Add referenceTables field to security monitoring endpoints (#2170)

Co-authored-by: ci.datadog-api-spec <[email protected]>
DataDog · Sep 30, 2024 · 91579c5 · 91579c5
1 parent df7db0d
commit 91579c5
Show file tree

Hide file tree

Showing 19 changed files with 211 additions and 10 deletions.
diff --git a/.apigentools-info b/.apigentools-info
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-09-30 14:37:33.886944",
-            "spec_repo_commit": "60bc9127"
+            "regenerated": "2024-09-30 19:44:29.650607",
+            "spec_repo_commit": "909e369c"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-09-30 14:37:33.900686",
-            "spec_repo_commit": "60bc9127"
+            "regenerated": "2024-09-30 19:44:29.664206",
+            "spec_repo_commit": "909e369c"
         }
     }
 }
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -19089,6 +19089,25 @@ components:
         meta:
           $ref: '#/components/schemas/ResponseMetaAttributes'
       type: object
+    SecurityMonitoringReferenceTable:
+      description: Reference table for the rule.
+      properties:
+        checkPresence:
+          description: Whether to include or exclude the matched values.
+          type: boolean
+        columnName:
+          description: The name of the column in the reference table.
+          type: string
+        logFieldPath:
+          description: The field in the log to match against the reference table.
+          type: string
+        ruleQueryName:
+          description: The name of the rule query to apply the reference table to.
+          type: string
+        tableName:
+          description: The name of the reference table.
+          type: string
+      type: object
     SecurityMonitoringRuleCase:
       description: Case when signal is generated.
       properties:
@@ -19594,6 +19613,11 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringRuleQuery'
           type: array
+        referenceTables:
+          description: Reference tables for the rule.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
+          type: array
         tags:
           description: Tags for generated signals.
           items:
@@ -20298,6 +20322,11 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
           type: array
+        referenceTables:
+          description: Reference tables for the rule.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
+          type: array
         tags:
           description: Tags for generated signals.
           example:
@@ -20365,6 +20394,11 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
           type: array
+        referenceTables:
+          description: Reference tables for the rule.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
+          type: array
         tags:
           description: Tags for generated signals.
           example:
@@ -20505,6 +20539,11 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
           type: array
+        referenceTables:
+          description: Reference tables for the rule.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
+          type: array
         tags:
           description: Tags for generated signals.
           items:
@@ -20569,6 +20608,11 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
           type: array
+        referenceTables:
+          description: Reference tables for the rule.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
+          type: array
         tags:
           description: Tags for generated signals.
           example:

diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst
@@ -8488,6 +8488,13 @@ datadog\_api\_client.v2.model.security\_monitoring\_list\_rules\_response module
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.security\_monitoring\_reference\_table module
+---------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_reference_table
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.security\_monitoring\_rule\_case module
 ---------------------------------------------------------------------
 

diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule.py b/examples/v2/security-monitoring/CreateSecurityMonitoringRule.py
@@ -4,6 +4,7 @@
 
 from datadog_api_client import ApiClient, Configuration
 from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable
 from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate
 from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import (
     SecurityMonitoringRuleEvaluationWindow,
@@ -52,6 +53,15 @@
     tags=[],
     is_enabled=True,
     type=SecurityMonitoringRuleTypeCreate.LOG_DETECTION,
+    reference_tables=[
+        SecurityMonitoringReferenceTable(
+            table_name="synthetics_test_reference_table_dont_delete",
+            column_name="value",
+            log_field_path="testtag",
+            check_presence=True,
+            rule_query_name="a",
+        ),
+    ],
 )
 
 configuration = Configuration()

diff --git a/src/datadog_api_client/v2/model/security_monitoring_reference_table.py b/src/datadog_api_client/v2/model/security_monitoring_reference_table.py
@@ -0,0 +1,72 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import Union
+
+from datadog_api_client.model_utils import (
+    ModelNormal,
+    cached_property,
+    unset,
+    UnsetType,
+)
+
+
+class SecurityMonitoringReferenceTable(ModelNormal):
+    @cached_property
+    def openapi_types(_):
+        return {
+            "check_presence": (bool,),
+            "column_name": (str,),
+            "log_field_path": (str,),
+            "rule_query_name": (str,),
+            "table_name": (str,),
+        }
+
+    attribute_map = {
+        "check_presence": "checkPresence",
+        "column_name": "columnName",
+        "log_field_path": "logFieldPath",
+        "rule_query_name": "ruleQueryName",
+        "table_name": "tableName",
+    }
+
+    def __init__(
+        self_,
+        check_presence: Union[bool, UnsetType] = unset,
+        column_name: Union[str, UnsetType] = unset,
+        log_field_path: Union[str, UnsetType] = unset,
+        rule_query_name: Union[str, UnsetType] = unset,
+        table_name: Union[str, UnsetType] = unset,
+        **kwargs,
+    ):
+        """
+        Reference table for the rule.
+
+        :param check_presence: Whether to include or exclude the matched values.
+        :type check_presence: bool, optional
+
+        :param column_name: The name of the column in the reference table.
+        :type column_name: str, optional
+
+        :param log_field_path: The field in the log to match against the reference table.
+        :type log_field_path: str, optional
+
+        :param rule_query_name: The name of the rule query to apply the reference table to.
+        :type rule_query_name: str, optional
+
+        :param table_name: The name of the reference table.
+        :type table_name: str, optional
+        """
+        if check_presence is not unset:
+            kwargs["check_presence"] = check_presence
+        if column_name is not unset:
+            kwargs["column_name"] = column_name
+        if log_field_path is not unset:
+            kwargs["log_field_path"] = log_field_path
+        if rule_query_name is not unset:
+            kwargs["rule_query_name"] = rule_query_name
+        if table_name is not unset:
+            kwargs["table_name"] = table_name
+        super().__init__(kwargs)
diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_convert_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_convert_payload.py
@@ -39,6 +39,9 @@ def __init__(self, **kwargs):
         :param queries: Queries for selecting logs which are part of the rule.
         :type queries: [SecurityMonitoringStandardRuleQuery]
 
+        :param reference_tables: Reference tables for the rule.
+        :type reference_tables: [SecurityMonitoringReferenceTable], optional
+
         :param tags: Tags for generated signals.
         :type tags: [str], optional
 

diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_create_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_create_payload.py
@@ -39,6 +39,9 @@ def __init__(self, **kwargs):
         :param queries: Queries for selecting logs which are part of the rule.
         :type queries: [SecurityMonitoringStandardRuleQuery]
 
+        :param reference_tables: Reference tables for the rule.
+        :type reference_tables: [SecurityMonitoringReferenceTable], optional
+
         :param tags: Tags for generated signals.
         :type tags: [str], optional
 

diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_response.py b/src/datadog_api_client/v2/model/security_monitoring_rule_response.py
@@ -63,6 +63,9 @@ def __init__(self, **kwargs):
         :param queries: Queries for selecting logs which are part of the rule.
         :type queries: [SecurityMonitoringStandardRuleQuery], optional
 
+        :param reference_tables: Reference tables for the rule.
+        :type reference_tables: [SecurityMonitoringReferenceTable], optional
+
         :param tags: Tags for generated signals.
         :type tags: [str], optional
 

diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_test_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_test_payload.py
@@ -39,6 +39,9 @@ def __init__(self, **kwargs):
         :param queries: Queries for selecting logs which are part of the rule.
         :type queries: [SecurityMonitoringStandardRuleQuery]
 
+        :param reference_tables: Reference tables for the rule.
+        :type reference_tables: [SecurityMonitoringReferenceTable], optional
+
         :param tags: Tags for generated signals.
         :type tags: [str], optional
 

diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_update_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_update_payload.py
@@ -21,6 +21,7 @@
     from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter
     from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions
     from datadog_api_client.v2.model.security_monitoring_rule_query import SecurityMonitoringRuleQuery
+    from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable
     from datadog_api_client.v2.model.security_monitoring_third_party_rule_case import (
         SecurityMonitoringThirdPartyRuleCase,
     )
@@ -44,6 +45,7 @@ def openapi_types(_):
         from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter
         from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions
         from datadog_api_client.v2.model.security_monitoring_rule_query import SecurityMonitoringRuleQuery
+        from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable
         from datadog_api_client.v2.model.security_monitoring_third_party_rule_case import (
             SecurityMonitoringThirdPartyRuleCase,
         )
@@ -58,6 +60,7 @@ def openapi_types(_):
             "name": (str,),
             "options": (SecurityMonitoringRuleOptions,),
             "queries": ([SecurityMonitoringRuleQuery],),
+            "reference_tables": ([SecurityMonitoringReferenceTable],),
             "tags": ([str],),
             "third_party_cases": ([SecurityMonitoringThirdPartyRuleCase],),
             "version": (int,),
@@ -73,6 +76,7 @@ def openapi_types(_):
         "name": "name",
         "options": "options",
         "queries": "queries",
+        "reference_tables": "referenceTables",
         "tags": "tags",
         "third_party_cases": "thirdPartyCases",
         "version": "version",
@@ -96,6 +100,7 @@ def __init__(
             ],
             UnsetType,
         ] = unset,
+        reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset,
         tags: Union[List[str], UnsetType] = unset,
         third_party_cases: Union[List[SecurityMonitoringThirdPartyRuleCase], UnsetType] = unset,
         version: Union[int, UnsetType] = unset,
@@ -131,6 +136,9 @@ def __init__(
         :param queries: Queries for selecting logs which are part of the rule.
         :type queries: [SecurityMonitoringRuleQuery], optional
 
+        :param reference_tables: Reference tables for the rule.
+        :type reference_tables: [SecurityMonitoringReferenceTable], optional
+
         :param tags: Tags for generated signals.
         :type tags: [str], optional
 
@@ -158,6 +166,8 @@ def __init__(
             kwargs["options"] = options
         if queries is not unset:
             kwargs["queries"] = queries
+        if reference_tables is not unset:
+            kwargs["reference_tables"] = reference_tables
         if tags is not unset:
             kwargs["tags"] = tags
         if third_party_cases is not unset:

diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_validate_payload.py b/src/datadog_api_client/v2/model/security_monitoring_rule_validate_payload.py
@@ -39,6 +39,9 @@ def __init__(self, **kwargs):
         :param queries: Queries for selecting logs which are part of the rule.
         :type queries: [SecurityMonitoringStandardRuleQuery]
 
+        :param reference_tables: Reference tables for the rule.
+        :type reference_tables: [SecurityMonitoringReferenceTable], optional
+
         :param tags: Tags for generated signals.
         :type tags: [str], optional
 

diff --git a/src/datadog_api_client/v2/model/security_monitoring_standard_rule_create_payload.py b/src/datadog_api_client/v2/model/security_monitoring_standard_rule_create_payload.py
@@ -18,6 +18,7 @@
     from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter
     from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions
     from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery
+    from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable
     from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import (
         SecurityMonitoringThirdPartyRuleCaseCreate,
     )
@@ -33,6 +34,7 @@ def openapi_types(_):
         from datadog_api_client.v2.model.security_monitoring_standard_rule_query import (
             SecurityMonitoringStandardRuleQuery,
         )
+        from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable
         from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import (
             SecurityMonitoringThirdPartyRuleCaseCreate,
         )
@@ -47,6 +49,7 @@ def openapi_types(_):
             "name": (str,),
             "options": (SecurityMonitoringRuleOptions,),
             "queries": ([SecurityMonitoringStandardRuleQuery],),
+            "reference_tables": ([SecurityMonitoringReferenceTable],),
             "tags": ([str],),
             "third_party_cases": ([SecurityMonitoringThirdPartyRuleCaseCreate],),
             "type": (SecurityMonitoringRuleTypeCreate,),
@@ -61,6 +64,7 @@ def openapi_types(_):
         "name": "name",
         "options": "options",
         "queries": "queries",
+        "reference_tables": "referenceTables",
         "tags": "tags",
         "third_party_cases": "thirdPartyCases",
         "type": "type",
@@ -76,6 +80,7 @@ def __init__(
         queries: List[SecurityMonitoringStandardRuleQuery],
         filters: Union[List[SecurityMonitoringFilter], UnsetType] = unset,
         has_extended_title: Union[bool, UnsetType] = unset,
+        reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset,
         tags: Union[List[str], UnsetType] = unset,
         third_party_cases: Union[List[SecurityMonitoringThirdPartyRuleCaseCreate], UnsetType] = unset,
         type: Union[SecurityMonitoringRuleTypeCreate, UnsetType] = unset,
@@ -108,6 +113,9 @@ def __init__(
         :param queries: Queries for selecting logs which are part of the rule.
         :type queries: [SecurityMonitoringStandardRuleQuery]
 
+        :param reference_tables: Reference tables for the rule.
+        :type reference_tables: [SecurityMonitoringReferenceTable], optional
+
         :param tags: Tags for generated signals.
         :type tags: [str], optional
 
@@ -121,6 +129,8 @@ def __init__(
             kwargs["filters"] = filters
         if has_extended_title is not unset:
             kwargs["has_extended_title"] = has_extended_title
+        if reference_tables is not unset:
+            kwargs["reference_tables"] = reference_tables
         if tags is not unset:
             kwargs["tags"] = tags
         if third_party_cases is not unset: