From 059f13e8975d62cbe2121ce7d748446a3e40241e Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Thu, 2 Apr 2026 14:54:35 +0000 Subject: [PATCH] Regenerate client from commit 04d32e8 of spec repo --- .generator/schemas/v2/openapi.yaml | 187 ++++++++++++++++++ docs/datadog_api_client.v2.model.rst | 35 ++++ ...etInvestigationLogQueriesMatchingSignal.py | 15 ++ .../GetSuggestedActionsMatchingSignal.py | 15 ++ .../v2/api/security_monitoring_api.py | 83 ++++++++ ..._investigation_query_template_variables.py | 22 +++ ...rity_monitoring_signal_suggested_action.py | 68 +++++++ ...ring_signal_suggested_action_attributes.py | 82 ++++++++ ...monitoring_signal_suggested_action_type.py | 42 ++++ ...oring_signal_suggested_actions_response.py | 44 +++++ src/datadog_api_client/v2/models/__init__.py | 20 ++ tests/v2/features/security_monitoring.feature | 42 ++++ tests/v2/features/undo.json | 12 ++ 13 files changed, 667 insertions(+) create mode 100644 examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.py create mode 100644 examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_signal_investigation_query_template_variables.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action_attributes.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action_type.py create mode 100644 src/datadog_api_client/v2/model/security_monitoring_signal_suggested_actions_response.py diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 911cd63bb0..dd961c3331 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -58510,6 +58510,17 @@ components: required: - data type: object + SecurityMonitoringSignalInvestigationQueryTemplateVariables: + additionalProperties: + items: + description: A value for this template variable extracted from the signal. + type: string + type: array + description: Template variables applied to the investigation log query, mapping attribute paths to values extracted from the signal. + example: + "@userIdentity.arn": + - foo + type: object SecurityMonitoringSignalListRequest: description: The request for a security signal list. properties: @@ -58895,6 +58906,82 @@ components: required: - data type: object + SecurityMonitoringSignalSuggestedAction: + description: A suggested action for a security signal. + properties: + attributes: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionAttributes" + id: + description: The unique ID of the suggested action. + example: w00-t10-992 + type: string + type: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionType" + required: + - id + - type + - attributes + type: object + SecurityMonitoringSignalSuggestedActionAttributes: + description: Attributes of a suggested action for a security signal. The available fields depend on the action type. + properties: + name: + description: The name of the investigation log query. + example: Cloudtrail events for user ARN + type: string + query_filter: + description: The log query filter for the investigation. + example: 'source:cloudtrail @userIdentity.arn:"foo"' + type: string + template_variables: + $ref: "#/components/schemas/SecurityMonitoringSignalInvestigationQueryTemplateVariables" + title: + description: The title of the recommended blog post. + example: Monitor Okta logs to track system access and unusual activity + type: string + url: + description: The URL of the suggested action. + example: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + type: string + type: object + SecurityMonitoringSignalSuggestedActionList: + description: List of suggested actions for a security signal. + example: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + items: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedAction" + type: array + SecurityMonitoringSignalSuggestedActionType: + description: The type of the suggested action resource. + enum: + - investigation_log_queries + - recommended_blog_posts + example: investigation_log_queries + type: string + x-enum-varnames: + - INVESTIGATION_LOG_QUERIES + - RECOMMENDED_BLOG_POSTS + SecurityMonitoringSignalSuggestedActionsResponse: + description: Response with suggested actions for a security signal. + properties: + data: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionList" + required: + - data + type: object SecurityMonitoringSignalTriageAttributes: description: Attributes describing a triage state update operation over a security signal. properties: @@ -104670,6 +104757,56 @@ paths: operator: OR permissions: - security_monitoring_signals_write + /api/v2/security_monitoring/signals/{signal_id}/investigation_queries: + get: + description: Get the list of investigation log queries available for a given security signal. + operationId: GetInvestigationLogQueriesMatchingSignal + parameters: + - $ref: "#/components/parameters/SignalID" + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + schema: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionsResponse" + description: OK + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_read + - security_monitoring_signals_read + summary: Get investigation queries for a signal + tags: ["Security Monitoring"] + x-permission: + operator: AND + permissions: + - security_monitoring_rules_read + - security_monitoring_signals_read /api/v2/security_monitoring/signals/{signal_id}/state: patch: description: |- @@ -104710,6 +104847,56 @@ paths: operator: OR permissions: - security_monitoring_signals_write + /api/v2/security_monitoring/signals/{signal_id}/suggested_actions: + get: + description: Get the list of suggested actions for a given security signal. + operationId: GetSuggestedActionsMatchingSignal + parameters: + - $ref: "#/components/parameters/SignalID" + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + schema: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionsResponse" + description: OK + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_read + - security_monitoring_signals_read + summary: Get suggested actions for a signal + tags: ["Security Monitoring"] + x-permission: + operator: AND + permissions: + - security_monitoring_rules_read + - security_monitoring_signals_read /api/v2/sensitive-data-scanner/config: get: description: List all the Scanning groups in your organization. diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index 3325139a68..65385aa60b 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -26520,6 +26520,13 @@ datadog\_api\_client.v2.model.security\_monitoring\_signal\_incidents\_update\_r :members: :show-inheritance: +datadog\_api\_client.v2.model.security\_monitoring\_signal\_investigation\_query\_template\_variables module +------------------------------------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_signal_investigation_query_template_variables + :members: + :show-inheritance: + datadog\_api\_client.v2.model.security\_monitoring\_signal\_list\_request module -------------------------------------------------------------------------------- @@ -26625,6 +26632,34 @@ datadog\_api\_client.v2.model.security\_monitoring\_signal\_state\_update\_reque :members: :show-inheritance: +datadog\_api\_client.v2.model.security\_monitoring\_signal\_suggested\_action module +------------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_signal_suggested_action + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_signal\_suggested\_action\_attributes module +------------------------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_signal_suggested_action_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_signal\_suggested\_action\_type module +------------------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_signal_suggested_action_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_signal\_suggested\_actions\_response module +----------------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_signal_suggested_actions_response + :members: + :show-inheritance: + datadog\_api\_client.v2.model.security\_monitoring\_signal\_triage\_attributes module ------------------------------------------------------------------------------------- diff --git a/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.py b/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.py new file mode 100644 index 0000000000..983ae9619c --- /dev/null +++ b/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.py @@ -0,0 +1,15 @@ +""" +Get investigation queries for a signal returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.get_investigation_log_queries_matching_signal( + signal_id="AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", + ) + + print(response) diff --git a/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.py b/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.py new file mode 100644 index 0000000000..23776546d0 --- /dev/null +++ b/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.py @@ -0,0 +1,15 @@ +""" +Get suggested actions for a signal returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.get_suggested_actions_matching_signal( + signal_id="AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE", + ) + + print(response) diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index 72e6a42416..3456effdab 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -145,6 +145,9 @@ from datadog_api_client.v2.model.security_monitoring_signal_incidents_update_request import ( SecurityMonitoringSignalIncidentsUpdateRequest, ) +from datadog_api_client.v2.model.security_monitoring_signal_suggested_actions_response import ( + SecurityMonitoringSignalSuggestedActionsResponse, +) from datadog_api_client.v2.model.security_monitoring_signal_state_update_request import ( SecurityMonitoringSignalStateUpdateRequest, ) @@ -973,6 +976,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._get_investigation_log_queries_matching_signal_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringSignalSuggestedActionsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/signals/{signal_id}/investigation_queries", + "operation_id": "get_investigation_log_queries_matching_signal", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "signal_id": { + "required": True, + "openapi_types": (str,), + "attribute": "signal_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._get_resource_evaluation_filters_endpoint = _Endpoint( settings={ "response_type": (GetResourceEvaluationFiltersResponse,), @@ -1326,6 +1352,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._get_suggested_actions_matching_signal_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringSignalSuggestedActionsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/signals/{signal_id}/suggested_actions", + "operation_id": "get_suggested_actions_matching_signal", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "signal_id": { + "required": True, + "openapi_types": (str,), + "attribute": "signal_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._get_suppressions_affecting_future_rule_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringSuppressionsResponse,), @@ -3398,6 +3447,23 @@ def get_finding( return self._get_finding_endpoint.call_with_http_info(**kwargs) + def get_investigation_log_queries_matching_signal( + self, + signal_id: str, + ) -> SecurityMonitoringSignalSuggestedActionsResponse: + """Get investigation queries for a signal. + + Get the list of investigation log queries available for a given security signal. + + :param signal_id: The ID of the signal. + :type signal_id: str + :rtype: SecurityMonitoringSignalSuggestedActionsResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["signal_id"] = signal_id + + return self._get_investigation_log_queries_matching_signal_endpoint.call_with_http_info(**kwargs) + def get_resource_evaluation_filters( self, *, @@ -3694,6 +3760,23 @@ def get_signal_notification_rules( kwargs: Dict[str, Any] = {} return self._get_signal_notification_rules_endpoint.call_with_http_info(**kwargs) + def get_suggested_actions_matching_signal( + self, + signal_id: str, + ) -> SecurityMonitoringSignalSuggestedActionsResponse: + """Get suggested actions for a signal. + + Get the list of suggested actions for a given security signal. + + :param signal_id: The ID of the signal. + :type signal_id: str + :rtype: SecurityMonitoringSignalSuggestedActionsResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["signal_id"] = signal_id + + return self._get_suggested_actions_matching_signal_endpoint.call_with_http_info(**kwargs) + def get_suppressions_affecting_future_rule( self, body: Union[ diff --git a/src/datadog_api_client/v2/model/security_monitoring_signal_investigation_query_template_variables.py b/src/datadog_api_client/v2/model/security_monitoring_signal_investigation_query_template_variables.py new file mode 100644 index 0000000000..e2930fab56 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_signal_investigation_query_template_variables.py @@ -0,0 +1,22 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +class SecurityMonitoringSignalInvestigationQueryTemplateVariables(ModelNormal): + @cached_property + def additional_properties_type(_): + return ([str],) + + def __init__(self_, **kwargs): + """ + Template variables applied to the investigation log query, mapping attribute paths to values extracted from the signal. + """ + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action.py b/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action.py new file mode 100644 index 0000000000..3a481cf004 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action.py @@ -0,0 +1,68 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_signal_suggested_action_attributes import ( + SecurityMonitoringSignalSuggestedActionAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_signal_suggested_action_type import ( + SecurityMonitoringSignalSuggestedActionType, + ) + + +class SecurityMonitoringSignalSuggestedAction(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_signal_suggested_action_attributes import ( + SecurityMonitoringSignalSuggestedActionAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_signal_suggested_action_type import ( + SecurityMonitoringSignalSuggestedActionType, + ) + + return { + "attributes": (SecurityMonitoringSignalSuggestedActionAttributes,), + "id": (str,), + "type": (SecurityMonitoringSignalSuggestedActionType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__( + self_, + attributes: SecurityMonitoringSignalSuggestedActionAttributes, + id: str, + type: SecurityMonitoringSignalSuggestedActionType, + **kwargs, + ): + """ + A suggested action for a security signal. + + :param attributes: Attributes of a suggested action for a security signal. The available fields depend on the action type. + :type attributes: SecurityMonitoringSignalSuggestedActionAttributes + + :param id: The unique ID of the suggested action. + :type id: str + + :param type: The type of the suggested action resource. + :type type: SecurityMonitoringSignalSuggestedActionType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.id = id + self_.type = type diff --git a/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action_attributes.py b/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action_attributes.py new file mode 100644 index 0000000000..a79d752f10 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action_attributes.py @@ -0,0 +1,82 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_signal_investigation_query_template_variables import ( + SecurityMonitoringSignalInvestigationQueryTemplateVariables, + ) + + +class SecurityMonitoringSignalSuggestedActionAttributes(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_signal_investigation_query_template_variables import ( + SecurityMonitoringSignalInvestigationQueryTemplateVariables, + ) + + return { + "name": (str,), + "query_filter": (str,), + "template_variables": (SecurityMonitoringSignalInvestigationQueryTemplateVariables,), + "title": (str,), + "url": (str,), + } + + attribute_map = { + "name": "name", + "query_filter": "query_filter", + "template_variables": "template_variables", + "title": "title", + "url": "url", + } + + def __init__( + self_, + name: Union[str, UnsetType] = unset, + query_filter: Union[str, UnsetType] = unset, + template_variables: Union[SecurityMonitoringSignalInvestigationQueryTemplateVariables, UnsetType] = unset, + title: Union[str, UnsetType] = unset, + url: Union[str, UnsetType] = unset, + **kwargs, + ): + """ + Attributes of a suggested action for a security signal. The available fields depend on the action type. + + :param name: The name of the investigation log query. + :type name: str, optional + + :param query_filter: The log query filter for the investigation. + :type query_filter: str, optional + + :param template_variables: Template variables applied to the investigation log query, mapping attribute paths to values extracted from the signal. + :type template_variables: SecurityMonitoringSignalInvestigationQueryTemplateVariables, optional + + :param title: The title of the recommended blog post. + :type title: str, optional + + :param url: The URL of the suggested action. + :type url: str, optional + """ + if name is not unset: + kwargs["name"] = name + if query_filter is not unset: + kwargs["query_filter"] = query_filter + if template_variables is not unset: + kwargs["template_variables"] = template_variables + if title is not unset: + kwargs["title"] = title + if url is not unset: + kwargs["url"] = url + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action_type.py b/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action_type.py new file mode 100644 index 0000000000..4f78529b15 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_action_type.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringSignalSuggestedActionType(ModelSimple): + """ + The type of the suggested action resource. + + :param value: Must be one of ["investigation_log_queries", "recommended_blog_posts"]. + :type value: str + """ + + allowed_values = { + "investigation_log_queries", + "recommended_blog_posts", + } + INVESTIGATION_LOG_QUERIES: ClassVar["SecurityMonitoringSignalSuggestedActionType"] + RECOMMENDED_BLOG_POSTS: ClassVar["SecurityMonitoringSignalSuggestedActionType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringSignalSuggestedActionType.INVESTIGATION_LOG_QUERIES = SecurityMonitoringSignalSuggestedActionType( + "investigation_log_queries" +) +SecurityMonitoringSignalSuggestedActionType.RECOMMENDED_BLOG_POSTS = SecurityMonitoringSignalSuggestedActionType( + "recommended_blog_posts" +) diff --git a/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_actions_response.py b/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_actions_response.py new file mode 100644 index 0000000000..b2ed17a117 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_signal_suggested_actions_response.py @@ -0,0 +1,44 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_signal_suggested_action import ( + SecurityMonitoringSignalSuggestedAction, + ) + + +class SecurityMonitoringSignalSuggestedActionsResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_signal_suggested_action import ( + SecurityMonitoringSignalSuggestedAction, + ) + + return { + "data": ([SecurityMonitoringSignalSuggestedAction],), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: List[SecurityMonitoringSignalSuggestedAction], **kwargs): + """ + Response with suggested actions for a security signal. + + :param data: List of suggested actions for a security signal. + :type data: [SecurityMonitoringSignalSuggestedAction] + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 50b1f6b750..78515ebdf2 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -5412,6 +5412,9 @@ from datadog_api_client.v2.model.security_monitoring_signal_incidents_update_request import ( SecurityMonitoringSignalIncidentsUpdateRequest, ) +from datadog_api_client.v2.model.security_monitoring_signal_investigation_query_template_variables import ( + SecurityMonitoringSignalInvestigationQueryTemplateVariables, +) from datadog_api_client.v2.model.security_monitoring_signal_list_request import SecurityMonitoringSignalListRequest from datadog_api_client.v2.model.security_monitoring_signal_list_request_filter import ( SecurityMonitoringSignalListRequestFilter, @@ -5441,6 +5444,18 @@ from datadog_api_client.v2.model.security_monitoring_signal_state_update_request import ( SecurityMonitoringSignalStateUpdateRequest, ) +from datadog_api_client.v2.model.security_monitoring_signal_suggested_action import ( + SecurityMonitoringSignalSuggestedAction, +) +from datadog_api_client.v2.model.security_monitoring_signal_suggested_action_attributes import ( + SecurityMonitoringSignalSuggestedActionAttributes, +) +from datadog_api_client.v2.model.security_monitoring_signal_suggested_action_type import ( + SecurityMonitoringSignalSuggestedActionType, +) +from datadog_api_client.v2.model.security_monitoring_signal_suggested_actions_response import ( + SecurityMonitoringSignalSuggestedActionsResponse, +) from datadog_api_client.v2.model.security_monitoring_signal_triage_attributes import ( SecurityMonitoringSignalTriageAttributes, ) @@ -10574,6 +10589,7 @@ "SecurityMonitoringSignalIncidentsUpdateAttributes", "SecurityMonitoringSignalIncidentsUpdateData", "SecurityMonitoringSignalIncidentsUpdateRequest", + "SecurityMonitoringSignalInvestigationQueryTemplateVariables", "SecurityMonitoringSignalListRequest", "SecurityMonitoringSignalListRequestFilter", "SecurityMonitoringSignalListRequestPage", @@ -10589,6 +10605,10 @@ "SecurityMonitoringSignalStateUpdateAttributes", "SecurityMonitoringSignalStateUpdateData", "SecurityMonitoringSignalStateUpdateRequest", + "SecurityMonitoringSignalSuggestedAction", + "SecurityMonitoringSignalSuggestedActionAttributes", + "SecurityMonitoringSignalSuggestedActionType", + "SecurityMonitoringSignalSuggestedActionsResponse", "SecurityMonitoringSignalTriageAttributes", "SecurityMonitoringSignalTriageUpdateData", "SecurityMonitoringSignalTriageUpdateResponse", diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index 791d52de64..2d6684fe2d 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -1371,6 +1371,25 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 Notification rule details. + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get investigation queries for a signal returns "Not Found" response + Given new "GetInvestigationLogQueriesMatchingSignal" request + And request contains "signal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get investigation queries for a signal returns "OK" response + Given new "GetInvestigationLogQueriesMatchingSignal" request + And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" + When the request is sent + Then the response status is 200 OK + And the response "data[0].type" is equal to "investigation_log_queries" + And the response "data[0]" has field "id" + And the response "data[0].attributes" has field "name" + And the response "data[0].attributes" has field "query_filter" + And the response "data[0].attributes" has field "url" + @skip-go @skip-java @skip-ruby @team:DataDog/k9-cloud-security-platform Scenario: Get rule version history returns "OK" response Given operation "GetRuleVersionHistory" enabled @@ -1384,6 +1403,29 @@ Feature: Security Monitoring And the response "data.attributes.count" is equal to 1 And the response "data.attributes.data[1].rule.name" has the same value as "security_rule.name" + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get suggested actions for a signal returns "Not Found" response + Given new "GetSuggestedActionsMatchingSignal" request + And request contains "signal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get suggested actions for a signal returns "OK" response + Given new "GetSuggestedActionsMatchingSignal" request + And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" + When the request is sent + Then the response status is 200 OK + And the response "data[0].type" is equal to "investigation_log_queries" + And the response "data[0]" has field "id" + And the response "data[0].attributes" has field "name" + And the response "data[0].attributes" has field "query_filter" + And the response "data[0].attributes" has field "url" + And the response "data[1].type" is equal to "recommended_blog_posts" + And the response "data[1]" has field "id" + And the response "data[1].attributes" has field "title" + And the response "data[1].attributes" has field "url" + @team:DataDog/k9-cloud-security-platform Scenario: Get suppressions affecting a specific rule returns "Not Found" response Given new "GetSuppressionsAffectingRule" request diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index 6b408bc8b5..a197b7b670 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -5302,12 +5302,24 @@ "type": "idempotent" } }, + "GetInvestigationLogQueriesMatchingSignal": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "EditSecurityMonitoringSignalState": { "tag": "Security Monitoring", "undo": { "type": "idempotent" } }, + "GetSuggestedActionsMatchingSignal": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListScanningGroups": { "tag": "Sensitive Data Scanner", "undo": {