diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 380a344138..d59e06fc9c 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -1023,6 +1023,13 @@ components: required: true schema: type: string + SecurityMonitoringCriticalAssetID: + description: The ID of the critical asset. + in: path + name: critical_asset_id + required: true + schema: + type: string SecurityMonitoringRuleID: description: The ID of the rule. in: path @@ -47935,6 +47942,236 @@ components: x-enum-varnames: - DONE - TIMEOUT + SecurityMonitoringCriticalAsset: + description: The critical asset's properties. + properties: + attributes: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetAttributes' + id: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetID' + type: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetType' + type: object + SecurityMonitoringCriticalAssetAttributes: + description: The attributes of the critical asset. + properties: + creation_author_id: + description: ID of user who created the critical asset. + example: 367742 + format: int64 + type: integer + creation_date: + description: A Unix millisecond timestamp given the creation date of the + critical asset. + format: int64 + type: integer + creator: + $ref: '#/components/schemas/SecurityMonitoringUser' + enabled: + description: Whether the critical asset is enabled. + example: true + type: boolean + query: + description: The query for the critical asset. It uses the same syntax as + the queries to search signals in the Signals Explorer. + example: security:monitoring + type: string + rule_query: + description: The rule query of the critical asset, with the same syntax + as the search bar for detection rules. This determines which rules this + critical asset will apply to. + example: type:log_detection source:cloudtrail + type: string + severity: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetSeverity' + tags: + description: List of tags associated with the critical asset. + example: + - team:database + - source:cloudtrail + items: + type: string + type: array + update_author_id: + description: ID of user who updated the critical asset. + example: 367743 + format: int64 + type: integer + update_date: + description: A Unix millisecond timestamp given the update date of the critical + asset. + format: int64 + type: integer + updater: + $ref: '#/components/schemas/SecurityMonitoringUser' + version: + description: The version of the critical asset; it starts at 1, and is incremented + at each update. + example: 2 + format: int32 + maximum: 2147483647 + type: integer + type: object + SecurityMonitoringCriticalAssetCreateAttributes: + description: Object containing the attributes of the critical asset to be created. + properties: + enabled: + description: Whether the critical asset is enabled. Defaults to `true` if + not specified. + example: true + type: boolean + query: + description: The query for the critical asset. It uses the same syntax as + the queries to search signals in the Signals Explorer. + example: security:monitoring + type: string + rule_query: + description: The rule query of the critical asset, with the same syntax + as the search bar for detection rules. This determines which rules this + critical asset will apply to. + example: type:(log_detection OR signal_correlation OR workload_security + OR application_security) source:cloudtrail + type: string + severity: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetSeverity' + tags: + description: List of tags associated with the critical asset. + example: + - team:database + - source:cloudtrail + items: + type: string + type: array + required: + - query + - severity + - rule_query + type: object + SecurityMonitoringCriticalAssetCreateData: + description: Object for a single critical asset. + properties: + attributes: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetCreateAttributes' + type: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetType' + required: + - type + - attributes + type: object + SecurityMonitoringCriticalAssetCreateRequest: + description: Request object that includes the critical asset that you would + like to create. + properties: + data: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetCreateData' + required: + - data + type: object + SecurityMonitoringCriticalAssetID: + description: The ID of the critical asset. + example: 4e2435a5-6670-4b8f-baff-46083cd1c250 + type: string + SecurityMonitoringCriticalAssetResponse: + description: Response object containing a single critical asset. + properties: + data: + $ref: '#/components/schemas/SecurityMonitoringCriticalAsset' + type: object + SecurityMonitoringCriticalAssetSeverity: + description: Severity associated with this critical asset. Either an explicit + severity can be set, or the severity can be increased or decreased. + enum: + - info + - low + - medium + - high + - critical + - increase + - decrease + example: increase + type: string + x-enum-varnames: + - INFO + - LOW + - MEDIUM + - HIGH + - CRITICAL + - INCREASE + - DECREASE + SecurityMonitoringCriticalAssetType: + default: critical_assets + description: The type of the resource. The value should always be `critical_assets`. + enum: + - critical_assets + example: critical_assets + type: string + x-enum-varnames: + - CRITICAL_ASSETS + SecurityMonitoringCriticalAssetUpdateAttributes: + description: The critical asset properties to be updated. + properties: + enabled: + description: Whether the critical asset is enabled. + example: true + type: boolean + query: + description: The query for the critical asset. It uses the same syntax as + the queries to search signals in the Signals Explorer. + example: security:monitoring + type: string + rule_query: + description: The rule query of the critical asset, with the same syntax + as the search bar for detection rules. This determines which rules this + critical asset will apply to. + example: type:log_detection source:cloudtrail + type: string + severity: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetSeverity' + tags: + description: List of tags associated with the critical asset. + example: + - technique:T1110-brute-force + - source:cloudtrail + items: + type: string + type: array + version: + description: The version of the critical asset being updated. Used for optimistic + locking to prevent concurrent modifications. + example: 1 + format: int32 + maximum: 2147483647 + type: integer + type: object + SecurityMonitoringCriticalAssetUpdateData: + description: The new critical asset properties; partial updates are supported. + properties: + attributes: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetUpdateAttributes' + type: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetType' + required: + - type + - attributes + type: object + SecurityMonitoringCriticalAssetUpdateRequest: + description: Request object containing the fields to update on the critical + asset. + properties: + data: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetUpdateData' + required: + - data + type: object + SecurityMonitoringCriticalAssetsResponse: + description: Response object containing the available critical assets. + properties: + data: + description: A list of critical assets objects. + items: + $ref: '#/components/schemas/SecurityMonitoringCriticalAsset' + type: array + type: object SecurityMonitoringFilter: description: The rule's suppression filter. properties: @@ -59591,6 +59828,8 @@ components: & unsubscribing from apps in the marketplace, and enabling & disabling Remote Configuration for the entire organization. security_comments_read: Read comments of vulnerabilities. + security_monitoring_critical_assets_read: Read Critical Assets. + security_monitoring_critical_assets_write: Write Critical Assets. security_monitoring_filters_read: Read Security Filters. security_monitoring_filters_write: Create, edit, and delete Security Filters. security_monitoring_findings_read: View a list of findings that include @@ -83925,6 +84164,184 @@ paths: operator: OR permissions: - security_monitoring_cws_agent_rules_write + /api/v2/security_monitoring/configuration/critical_assets: + get: + description: Get the list of all critical assets. + operationId: ListSecurityMonitoringCriticalAssets + parameters: + - description: Query string. + in: query + name: query + required: false + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetsResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_read + summary: Get all critical assets + tags: + - Security Monitoring + post: + description: Create a new critical asset. + operationId: CreateSecurityMonitoringCriticalAsset + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetCreateRequest' + description: The definition of the new critical asset. + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '409': + $ref: '#/components/responses/ConflictResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_write + summary: Create a critical asset + tags: + - Security Monitoring + x-codegen-request-body-name: body + /api/v2/security_monitoring/configuration/critical_assets/rules/{rule_id}: + get: + description: Get the list of critical assets that affect a specific existing + rule by the rule's ID. + operationId: GetCriticalAssetsAffectingRule + parameters: + - $ref: '#/components/parameters/SecurityMonitoringRuleID' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetsResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_read + summary: Get critical assets affecting a specific rule + tags: + - Security Monitoring + /api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}: + delete: + description: Delete a specific critical asset. + operationId: DeleteSecurityMonitoringCriticalAsset + parameters: + - $ref: '#/components/parameters/SecurityMonitoringCriticalAssetID' + responses: + '204': + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_write + summary: Delete a critical asset + tags: + - Security Monitoring + get: + description: Get the details of a specific critical asset. + operationId: GetSecurityMonitoringCriticalAsset + parameters: + - $ref: '#/components/parameters/SecurityMonitoringCriticalAssetID' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_read + summary: Get a critical asset + tags: + - Security Monitoring + patch: + description: Update a specific critical asset. + operationId: UpdateSecurityMonitoringCriticalAsset + parameters: + - $ref: '#/components/parameters/SecurityMonitoringCriticalAssetID' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetUpdateRequest' + description: New definition of the critical asset. Supports partial updates. + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SecurityMonitoringCriticalAssetResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '409': + $ref: '#/components/responses/ConcurrentModificationResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_critical_assets_write + summary: Update a critical asset + tags: + - Security Monitoring /api/v2/security_monitoring/configuration/security_filters: get: description: Get the list of configured security filters with their definitions. diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index e5cf6508c5..3cd0c838b3 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -21368,6 +21368,90 @@ datadog\_api\_client.v2.model.security\_findings\_status module :members: :show-inheritance: +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset module +-------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset\_attributes module +-------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset\_create\_attributes module +---------------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset_create_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset\_create\_data module +---------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset_create_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset\_create\_request module +------------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset_create_request + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset\_response module +------------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset\_severity module +------------------------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset_severity + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset\_type module +-------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset\_update\_attributes module +---------------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset_update_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset\_update\_data module +---------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset_update_data + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset\_update\_request module +------------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_asset_update_request + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.security\_monitoring\_critical\_assets\_response module +------------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.security_monitoring_critical_assets_response + :members: + :show-inheritance: + datadog\_api\_client.v2.model.security\_monitoring\_filter module ----------------------------------------------------------------- diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringCriticalAsset.py b/examples/v2/security-monitoring/CreateSecurityMonitoringCriticalAsset.py new file mode 100644 index 0000000000..bd9203a1a0 --- /dev/null +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringCriticalAsset.py @@ -0,0 +1,41 @@ +""" +Create a critical asset returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi +from datadog_api_client.v2.model.security_monitoring_critical_asset_create_attributes import ( + SecurityMonitoringCriticalAssetCreateAttributes, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_create_data import ( + SecurityMonitoringCriticalAssetCreateData, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_create_request import ( + SecurityMonitoringCriticalAssetCreateRequest, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import ( + SecurityMonitoringCriticalAssetSeverity, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_type import SecurityMonitoringCriticalAssetType + +body = SecurityMonitoringCriticalAssetCreateRequest( + data=SecurityMonitoringCriticalAssetCreateData( + type=SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS, + attributes=SecurityMonitoringCriticalAssetCreateAttributes( + query="host:examplesecuritymonitoring", + rule_query="type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail", + severity=SecurityMonitoringCriticalAssetSeverity.DECREASE, + tags=[ + "team:security", + "env:test", + ], + ), + ), +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.create_security_monitoring_critical_asset(body=body) + + print(response) diff --git a/examples/v2/security-monitoring/DeleteSecurityMonitoringCriticalAsset.py b/examples/v2/security-monitoring/DeleteSecurityMonitoringCriticalAsset.py new file mode 100644 index 0000000000..eaff90a7b0 --- /dev/null +++ b/examples/v2/security-monitoring/DeleteSecurityMonitoringCriticalAsset.py @@ -0,0 +1,17 @@ +""" +Delete a critical asset returns "OK" response +""" + +from os import environ +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +# there is a valid "critical_asset" in the system +CRITICAL_ASSET_DATA_ID = environ["CRITICAL_ASSET_DATA_ID"] + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + api_instance.delete_security_monitoring_critical_asset( + critical_asset_id=CRITICAL_ASSET_DATA_ID, + ) diff --git a/examples/v2/security-monitoring/GetCriticalAssetsAffectingRule.py b/examples/v2/security-monitoring/GetCriticalAssetsAffectingRule.py new file mode 100644 index 0000000000..3180f329f6 --- /dev/null +++ b/examples/v2/security-monitoring/GetCriticalAssetsAffectingRule.py @@ -0,0 +1,19 @@ +""" +Get critical assets affecting a specific rule returns "OK" response +""" + +from os import environ +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +# there is a valid "security_rule" in the system +SECURITY_RULE_ID = environ["SECURITY_RULE_ID"] + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.get_critical_assets_affecting_rule( + rule_id=SECURITY_RULE_ID, + ) + + print(response) diff --git a/examples/v2/security-monitoring/GetSecurityMonitoringCriticalAsset.py b/examples/v2/security-monitoring/GetSecurityMonitoringCriticalAsset.py new file mode 100644 index 0000000000..425b67a40c --- /dev/null +++ b/examples/v2/security-monitoring/GetSecurityMonitoringCriticalAsset.py @@ -0,0 +1,19 @@ +""" +Get a critical asset returns "OK" response +""" + +from os import environ +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +# there is a valid "critical_asset" in the system +CRITICAL_ASSET_DATA_ID = environ["CRITICAL_ASSET_DATA_ID"] + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.get_security_monitoring_critical_asset( + critical_asset_id=CRITICAL_ASSET_DATA_ID, + ) + + print(response) diff --git a/examples/v2/security-monitoring/ListSecurityMonitoringCriticalAssets.py b/examples/v2/security-monitoring/ListSecurityMonitoringCriticalAssets.py new file mode 100644 index 0000000000..0d99664c82 --- /dev/null +++ b/examples/v2/security-monitoring/ListSecurityMonitoringCriticalAssets.py @@ -0,0 +1,13 @@ +""" +Get all critical assets returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.list_security_monitoring_critical_assets() + + print(response) diff --git a/examples/v2/security-monitoring/UpdateSecurityMonitoringCriticalAsset.py b/examples/v2/security-monitoring/UpdateSecurityMonitoringCriticalAsset.py new file mode 100644 index 0000000000..ffa005831b --- /dev/null +++ b/examples/v2/security-monitoring/UpdateSecurityMonitoringCriticalAsset.py @@ -0,0 +1,48 @@ +""" +Update a critical asset returns "OK" response +""" + +from os import environ +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi +from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import ( + SecurityMonitoringCriticalAssetSeverity, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_type import SecurityMonitoringCriticalAssetType +from datadog_api_client.v2.model.security_monitoring_critical_asset_update_attributes import ( + SecurityMonitoringCriticalAssetUpdateAttributes, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_update_data import ( + SecurityMonitoringCriticalAssetUpdateData, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_update_request import ( + SecurityMonitoringCriticalAssetUpdateRequest, +) + +# there is a valid "critical_asset" in the system +CRITICAL_ASSET_DATA_ID = environ["CRITICAL_ASSET_DATA_ID"] + +body = SecurityMonitoringCriticalAssetUpdateRequest( + data=SecurityMonitoringCriticalAssetUpdateData( + type=SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS, + attributes=SecurityMonitoringCriticalAssetUpdateAttributes( + enabled=False, + query="no:alert", + rule_query="type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq", + severity=SecurityMonitoringCriticalAssetSeverity.DECREASE, + tags=[ + "env:production", + ], + version=1, + ), + ), +) + +configuration = Configuration() +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.update_security_monitoring_critical_asset( + critical_asset_id=CRITICAL_ASSET_DATA_ID, body=body + ) + + print(response) diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index c82b51ace0..c0d6a922e5 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -64,6 +64,18 @@ from datadog_api_client.v2.model.vulnerability_tool import VulnerabilityTool from datadog_api_client.v2.model.vulnerability_ecosystem import VulnerabilityEcosystem from datadog_api_client.v2.model.list_vulnerable_assets_response import ListVulnerableAssetsResponse +from datadog_api_client.v2.model.security_monitoring_critical_assets_response import ( + SecurityMonitoringCriticalAssetsResponse, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_response import ( + SecurityMonitoringCriticalAssetResponse, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_create_request import ( + SecurityMonitoringCriticalAssetCreateRequest, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_update_request import ( + SecurityMonitoringCriticalAssetUpdateRequest, +) from datadog_api_client.v2.model.security_filters_response import SecurityFiltersResponse from datadog_api_client.v2.model.security_filter_response import SecurityFilterResponse from datadog_api_client.v2.model.security_filter_create_request import SecurityFilterCreateRequest @@ -346,6 +358,26 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._create_security_monitoring_critical_asset_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringCriticalAssetResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/critical_assets", + "operation_id": "create_security_monitoring_critical_asset", + "http_method": "POST", + "version": "v2", + }, + params_map={ + "body": { + "required": True, + "openapi_types": (SecurityMonitoringCriticalAssetCreateRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + self._create_security_monitoring_rule_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringRuleResponse,), @@ -478,6 +510,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._delete_security_monitoring_critical_asset_endpoint = _Endpoint( + settings={ + "response_type": None, + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}", + "operation_id": "delete_security_monitoring_critical_asset", + "http_method": "DELETE", + "version": "v2", + }, + params_map={ + "critical_asset_id": { + "required": True, + "openapi_types": (str,), + "attribute": "critical_asset_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["*/*"], + }, + api_client=api_client, + ) + self._delete_security_monitoring_rule_endpoint = _Endpoint( settings={ "response_type": None, @@ -691,6 +746,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._get_critical_assets_affecting_rule_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringCriticalAssetsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/critical_assets/rules/{rule_id}", + "operation_id": "get_critical_assets_affecting_rule", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "rule_id": { + "required": True, + "openapi_types": (str,), + "attribute": "rule_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._get_custom_framework_endpoint = _Endpoint( settings={ "response_type": (GetCustomFrameworkResponse,), @@ -894,6 +972,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._get_security_monitoring_critical_asset_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringCriticalAssetResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}", + "operation_id": "get_security_monitoring_critical_asset", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "critical_asset_id": { + "required": True, + "openapi_types": (str,), + "attribute": "critical_asset_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._get_security_monitoring_histsignal_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringSignalResponse,), @@ -1506,6 +1607,28 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._list_security_monitoring_critical_assets_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringCriticalAssetsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/critical_assets", + "operation_id": "list_security_monitoring_critical_assets", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "query": { + "openapi_types": (str,), + "attribute": "query", + "location": "query", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._list_security_monitoring_histsignals_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringSignalsListResponse,), @@ -2318,6 +2441,32 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._update_security_monitoring_critical_asset_endpoint = _Endpoint( + settings={ + "response_type": (SecurityMonitoringCriticalAssetResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}", + "operation_id": "update_security_monitoring_critical_asset", + "http_method": "PATCH", + "version": "v2", + }, + params_map={ + "critical_asset_id": { + "required": True, + "openapi_types": (str,), + "attribute": "critical_asset_id", + "location": "path", + }, + "body": { + "required": True, + "openapi_types": (SecurityMonitoringCriticalAssetUpdateRequest,), + "location": "body", + }, + }, + headers_map={"accept": ["application/json"], "content_type": ["application/json"]}, + api_client=api_client, + ) + self._update_security_monitoring_rule_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringRuleResponse,), @@ -2603,6 +2752,23 @@ def create_security_filter( return self._create_security_filter_endpoint.call_with_http_info(**kwargs) + def create_security_monitoring_critical_asset( + self, + body: SecurityMonitoringCriticalAssetCreateRequest, + ) -> SecurityMonitoringCriticalAssetResponse: + """Create a critical asset. + + Create a new critical asset. + + :param body: The definition of the new critical asset. + :type body: SecurityMonitoringCriticalAssetCreateRequest + :rtype: SecurityMonitoringCriticalAssetResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["body"] = body + + return self._create_security_monitoring_critical_asset_endpoint.call_with_http_info(**kwargs) + def create_security_monitoring_rule( self, body: Union[ @@ -2716,6 +2882,23 @@ def delete_security_filter( return self._delete_security_filter_endpoint.call_with_http_info(**kwargs) + def delete_security_monitoring_critical_asset( + self, + critical_asset_id: str, + ) -> None: + """Delete a critical asset. + + Delete a specific critical asset. + + :param critical_asset_id: The ID of the critical asset. + :type critical_asset_id: str + :rtype: None + """ + kwargs: Dict[str, Any] = {} + kwargs["critical_asset_id"] = critical_asset_id + + return self._delete_security_monitoring_critical_asset_endpoint.call_with_http_info(**kwargs) + def delete_security_monitoring_rule( self, rule_id: str, @@ -2884,6 +3067,23 @@ def edit_security_monitoring_signal_state( return self._edit_security_monitoring_signal_state_endpoint.call_with_http_info(**kwargs) + def get_critical_assets_affecting_rule( + self, + rule_id: str, + ) -> SecurityMonitoringCriticalAssetsResponse: + """Get critical assets affecting a specific rule. + + Get the list of critical assets that affect a specific existing rule by the rule's ID. + + :param rule_id: The ID of the rule. + :type rule_id: str + :rtype: SecurityMonitoringCriticalAssetsResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["rule_id"] = rule_id + + return self._get_critical_assets_affecting_rule_endpoint.call_with_http_info(**kwargs) + def get_custom_framework( self, handle: str, @@ -3058,6 +3258,23 @@ def get_security_filter( return self._get_security_filter_endpoint.call_with_http_info(**kwargs) + def get_security_monitoring_critical_asset( + self, + critical_asset_id: str, + ) -> SecurityMonitoringCriticalAssetResponse: + """Get a critical asset. + + Get the details of a specific critical asset. + + :param critical_asset_id: The ID of the critical asset. + :type critical_asset_id: str + :rtype: SecurityMonitoringCriticalAssetResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["critical_asset_id"] = critical_asset_id + + return self._get_security_monitoring_critical_asset_endpoint.call_with_http_info(**kwargs) + def get_security_monitoring_histsignal( self, histsignal_id: str, @@ -3897,6 +4114,25 @@ def list_security_findings_with_pagination( } return endpoint.call_with_http_info_paginated(pagination) + def list_security_monitoring_critical_assets( + self, + *, + query: Union[str, UnsetType] = unset, + ) -> SecurityMonitoringCriticalAssetsResponse: + """Get all critical assets. + + Get the list of all critical assets. + + :param query: Query string. + :type query: str, optional + :rtype: SecurityMonitoringCriticalAssetsResponse + """ + kwargs: Dict[str, Any] = {} + if query is not unset: + kwargs["query"] = query + + return self._list_security_monitoring_critical_assets_endpoint.call_with_http_info(**kwargs) + def list_security_monitoring_histsignals( self, *, @@ -4933,6 +5169,28 @@ def update_security_filter( return self._update_security_filter_endpoint.call_with_http_info(**kwargs) + def update_security_monitoring_critical_asset( + self, + critical_asset_id: str, + body: SecurityMonitoringCriticalAssetUpdateRequest, + ) -> SecurityMonitoringCriticalAssetResponse: + """Update a critical asset. + + Update a specific critical asset. + + :param critical_asset_id: The ID of the critical asset. + :type critical_asset_id: str + :param body: New definition of the critical asset. Supports partial updates. + :type body: SecurityMonitoringCriticalAssetUpdateRequest + :rtype: SecurityMonitoringCriticalAssetResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["critical_asset_id"] = critical_asset_id + + kwargs["body"] = body + + return self._update_security_monitoring_critical_asset_endpoint.call_with_http_info(**kwargs) + def update_security_monitoring_rule( self, rule_id: str, diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset.py new file mode 100644 index 0000000000..8a97a0ac53 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset.py @@ -0,0 +1,70 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_critical_asset_attributes import ( + SecurityMonitoringCriticalAssetAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_critical_asset_type import SecurityMonitoringCriticalAssetType + + +class SecurityMonitoringCriticalAsset(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_critical_asset_attributes import ( + SecurityMonitoringCriticalAssetAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_critical_asset_type import ( + SecurityMonitoringCriticalAssetType, + ) + + return { + "attributes": (SecurityMonitoringCriticalAssetAttributes,), + "id": (str,), + "type": (SecurityMonitoringCriticalAssetType,), + } + + attribute_map = { + "attributes": "attributes", + "id": "id", + "type": "type", + } + + def __init__( + self_, + attributes: Union[SecurityMonitoringCriticalAssetAttributes, UnsetType] = unset, + id: Union[str, UnsetType] = unset, + type: Union[SecurityMonitoringCriticalAssetType, UnsetType] = unset, + **kwargs, + ): + """ + The critical asset's properties. + + :param attributes: The attributes of the critical asset. + :type attributes: SecurityMonitoringCriticalAssetAttributes, optional + + :param id: The ID of the critical asset. + :type id: str, optional + + :param type: The type of the resource. The value should always be ``critical_assets``. + :type type: SecurityMonitoringCriticalAssetType, optional + """ + if attributes is not unset: + kwargs["attributes"] = attributes + if id is not unset: + kwargs["id"] = id + if type is not unset: + kwargs["type"] = type + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset_attributes.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_attributes.py new file mode 100644 index 0000000000..a4d9811e6d --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_attributes.py @@ -0,0 +1,146 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_user import SecurityMonitoringUser + from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import ( + SecurityMonitoringCriticalAssetSeverity, + ) + + +class SecurityMonitoringCriticalAssetAttributes(ModelNormal): + validations = { + "version": { + "inclusive_maximum": 2147483647, + }, + } + + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_user import SecurityMonitoringUser + from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import ( + SecurityMonitoringCriticalAssetSeverity, + ) + + return { + "creation_author_id": (int,), + "creation_date": (int,), + "creator": (SecurityMonitoringUser,), + "enabled": (bool,), + "query": (str,), + "rule_query": (str,), + "severity": (SecurityMonitoringCriticalAssetSeverity,), + "tags": ([str],), + "update_author_id": (int,), + "update_date": (int,), + "updater": (SecurityMonitoringUser,), + "version": (int,), + } + + attribute_map = { + "creation_author_id": "creation_author_id", + "creation_date": "creation_date", + "creator": "creator", + "enabled": "enabled", + "query": "query", + "rule_query": "rule_query", + "severity": "severity", + "tags": "tags", + "update_author_id": "update_author_id", + "update_date": "update_date", + "updater": "updater", + "version": "version", + } + + def __init__( + self_, + creation_author_id: Union[int, UnsetType] = unset, + creation_date: Union[int, UnsetType] = unset, + creator: Union[SecurityMonitoringUser, UnsetType] = unset, + enabled: Union[bool, UnsetType] = unset, + query: Union[str, UnsetType] = unset, + rule_query: Union[str, UnsetType] = unset, + severity: Union[SecurityMonitoringCriticalAssetSeverity, UnsetType] = unset, + tags: Union[List[str], UnsetType] = unset, + update_author_id: Union[int, UnsetType] = unset, + update_date: Union[int, UnsetType] = unset, + updater: Union[SecurityMonitoringUser, UnsetType] = unset, + version: Union[int, UnsetType] = unset, + **kwargs, + ): + """ + The attributes of the critical asset. + + :param creation_author_id: ID of user who created the critical asset. + :type creation_author_id: int, optional + + :param creation_date: A Unix millisecond timestamp given the creation date of the critical asset. + :type creation_date: int, optional + + :param creator: A user. + :type creator: SecurityMonitoringUser, optional + + :param enabled: Whether the critical asset is enabled. + :type enabled: bool, optional + + :param query: The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer. + :type query: str, optional + + :param rule_query: The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to. + :type rule_query: str, optional + + :param severity: Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. + :type severity: SecurityMonitoringCriticalAssetSeverity, optional + + :param tags: List of tags associated with the critical asset. + :type tags: [str], optional + + :param update_author_id: ID of user who updated the critical asset. + :type update_author_id: int, optional + + :param update_date: A Unix millisecond timestamp given the update date of the critical asset. + :type update_date: int, optional + + :param updater: A user. + :type updater: SecurityMonitoringUser, optional + + :param version: The version of the critical asset; it starts at 1, and is incremented at each update. + :type version: int, optional + """ + if creation_author_id is not unset: + kwargs["creation_author_id"] = creation_author_id + if creation_date is not unset: + kwargs["creation_date"] = creation_date + if creator is not unset: + kwargs["creator"] = creator + if enabled is not unset: + kwargs["enabled"] = enabled + if query is not unset: + kwargs["query"] = query + if rule_query is not unset: + kwargs["rule_query"] = rule_query + if severity is not unset: + kwargs["severity"] = severity + if tags is not unset: + kwargs["tags"] = tags + if update_author_id is not unset: + kwargs["update_author_id"] = update_author_id + if update_date is not unset: + kwargs["update_date"] = update_date + if updater is not unset: + kwargs["updater"] = updater + if version is not unset: + kwargs["version"] = version + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset_create_attributes.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_create_attributes.py new file mode 100644 index 0000000000..b07a136648 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_create_attributes.py @@ -0,0 +1,80 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import ( + SecurityMonitoringCriticalAssetSeverity, + ) + + +class SecurityMonitoringCriticalAssetCreateAttributes(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import ( + SecurityMonitoringCriticalAssetSeverity, + ) + + return { + "enabled": (bool,), + "query": (str,), + "rule_query": (str,), + "severity": (SecurityMonitoringCriticalAssetSeverity,), + "tags": ([str],), + } + + attribute_map = { + "enabled": "enabled", + "query": "query", + "rule_query": "rule_query", + "severity": "severity", + "tags": "tags", + } + + def __init__( + self_, + query: str, + rule_query: str, + severity: SecurityMonitoringCriticalAssetSeverity, + enabled: Union[bool, UnsetType] = unset, + tags: Union[List[str], UnsetType] = unset, + **kwargs, + ): + """ + Object containing the attributes of the critical asset to be created. + + :param enabled: Whether the critical asset is enabled. Defaults to ``true`` if not specified. + :type enabled: bool, optional + + :param query: The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer. + :type query: str + + :param rule_query: The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to. + :type rule_query: str + + :param severity: Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. + :type severity: SecurityMonitoringCriticalAssetSeverity + + :param tags: List of tags associated with the critical asset. + :type tags: [str], optional + """ + if enabled is not unset: + kwargs["enabled"] = enabled + if tags is not unset: + kwargs["tags"] = tags + super().__init__(kwargs) + + self_.query = query + self_.rule_query = rule_query + self_.severity = severity diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset_create_data.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_create_data.py new file mode 100644 index 0000000000..303d5c65ea --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_create_data.py @@ -0,0 +1,59 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_critical_asset_create_attributes import ( + SecurityMonitoringCriticalAssetCreateAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_critical_asset_type import SecurityMonitoringCriticalAssetType + + +class SecurityMonitoringCriticalAssetCreateData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_critical_asset_create_attributes import ( + SecurityMonitoringCriticalAssetCreateAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_critical_asset_type import ( + SecurityMonitoringCriticalAssetType, + ) + + return { + "attributes": (SecurityMonitoringCriticalAssetCreateAttributes,), + "type": (SecurityMonitoringCriticalAssetType,), + } + + attribute_map = { + "attributes": "attributes", + "type": "type", + } + + def __init__( + self_, + attributes: SecurityMonitoringCriticalAssetCreateAttributes, + type: SecurityMonitoringCriticalAssetType, + **kwargs, + ): + """ + Object for a single critical asset. + + :param attributes: Object containing the attributes of the critical asset to be created. + :type attributes: SecurityMonitoringCriticalAssetCreateAttributes + + :param type: The type of the resource. The value should always be ``critical_assets``. + :type type: SecurityMonitoringCriticalAssetType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.type = type diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset_create_request.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_create_request.py new file mode 100644 index 0000000000..e85509531b --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_create_request.py @@ -0,0 +1,44 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_critical_asset_create_data import ( + SecurityMonitoringCriticalAssetCreateData, + ) + + +class SecurityMonitoringCriticalAssetCreateRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_critical_asset_create_data import ( + SecurityMonitoringCriticalAssetCreateData, + ) + + return { + "data": (SecurityMonitoringCriticalAssetCreateData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: SecurityMonitoringCriticalAssetCreateData, **kwargs): + """ + Request object that includes the critical asset that you would like to create. + + :param data: Object for a single critical asset. + :type data: SecurityMonitoringCriticalAssetCreateData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset_response.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_response.py new file mode 100644 index 0000000000..1e60157b86 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_response.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_critical_asset import SecurityMonitoringCriticalAsset + + +class SecurityMonitoringCriticalAssetResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_critical_asset import SecurityMonitoringCriticalAsset + + return { + "data": (SecurityMonitoringCriticalAsset,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: Union[SecurityMonitoringCriticalAsset, UnsetType] = unset, **kwargs): + """ + Response object containing a single critical asset. + + :param data: The critical asset's properties. + :type data: SecurityMonitoringCriticalAsset, optional + """ + if data is not unset: + kwargs["data"] = data + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset_severity.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_severity.py new file mode 100644 index 0000000000..d6cd99efe5 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_severity.py @@ -0,0 +1,53 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringCriticalAssetSeverity(ModelSimple): + """ + Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. + + :param value: Must be one of ["info", "low", "medium", "high", "critical", "increase", "decrease"]. + :type value: str + """ + + allowed_values = { + "info", + "low", + "medium", + "high", + "critical", + "increase", + "decrease", + } + INFO: ClassVar["SecurityMonitoringCriticalAssetSeverity"] + LOW: ClassVar["SecurityMonitoringCriticalAssetSeverity"] + MEDIUM: ClassVar["SecurityMonitoringCriticalAssetSeverity"] + HIGH: ClassVar["SecurityMonitoringCriticalAssetSeverity"] + CRITICAL: ClassVar["SecurityMonitoringCriticalAssetSeverity"] + INCREASE: ClassVar["SecurityMonitoringCriticalAssetSeverity"] + DECREASE: ClassVar["SecurityMonitoringCriticalAssetSeverity"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringCriticalAssetSeverity.INFO = SecurityMonitoringCriticalAssetSeverity("info") +SecurityMonitoringCriticalAssetSeverity.LOW = SecurityMonitoringCriticalAssetSeverity("low") +SecurityMonitoringCriticalAssetSeverity.MEDIUM = SecurityMonitoringCriticalAssetSeverity("medium") +SecurityMonitoringCriticalAssetSeverity.HIGH = SecurityMonitoringCriticalAssetSeverity("high") +SecurityMonitoringCriticalAssetSeverity.CRITICAL = SecurityMonitoringCriticalAssetSeverity("critical") +SecurityMonitoringCriticalAssetSeverity.INCREASE = SecurityMonitoringCriticalAssetSeverity("increase") +SecurityMonitoringCriticalAssetSeverity.DECREASE = SecurityMonitoringCriticalAssetSeverity("decrease") diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset_type.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_type.py new file mode 100644 index 0000000000..2649501cf4 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_type.py @@ -0,0 +1,35 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + + +from datadog_api_client.model_utils import ( + ModelSimple, + cached_property, +) + +from typing import ClassVar + + +class SecurityMonitoringCriticalAssetType(ModelSimple): + """ + The type of the resource. The value should always be `critical_assets`. + + :param value: If omitted defaults to "critical_assets". Must be one of ["critical_assets"]. + :type value: str + """ + + allowed_values = { + "critical_assets", + } + CRITICAL_ASSETS: ClassVar["SecurityMonitoringCriticalAssetType"] + + @cached_property + def openapi_types(_): + return { + "value": (str,), + } + + +SecurityMonitoringCriticalAssetType.CRITICAL_ASSETS = SecurityMonitoringCriticalAssetType("critical_assets") diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset_update_attributes.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_update_attributes.py new file mode 100644 index 0000000000..3e977ad431 --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_update_attributes.py @@ -0,0 +1,96 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import ( + SecurityMonitoringCriticalAssetSeverity, + ) + + +class SecurityMonitoringCriticalAssetUpdateAttributes(ModelNormal): + validations = { + "version": { + "inclusive_maximum": 2147483647, + }, + } + + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import ( + SecurityMonitoringCriticalAssetSeverity, + ) + + return { + "enabled": (bool,), + "query": (str,), + "rule_query": (str,), + "severity": (SecurityMonitoringCriticalAssetSeverity,), + "tags": ([str],), + "version": (int,), + } + + attribute_map = { + "enabled": "enabled", + "query": "query", + "rule_query": "rule_query", + "severity": "severity", + "tags": "tags", + "version": "version", + } + + def __init__( + self_, + enabled: Union[bool, UnsetType] = unset, + query: Union[str, UnsetType] = unset, + rule_query: Union[str, UnsetType] = unset, + severity: Union[SecurityMonitoringCriticalAssetSeverity, UnsetType] = unset, + tags: Union[List[str], UnsetType] = unset, + version: Union[int, UnsetType] = unset, + **kwargs, + ): + """ + The critical asset properties to be updated. + + :param enabled: Whether the critical asset is enabled. + :type enabled: bool, optional + + :param query: The query for the critical asset. It uses the same syntax as the queries to search signals in the Signals Explorer. + :type query: str, optional + + :param rule_query: The rule query of the critical asset, with the same syntax as the search bar for detection rules. This determines which rules this critical asset will apply to. + :type rule_query: str, optional + + :param severity: Severity associated with this critical asset. Either an explicit severity can be set, or the severity can be increased or decreased. + :type severity: SecurityMonitoringCriticalAssetSeverity, optional + + :param tags: List of tags associated with the critical asset. + :type tags: [str], optional + + :param version: The version of the critical asset being updated. Used for optimistic locking to prevent concurrent modifications. + :type version: int, optional + """ + if enabled is not unset: + kwargs["enabled"] = enabled + if query is not unset: + kwargs["query"] = query + if rule_query is not unset: + kwargs["rule_query"] = rule_query + if severity is not unset: + kwargs["severity"] = severity + if tags is not unset: + kwargs["tags"] = tags + if version is not unset: + kwargs["version"] = version + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset_update_data.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_update_data.py new file mode 100644 index 0000000000..32ab7cd5ba --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_update_data.py @@ -0,0 +1,59 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_critical_asset_update_attributes import ( + SecurityMonitoringCriticalAssetUpdateAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_critical_asset_type import SecurityMonitoringCriticalAssetType + + +class SecurityMonitoringCriticalAssetUpdateData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_critical_asset_update_attributes import ( + SecurityMonitoringCriticalAssetUpdateAttributes, + ) + from datadog_api_client.v2.model.security_monitoring_critical_asset_type import ( + SecurityMonitoringCriticalAssetType, + ) + + return { + "attributes": (SecurityMonitoringCriticalAssetUpdateAttributes,), + "type": (SecurityMonitoringCriticalAssetType,), + } + + attribute_map = { + "attributes": "attributes", + "type": "type", + } + + def __init__( + self_, + attributes: SecurityMonitoringCriticalAssetUpdateAttributes, + type: SecurityMonitoringCriticalAssetType, + **kwargs, + ): + """ + The new critical asset properties; partial updates are supported. + + :param attributes: The critical asset properties to be updated. + :type attributes: SecurityMonitoringCriticalAssetUpdateAttributes + + :param type: The type of the resource. The value should always be ``critical_assets``. + :type type: SecurityMonitoringCriticalAssetType + """ + super().__init__(kwargs) + + self_.attributes = attributes + self_.type = type diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_asset_update_request.py b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_update_request.py new file mode 100644 index 0000000000..fc5439fcea --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_asset_update_request.py @@ -0,0 +1,44 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_critical_asset_update_data import ( + SecurityMonitoringCriticalAssetUpdateData, + ) + + +class SecurityMonitoringCriticalAssetUpdateRequest(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_critical_asset_update_data import ( + SecurityMonitoringCriticalAssetUpdateData, + ) + + return { + "data": (SecurityMonitoringCriticalAssetUpdateData,), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: SecurityMonitoringCriticalAssetUpdateData, **kwargs): + """ + Request object containing the fields to update on the critical asset. + + :param data: The new critical asset properties; partial updates are supported. + :type data: SecurityMonitoringCriticalAssetUpdateData + """ + super().__init__(kwargs) + + self_.data = data diff --git a/src/datadog_api_client/v2/model/security_monitoring_critical_assets_response.py b/src/datadog_api_client/v2/model/security_monitoring_critical_assets_response.py new file mode 100644 index 0000000000..9dfc99498f --- /dev/null +++ b/src/datadog_api_client/v2/model/security_monitoring_critical_assets_response.py @@ -0,0 +1,42 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.security_monitoring_critical_asset import SecurityMonitoringCriticalAsset + + +class SecurityMonitoringCriticalAssetsResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.security_monitoring_critical_asset import SecurityMonitoringCriticalAsset + + return { + "data": ([SecurityMonitoringCriticalAsset],), + } + + attribute_map = { + "data": "data", + } + + def __init__(self_, data: Union[List[SecurityMonitoringCriticalAsset], UnsetType] = unset, **kwargs): + """ + Response object containing the available critical assets. + + :param data: A list of critical assets objects. + :type data: [SecurityMonitoringCriticalAsset], optional + """ + if data is not unset: + kwargs["data"] = data + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index acb5701091..44a6d4d547 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -4247,6 +4247,38 @@ from datadog_api_client.v2.model.security_findings_search_request_page import SecurityFindingsSearchRequestPage from datadog_api_client.v2.model.security_findings_sort import SecurityFindingsSort from datadog_api_client.v2.model.security_findings_status import SecurityFindingsStatus +from datadog_api_client.v2.model.security_monitoring_critical_asset import SecurityMonitoringCriticalAsset +from datadog_api_client.v2.model.security_monitoring_critical_asset_attributes import ( + SecurityMonitoringCriticalAssetAttributes, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_create_attributes import ( + SecurityMonitoringCriticalAssetCreateAttributes, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_create_data import ( + SecurityMonitoringCriticalAssetCreateData, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_create_request import ( + SecurityMonitoringCriticalAssetCreateRequest, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_response import ( + SecurityMonitoringCriticalAssetResponse, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_severity import ( + SecurityMonitoringCriticalAssetSeverity, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_type import SecurityMonitoringCriticalAssetType +from datadog_api_client.v2.model.security_monitoring_critical_asset_update_attributes import ( + SecurityMonitoringCriticalAssetUpdateAttributes, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_update_data import ( + SecurityMonitoringCriticalAssetUpdateData, +) +from datadog_api_client.v2.model.security_monitoring_critical_asset_update_request import ( + SecurityMonitoringCriticalAssetUpdateRequest, +) +from datadog_api_client.v2.model.security_monitoring_critical_assets_response import ( + SecurityMonitoringCriticalAssetsResponse, +) from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter from datadog_api_client.v2.model.security_monitoring_filter_action import SecurityMonitoringFilterAction from datadog_api_client.v2.model.security_monitoring_list_rules_response import SecurityMonitoringListRulesResponse @@ -8299,6 +8331,18 @@ "SecurityFindingsSearchRequestPage", "SecurityFindingsSort", "SecurityFindingsStatus", + "SecurityMonitoringCriticalAsset", + "SecurityMonitoringCriticalAssetAttributes", + "SecurityMonitoringCriticalAssetCreateAttributes", + "SecurityMonitoringCriticalAssetCreateData", + "SecurityMonitoringCriticalAssetCreateRequest", + "SecurityMonitoringCriticalAssetResponse", + "SecurityMonitoringCriticalAssetSeverity", + "SecurityMonitoringCriticalAssetType", + "SecurityMonitoringCriticalAssetUpdateAttributes", + "SecurityMonitoringCriticalAssetUpdateData", + "SecurityMonitoringCriticalAssetUpdateRequest", + "SecurityMonitoringCriticalAssetsResponse", "SecurityMonitoringFilter", "SecurityMonitoringFilterAction", "SecurityMonitoringListRulesResponse", diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_critical_asset_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_create_a_critical_asset_returns_ok_response.frozen new file mode 100644 index 0000000000..04dabca22b --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_create_a_critical_asset_returns_ok_response.frozen @@ -0,0 +1 @@ +2026-01-02T19:09:02.221Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_critical_asset_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_create_a_critical_asset_returns_ok_response.yaml new file mode 100644 index 0000000000..f997c3349e --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_create_a_critical_asset_returns_ok_response.yaml @@ -0,0 +1,36 @@ +interactions: +- request: + body: '{"data":{"attributes":{"query":"host:testcreateacriticalassetreturnsokresponse1767380942","rule_query":"type:(log_detection + OR signal_correlation OR workload_security OR application_security) source:cloudtrail","severity":"decrease","tags":["team:security","env:test"]},"type":"critical_assets"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets + response: + body: + string: '{"data":{"id":"93d5a224-589d-4d6d-adbf-f6657f484ecc","type":"critical_assets","attributes":{"creation_author_id":1445416,"creation_date":1767380942322,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"enabled":true,"query":"host:testcreateacriticalassetreturnsokresponse1767380942","rule_query":"type:(log_detection + OR signal_correlation OR workload_security OR application_security) source:cloudtrail","severity":"decrease","tags":["team:security","env:test"],"update_author_id":1445416,"update_date":1767380942322,"updater":{"handle":"frog@datadoghq.com","name":"frog"},"version":1}}}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/93d5a224-589d-4d6d-adbf-f6657f484ecc + response: + body: + string: '' + headers: {} + status: + code: 204 + message: No Content +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_not_found_response.frozen new file mode 100644 index 0000000000..0eee84fdab --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_not_found_response.frozen @@ -0,0 +1 @@ +2026-01-02T19:09:07.983Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_not_found_response.yaml new file mode 100644 index 0000000000..43f7b647a3 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_not_found_response.yaml @@ -0,0 +1,19 @@ +interactions: +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/00000000-0000-0000-0000-000000000000 + response: + body: + string: '{"errors":["not_found(Critical asset with ID 00000000-0000-0000-0000-000000000000 + not found)"]}' + headers: + content-type: + - application/json + status: + code: 404 + message: Not Found +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_ok_response.frozen new file mode 100644 index 0000000000..b36aecf36b --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_ok_response.frozen @@ -0,0 +1 @@ +2026-01-12T19:41:34.038Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_ok_response.yaml new file mode 100644 index 0000000000..4cf816b25d --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_delete_a_critical_asset_returns_ok_response.yaml @@ -0,0 +1,53 @@ +interactions: +- request: + body: '{"data":{"attributes":{"query":"security:monitoring","rule_query":"source:k9","severity":"medium","tags":["team:security"]},"type":"critical_assets"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets + response: + body: + string: '{"data":{"id":"f340fbe7-ed28-466e-924e-7e23475dd405","type":"critical_assets","attributes":{"creation_author_id":2320499,"creation_date":1768246895425,"creator":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"enabled":true,"query":"security:monitoring","rule_query":"source:k9","severity":"medium","tags":["team:security"],"update_author_id":2320499,"update_date":1768246895425,"updater":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"version":1}}}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/f340fbe7-ed28-466e-924e-7e23475dd405 + response: + body: + string: '' + headers: {} + status: + code: 204 + message: No Content +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/f340fbe7-ed28-466e-924e-7e23475dd405 + response: + body: + string: '{"errors":["not_found(Critical asset with ID f340fbe7-ed28-466e-924e-7e23475dd405 + not found)"]}' + headers: + content-type: + - application/json + status: + code: 404 + message: Not Found +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_not_found_response.frozen new file mode 100644 index 0000000000..7b90a91832 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_not_found_response.frozen @@ -0,0 +1 @@ +2026-01-02T19:09:12.106Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_not_found_response.yaml new file mode 100644 index 0000000000..1db0dab8a1 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_not_found_response.yaml @@ -0,0 +1,19 @@ +interactions: +- request: + body: null + headers: + accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/00000000-0000-0000-0000-000000000000 + response: + body: + string: '{"errors":["not_found(Critical asset with ID 00000000-0000-0000-0000-000000000000 + not found)"]}' + headers: + content-type: + - application/json + status: + code: 404 + message: Not Found +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_ok_response.frozen new file mode 100644 index 0000000000..cd9a619641 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_ok_response.frozen @@ -0,0 +1 @@ +2026-01-12T19:41:36.187Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_ok_response.yaml new file mode 100644 index 0000000000..1a3864443e --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_a_critical_asset_returns_ok_response.yaml @@ -0,0 +1,54 @@ +interactions: +- request: + body: '{"data":{"attributes":{"query":"security:monitoring","rule_query":"source:k9","severity":"medium","tags":["team:security"]},"type":"critical_assets"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets + response: + body: + string: '{"data":{"id":"a9dfa43c-734a-4984-bed6-68934254cb59","type":"critical_assets","attributes":{"creation_author_id":2320499,"creation_date":1768246896448,"creator":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"enabled":true,"query":"security:monitoring","rule_query":"source:k9","severity":"medium","tags":["team:security"],"update_author_id":2320499,"update_date":1768246896448,"updater":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"version":1}}}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/a9dfa43c-734a-4984-bed6-68934254cb59 + response: + body: + string: '{"data":{"id":"a9dfa43c-734a-4984-bed6-68934254cb59","type":"critical_assets","attributes":{"creation_author_id":2320499,"creation_date":1768246896448,"creator":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"enabled":true,"query":"security:monitoring","rule_query":"source:k9","severity":"medium","tags":["team:security"],"update_author_id":2320499,"update_date":1768246896448,"updater":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"version":1}}}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/a9dfa43c-734a-4984-bed6-68934254cb59 + response: + body: + string: '' + headers: {} + status: + code: 204 + message: No Content +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_get_all_critical_assets_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_all_critical_assets_returns_ok_response.frozen new file mode 100644 index 0000000000..73ce7ea8b9 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_all_critical_assets_returns_ok_response.frozen @@ -0,0 +1 @@ +2026-01-02T19:09:14.824Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_all_critical_assets_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_all_critical_assets_returns_ok_response.yaml new file mode 100644 index 0000000000..4e4ad9bef1 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_all_critical_assets_returns_ok_response.yaml @@ -0,0 +1,18 @@ +interactions: +- request: + body: null + headers: + accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets + response: + body: + string: '{"data":[]}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_not_found_response.frozen new file mode 100644 index 0000000000..8316ba5426 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_not_found_response.frozen @@ -0,0 +1 @@ +2026-01-02T18:44:02.157Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_not_found_response.yaml new file mode 100644 index 0000000000..b940c255b8 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_not_found_response.yaml @@ -0,0 +1,18 @@ +interactions: +- request: + body: null + headers: + accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/rules/aaa-bbb-ccc-ddd + response: + body: + string: '{"data":[]}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_ok_response.frozen new file mode 100644 index 0000000000..7d88794deb --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_ok_response.frozen @@ -0,0 +1 @@ +2026-01-02T19:09:15.164Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_ok_response.yaml new file mode 100644 index 0000000000..e0c49705aa --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_get_critical_assets_affecting_a_specific_rule_returns_ok_response.yaml @@ -0,0 +1,52 @@ +interactions: +- request: + body: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test + rule","name":"Test-Get_critical_assets_affecting_a_specific_rule_returns_OK_response-1767380955","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metrics":[],"query":"@test:true"}],"tags":[],"type":"log_detection"}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules + response: + body: + string: '{"name":"Test-Get_critical_assets_affecting_a_specific_rule_returns_OK_response-1767380955","createdAt":1767380955311,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + \u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"kcp-m1q-tmu","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"updater":{"handle":"","name":""}}' + headers: + content-type: + - application/json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/rules/kcp-m1q-tmu + response: + body: + string: '{"data":[]}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/kcp-m1q-tmu + response: + body: + string: '' + headers: {} + status: + code: 204 + message: No Content +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_bad_request_response.frozen new file mode 100644 index 0000000000..bc89362126 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_bad_request_response.frozen @@ -0,0 +1 @@ +2026-01-02T18:44:09.415Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_bad_request_response.yaml new file mode 100644 index 0000000000..bb444fdb42 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_bad_request_response.yaml @@ -0,0 +1,21 @@ +interactions: +- request: + body: '{"data":{"attributes":{"severity":"invalid_severity"},"type":"critical_assets"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: PATCH + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/00000000-0000-0000-0000-000000000000 + response: + body: + string: '{"errors":["not_found(Critical asset with ID 00000000-0000-0000-0000-000000000000 + not found)"]}' + headers: + content-type: + - application/json + status: + code: 404 + message: Not Found +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_not_found_response.frozen new file mode 100644 index 0000000000..34439436f4 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_not_found_response.frozen @@ -0,0 +1 @@ +2026-01-02T19:09:24.526Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_not_found_response.yaml new file mode 100644 index 0000000000..0e28a8a467 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_not_found_response.yaml @@ -0,0 +1,21 @@ +interactions: +- request: + body: '{"data":{"attributes":{"severity":"high"},"type":"critical_assets"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: PATCH + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/00000000-0000-0000-0000-000000000001 + response: + body: + string: '{"errors":["not_found(Critical asset with ID 00000000-0000-0000-0000-000000000001 + not found)"]}' + headers: + content-type: + - application/json + status: + code: 404 + message: Not Found +version: 1 diff --git a/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_ok_response.frozen new file mode 100644 index 0000000000..8a0b1a02a2 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_ok_response.frozen @@ -0,0 +1 @@ +2026-01-12T19:41:37.223Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_ok_response.yaml new file mode 100644 index 0000000000..689c926131 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_update_a_critical_asset_returns_ok_response.yaml @@ -0,0 +1,58 @@ +interactions: +- request: + body: '{"data":{"attributes":{"query":"security:monitoring","rule_query":"source:k9","severity":"medium","tags":["team:security"]},"type":"critical_assets"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets + response: + body: + string: '{"data":{"id":"8fb467ae-b5c8-4bb1-822d-7648fe10a912","type":"critical_assets","attributes":{"creation_author_id":2320499,"creation_date":1768246897503,"creator":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"enabled":true,"query":"security:monitoring","rule_query":"source:k9","severity":"medium","tags":["team:security"],"update_author_id":2320499,"update_date":1768246897503,"updater":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"version":1}}}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +- request: + body: '{"data":{"attributes":{"enabled":false,"query":"no:alert","rule_query":"type:(log_detection + OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq","severity":"decrease","tags":["env:production"],"version":1},"type":"critical_assets"}}' + headers: + accept: + - application/json + content-type: + - application/json + method: PATCH + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/8fb467ae-b5c8-4bb1-822d-7648fe10a912 + response: + body: + string: '{"data":{"id":"8fb467ae-b5c8-4bb1-822d-7648fe10a912","type":"critical_assets","attributes":{"creation_author_id":2320499,"creation_date":1768246897503,"creator":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"enabled":false,"query":"no:alert","rule_query":"type:(log_detection + OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq","severity":"decrease","tags":["env:production"],"update_author_id":2320499,"update_date":1768246897863,"updater":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"version":2}}}' + headers: + content-type: + - application/vnd.api+json + status: + code: 200 + message: OK +- request: + body: null + headers: + accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/critical_assets/8fb467ae-b5c8-4bb1-822d-7648fe10a912 + response: + body: + string: '' + headers: {} + status: + code: 204 + message: No Content +version: 1 diff --git a/tests/v2/features/given.json b/tests/v2/features/given.json index aa08181879..1e4b1ff826 100644 --- a/tests/v2/features/given.json +++ b/tests/v2/features/given.json @@ -1007,6 +1007,18 @@ "tag": "CSM Threats", "operationId": "CreateCloudWorkloadSecurityAgentRule" }, + { + "parameters": [ + { + "name": "body", + "value": "{\n \"data\": {\n \"type\": \"critical_assets\",\n \"attributes\": {\n \"query\":\"security:monitoring\",\n \"severity\":\"medium\",\n \"rule_query\":\"source:k9\",\n \"tags\":[\"team:security\"]\n }\n }\n}" + } + ], + "step": "there is a valid \"critical_asset\" in the system", + "key": "critical_asset", + "tag": "Security Monitoring", + "operationId": "CreateSecurityMonitoringCriticalAsset" + }, { "parameters": [ { diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index a4954459e2..2a6c599c30 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -293,6 +293,29 @@ Feature: Security Monitoring And the response "message" is equal to "ddd" And the response "options.complianceRuleOptions.resourceType" is equal to "gcp_compute_disk" + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Create a critical asset returns "Bad Request" response + Given new "CreateSecurityMonitoringCriticalAsset" request + And body with value {"data": {"type": "critical_assets", "attributes": {"query": "host:test"}}} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Create a critical asset returns "Conflict" response + Given new "CreateSecurityMonitoringCriticalAsset" request + And body with value {"data": {"attributes": {"enabled": true, "query": "security:monitoring", "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail", "severity": "increase", "tags": ["team:database", "source:cloudtrail"]}, "type": "critical_assets"}} + When the request is sent + Then the response status is 409 Conflict + + @skip-validation @team:DataDog/k9-cloud-security-platform + Scenario: Create a critical asset returns "OK" response + Given new "CreateSecurityMonitoringCriticalAsset" request + And body with value {"data": {"type": "critical_assets", "attributes": {"query": "host:{{ unique_lower_alnum }}", "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail", "severity": "decrease", "tags": ["team:security", "env:test"]}}} + When the request is sent + Then the response status is 200 OK + And the response "data.type" is equal to "critical_assets" + And the response "data.attributes.severity" is equal to "decrease" + @team:DataDog/k9-cloud-security-platform Scenario: Create a custom framework returns "Bad Request" response Given new "CreateCustomFramework" request @@ -588,6 +611,21 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found + @team:DataDog/k9-cloud-security-platform + Scenario: Delete a critical asset returns "Not Found" response + Given new "DeleteSecurityMonitoringCriticalAsset" request + And request contains "critical_asset_id" parameter with value "00000000-0000-0000-0000-000000000000" + When the request is sent + Then the response status is 404 Not Found + + @skip-validation @team:DataDog/k9-cloud-security-platform + Scenario: Delete a critical asset returns "OK" response + Given there is a valid "critical_asset" in the system + And new "DeleteSecurityMonitoringCriticalAsset" request + And request contains "critical_asset_id" parameter from "critical_asset.data.id" + When the request is sent + Then the response status is 204 OK + @team:DataDog/k9-cloud-security-platform Scenario: Delete a custom framework returns "Bad Request" response Given new "DeleteCustomFramework" request @@ -784,6 +822,23 @@ Feature: Security Monitoring And the response "name" is equal to "{{ unique }}_cloud" And the response "id" has the same value as "cloud_configuration_rule.id" + @team:DataDog/k9-cloud-security-platform + Scenario: Get a critical asset returns "Not Found" response + Given new "GetSecurityMonitoringCriticalAsset" request + And request contains "critical_asset_id" parameter with value "00000000-0000-0000-0000-000000000000" + When the request is sent + Then the response status is 404 Not Found + + @skip-validation @team:DataDog/k9-cloud-security-platform + Scenario: Get a critical asset returns "OK" response + Given new "GetSecurityMonitoringCriticalAsset" request + And there is a valid "critical_asset" in the system + And request contains "critical_asset_id" parameter from "critical_asset.data.id" + When the request is sent + Then the response status is 200 OK + And the response "data.attributes.rule_query" has the same value as "critical_asset.data.attributes.rule_query" + And the response "data.attributes.severity" is equal to "medium" + @team:DataDog/k9-cloud-security-platform Scenario: Get a custom framework returns "Bad Request" response Given new "GetCustomFramework" request @@ -1049,6 +1104,12 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @team:DataDog/k9-cloud-security-platform + Scenario: Get all critical assets returns "OK" response + Given new "ListSecurityMonitoringCriticalAssets" request + When the request is sent + Then the response status is 200 OK + @team:DataDog/k9-cloud-security-platform Scenario: Get all security filters returns "OK" response Given new "ListSecurityFilters" request @@ -1063,6 +1124,21 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Get critical assets affecting a specific rule returns "Not Found" response + Given new "GetCriticalAssetsAffectingRule" request + And request contains "rule_id" parameter with value "aaa-bbb-ccc-ddd" + When the request is sent + Then the response status is 404 Not Found + + @team:DataDog/k9-cloud-security-platform + Scenario: Get critical assets affecting a specific rule returns "OK" response + Given new "GetCriticalAssetsAffectingRule" request + And there is a valid "security_rule" in the system + And request contains "rule_id" parameter from "security_rule.id" + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/cloud-security-posture-management Scenario: Get details of a signal-based notification rule returns "Bad Request" response Given new "GetSignalNotificationRule" request @@ -1678,6 +1754,43 @@ Feature: Security Monitoring And the response "name" is equal to "{{ unique }}_cloud_updated" And the response "id" has the same value as "cloud_configuration_rule.id" + @skip @team:DataDog/k9-cloud-security-platform + Scenario: Update a critical asset returns "Bad Request" response + Given new "UpdateSecurityMonitoringCriticalAsset" request + And request contains "critical_asset_id" parameter with value "00000000-0000-0000-0000-000000000000" + And body with value {"data": {"type": "critical_assets", "attributes": {"severity": "invalid_severity"}}} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Update a critical asset returns "Concurrent Modification" response + Given new "UpdateSecurityMonitoringCriticalAsset" request + And request contains "critical_asset_id" parameter from "REPLACE.ME" + And body with value {"data": {"attributes": {"enabled": true, "query": "security:monitoring", "rule_query": "type:log_detection source:cloudtrail", "severity": "increase", "tags": ["technique:T1110-brute-force", "source:cloudtrail"], "version": 1}, "type": "critical_assets"}} + When the request is sent + Then the response status is 409 Concurrent Modification + + @team:DataDog/k9-cloud-security-platform + Scenario: Update a critical asset returns "Not Found" response + Given new "UpdateSecurityMonitoringCriticalAsset" request + And request contains "critical_asset_id" parameter with value "00000000-0000-0000-0000-000000000001" + And body with value {"data": {"type": "critical_assets", "attributes": {"severity": "high"}}} + When the request is sent + Then the response status is 404 Not Found + + @skip-validation @team:DataDog/k9-cloud-security-platform + Scenario: Update a critical asset returns "OK" response + Given new "UpdateSecurityMonitoringCriticalAsset" request + And there is a valid "critical_asset" in the system + And request contains "critical_asset_id" parameter from "critical_asset.data.id" + And body with value {"data": {"type": "critical_assets", "attributes": {"enabled": false, "query": "no:alert", "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) ruleId:djg-ktx-ipq", "severity": "decrease", "tags": ["env:production"], "version": 1}}} + When the request is sent + Then the response status is 200 OK + And the response "data.type" is equal to "critical_assets" + And the response "data.attributes.severity" is equal to "decrease" + And the response "data.attributes.enabled" is equal to false + And the response "data.attributes.version" is equal to 2 + @team:DataDog/k9-cloud-security-platform Scenario: Update a custom framework returns "Bad Request" response Given new "UpdateCustomFramework" request diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index b54378e93b..f1f207bc62 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -3988,6 +3988,49 @@ "type": "idempotent" } }, + "ListSecurityMonitoringCriticalAssets": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "CreateSecurityMonitoringCriticalAsset": { + "tag": "Security Monitoring", + "undo": { + "operationId": "DeleteSecurityMonitoringCriticalAsset", + "parameters": [ + { + "name": "critical_asset_id", + "source": "data.id" + } + ], + "type": "unsafe" + } + }, + "GetCriticalAssetsAffectingRule": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "DeleteSecurityMonitoringCriticalAsset": { + "tag": "Security Monitoring", + "undo": { + "type": "idempotent" + } + }, + "GetSecurityMonitoringCriticalAsset": { + "tag": "Security Monitoring", + "undo": { + "type": "safe" + } + }, + "UpdateSecurityMonitoringCriticalAsset": { + "tag": "Security Monitoring", + "undo": { + "type": "idempotent" + } + }, "ListSecurityFilters": { "tag": "Security Monitoring", "undo": {