diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 4bc99f94bc1d..4d59bfade193 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -19385,9 +19385,6 @@ components: ConvertJobResultsToSignalsAttributes: description: Attributes for converting historical job results to signals. properties: - id: - description: Request ID. - type: string jobResultIds: description: Job result IDs. example: @@ -38180,10 +38177,34 @@ components: HistoricalJobQuery: description: Query for selecting logs analyzed by the historical job. properties: + additionalFilters: + description: Additional filters appended to the query at evaluation time. + type: string aggregation: $ref: "#/components/schemas/SecurityMonitoringRuleQueryAggregation" + correlatedByFields: + description: Fields used to correlate results across queries in sequence detection rules. + items: + description: Field. + type: string + type: array + correlatedQueryIndex: + description: Zero-based index of the query to correlate with in sequence detection rules. Up to 10 queries are supported, so valid values are 0 to 9. + format: int64 + maximum: 9 + minimum: 0 + type: integer + customQueryExtension: + description: Custom query extension used to refine the base query. + type: string dataSource: $ref: "#/components/schemas/SecurityMonitoringStandardDataSource" + datasetIds: + description: IDs of reference datasets used by this query. + items: + description: Dataset ID. + type: string + type: array distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: @@ -38201,6 +38222,15 @@ components: description: When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. example: false type: boolean + index: + description: Index used to load the data for this query. + type: string + indexes: + description: Indexes used to load the data for this query. Mutually exclusive with `index`. + items: + description: Index name. + type: string + type: array metrics: description: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. items: @@ -38214,6 +38244,9 @@ components: description: Query to run on logs. example: a > 3 type: string + queryLanguage: + description: Language used to parse the query string. + type: string type: object HistoricalJobResponse: description: Historical job response. @@ -38247,6 +38280,10 @@ components: modifiedAt: description: Last modification time of the job. type: string + progressRate: + description: Job execution progress as a value between 0 and 1. Available for ongoing jobs. + format: double + type: number signalOutput: description: Whether the job outputs signals. type: boolean @@ -43777,9 +43814,10 @@ components: $ref: "#/components/schemas/CalculatedField" type: array cases: - description: Cases used for generating job results. + description: Cases used for generating job results. Up to 10 cases are allowed. items: $ref: "#/components/schemas/SecurityMonitoringRuleCaseCreate" + maxItems: 10 type: array from: description: Starting time of data analyzed by the job. @@ -43809,9 +43847,10 @@ components: options: $ref: "#/components/schemas/HistoricalJobOptions" queries: - description: Queries for selecting logs analyzed by the job. + description: Queries for selecting logs analyzed by the job. Up to 10 queries are allowed. items: $ref: "#/components/schemas/HistoricalJobQuery" + maxItems: 10 type: array referenceTables: description: Reference tables used in the queries. @@ -43825,10 +43864,11 @@ components: type: string type: array thirdPartyCases: - description: Cases for generating results from third-party detection method. Only available for third-party detection method. + description: Cases for generating results from third-party detection method. Only available for third-party detection method. Up to 10 cases are allowed. example: [] items: $ref: "#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate" + maxItems: 10 type: array to: description: Ending time of data analyzed by the job. @@ -43850,6 +43890,12 @@ components: JobDefinitionFromRule: description: Definition of a historical job based on a security monitoring rule. properties: + caseIndex: + description: Zero-based index of the rule case to use as the job's signal condition. When omitted, all cases are evaluated. Up to 10 cases are supported, so valid values are 0 to 9. + format: int32 + maximum: 9 + minimum: 0 + type: integer from: description: Starting time of data analyzed by the job. example: 1729843470000 @@ -71345,11 +71391,11 @@ components: properties: fromRule: $ref: "#/components/schemas/JobDefinitionFromRule" - id: - description: Request ID. - type: string jobDefinition: $ref: "#/components/schemas/JobDefinition" + signalOutput: + description: Whether the job outputs signals when results are converted. + type: boolean type: object RunHistoricalJobRequestData: description: Data for running a historical job request. diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.frozen index a87300297ae8..1c7c9a559cbb 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.frozen +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:40.141Z \ No newline at end of file +2026-05-26T20:45:58.257Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.yml index e3ba26b7ca7d..f7481f2b7140 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:40 GMT +- recorded_at: Tue, 26 May 2026 20:45:58 GMT request: body: null headers: diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.frozen index 5ffbfe4c377a..d6cc65f02361 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.frozen +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:41.174Z \ No newline at end of file +2026-05-26T20:45:58.957Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.yml b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.yml index 7d8f1e22b543..e398a5b17569 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.yml +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:41 GMT +- recorded_at: Tue, 26 May 2026 20:45:58 GMT request: body: null headers: diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.frozen index be59fd60df77..9b5b661937e3 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:41.286Z \ No newline at end of file +2026-05-26T20:45:59.561Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.yml index b89aa3e0a7bd..9249d8546204 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:41 GMT +- recorded_at: Tue, 26 May 2026 20:45:59 GMT request: body: encoding: UTF-8 @@ -17,21 +17,21 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"data":{"id":"67278df4-84b8-4413-884b-88d9facdb68a","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"21011d0e-e7e3-49e1-91d4-74d6791382c8","type":"historicalDetectionsJob"}}' headers: Content-Type: - application/vnd.api+json status: code: 201 message: Created -- recorded_at: Mon, 13 Apr 2026 09:15:41 GMT +- recorded_at: Tue, 26 May 2026 20:45:59 GMT request: body: null headers: Accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/67278df4-84b8-4413-884b-88d9facdb68a/cancel + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/21011d0e-e7e3-49e1-91d4-74d6791382c8/cancel response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.frozen index b22ac5b07a23..f1456e24df3c 100644 --- a/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.frozen +++ b/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:41.656Z \ No newline at end of file +2026-05-26T20:46:00.730Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.yml index 09122b602f66..ee48d8fbf7a9 100644 --- a/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:41 GMT +- recorded_at: Tue, 26 May 2026 20:46:00 GMT request: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.frozen index 3b7d74bd4b97..37e5dc1097b3 100644 --- a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.frozen +++ b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:41.819Z \ No newline at end of file +2026-05-26T20:46:01.231Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.yml index 532fb06c23fc..2fc1ad5b836f 100644 --- a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:41 GMT +- recorded_at: Tue, 26 May 2026 20:46:01 GMT request: body: null headers: diff --git a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.frozen index 7528bc4877dd..d35b34f86e5d 100644 --- a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.frozen +++ b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.455Z \ No newline at end of file +2026-05-26T20:46:01.667Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.yml b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.yml index 5b44fe6adc72..4bec973eba23 100644 --- a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.yml +++ b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:42 GMT +- recorded_at: Tue, 26 May 2026 20:46:01 GMT request: body: null headers: diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.frozen index f959b7469abd..8eb6d70767b8 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.frozen +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.536Z \ No newline at end of file +2026-05-26T20:46:02.116Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.yml index 7c6a28dc095d..9d4d33ed5e67 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:42 GMT +- recorded_at: Tue, 26 May 2026 20:46:02 GMT request: body: null headers: diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.frozen index be224ded310b..a0ded07257de 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.frozen +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.599Z \ No newline at end of file +2026-05-26T20:46:02.616Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.yml b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.yml index c7162edef096..0b1194f9fe83 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.yml +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:42 GMT +- recorded_at: Tue, 26 May 2026 20:46:02 GMT request: body: null headers: diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen index 24ebe9b1927b..a81d2bd50b61 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.662Z \ No newline at end of file +2026-05-26T20:46:03.044Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml index db5056bb6003..89e0362af5af 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:42 GMT +- recorded_at: Tue, 26 May 2026 20:46:03 GMT request: body: encoding: UTF-8 @@ -17,32 +17,31 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"data":{"id":"876b8334-58f8-4b7d-8e62-0101cb019208","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"4590ff3a-0a23-4f80-b974-d06df0d9b1e6","type":"historicalDetectionsJob"}}' headers: Content-Type: - application/vnd.api+json status: code: 201 message: Created -- recorded_at: Mon, 13 Apr 2026 09:15:42 GMT +- recorded_at: Tue, 26 May 2026 20:46:03 GMT request: body: null headers: Accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/876b8334-58f8-4b7d-8e62-0101cb019208 + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/4590ff3a-0a23-4f80-b974-d06df0d9b1e6 response: body: encoding: UTF-8 - string: '{"data":{"id":"876b8334-58f8-4b7d-8e62-0101cb019208","type":"historicalDetectionsJob","attributes":{"createdAt":"2026-04-13 - 09:15:42.715435+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI - Account","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive + string: '{"data":{"id":"4590ff3a-0a23-4f80-b974-d06df0d9b1e6","type":"historicalDetectionsJob","attributes":{"createdAt":"2026-05-26 + 20:46:03.567462+00","createdByHandle":"frog@datadoghq.com","createdByName":"frog","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive number of failed attempts.","cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A large number of failed login attempts.","tags":[],"type":"log_detection"},"jobName":"Excessive - number of failed attempts.","jobStatus":"pending","modifiedAt":"2026-04-13 - 09:15:42.715435+00","signalOutput":false}}}' + number of failed attempts.","jobStatus":"pending","modifiedAt":"2026-05-26 + 20:46:03.567462+00","signalOutput":false}}}' headers: Content-Type: - application/vnd.api+json diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.frozen index 69151c224c68..a4d0d9515569 100644 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.frozen +++ b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.851Z \ No newline at end of file +2026-05-26T20:46:04.068Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.yml index d213ef312f07..e59d89136695 100644 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:42 GMT +- recorded_at: Tue, 26 May 2026 20:46:04 GMT request: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.frozen index 765e43e86646..94db8e42bcd9 100644 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.frozen +++ b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.922Z \ No newline at end of file +2026-05-26T20:46:04.592Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.yml b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.yml index 18c7a2fbd869..666050ed7aa4 100644 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.yml +++ b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:42 GMT +- recorded_at: Tue, 26 May 2026 20:46:04 GMT request: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.frozen b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.frozen index ee9c040c7715..74da5caa26f1 100644 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.frozen +++ b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.979Z \ No newline at end of file +2026-05-26T20:46:05.019Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.yml b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.yml index 26ba89bbd1be..839e67b91f97 100644 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.yml +++ b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Mon, 13 Apr 2026 09:15:42 GMT +- recorded_at: Tue, 26 May 2026 20:46:05 GMT request: body: encoding: UTF-8 @@ -17,7 +17,7 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"data":{"id":"8ce2a4d4-db9e-445d-93bb-b60980d56d25","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"1fa783c4-c6ce-430c-972c-43a2ccde1420","type":"historicalDetectionsJob"}}' headers: Content-Type: - application/vnd.api+json diff --git a/lib/datadog_api_client/v2/models/convert_job_results_to_signals_attributes.rb b/lib/datadog_api_client/v2/models/convert_job_results_to_signals_attributes.rb index d1cb82c00654..9e9709003204 100644 --- a/lib/datadog_api_client/v2/models/convert_job_results_to_signals_attributes.rb +++ b/lib/datadog_api_client/v2/models/convert_job_results_to_signals_attributes.rb @@ -21,9 +21,6 @@ module DatadogAPIClient::V2 class ConvertJobResultsToSignalsAttributes include BaseGenericModel - # Request ID. - attr_accessor :id - # Job result IDs. attr_reader :job_result_ids @@ -42,7 +39,6 @@ class ConvertJobResultsToSignalsAttributes # @!visibility private def self.attribute_map { - :'id' => :'id', :'job_result_ids' => :'jobResultIds', :'notifications' => :'notifications', :'signal_message' => :'signalMessage', @@ -54,7 +50,6 @@ def self.attribute_map # @!visibility private def self.openapi_types { - :'id' => :'String', :'job_result_ids' => :'Array', :'notifications' => :'Array', :'signal_message' => :'String', @@ -80,10 +75,6 @@ def initialize(attributes = {}) end } - if attributes.key?(:'id') - self.id = attributes[:'id'] - end - if attributes.key?(:'job_result_ids') if (value = attributes[:'job_result_ids']).is_a?(Array) self.job_result_ids = value @@ -182,7 +173,6 @@ def to_hash def ==(o) return true if self.equal?(o) self.class == o.class && - id == o.id && job_result_ids == o.job_result_ids && notifications == o.notifications && signal_message == o.signal_message && @@ -194,7 +184,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [id, job_result_ids, notifications, signal_message, signal_severity, additional_properties].hash + [job_result_ids, notifications, signal_message, signal_severity, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/historical_job_query.rb b/lib/datadog_api_client/v2/models/historical_job_query.rb index 2613e6f69125..a0b84bfcd570 100644 --- a/lib/datadog_api_client/v2/models/historical_job_query.rb +++ b/lib/datadog_api_client/v2/models/historical_job_query.rb @@ -21,12 +21,27 @@ module DatadogAPIClient::V2 class HistoricalJobQuery include BaseGenericModel + # Additional filters appended to the query at evaluation time. + attr_accessor :additional_filters + # The aggregation type. attr_accessor :aggregation + # Fields used to correlate results across queries in sequence detection rules. + attr_accessor :correlated_by_fields + + # Zero-based index of the query to correlate with in sequence detection rules. Up to 10 queries are supported, so valid values are 0 to 9. + attr_reader :correlated_query_index + + # Custom query extension used to refine the base query. + attr_accessor :custom_query_extension + # Source of events, either logs, audit trail, security signals, or Datadog events. `app_sec_spans` is deprecated in favor of `spans`. attr_accessor :data_source + # IDs of reference datasets used by this query. + attr_accessor :dataset_ids + # Field for which the cardinality is measured. Sent as an array. attr_accessor :distinct_fields @@ -36,6 +51,12 @@ class HistoricalJobQuery # When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. attr_accessor :has_optional_group_by_fields + # Index used to load the data for this query. + attr_accessor :index + + # Indexes used to load the data for this query. Mutually exclusive with `index`. + attr_accessor :indexes + # Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. attr_accessor :metrics @@ -45,20 +66,31 @@ class HistoricalJobQuery # Query to run on logs. attr_accessor :query + # Language used to parse the query string. + attr_accessor :query_language + attr_accessor :additional_properties # Attribute mapping from ruby-style variable name to JSON key. # @!visibility private def self.attribute_map { + :'additional_filters' => :'additionalFilters', :'aggregation' => :'aggregation', + :'correlated_by_fields' => :'correlatedByFields', + :'correlated_query_index' => :'correlatedQueryIndex', + :'custom_query_extension' => :'customQueryExtension', :'data_source' => :'dataSource', + :'dataset_ids' => :'datasetIds', :'distinct_fields' => :'distinctFields', :'group_by_fields' => :'groupByFields', :'has_optional_group_by_fields' => :'hasOptionalGroupByFields', + :'index' => :'index', + :'indexes' => :'indexes', :'metrics' => :'metrics', :'name' => :'name', - :'query' => :'query' + :'query' => :'query', + :'query_language' => :'queryLanguage' } end @@ -66,14 +98,22 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'additional_filters' => :'String', :'aggregation' => :'SecurityMonitoringRuleQueryAggregation', + :'correlated_by_fields' => :'Array', + :'correlated_query_index' => :'Integer', + :'custom_query_extension' => :'String', :'data_source' => :'SecurityMonitoringStandardDataSource', + :'dataset_ids' => :'Array', :'distinct_fields' => :'Array', :'group_by_fields' => :'Array', :'has_optional_group_by_fields' => :'Boolean', + :'index' => :'String', + :'indexes' => :'Array', :'metrics' => :'Array', :'name' => :'String', - :'query' => :'String' + :'query' => :'String', + :'query_language' => :'String' } end @@ -95,14 +135,38 @@ def initialize(attributes = {}) end } + if attributes.key?(:'additional_filters') + self.additional_filters = attributes[:'additional_filters'] + end + if attributes.key?(:'aggregation') self.aggregation = attributes[:'aggregation'] end + if attributes.key?(:'correlated_by_fields') + if (value = attributes[:'correlated_by_fields']).is_a?(Array) + self.correlated_by_fields = value + end + end + + if attributes.key?(:'correlated_query_index') + self.correlated_query_index = attributes[:'correlated_query_index'] + end + + if attributes.key?(:'custom_query_extension') + self.custom_query_extension = attributes[:'custom_query_extension'] + end + if attributes.key?(:'data_source') self.data_source = attributes[:'data_source'] end + if attributes.key?(:'dataset_ids') + if (value = attributes[:'dataset_ids']).is_a?(Array) + self.dataset_ids = value + end + end + if attributes.key?(:'distinct_fields') if (value = attributes[:'distinct_fields']).is_a?(Array) self.distinct_fields = value @@ -119,6 +183,16 @@ def initialize(attributes = {}) self.has_optional_group_by_fields = attributes[:'has_optional_group_by_fields'] end + if attributes.key?(:'index') + self.index = attributes[:'index'] + end + + if attributes.key?(:'indexes') + if (value = attributes[:'indexes']).is_a?(Array) + self.indexes = value + end + end + if attributes.key?(:'metrics') if (value = attributes[:'metrics']).is_a?(Array) self.metrics = value @@ -132,6 +206,32 @@ def initialize(attributes = {}) if attributes.key?(:'query') self.query = attributes[:'query'] end + + if attributes.key?(:'query_language') + self.query_language = attributes[:'query_language'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if !@correlated_query_index.nil? && @correlated_query_index > 9 + return false if !@correlated_query_index.nil? && @correlated_query_index < 0 + true + end + + # Custom attribute writer method with validation + # @param correlated_query_index [Object] Object to be assigned + # @!visibility private + def correlated_query_index=(correlated_query_index) + if !correlated_query_index.nil? && correlated_query_index > 9 + fail ArgumentError, 'invalid value for "correlated_query_index", must be smaller than or equal to 9.' + end + if !correlated_query_index.nil? && correlated_query_index < 0 + fail ArgumentError, 'invalid value for "correlated_query_index", must be greater than or equal to 0.' + end + @correlated_query_index = correlated_query_index end # Returns the object in the form of hash, with additionalProperties support. @@ -160,14 +260,22 @@ def to_hash def ==(o) return true if self.equal?(o) self.class == o.class && + additional_filters == o.additional_filters && aggregation == o.aggregation && + correlated_by_fields == o.correlated_by_fields && + correlated_query_index == o.correlated_query_index && + custom_query_extension == o.custom_query_extension && data_source == o.data_source && + dataset_ids == o.dataset_ids && distinct_fields == o.distinct_fields && group_by_fields == o.group_by_fields && has_optional_group_by_fields == o.has_optional_group_by_fields && + index == o.index && + indexes == o.indexes && metrics == o.metrics && name == o.name && query == o.query && + query_language == o.query_language && additional_properties == o.additional_properties end @@ -175,7 +283,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [aggregation, data_source, distinct_fields, group_by_fields, has_optional_group_by_fields, metrics, name, query, additional_properties].hash + [additional_filters, aggregation, correlated_by_fields, correlated_query_index, custom_query_extension, data_source, dataset_ids, distinct_fields, group_by_fields, has_optional_group_by_fields, index, indexes, metrics, name, query, query_language, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/historical_job_response_attributes.rb b/lib/datadog_api_client/v2/models/historical_job_response_attributes.rb index c4d677b5a129..c8de46ee8ea1 100644 --- a/lib/datadog_api_client/v2/models/historical_job_response_attributes.rb +++ b/lib/datadog_api_client/v2/models/historical_job_response_attributes.rb @@ -45,6 +45,9 @@ class HistoricalJobResponseAttributes # Last modification time of the job. attr_accessor :modified_at + # Job execution progress as a value between 0 and 1. Available for ongoing jobs. + attr_accessor :progress_rate + # Whether the job outputs signals. attr_accessor :signal_output @@ -62,6 +65,7 @@ def self.attribute_map :'job_name' => :'jobName', :'job_status' => :'jobStatus', :'modified_at' => :'modifiedAt', + :'progress_rate' => :'progressRate', :'signal_output' => :'signalOutput' } end @@ -78,6 +82,7 @@ def self.openapi_types :'job_name' => :'String', :'job_status' => :'String', :'modified_at' => :'String', + :'progress_rate' => :'Float', :'signal_output' => :'Boolean' } end @@ -132,6 +137,10 @@ def initialize(attributes = {}) self.modified_at = attributes[:'modified_at'] end + if attributes.key?(:'progress_rate') + self.progress_rate = attributes[:'progress_rate'] + end + if attributes.key?(:'signal_output') self.signal_output = attributes[:'signal_output'] end @@ -171,6 +180,7 @@ def ==(o) job_name == o.job_name && job_status == o.job_status && modified_at == o.modified_at && + progress_rate == o.progress_rate && signal_output == o.signal_output && additional_properties == o.additional_properties end @@ -179,7 +189,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [created_at, created_by_handle, created_by_name, created_from_rule_id, job_definition, job_name, job_status, modified_at, signal_output, additional_properties].hash + [created_at, created_by_handle, created_by_name, created_from_rule_id, job_definition, job_name, job_status, modified_at, progress_rate, signal_output, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/job_definition.rb b/lib/datadog_api_client/v2/models/job_definition.rb index 990c37537802..589dc5285a7f 100644 --- a/lib/datadog_api_client/v2/models/job_definition.rb +++ b/lib/datadog_api_client/v2/models/job_definition.rb @@ -24,7 +24,7 @@ class JobDefinition # Calculated fields. attr_accessor :calculated_fields - # Cases used for generating job results. + # Cases used for generating job results. Up to 10 cases are allowed. attr_reader :cases # Starting time of data analyzed by the job. @@ -45,7 +45,7 @@ class JobDefinition # Job options. attr_accessor :options - # Queries for selecting logs analyzed by the job. + # Queries for selecting logs analyzed by the job. Up to 10 queries are allowed. attr_reader :queries # Reference tables used in the queries. @@ -54,8 +54,8 @@ class JobDefinition # Tags for generated signals. attr_accessor :tags - # Cases for generating results from third-party detection method. Only available for third-party detection method. - attr_accessor :third_party_cases + # Cases for generating results from third-party detection method. Only available for third-party detection method. Up to 10 cases are allowed. + attr_reader :third_party_cases # Ending time of data analyzed by the job. attr_reader :to @@ -201,11 +201,14 @@ def initialize(attributes = {}) # @!visibility private def valid? return false if @cases.nil? + return false if @cases.length > 10 return false if @from.nil? return false if @index.nil? return false if @message.nil? return false if @name.nil? return false if @queries.nil? + return false if @queries.length > 10 + return false if !@third_party_cases.nil? && @third_party_cases.length > 10 return false if @to.nil? true end @@ -217,6 +220,9 @@ def cases=(cases) if cases.nil? fail ArgumentError, 'invalid value for "cases", cases cannot be nil.' end + if cases.length > 10 + fail ArgumentError, 'invalid value for "cases", number of items must be less than or equal to 10.' + end @cases = cases end @@ -267,9 +273,22 @@ def queries=(queries) if queries.nil? fail ArgumentError, 'invalid value for "queries", queries cannot be nil.' end + if queries.length > 10 + fail ArgumentError, 'invalid value for "queries", number of items must be less than or equal to 10.' + end @queries = queries end + # Custom attribute writer method with validation + # @param third_party_cases [Object] Object to be assigned + # @!visibility private + def third_party_cases=(third_party_cases) + if !third_party_cases.nil? && third_party_cases.length > 10 + fail ArgumentError, 'invalid value for "third_party_cases", number of items must be less than or equal to 10.' + end + @third_party_cases = third_party_cases + end + # Custom attribute writer method with validation # @param to [Object] Object to be assigned # @!visibility private diff --git a/lib/datadog_api_client/v2/models/job_definition_from_rule.rb b/lib/datadog_api_client/v2/models/job_definition_from_rule.rb index 89f6543cd302..66ea9e81e8f8 100644 --- a/lib/datadog_api_client/v2/models/job_definition_from_rule.rb +++ b/lib/datadog_api_client/v2/models/job_definition_from_rule.rb @@ -21,6 +21,9 @@ module DatadogAPIClient::V2 class JobDefinitionFromRule include BaseGenericModel + # Zero-based index of the rule case to use as the job's signal condition. When omitted, all cases are evaluated. Up to 10 cases are supported, so valid values are 0 to 9. + attr_reader :case_index + # Starting time of data analyzed by the job. attr_reader :from @@ -42,6 +45,7 @@ class JobDefinitionFromRule # @!visibility private def self.attribute_map { + :'case_index' => :'caseIndex', :'from' => :'from', :'id' => :'id', :'index' => :'index', @@ -54,6 +58,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { + :'case_index' => :'Integer', :'from' => :'Integer', :'id' => :'String', :'index' => :'String', @@ -80,6 +85,10 @@ def initialize(attributes = {}) end } + if attributes.key?(:'case_index') + self.case_index = attributes[:'case_index'] + end + if attributes.key?(:'from') self.from = attributes[:'from'] end @@ -107,6 +116,8 @@ def initialize(attributes = {}) # @return true if the model is valid # @!visibility private def valid? + return false if !@case_index.nil? && @case_index > 9 + return false if !@case_index.nil? && @case_index < 0 return false if @from.nil? return false if @id.nil? return false if @index.nil? @@ -114,6 +125,19 @@ def valid? true end + # Custom attribute writer method with validation + # @param case_index [Object] Object to be assigned + # @!visibility private + def case_index=(case_index) + if !case_index.nil? && case_index > 9 + fail ArgumentError, 'invalid value for "case_index", must be smaller than or equal to 9.' + end + if !case_index.nil? && case_index < 0 + fail ArgumentError, 'invalid value for "case_index", must be greater than or equal to 0.' + end + @case_index = case_index + end + # Custom attribute writer method with validation # @param from [Object] Object to be assigned # @!visibility private @@ -180,6 +204,7 @@ def to_hash def ==(o) return true if self.equal?(o) self.class == o.class && + case_index == o.case_index && from == o.from && id == o.id && index == o.index && @@ -192,7 +217,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [from, id, index, notifications, to, additional_properties].hash + [case_index, from, id, index, notifications, to, additional_properties].hash end end end diff --git a/lib/datadog_api_client/v2/models/run_historical_job_request_attributes.rb b/lib/datadog_api_client/v2/models/run_historical_job_request_attributes.rb index 2c68eba125f3..7196d20bf3c1 100644 --- a/lib/datadog_api_client/v2/models/run_historical_job_request_attributes.rb +++ b/lib/datadog_api_client/v2/models/run_historical_job_request_attributes.rb @@ -24,12 +24,12 @@ class RunHistoricalJobRequestAttributes # Definition of a historical job based on a security monitoring rule. attr_accessor :from_rule - # Request ID. - attr_accessor :id - # Definition of a historical job. attr_accessor :job_definition + # Whether the job outputs signals when results are converted. + attr_accessor :signal_output + attr_accessor :additional_properties # Attribute mapping from ruby-style variable name to JSON key. @@ -37,8 +37,8 @@ class RunHistoricalJobRequestAttributes def self.attribute_map { :'from_rule' => :'fromRule', - :'id' => :'id', - :'job_definition' => :'jobDefinition' + :'job_definition' => :'jobDefinition', + :'signal_output' => :'signalOutput' } end @@ -47,8 +47,8 @@ def self.attribute_map def self.openapi_types { :'from_rule' => :'JobDefinitionFromRule', - :'id' => :'String', - :'job_definition' => :'JobDefinition' + :'job_definition' => :'JobDefinition', + :'signal_output' => :'Boolean' } end @@ -74,13 +74,13 @@ def initialize(attributes = {}) self.from_rule = attributes[:'from_rule'] end - if attributes.key?(:'id') - self.id = attributes[:'id'] - end - if attributes.key?(:'job_definition') self.job_definition = attributes[:'job_definition'] end + + if attributes.key?(:'signal_output') + self.signal_output = attributes[:'signal_output'] + end end # Returns the object in the form of hash, with additionalProperties support. @@ -110,8 +110,8 @@ def ==(o) return true if self.equal?(o) self.class == o.class && from_rule == o.from_rule && - id == o.id && job_definition == o.job_definition && + signal_output == o.signal_output && additional_properties == o.additional_properties end @@ -119,7 +119,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [from_rule, id, job_definition, additional_properties].hash + [from_rule, job_definition, signal_output, additional_properties].hash end end end