From 100ce22d848b53fd1ca31a41814313695039f646 Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Fri, 8 Aug 2025 12:08:35 +0000 Subject: [PATCH] Regenerate client from commit d02c8a3 of spec repo --- .generated-info | 4 +- .generator/schemas/v2/openapi.yaml | 69 ++++++ ...reateSecurityMonitoringRule_868881438.java | 68 ++++++ .../SecurityMonitoringRuleUpdatePayload.java | 92 +++++++- .../SecurityMonitoringSchedulingOptions.java | 199 ++++++++++++++++++ ...tyMonitoringStandardRuleCreatePayload.java | 92 +++++++- ...SecurityMonitoringStandardRulePayload.java | 92 +++++++- .../SecurityMonitoringStandardRuleQuery.java | 31 +++ ...ecurityMonitoringStandardRuleResponse.java | 92 +++++++- ...rityMonitoringStandardRuleTestPayload.java | 92 +++++++- ..._detection_rule_returns_OK_response.freeze | 1 + ...ed_detection_rule_returns_OK_response.json | 53 +++++ ..._rrule_returns_Bad_Request_response.freeze | 1 + ...ut_rrule_returns_Bad_Request_response.json | 32 +++ .../client/v2/api/security_monitoring.feature | 18 ++ 15 files changed, 929 insertions(+), 7 deletions(-) create mode 100644 examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.java create mode 100644 src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSchedulingOptions.java create mode 100644 src/test/resources/cassettes/features/v2/Create_a_scheduled_detection_rule_returns_OK_response.freeze create mode 100644 src/test/resources/cassettes/features/v2/Create_a_scheduled_detection_rule_returns_OK_response.json create mode 100644 src/test/resources/cassettes/features/v2/Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response.freeze create mode 100644 src/test/resources/cassettes/features/v2/Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response.json diff --git a/.generated-info b/.generated-info index b1098ff8ff5..ca089a8a821 100644 --- a/.generated-info +++ b/.generated-info @@ -1,4 +1,4 @@ { - "spec_repo_commit": "c5cca50", - "generated": "2025-08-07 18:04:36.602" + "spec_repo_commit": "d02c8a3", + "generated": "2025-08-08 12:08:35.449" } diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index a0599c01eb0..4f155402b7e 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -36336,6 +36336,12 @@ components: SecurityMonitoringRuleUpdatePayload: description: Update an existing rule. properties: + calculatedFields: + description: Calculated fields. Only allowed for scheduled rules - in other + words, when schedulingOptions is also defined. + items: + $ref: '#/components/schemas/CalculatedField' + type: array cases: description: Cases for generating signals. items: @@ -36392,6 +36398,8 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array + schedulingOptions: + $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions' tags: description: Tags for generated signals. items: @@ -36418,6 +36426,27 @@ components: - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload' - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload' - $ref: '#/components/schemas/CloudConfigurationRulePayload' + SecurityMonitoringSchedulingOptions: + description: Options for scheduled rules. When this field is present, the rule + runs based on the schedule. When absent, it runs real-time on ingested logs. + nullable: true + properties: + rrule: + description: Schedule for the rule queries, written in RRULE syntax. See + [RFC](https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html) + for syntax reference. + example: FREQ=HOURLY;INTERVAL=1; + type: string + start: + description: Start date for the schedule, in ISO 8601 format without timezone. + example: '2025-07-14T12:00:00' + type: string + timezone: + description: Time zone of the start date, in the [tz database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) + format. + example: America/New_York + type: string + type: object SecurityMonitoringSignal: description: Object description of a security signal. properties: @@ -37096,6 +37125,12 @@ components: SecurityMonitoringStandardRuleCreatePayload: description: Create a new rule. properties: + calculatedFields: + description: Calculated fields. Only allowed for scheduled rules - in other + words, when schedulingOptions is also defined. + items: + $ref: '#/components/schemas/CalculatedField' + type: array cases: description: Cases for generating signals. example: [] @@ -37148,6 +37183,8 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array + schedulingOptions: + $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions' tags: description: Tags for generated signals. example: @@ -37177,6 +37214,12 @@ components: SecurityMonitoringStandardRulePayload: description: The payload of a rule. properties: + calculatedFields: + description: Calculated fields. Only allowed for scheduled rules - in other + words, when schedulingOptions is also defined. + items: + $ref: '#/components/schemas/CalculatedField' + type: array cases: description: Cases for generating signals. example: [] @@ -37237,6 +37280,8 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array + schedulingOptions: + $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions' tags: description: Tags for generated signals. example: @@ -37293,6 +37338,14 @@ components: example: false readOnly: true type: boolean + index: + description: '**This field is currently unstable and might be removed in + a minor version upgrade.** + + The index to run the query on, if the `dataSource` is `logs`. Only used + for scheduled rules - in other words, when the `schedulingOptions` field + is present in the rule payload.' + type: string metric: deprecated: true description: '(Deprecated) The target field to aggregate over when using @@ -37320,6 +37373,12 @@ components: SecurityMonitoringStandardRuleResponse: description: Rule. properties: + calculatedFields: + description: Calculated fields. Only allowed for scheduled rules - in other + words, when schedulingOptions is also defined. + items: + $ref: '#/components/schemas/CalculatedField' + type: array cases: description: Cases for generating signals. items: @@ -37405,6 +37464,8 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array + schedulingOptions: + $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions' tags: description: Tags for generated signals. items: @@ -37436,6 +37497,12 @@ components: SecurityMonitoringStandardRuleTestPayload: description: The payload of a rule to test properties: + calculatedFields: + description: Calculated fields. Only allowed for scheduled rules - in other + words, when schedulingOptions is also defined. + items: + $ref: '#/components/schemas/CalculatedField' + type: array cases: description: Cases for generating signals. example: [] @@ -37488,6 +37555,8 @@ components: items: $ref: '#/components/schemas/SecurityMonitoringReferenceTable' type: array + schedulingOptions: + $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions' tags: description: Tags for generated signals. example: diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.java b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.java new file mode 100644 index 00000000000..5d530623af8 --- /dev/null +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.java @@ -0,0 +1,68 @@ +// Create a scheduled detection rule returns "OK" response + +import com.datadog.api.client.ApiClient; +import com.datadog.api.client.ApiException; +import com.datadog.api.client.v2.api.SecurityMonitoringApi; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseCreate; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleCreatePayload; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleEvaluationWindow; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleKeepAlive; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleMaxSignalDuration; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleOptions; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryAggregation; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleResponse; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleSeverity; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleTypeCreate; +import com.datadog.api.client.v2.model.SecurityMonitoringSchedulingOptions; +import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleCreatePayload; +import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleQuery; +import java.util.Collections; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = ApiClient.getDefaultApiClient(); + SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient); + + SecurityMonitoringRuleCreatePayload body = + new SecurityMonitoringRuleCreatePayload( + new SecurityMonitoringStandardRuleCreatePayload() + .name("Example-Security-Monitoring") + .queries( + Collections.singletonList( + new SecurityMonitoringStandardRuleQuery() + .query("@test:true") + .aggregation(SecurityMonitoringRuleQueryAggregation.COUNT) + .index("main"))) + .cases( + Collections.singletonList( + new SecurityMonitoringRuleCaseCreate() + .name("") + .status(SecurityMonitoringRuleSeverity.INFO) + .condition("a > 0"))) + .options( + new SecurityMonitoringRuleOptions() + .evaluationWindow(SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES) + .keepAlive(SecurityMonitoringRuleKeepAlive.ONE_HOUR) + .maxSignalDuration(SecurityMonitoringRuleMaxSignalDuration.ONE_DAY)) + .message("Test rule") + .isEnabled(true) + .type(SecurityMonitoringRuleTypeCreate.LOG_DETECTION) + .schedulingOptions( + new SecurityMonitoringSchedulingOptions() + .rrule("FREQ=HOURLY;INTERVAL=2;") + .start("2025-06-18T12:00:00") + .timezone("Europe/Paris"))); + + try { + SecurityMonitoringRuleResponse result = apiInstance.createSecurityMonitoringRule(body); + System.out.println(result); + } catch (ApiException e) { + System.err.println( + "Exception when calling SecurityMonitoringApi#createSecurityMonitoringRule"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleUpdatePayload.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleUpdatePayload.java index b4700dfaa34..c311e9ecc53 100644 --- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleUpdatePayload.java +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleUpdatePayload.java @@ -17,9 +17,11 @@ import java.util.List; import java.util.Map; import java.util.Objects; +import org.openapitools.jackson.nullable.JsonNullable; /** Update an existing rule. */ @JsonPropertyOrder({ + SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_CALCULATED_FIELDS, SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_CASES, SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_COMPLIANCE_SIGNAL_OPTIONS, SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_CUSTOM_MESSAGE, @@ -33,6 +35,7 @@ SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_OPTIONS, SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_QUERIES, SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_REFERENCE_TABLES, + SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_SCHEDULING_OPTIONS, SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_TAGS, SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_THIRD_PARTY_CASES, SecurityMonitoringRuleUpdatePayload.JSON_PROPERTY_VERSION @@ -41,6 +44,9 @@ value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") public class SecurityMonitoringRuleUpdatePayload { @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_CALCULATED_FIELDS = "calculatedFields"; + private List calculatedFields = null; + public static final String JSON_PROPERTY_CASES = "cases"; private List cases = null; @@ -80,6 +86,10 @@ public class SecurityMonitoringRuleUpdatePayload { public static final String JSON_PROPERTY_REFERENCE_TABLES = "referenceTables"; private List referenceTables = null; + public static final String JSON_PROPERTY_SCHEDULING_OPTIONS = "schedulingOptions"; + private JsonNullable schedulingOptions = + JsonNullable.undefined(); + public static final String JSON_PROPERTY_TAGS = "tags"; private List tags = null; @@ -89,6 +99,42 @@ public class SecurityMonitoringRuleUpdatePayload { public static final String JSON_PROPERTY_VERSION = "version"; private Integer version; + public SecurityMonitoringRuleUpdatePayload calculatedFields( + List calculatedFields) { + this.calculatedFields = calculatedFields; + for (CalculatedField item : calculatedFields) { + this.unparsed |= item.unparsed; + } + return this; + } + + public SecurityMonitoringRuleUpdatePayload addCalculatedFieldsItem( + CalculatedField calculatedFieldsItem) { + if (this.calculatedFields == null) { + this.calculatedFields = new ArrayList<>(); + } + this.calculatedFields.add(calculatedFieldsItem); + this.unparsed |= calculatedFieldsItem.unparsed; + return this; + } + + /** + * Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is + * also defined. + * + * @return calculatedFields + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_CALCULATED_FIELDS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public List getCalculatedFields() { + return calculatedFields; + } + + public void setCalculatedFields(List calculatedFields) { + this.calculatedFields = calculatedFields; + } + public SecurityMonitoringRuleUpdatePayload cases(List cases) { this.cases = cases; for (SecurityMonitoringRuleCase item : cases) { @@ -427,6 +473,42 @@ public void setReferenceTables(List referenceT this.referenceTables = referenceTables; } + public SecurityMonitoringRuleUpdatePayload schedulingOptions( + SecurityMonitoringSchedulingOptions schedulingOptions) { + this.schedulingOptions = + JsonNullable.of(schedulingOptions); + return this; + } + + /** + * Options for scheduled rules. When this field is present, the rule runs based on the schedule. + * When absent, it runs real-time on ingested logs. + * + * @return schedulingOptions + */ + @jakarta.annotation.Nullable + @JsonIgnore + public SecurityMonitoringSchedulingOptions getSchedulingOptions() { + return schedulingOptions.orElse(null); + } + + @JsonProperty(JSON_PROPERTY_SCHEDULING_OPTIONS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public JsonNullable getSchedulingOptions_JsonNullable() { + return schedulingOptions; + } + + @JsonProperty(JSON_PROPERTY_SCHEDULING_OPTIONS) + public void setSchedulingOptions_JsonNullable( + JsonNullable schedulingOptions) { + this.schedulingOptions = schedulingOptions; + } + + public void setSchedulingOptions(SecurityMonitoringSchedulingOptions schedulingOptions) { + this.schedulingOptions = + JsonNullable.of(schedulingOptions); + } + public SecurityMonitoringRuleUpdatePayload tags(List tags) { this.tags = tags; return this; @@ -569,7 +651,9 @@ public boolean equals(Object o) { } SecurityMonitoringRuleUpdatePayload securityMonitoringRuleUpdatePayload = (SecurityMonitoringRuleUpdatePayload) o; - return Objects.equals(this.cases, securityMonitoringRuleUpdatePayload.cases) + return Objects.equals( + this.calculatedFields, securityMonitoringRuleUpdatePayload.calculatedFields) + && Objects.equals(this.cases, securityMonitoringRuleUpdatePayload.cases) && Objects.equals( this.complianceSignalOptions, securityMonitoringRuleUpdatePayload.complianceSignalOptions) @@ -585,6 +669,8 @@ public boolean equals(Object o) { && Objects.equals(this.options, securityMonitoringRuleUpdatePayload.options) && Objects.equals(this.queries, securityMonitoringRuleUpdatePayload.queries) && Objects.equals(this.referenceTables, securityMonitoringRuleUpdatePayload.referenceTables) + && Objects.equals( + this.schedulingOptions, securityMonitoringRuleUpdatePayload.schedulingOptions) && Objects.equals(this.tags, securityMonitoringRuleUpdatePayload.tags) && Objects.equals(this.thirdPartyCases, securityMonitoringRuleUpdatePayload.thirdPartyCases) && Objects.equals(this.version, securityMonitoringRuleUpdatePayload.version) @@ -595,6 +681,7 @@ public boolean equals(Object o) { @Override public int hashCode() { return Objects.hash( + calculatedFields, cases, complianceSignalOptions, customMessage, @@ -608,6 +695,7 @@ public int hashCode() { options, queries, referenceTables, + schedulingOptions, tags, thirdPartyCases, version, @@ -618,6 +706,7 @@ public int hashCode() { public String toString() { StringBuilder sb = new StringBuilder(); sb.append("class SecurityMonitoringRuleUpdatePayload {\n"); + sb.append(" calculatedFields: ").append(toIndentedString(calculatedFields)).append("\n"); sb.append(" cases: ").append(toIndentedString(cases)).append("\n"); sb.append(" complianceSignalOptions: ") .append(toIndentedString(complianceSignalOptions)) @@ -633,6 +722,7 @@ public String toString() { sb.append(" options: ").append(toIndentedString(options)).append("\n"); sb.append(" queries: ").append(toIndentedString(queries)).append("\n"); sb.append(" referenceTables: ").append(toIndentedString(referenceTables)).append("\n"); + sb.append(" schedulingOptions: ").append(toIndentedString(schedulingOptions)).append("\n"); sb.append(" tags: ").append(toIndentedString(tags)).append("\n"); sb.append(" thirdPartyCases: ").append(toIndentedString(thirdPartyCases)).append("\n"); sb.append(" version: ").append(toIndentedString(version)).append("\n"); diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSchedulingOptions.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSchedulingOptions.java new file mode 100644 index 00000000000..5d5c38c3c1d --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSchedulingOptions.java @@ -0,0 +1,199 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** + * Options for scheduled rules. When this field is present, the rule runs based on the schedule. + * When absent, it runs real-time on ingested logs. + */ +@JsonPropertyOrder({ + SecurityMonitoringSchedulingOptions.JSON_PROPERTY_RRULE, + SecurityMonitoringSchedulingOptions.JSON_PROPERTY_START, + SecurityMonitoringSchedulingOptions.JSON_PROPERTY_TIMEZONE +}) +@jakarta.annotation.Generated( + value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") +public class SecurityMonitoringSchedulingOptions { + @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_RRULE = "rrule"; + private String rrule; + + public static final String JSON_PROPERTY_START = "start"; + private String start; + + public static final String JSON_PROPERTY_TIMEZONE = "timezone"; + private String timezone; + + public SecurityMonitoringSchedulingOptions rrule(String rrule) { + this.rrule = rrule; + return this; + } + + /** + * Schedule for the rule queries, written in RRULE syntax. See RFC for syntax + * reference. + * + * @return rrule + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_RRULE) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getRrule() { + return rrule; + } + + public void setRrule(String rrule) { + this.rrule = rrule; + } + + public SecurityMonitoringSchedulingOptions start(String start) { + this.start = start; + return this; + } + + /** + * Start date for the schedule, in ISO 8601 format without timezone. + * + * @return start + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_START) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getStart() { + return start; + } + + public void setStart(String start) { + this.start = start; + } + + public SecurityMonitoringSchedulingOptions timezone(String timezone) { + this.timezone = timezone; + return this; + } + + /** + * Time zone of the start date, in the tz database format. + * + * @return timezone + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_TIMEZONE) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getTimezone() { + return timezone; + } + + public void setTimezone(String timezone) { + this.timezone = timezone; + } + + /** + * A container for additional, undeclared properties. This is a holder for any undeclared + * properties as specified with the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. If the property + * does not already exist, create it otherwise replace it. + * + * @param key The arbitrary key to set + * @param value The associated value + * @return SecurityMonitoringSchedulingOptions + */ + @JsonAnySetter + public SecurityMonitoringSchedulingOptions putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return The additional properties + */ + @JsonAnyGetter + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key The arbitrary key to get + * @return The specific additional property for the given key + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + /** Return true if this SecurityMonitoringSchedulingOptions object is equal to o. */ + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SecurityMonitoringSchedulingOptions securityMonitoringSchedulingOptions = + (SecurityMonitoringSchedulingOptions) o; + return Objects.equals(this.rrule, securityMonitoringSchedulingOptions.rrule) + && Objects.equals(this.start, securityMonitoringSchedulingOptions.start) + && Objects.equals(this.timezone, securityMonitoringSchedulingOptions.timezone) + && Objects.equals( + this.additionalProperties, securityMonitoringSchedulingOptions.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(rrule, start, timezone, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class SecurityMonitoringSchedulingOptions {\n"); + sb.append(" rrule: ").append(toIndentedString(rrule)).append("\n"); + sb.append(" start: ").append(toIndentedString(start)).append("\n"); + sb.append(" timezone: ").append(toIndentedString(timezone)).append("\n"); + sb.append(" additionalProperties: ") + .append(toIndentedString(additionalProperties)) + .append("\n"); + sb.append('}'); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleCreatePayload.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleCreatePayload.java index d19be324bee..ff42157f86c 100644 --- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleCreatePayload.java +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleCreatePayload.java @@ -18,9 +18,11 @@ import java.util.List; import java.util.Map; import java.util.Objects; +import org.openapitools.jackson.nullable.JsonNullable; /** Create a new rule. */ @JsonPropertyOrder({ + SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_CALCULATED_FIELDS, SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_CASES, SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_FILTERS, SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_GROUP_SIGNALS_BY, @@ -31,6 +33,7 @@ SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_OPTIONS, SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_QUERIES, SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_REFERENCE_TABLES, + SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_SCHEDULING_OPTIONS, SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_TAGS, SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_THIRD_PARTY_CASES, SecurityMonitoringStandardRuleCreatePayload.JSON_PROPERTY_TYPE @@ -39,6 +42,9 @@ value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") public class SecurityMonitoringStandardRuleCreatePayload { @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_CALCULATED_FIELDS = "calculatedFields"; + private List calculatedFields = null; + public static final String JSON_PROPERTY_CASES = "cases"; private List cases = new ArrayList<>(); @@ -69,6 +75,10 @@ public class SecurityMonitoringStandardRuleCreatePayload { public static final String JSON_PROPERTY_REFERENCE_TABLES = "referenceTables"; private List referenceTables = null; + public static final String JSON_PROPERTY_SCHEDULING_OPTIONS = "schedulingOptions"; + private JsonNullable schedulingOptions = + JsonNullable.undefined(); + public static final String JSON_PROPERTY_TAGS = "tags"; private List tags = null; @@ -100,6 +110,42 @@ public SecurityMonitoringStandardRuleCreatePayload( this.queries = queries; } + public SecurityMonitoringStandardRuleCreatePayload calculatedFields( + List calculatedFields) { + this.calculatedFields = calculatedFields; + for (CalculatedField item : calculatedFields) { + this.unparsed |= item.unparsed; + } + return this; + } + + public SecurityMonitoringStandardRuleCreatePayload addCalculatedFieldsItem( + CalculatedField calculatedFieldsItem) { + if (this.calculatedFields == null) { + this.calculatedFields = new ArrayList<>(); + } + this.calculatedFields.add(calculatedFieldsItem); + this.unparsed |= calculatedFieldsItem.unparsed; + return this; + } + + /** + * Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is + * also defined. + * + * @return calculatedFields + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_CALCULATED_FIELDS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public List getCalculatedFields() { + return calculatedFields; + } + + public void setCalculatedFields(List calculatedFields) { + this.calculatedFields = calculatedFields; + } + public SecurityMonitoringStandardRuleCreatePayload cases( List cases) { this.cases = cases; @@ -367,6 +413,42 @@ public void setReferenceTables(List referenceT this.referenceTables = referenceTables; } + public SecurityMonitoringStandardRuleCreatePayload schedulingOptions( + SecurityMonitoringSchedulingOptions schedulingOptions) { + this.schedulingOptions = + JsonNullable.of(schedulingOptions); + return this; + } + + /** + * Options for scheduled rules. When this field is present, the rule runs based on the schedule. + * When absent, it runs real-time on ingested logs. + * + * @return schedulingOptions + */ + @jakarta.annotation.Nullable + @JsonIgnore + public SecurityMonitoringSchedulingOptions getSchedulingOptions() { + return schedulingOptions.orElse(null); + } + + @JsonProperty(JSON_PROPERTY_SCHEDULING_OPTIONS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public JsonNullable getSchedulingOptions_JsonNullable() { + return schedulingOptions; + } + + @JsonProperty(JSON_PROPERTY_SCHEDULING_OPTIONS) + public void setSchedulingOptions_JsonNullable( + JsonNullable schedulingOptions) { + this.schedulingOptions = schedulingOptions; + } + + public void setSchedulingOptions(SecurityMonitoringSchedulingOptions schedulingOptions) { + this.schedulingOptions = + JsonNullable.of(schedulingOptions); + } + public SecurityMonitoringStandardRuleCreatePayload tags(List tags) { this.tags = tags; return this; @@ -514,7 +596,9 @@ public boolean equals(Object o) { } SecurityMonitoringStandardRuleCreatePayload securityMonitoringStandardRuleCreatePayload = (SecurityMonitoringStandardRuleCreatePayload) o; - return Objects.equals(this.cases, securityMonitoringStandardRuleCreatePayload.cases) + return Objects.equals( + this.calculatedFields, securityMonitoringStandardRuleCreatePayload.calculatedFields) + && Objects.equals(this.cases, securityMonitoringStandardRuleCreatePayload.cases) && Objects.equals(this.filters, securityMonitoringStandardRuleCreatePayload.filters) && Objects.equals( this.groupSignalsBy, securityMonitoringStandardRuleCreatePayload.groupSignalsBy) @@ -527,6 +611,8 @@ public boolean equals(Object o) { && Objects.equals(this.queries, securityMonitoringStandardRuleCreatePayload.queries) && Objects.equals( this.referenceTables, securityMonitoringStandardRuleCreatePayload.referenceTables) + && Objects.equals( + this.schedulingOptions, securityMonitoringStandardRuleCreatePayload.schedulingOptions) && Objects.equals(this.tags, securityMonitoringStandardRuleCreatePayload.tags) && Objects.equals( this.thirdPartyCases, securityMonitoringStandardRuleCreatePayload.thirdPartyCases) @@ -539,6 +625,7 @@ public boolean equals(Object o) { @Override public int hashCode() { return Objects.hash( + calculatedFields, cases, filters, groupSignalsBy, @@ -549,6 +636,7 @@ public int hashCode() { options, queries, referenceTables, + schedulingOptions, tags, thirdPartyCases, type, @@ -559,6 +647,7 @@ public int hashCode() { public String toString() { StringBuilder sb = new StringBuilder(); sb.append("class SecurityMonitoringStandardRuleCreatePayload {\n"); + sb.append(" calculatedFields: ").append(toIndentedString(calculatedFields)).append("\n"); sb.append(" cases: ").append(toIndentedString(cases)).append("\n"); sb.append(" filters: ").append(toIndentedString(filters)).append("\n"); sb.append(" groupSignalsBy: ").append(toIndentedString(groupSignalsBy)).append("\n"); @@ -569,6 +658,7 @@ public String toString() { sb.append(" options: ").append(toIndentedString(options)).append("\n"); sb.append(" queries: ").append(toIndentedString(queries)).append("\n"); sb.append(" referenceTables: ").append(toIndentedString(referenceTables)).append("\n"); + sb.append(" schedulingOptions: ").append(toIndentedString(schedulingOptions)).append("\n"); sb.append(" tags: ").append(toIndentedString(tags)).append("\n"); sb.append(" thirdPartyCases: ").append(toIndentedString(thirdPartyCases)).append("\n"); sb.append(" type: ").append(toIndentedString(type)).append("\n"); diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRulePayload.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRulePayload.java index 986ccf8310b..418cb8835b6 100644 --- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRulePayload.java +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRulePayload.java @@ -18,9 +18,11 @@ import java.util.List; import java.util.Map; import java.util.Objects; +import org.openapitools.jackson.nullable.JsonNullable; /** The payload of a rule. */ @JsonPropertyOrder({ + SecurityMonitoringStandardRulePayload.JSON_PROPERTY_CALCULATED_FIELDS, SecurityMonitoringStandardRulePayload.JSON_PROPERTY_CASES, SecurityMonitoringStandardRulePayload.JSON_PROPERTY_CUSTOM_MESSAGE, SecurityMonitoringStandardRulePayload.JSON_PROPERTY_CUSTOM_NAME, @@ -33,6 +35,7 @@ SecurityMonitoringStandardRulePayload.JSON_PROPERTY_OPTIONS, SecurityMonitoringStandardRulePayload.JSON_PROPERTY_QUERIES, SecurityMonitoringStandardRulePayload.JSON_PROPERTY_REFERENCE_TABLES, + SecurityMonitoringStandardRulePayload.JSON_PROPERTY_SCHEDULING_OPTIONS, SecurityMonitoringStandardRulePayload.JSON_PROPERTY_TAGS, SecurityMonitoringStandardRulePayload.JSON_PROPERTY_THIRD_PARTY_CASES, SecurityMonitoringStandardRulePayload.JSON_PROPERTY_TYPE @@ -41,6 +44,9 @@ value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") public class SecurityMonitoringStandardRulePayload { @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_CALCULATED_FIELDS = "calculatedFields"; + private List calculatedFields = null; + public static final String JSON_PROPERTY_CASES = "cases"; private List cases = new ArrayList<>(); @@ -77,6 +83,10 @@ public class SecurityMonitoringStandardRulePayload { public static final String JSON_PROPERTY_REFERENCE_TABLES = "referenceTables"; private List referenceTables = null; + public static final String JSON_PROPERTY_SCHEDULING_OPTIONS = "schedulingOptions"; + private JsonNullable schedulingOptions = + JsonNullable.undefined(); + public static final String JSON_PROPERTY_TAGS = "tags"; private List tags = null; @@ -108,6 +118,42 @@ public SecurityMonitoringStandardRulePayload( this.queries = queries; } + public SecurityMonitoringStandardRulePayload calculatedFields( + List calculatedFields) { + this.calculatedFields = calculatedFields; + for (CalculatedField item : calculatedFields) { + this.unparsed |= item.unparsed; + } + return this; + } + + public SecurityMonitoringStandardRulePayload addCalculatedFieldsItem( + CalculatedField calculatedFieldsItem) { + if (this.calculatedFields == null) { + this.calculatedFields = new ArrayList<>(); + } + this.calculatedFields.add(calculatedFieldsItem); + this.unparsed |= calculatedFieldsItem.unparsed; + return this; + } + + /** + * Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is + * also defined. + * + * @return calculatedFields + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_CALCULATED_FIELDS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public List getCalculatedFields() { + return calculatedFields; + } + + public void setCalculatedFields(List calculatedFields) { + this.calculatedFields = calculatedFields; + } + public SecurityMonitoringStandardRulePayload cases(List cases) { this.cases = cases; for (SecurityMonitoringRuleCaseCreate item : cases) { @@ -413,6 +459,42 @@ public void setReferenceTables(List referenceT this.referenceTables = referenceTables; } + public SecurityMonitoringStandardRulePayload schedulingOptions( + SecurityMonitoringSchedulingOptions schedulingOptions) { + this.schedulingOptions = + JsonNullable.of(schedulingOptions); + return this; + } + + /** + * Options for scheduled rules. When this field is present, the rule runs based on the schedule. + * When absent, it runs real-time on ingested logs. + * + * @return schedulingOptions + */ + @jakarta.annotation.Nullable + @JsonIgnore + public SecurityMonitoringSchedulingOptions getSchedulingOptions() { + return schedulingOptions.orElse(null); + } + + @JsonProperty(JSON_PROPERTY_SCHEDULING_OPTIONS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public JsonNullable getSchedulingOptions_JsonNullable() { + return schedulingOptions; + } + + @JsonProperty(JSON_PROPERTY_SCHEDULING_OPTIONS) + public void setSchedulingOptions_JsonNullable( + JsonNullable schedulingOptions) { + this.schedulingOptions = schedulingOptions; + } + + public void setSchedulingOptions(SecurityMonitoringSchedulingOptions schedulingOptions) { + this.schedulingOptions = + JsonNullable.of(schedulingOptions); + } + public SecurityMonitoringStandardRulePayload tags(List tags) { this.tags = tags; return this; @@ -559,7 +641,9 @@ public boolean equals(Object o) { } SecurityMonitoringStandardRulePayload securityMonitoringStandardRulePayload = (SecurityMonitoringStandardRulePayload) o; - return Objects.equals(this.cases, securityMonitoringStandardRulePayload.cases) + return Objects.equals( + this.calculatedFields, securityMonitoringStandardRulePayload.calculatedFields) + && Objects.equals(this.cases, securityMonitoringStandardRulePayload.cases) && Objects.equals(this.customMessage, securityMonitoringStandardRulePayload.customMessage) && Objects.equals(this.customName, securityMonitoringStandardRulePayload.customName) && Objects.equals(this.filters, securityMonitoringStandardRulePayload.filters) @@ -573,6 +657,8 @@ public boolean equals(Object o) { && Objects.equals(this.queries, securityMonitoringStandardRulePayload.queries) && Objects.equals( this.referenceTables, securityMonitoringStandardRulePayload.referenceTables) + && Objects.equals( + this.schedulingOptions, securityMonitoringStandardRulePayload.schedulingOptions) && Objects.equals(this.tags, securityMonitoringStandardRulePayload.tags) && Objects.equals( this.thirdPartyCases, securityMonitoringStandardRulePayload.thirdPartyCases) @@ -584,6 +670,7 @@ public boolean equals(Object o) { @Override public int hashCode() { return Objects.hash( + calculatedFields, cases, customMessage, customName, @@ -596,6 +683,7 @@ public int hashCode() { options, queries, referenceTables, + schedulingOptions, tags, thirdPartyCases, type, @@ -606,6 +694,7 @@ public int hashCode() { public String toString() { StringBuilder sb = new StringBuilder(); sb.append("class SecurityMonitoringStandardRulePayload {\n"); + sb.append(" calculatedFields: ").append(toIndentedString(calculatedFields)).append("\n"); sb.append(" cases: ").append(toIndentedString(cases)).append("\n"); sb.append(" customMessage: ").append(toIndentedString(customMessage)).append("\n"); sb.append(" customName: ").append(toIndentedString(customName)).append("\n"); @@ -618,6 +707,7 @@ public String toString() { sb.append(" options: ").append(toIndentedString(options)).append("\n"); sb.append(" queries: ").append(toIndentedString(queries)).append("\n"); sb.append(" referenceTables: ").append(toIndentedString(referenceTables)).append("\n"); + sb.append(" schedulingOptions: ").append(toIndentedString(schedulingOptions)).append("\n"); sb.append(" tags: ").append(toIndentedString(tags)).append("\n"); sb.append(" thirdPartyCases: ").append(toIndentedString(thirdPartyCases)).append("\n"); sb.append(" type: ").append(toIndentedString(type)).append("\n"); diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleQuery.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleQuery.java index 4542e6f0456..7b4504b31f7 100644 --- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleQuery.java +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleQuery.java @@ -26,6 +26,7 @@ SecurityMonitoringStandardRuleQuery.JSON_PROPERTY_DISTINCT_FIELDS, SecurityMonitoringStandardRuleQuery.JSON_PROPERTY_GROUP_BY_FIELDS, SecurityMonitoringStandardRuleQuery.JSON_PROPERTY_HAS_OPTIONAL_GROUP_BY_FIELDS, + SecurityMonitoringStandardRuleQuery.JSON_PROPERTY_INDEX, SecurityMonitoringStandardRuleQuery.JSON_PROPERTY_METRIC, SecurityMonitoringStandardRuleQuery.JSON_PROPERTY_METRICS, SecurityMonitoringStandardRuleQuery.JSON_PROPERTY_NAME, @@ -55,6 +56,9 @@ public class SecurityMonitoringStandardRuleQuery { "hasOptionalGroupByFields"; private Boolean hasOptionalGroupByFields; + public static final String JSON_PROPERTY_INDEX = "index"; + private String index; + public static final String JSON_PROPERTY_METRIC = "metric"; private String metric; @@ -211,6 +215,30 @@ public Boolean getHasOptionalGroupByFields() { return hasOptionalGroupByFields; } + public SecurityMonitoringStandardRuleQuery index(String index) { + this.index = index; + return this; + } + + /** + * This field is currently unstable and might be removed in a minor version + * upgrade. The index to run the query on, if the dataSource is logs + * . Only used for scheduled rules - in other words, when the schedulingOptions + * field is present in the rule payload. + * + * @return index + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_INDEX) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public String getIndex() { + return index; + } + + public void setIndex(String index) { + this.index = index; + } + public SecurityMonitoringStandardRuleQuery metric(String metric) { this.metric = metric; return this; @@ -375,6 +403,7 @@ public boolean equals(Object o) { && Objects.equals( this.hasOptionalGroupByFields, securityMonitoringStandardRuleQuery.hasOptionalGroupByFields) + && Objects.equals(this.index, securityMonitoringStandardRuleQuery.index) && Objects.equals(this.metric, securityMonitoringStandardRuleQuery.metric) && Objects.equals(this.metrics, securityMonitoringStandardRuleQuery.metrics) && Objects.equals(this.name, securityMonitoringStandardRuleQuery.name) @@ -392,6 +421,7 @@ public int hashCode() { distinctFields, groupByFields, hasOptionalGroupByFields, + index, metric, metrics, name, @@ -413,6 +443,7 @@ public String toString() { sb.append(" hasOptionalGroupByFields: ") .append(toIndentedString(hasOptionalGroupByFields)) .append("\n"); + sb.append(" index: ").append(toIndentedString(index)).append("\n"); sb.append(" metric: ").append(toIndentedString(metric)).append("\n"); sb.append(" metrics: ").append(toIndentedString(metrics)).append("\n"); sb.append(" name: ").append(toIndentedString(name)).append("\n"); diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleResponse.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleResponse.java index 13094791ec4..177ab69d92a 100644 --- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleResponse.java +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleResponse.java @@ -17,9 +17,11 @@ import java.util.List; import java.util.Map; import java.util.Objects; +import org.openapitools.jackson.nullable.JsonNullable; /** Rule. */ @JsonPropertyOrder({ + SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_CALCULATED_FIELDS, SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_CASES, SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_COMPLIANCE_SIGNAL_OPTIONS, SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_CREATED_AT, @@ -40,6 +42,7 @@ SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_OPTIONS, SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_QUERIES, SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_REFERENCE_TABLES, + SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_SCHEDULING_OPTIONS, SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_TAGS, SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_THIRD_PARTY_CASES, SecurityMonitoringStandardRuleResponse.JSON_PROPERTY_TYPE, @@ -51,6 +54,9 @@ value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") public class SecurityMonitoringStandardRuleResponse { @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_CALCULATED_FIELDS = "calculatedFields"; + private List calculatedFields = null; + public static final String JSON_PROPERTY_CASES = "cases"; private List cases = null; @@ -111,6 +117,10 @@ public class SecurityMonitoringStandardRuleResponse { public static final String JSON_PROPERTY_REFERENCE_TABLES = "referenceTables"; private List referenceTables = null; + public static final String JSON_PROPERTY_SCHEDULING_OPTIONS = "schedulingOptions"; + private JsonNullable schedulingOptions = + JsonNullable.undefined(); + public static final String JSON_PROPERTY_TAGS = "tags"; private List tags = null; @@ -129,6 +139,42 @@ public class SecurityMonitoringStandardRuleResponse { public static final String JSON_PROPERTY_VERSION = "version"; private Long version; + public SecurityMonitoringStandardRuleResponse calculatedFields( + List calculatedFields) { + this.calculatedFields = calculatedFields; + for (CalculatedField item : calculatedFields) { + this.unparsed |= item.unparsed; + } + return this; + } + + public SecurityMonitoringStandardRuleResponse addCalculatedFieldsItem( + CalculatedField calculatedFieldsItem) { + if (this.calculatedFields == null) { + this.calculatedFields = new ArrayList<>(); + } + this.calculatedFields.add(calculatedFieldsItem); + this.unparsed |= calculatedFieldsItem.unparsed; + return this; + } + + /** + * Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is + * also defined. + * + * @return calculatedFields + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_CALCULATED_FIELDS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public List getCalculatedFields() { + return calculatedFields; + } + + public void setCalculatedFields(List calculatedFields) { + this.calculatedFields = calculatedFields; + } + public SecurityMonitoringStandardRuleResponse cases(List cases) { this.cases = cases; for (SecurityMonitoringRuleCase item : cases) { @@ -624,6 +670,42 @@ public void setReferenceTables(List referenceT this.referenceTables = referenceTables; } + public SecurityMonitoringStandardRuleResponse schedulingOptions( + SecurityMonitoringSchedulingOptions schedulingOptions) { + this.schedulingOptions = + JsonNullable.of(schedulingOptions); + return this; + } + + /** + * Options for scheduled rules. When this field is present, the rule runs based on the schedule. + * When absent, it runs real-time on ingested logs. + * + * @return schedulingOptions + */ + @jakarta.annotation.Nullable + @JsonIgnore + public SecurityMonitoringSchedulingOptions getSchedulingOptions() { + return schedulingOptions.orElse(null); + } + + @JsonProperty(JSON_PROPERTY_SCHEDULING_OPTIONS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public JsonNullable getSchedulingOptions_JsonNullable() { + return schedulingOptions; + } + + @JsonProperty(JSON_PROPERTY_SCHEDULING_OPTIONS) + public void setSchedulingOptions_JsonNullable( + JsonNullable schedulingOptions) { + this.schedulingOptions = schedulingOptions; + } + + public void setSchedulingOptions(SecurityMonitoringSchedulingOptions schedulingOptions) { + this.schedulingOptions = + JsonNullable.of(schedulingOptions); + } + public SecurityMonitoringStandardRuleResponse tags(List tags) { this.tags = tags; return this; @@ -833,7 +915,9 @@ public boolean equals(Object o) { } SecurityMonitoringStandardRuleResponse securityMonitoringStandardRuleResponse = (SecurityMonitoringStandardRuleResponse) o; - return Objects.equals(this.cases, securityMonitoringStandardRuleResponse.cases) + return Objects.equals( + this.calculatedFields, securityMonitoringStandardRuleResponse.calculatedFields) + && Objects.equals(this.cases, securityMonitoringStandardRuleResponse.cases) && Objects.equals( this.complianceSignalOptions, securityMonitoringStandardRuleResponse.complianceSignalOptions) @@ -860,6 +944,8 @@ public boolean equals(Object o) { && Objects.equals(this.queries, securityMonitoringStandardRuleResponse.queries) && Objects.equals( this.referenceTables, securityMonitoringStandardRuleResponse.referenceTables) + && Objects.equals( + this.schedulingOptions, securityMonitoringStandardRuleResponse.schedulingOptions) && Objects.equals(this.tags, securityMonitoringStandardRuleResponse.tags) && Objects.equals( this.thirdPartyCases, securityMonitoringStandardRuleResponse.thirdPartyCases) @@ -875,6 +961,7 @@ public boolean equals(Object o) { @Override public int hashCode() { return Objects.hash( + calculatedFields, cases, complianceSignalOptions, createdAt, @@ -895,6 +982,7 @@ public int hashCode() { options, queries, referenceTables, + schedulingOptions, tags, thirdPartyCases, type, @@ -908,6 +996,7 @@ public int hashCode() { public String toString() { StringBuilder sb = new StringBuilder(); sb.append("class SecurityMonitoringStandardRuleResponse {\n"); + sb.append(" calculatedFields: ").append(toIndentedString(calculatedFields)).append("\n"); sb.append(" cases: ").append(toIndentedString(cases)).append("\n"); sb.append(" complianceSignalOptions: ") .append(toIndentedString(complianceSignalOptions)) @@ -930,6 +1019,7 @@ public String toString() { sb.append(" options: ").append(toIndentedString(options)).append("\n"); sb.append(" queries: ").append(toIndentedString(queries)).append("\n"); sb.append(" referenceTables: ").append(toIndentedString(referenceTables)).append("\n"); + sb.append(" schedulingOptions: ").append(toIndentedString(schedulingOptions)).append("\n"); sb.append(" tags: ").append(toIndentedString(tags)).append("\n"); sb.append(" thirdPartyCases: ").append(toIndentedString(thirdPartyCases)).append("\n"); sb.append(" type: ").append(toIndentedString(type)).append("\n"); diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleTestPayload.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleTestPayload.java index d0bab74404b..7fa3c3a4dce 100644 --- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleTestPayload.java +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringStandardRuleTestPayload.java @@ -18,9 +18,11 @@ import java.util.List; import java.util.Map; import java.util.Objects; +import org.openapitools.jackson.nullable.JsonNullable; /** The payload of a rule to test */ @JsonPropertyOrder({ + SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_CALCULATED_FIELDS, SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_CASES, SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_FILTERS, SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_GROUP_SIGNALS_BY, @@ -31,6 +33,7 @@ SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_OPTIONS, SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_QUERIES, SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_REFERENCE_TABLES, + SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_SCHEDULING_OPTIONS, SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_TAGS, SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_THIRD_PARTY_CASES, SecurityMonitoringStandardRuleTestPayload.JSON_PROPERTY_TYPE @@ -39,6 +42,9 @@ value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator") public class SecurityMonitoringStandardRuleTestPayload { @JsonIgnore public boolean unparsed = false; + public static final String JSON_PROPERTY_CALCULATED_FIELDS = "calculatedFields"; + private List calculatedFields = null; + public static final String JSON_PROPERTY_CASES = "cases"; private List cases = new ArrayList<>(); @@ -69,6 +75,10 @@ public class SecurityMonitoringStandardRuleTestPayload { public static final String JSON_PROPERTY_REFERENCE_TABLES = "referenceTables"; private List referenceTables = null; + public static final String JSON_PROPERTY_SCHEDULING_OPTIONS = "schedulingOptions"; + private JsonNullable schedulingOptions = + JsonNullable.undefined(); + public static final String JSON_PROPERTY_TAGS = "tags"; private List tags = null; @@ -100,6 +110,42 @@ public SecurityMonitoringStandardRuleTestPayload( this.queries = queries; } + public SecurityMonitoringStandardRuleTestPayload calculatedFields( + List calculatedFields) { + this.calculatedFields = calculatedFields; + for (CalculatedField item : calculatedFields) { + this.unparsed |= item.unparsed; + } + return this; + } + + public SecurityMonitoringStandardRuleTestPayload addCalculatedFieldsItem( + CalculatedField calculatedFieldsItem) { + if (this.calculatedFields == null) { + this.calculatedFields = new ArrayList<>(); + } + this.calculatedFields.add(calculatedFieldsItem); + this.unparsed |= calculatedFieldsItem.unparsed; + return this; + } + + /** + * Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is + * also defined. + * + * @return calculatedFields + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_CALCULATED_FIELDS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public List getCalculatedFields() { + return calculatedFields; + } + + public void setCalculatedFields(List calculatedFields) { + this.calculatedFields = calculatedFields; + } + public SecurityMonitoringStandardRuleTestPayload cases( List cases) { this.cases = cases; @@ -365,6 +411,42 @@ public void setReferenceTables(List referenceT this.referenceTables = referenceTables; } + public SecurityMonitoringStandardRuleTestPayload schedulingOptions( + SecurityMonitoringSchedulingOptions schedulingOptions) { + this.schedulingOptions = + JsonNullable.of(schedulingOptions); + return this; + } + + /** + * Options for scheduled rules. When this field is present, the rule runs based on the schedule. + * When absent, it runs real-time on ingested logs. + * + * @return schedulingOptions + */ + @jakarta.annotation.Nullable + @JsonIgnore + public SecurityMonitoringSchedulingOptions getSchedulingOptions() { + return schedulingOptions.orElse(null); + } + + @JsonProperty(JSON_PROPERTY_SCHEDULING_OPTIONS) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public JsonNullable getSchedulingOptions_JsonNullable() { + return schedulingOptions; + } + + @JsonProperty(JSON_PROPERTY_SCHEDULING_OPTIONS) + public void setSchedulingOptions_JsonNullable( + JsonNullable schedulingOptions) { + this.schedulingOptions = schedulingOptions; + } + + public void setSchedulingOptions(SecurityMonitoringSchedulingOptions schedulingOptions) { + this.schedulingOptions = + JsonNullable.of(schedulingOptions); + } + public SecurityMonitoringStandardRuleTestPayload tags(List tags) { this.tags = tags; return this; @@ -511,7 +593,9 @@ public boolean equals(Object o) { } SecurityMonitoringStandardRuleTestPayload securityMonitoringStandardRuleTestPayload = (SecurityMonitoringStandardRuleTestPayload) o; - return Objects.equals(this.cases, securityMonitoringStandardRuleTestPayload.cases) + return Objects.equals( + this.calculatedFields, securityMonitoringStandardRuleTestPayload.calculatedFields) + && Objects.equals(this.cases, securityMonitoringStandardRuleTestPayload.cases) && Objects.equals(this.filters, securityMonitoringStandardRuleTestPayload.filters) && Objects.equals( this.groupSignalsBy, securityMonitoringStandardRuleTestPayload.groupSignalsBy) @@ -524,6 +608,8 @@ public boolean equals(Object o) { && Objects.equals(this.queries, securityMonitoringStandardRuleTestPayload.queries) && Objects.equals( this.referenceTables, securityMonitoringStandardRuleTestPayload.referenceTables) + && Objects.equals( + this.schedulingOptions, securityMonitoringStandardRuleTestPayload.schedulingOptions) && Objects.equals(this.tags, securityMonitoringStandardRuleTestPayload.tags) && Objects.equals( this.thirdPartyCases, securityMonitoringStandardRuleTestPayload.thirdPartyCases) @@ -536,6 +622,7 @@ public boolean equals(Object o) { @Override public int hashCode() { return Objects.hash( + calculatedFields, cases, filters, groupSignalsBy, @@ -546,6 +633,7 @@ public int hashCode() { options, queries, referenceTables, + schedulingOptions, tags, thirdPartyCases, type, @@ -556,6 +644,7 @@ public int hashCode() { public String toString() { StringBuilder sb = new StringBuilder(); sb.append("class SecurityMonitoringStandardRuleTestPayload {\n"); + sb.append(" calculatedFields: ").append(toIndentedString(calculatedFields)).append("\n"); sb.append(" cases: ").append(toIndentedString(cases)).append("\n"); sb.append(" filters: ").append(toIndentedString(filters)).append("\n"); sb.append(" groupSignalsBy: ").append(toIndentedString(groupSignalsBy)).append("\n"); @@ -566,6 +655,7 @@ public String toString() { sb.append(" options: ").append(toIndentedString(options)).append("\n"); sb.append(" queries: ").append(toIndentedString(queries)).append("\n"); sb.append(" referenceTables: ").append(toIndentedString(referenceTables)).append("\n"); + sb.append(" schedulingOptions: ").append(toIndentedString(schedulingOptions)).append("\n"); sb.append(" tags: ").append(toIndentedString(tags)).append("\n"); sb.append(" thirdPartyCases: ").append(toIndentedString(thirdPartyCases)).append("\n"); sb.append(" type: ").append(toIndentedString(type)).append("\n"); diff --git a/src/test/resources/cassettes/features/v2/Create_a_scheduled_detection_rule_returns_OK_response.freeze b/src/test/resources/cassettes/features/v2/Create_a_scheduled_detection_rule_returns_OK_response.freeze new file mode 100644 index 00000000000..5c8f2a4f087 --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Create_a_scheduled_detection_rule_returns_OK_response.freeze @@ -0,0 +1 @@ +2025-07-31T07:48:27.113Z \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/Create_a_scheduled_detection_rule_returns_OK_response.json b/src/test/resources/cassettes/features/v2/Create_a_scheduled_detection_rule_returns_OK_response.json new file mode 100644 index 00000000000..acb009fec5a --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Create_a_scheduled_detection_rule_returns_OK_response.json @@ -0,0 +1,53 @@ +[ + { + "httpRequest": { + "body": { + "type": "JSON", + "json": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_scheduled_detection_rule_returns_OK_response-1753948107\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"index\":\"main\",\"query\":\"@test:true\"}],\"schedulingOptions\":{\"rrule\":\"FREQ=HOURLY;INTERVAL=2;\",\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"},\"tags\":[],\"type\":\"log_detection\"}" + }, + "headers": {}, + "method": "POST", + "path": "/api/v2/security_monitoring/rules", + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "body": "{\"name\":\"Test-Create_a_scheduled_detection_rule_returns_OK_response-1753948107\",\"createdAt\":1753948107557,\"isDefault\":false,\"isPartner\":false,\"isEnabled\":true,\"isBeta\":false,\"isDeleted\":false,\"isDeprecated\":false,\"queries\":[{\"query\":\"@test:true\",\"groupByFields\":[],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\",\"dataSource\":\"logs\",\"index\":\"main\"}],\"options\":{\"evaluationWindow\":900,\"detectionMethod\":\"threshold\",\"maxSignalDuration\":86400,\"keepAlive\":3600},\"cases\":[{\"name\":\"\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 0\"}],\"message\":\"Test rule\",\"tags\":[],\"hasExtendedTitle\":false,\"type\":\"log_detection\",\"filters\":[],\"version\":1,\"id\":\"8dd-els-oyn\",\"blocking\":false,\"metadata\":{\"entities\":null,\"sources\":null},\"creationAuthorId\":1445416,\"creator\":{\"handle\":\"frog@datadoghq.com\",\"name\":\"frog\"},\"updater\":{\"handle\":\"\",\"name\":\"\"},\"schedulingOptions\":{\"rrule\":\"FREQ=HOURLY;INTERVAL=2;\",\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"}}", + "headers": { + "Content-Type": [ + "application/json" + ] + }, + "statusCode": 200, + "reasonPhrase": "OK" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "65e5fd9c-f3ea-d6c4-2b6c-2fecaf3465a1" + }, + { + "httpRequest": { + "headers": {}, + "method": "DELETE", + "path": "/api/v2/security_monitoring/rules/8dd-els-oyn", + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "headers": {}, + "statusCode": 204, + "reasonPhrase": "No Content" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "9ba28a92-1a04-dada-8d9d-8beaa90e5bf7" + } +] \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response.freeze b/src/test/resources/cassettes/features/v2/Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response.freeze new file mode 100644 index 00000000000..74170d6acd0 --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response.freeze @@ -0,0 +1 @@ +2025-07-31T07:49:14.474Z \ No newline at end of file diff --git a/src/test/resources/cassettes/features/v2/Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response.json b/src/test/resources/cassettes/features/v2/Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response.json new file mode 100644 index 00000000000..3d2fe77b028 --- /dev/null +++ b/src/test/resources/cassettes/features/v2/Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response.json @@ -0,0 +1,32 @@ +[ + { + "httpRequest": { + "body": { + "type": "JSON", + "json": "{\"cases\":[{\"condition\":\"a > 0\",\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"filters\":[],\"isEnabled\":true,\"message\":\"Test rule\",\"name\":\"Test-Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response-1753948154\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"index\":\"main\",\"query\":\"@test:true\"}],\"schedulingOptions\":{\"start\":\"2025-06-18T12:00:00\",\"timezone\":\"Europe/Paris\"},\"tags\":[],\"type\":\"log_detection\"}" + }, + "headers": {}, + "method": "POST", + "path": "/api/v2/security_monitoring/rules", + "keepAlive": false, + "secure": true + }, + "httpResponse": { + "body": "{\"error\":{\"code\":\"InvalidArgument\",\"message\":\"Invalid rule configuration\",\"details\":[{\"code\":\"InvalidArgument\",\"message\":\"The RRULE schedule is invalid for scheduled rules\",\"target\":\"schedulingOptions.rrule\"}]}}", + "headers": { + "Content-Type": [ + "application/json" + ] + }, + "statusCode": 400, + "reasonPhrase": "Bad Request" + }, + "times": { + "remainingTimes": 1 + }, + "timeToLive": { + "unlimited": true + }, + "id": "d9e00af4-d106-73ad-b787-bc97f2c88023" + } +] \ No newline at end of file diff --git a/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature b/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature index 28df5a06446..3acea8148db 100644 --- a/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature +++ b/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature @@ -295,6 +295,24 @@ Feature: Security Monitoring When the request is sent Then the response status is 201 Successfully created the notification rule. + @team:DataDog/k9-cloud-security-platform + Scenario: Create a scheduled detection rule returns "OK" response + Given new "CreateSecurityMonitoringRule" request + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} + When the request is sent + Then the response status is 200 OK + And the response "name" is equal to "{{ unique }}" + And the response "type" is equal to "log_detection" + And the response "message" is equal to "Test rule" + And the response "schedulingOptions" is equal to {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"} + + @team:DataDog/k9-cloud-security-platform + Scenario: Create a scheduled rule without rrule returns "Bad Request" response + Given new "CreateSecurityMonitoringRule" request + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} + When the request is sent + Then the response status is 400 Bad Request + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Create a security filter returns "Bad Request" response Given new "CreateSecurityFilter" request