diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 911cd63bb00e..dd961c3331ee 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -58510,6 +58510,17 @@ components: required: - data type: object + SecurityMonitoringSignalInvestigationQueryTemplateVariables: + additionalProperties: + items: + description: A value for this template variable extracted from the signal. + type: string + type: array + description: Template variables applied to the investigation log query, mapping attribute paths to values extracted from the signal. + example: + "@userIdentity.arn": + - foo + type: object SecurityMonitoringSignalListRequest: description: The request for a security signal list. properties: @@ -58895,6 +58906,82 @@ components: required: - data type: object + SecurityMonitoringSignalSuggestedAction: + description: A suggested action for a security signal. + properties: + attributes: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionAttributes" + id: + description: The unique ID of the suggested action. + example: w00-t10-992 + type: string + type: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionType" + required: + - id + - type + - attributes + type: object + SecurityMonitoringSignalSuggestedActionAttributes: + description: Attributes of a suggested action for a security signal. The available fields depend on the action type. + properties: + name: + description: The name of the investigation log query. + example: Cloudtrail events for user ARN + type: string + query_filter: + description: The log query filter for the investigation. + example: 'source:cloudtrail @userIdentity.arn:"foo"' + type: string + template_variables: + $ref: "#/components/schemas/SecurityMonitoringSignalInvestigationQueryTemplateVariables" + title: + description: The title of the recommended blog post. + example: Monitor Okta logs to track system access and unusual activity + type: string + url: + description: The URL of the suggested action. + example: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + type: string + type: object + SecurityMonitoringSignalSuggestedActionList: + description: List of suggested actions for a security signal. + example: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + items: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedAction" + type: array + SecurityMonitoringSignalSuggestedActionType: + description: The type of the suggested action resource. + enum: + - investigation_log_queries + - recommended_blog_posts + example: investigation_log_queries + type: string + x-enum-varnames: + - INVESTIGATION_LOG_QUERIES + - RECOMMENDED_BLOG_POSTS + SecurityMonitoringSignalSuggestedActionsResponse: + description: Response with suggested actions for a security signal. + properties: + data: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionList" + required: + - data + type: object SecurityMonitoringSignalTriageAttributes: description: Attributes describing a triage state update operation over a security signal. properties: @@ -104670,6 +104757,56 @@ paths: operator: OR permissions: - security_monitoring_signals_write + /api/v2/security_monitoring/signals/{signal_id}/investigation_queries: + get: + description: Get the list of investigation log queries available for a given security signal. + operationId: GetInvestigationLogQueriesMatchingSignal + parameters: + - $ref: "#/components/parameters/SignalID" + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + schema: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionsResponse" + description: OK + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_read + - security_monitoring_signals_read + summary: Get investigation queries for a signal + tags: ["Security Monitoring"] + x-permission: + operator: AND + permissions: + - security_monitoring_rules_read + - security_monitoring_signals_read /api/v2/security_monitoring/signals/{signal_id}/state: patch: description: |- @@ -104710,6 +104847,56 @@ paths: operator: OR permissions: - security_monitoring_signals_write + /api/v2/security_monitoring/signals/{signal_id}/suggested_actions: + get: + description: Get the list of suggested actions for a given security signal. + operationId: GetSuggestedActionsMatchingSignal + parameters: + - $ref: "#/components/parameters/SignalID" + responses: + "200": + content: + application/json: + examples: + default: + value: + data: + - attributes: + name: Cloudtrail events for user ARN + query_filter: 'source:cloudtrail @userIdentity.arn:"foo"' + template_variables: + "@userIdentity.arn": + - foo + url: /logs?query=source%3Acloudtrail+%40userIdentity.arn%3A%22foo%22 + id: w00-t10-992 + type: investigation_log_queries + - attributes: + title: Monitor Okta logs to track system access and unusual activity + url: https://www.datadoghq.com/blog/monitor-activity-with-okta/ + id: bxy-o8v-i1a + type: recommended_blog_posts + schema: + $ref: "#/components/schemas/SecurityMonitoringSignalSuggestedActionsResponse" + description: OK + "403": + $ref: "#/components/responses/NotAuthorizedResponse" + "404": + $ref: "#/components/responses/NotFoundResponse" + "429": + $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_read + - security_monitoring_signals_read + summary: Get suggested actions for a signal + tags: ["Security Monitoring"] + x-permission: + operator: AND + permissions: + - security_monitoring_rules_read + - security_monitoring_signals_read /api/v2/sensitive-data-scanner/config: get: description: List all the Scanning groups in your organization. diff --git a/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.rb b/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.rb new file mode 100644 index 000000000000..a0f8403990f5 --- /dev/null +++ b/examples/v2/security-monitoring/GetInvestigationLogQueriesMatchingSignal.rb @@ -0,0 +1,5 @@ +# Get investigation queries for a signal returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +p api_instance.get_investigation_log_queries_matching_signal("AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE") diff --git a/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.rb b/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.rb new file mode 100644 index 000000000000..ae6c0246f5ad --- /dev/null +++ b/examples/v2/security-monitoring/GetSuggestedActionsMatchingSignal.rb @@ -0,0 +1,5 @@ +# Get suggested actions for a signal returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +p api_instance.get_suggested_actions_matching_signal("AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE") diff --git a/features/scenarios_model_mapping.rb b/features/scenarios_model_mapping.rb index 78d4a8c9aaab..a6afa5d9d2f6 100644 --- a/features/scenarios_model_mapping.rb +++ b/features/scenarios_model_mapping.rb @@ -1761,10 +1761,16 @@ "signal_id" => "String", "body" => "SecurityMonitoringSignalIncidentsUpdateRequest", }, + "v2.GetInvestigationLogQueriesMatchingSignal" => { + "signal_id" => "String", + }, "v2.EditSecurityMonitoringSignalState" => { "signal_id" => "String", "body" => "SecurityMonitoringSignalStateUpdateRequest", }, + "v2.GetSuggestedActionsMatchingSignal" => { + "signal_id" => "String", + }, "v2.ListSecurityMonitoringHistsignals" => { "filter_query" => "String", "filter_from" => "Time", diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 791d52de6467..2d6684fe2d11 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -1371,6 +1371,25 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 Notification rule details. + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get investigation queries for a signal returns "Not Found" response + Given new "GetInvestigationLogQueriesMatchingSignal" request + And request contains "signal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get investigation queries for a signal returns "OK" response + Given new "GetInvestigationLogQueriesMatchingSignal" request + And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" + When the request is sent + Then the response status is 200 OK + And the response "data[0].type" is equal to "investigation_log_queries" + And the response "data[0]" has field "id" + And the response "data[0].attributes" has field "name" + And the response "data[0].attributes" has field "query_filter" + And the response "data[0].attributes" has field "url" + @skip-go @skip-java @skip-ruby @team:DataDog/k9-cloud-security-platform Scenario: Get rule version history returns "OK" response Given operation "GetRuleVersionHistory" enabled @@ -1384,6 +1403,29 @@ Feature: Security Monitoring And the response "data.attributes.count" is equal to 1 And the response "data.attributes.data[1].rule.name" has the same value as "security_rule.name" + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get suggested actions for a signal returns "Not Found" response + Given new "GetSuggestedActionsMatchingSignal" request + And request contains "signal_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get suggested actions for a signal returns "OK" response + Given new "GetSuggestedActionsMatchingSignal" request + And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" + When the request is sent + Then the response status is 200 OK + And the response "data[0].type" is equal to "investigation_log_queries" + And the response "data[0]" has field "id" + And the response "data[0].attributes" has field "name" + And the response "data[0].attributes" has field "query_filter" + And the response "data[0].attributes" has field "url" + And the response "data[1].type" is equal to "recommended_blog_posts" + And the response "data[1]" has field "id" + And the response "data[1].attributes" has field "title" + And the response "data[1].attributes" has field "url" + @team:DataDog/k9-cloud-security-platform Scenario: Get suppressions affecting a specific rule returns "Not Found" response Given new "GetSuppressionsAffectingRule" request diff --git a/features/v2/undo.json b/features/v2/undo.json index 6b408bc8b5be..a197b7b670ca 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -5302,12 +5302,24 @@ "type": "idempotent" } }, + "GetInvestigationLogQueriesMatchingSignal": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "EditSecurityMonitoringSignalState": { "tag": "Security Monitoring", "undo": { "type": "idempotent" } }, + "GetSuggestedActionsMatchingSignal": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, "ListScanningGroups": { "tag": "Sensitive Data Scanner", "undo": { diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb index 2ef96f9dbe3b..93fb32a94c24 100644 --- a/lib/datadog_api_client/inflector.rb +++ b/lib/datadog_api_client/inflector.rb @@ -4830,6 +4830,10 @@ def overrides "v2.security_monitoring_signal_state_update_attributes" => "SecurityMonitoringSignalStateUpdateAttributes", "v2.security_monitoring_signal_state_update_data" => "SecurityMonitoringSignalStateUpdateData", "v2.security_monitoring_signal_state_update_request" => "SecurityMonitoringSignalStateUpdateRequest", + "v2.security_monitoring_signal_suggested_action" => "SecurityMonitoringSignalSuggestedAction", + "v2.security_monitoring_signal_suggested_action_attributes" => "SecurityMonitoringSignalSuggestedActionAttributes", + "v2.security_monitoring_signal_suggested_actions_response" => "SecurityMonitoringSignalSuggestedActionsResponse", + "v2.security_monitoring_signal_suggested_action_type" => "SecurityMonitoringSignalSuggestedActionType", "v2.security_monitoring_signal_triage_attributes" => "SecurityMonitoringSignalTriageAttributes", "v2.security_monitoring_signal_triage_update_data" => "SecurityMonitoringSignalTriageUpdateData", "v2.security_monitoring_signal_triage_update_response" => "SecurityMonitoringSignalTriageUpdateResponse", diff --git a/lib/datadog_api_client/v2/api/security_monitoring_api.rb b/lib/datadog_api_client/v2/api/security_monitoring_api.rb index eeb9f038aaf7..7089c5958b6f 100644 --- a/lib/datadog_api_client/v2/api/security_monitoring_api.rb +++ b/lib/datadog_api_client/v2/api/security_monitoring_api.rb @@ -2504,6 +2504,71 @@ def get_finding_with_http_info(finding_id, opts = {}) return data, status_code, headers end + # Get investigation queries for a signal. + # + # @see #get_investigation_log_queries_matching_signal_with_http_info + def get_investigation_log_queries_matching_signal(signal_id, opts = {}) + data, _status_code, _headers = get_investigation_log_queries_matching_signal_with_http_info(signal_id, opts) + data + end + + # Get investigation queries for a signal. + # + # Get the list of investigation log queries available for a given security signal. + # + # @param signal_id [String] The ID of the signal. + # @param opts [Hash] the optional parameters + # @return [Array<(SecurityMonitoringSignalSuggestedActionsResponse, Integer, Hash)>] SecurityMonitoringSignalSuggestedActionsResponse data, response status code and response headers + def get_investigation_log_queries_matching_signal_with_http_info(signal_id, opts = {}) + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.get_investigation_log_queries_matching_signal ...' + end + # verify the required parameter 'signal_id' is set + if @api_client.config.client_side_validation && signal_id.nil? + fail ArgumentError, "Missing the required parameter 'signal_id' when calling SecurityMonitoringAPI.get_investigation_log_queries_matching_signal" + end + # resource path + local_var_path = '/api/v2/security_monitoring/signals/{signal_id}/investigation_queries'.sub('{signal_id}', CGI.escape(signal_id.to_s).gsub('%2F', '/')) + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'SecurityMonitoringSignalSuggestedActionsResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :get_investigation_log_queries_matching_signal, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#get_investigation_log_queries_matching_signal\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # List resource filters. # # @see #get_resource_evaluation_filters_with_http_info @@ -3409,6 +3474,71 @@ def get_signal_notification_rules_with_http_info(opts = {}) return data, status_code, headers end + # Get suggested actions for a signal. + # + # @see #get_suggested_actions_matching_signal_with_http_info + def get_suggested_actions_matching_signal(signal_id, opts = {}) + data, _status_code, _headers = get_suggested_actions_matching_signal_with_http_info(signal_id, opts) + data + end + + # Get suggested actions for a signal. + # + # Get the list of suggested actions for a given security signal. + # + # @param signal_id [String] The ID of the signal. + # @param opts [Hash] the optional parameters + # @return [Array<(SecurityMonitoringSignalSuggestedActionsResponse, Integer, Hash)>] SecurityMonitoringSignalSuggestedActionsResponse data, response status code and response headers + def get_suggested_actions_matching_signal_with_http_info(signal_id, opts = {}) + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.get_suggested_actions_matching_signal ...' + end + # verify the required parameter 'signal_id' is set + if @api_client.config.client_side_validation && signal_id.nil? + fail ArgumentError, "Missing the required parameter 'signal_id' when calling SecurityMonitoringAPI.get_suggested_actions_matching_signal" + end + # resource path + local_var_path = '/api/v2/security_monitoring/signals/{signal_id}/suggested_actions'.sub('{signal_id}', CGI.escape(signal_id.to_s).gsub('%2F', '/')) + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'SecurityMonitoringSignalSuggestedActionsResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :get_suggested_actions_matching_signal, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#get_suggested_actions_matching_signal\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Get suppressions affecting future rule. # # @see #get_suppressions_affecting_future_rule_with_http_info diff --git a/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_action.rb b/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_action.rb new file mode 100644 index 000000000000..736175ab6cc2 --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_action.rb @@ -0,0 +1,165 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # A suggested action for a security signal. + class SecurityMonitoringSignalSuggestedAction + include BaseGenericModel + + # Attributes of a suggested action for a security signal. The available fields depend on the action type. + attr_reader :attributes + + # The unique ID of the suggested action. + attr_reader :id + + # The type of the suggested action resource. + attr_reader :type + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'attributes' => :'attributes', + :'id' => :'id', + :'type' => :'type' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'attributes' => :'SecurityMonitoringSignalSuggestedActionAttributes', + :'id' => :'String', + :'type' => :'SecurityMonitoringSignalSuggestedActionType' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityMonitoringSignalSuggestedAction` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @attributes.nil? + return false if @id.nil? + return false if @type.nil? + true + end + + # Custom attribute writer method with validation + # @param attributes [Object] Object to be assigned + # @!visibility private + def attributes=(attributes) + if attributes.nil? + fail ArgumentError, 'invalid value for "attributes", attributes cannot be nil.' + end + @attributes = attributes + end + + # Custom attribute writer method with validation + # @param id [Object] Object to be assigned + # @!visibility private + def id=(id) + if id.nil? + fail ArgumentError, 'invalid value for "id", id cannot be nil.' + end + @id = id + end + + # Custom attribute writer method with validation + # @param type [Object] Object to be assigned + # @!visibility private + def type=(type) + if type.nil? + fail ArgumentError, 'invalid value for "type", type cannot be nil.' + end + @type = type + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + id == o.id && + type == o.type && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [attributes, id, type, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_action_attributes.rb b/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_action_attributes.rb new file mode 100644 index 000000000000..fc653b621cf6 --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_action_attributes.rb @@ -0,0 +1,145 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Attributes of a suggested action for a security signal. The available fields depend on the action type. + class SecurityMonitoringSignalSuggestedActionAttributes + include BaseGenericModel + + # The name of the investigation log query. + attr_accessor :name + + # The log query filter for the investigation. + attr_accessor :query_filter + + # Template variables applied to the investigation log query, mapping attribute paths to values extracted from the signal. + attr_accessor :template_variables + + # The title of the recommended blog post. + attr_accessor :title + + # The URL of the suggested action. + attr_accessor :url + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'name' => :'name', + :'query_filter' => :'query_filter', + :'template_variables' => :'template_variables', + :'title' => :'title', + :'url' => :'url' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'name' => :'String', + :'query_filter' => :'String', + :'template_variables' => :'Hash>', + :'title' => :'String', + :'url' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityMonitoringSignalSuggestedActionAttributes` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + + if attributes.key?(:'query_filter') + self.query_filter = attributes[:'query_filter'] + end + + if attributes.key?(:'template_variables') + self.template_variables = attributes[:'template_variables'] + end + + if attributes.key?(:'title') + self.title = attributes[:'title'] + end + + if attributes.key?(:'url') + self.url = attributes[:'url'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + name == o.name && + query_filter == o.query_filter && + template_variables == o.template_variables && + title == o.title && + url == o.url && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [name, query_filter, template_variables, title, url, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_action_type.rb b/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_action_type.rb new file mode 100644 index 000000000000..d872d951c553 --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_action_type.rb @@ -0,0 +1,27 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # The type of the suggested action resource. + class SecurityMonitoringSignalSuggestedActionType + include BaseEnumModel + + INVESTIGATION_LOG_QUERIES = "investigation_log_queries".freeze + RECOMMENDED_BLOG_POSTS = "recommended_blog_posts".freeze + end +end diff --git a/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_actions_response.rb b/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_actions_response.rb new file mode 100644 index 000000000000..a122810baebe --- /dev/null +++ b/lib/datadog_api_client/v2/models/security_monitoring_signal_suggested_actions_response.rb @@ -0,0 +1,125 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Response with suggested actions for a security signal. + class SecurityMonitoringSignalSuggestedActionsResponse + include BaseGenericModel + + # List of suggested actions for a security signal. + attr_reader :data + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'data' => :'data' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'data' => :'Array' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityMonitoringSignalSuggestedActionsResponse` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'data') + if (value = attributes[:'data']).is_a?(Array) + self.data = value + end + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @data.nil? + true + end + + # Custom attribute writer method with validation + # @param data [Object] Object to be assigned + # @!visibility private + def data=(data) + if data.nil? + fail ArgumentError, 'invalid value for "data", data cannot be nil.' + end + @data = data + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [data, additional_properties].hash + end + end +end