diff --git a/.generated-info b/.generated-info index 250fa6b0237..6ade8f7d236 100644 --- a/.generated-info +++ b/.generated-info @@ -1,4 +1,4 @@ { - "spec_repo_commit": "2ffdc3f", - "generated": "2025-07-16 19:15:36.794" + "spec_repo_commit": "31a6042", + "generated": "2025-07-17 09:24:47.667" } diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 2ee20dab08f..238cfbd19da 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -33903,9 +33903,22 @@ components: format: int64 minimum: 0 type: integer + flaggedIPType: + $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptionsFlaggedIPType' userBehaviorName: $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptionsUserBehaviorName' type: object + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType: + description: Used with the case action of type 'flag_ip'. The value specified + in this field is applied as a flag to the IPs addresses. + enum: + - SUSPICIOUS + - FLAGGED + example: FLAGGED + type: string + x-enum-varnames: + - SUSPICIOUS + - FLAGGED SecurityMonitoringRuleCaseActionOptionsUserBehaviorName: description: Used with the case action of type 'user_behavior'. The value specified in this field is applied as a risk tag to all users affected by the rule. @@ -33916,11 +33929,13 @@ components: - block_ip - block_user - user_behavior + - flag_ip type: string x-enum-varnames: - BLOCK_IP - BLOCK_USER - USER_BEHAVIOR + - FLAG_IP SecurityMonitoringRuleCaseCreate: description: Case when signal is generated. properties: diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.java b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.java index 4465a67350c..abd406c0b9e 100644 --- a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.java +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.java @@ -5,6 +5,7 @@ import com.datadog.api.client.v2.api.SecurityMonitoringApi; import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseAction; import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseActionOptions; +import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseActionOptionsFlaggedIPType; import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseActionType; import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseCreate; import com.datadog.api.client.v2.model.SecurityMonitoringRuleCreatePayload; @@ -55,7 +56,14 @@ public static void main(String[] args) { .type(SecurityMonitoringRuleCaseActionType.USER_BEHAVIOR) .options( new SecurityMonitoringRuleCaseActionOptions() - .userBehaviorName("behavior")))))) + .userBehaviorName("behavior")), + new SecurityMonitoringRuleCaseAction() + .type(SecurityMonitoringRuleCaseActionType.FLAG_IP) + .options( + new SecurityMonitoringRuleCaseActionOptions() + .flaggedIpType( + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType + .FLAGGED)))))) .options( new SecurityMonitoringRuleOptions() .keepAlive(SecurityMonitoringRuleKeepAlive.ONE_HOUR) diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionOptions.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionOptions.java index 0df02cd1da5..65da5dbe527 100644 --- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionOptions.java +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionOptions.java @@ -19,6 +19,7 @@ /** Options for the rule action */ @JsonPropertyOrder({ SecurityMonitoringRuleCaseActionOptions.JSON_PROPERTY_DURATION, + SecurityMonitoringRuleCaseActionOptions.JSON_PROPERTY_FLAGGED_IP_TYPE, SecurityMonitoringRuleCaseActionOptions.JSON_PROPERTY_USER_BEHAVIOR_NAME }) @jakarta.annotation.Generated( @@ -28,6 +29,9 @@ public class SecurityMonitoringRuleCaseActionOptions { public static final String JSON_PROPERTY_DURATION = "duration"; private Long duration; + public static final String JSON_PROPERTY_FLAGGED_IP_TYPE = "flaggedIPType"; + private SecurityMonitoringRuleCaseActionOptionsFlaggedIPType flaggedIpType; + public static final String JSON_PROPERTY_USER_BEHAVIOR_NAME = "userBehaviorName"; private String userBehaviorName; @@ -52,6 +56,33 @@ public void setDuration(Long duration) { this.duration = duration; } + public SecurityMonitoringRuleCaseActionOptions flaggedIpType( + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType flaggedIpType) { + this.flaggedIpType = flaggedIpType; + this.unparsed |= !flaggedIpType.isValid(); + return this; + } + + /** + * Used with the case action of type 'flag_ip'. The value specified in this field is applied as a + * flag to the IPs addresses. + * + * @return flaggedIpType + */ + @jakarta.annotation.Nullable + @JsonProperty(JSON_PROPERTY_FLAGGED_IP_TYPE) + @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS) + public SecurityMonitoringRuleCaseActionOptionsFlaggedIPType getFlaggedIpType() { + return flaggedIpType; + } + + public void setFlaggedIpType(SecurityMonitoringRuleCaseActionOptionsFlaggedIPType flaggedIpType) { + if (!flaggedIpType.isValid()) { + this.unparsed = true; + } + this.flaggedIpType = flaggedIpType; + } + public SecurityMonitoringRuleCaseActionOptions userBehaviorName(String userBehaviorName) { this.userBehaviorName = userBehaviorName; return this; @@ -132,6 +163,7 @@ public boolean equals(Object o) { SecurityMonitoringRuleCaseActionOptions securityMonitoringRuleCaseActionOptions = (SecurityMonitoringRuleCaseActionOptions) o; return Objects.equals(this.duration, securityMonitoringRuleCaseActionOptions.duration) + && Objects.equals(this.flaggedIpType, securityMonitoringRuleCaseActionOptions.flaggedIpType) && Objects.equals( this.userBehaviorName, securityMonitoringRuleCaseActionOptions.userBehaviorName) && Objects.equals( @@ -141,7 +173,7 @@ public boolean equals(Object o) { @Override public int hashCode() { - return Objects.hash(duration, userBehaviorName, additionalProperties); + return Objects.hash(duration, flaggedIpType, userBehaviorName, additionalProperties); } @Override @@ -149,6 +181,7 @@ public String toString() { StringBuilder sb = new StringBuilder(); sb.append("class SecurityMonitoringRuleCaseActionOptions {\n"); sb.append(" duration: ").append(toIndentedString(duration)).append("\n"); + sb.append(" flaggedIpType: ").append(toIndentedString(flaggedIpType)).append("\n"); sb.append(" userBehaviorName: ").append(toIndentedString(userBehaviorName)).append("\n"); sb.append(" additionalProperties: ") .append(toIndentedString(additionalProperties)) diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionOptionsFlaggedIPType.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionOptionsFlaggedIPType.java new file mode 100644 index 00000000000..00a0840600d --- /dev/null +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionOptionsFlaggedIPType.java @@ -0,0 +1,68 @@ +/* + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2019-Present Datadog, Inc. + */ + +package com.datadog.api.client.v2.model; + +import com.datadog.api.client.ModelEnum; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; +import java.io.IOException; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + +/** + * Used with the case action of type 'flag_ip'. The value specified in this field is applied as a + * flag to the IPs addresses. + */ +@JsonSerialize( + using = + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType + .SecurityMonitoringRuleCaseActionOptionsFlaggedIPTypeSerializer.class) +public class SecurityMonitoringRuleCaseActionOptionsFlaggedIPType extends ModelEnum { + + private static final Set allowedValues = + new HashSet(Arrays.asList("SUSPICIOUS", "FLAGGED")); + + public static final SecurityMonitoringRuleCaseActionOptionsFlaggedIPType SUSPICIOUS = + new SecurityMonitoringRuleCaseActionOptionsFlaggedIPType("SUSPICIOUS"); + public static final SecurityMonitoringRuleCaseActionOptionsFlaggedIPType FLAGGED = + new SecurityMonitoringRuleCaseActionOptionsFlaggedIPType("FLAGGED"); + + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType(String value) { + super(value, allowedValues); + } + + public static class SecurityMonitoringRuleCaseActionOptionsFlaggedIPTypeSerializer + extends StdSerializer { + public SecurityMonitoringRuleCaseActionOptionsFlaggedIPTypeSerializer( + Class t) { + super(t); + } + + public SecurityMonitoringRuleCaseActionOptionsFlaggedIPTypeSerializer() { + this(null); + } + + @Override + public void serialize( + SecurityMonitoringRuleCaseActionOptionsFlaggedIPType value, + JsonGenerator jgen, + SerializerProvider provider) + throws IOException, JsonProcessingException { + jgen.writeObject(value.value); + } + } + + @JsonCreator + public static SecurityMonitoringRuleCaseActionOptionsFlaggedIPType fromValue(String value) { + return new SecurityMonitoringRuleCaseActionOptionsFlaggedIPType(value); + } +} diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionType.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionType.java index 156b87fc2ff..fc043ac9cfb 100644 --- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionType.java +++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleCaseActionType.java @@ -25,7 +25,7 @@ public class SecurityMonitoringRuleCaseActionType extends ModelEnum { private static final Set allowedValues = - new HashSet(Arrays.asList("block_ip", "block_user", "user_behavior")); + new HashSet(Arrays.asList("block_ip", "block_user", "user_behavior", "flag_ip")); public static final SecurityMonitoringRuleCaseActionType BLOCK_IP = new SecurityMonitoringRuleCaseActionType("block_ip"); @@ -33,6 +33,8 @@ public class SecurityMonitoringRuleCaseActionType extends ModelEnum { new SecurityMonitoringRuleCaseActionType("block_user"); public static final SecurityMonitoringRuleCaseActionType USER_BEHAVIOR = new SecurityMonitoringRuleCaseActionType("user_behavior"); + public static final SecurityMonitoringRuleCaseActionType FLAG_IP = + new SecurityMonitoringRuleCaseActionType("flag_ip"); SecurityMonitoringRuleCaseActionType(String value) { super(value, allowedValues); diff --git a/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature b/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature index 1ec6ed14e58..beffeae8be7 100644 --- a/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature +++ b/src/test/resources/com/datadog/api/client/v2/api/security_monitoring.feature @@ -225,7 +225,7 @@ Feature: Security Monitoring @skip-validation @team:DataDog/k9-cloud-security-platform Scenario: Create a detection rule with type 'application_security 'returns "OK" response Given new "CreateSecurityMonitoringRule" request - And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}, {"type":"user_behavior","options":{"userBehaviorName":"behavior"}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]} + And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}, {"type":"user_behavior","options":{"userBehaviorName":"behavior"}},{"type":"flag_ip","options":{"flaggedIPType":"FLAGGED"}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]} When the request is sent Then the response status is 200 OK And the response "name" is equal to "{{ unique }}_appsec_rule"