diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 8a51fd127ec1..933b156f6395 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -57465,7 +57465,8 @@ components: Signal-based notification rules can filter signals based on rule types application_security, log_detection, workload_security, signal_correlation, cloud_configuration and infrastructure_configuration. Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability, - application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration. + application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, + api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability. enum: - application_security - log_detection @@ -57482,6 +57483,8 @@ components: - api_security - host_vulnerability - iac_misconfiguration + - sast_vulnerability + - secret_vulnerability type: string x-enum-varnames: - APPLICATION_SECURITY @@ -57499,6 +57502,8 @@ components: - API_SECURITY - HOST_VULNERABILITY - IAC_MISCONFIGURATION + - SAST_VULNERABILITY + - SECRET_VULNERABILITY RuleUser: description: User creating or modifying a rule. properties: diff --git a/cassettes/v2/Security-Monitoring_1187227211/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-return_1041700713/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-return_1041700713/frozen.json new file mode 100644 index 000000000000..f5c8e2441efa --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-return_1041700713/frozen.json @@ -0,0 +1 @@ +"2026-04-16T13:47:18.057Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-return_1041700713/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-return_1041700713/recording.har new file mode 100644 index 000000000000..f8576bb10836 --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-return_1041700713/recording.har @@ -0,0 +1,104 @@ +{ + "log": { + "_recordingName": "Security Monitoring/Create a new vulnerability-based notification rule with sast and secret rule types returns \"Successfully created the notification rule.\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "c063ba4707a314ad0932fc744f457fd5", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 439, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 613, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"data\":{\"attributes\":{\"enabled\":true,\"name\":\"Test-Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfu-1776347238\",\"selectors\":{\"query\":\"(source:production_service OR env:prod)\",\"rule_types\":[\"sast_vulnerability\",\"secret_vulnerability\"],\"severities\":[\"critical\"],\"trigger_source\":\"security_findings\"},\"targets\":[\"@john.doe@email.com\"],\"time_aggregation\":86400},\"type\":\"notification_rules\"}}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules" + }, + "response": { + "bodySize": 692, + "content": { + "mimeType": "application/vnd.api+json", + "size": 692, + "text": "{\"data\":{\"id\":\"exz-ipg-n1m\",\"type\":\"notification_rules\",\"attributes\":{\"created_at\":1776347239287,\"created_by\":{\"name\":\"CI Account\",\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\"},\"enabled\":true,\"modified_at\":1776347239287,\"modified_by\":{\"name\":\"CI Account\",\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\"},\"name\":\"Test-Create_a_new_vulnerability_based_notification_rule_with_sast_and_secret_rule_types_returns_Successfu-1776347238\",\"selectors\":{\"severities\":[\"critical\"],\"rule_types\":[\"sast_vulnerability\",\"secret_vulnerability\"],\"query\":\"(source:production_service OR env:prod)\",\"trigger_source\":\"security_findings\"},\"targets\":[\"@john.doe@email.com\"],\"time_aggregation\":86400,\"version\":1}}}" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/vnd.api+json" + } + ], + "headersSize": 662, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 201, + "statusText": "Created" + }, + "startedDateTime": "2026-04-16T13:47:19.126Z", + "time": 203 + }, + { + "_id": "9dbd8db3f734efcbf0da5e234a383dd7", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + } + ], + "headersSize": 561, + "httpVersion": "HTTP/1.1", + "method": "DELETE", + "queryString": [], + "url": "https://api.datadoghq.com/api/v2/security/vulnerabilities/notification_rules/exz-ipg-n1m" + }, + "response": { + "bodySize": 0, + "content": { + "mimeType": "text/plain", + "size": 0 + }, + "cookies": [], + "headers": [], + "headersSize": 601, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 204, + "statusText": "No Content" + }, + "startedDateTime": "2026-04-16T13:47:19.349Z", + "time": 93 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.ts b/examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.ts new file mode 100644 index 000000000000..a7afa42df0f6 --- /dev/null +++ b/examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.ts @@ -0,0 +1,39 @@ +/** + * Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the + * notification rule." response + */ + +import { client, v2 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +const apiInstance = new v2.SecurityMonitoringApi(configuration); + +const params: v2.SecurityMonitoringApiCreateVulnerabilityNotificationRuleRequest = + { + body: { + data: { + attributes: { + enabled: true, + name: "Example-Security-Monitoring", + selectors: { + query: "(source:production_service OR env:prod)", + ruleTypes: ["sast_vulnerability", "secret_vulnerability"], + severities: ["critical"], + triggerSource: "security_findings", + }, + targets: ["@john.doe@email.com"], + timeAggregation: 86400, + }, + type: "notification_rules", + }, + }, + }; + +apiInstance + .createVulnerabilityNotificationRule(params) + .then((data: v2.NotificationRuleResponse) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 1fdee4f141b9..245f23784085 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -591,6 +591,13 @@ Feature: Security Monitoring When the request is sent Then the response status is 201 Successfully created the notification rule. + @team:DataDog/cloud-security-posture-management + Scenario: Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the notification rule." response + Given new "CreateVulnerabilityNotificationRule" request + And body with value {"data": {"attributes": {"enabled": true, "name": "{{ unique }}", "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["sast_vulnerability", "secret_vulnerability"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}} + When the request is sent + Then the response status is 201 Successfully created the notification rule. + @team:DataDog/k9-cloud-siem Scenario: Create a scheduled detection rule returns "OK" response Given new "CreateSecurityMonitoringRule" request diff --git a/packages/datadog-api-client-v2/models/ObjectSerializer.ts b/packages/datadog-api-client-v2/models/ObjectSerializer.ts index f07d1b4a2c6c..fb29ffdf0a5a 100644 --- a/packages/datadog-api-client-v2/models/ObjectSerializer.ts +++ b/packages/datadog-api-client-v2/models/ObjectSerializer.ts @@ -5314,6 +5314,8 @@ const enumsMap: { [key: string]: any[] } = { "api_security", "host_vulnerability", "iac_misconfiguration", + "sast_vulnerability", + "secret_vulnerability", ], RulesValidateQueryRequestDataType: ["validate_query"], RulesValidateQueryResponseDataType: ["validate_response"], diff --git a/packages/datadog-api-client-v2/models/RuleTypesItems.ts b/packages/datadog-api-client-v2/models/RuleTypesItems.ts index 0dbd7b6f4aaf..6dbb6652710f 100644 --- a/packages/datadog-api-client-v2/models/RuleTypesItems.ts +++ b/packages/datadog-api-client-v2/models/RuleTypesItems.ts @@ -11,7 +11,8 @@ import { UnparsedObject } from "../../datadog-api-client-common/util"; * Signal-based notification rules can filter signals based on rule types application_security, log_detection, * workload_security, signal_correlation, cloud_configuration and infrastructure_configuration. * Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability, - * application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration. + * application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, + * api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability. */ export type RuleTypesItems = @@ -30,6 +31,8 @@ export type RuleTypesItems = | typeof API_SECURITY | typeof HOST_VULNERABILITY | typeof IAC_MISCONFIGURATION + | typeof SAST_VULNERABILITY + | typeof SECRET_VULNERABILITY | UnparsedObject; export const APPLICATION_SECURITY = "application_security"; export const LOG_DETECTION = "log_detection"; @@ -47,3 +50,5 @@ export const MISCONFIGURATION = "misconfiguration"; export const API_SECURITY = "api_security"; export const HOST_VULNERABILITY = "host_vulnerability"; export const IAC_MISCONFIGURATION = "iac_misconfiguration"; +export const SAST_VULNERABILITY = "sast_vulnerability"; +export const SECRET_VULNERABILITY = "secret_vulnerability";