diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 922424a28dcb..f9a4ea8590d2 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -46991,6 +46991,14 @@ components: the queries to search signals in the signal explorer. example: env:staging status:low type: string + tags: + description: List of tags associated with the suppression rule. + example: + - technique:T1110-brute-force + - source:cloudtrail + items: + type: string + type: array update_date: description: A Unix millisecond timestamp given the update date of the suppression rule. @@ -47052,6 +47060,14 @@ components: same syntax as the queries to search signals in the Signals Explorer. example: env:staging status:low type: string + tags: + description: List of tags associated with the suppression rule. + example: + - technique:T1110-brute-force + - source:cloudtrail + items: + type: string + type: array required: - name - enabled @@ -47147,6 +47163,14 @@ components: the queries to search signals in the signal explorer. example: env:staging status:low type: string + tags: + description: List of tags associated with the suppression rule. + example: + - technique:T1110-brute-force + - source:cloudtrail + items: + type: string + type: array version: description: The current version of the suppression. This is optional, but it can help prevent concurrent modifications. diff --git a/cassettes/v2/Security-Monitoring_1187227211/Create-a-suppression-rule-returns-OK-response_1135731355/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Create-a-suppression-rule-returns-OK-response_1135731355/frozen.json index fa4e4bd6dbff..5a8dd760eccf 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Create-a-suppression-rule-returns-OK-response_1135731355/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Create-a-suppression-rule-returns-OK-response_1135731355/frozen.json @@ -1 +1 @@ -"2024-11-27T15:22:34.711Z" +"2025-11-07T12:27:25.514Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Create-a-suppression-rule-returns-OK-response_1135731355/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Create-a-suppression-rule-returns-OK-response_1135731355/recording.har index ffdc2d06003e..b30a8bbf9ef4 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Create-a-suppression-rule-returns-OK-response_1135731355/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Create-a-suppression-rule-returns-OK-response_1135731355/recording.har @@ -8,11 +8,11 @@ }, "entries": [ { - "_id": "935a1a23dd04eabbdc7d2dd3caa616f9", + "_id": "18b138fa5532048aaeca2cc970b03b98", "_order": 0, "cache": {}, "request": { - "bodySize": 372, + "bodySize": 431, "cookies": [], "headers": [ { @@ -26,23 +26,23 @@ "value": "application/json" } ], - "headersSize": 614, + "headersSize": 616, "httpVersion": "HTTP/1.1", "method": "POST", "postData": { "mimeType": "application/json", "params": [], - "text": "{\"data\":{\"attributes\":{\"description\":\"This rule suppresses low-severity signals in staging environments.\",\"enabled\":true,\"expiration_date\":1734535354000,\"name\":\"Test-Create_a_suppression_rule_returns_OK_response-1732720954\",\"rule_query\":\"type:log_detection source:cloudtrail\",\"start_date\":1733584954000,\"suppression_query\":\"env:staging status:low\"},\"type\":\"suppressions\"}}" + "text": "{\"data\":{\"attributes\":{\"description\":\"This rule suppresses low-severity signals in staging environments.\",\"enabled\":true,\"expiration_date\":1764332845000,\"name\":\"Test-Create_a_suppression_rule_returns_OK_response-1762518445\",\"rule_query\":\"type:log_detection source:cloudtrail\",\"start_date\":1763382445000,\"suppression_query\":\"env:staging status:low\",\"tags\":[\"technique:T1110-brute-force\",\"source:cloudtrail\"]},\"type\":\"suppressions\"}}" }, "queryString": [], "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" }, "response": { - "bodySize": 607, + "bodySize": 722, "content": { "mimeType": "application/vnd.api+json", - "size": 607, - "text": "{\"data\":{\"id\":\"ejv-ksi-r4j\",\"type\":\"suppressions\",\"attributes\":{\"creation_date\":1732720954868,\"creator\":{\"handle\":\"frog@datadoghq.com\",\"name\":\"\"},\"data_exclusion_query\":\"\",\"description\":\"This rule suppresses low-severity signals in staging environments.\",\"editable\":true,\"enabled\":true,\"expiration_date\":1734535354000,\"name\":\"Test-Create_a_suppression_rule_returns_OK_response-1732720954\",\"rule_query\":\"type:log_detection source:cloudtrail\",\"start_date\":1733584954000,\"suppression_query\":\"env:staging status:low\",\"update_date\":1732720954868,\"updater\":{\"handle\":\"frog@datadoghq.com\",\"name\":\"\"},\"version\":1}}}" + "size": 722, + "text": "{\"data\":{\"id\":\"oxk-jlo-pc8\",\"type\":\"suppressions\",\"attributes\":{\"creation_date\":1762518446390,\"creator\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"data_exclusion_query\":\"\",\"description\":\"This rule suppresses low-severity signals in staging environments.\",\"editable\":true,\"enabled\":true,\"expiration_date\":1764332845000,\"name\":\"Test-Create_a_suppression_rule_returns_OK_response-1762518445\",\"rule_query\":\"type:log_detection source:cloudtrail\",\"start_date\":1763382445000,\"suppression_query\":\"env:staging status:low\",\"tags\":[\"source:cloudtrail\",\"technique:T1110-brute-force\"],\"update_date\":1762518446390,\"updater\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"version\":1}}}" }, "cookies": [], "headers": [ @@ -57,11 +57,11 @@ "status": 200, "statusText": "OK" }, - "startedDateTime": "2024-11-27T15:22:34.717Z", - "time": 188 + "startedDateTime": "2025-11-07T12:27:26.149Z", + "time": 302 }, { - "_id": "b62286dc79a3ad3484cfc79401028e80", + "_id": "273543e67c610a4bb960dfa949ae3868", "_order": 0, "cache": {}, "request": { @@ -74,11 +74,11 @@ "value": "*/*" } ], - "headersSize": 562, + "headersSize": 564, "httpVersion": "HTTP/1.1", "method": "DELETE", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/ejv-ksi-r4j" + "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/oxk-jlo-pc8" }, "response": { "bodySize": 0, @@ -94,8 +94,8 @@ "status": 204, "statusText": "No Content" }, - "startedDateTime": "2024-11-27T15:22:34.912Z", - "time": 124 + "startedDateTime": "2025-11-07T12:27:26.458Z", + "time": 291 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Delete-a-suppression-rule-returns-OK-response_1910387314/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Delete-a-suppression-rule-returns-OK-response_1910387314/frozen.json index 11082a3e9455..b3cebc628cb6 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Delete-a-suppression-rule-returns-OK-response_1910387314/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Delete-a-suppression-rule-returns-OK-response_1910387314/frozen.json @@ -1 +1 @@ -"2024-05-10T16:34:39.853Z" +"2025-11-07T12:27:26.759Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Delete-a-suppression-rule-returns-OK-response_1910387314/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Delete-a-suppression-rule-returns-OK-response_1910387314/recording.har index ced1394ae52b..52877c7529cd 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Delete-a-suppression-rule-returns-OK-response_1910387314/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Delete-a-suppression-rule-returns-OK-response_1910387314/recording.har @@ -8,11 +8,11 @@ }, "entries": [ { - "_id": "e6655e94cb793ce14e5d1729209d0834", + "_id": "f181dcedeb3ebfdd020a40965b7229b2", "_order": 0, "cache": {}, "request": { - "bodySize": 275, + "bodySize": 334, "cookies": [], "headers": [ { @@ -32,36 +32,36 @@ "postData": { "mimeType": "application/json", "params": [], - "text": "{\"data\":{\"attributes\":{\"description\":\"Test-Delete_a_suppression_rule_returns_OK_response-1715358879\",\"enabled\":true,\"name\":\"Test-Delete_a_suppression_rule_returns_OK_response-1715358879\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\"},\"type\":\"suppressions\"}}" + "text": "{\"data\":{\"attributes\":{\"description\":\"Test-Delete_a_suppression_rule_returns_OK_response-1762518446\",\"enabled\":true,\"name\":\"Test-Delete_a_suppression_rule_returns_OK_response-1762518446\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"tags\":[\"technique:T1110-brute-force\",\"source:cloudtrail\"]},\"type\":\"suppressions\"}}" }, "queryString": [], "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" }, "response": { - "bodySize": 499, + "bodySize": 625, "content": { - "mimeType": "application/json", - "size": 499, - "text": "{\"data\":{\"id\":\"csf-zrg-af0\",\"attributes\":{\"name\":\"Test-Delete_a_suppression_rule_returns_OK_response-1715358879\",\"enabled\":true,\"description\":\"Test-Delete_a_suppression_rule_returns_OK_response-1715358879\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"data_exclusion_query\":\"\",\"version\":1,\"creation_date\":1715358880145,\"update_date\":1715358880145,\"creator\":{\"name\":null,\"handle\":\"frog@datadoghq.com\"},\"updater\":{\"name\":null,\"handle\":\"frog@datadoghq.com\"}},\"type\":\"suppressions\"}}\n" + "mimeType": "application/vnd.api+json", + "size": 625, + "text": "{\"data\":{\"id\":\"uea-lab-big\",\"type\":\"suppressions\",\"attributes\":{\"creation_date\":1762518447002,\"creator\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"data_exclusion_query\":\"\",\"description\":\"Test-Delete_a_suppression_rule_returns_OK_response-1762518446\",\"editable\":true,\"enabled\":true,\"name\":\"Test-Delete_a_suppression_rule_returns_OK_response-1762518446\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"tags\":[\"source:cloudtrail\",\"technique:T1110-brute-force\"],\"update_date\":1762518447002,\"updater\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"version\":1}}}" }, "cookies": [], "headers": [ { "name": "content-type", - "value": "application/json" + "value": "application/vnd.api+json" } ], - "headersSize": 655, + "headersSize": 662, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 200, "statusText": "OK" }, - "startedDateTime": "2024-05-10T16:34:39.855Z", - "time": 389 + "startedDateTime": "2025-11-07T12:27:26.761Z", + "time": 302 }, { - "_id": "ae7f3023a499f5415094584fbf12c187", + "_id": "2b54ce26df1a55f283769da4db5d8f64", "_order": 0, "cache": {}, "request": { @@ -78,32 +78,27 @@ "httpVersion": "HTTP/1.1", "method": "DELETE", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/csf-zrg-af0" + "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/uea-lab-big" }, "response": { "bodySize": 0, "content": { - "mimeType": "text/html; charset=utf-8", + "mimeType": "text/plain", "size": 0 }, "cookies": [], - "headers": [ - { - "name": "content-type", - "value": "text/html; charset=utf-8" - } - ], - "headersSize": 642, + "headers": [], + "headersSize": 601, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 204, "statusText": "No Content" }, - "startedDateTime": "2024-05-10T16:34:40.247Z", - "time": 371 + "startedDateTime": "2025-11-07T12:27:27.069Z", + "time": 276 }, { - "_id": "ae7f3023a499f5415094584fbf12c187", + "_id": "2b54ce26df1a55f283769da4db5d8f64", "_order": 1, "cache": {}, "request": { @@ -120,14 +115,14 @@ "httpVersion": "HTTP/1.1", "method": "DELETE", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/csf-zrg-af0" + "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/uea-lab-big" }, "response": { - "bodySize": 68, + "bodySize": 67, "content": { "mimeType": "application/json", - "size": 68, - "text": "{\"errors\":[\"not_found(Suppression with ID csf-zrg-af0 not found)\"]}\n" + "size": 67, + "text": "{\"errors\":[\"not_found(Suppression with ID uea-lab-big not found)\"]}" }, "cookies": [], "headers": [ @@ -136,14 +131,14 @@ "value": "application/json" } ], - "headersSize": 654, + "headersSize": 653, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 404, "statusText": "Not Found" }, - "startedDateTime": "2024-05-10T16:34:40.623Z", - "time": 328 + "startedDateTime": "2025-11-07T12:27:27.350Z", + "time": 274 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-a-suppression-rule-returns-OK-response_1191933161/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Get-a-suppression-rule-returns-OK-response_1191933161/frozen.json index 8bbdf6fe1873..642e7aa21d23 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Get-a-suppression-rule-returns-OK-response_1191933161/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-a-suppression-rule-returns-OK-response_1191933161/frozen.json @@ -1 +1 @@ -"2024-05-10T16:34:46.398Z" +"2025-11-07T12:27:27.654Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-a-suppression-rule-returns-OK-response_1191933161/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Get-a-suppression-rule-returns-OK-response_1191933161/recording.har index 681d9e488499..6bc30f73fccc 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Get-a-suppression-rule-returns-OK-response_1191933161/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-a-suppression-rule-returns-OK-response_1191933161/recording.har @@ -8,11 +8,11 @@ }, "entries": [ { - "_id": "28945bffc71e12faa466d32c8d968f4f", + "_id": "de8b198e3f08189dbac58243a23a6c6e", "_order": 0, "cache": {}, "request": { - "bodySize": 269, + "bodySize": 328, "cookies": [], "headers": [ { @@ -32,36 +32,36 @@ "postData": { "mimeType": "application/json", "params": [], - "text": "{\"data\":{\"attributes\":{\"description\":\"Test-Get_a_suppression_rule_returns_OK_response-1715358886\",\"enabled\":true,\"name\":\"Test-Get_a_suppression_rule_returns_OK_response-1715358886\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\"},\"type\":\"suppressions\"}}" + "text": "{\"data\":{\"attributes\":{\"description\":\"Test-Get_a_suppression_rule_returns_OK_response-1762518447\",\"enabled\":true,\"name\":\"Test-Get_a_suppression_rule_returns_OK_response-1762518447\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"tags\":[\"technique:T1110-brute-force\",\"source:cloudtrail\"]},\"type\":\"suppressions\"}}" }, "queryString": [], "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" }, "response": { - "bodySize": 493, + "bodySize": 619, "content": { - "mimeType": "application/json", - "size": 493, - "text": "{\"data\":{\"id\":\"ol3-0o2-rrp\",\"attributes\":{\"name\":\"Test-Get_a_suppression_rule_returns_OK_response-1715358886\",\"enabled\":true,\"description\":\"Test-Get_a_suppression_rule_returns_OK_response-1715358886\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"data_exclusion_query\":\"\",\"version\":1,\"creation_date\":1715358886671,\"update_date\":1715358886671,\"creator\":{\"name\":null,\"handle\":\"frog@datadoghq.com\"},\"updater\":{\"name\":null,\"handle\":\"frog@datadoghq.com\"}},\"type\":\"suppressions\"}}\n" + "mimeType": "application/vnd.api+json", + "size": 619, + "text": "{\"data\":{\"id\":\"ylq-igi-icg\",\"type\":\"suppressions\",\"attributes\":{\"creation_date\":1762518447901,\"creator\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"data_exclusion_query\":\"\",\"description\":\"Test-Get_a_suppression_rule_returns_OK_response-1762518447\",\"editable\":true,\"enabled\":true,\"name\":\"Test-Get_a_suppression_rule_returns_OK_response-1762518447\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"tags\":[\"source:cloudtrail\",\"technique:T1110-brute-force\"],\"update_date\":1762518447901,\"updater\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"version\":1}}}" }, "cookies": [], "headers": [ { "name": "content-type", - "value": "application/json" + "value": "application/vnd.api+json" } ], - "headersSize": 654, + "headersSize": 662, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 200, "statusText": "OK" }, - "startedDateTime": "2024-05-10T16:34:46.400Z", - "time": 364 + "startedDateTime": "2025-11-07T12:27:27.657Z", + "time": 304 }, { - "_id": "91fa7f69bb6b48bb85f01b00a1303869", + "_id": "e4ea82bb59631f7b73f1b145f01a869a", "_order": 0, "cache": {}, "request": { @@ -78,33 +78,33 @@ "httpVersion": "HTTP/1.1", "method": "GET", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/ol3-0o2-rrp" + "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/ylq-igi-icg" }, "response": { - "bodySize": 493, + "bodySize": 619, "content": { - "mimeType": "application/json", - "size": 493, - "text": "{\"data\":{\"id\":\"ol3-0o2-rrp\",\"attributes\":{\"name\":\"Test-Get_a_suppression_rule_returns_OK_response-1715358886\",\"enabled\":true,\"description\":\"Test-Get_a_suppression_rule_returns_OK_response-1715358886\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"data_exclusion_query\":\"\",\"version\":1,\"creation_date\":1715358886671,\"update_date\":1715358886671,\"creator\":{\"name\":null,\"handle\":\"frog@datadoghq.com\"},\"updater\":{\"name\":null,\"handle\":\"frog@datadoghq.com\"}},\"type\":\"suppressions\"}}\n" + "mimeType": "application/vnd.api+json", + "size": 619, + "text": "{\"data\":{\"id\":\"ylq-igi-icg\",\"type\":\"suppressions\",\"attributes\":{\"creation_date\":1762518447901,\"creator\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"data_exclusion_query\":\"\",\"description\":\"Test-Get_a_suppression_rule_returns_OK_response-1762518447\",\"editable\":true,\"enabled\":true,\"name\":\"Test-Get_a_suppression_rule_returns_OK_response-1762518447\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"tags\":[\"source:cloudtrail\",\"technique:T1110-brute-force\"],\"update_date\":1762518447901,\"updater\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"version\":1}}}" }, "cookies": [], "headers": [ { "name": "content-type", - "value": "application/json" + "value": "application/vnd.api+json" } ], - "headersSize": 654, + "headersSize": 662, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 200, "statusText": "OK" }, - "startedDateTime": "2024-05-10T16:34:46.770Z", - "time": 334 + "startedDateTime": "2025-11-07T12:27:27.967Z", + "time": 296 }, { - "_id": "d74f3ada6384c5d63983a320dda332ea", + "_id": "eb9719a899ec7157d4613899c802b2f0", "_order": 0, "cache": {}, "request": { @@ -121,29 +121,24 @@ "httpVersion": "HTTP/1.1", "method": "DELETE", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/ol3-0o2-rrp" + "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/ylq-igi-icg" }, "response": { "bodySize": 0, "content": { - "mimeType": "text/html; charset=utf-8", + "mimeType": "text/plain", "size": 0 }, "cookies": [], - "headers": [ - { - "name": "content-type", - "value": "text/html; charset=utf-8" - } - ], - "headersSize": 641, + "headers": [], + "headersSize": 601, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 204, "statusText": "No Content" }, - "startedDateTime": "2024-05-10T16:34:47.110Z", - "time": 358 + "startedDateTime": "2025-11-07T12:27:28.268Z", + "time": 301 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Update-a-suppression-rule-returns-OK-response_550028888/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Update-a-suppression-rule-returns-OK-response_550028888/frozen.json index 88c054671992..85daef9a1e6d 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Update-a-suppression-rule-returns-OK-response_550028888/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Update-a-suppression-rule-returns-OK-response_550028888/frozen.json @@ -1 +1 @@ -"2024-05-10T16:34:51.901Z" +"2025-11-07T12:27:28.613Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Update-a-suppression-rule-returns-OK-response_550028888/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Update-a-suppression-rule-returns-OK-response_550028888/recording.har index 42b5e9cfe2c1..30b2c2e6dadd 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Update-a-suppression-rule-returns-OK-response_550028888/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Update-a-suppression-rule-returns-OK-response_550028888/recording.har @@ -8,11 +8,11 @@ }, "entries": [ { - "_id": "5262b6a12de0ea76df58f1a3880f66a0", + "_id": "bb8c27c9c16b7adf78e298be963db101", "_order": 0, "cache": {}, "request": { - "bodySize": 275, + "bodySize": 334, "cookies": [], "headers": [ { @@ -26,42 +26,42 @@ "value": "application/json" } ], - "headersSize": 616, + "headersSize": 615, "httpVersion": "HTTP/1.1", "method": "POST", "postData": { "mimeType": "application/json", "params": [], - "text": "{\"data\":{\"attributes\":{\"description\":\"Test-Update_a_suppression_rule_returns_OK_response-1715358891\",\"enabled\":true,\"name\":\"Test-Update_a_suppression_rule_returns_OK_response-1715358891\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\"},\"type\":\"suppressions\"}}" + "text": "{\"data\":{\"attributes\":{\"description\":\"Test-Update_a_suppression_rule_returns_OK_response-1762518448\",\"enabled\":true,\"name\":\"Test-Update_a_suppression_rule_returns_OK_response-1762518448\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"tags\":[\"technique:T1110-brute-force\",\"source:cloudtrail\"]},\"type\":\"suppressions\"}}" }, "queryString": [], "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions" }, "response": { - "bodySize": 499, + "bodySize": 625, "content": { - "mimeType": "application/json", - "size": 499, - "text": "{\"data\":{\"id\":\"pej-nbn-ai7\",\"attributes\":{\"name\":\"Test-Update_a_suppression_rule_returns_OK_response-1715358891\",\"enabled\":true,\"description\":\"Test-Update_a_suppression_rule_returns_OK_response-1715358891\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"data_exclusion_query\":\"\",\"version\":1,\"creation_date\":1715358892289,\"update_date\":1715358892289,\"creator\":{\"name\":null,\"handle\":\"frog@datadoghq.com\"},\"updater\":{\"name\":null,\"handle\":\"frog@datadoghq.com\"}},\"type\":\"suppressions\"}}\n" + "mimeType": "application/vnd.api+json", + "size": 625, + "text": "{\"data\":{\"id\":\"uqt-hh6-qbq\",\"type\":\"suppressions\",\"attributes\":{\"creation_date\":1762518448839,\"creator\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"data_exclusion_query\":\"\",\"description\":\"Test-Update_a_suppression_rule_returns_OK_response-1762518448\",\"editable\":true,\"enabled\":true,\"name\":\"Test-Update_a_suppression_rule_returns_OK_response-1762518448\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:test\",\"tags\":[\"source:cloudtrail\",\"technique:T1110-brute-force\"],\"update_date\":1762518448839,\"updater\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"version\":1}}}" }, "cookies": [], "headers": [ { "name": "content-type", - "value": "application/json" + "value": "application/vnd.api+json" } ], - "headersSize": 654, + "headersSize": 662, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 200, "statusText": "OK" }, - "startedDateTime": "2024-05-10T16:34:51.905Z", - "time": 473 + "startedDateTime": "2025-11-07T12:27:28.615Z", + "time": 277 }, { - "_id": "ba1aaf9c7d61da151fa50d8744b39467", + "_id": "448c55e03daba9db29dadd5cdf04a54d", "_order": 0, "cache": {}, "request": { @@ -79,7 +79,7 @@ "value": "application/json" } ], - "headersSize": 628, + "headersSize": 627, "httpVersion": "HTTP/1.1", "method": "PATCH", "postData": { @@ -88,33 +88,33 @@ "text": "{\"data\":{\"attributes\":{\"suppression_query\":\"env:staging status:low\"},\"type\":\"suppressions\"}}" }, "queryString": [], - "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/pej-nbn-ai7" + "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/uqt-hh6-qbq" }, "response": { - "bodySize": 513, + "bodySize": 639, "content": { - "mimeType": "application/json", - "size": 513, - "text": "{\"data\":{\"id\":\"pej-nbn-ai7\",\"attributes\":{\"name\":\"Test-Update_a_suppression_rule_returns_OK_response-1715358891\",\"enabled\":true,\"description\":\"Test-Update_a_suppression_rule_returns_OK_response-1715358891\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:staging status:low\",\"data_exclusion_query\":\"\",\"version\":2,\"creation_date\":1715358892289,\"update_date\":1715358892759,\"creator\":{\"name\":null,\"handle\":\"frog@datadoghq.com\"},\"updater\":{\"name\":null,\"handle\":\"frog@datadoghq.com\"}},\"type\":\"suppressions\"}}\n" + "mimeType": "application/vnd.api+json", + "size": 639, + "text": "{\"data\":{\"id\":\"uqt-hh6-qbq\",\"type\":\"suppressions\",\"attributes\":{\"creation_date\":1762518448839,\"creator\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"data_exclusion_query\":\"\",\"description\":\"Test-Update_a_suppression_rule_returns_OK_response-1762518448\",\"editable\":true,\"enabled\":true,\"name\":\"Test-Update_a_suppression_rule_returns_OK_response-1762518448\",\"rule_query\":\"source:cloudtrail\",\"suppression_query\":\"env:staging status:low\",\"tags\":[\"source:cloudtrail\",\"technique:T1110-brute-force\"],\"update_date\":1762518449150,\"updater\":{\"handle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"name\":\"CI Account\"},\"version\":2}}}" }, "cookies": [], "headers": [ { "name": "content-type", - "value": "application/json" + "value": "application/vnd.api+json" } ], - "headersSize": 654, + "headersSize": 662, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 200, "statusText": "OK" }, - "startedDateTime": "2024-05-10T16:34:52.383Z", - "time": 470 + "startedDateTime": "2025-11-07T12:27:28.897Z", + "time": 426 }, { - "_id": "9b97de2e1171319ce6df8a3f8a830097", + "_id": "d894e2e47856f63696c88e4a1ef9a9be", "_order": 0, "cache": {}, "request": { @@ -127,33 +127,28 @@ "value": "*/*" } ], - "headersSize": 564, + "headersSize": 562, "httpVersion": "HTTP/1.1", "method": "DELETE", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/pej-nbn-ai7" + "url": "https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/uqt-hh6-qbq" }, "response": { "bodySize": 0, "content": { - "mimeType": "text/html; charset=utf-8", + "mimeType": "text/plain", "size": 0 }, "cookies": [], - "headers": [ - { - "name": "content-type", - "value": "text/html; charset=utf-8" - } - ], - "headersSize": 641, + "headers": [], + "headersSize": 601, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 204, "statusText": "No Content" }, - "startedDateTime": "2024-05-10T16:34:52.857Z", - "time": 472 + "startedDateTime": "2025-11-07T12:27:29.337Z", + "time": 299 } ], "pages": [], diff --git a/features/v2/given.json b/features/v2/given.json index 12852be0f21b..4ee7b3a6f955 100644 --- a/features/v2/given.json +++ b/features/v2/given.json @@ -967,7 +967,7 @@ "parameters": [ { "name": "body", - "value": "{\n \"data\": {\n \"type\": \"suppressions\",\n \"attributes\": {\n \"enabled\": true,\n \"name\": \"{{ unique }}\",\n \"description\": \"{{ unique }}\",\n \"rule_query\": \"source:cloudtrail\",\n \"suppression_query\": \"env:test\"\n }\n }\n}" + "value": "{\n \"data\": {\n \"type\": \"suppressions\",\n \"attributes\": {\n \"enabled\": true,\n \"name\": \"{{ unique }}\",\n \"description\": \"{{ unique }}\",\n \"rule_query\": \"source:cloudtrail\",\n \"suppression_query\": \"env:test\",\n \"tags\": [\"technique:T1110-brute-force\", \"source:cloudtrail\"]\n }\n }\n}" } ], "step": "there is a valid \"suppression\" in the system", diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 2937151efb2b..531c84c19c11 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -376,21 +376,21 @@ Feature: Security Monitoring @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Create a suppression rule returns "Bad Request" response Given new "CreateSecurityMonitoringSuppression" request - And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": ["technique:T1110-brute-force", "source:cloudtrail"]}, "type": "suppressions"}} When the request is sent Then the response status is 400 Bad Request @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Create a suppression rule returns "Conflict" response Given new "CreateSecurityMonitoringSuppression" request - And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": ["technique:T1110-brute-force", "source:cloudtrail"]}, "type": "suppressions"}} When the request is sent Then the response status is 409 Conflict @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Create a suppression rule returns "OK" response Given new "CreateSecurityMonitoringSuppression" request - And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "start_date": {{ timestamp('now + 10d') }}000, "expiration_date": {{ timestamp('now + 21d') }}000, "name": "{{ unique }}", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "start_date": {{ timestamp('now + 10d') }}000, "expiration_date": {{ timestamp('now + 21d') }}000, "name": "{{ unique }}", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low", "tags": ["technique:T1110-brute-force", "source:cloudtrail"]}, "type": "suppressions"}} When the request is sent Then the response status is 200 OK And the response "data.type" is equal to "suppressions" @@ -1474,7 +1474,7 @@ Feature: Security Monitoring Scenario: Update a suppression rule returns "Bad Request" response Given new "UpdateSecurityMonitoringSuppression" request And request contains "suppression_id" parameter from "REPLACE.ME" - And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": ["technique:T1110-brute-force", "source:cloudtrail"]}, "type": "suppressions"}} When the request is sent Then the response status is 400 Bad Request @@ -1482,7 +1482,7 @@ Feature: Security Monitoring Scenario: Update a suppression rule returns "Concurrent Modification" response Given new "UpdateSecurityMonitoringSuppression" request And request contains "suppression_id" parameter from "REPLACE.ME" - And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": ["technique:T1110-brute-force", "source:cloudtrail"]}, "type": "suppressions"}} When the request is sent Then the response status is 409 Concurrent Modification @@ -1490,7 +1490,7 @@ Feature: Security Monitoring Scenario: Update a suppression rule returns "Not Found" response Given new "UpdateSecurityMonitoringSuppression" request And request contains "suppression_id" parameter from "REPLACE.ME" - And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low"}, "type": "suppressions"}} + And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": ["technique:T1110-brute-force", "source:cloudtrail"]}, "type": "suppressions"}} When the request is sent Then the response status is 404 Not Found diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionAttributes.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionAttributes.ts index 5e23fd893132..dfe18b2afe55 100644 --- a/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionAttributes.ts +++ b/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionAttributes.ts @@ -50,6 +50,10 @@ export class SecurityMonitoringSuppressionAttributes { * The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. */ "suppressionQuery"?: string; + /** + * List of tags associated with the suppression rule. + */ + "tags"?: Array; /** * A Unix millisecond timestamp given the update date of the suppression rule. */ @@ -124,6 +128,10 @@ export class SecurityMonitoringSuppressionAttributes { baseName: "suppression_query", type: "string", }, + tags: { + baseName: "tags", + type: "Array", + }, updateDate: { baseName: "update_date", type: "number", diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionCreateAttributes.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionCreateAttributes.ts index 1831c4e87101..55dd68911a36 100644 --- a/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionCreateAttributes.ts +++ b/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionCreateAttributes.ts @@ -36,6 +36,10 @@ export class SecurityMonitoringSuppressionCreateAttributes { * The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer. */ "suppressionQuery"?: string; + /** + * List of tags associated with the suppression rule. + */ + "tags"?: Array; /** * A container for additional, undeclared properties. * This is a holder for any undeclared properties as specified with @@ -88,6 +92,10 @@ export class SecurityMonitoringSuppressionCreateAttributes { baseName: "suppression_query", type: "string", }, + tags: { + baseName: "tags", + type: "Array", + }, additionalProperties: { baseName: "additionalProperties", type: "{ [key: string]: any; }", diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionUpdateAttributes.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionUpdateAttributes.ts index b81491136529..b521ef0ad291 100644 --- a/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionUpdateAttributes.ts +++ b/services/security_monitoring/src/v2/models/SecurityMonitoringSuppressionUpdateAttributes.ts @@ -36,6 +36,10 @@ export class SecurityMonitoringSuppressionUpdateAttributes { * The suppression query of the suppression rule. If a signal matches this query, it is suppressed and not triggered. Same syntax as the queries to search signals in the signal explorer. */ "suppressionQuery"?: string; + /** + * List of tags associated with the suppression rule. + */ + "tags"?: Array; /** * The current version of the suppression. This is optional, but it can help prevent concurrent modifications. */ @@ -89,6 +93,10 @@ export class SecurityMonitoringSuppressionUpdateAttributes { baseName: "suppression_query", type: "string", }, + tags: { + baseName: "tags", + type: "Array", + }, version: { baseName: "version", type: "number",