diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 911cd63bb00..dd961c3331e 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -58510,6 +58510,17 @@ components: required: - data type: object + SecurityMonitoringSignalInvestigationQueryTemplateVariables: + additionalProperties: + items: + description: A value for this template variable extracted from the signal. + type: string + type: array + description: Template variables applied to the investigation log query, mapping attribute paths to values extracted from the signal. + example: + "@userIdentity.arn": + - foo + type: object SecurityMonitoringSignalListRequest: description: The request for a security signal list. properties: @@ -58895,6 +58906,82 @@ components: required: - data type: object + SecurityMonitoringSignalSuggestedAction: + description: A suggested action for a security signal. + properties: + attributes: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionAttributes" + id: + description: The unique ID of the suggested action. + example: w00-t10-992 + type: string + type: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionType" + required: + - id + - type + - attributes + type: object + SecurityMonitoringSignalSuggestedActionAttributes: + description: Attributes of a suggested action for a security signal. The available fields depend on the action type. + properties: + name: + description: The name of the investigation log query. + example: Cloudtrail events for user ARN + type: string + query_filter: + description: The log query filter for the investigation. + example: 'source:cloudtrail @userIdentity.arn:"foo"' + type: string + template_variables: + $ref: "#/components/schemas/SecurityMonitoringSignalInvestigationQueryTemplateVariables" + title: + description: The title of the recommended blog post. + example: Monitor Okta logs to track system access and unusual activity + type: string + url: + description: The URL of the suggested action. + example: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + type: string + type: object + SecurityMonitoringSignalSuggestedActionList: + description: List of suggested actions for a security signal. + example: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + items: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedAction" + type: array + SecurityMonitoringSignalSuggestedActionType: + description: The type of the suggested action resource. + enum: + - investigation_log_queries + - recommended_blog_posts + example: investigation_log_queries + type: string + x-enum-varnames: + - INVESTIGATION_LOG_QUERIES + - RECOMMENDED_BLOG_POSTS + SecurityMonitoringSignalSuggestedActionsResponse: + description: Response with suggested actions for a security signal. + properties: + data: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionList" + required: + - data + type: object SecurityMonitoringSignalTriageAttributes: description: Attributes describing a triage state update operation over a security signal. properties: @@ -104670,6 +104757,56 @@ paths: operator: OR permissions: - security_monitoring_signals_write + /api/v2/security_monitoring/signals/{signal_id}/investigation_queries: + get: + description: Get the list of investigation log queries available for a given security signal. + operationId: GetInvestigationLogQueriesMatchingSignal + parameters: + - $ref: "#/components/parameters/SignalID" + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + schema: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionsResponse" + description: OK + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_read + - security_monitoring_signals_read + summary: Get investigation queries for a signal + tags: ["Security Monitoring"] + x-permission: + operator: AND + permissions: + - security_monitoring_rules_read + - security_monitoring_signals_read /api/v2/security_monitoring/signals/{signal_id}/state: patch: description: |- @@ -104710,6 +104847,56 @@ paths: operator: OR permissions: - security_monitoring_signals_write + /api/v2/security_monitoring/signals/{signal_id}/suggested_actions: + get: + description: Get the list of suggested actions for a given security signal. + operationId: GetSuggestedActionsMatchingSignal + parameters: + - $ref: "#/components/parameters/SignalID" + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + schema: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionsResponse" + description: OK + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_read + - security_monitoring_signals_read + summary: Get suggested actions for a signal + tags: ["Security Monitoring"] + x-permission: + operator: AND + permissions: + - security_monitoring_rules_read + - security_monitoring_signals_read /api/v2/sensitive-data-scanner/config: get: description: List all the Scanning groups in your organization. diff --git a/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.java b/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.java new file mode 100644 index 00000000000..214e719b9f4 --- /dev/null +++ b/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.java @@ -0,0 +1,27 @@ +// Get investigation queries for a signal returns "OK" response + +import com.datadog.api.client.ApiClient; +import com.datadog.api.client.ApiException; +import com.datadog.api.client.v2.api.SecurityMonitoringApi; +import com.datadog.api.client.v2.model.SecurityMonitoringSignalSuggestedActionsResponse; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = ApiClient.getDefaultApiClient(); + SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); + + try { + SecurityMonitoringSignalSuggestedActionsResponse result = + apiInstance.getInvestigationLogQueriesMatchingSignal( + "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE"); + System.out.println(result); + } catch (ApiException e) { + System.err.println( + "Exception when calling SecurityMonitoringApi#getInvestigationLogQueriesMatchingSignal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} diff --git a/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.java b/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.java new file mode 100644 index 00000000000..816570485a2 --- /dev/null +++ b/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.java @@ -0,0 +1,27 @@ +// Get suggested actions for a signal returns "OK" response + +import com.datadog.api.client.ApiClient; +import com.datadog.api.client.ApiException; +import com.datadog.api.client.v2.api.SecurityMonitoringApi; +import com.datadog.api.client.v2.model.SecurityMonitoringSignalSuggestedActionsResponse; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = ApiClient.getDefaultApiClient(); + SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); + + try { + SecurityMonitoringSignalSuggestedActionsResponse result = + apiInstance.getSuggestedActionsMatchingSignal( + "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE"); + System.out.println(result); + } catch (ApiException e) { + System.err.println( + "Exception when calling SecurityMonitoringApi#getSuggestedActionsMatchingSignal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} diff --git a/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java b/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java index a5b9136be1a..f940565e4f8 100644 --- a/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java +++ b/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java @@ -81,6 +81,7 @@ import com.datadog.api.client.v2.model.SecurityMonitoringSignalListRequestPage; import com.datadog.api.client.v2.model.SecurityMonitoringSignalResponse; import com.datadog.api.client.v2.model.SecurityMonitoringSignalStateUpdateRequest; +import com.datadog.api.client.v2.model.SecurityMonitoringSignalSuggestedActionsResponse; import com.datadog.api.client.v2.model.SecurityMonitoringSignalTriageUpdateResponse; import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkAssigneeUpdateRequest; import com.datadog.api.client.v2.model.SecurityMonitoringSignalsBulkStateUpdateRequest; @@ -5472,6 +5473,150 @@ public CompletableFuture> getFindingWithHttpInfo new GenericType() {}); } + /** + * Get investigation queries for a signal. + * + *

See {@link #getInvestigationLogQueriesMatchingSignalWithHttpInfo}. + * + * @param signalId The ID of the signal. (required) + * @return SecurityMonitoringSignalSuggestedActionsResponse + * @throws ApiException if fails to make API call + */ + public SecurityMonitoringSignalSuggestedActionsResponse getInvestigationLogQueriesMatchingSignal( + String signalId) throws ApiException { + return getInvestigationLogQueriesMatchingSignalWithHttpInfo(signalId).getData(); + } + + /** + * Get investigation queries for a signal. + * + *

See {@link #getInvestigationLogQueriesMatchingSignalWithHttpInfoAsync}. + * + * @param signalId The ID of the signal. (required) + * @return CompletableFuture<SecurityMonitoringSignalSuggestedActionsResponse> + */ + public CompletableFuture + getInvestigationLogQueriesMatchingSignalAsync(String signalId) { + return getInvestigationLogQueriesMatchingSignalWithHttpInfoAsync(signalId) + .thenApply( + response -> { + return response.getData(); + }); + } + + /** + * Get the list of investigation log queries available for a given security signal. + * + * @param signalId The ID of the signal. (required) + * @return ApiResponse<SecurityMonitoringSignalSuggestedActionsResponse> + * @throws ApiException if fails to make API call + * @http.response.details + * + * + * + * + * + * + * + *
Response details
Status Code Description Response Headers
200 OK -
403 Not Authorized -
404 Not Found -
429 Too many requests -
+ */ + public ApiResponse + getInvestigationLogQueriesMatchingSignalWithHttpInfo(String signalId) throws ApiException { + Object localVarPostBody = null; + + // verify the required parameter 'signalId' is set + if (signalId == null) { + throw new ApiException( + 400, + "Missing the required parameter 'signalId' when calling" + + " getInvestigationLogQueriesMatchingSignal"); + } + // create path and map variables + String localVarPath = + "/api/v2/security_monitoring/signals/{signal_id}/investigation_queries" + .replaceAll("\\{" + "signal_id" + "\\}", apiClient.escapeString(signalId.toString())); + + Map localVarHeaderParams = new HashMap(); + + Invocation.Builder builder = + apiClient.createBuilder( + "v2.SecurityMonitoringApi.getInvestigationLogQueriesMatchingSignal", + localVarPath, + new ArrayList(), + localVarHeaderParams, + new HashMap(), + new String[] {"application/json"}, + new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"}); + return apiClient.invokeAPI( + "GET", + builder, + localVarHeaderParams, + new String[] {}, + localVarPostBody, + new HashMap(), + false, + new GenericType() {}); + } + + /** + * Get investigation queries for a signal. + * + *

See {@link #getInvestigationLogQueriesMatchingSignalWithHttpInfo}. + * + * @param signalId The ID of the signal. (required) + * @return + * CompletableFuture<ApiResponse<SecurityMonitoringSignalSuggestedActionsResponse>> + */ + public CompletableFuture> + getInvestigationLogQueriesMatchingSignalWithHttpInfoAsync(String signalId) { + Object localVarPostBody = null; + + // verify the required parameter 'signalId' is set + if (signalId == null) { + CompletableFuture> result = + new CompletableFuture<>(); + result.completeExceptionally( + new ApiException( + 400, + "Missing the required parameter 'signalId' when calling" + + " getInvestigationLogQueriesMatchingSignal")); + return result; + } + // create path and map variables + String localVarPath = + "/api/v2/security_monitoring/signals/{signal_id}/investigation_queries" + .replaceAll("\\{" + "signal_id" + "\\}", apiClient.escapeString(signalId.toString())); + + Map localVarHeaderParams = new HashMap(); + + Invocation.Builder builder; + try { + builder = + apiClient.createBuilder( + "v2.SecurityMonitoringApi.getInvestigationLogQueriesMatchingSignal", + localVarPath, + new ArrayList(), + localVarHeaderParams, + new HashMap(), + new String[] {"application/json"}, + new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"}); + } catch (ApiException ex) { + CompletableFuture> result = + new CompletableFuture<>(); + result.completeExceptionally(ex); + return result; + } + return apiClient.invokeAPIAsync( + "GET", + builder, + localVarHeaderParams, + new String[] {}, + localVarPostBody, + new HashMap(), + false, + new GenericType() {}); + } + /** Manage optional parameters to getResourceEvaluationFilters. */ public static class GetResourceEvaluationFiltersOptionalParameters { private String cloudProvider; @@ -7725,6 +7870,150 @@ public CompletableFuture> getSignalNotificationRulesWithHttp new GenericType() {}); } + /** + * Get suggested actions for a signal. + * + *

See {@link #getSuggestedActionsMatchingSignalWithHttpInfo}. + * + * @param signalId The ID of the signal. (required) + * @return SecurityMonitoringSignalSuggestedActionsResponse + * @throws ApiException if fails to make API call + */ + public SecurityMonitoringSignalSuggestedActionsResponse getSuggestedActionsMatchingSignal( + String signalId) throws ApiException { + return getSuggestedActionsMatchingSignalWithHttpInfo(signalId).getData(); + } + + /** + * Get suggested actions for a signal. + * + *

See {@link #getSuggestedActionsMatchingSignalWithHttpInfoAsync}. + * + * @param signalId The ID of the signal. (required) + * @return CompletableFuture<SecurityMonitoringSignalSuggestedActionsResponse> + */ + public CompletableFuture + getSuggestedActionsMatchingSignalAsync(String signalId) { + return getSuggestedActionsMatchingSignalWithHttpInfoAsync(signalId) + .thenApply( + response -> { + return response.getData(); + }); + } + + /** + * Get the list of suggested actions for a given security signal. + * + * @param signalId The ID of the signal. (required) + * @return ApiResponse<SecurityMonitoringSignalSuggestedActionsResponse> + * @throws ApiException if fails to make API call + * @http.response.details + * + * + * + * + * + * + * + *
Response details
Status Code Description Response Headers
200 OK -
403 Not Authorized -
404 Not Found -
429 Too many requests -
+ */ + public ApiResponse + getSuggestedActionsMatchingSignalWithHttpInfo(String signalId) throws ApiException { + Object localVarPostBody = null; + + // verify the required parameter 'signalId' is set + if (signalId == null) { + throw new ApiException( + 400, + "Missing the required parameter 'signalId' when calling" + + " getSuggestedActionsMatchingSignal"); + } + // create path and map variables + String localVarPath = + "/api/v2/security_monitoring/signals/{signal_id}/suggested_actions" + .replaceAll("\\{" + "signal_id" + "\\}", apiClient.escapeString(signalId.toString())); + + Map localVarHeaderParams = new HashMap(); + + Invocation.Builder builder = + apiClient.createBuilder( + "v2.SecurityMonitoringApi.getSuggestedActionsMatchingSignal", + localVarPath, + new ArrayList(), + localVarHeaderParams, + new HashMap(), + new String[] {"application/json"}, + new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"}); + return apiClient.invokeAPI( + "GET", + builder, + localVarHeaderParams, + new String[] {}, + localVarPostBody, + new HashMap(), + false, + new GenericType() {}); + } + + /** + * Get suggested actions for a signal. + * + *

See {@link #getSuggestedActionsMatchingSignalWithHttpInfo}. + * + * @param signalId The ID of the signal. (required) + * @return + * CompletableFuture<ApiResponse<SecurityMonitoringSignalSuggestedActionsResponse>> + */ + public CompletableFuture> + getSuggestedActionsMatchingSignalWithHttpInfoAsync(String signalId) { + Object localVarPostBody = null; + + // verify the required parameter 'signalId' is set + if (signalId == null) { + CompletableFuture> result = + new CompletableFuture<>(); + result.completeExceptionally( + new ApiException( + 400, + "Missing the required parameter 'signalId' when calling" + + " getSuggestedActionsMatchingSignal")); + return result; + } + // create path and map variables + String localVarPath = + "/api/v2/security_monitoring/signals/{signal_id}/suggested_actions" + .replaceAll("\\{" + "signal_id" + "\\}", apiClient.escapeString(signalId.toString())); + + Map localVarHeaderParams = new HashMap(); + + Invocation.Builder builder; + try { + builder = + apiClient.createBuilder( + "v2.SecurityMonitoringApi.getSuggestedActionsMatchingSignal", + localVarPath, + new ArrayList(), + localVarHeaderParams, + new HashMap(), + new String[] {"application/json"}, + new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"}); + } catch (ApiException ex) { + CompletableFuture> result = + new CompletableFuture<>(); + result.completeExceptionally(ex); + return result; + } + return apiClient.invokeAPIAsync( + "GET", + builder, + localVarHeaderParams, + new String[] {}, + localVarPostBody, + new HashMap(), + false, + new GenericType() {}); + } + /** * Get suppressions affecting future rule. * diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedAction.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedAction.java new file mode 100644 index 00000000000..36603eb4ec1 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedAction.java @@ -0,0 +1,216 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** A suggested action for a security signal. */ +@JsonPropertyOrder({ + SecurityMonitoringSignalSuggestedAction.JSON_PROPERTY_ATTRIBUTES, + SecurityMonitoringSignalSuggestedAction.JSON_PROPERTY_ID, + SecurityMonitoringSignalSuggestedAction.JSON_PROPERTY_TYPE +}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityMonitoringSignalSuggestedAction { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_ATTRIBUTES = "attributes"; + private SecurityMonitoringSignalSuggestedActionAttributes attributes; + + public static final String JSON_PROPERTY_ID = "id"; + private String id; + + public static final String JSON_PROPERTY_TYPE = "type"; + private SecurityMonitoringSignalSuggestedActionType type; + + public SecurityMonitoringSignalSuggestedAction() {} + + @JsonCreator + public SecurityMonitoringSignalSuggestedAction( + @JsonProperty(required = true, value = JSON_PROPERTY_ATTRIBUTES) + SecurityMonitoringSignalSuggestedActionAttributes attributes, + @JsonProperty(required = true, value = JSON_PROPERTY_ID) String id, + @JsonProperty(required = true, value = JSON_PROPERTY_TYPE) + SecurityMonitoringSignalSuggestedActionType type) { + this.attributes = attributes; + this.unparsed |= attributes.unparsed; + this.id = id; + this.type = type; + this.unparsed |= !type.isValid(); + } + + public SecurityMonitoringSignalSuggestedAction attributes( + SecurityMonitoringSignalSuggestedActionAttributes attributes) { + this.attributes = attributes; + this.unparsed |= attributes.unparsed; + return this; + } + + /** + * Attributes of a suggested action for a security signal. The available fields depend on the + * action type. + * + * @return attributes + */ + @JsonProperty(JSON_PROPERTY_ATTRIBUTES) + @JsonInclude(value = JsonInclude.Include.ALWAYS) + public SecurityMonitoringSignalSuggestedActionAttributes getAttributes() { + return attributes; + } + + public void setAttributes(SecurityMonitoringSignalSuggestedActionAttributes attributes) { + this.attributes = attributes; + } + + public SecurityMonitoringSignalSuggestedAction id(String id) { + this.id = id; + return this; + } + + /** + * The unique ID of the suggested action. + * + * @return id + */ + @JsonProperty(JSON_PROPERTY_ID) + @JsonInclude(value = JsonInclude.Include.ALWAYS) + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + public SecurityMonitoringSignalSuggestedAction type( + SecurityMonitoringSignalSuggestedActionType type) { + this.type = type; + this.unparsed |= !type.isValid(); + return this; + } + + /** + * The type of the suggested action resource. + * + * @return type + */ + @JsonProperty(JSON_PROPERTY_TYPE) + @JsonInclude(value = JsonInclude.Include.ALWAYS) + public SecurityMonitoringSignalSuggestedActionType getType() { + return type; + } + + public void setType(SecurityMonitoringSignalSuggestedActionType type) { + if (!type.isValid()) { + this.unparsed = true; + } + this.type = type; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityMonitoringSignalSuggestedAction + */ + @JsonAnySetter + public SecurityMonitoringSignalSuggestedAction putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityMonitoringSignalSuggestedAction object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityMonitoringSignalSuggestedAction securityMonitoringSignalSuggestedAction = + (SecurityMonitoringSignalSuggestedAction) o; + return Objects.equals(this.attributes, securityMonitoringSignalSuggestedAction.attributes) + && Objects.equals(this.id, securityMonitoringSignalSuggestedAction.id) + && Objects.equals(this.type, securityMonitoringSignalSuggestedAction.type) + && Objects.equals( + this.additionalProperties, + securityMonitoringSignalSuggestedAction.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(attributes, id, type, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityMonitoringSignalSuggestedAction {\n"); + sb.append(" attributes: ").append(toIndentedString(attributes)).append("\n"); + sb.append(" id: ").append(toIndentedString(id)).append("\n"); + sb.append(" type: ").append(toIndentedString(type)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedActionAttributes.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedActionAttributes.java new file mode 100644 index 00000000000..9a06a3d97b3 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedActionAttributes.java @@ -0,0 +1,268 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; + +/** + * Attributes of a suggested action for a security signal. The available fields depend on the action + * type. + */ +@JsonPropertyOrder({ + SecurityMonitoringSignalSuggestedActionAttributes.JSON_PROPERTY_NAME, + SecurityMonitoringSignalSuggestedActionAttributes.JSON_PROPERTY_QUERY_FILTER, + SecurityMonitoringSignalSuggestedActionAttributes.JSON_PROPERTY_TEMPLATE_VARIABLES, + SecurityMonitoringSignalSuggestedActionAttributes.JSON_PROPERTY_TITLE, + SecurityMonitoringSignalSuggestedActionAttributes.JSON_PROPERTY_URL +}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityMonitoringSignalSuggestedActionAttributes { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_NAME = "name"; + private String name; + + public static final String JSON_PROPERTY_QUERY_FILTER = "query_filter"; + private String queryFilter; + + public static final String JSON_PROPERTY_TEMPLATE_VARIABLES = "template_variables"; + private Map> templateVariables = null; + + public static final String JSON_PROPERTY_TITLE = "title"; + private String title; + + public static final String JSON_PROPERTY_URL = "url"; + private String url; + + public SecurityMonitoringSignalSuggestedActionAttributes name(String name) { + this.name = name; + return this; + } + + /** + * The name of the investigation log query. + * + * @return name + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_NAME) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public SecurityMonitoringSignalSuggestedActionAttributes queryFilter(String queryFilter) { + this.queryFilter = queryFilter; + return this; + } + + /** + * The log query filter for the investigation. + * + * @return queryFilter + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_QUERY_FILTER) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getQueryFilter() { + return queryFilter; + } + + public void setQueryFilter(String queryFilter) { + this.queryFilter = queryFilter; + } + + public SecurityMonitoringSignalSuggestedActionAttributes templateVariables( + Map> templateVariables) { + this.templateVariables = templateVariables; + return this; + } + + public SecurityMonitoringSignalSuggestedActionAttributes putTemplateVariablesItem( + String key, List templateVariablesItem) { + if (this.templateVariables == null) { + this.templateVariables = new HashMap<>(); + } + this.templateVariables.put(key, templateVariablesItem); + return this; + } + + /** + * Template variables applied to the investigation log query, mapping attribute paths to values + * extracted from the signal. + * + * @return templateVariables + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_TEMPLATE_VARIABLES) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public Map> getTemplateVariables() { + return templateVariables; + } + + public void setTemplateVariables(Map> templateVariables) { + this.templateVariables = templateVariables; + } + + public SecurityMonitoringSignalSuggestedActionAttributes title(String title) { + this.title = title; + return this; + } + + /** + * The title of the recommended blog post. + * + * @return title + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_TITLE) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getTitle() { + return title; + } + + public void setTitle(String title) { + this.title = title; + } + + public SecurityMonitoringSignalSuggestedActionAttributes url(String url) { + this.url = url; + return this; + } + + /** + * The URL of the suggested action. + * + * @return url + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_URL) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getUrl() { + return url; + } + + public void setUrl(String url) { + this.url = url; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityMonitoringSignalSuggestedActionAttributes + */ + @JsonAnySetter + public SecurityMonitoringSignalSuggestedActionAttributes putAdditionalProperty( + String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityMonitoringSignalSuggestedActionAttributes object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityMonitoringSignalSuggestedActionAttributes + securityMonitoringSignalSuggestedActionAttributes = + (SecurityMonitoringSignalSuggestedActionAttributes) o; + return Objects.equals(this.name, securityMonitoringSignalSuggestedActionAttributes.name) + && Objects.equals( + this.queryFilter, securityMonitoringSignalSuggestedActionAttributes.queryFilter) + && Objects.equals( + this.templateVariables, + securityMonitoringSignalSuggestedActionAttributes.templateVariables) + && Objects.equals(this.title, securityMonitoringSignalSuggestedActionAttributes.title) + && Objects.equals(this.url, securityMonitoringSignalSuggestedActionAttributes.url) + && Objects.equals( + this.additionalProperties, + securityMonitoringSignalSuggestedActionAttributes.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(name, queryFilter, templateVariables, title, url, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityMonitoringSignalSuggestedActionAttributes {\n"); + sb.append(" name: ").append(toIndentedString(name)).append("\n"); + sb.append(" queryFilter: ").append(toIndentedString(queryFilter)).append("\n"); + sb.append(" templateVariables: ").append(toIndentedString(templateVariables)).append("\n"); + sb.append(" title: ").append(toIndentedString(title)).append("\n"); + sb.append(" url: ").append(toIndentedString(url)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedActionType.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedActionType.java new file mode 100644 index 00000000000..ab2b7bd6fc0 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedActionType.java @@ -0,0 +1,65 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.datadog.api.client.ModelEnum; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import java.io.IOException; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +/** The type of the suggested action resource. */ +@JsonSerialize( + using = + SecurityMonitoringSignalSuggestedActionType + .SecurityMonitoringSignalSuggestedActionTypeSerializer.class) +public class SecurityMonitoringSignalSuggestedActionType extends ModelEnum { + + private static final Set allowedValues = + new HashSet(Arrays.asList("investigation_log_queries", "recommended_blog_posts")); + + public static final SecurityMonitoringSignalSuggestedActionType INVESTIGATION_LOG_QUERIES = + new SecurityMonitoringSignalSuggestedActionType("investigation_log_queries"); + public static final SecurityMonitoringSignalSuggestedActionType RECOMMENDED_BLOG_POSTS = + new SecurityMonitoringSignalSuggestedActionType("recommended_blog_posts"); + + SecurityMonitoringSignalSuggestedActionType(String value) { + super(value, allowedValues); + } + + public static class SecurityMonitoringSignalSuggestedActionTypeSerializer + extends StdSerializer { + public SecurityMonitoringSignalSuggestedActionTypeSerializer( + Class t) { + super(t); + } + + public SecurityMonitoringSignalSuggestedActionTypeSerializer() { + this(null); + } + + @Override + public void serialize( + SecurityMonitoringSignalSuggestedActionType value, + JsonGenerator jgen, + SerializerProvider provider) + throws IOException, JsonProcessingException { + jgen.writeObject(value.value); + } + } + + @JsonCreator + public static SecurityMonitoringSignalSuggestedActionType fromValue(String value) { + return new SecurityMonitoringSignalSuggestedActionType(value); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedActionsResponse.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedActionsResponse.java new file mode 100644 index 00000000000..3ff3f1c8b64 --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSignalSuggestedActionsResponse.java @@ -0,0 +1,162 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; + +/** Response with suggested actions for a security signal. */ +@JsonPropertyOrder({SecurityMonitoringSignalSuggestedActionsResponse.JSON_PROPERTY_DATA}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityMonitoringSignalSuggestedActionsResponse { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_DATA = "data"; + private List data = new ArrayList<>(); + + public SecurityMonitoringSignalSuggestedActionsResponse() {} + + @JsonCreator + public SecurityMonitoringSignalSuggestedActionsResponse( + @JsonProperty(required = true, value = JSON_PROPERTY_DATA) + List data) { + this.data = data; + } + + public SecurityMonitoringSignalSuggestedActionsResponse data( + List data) { + this.data = data; + for (SecurityMonitoringSignalSuggestedAction item : data) { + this.unparsed |= item.unparsed; + } + return this; + } + + public SecurityMonitoringSignalSuggestedActionsResponse addDataItem( + SecurityMonitoringSignalSuggestedAction dataItem) { + this.data.add(dataItem); + this.unparsed |= dataItem.unparsed; + return this; + } + + /** + * List of suggested actions for a security signal. + * + * @return data + */ + @JsonProperty(JSON_PROPERTY_DATA) + @JsonInclude(value = JsonInclude.Include.ALWAYS) + public List getData() { + return data; + } + + public void setData(List data) { + this.data = data; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityMonitoringSignalSuggestedActionsResponse + */ + @JsonAnySetter + public SecurityMonitoringSignalSuggestedActionsResponse putAdditionalProperty( + String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityMonitoringSignalSuggestedActionsResponse object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityMonitoringSignalSuggestedActionsResponse + securityMonitoringSignalSuggestedActionsResponse = + (SecurityMonitoringSignalSuggestedActionsResponse) o; + return Objects.equals(this.data, securityMonitoringSignalSuggestedActionsResponse.data) + && Objects.equals( + this.additionalProperties, + securityMonitoringSignalSuggestedActionsResponse.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(data, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityMonitoringSignalSuggestedActionsResponse {\n"); + sb.append(" data: ").append(toIndentedString(data)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature b/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature index 791d52de646..2d6684fe2d1 100644 --- a/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature +++ b/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature @@ -1371,6 +1371,25 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 Notification rule details. + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get investigation queries for a signal returns "Not Found" response + Given new "GetInvestigationLogQueriesMatchingSignal" request + And request contains "signal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get investigation queries for a signal returns "OK" response + Given new "GetInvestigationLogQueriesMatchingSignal" request + And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" + When the request is sent + Then the response status is 200 OK + And the response "data[0].type" is equal to "investigation_log_queries" + And the response "data[0]" has field "id" + And the response "data[0].attributes" has field "name" + And the response "data[0].attributes" has field "query_filter" + And the response "data[0].attributes" has field "url" + @skip-go @skip-java @skip-ruby @team:DataDog/k9-cloud-security-platform Scenario: Get rule version history returns "OK" response Given operation "GetRuleVersionHistory" enabled @@ -1384,6 +1403,29 @@ Feature: Security Monitoring And the response "data.attributes.count" is equal to 1 And the response "data.attributes.data[1].rule.name" has the same value as "security_rule.name" + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get suggested actions for a signal returns "Not Found" response + Given new "GetSuggestedActionsMatchingSignal" request + And request contains "signal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get suggested actions for a signal returns "OK" response + Given new "GetSuggestedActionsMatchingSignal" request + And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" + When the request is sent + Then the response status is 200 OK + And the response "data[0].type" is equal to "investigation_log_queries" + And the response "data[0]" has field "id" + And the response "data[0].attributes" has field "name" + And the response "data[0].attributes" has field "query_filter" + And the response "data[0].attributes" has field "url" + And the response "data[1].type" is equal to "recommended_blog_posts" + And the response "data[1]" has field "id" + And the response "data[1].attributes" has field "title" + And the response "data[1].attributes" has field "url" + @team:DataDog/k9-cloud-security-platform Scenario: Get suppressions affecting a specific rule returns "Not Found" response Given new "GetSuppressionsAffectingRule" request diff --git a/src/test/resources/com/datadog/api/client/v2/api/undo.json b/src/test/resources/com/datadog/api/client/v2/api/undo.json index 6b408bc8b5b..a197b7b670c 100644 --- a/src/test/resources/com/datadog/api/client/v2/api/undo.json +++ b/src/test/resources/com/datadog/api/client/v2/api/undo.json @@ -5302,12 +5302,24 @@ "type": "idempotent" } }, + "GetInvestigationLogQueriesMatchingSignal": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "EditSecurityMonitoringSignalState": { "tag": "Security Monitoring", "undo": { "type": "idempotent" } }, + "GetSuggestedActionsMatchingSignal": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListScanningGroups": { "tag": "Sensitive Data Scanner", "undo": {