DataDog · api-clients-generation-pipeline · May 29, 2024 · May 28, 2024
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-05-23 19:28:55.574938",
-            "spec_repo_commit": "b9b11fda"
+            "regenerated": "2024-05-28 16:29:27.962655",
+            "spec_repo_commit": "9445af96"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-05-23 19:28:55.592655",
-            "spec_repo_commit": "b9b11fda"
+            "regenerated": "2024-05-28 16:29:27.980667",
+            "spec_repo_commit": "9445af96"
         }
     }
 }
@@ -17407,6 +17407,47 @@ components:
       - GEO_DATA
       - EVENT_COUNT
       - NONE
+    SecurityMonitoringRuleQueryPayload:
+      description: Payload to test a rule query with the expected result.
+      properties:
+        expectedResult:
+          description: Expected result of the test.
+          example: true
+          type: boolean
+        index:
+          description: Index of the query under test.
+          example: 0
+          format: int64
+          minimum: 0
+          type: integer
+        payload:
+          $ref: '#/components/schemas/SecurityMonitoringRuleQueryPayloadData'
+      type: object
+    SecurityMonitoringRuleQueryPayloadData:
+      additionalProperties: {}
+      description: Payload used to test the rule query.
+      properties:
+        ddsource:
+          description: Source of the payload.
+          example: nginx
+          type: string
+        ddtags:
+          description: Tags associated with your data.
+          example: env:staging,version:5.1
+          type: string
+        hostname:
+          description: The name of the originating host of the log.
+          example: i-012345678
+          type: string
+        message:
+          description: The message of the payload.
+          example: 2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World
+          type: string
+        service:
+          description: The name of the application or service generating the data.
+          example: payment
+          type: string
+      type: object
     SecurityMonitoringRuleResponse:
       description: Create a new rule.
       oneOf:
@@ -17428,6 +17469,31 @@ components:
       - MEDIUM
       - HIGH
       - CRITICAL
+    SecurityMonitoringRuleTestRequest:
+      description: Test the rule queries of a rule.
+      properties:
+        rule:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload'
+        ruleQueryPayloads:
+          description: Data payloads used to test rules query with the expected result.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleQueryPayload'
+          type: array
+      type: object
+    SecurityMonitoringRuleTestResponse:
+      description: Result of the test of the rule queries.
+      properties:
+        results:
+          description: 'Assert results are returned in the same order as the rule
+            query payloads.
+
+            For each payload, it returns True if the result matched the expected result,
+
+            False otherwise.'
+          items:
+            type: boolean
+          type: array
+      type: object
     SecurityMonitoringRuleThirdPartyOptions:
       description: Options on third party rules.
       properties:
@@ -32551,6 +32617,42 @@ paths:
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
+  /api/v2/security_monitoring/rules/test:
+    post:
+      description: Test a rule.
+      operationId: TestSecurityMonitoringRule
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringRuleTestRequest'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringRuleTestResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '401':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_write
+      summary: Test a rule
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
   /api/v2/security_monitoring/rules/validation:
     post:
       description: Validate a detection rule.
@@ -32672,6 +32774,44 @@ paths:
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
+  /api/v2/security_monitoring/rules/{rule_id}/test:
+    post:
+      description: Test an existing rule.
+      operationId: TestExistingSecurityMonitoringRule
+      parameters:
+      - $ref: '#/components/parameters/SecurityMonitoringRuleID'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringRuleTestRequest'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringRuleTestResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '401':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_write
+      summary: Test an existing rule
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
   /api/v2/security_monitoring/signals:
     get:
       description: 'The list endpoint returns security signals that match a search

@@ -0,0 +1,47 @@
+// Test an existing rule returns "OK" response
+
+import com.datadog.api.client.ApiClient;
+import com.datadog.api.client.ApiException;
+import com.datadog.api.client.v2.api.SecurityMonitoringApi;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryPayload;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryPayloadData;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleTestRequest;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleTestResponse;
+import java.util.Collections;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
+
+    SecurityMonitoringRuleTestRequest body =
+        new SecurityMonitoringRuleTestRequest()
+            .ruleQueryPayloads(
+                Collections.singletonList(
+                    new SecurityMonitoringRuleQueryPayload()
+                        .expectedResult(true)
+                        .index(0L)
+                        .payload(
+                            new SecurityMonitoringRuleQueryPayloadData()
+                                .ddsource("nginx")
+                                .ddtags("env:staging,version:5.1")
+                                .hostname("i-012345678")
+                                .message(
+                                    "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello"
+                                        + " World")
+                                .service("payment"))));
+
+    try {
+      SecurityMonitoringRuleTestResponse result =
+          apiInstance.testExistingSecurityMonitoringRule("rule_id", body);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println(
+          "Exception when calling SecurityMonitoringApi#testExistingSecurityMonitoringRule");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
@@ -0,0 +1,90 @@
+// Test a rule returns "OK" response
+
+import com.datadog.api.client.ApiClient;
+import com.datadog.api.client.ApiException;
+import com.datadog.api.client.v2.api.SecurityMonitoringApi;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseCreate;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleCreatePayload;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleDetectionMethod;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleEvaluationWindow;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleKeepAlive;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleMaxSignalDuration;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleOptions;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryAggregation;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryPayload;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryPayloadData;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleSeverity;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleTestRequest;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleTestResponse;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleTypeCreate;
+import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleCreatePayload;
+import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleQuery;
+import java.util.Arrays;
+import java.util.Collections;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
+
+    SecurityMonitoringRuleTestRequest body =
+        new SecurityMonitoringRuleTestRequest()
+            .rule(
+                new SecurityMonitoringRuleCreatePayload(
+                    new SecurityMonitoringStandardRuleCreatePayload()
+                        .cases(
+                            Collections.singletonList(
+                                new SecurityMonitoringRuleCaseCreate()
+                                    .name("")
+                                    .status(SecurityMonitoringRuleSeverity.INFO)
+                                    .condition("a > 0")))
+                        .hasExtendedTitle(true)
+                        .isEnabled(true)
+                        .message("My security monitoring rule message.")
+                        .name("My security monitoring rule.")
+                        .options(
+                            new SecurityMonitoringRuleOptions()
+                                .decreaseCriticalityBasedOnEnv(false)
+                                .detectionMethod(SecurityMonitoringRuleDetectionMethod.THRESHOLD)
+                                .evaluationWindow(
+                                    SecurityMonitoringRuleEvaluationWindow.ZERO_MINUTES)
+                                .keepAlive(SecurityMonitoringRuleKeepAlive.ZERO_MINUTES)
+                                .maxSignalDuration(
+                                    SecurityMonitoringRuleMaxSignalDuration.ZERO_MINUTES))
+                        .queries(
+                            Collections.singletonList(
+                                new SecurityMonitoringStandardRuleQuery()
+                                    .query("source:source_here")
+                                    .groupByFields(
+                                        Collections.singletonList("@userIdentity.assumed_role"))
+                                    .aggregation(SecurityMonitoringRuleQueryAggregation.COUNT)
+                                    .name("")))
+                        .tags(Arrays.asList("env:prod", "team:security"))
+                        .type(SecurityMonitoringRuleTypeCreate.LOG_DETECTION)))
+            .ruleQueryPayloads(
+                Collections.singletonList(
+                    new SecurityMonitoringRuleQueryPayload()
+                        .expectedResult(true)
+                        .index(0L)
+                        .payload(
+                            new SecurityMonitoringRuleQueryPayloadData()
+                                .ddsource("source_here")
+                                .ddtags("env:staging,version:5.1")
+                                .hostname("i-012345678")
+                                .message(
+                                    "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello"
+                                        + " World")
+                                .service("payment"))));
+
+    try {
+      SecurityMonitoringRuleTestResponse result = apiInstance.testSecurityMonitoringRule(body);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println("Exception when calling SecurityMonitoringApi#testSecurityMonitoringRule");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}