From 0340c89b161bb5f31a703be687e60bc00ed6a748 Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Thu, 17 Jul 2025 09:23:32 +0000 Subject: [PATCH] Regenerate client from commit 31a6042 of spec repo --- .generated-info | 4 +- .generator/schemas/v2/openapi.yaml | 15 +++++++ docs/datadog_api_client.v2.model.rst | 7 ++++ ...CreateSecurityMonitoringRule_1965169892.py | 9 ++++ ...ity_monitoring_rule_case_action_options.py | 25 ++++++++++- ...ule_case_action_options_flagged_ip_type.py | 42 +++++++++++++++++++ ...curity_monitoring_rule_case_action_type.py | 5 ++- src/datadog_api_client/v2/models/__init__.py | 4 ++ tests/v2/features/security_monitoring.feature | 2 +- 9 files changed, 107 insertions(+), 6 deletions(-) create mode 100644 src/datadog_api_client/v2/model/security_monitoring_rule_case_action_options_flagged_ip_type.py diff --git a/.generated-info b/.generated-info index c1a6078cee..376161602e 100644 --- a/.generated-info +++ b/.generated-info @@ -1,4 +1,4 @@ { - "spec_repo_commit": "2ffdc3f", - "generated": "2025-07-16 19:14:29.962" + "spec_repo_commit": "31a6042", + "generated": "2025-07-17 09:23:32.838" } diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 2ee20dab08..238cfbd19d 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -33903,9 +33903,22 @@ components: format: int64 minimum: 0 type: integer + flaggedIPType: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptionsFlaggedIPType' userBehaviorName: $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptionsUserBehaviorName' type: object + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType: + description: Used with the case action of type 'flag_ip'. The value specified + in this field is applied as a flag to the IPs addresses. + enum: + - SUSPICIOUS + - FLAGGED + example: FLAGGED + type: string + x-enum-varnames: + - SUSPICIOUS + - FLAGGED SecurityMonitoringRuleCaseActionOptionsUserBehaviorName: description: Used with the case action of type 'user_behavior'. The value specified in this field is applied as a risk tag to all users affected by the rule. @@ -33916,11 +33929,13 @@ components: - block_ip - block_user - user_behavior + - flag_ip type: string x-enum-varnames: - BLOCK_IP - BLOCK_USER - USER_BEHAVIOR + - FLAG_IP SecurityMonitoringRuleCaseCreate: description: Case when signal is generated. properties: diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index bb00f446e8..725345f10b 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -14774,6 +14774,13 @@ datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_action\_options :members: :show-inheritance: +datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_action\_options\_flagged\_ip\_type module +--------------------------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_case_action_options_flagged_ip_type + :members: + :show-inheritance: + datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_action\_type module ----------------------------------------------------------------------------------- diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.py b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.py index a520d80969..0a3a83bf77 100644 --- a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.py +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.py @@ -8,6 +8,9 @@ from datadog_api_client.v2.model.security_monitoring_rule_case_action_options import ( SecurityMonitoringRuleCaseActionOptions, ) +from datadog_api_client.v2.model.security_monitoring_rule_case_action_options_flagged_ip_type import ( + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType, +) from datadog_api_client.v2.model.security_monitoring_rule_case_action_type import SecurityMonitoringRuleCaseActionType from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate from datadog_api_client.v2.model.security_monitoring_rule_detection_method import SecurityMonitoringRuleDetectionMethod @@ -63,6 +66,12 @@ user_behavior_name="behavior", ), ), + SecurityMonitoringRuleCaseAction( + type=SecurityMonitoringRuleCaseActionType.FLAG_IP, + options=SecurityMonitoringRuleCaseActionOptions( + flagged_ip_type=SecurityMonitoringRuleCaseActionOptionsFlaggedIPType.FLAGGED, + ), + ), ], ), ], diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_options.py b/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_options.py index fbc0067a25..8ecaa19e90 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_options.py +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_options.py @@ -3,7 +3,7 @@ # Copyright 2019-Present Datadog, Inc. from __future__ import annotations -from typing import Union +from typing import Union, TYPE_CHECKING from datadog_api_client.model_utils import ( ModelNormal, @@ -13,6 +13,12 @@ ) +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_rule_case_action_options_flagged_ip_type import ( + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType, + ) + + class SecurityMonitoringRuleCaseActionOptions(ModelNormal): validations = { "duration": { @@ -22,18 +28,28 @@ class SecurityMonitoringRuleCaseActionOptions(ModelNormal): @cached_property def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_rule_case_action_options_flagged_ip_type import ( + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType, + ) + return { "duration": (int,), + "flagged_ip_type": (SecurityMonitoringRuleCaseActionOptionsFlaggedIPType,), "user_behavior_name": (str,), } attribute_map = { "duration": "duration", + "flagged_ip_type": "flaggedIPType", "user_behavior_name": "userBehaviorName", } def __init__( - self_, duration: Union[int, UnsetType] = unset, user_behavior_name: Union[str, UnsetType] = unset, **kwargs + self_, + duration: Union[int, UnsetType] = unset, + flagged_ip_type: Union[SecurityMonitoringRuleCaseActionOptionsFlaggedIPType, UnsetType] = unset, + user_behavior_name: Union[str, UnsetType] = unset, + **kwargs, ): """ Options for the rule action @@ -41,11 +57,16 @@ def __init__( :param duration: Duration of the action in seconds. 0 indicates no expiration. :type duration: int, optional + :param flagged_ip_type: Used with the case action of type 'flag_ip'. The value specified in this field is applied as a flag to the IPs addresses. + :type flagged_ip_type: SecurityMonitoringRuleCaseActionOptionsFlaggedIPType, optional + :param user_behavior_name: Used with the case action of type 'user_behavior'. The value specified in this field is applied as a risk tag to all users affected by the rule. :type user_behavior_name: str, optional """ if duration is not unset: kwargs["duration"] = duration + if flagged_ip_type is not unset: + kwargs["flagged_ip_type"] = flagged_ip_type if user_behavior_name is not unset: kwargs["user_behavior_name"] = user_behavior_name super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_options_flagged_ip_type.py b/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_options_flagged_ip_type.py new file mode 100644 index 0000000000..b4e63f05b8 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_options_flagged_ip_type.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringRuleCaseActionOptionsFlaggedIPType(ModelSimple): + """ + Used with the case action of type 'flag_ip'. The value specified in this field is applied as a flag to the IPs addresses. + + :param value: Must be one of ["SUSPICIOUS", "FLAGGED"]. + :type value: str + """ + + allowed_values = { + "SUSPICIOUS", + "FLAGGED", + } + SUSPICIOUS: ClassVar["SecurityMonitoringRuleCaseActionOptionsFlaggedIPType"] + FLAGGED: ClassVar["SecurityMonitoringRuleCaseActionOptionsFlaggedIPType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringRuleCaseActionOptionsFlaggedIPType.SUSPICIOUS = SecurityMonitoringRuleCaseActionOptionsFlaggedIPType( + "SUSPICIOUS" +) +SecurityMonitoringRuleCaseActionOptionsFlaggedIPType.FLAGGED = SecurityMonitoringRuleCaseActionOptionsFlaggedIPType( + "FLAGGED" +) diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_type.py b/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_type.py index 40bf8729c3..e08597b004 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_type.py +++ b/src/datadog_api_client/v2/model/security_monitoring_rule_case_action_type.py @@ -16,7 +16,7 @@ class SecurityMonitoringRuleCaseActionType(ModelSimple): """ The action type. - :param value: Must be one of ["block_ip", "block_user", "user_behavior"]. + :param value: Must be one of ["block_ip", "block_user", "user_behavior", "flag_ip"]. :type value: str """ @@ -24,10 +24,12 @@ class SecurityMonitoringRuleCaseActionType(ModelSimple): "block_ip", "block_user", "user_behavior", + "flag_ip", } BLOCK_IP: ClassVar["SecurityMonitoringRuleCaseActionType"] BLOCK_USER: ClassVar["SecurityMonitoringRuleCaseActionType"] USER_BEHAVIOR: ClassVar["SecurityMonitoringRuleCaseActionType"] + FLAG_IP: ClassVar["SecurityMonitoringRuleCaseActionType"] @cached_property def openapi_types(_): @@ -39,3 +41,4 @@ def openapi_types(_): SecurityMonitoringRuleCaseActionType.BLOCK_IP = SecurityMonitoringRuleCaseActionType("block_ip") SecurityMonitoringRuleCaseActionType.BLOCK_USER = SecurityMonitoringRuleCaseActionType("block_user") SecurityMonitoringRuleCaseActionType.USER_BEHAVIOR = SecurityMonitoringRuleCaseActionType("user_behavior") +SecurityMonitoringRuleCaseActionType.FLAG_IP = SecurityMonitoringRuleCaseActionType("flag_ip") diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 4393a7caee..7aa2c7ca3b 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -2885,6 +2885,9 @@ from datadog_api_client.v2.model.security_monitoring_rule_case_action_options import ( SecurityMonitoringRuleCaseActionOptions, ) +from datadog_api_client.v2.model.security_monitoring_rule_case_action_options_flagged_ip_type import ( + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType, +) from datadog_api_client.v2.model.security_monitoring_rule_case_action_type import SecurityMonitoringRuleCaseActionType from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate from datadog_api_client.v2.model.security_monitoring_rule_convert_payload import SecurityMonitoringRuleConvertPayload @@ -5704,6 +5707,7 @@ "SecurityMonitoringRuleCase", "SecurityMonitoringRuleCaseAction", "SecurityMonitoringRuleCaseActionOptions", + "SecurityMonitoringRuleCaseActionOptionsFlaggedIPType", "SecurityMonitoringRuleCaseActionType", "SecurityMonitoringRuleCaseCreate", "SecurityMonitoringRuleConvertPayload", diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index 1ec6ed14e5..beffeae8be 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -225,7 +225,7 @@ Feature: Security Monitoring @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule with type 'application_security 'returns "OK" response Given new "CreateSecurityMonitoringRule" request - And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}, {"type":"user_behavior","options":{"userBehaviorName":"behavior"}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]} + And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}, {"type":"user_behavior","options":{"userBehaviorName":"behavior"}},{"type":"flag_ip","options":{"flaggedIPType":"FLAGGED"}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]} When the request is sent Then the response status is 200 OK And the response "name" is equal to "{{ unique }}_appsec_rule"