From c129895502afbdac5fafb6d570764739fdfbf5dc Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Mon, 15 Dec 2025 13:17:18 +0000 Subject: [PATCH] Regenerate client from commit 578e092 of spec repo --- .generator/schemas/v2/openapi.yaml | 9 ++++ ...taneousBaseline-returns-OK-response.frozen | 1 + ...tantaneousBaseline-returns-OK-response.yml | 23 ++++++++ ...lidateSecurityMonitoringRule_2609327779.rb | 54 +++++++++++++++++++ features/v2/security_monitoring.feature | 7 +++ ...urity_monitoring_rule_new_value_options.rb | 12 ++++- 6 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-new-value-with-enabled-feature-instantaneousBaseline-returns-OK-response.frozen create mode 100644 cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-new-value-with-enabled-feature-instantaneousBaseline-returns-OK-response.yml create mode 100644 examples/v2/security-monitoring/ValidateSecurityMonitoringRule_2609327779.rb diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index eea8d903b4de..26c85bdd70bf 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -47358,6 +47358,8 @@ components: properties: forgetAfter: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter' + instantaneousBaseline: + $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline' learningDuration: $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningDuration' learningMethod: @@ -47383,6 +47385,13 @@ components: - TWO_WEEKS - THREE_WEEKS - FOUR_WEEKS + SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline: + description: When set to true, Datadog uses previous values that fall within + the defined learning window to construct the baseline, enabling the system + to establish an accurate baseline more rapidly rather than relying solely + on gradual learning over time. + example: false + type: boolean SecurityMonitoringRuleNewValueOptionsLearningDuration: default: 0 description: 'The duration in days during which values are learned, and after diff --git a/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-new-value-with-enabled-feature-instantaneousBaseline-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-new-value-with-enabled-feature-instantaneousBaseline-returns-OK-response.frozen new file mode 100644 index 000000000000..22633ada0a5f --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-new-value-with-enabled-feature-instantaneousBaseline-returns-OK-response.frozen @@ -0,0 +1 @@ +2025-12-10T08:37:17.537Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-new-value-with-enabled-feature-instantaneousBaseline-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-new-value-with-enabled-feature-instantaneousBaseline-returns-OK-response.yml new file mode 100644 index 000000000000..ab41fc876723 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-new-value-with-enabled-feature-instantaneousBaseline-returns-OK-response.yml @@ -0,0 +1,23 @@ +http_interactions: +- recorded_at: Wed, 10 Dec 2025 08:37:17 GMT + request: + body: + encoding: UTF-8 + string: '{"cases":[{"name":"","notifications":[],"status":"info"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My + security monitoring rule","name":"My security monitoring rule","options":{"detectionMethod":"new_value","evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"newValueOptions":{"forgetAfter":7,"instantaneousBaseline":true,"learningDuration":1,"learningMethod":"duration","learningThreshold":0}},"queries":[{"aggregation":"new_value","dataSource":"logs","distinctFields":[],"groupByFields":["@userIdentity.assumed_role"],"metric":"name","metrics":["name"],"name":"","query":"source:source_here"}],"tags":["env:prod","team:security"],"type":"log_detection"}' + headers: + Accept: + - '*/*' + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/validation + response: + body: + encoding: UTF-8 + string: '' + headers: {} + status: + code: 204 + message: No Content +recorded_with: VCR 6.0.0 diff --git a/examples/v2/security-monitoring/ValidateSecurityMonitoringRule_2609327779.rb b/examples/v2/security-monitoring/ValidateSecurityMonitoringRule_2609327779.rb new file mode 100644 index 000000000000..9e06438b2224 --- /dev/null +++ b/examples/v2/security-monitoring/ValidateSecurityMonitoringRule_2609327779.rb @@ -0,0 +1,54 @@ +# Validate a detection rule with detection method 'new_value' with enabled feature 'instantaneousBaseline' returns "OK" +response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +body = DatadogAPIClient::V2::SecurityMonitoringStandardRulePayload.new({ + cases: [ + DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({ + name: "", + status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO, + notifications: [], + }), + ], + has_extended_title: true, + is_enabled: true, + message: "My security monitoring rule", + name: "My security monitoring rule", + options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({ + evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::ZERO_MINUTES, + keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::FIVE_MINUTES, + max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::TEN_MINUTES, + detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::NEW_VALUE, + new_value_options: DatadogAPIClient::V2::SecurityMonitoringRuleNewValueOptions.new({ + forget_after: DatadogAPIClient::V2::SecurityMonitoringRuleNewValueOptionsForgetAfter::ONE_WEEK, + instantaneous_baseline: true, + learning_duration: DatadogAPIClient::V2::SecurityMonitoringRuleNewValueOptionsLearningDuration::ONE_DAY, + learning_threshold: DatadogAPIClient::V2::SecurityMonitoringRuleNewValueOptionsLearningThreshold::ZERO_OCCURRENCES, + learning_method: DatadogAPIClient::V2::SecurityMonitoringRuleNewValueOptionsLearningMethod::DURATION, + }), + }), + queries: [ + DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({ + query: "source:source_here", + group_by_fields: [ + "@userIdentity.assumed_role", + ], + distinct_fields: [], + metric: "name", + metrics: [ + "name", + ], + aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::NEW_VALUE, + name: "", + data_source: DatadogAPIClient::V2::SecurityMonitoringStandardDataSource::LOGS, + }), + ], + tags: [ + "env:prod", + "team:security", + ], + type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::LOG_DETECTION, +}) +api_instance.validate_security_monitoring_rule(body) diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 7dc352a7a4e9..fd887519d7ed 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -1797,6 +1797,13 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 OK + @team:DataDog/k9-cloud-security-platform + Scenario: Validate a detection rule with detection method 'new_value' with enabled feature 'instantaneousBaseline' returns "OK" response + Given new "ValidateSecurityMonitoringRule" request + And body with value {"cases":[{"name":"","status":"info","notifications":[]}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"detectionMethod":"new_value","newValueOptions":{"forgetAfter":7,"instantaneousBaseline":true,"learningDuration":1,"learningThreshold":0,"learningMethod":"duration"}},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"metric":"name","metrics":["name"],"aggregation":"new_value","name":"","dataSource":"logs"}],"tags":["env:prod","team:security"],"type":"log_detection"} + When the request is sent + Then the response status is 204 OK + @team:DataDog/k9-cloud-security-platform Scenario: Validate a detection rule with detection method 'sequence_detection' returns "OK" response Given new "ValidateSecurityMonitoringRule" request diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_new_value_options.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_new_value_options.rb index c492dcb63777..77e2f4d09add 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_rule_new_value_options.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_new_value_options.rb @@ -24,6 +24,9 @@ class SecurityMonitoringRuleNewValueOptions # The duration in days after which a learned value is forgotten. attr_accessor :forget_after + # When set to true, Datadog uses previous values that fall within the defined learning window to construct the baseline, enabling the system to establish an accurate baseline more rapidly rather than relying solely on gradual learning over time. + attr_accessor :instantaneous_baseline + # The duration in days during which values are learned, and after which signals will be generated for values that # weren't learned. If set to 0, a signal will be generated for all new values after the first value is learned. attr_accessor :learning_duration @@ -41,6 +44,7 @@ class SecurityMonitoringRuleNewValueOptions def self.attribute_map { :'forget_after' => :'forgetAfter', + :'instantaneous_baseline' => :'instantaneousBaseline', :'learning_duration' => :'learningDuration', :'learning_method' => :'learningMethod', :'learning_threshold' => :'learningThreshold' @@ -52,6 +56,7 @@ def self.attribute_map def self.openapi_types { :'forget_after' => :'SecurityMonitoringRuleNewValueOptionsForgetAfter', + :'instantaneous_baseline' => :'Boolean', :'learning_duration' => :'SecurityMonitoringRuleNewValueOptionsLearningDuration', :'learning_method' => :'SecurityMonitoringRuleNewValueOptionsLearningMethod', :'learning_threshold' => :'SecurityMonitoringRuleNewValueOptionsLearningThreshold' @@ -80,6 +85,10 @@ def initialize(attributes = {}) self.forget_after = attributes[:'forget_after'] end + if attributes.key?(:'instantaneous_baseline') + self.instantaneous_baseline = attributes[:'instantaneous_baseline'] + end + if attributes.key?(:'learning_duration') self.learning_duration = attributes[:'learning_duration'] end @@ -120,6 +129,7 @@ def ==(o) return true if self.equal?(o) self.class == o.class && forget_after == o.forget_after && + instantaneous_baseline == o.instantaneous_baseline && learning_duration == o.learning_duration && learning_method == o.learning_method && learning_threshold == o.learning_threshold && @@ -130,7 +140,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [forget_after, learning_duration, learning_method, learning_threshold, additional_properties].hash + [forget_after, instantaneous_baseline, learning_duration, learning_method, learning_threshold, additional_properties].hash end end end