DataDog · api-clients-generation-pipeline · May 13, 2024 · May 10, 2024
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-05-09 17:36:04.071231",
-            "spec_repo_commit": "c5ba75e0"
+            "regenerated": "2024-05-10 16:39:53.339452",
+            "spec_repo_commit": "d6c22916"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2024-05-09 17:36:04.095359",
-            "spec_repo_commit": "c5ba75e0"
+            "regenerated": "2024-05-10 16:39:53.369884",
+            "spec_repo_commit": "d6c22916"
         }
     }
 }
@@ -18237,6 +18237,14 @@ components:
           description: User ID of the user who created the rule.
           format: int64
           type: integer
+        defaultTags:
+          description: Default Tags for default rules (included in tags)
+          example:
+          - security:attacks
+          items:
+            description: Default Tag.
+            type: string
+          type: array
         deprecationDate:
           description: When the rule will be deprecated, timestamp in milliseconds.
           format: int64

@@ -18,6 +18,8 @@ type SecurityMonitoringStandardRuleResponse struct {
 	CreatedAt *int64 `json:"createdAt,omitempty"`
 	// User ID of the user who created the rule.
 	CreationAuthorId *int64 `json:"creationAuthorId,omitempty"`
+	// Default Tags for default rules (included in tags)
+	DefaultTags []string `json:"defaultTags,omitempty"`
 	// When the rule will be deprecated, timestamp in milliseconds.
 	DeprecationDate *int64 `json:"deprecationDate,omitempty"`
 	// Additional queries to filter matched events before they are processed. This field is deprecated for log detection, signal correlation, and workload security rules.
@@ -184,6 +186,34 @@ func (o *SecurityMonitoringStandardRuleResponse) SetCreationAuthorId(v int64) {
 	o.CreationAuthorId = &v
 }
 
+// GetDefaultTags returns the DefaultTags field value if set, zero value otherwise.
+func (o *SecurityMonitoringStandardRuleResponse) GetDefaultTags() []string {
+	if o == nil || o.DefaultTags == nil {
+		var ret []string
+		return ret
+	}
+	return o.DefaultTags
+}
+
+// GetDefaultTagsOk returns a tuple with the DefaultTags field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurityMonitoringStandardRuleResponse) GetDefaultTagsOk() (*[]string, bool) {
+	if o == nil || o.DefaultTags == nil {
+		return nil, false
+	}
+	return &o.DefaultTags, true
+}
+
+// HasDefaultTags returns a boolean if a field has been set.
+func (o *SecurityMonitoringStandardRuleResponse) HasDefaultTags() bool {
+	return o != nil && o.DefaultTags != nil
+}
+
+// SetDefaultTags gets a reference to the given []string and assigns it to the DefaultTags field.
+func (o *SecurityMonitoringStandardRuleResponse) SetDefaultTags(v []string) {
+	o.DefaultTags = v
+}
+
 // GetDeprecationDate returns the DeprecationDate field value if set, zero value otherwise.
 func (o *SecurityMonitoringStandardRuleResponse) GetDeprecationDate() int64 {
 	if o == nil || o.DeprecationDate == nil {
@@ -650,6 +680,9 @@ func (o SecurityMonitoringStandardRuleResponse) MarshalJSON() ([]byte, error) {
 	if o.CreationAuthorId != nil {
 		toSerialize["creationAuthorId"] = o.CreationAuthorId
 	}
+	if o.DefaultTags != nil {
+		toSerialize["defaultTags"] = o.DefaultTags
+	}
 	if o.DeprecationDate != nil {
 		toSerialize["deprecationDate"] = o.DeprecationDate
 	}
@@ -712,6 +745,7 @@ func (o *SecurityMonitoringStandardRuleResponse) UnmarshalJSON(bytes []byte) (er
 		ComplianceSignalOptions *CloudConfigurationRuleComplianceSignalOptions `json:"complianceSignalOptions,omitempty"`
 		CreatedAt               *int64                                         `json:"createdAt,omitempty"`
 		CreationAuthorId        *int64                                         `json:"creationAuthorId,omitempty"`
+		DefaultTags             []string                                       `json:"defaultTags,omitempty"`
 		DeprecationDate         *int64                                         `json:"deprecationDate,omitempty"`
 		Filters                 []SecurityMonitoringFilter                     `json:"filters,omitempty"`
 		HasExtendedTitle        *bool                                          `json:"hasExtendedTitle,omitempty"`
@@ -734,7 +768,7 @@ func (o *SecurityMonitoringStandardRuleResponse) UnmarshalJSON(bytes []byte) (er
 	}
 	additionalProperties := make(map[string]interface{})
 	if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil {
-		datadog.DeleteKeys(additionalProperties, &[]string{"cases", "complianceSignalOptions", "createdAt", "creationAuthorId", "deprecationDate", "filters", "hasExtendedTitle", "id", "isDefault", "isDeleted", "isEnabled", "message", "name", "options", "queries", "tags", "thirdPartyCases", "type", "updateAuthorId", "version"})
+		datadog.DeleteKeys(additionalProperties, &[]string{"cases", "complianceSignalOptions", "createdAt", "creationAuthorId", "defaultTags", "deprecationDate", "filters", "hasExtendedTitle", "id", "isDefault", "isDeleted", "isEnabled", "message", "name", "options", "queries", "tags", "thirdPartyCases", "type", "updateAuthorId", "version"})
 	} else {
 		return err
 	}
@@ -747,6 +781,7 @@ func (o *SecurityMonitoringStandardRuleResponse) UnmarshalJSON(bytes []byte) (er
 	o.ComplianceSignalOptions = all.ComplianceSignalOptions
 	o.CreatedAt = all.CreatedAt
 	o.CreationAuthorId = all.CreationAuthorId
+	o.DefaultTags = all.DefaultTags
 	o.DeprecationDate = all.DeprecationDate
 	o.Filters = all.Filters
 	o.HasExtendedTitle = all.HasExtendedTitle

@@ -1 +1 @@
-2023-08-31T11:51:28.995Z
+2024-05-10T16:34:27.362Z
@@ -1,7 +1,7 @@
 interactions:
 - request:
     body: |
-      {"cases":[{"notifications":["channel"],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"filters":[{"action":"require","query":"resource_id:helo*"},{"action":"suppress","query":"control:helo*"}],"isEnabled":false,"message":"ddd","name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1693482688_cloud","options":{"complianceRuleOptions":{"complexRule":false,"regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} else = \"pass\" if {\n\t(iam_service_account_key.resource_seen_at / milliseconds_in_a_day) - (iam_service_account_key.valid_after_time / milliseconds_in_a_day) \u003c= 90\n} else = \"fail\"\n\n# This part remains unchanged for all rules\nresults contains result if {\n\tsome resource in input.resources[input.main_resource_type]\n\tresult := dd_output.format(resource, eval(resource))\n}\n","resourceTypes":["gcp_compute_disk"]},"resourceType":"gcp_compute_disk"}},"tags":["my:tag"],"type":"cloud_configuration"}
+      {"cases":[{"notifications":["channel"],"status":"info"}],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"filters":[{"action":"require","query":"resource_id:helo*"},{"action":"suppress","query":"control:helo*"}],"isEnabled":false,"message":"ddd","name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1715358867_cloud","options":{"complianceRuleOptions":{"complexRule":false,"regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} else = \"pass\" if {\n\t(iam_service_account_key.resource_seen_at / milliseconds_in_a_day) - (iam_service_account_key.valid_after_time / milliseconds_in_a_day) \u003c= 90\n} else = \"fail\"\n\n# This part remains unchanged for all rules\nresults contains result if {\n\tsome resource in input.resources[input.main_resource_type]\n\tresult := dd_output.format(resource, eval(resource))\n}\n","resourceTypes":["gcp_compute_disk"]},"resourceType":"gcp_compute_disk"}},"tags":["my:tag"],"type":"cloud_configuration"}
     form: {}
     headers:
       Accept:
@@ -12,7 +12,7 @@ interactions:
     method: POST
     url: https://api.datadoghq.com/api/v2/security_monitoring/rules
   response:
-    body: '{"id":"m0o-cza-uq9","version":1,"name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1693482688_cloud","createdAt":1693482689435,"creationAuthorId":1445416,"isDefault":false,"isEnabled":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package
+    body: '{"id":"fy5-crt-9n1","version":1,"name":"Test-Create_a_cloud_configuration_rule_returns_OK_response-1715358867_cloud","createdAt":1715358867822,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"resource_type:gcp_compute_disk","groupByFields":["resource_type","resource_id"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"a"}],"options":{"keepAlive":21600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":7200,"complianceRuleOptions":{"resourceType":"gcp_compute_disk","regoRule":{"policy":"package
       datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport
       future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000
       * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n}
@@ -38,7 +38,7 @@ interactions:
       - '*/*'
     id: 1
     method: DELETE
-    url: https://api.datadoghq.com/api/v2/security_monitoring/rules/m0o-cza-uq9
+    url: https://api.datadoghq.com/api/v2/security_monitoring/rules/fy5-crt-9n1
   response:
     body: ''
     code: 204

@@ -1 +1 @@
-2022-10-19T13:36:33.262Z
+2024-05-10T16:34:28.308Z
@@ -1,7 +1,7 @@
 interactions:
 - request:
     body: |
-      {"cases":[{"status":"info"}],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_returns_Bad_Request_response-1666186593","options":{},"queries":[{"query":""}],"tags":[]}
+      {"cases":[{"status":"info"}],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_returns_Bad_Request_response-1715358868","options":{},"queries":[{"query":""}],"tags":[]}
     form: {}
     headers:
       Accept:
@@ -12,7 +12,7 @@ interactions:
     method: POST
     url: https://api.datadoghq.com/api/v2/security_monitoring/rules
   response:
-    body: '{"errors":["Internal error"]}
+    body: '{"errors":["Invalid rule configuration","Query filter cannot be empty"]}
 
       '
     code: 400

@@ -1 +1 @@
-2022-10-19T13:36:33.666Z
+2024-05-10T16:34:28.650Z
@@ -1,7 +1,7 @@
 interactions:
 - request:
     body: |
-      {"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_returns_OK_response-1666186593","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metric":"","query":"@test:true"}],"tags":[],"type":"log_detection"}
+      {"cases":[{"condition":"a \u003e 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test rule","name":"Test-Create_a_detection_rule_returns_OK_response-1715358868","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"metric":"","query":"@test:true"}],"tags":[],"type":"log_detection"}
     form: {}
     headers:
       Accept:
@@ -12,9 +12,8 @@ interactions:
     method: POST
     url: https://api.datadoghq.com/api/v2/security_monitoring/rules
   response:
-    body: '{"creationAuthorId":1445416,"tags":[],"isEnabled":true,"hasExtendedTitle":false,"message":"Test
-      rule","options":{"detectionMethod":"threshold","evaluationWindow":900,"maxSignalDuration":86400,"keepAlive":3600},"version":1,"createdAt":1666186594041,"filters":[],"queries":[{"query":"@test:true","groupByFields":[],"aggregation":"count","name":"","distinctFields":[]}],"isDeleted":false,"cases":[{"status":"info","notifications":[],"name":"","condition":"a
-      > 0"}],"type":"log_detection","id":"2zr-mrk-aq9","isDefault":false,"name":"Test-Create_a_detection_rule_returns_OK_response-1666186593"}
+    body: '{"id":"oka-fqr-yqa","version":1,"name":"Test-Create_a_detection_rule_returns_OK_response-1715358868","createdAt":1715358869030,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"detectionMethod":"threshold","evaluationWindow":900},"cases":[{"name":"","status":"info","notifications":[],"condition":"a
+      > 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[]}
 
       '
     code: 200
@@ -31,7 +30,7 @@ interactions:
       - '*/*'
     id: 1
     method: DELETE
-    url: https://api.datadoghq.com/api/v2/security_monitoring/rules/2zr-mrk-aq9
+    url: https://api.datadoghq.com/api/v2/security_monitoring/rules/oka-fqr-yqa
   response:
     body: ''
     code: 204

@@ -1 +1 @@
-2024-01-03T15:07:54.290Z
+2024-05-10T16:34:29.476Z
@@ -1,7 +1,7 @@
 interactions:
 - request:
     body: |
-      {"cases":[],"isEnabled":true,"message":"This is a third party rule","name":"Test-Create_a_detection_rule_with_detection_method_third_party_returns_OK_response-1704294474","options":{"detectionMethod":"third_party","keepAlive":0,"maxSignalDuration":0,"thirdPartyRuleOptions":{"defaultStatus":"info","rootQueries":[{"groupByFields":["instance-id"],"query":"source:guardduty @details.alertType:*EC2*"},{"groupByFields":[],"query":"source:guardduty"}]}},"queries":[],"thirdPartyCases":[{"name":"high","query":"status:error","status":"high"},{"name":"low","query":"status:info","status":"low"}],"type":"log_detection"}
+      {"cases":[],"isEnabled":true,"message":"This is a third party rule","name":"Test-Create_a_detection_rule_with_detection_method_third_party_returns_OK_response-1715358869","options":{"detectionMethod":"third_party","keepAlive":0,"maxSignalDuration":0,"thirdPartyRuleOptions":{"defaultStatus":"info","rootQueries":[{"groupByFields":["instance-id"],"query":"source:guardduty @details.alertType:*EC2*"},{"groupByFields":[],"query":"source:guardduty"}]}},"queries":[],"thirdPartyCases":[{"name":"high","query":"status:error","status":"high"},{"name":"low","query":"status:info","status":"low"}],"type":"log_detection"}
     form: {}
     headers:
       Accept:
@@ -12,7 +12,7 @@ interactions:
     method: POST
     url: https://api.datadoghq.com/api/v2/security_monitoring/rules
   response:
-    body: '{"id":"ut1-s7a-0kn","version":1,"name":"Test-Create_a_detection_rule_with_detection_method_third_party_returns_OK_response-1704294474","createdAt":1704294474748,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"status:error","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"none","name":""},{"query":"status:info","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"none","name":""}],"options":{"keepAlive":0,"maxSignalDuration":0,"detectionMethod":"third_party","evaluationWindow":0,"thirdPartyRuleOptions":{"defaultStatus":"info","defaultNotifications":[],"rootQueries":[{"query":"source:guardduty
+    body: '{"id":"uys-ie9-xgd","version":1,"name":"Test-Create_a_detection_rule_with_detection_method_third_party_returns_OK_response-1715358869","createdAt":1715358869757,"creationAuthorId":1445416,"isDefault":false,"isPartner":false,"isEnabled":true,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"status:error","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"none","name":""},{"query":"status:info","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"none","name":""}],"options":{"keepAlive":0,"maxSignalDuration":0,"detectionMethod":"third_party","evaluationWindow":0,"thirdPartyRuleOptions":{"defaultStatus":"info","defaultNotifications":[],"rootQueries":[{"query":"source:guardduty
       @details.alertType:*EC2*","groupByFields":["instance-id"]},{"query":"source:guardduty","groupByFields":[]}]}},"cases":[{"name":"high","status":"high","notifications":[]},{"name":"low","status":"low","notifications":[]}],"message":"This
       is a third party rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"thirdPartyCases":[{"name":"high","status":"high","notifications":[],"query":"status:error"},{"name":"low","status":"low","notifications":[],"query":"status:info"}]}
 
@@ -31,7 +31,7 @@ interactions:
       - '*/*'
     id: 1
     method: DELETE
-    url: https://api.datadoghq.com/api/v2/security_monitoring/rules/ut1-s7a-0kn
+    url: https://api.datadoghq.com/api/v2/security_monitoring/rules/uys-ie9-xgd
   response:
     body: ''
     code: 204

@@ -1 +1 @@
-2022-10-19T13:36:34.442Z
+2024-05-10T16:34:30.285Z