "https://api.datadoghq.com/api/v2/security/siem/ioc-explorer?limit=1" + }, + "response": { + "bodySize": 715, + "content": { + "mimeType": "application/vnd.api+json", + "size": 715, + "text": "{\"data\":{\"id\":\"a4e3b616-e180-4b47-a379-43da9c5b300e\",\"type\":\"ioc_explorer_response\",\"attributes\":{\"data\":[{\"id\":\"43.228.157.121\",\"indicator\":\"43.228.157.121\",\"indicator_type\":\"IP Address\",\"score\":8,\"as_type\":\"hosting\",\"malicious_sources\":[{\"name\":\"threatfox\"}],\"suspicious_sources\":[{\"name\":\"tor\"},{\"name\":\"SPUR\"}],\"benign_sources\":null,\"categories\":[\"malware\",\"tor\",\"hosting_proxy\"],\"tags\":[],\"signal_matches\":0,\"log_matches\":14,\"signal_tier\":0,\"max_trust_score\":\"RAISE_SCORE\",\"m_sources\":\"RAISE_SCORE\",\"m_persistence\":\"NO_EFFECT\",\"m_signal\":\"NO_EFFECT\",\"m_as_type\":\"NO_EFFECT\",\"as_geo\":{\"city\":\"Frankfurt am Main\",\"country_code\":\"DE\",\"country_name\":\"Germany\"}}],\"metadata\":{\"count\":25091},\"paging\":{\"offset\":1}}}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 525, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2026-04-14T18:22:48.401Z", + "time": 1221 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/examples/v2/security-monitoring/GetIndicatorOfCompromise.ts b/examples/v2/security-monitoring/GetIndicatorOfCompromise.ts new file mode 100644 index 000000000000..7839f467090a --- /dev/null +++ b/examples/v2/security-monitoring/GetIndicatorOfCompromise.ts @@ -0,0 +1,22 @@ +/** + * Get an indicator of compromise returns "OK" response + */ + +import { client, v2 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +configuration.unstableOperations["v2.getIndicatorOfCompromise"] = true; +const apiInstance = new v2.SecurityMonitoringApi(configuration); + +const params: v2.SecurityMonitoringApiGetIndicatorOfCompromiseRequest = { + indicator: "masscan/1.3 (https://github.com/robertdavidgraham/masscan)", +}; + +apiInstance + .getIndicatorOfCompromise(params) + .then((data: v2.GetIoCIndicatorResponse) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/examples/v2/security-monitoring/ListIndicatorsOfCompromise.ts b/examples/v2/security-monitoring/ListIndicatorsOfCompromise.ts new file mode 100644 index 000000000000..d71e2d7c286b --- /dev/null +++ b/examples/v2/security-monitoring/ListIndicatorsOfCompromise.ts @@ -0,0 +1,22 @@ +/** + * List indicators of compromise returns "OK" response + */ + +import { client, v2 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +configuration.unstableOperations["v2.listIndicatorsOfCompromise"] = true; +const apiInstance = new v2.SecurityMonitoringApi(configuration); + +const params: v2.SecurityMonitoringApiListIndicatorsOfCompromiseRequest = { + limit: 1, +}; + +apiInstance + .listIndicatorsOfCompromise(params) + .then((data: v2.IoCExplorerListResponse) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/features/support/scenarios_model_mapping.ts b/features/support/scenarios_model_mapping.ts index 803083e3dcd9..41e25dd9d923 100644 --- a/features/support/scenarios_model_mapping.ts +++ b/features/support/scenarios_model_mapping.ts @@ -4486,6 +4486,36 @@ export const ScenariosModelMappings: {[key: string]: {[key: string]: any}} = { }, "operationResponseType": "ScannedAssetsMetadata", }, + "v2.ListIndicatorsOfCompromise": { + "limit": { + "type": "number", + "format": "int32", + }, + "offset": { + "type": "number", + "format": "int32", + }, + "query": { + "type": "string", + "format": "", + }, + "sortColumn": { + "type": "string", + "format": "", + }, + "sortOrder": { + "type": "string", + "format": "", + }, + "operationResponseType": "IoCExplorerListResponse", + }, + "v2.GetIndicatorOfCompromise": { + "indicator": { + "type": "string", + "format": "", + }, + "operationResponseType": "GetIoCIndicatorResponse", + }, "v2.GetSignalNotificationRules": { "operationResponseType": "NotificationRulesList", }, diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 1fdee4f141b9..ac7b626e0d39 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -1298,6 +1298,30 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "data[0].attributes.name" is equal to "suppression2 {{ unique_hash }}" + @generated @skip @team:DataDog/k9-cloud-siem + Scenario: Get an indicator of compromise returns "Bad Request" response + Given operation "GetIndicatorOfCompromise" enabled + And new "GetIndicatorOfCompromise" request + And request contains "indicator" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: Get an indicator of compromise returns "Not Found" response + Given operation "GetIndicatorOfCompromise" enabled + And new "GetIndicatorOfCompromise" request + And request contains "indicator" parameter with value "this-indicator-does-not-exist.invalid" + When the request is sent + Then the response status is 404 Not Found + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: Get an indicator of compromise returns "OK" response + Given operation "GetIndicatorOfCompromise" enabled + And new "GetIndicatorOfCompromise" request + And request contains "indicator" parameter with value "masscan/1.3 (https://github.com/robertdavidgraham/masscan)" + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-siem Scenario: Get content pack states returns "Not Found" response Given operation "GetContentPacksStates" enabled @@ -1573,6 +1597,22 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: List indicators of compromise returns "Bad Request" response + Given operation "ListIndicatorsOfCompromise" enabled + And new "ListIndicatorsOfCompromise" request + And request contains "query" parameter with value "invalid:::query" + When the request is sent + Then the response status is 400 Bad Request + + @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + Scenario: List indicators of compromise returns "OK" response + Given operation "ListIndicatorsOfCompromise" enabled + And new "ListIndicatorsOfCompromise" request + And request contains "limit" parameter with value 1 + When the request is sent + Then the response status is 200 OK + @team:DataDog/k9-cloud-siem Scenario: List resource filters returns "Bad Request" response Given new "GetResourceEvaluationFilters" request diff --git a/features/v2/undo.json b/features/v2/undo.json index 02b5c2d4c59c..c7ef9624df90 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -5283,6 +5283,18 @@ "type": "safe" } }, + "ListIndicatorsOfCompromise": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "GetIndicatorOfCompromise": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "GetSignalNotificationRules": { "tag": "Security Monitoring", "undo": { diff --git a/packages/datadog-api-client-common/configuration.ts b/packages/datadog-api-client-common/configuration.ts index 2bc0184472bc..180d21448d87 100644 --- a/packages/datadog-api-client-common/configuration.ts +++ b/packages/datadog-api-client-common/configuration.ts @@ -279,12 +279,14 @@ export function createConfiguration( "v2.deleteThreatHuntingJob": false, "v2.getContentPacksStates": false, "v2.getFinding": false, + "v2.getIndicatorOfCompromise": false, "v2.getRuleVersionHistory": false, "v2.getSecretsRules": false, "v2.getSecurityMonitoringHistsignal": false, "v2.getSecurityMonitoringHistsignalsByJobId": false, "v2.getThreatHuntingJob": false, "v2.listFindings": false, + "v2.listIndicatorsOfCompromise": false, "v2.listMultipleRulesets": false, "v2.listScannedAssetsMetadata": false, "v2.listSecurityMonitoringHistsignals": false, diff --git a/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts b/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts index 8a34dfe6d6af..020b019be4e7 100644 --- a/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts +++ b/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts @@ -40,12 +40,14 @@ import { FindingStatus } from "../models/FindingStatus"; import { FindingVulnerabilityType } from "../models/FindingVulnerabilityType"; import { GetCustomFrameworkResponse } from "../models/GetCustomFrameworkResponse"; import { GetFindingResponse } from "../models/GetFindingResponse"; +import { GetIoCIndicatorResponse } from "../models/GetIoCIndicatorResponse"; import { GetMultipleRulesetsRequest } from "../models/GetMultipleRulesetsRequest"; import { GetMultipleRulesetsResponse } from "../models/GetMultipleRulesetsResponse"; import { GetResourceEvaluationFiltersResponse } from "../models/GetResourceEvaluationFiltersResponse"; import { GetRuleVersionHistoryResponse } from "../models/GetRuleVersionHistoryResponse"; import { GetSBOMResponse } from "../models/GetSBOMResponse"; import { GetSuppressionVersionHistoryResponse } from "../models/GetSuppressionVersionHistoryResponse"; +import { IoCExplorerListResponse } from "../models/IoCExplorerListResponse"; import { JobCreateResponse } from "../models/JobCreateResponse"; import { JSONAPIErrorResponse } from "../models/JSONAPIErrorResponse"; import { ListAssetsSBOMsResponse } from "../models/ListAssetsSBOMsResponse"; @@ -1681,6 +1683,53 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } + public async getIndicatorOfCompromise( + indicator: string, + _options?: Configuration + ): Promise { + const _config = _options || this.configuration; + + logger.warn("Using unstable operation 'getIndicatorOfCompromise'"); + if (!_config.unstableOperations["v2.getIndicatorOfCompromise"]) { + throw new Error( + "Unstable operation 'getIndicatorOfCompromise' is disabled" + ); + } + + // verify required parameter 'indicator' is not null or undefined + if (indicator === null || indicator === undefined) { + throw new RequiredError("indicator", "getIndicatorOfCompromise"); + } + + // Path Params + const localVarPath = "/api/v2/security/siem/ioc-explorer/indicator"; + + // Make Request Context + const requestContext = _config + .getServer("v2.SecurityMonitoringApi.getIndicatorOfCompromise") + .makeRequestContext(localVarPath, HttpMethod.GET); + requestContext.setHeaderParam("Accept", "application/json"); + requestContext.setHttpConfig(_config.httpConfig); + + // Query Params + if (indicator !== undefined) { + requestContext.setQueryParam( + "indicator", + ObjectSerializer.serialize(indicator, "string", ""), + "" + ); + } + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + "AuthZ", + ]); + + return requestContext; + } + public async getInvestigationLogQueriesMatchingSignal( signalId: string, _options?: Configuration @@ -2824,6 +2873,80 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } + public async listIndicatorsOfCompromise( + limit?: number, + offset?: number, + query?: string, + sortColumn?: string, + sortOrder?: string, + _options?: Configuration + ): Promise { + const _config = _options || this.configuration; + + logger.warn("Using unstable operation 'listIndicatorsOfCompromise'"); + if (!_config.unstableOperations["v2.listIndicatorsOfCompromise"]) { + throw new Error( + "Unstable operation 'listIndicatorsOfCompromise' is disabled" + ); + } + + // Path Params + const localVarPath = "/api/v2/security/siem/ioc-explorer"; + + // Make Request Context + const requestContext = _config + .getServer("v2.SecurityMonitoringApi.listIndicatorsOfCompromise") + .makeRequestContext(localVarPath, HttpMethod.GET); + requestContext.setHeaderParam("Accept", "application/json"); + requestContext.setHttpConfig(_config.httpConfig); + + // Query Params + if (limit !== undefined) { + requestContext.setQueryParam( + "limit", + ObjectSerializer.serialize(limit, "number", "int32"), + "" + ); + } + if (offset !== undefined) { + requestContext.setQueryParam( + "offset", + ObjectSerializer.serialize(offset, "number", "int32"), + "" + ); + } + if (query !== undefined) { + requestContext.setQueryParam( + "query", + ObjectSerializer.serialize(query, "string", ""), + "" + ); + } + if (sortColumn !== undefined) { + requestContext.setQueryParam( + "sort[column]", + ObjectSerializer.serialize(sortColumn, "string", ""), + "" + ); + } + if (sortOrder !== undefined) { + requestContext.setQueryParam( + "sort[order]", + ObjectSerializer.serialize(sortOrder, "string", ""), + "" + ); + } + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + "AuthZ", + ]); + + return requestContext; + } + public async listMultipleRulesets( body: GetMultipleRulesetsRequest, _options?: Configuration @@ -7111,6 +7234,69 @@ export class SecurityMonitoringApiResponseProcessor { ); } + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to getIndicatorOfCompromise + * @throws ApiException if the response code was not in [200, 299] + */ + public async getIndicatorOfCompromise( + response: ResponseContext + ): Promise { + const contentType = ObjectSerializer.normalizeMediaType( + response.headers["content-type"] + ); + if (response.httpStatusCode === 200) { + const body: GetIoCIndicatorResponse = ObjectSerializer.deserialize( + ObjectSerializer.parse(await response.body.text(), contentType), + "GetIoCIndicatorResponse" + ) as GetIoCIndicatorResponse; + return body; + } + if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 403 || + response.httpStatusCode === 404 || + response.httpStatusCode === 429 + ) { + const bodyText = ObjectSerializer.parse( + await response.body.text(), + contentType + ); + let body: APIErrorResponse; + try { + body = ObjectSerializer.deserialize( + bodyText, + "APIErrorResponse" + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + const body: GetIoCIndicatorResponse = ObjectSerializer.deserialize( + ObjectSerializer.parse(await response.body.text(), contentType), + "GetIoCIndicatorResponse", + "" + ) as GetIoCIndicatorResponse; + return body; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"' + ); + } + /** * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects @@ -8597,6 +8783,68 @@ export class SecurityMonitoringApiResponseProcessor { ); } + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to listIndicatorsOfCompromise + * @throws ApiException if the response code was not in [200, 299] + */ + public async listIndicatorsOfCompromise( + response: ResponseContext + ): Promise { + const contentType = ObjectSerializer.normalizeMediaType( + response.headers["content-type"] + ); + if (response.httpStatusCode === 200) { + const body: IoCExplorerListResponse = ObjectSerializer.deserialize( + ObjectSerializer.parse(await response.body.text(), contentType), + "IoCExplorerListResponse" + ) as IoCExplorerListResponse; + return body; + } + if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 403 || + response.httpStatusCode === 429 + ) { + const bodyText = ObjectSerializer.parse( + await response.body.text(), + contentType + ); + let body: APIErrorResponse; + try { + body = ObjectSerializer.deserialize( + bodyText, + "APIErrorResponse" + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + const body: IoCExplorerListResponse = ObjectSerializer.deserialize( + ObjectSerializer.parse(await response.body.text(), contentType), + "IoCExplorerListResponse", + "" + ) as IoCExplorerListResponse; + return body; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"' + ); + } + /** * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects @@ -10827,6 +11075,14 @@ export interface SecurityMonitoringApiGetFindingRequest { snapshotTimestamp?: number; } +export interface SecurityMonitoringApiGetIndicatorOfCompromiseRequest { + /** + * The indicator value to look up (for example, an IP address or domain). + * @type string + */ + indicator: string; +} + export interface SecurityMonitoringApiGetInvestigationLogQueriesMatchingSignalRequest { /** * The ID of the signal. @@ -11166,6 +11422,34 @@ export interface SecurityMonitoringApiListFindingsRequest { detailedFindings?: boolean; } +export interface SecurityMonitoringApiListIndicatorsOfCompromiseRequest { + /** + * Number of results per page. + * @type number + */ + limit?: number; + /** + * Pagination offset. + * @type number + */ + offset?: number; + /** + * Search/filter query (supports field:value syntax). + * @type string + */ + query?: string; + /** + * Sort column: score, first_seen_ts_epoch, last_seen_ts_epoch, indicator, indicator_type, signal_count, log_count, category, as_type. + * @type string + */ + sortColumn?: string; + /** + * Sort order: asc or desc. + * @type string + */ + sortOrder?: string; +} + export interface SecurityMonitoringApiListMultipleRulesetsRequest { /** * @type GetMultipleRulesetsRequest @@ -12697,6 +12981,29 @@ export class SecurityMonitoringApi { }); } + /** + * Get detailed information about a specific indicator of compromise (IoC). + * @param param The request object + */ + public getIndicatorOfCompromise( + param: SecurityMonitoringApiGetIndicatorOfCompromiseRequest, + options?: Configuration + ): Promise { + const requestContextPromise = this.requestFactory.getIndicatorOfCompromise( + param.indicator, + options + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.getIndicatorOfCompromise( + responseContext + ); + }); + }); + } + /** * Get the list of investigation log queries available for a given security signal. * @param param The request object @@ -13363,6 +13670,34 @@ export class SecurityMonitoringApi { } } + /** + * Get a list of indicators of compromise (IoCs) matching the specified filters. + * @param param The request object + */ + public listIndicatorsOfCompromise( + param: SecurityMonitoringApiListIndicatorsOfCompromiseRequest = {}, + options?: Configuration + ): Promise { + const requestContextPromise = + this.requestFactory.listIndicatorsOfCompromise( + param.limit, + param.offset, + param.query, + param.sortColumn, + param.sortOrder, + options + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.listIndicatorsOfCompromise( + responseContext + ); + }); + }); + } + /** * Get rules for multiple rulesets in batch. * @param param The request object diff --git a/packages/datadog-api-client-v2/index.ts b/packages/datadog-api-client-v2/index.ts index 9cf52a9f7f5b..14b569f81180 100644 --- a/packages/datadog-api-client-v2/index.ts +++ b/packages/datadog-api-client-v2/index.ts @@ -1041,6 +1041,7 @@ export { SecurityMonitoringApiGetCriticalAssetsAffectingRuleRequest, SecurityMonitoringApiGetCustomFrameworkRequest, SecurityMonitoringApiGetFindingRequest, + SecurityMonitoringApiGetIndicatorOfCompromiseRequest, SecurityMonitoringApiGetInvestigationLogQueriesMatchingSignalRequest, SecurityMonitoringApiGetResourceEvaluationFiltersRequest, SecurityMonitoringApiGetRuleVersionHistoryRequest, @@ -1061,6 +1062,7 @@ export { SecurityMonitoringApiGetVulnerabilityNotificationRuleRequest, SecurityMonitoringApiListAssetsSBOMsRequest, SecurityMonitoringApiListFindingsRequest, + SecurityMonitoringApiListIndicatorsOfCompromiseRequest, SecurityMonitoringApiListMultipleRulesetsRequest, SecurityMonitoringApiListScannedAssetsMetadataRequest, SecurityMonitoringApiListSecurityFindingsRequest, @@ -3116,6 +3118,9 @@ export { GetInvestigationResponse } from "./models/GetInvestigationResponse"; export { GetInvestigationResponseData } from "./models/GetInvestigationResponseData"; export { GetInvestigationResponseDataAttributes } from "./models/GetInvestigationResponseDataAttributes"; export { GetInvestigationResponseLinks } from "./models/GetInvestigationResponseLinks"; +export { GetIoCIndicatorResponse } from "./models/GetIoCIndicatorResponse"; +export { GetIoCIndicatorResponseAttributes } from "./models/GetIoCIndicatorResponseAttributes"; +export { GetIoCIndicatorResponseData } from "./models/GetIoCIndicatorResponseData"; export { GetIssueIncludeQueryParameterItem } from "./models/GetIssueIncludeQueryParameterItem"; export { GetMappingResponse } from "./models/GetMappingResponse"; export { GetMappingResponseData } from "./models/GetMappingResponseData"; @@ -3475,6 +3480,17 @@ export { InterfaceAttributes } from "./models/InterfaceAttributes"; export { InterfaceAttributesStatus } from "./models/InterfaceAttributesStatus"; export { InvestigationConclusion } from "./models/InvestigationConclusion"; export { InvestigationType } from "./models/InvestigationType"; +export { IoCExplorerListResponse } from "./models/IoCExplorerListResponse"; +export { IoCExplorerListResponseAttributes } from "./models/IoCExplorerListResponseAttributes"; +export { IoCExplorerListResponseData } from "./models/IoCExplorerListResponseData"; +export { IoCExplorerListResponseMetadata } from "./models/IoCExplorerListResponseMetadata"; +export { IoCExplorerListResponsePaging } from "./models/IoCExplorerListResponsePaging"; +export { IoCGeoLocation } from "./models/IoCGeoLocation"; +export { IoCIndicator } from "./models/IoCIndicator"; +export { IoCIndicatorDetailed } from "./models/IoCIndicatorDetailed"; +export { IoCScoreEffect } from "./models/IoCScoreEffect"; +export { IoCSignalSeverityCount } from "./models/IoCSignalSeverityCount"; +export { IoCSource } from "./models/IoCSource"; export { IPAllowlistAttributes } from "./models/IPAllowlistAttributes"; export { IPAllowlistData } from "./models/IPAllowlistData"; export { IPAllowlistEntry } from "./models/IPAllowlistEntry"; diff --git a/packages/datadog-api-client-v2/models/GetIoCIndicatorResponse.ts b/packages/datadog-api-client-v2/models/GetIoCIndicatorResponse.ts new file mode 100644 index 000000000000..bfe809e1d7f2 --- /dev/null +++ b/packages/datadog-api-client-v2/models/GetIoCIndicatorResponse.ts @@ -0,0 +1,53 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { GetIoCIndicatorResponseData } from "./GetIoCIndicatorResponseData"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Response for the get indicator of compromise endpoint. + */ +export class GetIoCIndicatorResponse { + /** + * IoC indicator response data object. + */ + "data"?: GetIoCIndicatorResponseData; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + data: { + baseName: "data", + type: "GetIoCIndicatorResponseData", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return GetIoCIndicatorResponse.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/GetIoCIndicatorResponseAttributes.ts b/packages/datadog-api-client-v2/models/GetIoCIndicatorResponseAttributes.ts new file mode 100644 index 000000000000..cfd4f954ddb6 --- /dev/null +++ b/packages/datadog-api-client-v2/models/GetIoCIndicatorResponseAttributes.ts @@ -0,0 +1,53 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { IoCIndicatorDetailed } from "./IoCIndicatorDetailed"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Attributes of the get indicator response. + */ +export class GetIoCIndicatorResponseAttributes { + /** + * An indicator of compromise with extended context from your environment. + */ + "data"?: IoCIndicatorDetailed; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + data: { + baseName: "data", + type: "IoCIndicatorDetailed", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return GetIoCIndicatorResponseAttributes.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/GetIoCIndicatorResponseData.ts b/packages/datadog-api-client-v2/models/GetIoCIndicatorResponseData.ts new file mode 100644 index 000000000000..c16bef075dab --- /dev/null +++ b/packages/datadog-api-client-v2/models/GetIoCIndicatorResponseData.ts @@ -0,0 +1,69 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { GetIoCIndicatorResponseAttributes } from "./GetIoCIndicatorResponseAttributes"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * IoC indicator response data object. + */ +export class GetIoCIndicatorResponseData { + /** + * Attributes of the get indicator response. + */ + "attributes"?: GetIoCIndicatorResponseAttributes; + /** + * Unique identifier for the response. + */ + "id"?: string; + /** + * Response type identifier. + */ + "type"?: string; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + attributes: { + baseName: "attributes", + type: "GetIoCIndicatorResponseAttributes", + }, + id: { + baseName: "id", + type: "string", + }, + type: { + baseName: "type", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return GetIoCIndicatorResponseData.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/IoCExplorerListResponse.ts b/packages/datadog-api-client-v2/models/IoCExplorerListResponse.ts new file mode 100644 index 000000000000..9fbecfcc2cfc --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCExplorerListResponse.ts @@ -0,0 +1,53 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { IoCExplorerListResponseData } from "./IoCExplorerListResponseData"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Response for the list indicators of compromise endpoint. + */ +export class IoCExplorerListResponse { + /** + * IoC Explorer list response data object. + */ + "data"?: IoCExplorerListResponseData; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + data: { + baseName: "data", + type: "IoCExplorerListResponseData", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return IoCExplorerListResponse.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/IoCExplorerListResponseAttributes.ts b/packages/datadog-api-client-v2/models/IoCExplorerListResponseAttributes.ts new file mode 100644 index 000000000000..4e98b4459189 --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCExplorerListResponseAttributes.ts @@ -0,0 +1,71 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { IoCExplorerListResponseMetadata } from "./IoCExplorerListResponseMetadata"; +import { IoCExplorerListResponsePaging } from "./IoCExplorerListResponsePaging"; +import { IoCIndicator } from "./IoCIndicator"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Attributes of the IoC Explorer list response. + */ +export class IoCExplorerListResponseAttributes { + /** + * List of indicators of compromise. + */ + "data"?: Array; + /** + * Response metadata. + */ + "metadata"?: IoCExplorerListResponseMetadata; + /** + * Pagination information. + */ + "paging"?: IoCExplorerListResponsePaging; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + data: { + baseName: "data", + type: "Array", + }, + metadata: { + baseName: "metadata", + type: "IoCExplorerListResponseMetadata", + }, + paging: { + baseName: "paging", + type: "IoCExplorerListResponsePaging", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return IoCExplorerListResponseAttributes.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/IoCExplorerListResponseData.ts b/packages/datadog-api-client-v2/models/IoCExplorerListResponseData.ts new file mode 100644 index 000000000000..bf043d3734eb --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCExplorerListResponseData.ts @@ -0,0 +1,69 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { IoCExplorerListResponseAttributes } from "./IoCExplorerListResponseAttributes"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * IoC Explorer list response data object. + */ +export class IoCExplorerListResponseData { + /** + * Attributes of the IoC Explorer list response. + */ + "attributes"?: IoCExplorerListResponseAttributes; + /** + * Unique identifier for the response. + */ + "id"?: string; + /** + * Response type identifier. + */ + "type"?: string; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + attributes: { + baseName: "attributes", + type: "IoCExplorerListResponseAttributes", + }, + id: { + baseName: "id", + type: "string", + }, + type: { + baseName: "type", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return IoCExplorerListResponseData.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/IoCExplorerListResponseMetadata.ts b/packages/datadog-api-client-v2/models/IoCExplorerListResponseMetadata.ts new file mode 100644 index 000000000000..eb91fb67d7bd --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCExplorerListResponseMetadata.ts @@ -0,0 +1,53 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Response metadata. + */ +export class IoCExplorerListResponseMetadata { + /** + * Total number of indicators matching the query. + */ + "count"?: number; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + count: { + baseName: "count", + type: "number", + format: "int64", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return IoCExplorerListResponseMetadata.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/IoCExplorerListResponsePaging.ts b/packages/datadog-api-client-v2/models/IoCExplorerListResponsePaging.ts new file mode 100644 index 000000000000..c73e06bb3484 --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCExplorerListResponsePaging.ts @@ -0,0 +1,53 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Pagination information. + */ +export class IoCExplorerListResponsePaging { + /** + * Current pagination offset. + */ + "offset"?: number; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + offset: { + baseName: "offset", + type: "number", + format: "int64", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return IoCExplorerListResponsePaging.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/IoCGeoLocation.ts b/packages/datadog-api-client-v2/models/IoCGeoLocation.ts new file mode 100644 index 000000000000..4cacd3632728 --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCGeoLocation.ts @@ -0,0 +1,68 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Geographic location information for an IP indicator. + */ +export class IoCGeoLocation { + /** + * City name. + */ + "city"?: string; + /** + * ISO country code. + */ + "countryCode"?: string; + /** + * Full country name. + */ + "countryName"?: string; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + city: { + baseName: "city", + type: "string", + }, + countryCode: { + baseName: "country_code", + type: "string", + }, + countryName: { + baseName: "country_name", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return IoCGeoLocation.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/IoCIndicator.ts b/packages/datadog-api-client-v2/models/IoCIndicator.ts new file mode 100644 index 000000000000..27134474a029 --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCIndicator.ts @@ -0,0 +1,221 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { IoCGeoLocation } from "./IoCGeoLocation"; +import { IoCScoreEffect } from "./IoCScoreEffect"; +import { IoCSource } from "./IoCSource"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * An indicator of compromise with threat intelligence data. + */ +export class IoCIndicator { + /** + * Geographic location information for an IP indicator. + */ + "asGeo"?: IoCGeoLocation; + /** + * Autonomous system type. + */ + "asType"?: string; + /** + * Threat intelligence sources that flagged this indicator as benign. + */ + "benignSources"?: Array; + /** + * Threat categories associated with the indicator. + */ + "categories"?: Array; + /** + * Timestamp when the indicator was first seen. + */ + "firstSeen"?: Date; + /** + * Unique identifier for the indicator. + */ + "id"?: string; + /** + * The indicator value (for example, an IP address or domain). + */ + "indicator"?: string; + /** + * Type of indicator (for example, IP address or domain). + */ + "indicatorType"?: string; + /** + * Timestamp when the indicator was last seen. + */ + "lastSeen"?: Date; + /** + * Number of logs that matched this indicator. + */ + "logMatches"?: number; + /** + * Effect of a scoring factor on the indicator's threat score. + */ + "mAsType"?: IoCScoreEffect; + /** + * Effect of a scoring factor on the indicator's threat score. + */ + "mPersistence"?: IoCScoreEffect; + /** + * Effect of a scoring factor on the indicator's threat score. + */ + "mSignal"?: IoCScoreEffect; + /** + * Effect of a scoring factor on the indicator's threat score. + */ + "mSources"?: IoCScoreEffect; + /** + * Threat intelligence sources that flagged this indicator as malicious. + */ + "maliciousSources"?: Array; + /** + * Effect of a scoring factor on the indicator's threat score. + */ + "maxTrustScore"?: IoCScoreEffect; + /** + * Threat score for the indicator (0-100). + */ + "score"?: number; + /** + * Number of security signals that matched this indicator. + */ + "signalMatches"?: number; + /** + * Signal tier level. + */ + "signalTier"?: number; + /** + * Threat intelligence sources that flagged this indicator as suspicious. + */ + "suspiciousSources"?: Array; + /** + * Tags associated with the indicator. + */ + "tags"?: Array; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + asGeo: { + baseName: "as_geo", + type: "IoCGeoLocation", + }, + asType: { + baseName: "as_type", + type: "string", + }, + benignSources: { + baseName: "benign_sources", + type: "Array", + }, + categories: { + baseName: "categories", + type: "Array", + }, + firstSeen: { + baseName: "first_seen", + type: "Date", + format: "date-time", + }, + id: { + baseName: "id", + type: "string", + }, + indicator: { + baseName: "indicator", + type: "string", + }, + indicatorType: { + baseName: "indicator_type", + type: "string", + }, + lastSeen: { + baseName: "last_seen", + type: "Date", + format: "date-time", + }, + logMatches: { + baseName: "log_matches", + type: "number", + format: "int64", + }, + mAsType: { + baseName: "m_as_type", + type: "IoCScoreEffect", + }, + mPersistence: { + baseName: "m_persistence", + type: "IoCScoreEffect", + }, + mSignal: { + baseName: "m_signal", + type: "IoCScoreEffect", + }, + mSources: { + baseName: "m_sources", + type: "IoCScoreEffect", + }, + maliciousSources: { + baseName: "malicious_sources", + type: "Array", + }, + maxTrustScore: { + baseName: "max_trust_score", + type: "IoCScoreEffect", + }, + score: { + baseName: "score", + type: "number", + format: "double", + }, + signalMatches: { + baseName: "signal_matches", + type: "number", + format: "int64", + }, + signalTier: { + baseName: "signal_tier", + type: "number", + format: "int64", + }, + suspiciousSources: { + baseName: "suspicious_sources", + type: "Array", + }, + tags: { + baseName: "tags", + type: "Array", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return IoCIndicator.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/IoCIndicatorDetailed.ts b/packages/datadog-api-client-v2/models/IoCIndicatorDetailed.ts new file mode 100644 index 000000000000..1b1528f72cb7 --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCIndicatorDetailed.ts @@ -0,0 +1,302 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { IoCGeoLocation } from "./IoCGeoLocation"; +import { IoCScoreEffect } from "./IoCScoreEffect"; +import { IoCSignalSeverityCount } from "./IoCSignalSeverityCount"; +import { IoCSource } from "./IoCSource"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * An indicator of compromise with extended context from your environment. + */ +export class IoCIndicatorDetailed { + /** + * Additional domain-specific context from threat intelligence sources. + */ + "additionalData"?: { [key: string]: any }; + /** + * Autonomous system CIDR block. + */ + "asCidrBlock"?: string; + /** + * Geographic location information for an IP indicator. + */ + "asGeo"?: IoCGeoLocation; + /** + * Autonomous system number. + */ + "asNumber"?: string; + /** + * Autonomous system organization name. + */ + "asOrganization"?: string; + /** + * Autonomous system type. + */ + "asType"?: string; + /** + * Threat intelligence sources that flagged this indicator as benign. + */ + "benignSources"?: Array; + /** + * Threat categories associated with the indicator. + */ + "categories"?: Array; + /** + * Critical assets associated with this indicator. + */ + "criticalAssets"?: Array; + /** + * Timestamp when the indicator was first seen. + */ + "firstSeen"?: Date; + /** + * Hosts associated with this indicator. + */ + "hosts"?: Array; + /** + * Unique identifier for the indicator. + */ + "id"?: string; + /** + * The indicator value (for example, an IP address or domain). + */ + "indicator"?: string; + /** + * Type of indicator (for example, IP address or domain). + */ + "indicatorType"?: string; + /** + * Timestamp when the indicator was last seen. + */ + "lastSeen"?: Date; + /** + * Number of logs that matched this indicator. + */ + "logMatches"?: number; + /** + * Log sources where this indicator was observed. + */ + "logSources"?: Array; + /** + * Effect of a scoring factor on the indicator's threat score. + */ + "mAsType"?: IoCScoreEffect; + /** + * Effect of a scoring factor on the indicator's threat score. + */ + "mPersistence"?: IoCScoreEffect; + /** + * Effect of a scoring factor on the indicator's threat score. + */ + "mSignal"?: IoCScoreEffect; + /** + * Effect of a scoring factor on the indicator's threat score. + */ + "mSources"?: IoCScoreEffect; + /** + * Threat intelligence sources that flagged this indicator as malicious. + */ + "maliciousSources"?: Array; + /** + * Effect of a scoring factor on the indicator's threat score. + */ + "maxTrustScore"?: IoCScoreEffect; + /** + * Threat score for the indicator (0-100). + */ + "score"?: number; + /** + * Services where this indicator was observed. + */ + "services"?: Array; + /** + * Number of security signals that matched this indicator. + */ + "signalMatches"?: number; + /** + * Breakdown of security signals by severity. + */ + "signalSeverity"?: Array; + /** + * Signal tier level. + */ + "signalTier"?: number; + /** + * Threat intelligence sources that flagged this indicator as suspicious. + */ + "suspiciousSources"?: Array; + /** + * Tags associated with the indicator. + */ + "tags"?: Array; + /** + * Users associated with this indicator, grouped by category. + */ + "users"?: { [key: string]: Array }; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + additionalData: { + baseName: "additional_data", + type: "{ [key: string]: any; }", + }, + asCidrBlock: { + baseName: "as_cidr_block", + type: "string", + }, + asGeo: { + baseName: "as_geo", + type: "IoCGeoLocation", + }, + asNumber: { + baseName: "as_number", + type: "string", + }, + asOrganization: { + baseName: "as_organization", + type: "string", + }, + asType: { + baseName: "as_type", + type: "string", + }, + benignSources: { + baseName: "benign_sources", + type: "Array", + }, + categories: { + baseName: "categories", + type: "Array", + }, + criticalAssets: { + baseName: "critical_assets", + type: "Array", + }, + firstSeen: { + baseName: "first_seen", + type: "Date", + format: "date-time", + }, + hosts: { + baseName: "hosts", + type: "Array", + }, + id: { + baseName: "id", + type: "string", + }, + indicator: { + baseName: "indicator", + type: "string", + }, + indicatorType: { + baseName: "indicator_type", + type: "string", + }, + lastSeen: { + baseName: "last_seen", + type: "Date", + format: "date-time", + }, + logMatches: { + baseName: "log_matches", + type: "number", + format: "int64", + }, + logSources: { + baseName: "log_sources", + type: "Array", + }, + mAsType: { + baseName: "m_as_type", + type: "IoCScoreEffect", + }, + mPersistence: { + baseName: "m_persistence", + type: "IoCScoreEffect", + }, + mSignal: { + baseName: "m_signal", + type: "IoCScoreEffect", + }, + mSources: { + baseName: "m_sources", + type: "IoCScoreEffect", + }, + maliciousSources: { + baseName: "malicious_sources", + type: "Array", + }, + maxTrustScore: { + baseName: "max_trust_score", + type: "IoCScoreEffect", + }, + score: { + baseName: "score", + type: "number", + format: "double", + }, + services: { + baseName: "services", + type: "Array", + }, + signalMatches: { + baseName: "signal_matches", + type: "number", + format: "int64", + }, + signalSeverity: { + baseName: "signal_severity", + type: "Array", + }, + signalTier: { + baseName: "signal_tier", + type: "number", + format: "int64", + }, + suspiciousSources: { + baseName: "suspicious_sources", + type: "Array", + }, + tags: { + baseName: "tags", + type: "Array", + }, + users: { + baseName: "users", + type: "{ [key: string]: Array; }", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return IoCIndicatorDetailed.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/IoCScoreEffect.ts b/packages/datadog-api-client-v2/models/IoCScoreEffect.ts new file mode 100644 index 000000000000..51b17be542b1 --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCScoreEffect.ts @@ -0,0 +1,20 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * Effect of a scoring factor on the indicator's threat score. + */ + +export type IoCScoreEffect = + | typeof RAISE_SCORE + | typeof LOWER_SCORE + | typeof NO_EFFECT + | UnparsedObject; +export const RAISE_SCORE = "RAISE_SCORE"; +export const LOWER_SCORE = "LOWER_SCORE"; +export const NO_EFFECT = "NO_EFFECT"; diff --git a/packages/datadog-api-client-v2/models/IoCSignalSeverityCount.ts b/packages/datadog-api-client-v2/models/IoCSignalSeverityCount.ts new file mode 100644 index 000000000000..8d07a2f2ec4f --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCSignalSeverityCount.ts @@ -0,0 +1,61 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Count of security signals by severity level. + */ +export class IoCSignalSeverityCount { + /** + * Number of signals at this severity level. + */ + "count"?: number; + /** + * Severity level (for example, critical, high, medium, low, info). + */ + "severity"?: string; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + count: { + baseName: "count", + type: "number", + format: "int64", + }, + severity: { + baseName: "severity", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return IoCSignalSeverityCount.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/IoCSource.ts b/packages/datadog-api-client-v2/models/IoCSource.ts new file mode 100644 index 000000000000..988ea42caa09 --- /dev/null +++ b/packages/datadog-api-client-v2/models/IoCSource.ts @@ -0,0 +1,52 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * A threat intelligence source that has flagged an indicator. + */ +export class IoCSource { + /** + * Name of the threat intelligence source. + */ + "name"?: string; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + name: { + baseName: "name", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return IoCSource.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v2/models/ObjectSerializer.ts b/packages/datadog-api-client-v2/models/ObjectSerializer.ts index f07d1b4a2c6c..efcd04f9d7f3 100644 --- a/packages/datadog-api-client-v2/models/ObjectSerializer.ts +++ b/packages/datadog-api-client-v2/models/ObjectSerializer.ts @@ -1380,6 +1380,9 @@ import { GetInvestigationResponse } from "./GetInvestigationResponse"; import { GetInvestigationResponseData } from "./GetInvestigationResponseData"; import { GetInvestigationResponseDataAttributes } from "./GetInvestigationResponseDataAttributes"; import { GetInvestigationResponseLinks } from "./GetInvestigationResponseLinks"; +import { GetIoCIndicatorResponse } from "./GetIoCIndicatorResponse"; +import { GetIoCIndicatorResponseAttributes } from "./GetIoCIndicatorResponseAttributes"; +import { GetIoCIndicatorResponseData } from "./GetIoCIndicatorResponseData"; import { GetMappingResponse } from "./GetMappingResponse"; import { GetMappingResponseData } from "./GetMappingResponseData"; import { GetMappingResponseDataAttributes } from "./GetMappingResponseDataAttributes"; @@ -1665,6 +1668,16 @@ import { IntegrationServiceNowSyncConfig139772721534496 } from "./IntegrationSer import { IntegrationServiceNowSyncConfigPriority } from "./IntegrationServiceNowSyncConfigPriority"; import { InterfaceAttributes } from "./InterfaceAttributes"; import { InvestigationConclusion } from "./InvestigationConclusion"; +import { IoCExplorerListResponse } from "./IoCExplorerListResponse"; +import { IoCExplorerListResponseAttributes } from "./IoCExplorerListResponseAttributes"; +import { IoCExplorerListResponseData } from "./IoCExplorerListResponseData"; +import { IoCExplorerListResponseMetadata } from "./IoCExplorerListResponseMetadata"; +import { IoCExplorerListResponsePaging } from "./IoCExplorerListResponsePaging"; +import { IoCGeoLocation } from "./IoCGeoLocation"; +import { IoCIndicator } from "./IoCIndicator"; +import { IoCIndicatorDetailed } from "./IoCIndicatorDetailed"; +import { IoCSignalSeverityCount } from "./IoCSignalSeverityCount"; +import { IoCSource } from "./IoCSource"; import { Issue } from "./Issue"; import { IssueAssigneeRelationship } from "./IssueAssigneeRelationship"; import { IssueAttributes } from "./IssueAttributes"; @@ -4625,6 +4638,7 @@ const enumsMap: { [key: string]: any[] } = { IntegrationType: ["integration"], InterfaceAttributesStatus: ["up", "down", "warning", "off"], InvestigationType: ["investigation"], + IoCScoreEffect: ["RAISE_SCORE", "LOWER_SCORE", "NO_EFFECT"], IssueCaseResourceType: ["case"], IssueLanguage: [ "BRIGHTSCRIPT", @@ -7686,6 +7700,9 @@ const typeMap: { [index: string]: any } = { GetInvestigationResponseDataAttributes: GetInvestigationResponseDataAttributes, GetInvestigationResponseLinks: GetInvestigationResponseLinks, + GetIoCIndicatorResponse: GetIoCIndicatorResponse, + GetIoCIndicatorResponseAttributes: GetIoCIndicatorResponseAttributes, + GetIoCIndicatorResponseData: GetIoCIndicatorResponseData, GetMappingResponse: GetMappingResponse, GetMappingResponseData: GetMappingResponseData, GetMappingResponseDataAttributes: GetMappingResponseDataAttributes, @@ -8025,6 +8042,16 @@ const typeMap: { [index: string]: any } = { IntegrationServiceNowSyncConfigPriority, InterfaceAttributes: InterfaceAttributes, InvestigationConclusion: InvestigationConclusion, + IoCExplorerListResponse: IoCExplorerListResponse, + IoCExplorerListResponseAttributes: IoCExplorerListResponseAttributes, + IoCExplorerListResponseData: IoCExplorerListResponseData, + IoCExplorerListResponseMetadata: IoCExplorerListResponseMetadata, + IoCExplorerListResponsePaging: IoCExplorerListResponsePaging, + IoCGeoLocation: IoCGeoLocation, + IoCIndicator: IoCIndicator, + IoCIndicatorDetailed: IoCIndicatorDetailed, + IoCSignalSeverityCount: IoCSignalSeverityCount, + IoCSource: IoCSource, Issue: Issue, IssueAssigneeRelationship: IssueAssigneeRelationship, IssueAttributes: IssueAttributes,