Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Monitoring Suppression - Add data_exclusion_query field #2262

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .apigentools-info
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@
"spec_versions": {
"v1": {
"apigentools_version": "1.6.6",
"regenerated": "2024-04-09 18:06:06.159963",
"spec_repo_commit": "fc718bc2"
"regenerated": "2024-04-10 15:00:58.406403",
"spec_repo_commit": "7e61ac0f"
},
"v2": {
"apigentools_version": "1.6.6",
"regenerated": "2024-04-09 18:06:06.178724",
"spec_repo_commit": "fc718bc2"
"regenerated": "2024-04-10 15:00:58.425050",
"spec_repo_commit": "7e61ac0f"
}
}
}
26 changes: 23 additions & 3 deletions .generator/schemas/v2/openapi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18282,6 +18282,13 @@ components:
type: integer
creator:
$ref: '#/components/schemas/SecurityMonitoringUser'
data_exclusion_query:
description: An exclusion query on the input data of the security rules,
which could be logs, Agent events, or other types of data based on the
security rule. Events matching this query are ignored by any detection
rules referenced in the suppression rule.
example: source:cloudtrail account_id:12345
type: string
description:
description: A description for the suppression rule.
example: This rule suppresses low-severity signals in staging environments.
Expand Down Expand Up @@ -18330,6 +18337,13 @@ components:
description: Object containing the attributes of the suppression rule to be
created.
properties:
data_exclusion_query:
description: An exclusion query on the input data of the security rules,
which could be logs, Agent events, or other types of data based on the
security rule. Events matching this query are ignored by any detection
rules referenced in the suppression rule.
example: source:cloudtrail account_id:12345
type: string
description:
description: A description for the suppression rule.
example: This rule suppresses low-severity signals in staging environments.
Expand All @@ -18355,15 +18369,14 @@ components:
type: string
suppression_query:
description: The suppression query of the suppression rule. If a signal
matches this query, it is suppressed and is not triggered . Same syntax
as the queries to search signals in the signal explorer.
matches this query, it is suppressed and is not triggered. It uses the
same syntax as the queries to search signals in the Signals Explorer.
example: env:staging status:low
type: string
required:
- name
- enabled
- rule_query
- suppression_query
type: object
SecurityMonitoringSuppressionCreateData:
description: Object for a single suppression rule.
Expand Down Expand Up @@ -18407,6 +18420,13 @@ components:
SecurityMonitoringSuppressionUpdateAttributes:
description: The suppression rule properties to be updated.
properties:
data_exclusion_query:
description: An exclusion query on the input data of the security rules,
which could be logs, Agent events, or other types of data based on the
security rule. Events matching this query are ignored by any detection
rules referenced in the suppression rule.
example: source:cloudtrail account_id:12345
type: string
description:
description: A description for the suppression rule.
example: This rule suppresses low-severity signals in staging environments.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
// Create a suppression rule with an exclusion query returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionType;

public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

SecurityMonitoringSuppressionCreateRequest body =
new SecurityMonitoringSuppressionCreateRequest()
.data(
new SecurityMonitoringSuppressionCreateData()
.attributes(
new SecurityMonitoringSuppressionCreateAttributes()
.description(
"This rule suppresses low-severity signals in staging"
+ " environments.")
.enabled(true)
.expirationDate(1703187336000L)
.name("Example-Security-Monitoring")
.ruleQuery("type:log_detection source:cloudtrail")
.dataExclusionQuery("account_id:12345"))
.type(SecurityMonitoringSuppressionType.SUPPRESSIONS));

try {
SecurityMonitoringSuppressionResponse result =
apiInstance.createSecurityMonitoringSuppression(body);
System.out.println(result);
} catch (ApiException e) {
System.err.println(
"Exception when calling SecurityMonitoringApi#createSecurityMonitoringSuppression");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
@JsonPropertyOrder({
SecurityMonitoringSuppressionAttributes.JSON_PROPERTY_CREATION_DATE,
SecurityMonitoringSuppressionAttributes.JSON_PROPERTY_CREATOR,
SecurityMonitoringSuppressionAttributes.JSON_PROPERTY_DATA_EXCLUSION_QUERY,
SecurityMonitoringSuppressionAttributes.JSON_PROPERTY_DESCRIPTION,
SecurityMonitoringSuppressionAttributes.JSON_PROPERTY_ENABLED,
SecurityMonitoringSuppressionAttributes.JSON_PROPERTY_EXPIRATION_DATE,
Expand All @@ -40,6 +41,9 @@ public class SecurityMonitoringSuppressionAttributes {
public static final String JSON_PROPERTY_CREATOR = "creator";
private SecurityMonitoringUser creator;

public static final String JSON_PROPERTY_DATA_EXCLUSION_QUERY = "data_exclusion_query";
private String dataExclusionQuery;

public static final String JSON_PROPERTY_DESCRIPTION = "description";
private String description;

Expand Down Expand Up @@ -110,6 +114,29 @@ public void setCreator(SecurityMonitoringUser creator) {
this.creator = creator;
}

public SecurityMonitoringSuppressionAttributes dataExclusionQuery(String dataExclusionQuery) {
this.dataExclusionQuery = dataExclusionQuery;
return this;
}

/**
* An exclusion query on the input data of the security rules, which could be logs, Agent events,
* or other types of data based on the security rule. Events matching this query are ignored by
* any detection rules referenced in the suppression rule.
*
* @return dataExclusionQuery
*/
@jakarta.annotation.Nullable
@JsonProperty(JSON_PROPERTY_DATA_EXCLUSION_QUERY)
@JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
public String getDataExclusionQuery() {
return dataExclusionQuery;
}

public void setDataExclusionQuery(String dataExclusionQuery) {
this.dataExclusionQuery = dataExclusionQuery;
}

public SecurityMonitoringSuppressionAttributes description(String description) {
this.description = description;
return this;
Expand Down Expand Up @@ -363,6 +390,8 @@ public boolean equals(Object o) {
(SecurityMonitoringSuppressionAttributes) o;
return Objects.equals(this.creationDate, securityMonitoringSuppressionAttributes.creationDate)
&& Objects.equals(this.creator, securityMonitoringSuppressionAttributes.creator)
&& Objects.equals(
this.dataExclusionQuery, securityMonitoringSuppressionAttributes.dataExclusionQuery)
&& Objects.equals(this.description, securityMonitoringSuppressionAttributes.description)
&& Objects.equals(this.enabled, securityMonitoringSuppressionAttributes.enabled)
&& Objects.equals(
Expand All @@ -384,6 +413,7 @@ public int hashCode() {
return Objects.hash(
creationDate,
creator,
dataExclusionQuery,
description,
enabled,
expirationDate,
Expand All @@ -402,6 +432,7 @@ public String toString() {
sb.append("class SecurityMonitoringSuppressionAttributes {\n");
sb.append(" creationDate: ").append(toIndentedString(creationDate)).append("\n");
sb.append(" creator: ").append(toIndentedString(creator)).append("\n");
sb.append(" dataExclusionQuery: ").append(toIndentedString(dataExclusionQuery)).append("\n");
sb.append(" description: ").append(toIndentedString(description)).append("\n");
sb.append(" enabled: ").append(toIndentedString(enabled)).append("\n");
sb.append(" expirationDate: ").append(toIndentedString(expirationDate)).append("\n");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

/** Object containing the attributes of the suppression rule to be created. */
@JsonPropertyOrder({
SecurityMonitoringSuppressionCreateAttributes.JSON_PROPERTY_DATA_EXCLUSION_QUERY,
SecurityMonitoringSuppressionCreateAttributes.JSON_PROPERTY_DESCRIPTION,
SecurityMonitoringSuppressionCreateAttributes.JSON_PROPERTY_ENABLED,
SecurityMonitoringSuppressionCreateAttributes.JSON_PROPERTY_EXPIRATION_DATE,
Expand All @@ -30,6 +31,9 @@
value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator")
public class SecurityMonitoringSuppressionCreateAttributes {
@JsonIgnore public boolean unparsed = false;
public static final String JSON_PROPERTY_DATA_EXCLUSION_QUERY = "data_exclusion_query";
private String dataExclusionQuery;

public static final String JSON_PROPERTY_DESCRIPTION = "description";
private String description;

Expand All @@ -54,13 +58,34 @@ public SecurityMonitoringSuppressionCreateAttributes() {}
public SecurityMonitoringSuppressionCreateAttributes(
@JsonProperty(required = true, value = JSON_PROPERTY_ENABLED) Boolean enabled,
@JsonProperty(required = true, value = JSON_PROPERTY_NAME) String name,
@JsonProperty(required = true, value = JSON_PROPERTY_RULE_QUERY) String ruleQuery,
@JsonProperty(required = true, value = JSON_PROPERTY_SUPPRESSION_QUERY)
String suppressionQuery) {
@JsonProperty(required = true, value = JSON_PROPERTY_RULE_QUERY) String ruleQuery) {
this.enabled = enabled;
this.name = name;
this.ruleQuery = ruleQuery;
this.suppressionQuery = suppressionQuery;
}

public SecurityMonitoringSuppressionCreateAttributes dataExclusionQuery(
String dataExclusionQuery) {
this.dataExclusionQuery = dataExclusionQuery;
return this;
}

/**
* An exclusion query on the input data of the security rules, which could be logs, Agent events,
* or other types of data based on the security rule. Events matching this query are ignored by
* any detection rules referenced in the suppression rule.
*
* @return dataExclusionQuery
*/
@jakarta.annotation.Nullable
@JsonProperty(JSON_PROPERTY_DATA_EXCLUSION_QUERY)
@JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
public String getDataExclusionQuery() {
return dataExclusionQuery;
}

public void setDataExclusionQuery(String dataExclusionQuery) {
this.dataExclusionQuery = dataExclusionQuery;
}

public SecurityMonitoringSuppressionCreateAttributes description(String description) {
Expand Down Expand Up @@ -174,12 +199,14 @@ public SecurityMonitoringSuppressionCreateAttributes suppressionQuery(String sup

/**
* The suppression query of the suppression rule. If a signal matches this query, it is suppressed
* and is not triggered . Same syntax as the queries to search signals in the signal explorer.
* and is not triggered. It uses the same syntax as the queries to search signals in the Signals
* Explorer.
*
* @return suppressionQuery
*/
@jakarta.annotation.Nullable
@JsonProperty(JSON_PROPERTY_SUPPRESSION_QUERY)
@JsonInclude(value = JsonInclude.Include.ALWAYS)
@JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
public String getSuppressionQuery() {
return suppressionQuery;
}
Expand Down Expand Up @@ -247,6 +274,9 @@ public boolean equals(Object o) {
SecurityMonitoringSuppressionCreateAttributes securityMonitoringSuppressionCreateAttributes =
(SecurityMonitoringSuppressionCreateAttributes) o;
return Objects.equals(
this.dataExclusionQuery,
securityMonitoringSuppressionCreateAttributes.dataExclusionQuery)
&& Objects.equals(
this.description, securityMonitoringSuppressionCreateAttributes.description)
&& Objects.equals(this.enabled, securityMonitoringSuppressionCreateAttributes.enabled)
&& Objects.equals(
Expand All @@ -263,6 +293,7 @@ public boolean equals(Object o) {
@Override
public int hashCode() {
return Objects.hash(
dataExclusionQuery,
description,
enabled,
expirationDate,
Expand All @@ -276,6 +307,7 @@ public int hashCode() {
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("class SecurityMonitoringSuppressionCreateAttributes {\n");
sb.append(" dataExclusionQuery: ").append(toIndentedString(dataExclusionQuery)).append("\n");
sb.append(" description: ").append(toIndentedString(description)).append("\n");
sb.append(" enabled: ").append(toIndentedString(enabled)).append("\n");
sb.append(" expirationDate: ").append(toIndentedString(expirationDate)).append("\n");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

/** The suppression rule properties to be updated. */
@JsonPropertyOrder({
SecurityMonitoringSuppressionUpdateAttributes.JSON_PROPERTY_DATA_EXCLUSION_QUERY,
SecurityMonitoringSuppressionUpdateAttributes.JSON_PROPERTY_DESCRIPTION,
SecurityMonitoringSuppressionUpdateAttributes.JSON_PROPERTY_ENABLED,
SecurityMonitoringSuppressionUpdateAttributes.JSON_PROPERTY_EXPIRATION_DATE,
Expand All @@ -31,6 +32,9 @@
value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator")
public class SecurityMonitoringSuppressionUpdateAttributes {
@JsonIgnore public boolean unparsed = false;
public static final String JSON_PROPERTY_DATA_EXCLUSION_QUERY = "data_exclusion_query";
private String dataExclusionQuery;

public static final String JSON_PROPERTY_DESCRIPTION = "description";
private String description;

Expand All @@ -52,6 +56,30 @@ public class SecurityMonitoringSuppressionUpdateAttributes {
public static final String JSON_PROPERTY_VERSION = "version";
private Integer version;

public SecurityMonitoringSuppressionUpdateAttributes dataExclusionQuery(
String dataExclusionQuery) {
this.dataExclusionQuery = dataExclusionQuery;
return this;
}

/**
* An exclusion query on the input data of the security rules, which could be logs, Agent events,
* or other types of data based on the security rule. Events matching this query are ignored by
* any detection rules referenced in the suppression rule.
*
* @return dataExclusionQuery
*/
@jakarta.annotation.Nullable
@JsonProperty(JSON_PROPERTY_DATA_EXCLUSION_QUERY)
@JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
public String getDataExclusionQuery() {
return dataExclusionQuery;
}

public void setDataExclusionQuery(String dataExclusionQuery) {
this.dataExclusionQuery = dataExclusionQuery;
}

public SecurityMonitoringSuppressionUpdateAttributes description(String description) {
this.description = description;
return this;
Expand Down Expand Up @@ -273,6 +301,9 @@ public boolean equals(Object o) {
SecurityMonitoringSuppressionUpdateAttributes securityMonitoringSuppressionUpdateAttributes =
(SecurityMonitoringSuppressionUpdateAttributes) o;
return Objects.equals(
this.dataExclusionQuery,
securityMonitoringSuppressionUpdateAttributes.dataExclusionQuery)
&& Objects.equals(
this.description, securityMonitoringSuppressionUpdateAttributes.description)
&& Objects.equals(this.enabled, securityMonitoringSuppressionUpdateAttributes.enabled)
&& Objects.equals(
Expand All @@ -290,6 +321,7 @@ public boolean equals(Object o) {
@Override
public int hashCode() {
return Objects.hash(
dataExclusionQuery,
description,
enabled,
expirationDate,
Expand All @@ -304,6 +336,7 @@ public int hashCode() {
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("class SecurityMonitoringSuppressionUpdateAttributes {\n");
sb.append(" dataExclusionQuery: ").append(toIndentedString(dataExclusionQuery)).append("\n");
sb.append(" description: ").append(toIndentedString(description)).append("\n");
sb.append(" enabled: ").append(toIndentedString(enabled)).append("\n");
sb.append(" expirationDate: ").append(toIndentedString(expirationDate)).append("\n");
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2024-01-11T10:06:23.179Z
2024-04-08T09:56:58.589Z
Loading
Loading