diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index d1ea8725c69..961406c151e 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -43891,6 +43891,14 @@ components: for scheduled rules - in other words, when the `schedulingOptions` field is present in the rule payload.' type: string + indexes: + description: List of indexes to query when the `dataSource` is `logs`. Only + used for scheduled rules, such as when the `schedulingOptions` field is + present in the rule payload. + items: + description: Index. + type: string + type: array metric: deprecated: true description: '(Deprecated) The target field to aggregate over when using diff --git a/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.frozen index 5c8f2a4f087..b67dbf545e1 100644 --- a/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.frozen @@ -1 +1 @@ -2025-07-31T07:48:27.113Z \ No newline at end of file +2025-10-13T21:11:45.641Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.yml index 5b9e527383c..8087d8a6a83 100644 --- a/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Create-a-scheduled-detection-rule-returns-OK-response.yml @@ -1,10 +1,10 @@ http_interactions: -- recorded_at: Thu, 31 Jul 2025 07:48:27 GMT +- recorded_at: Mon, 13 Oct 2025 21:11:45 GMT request: body: encoding: UTF-8 string: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test - rule","name":"Test-Create_a_scheduled_detection_rule_returns_OK_response-1753948107","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"index":"main","query":"@test:true"}],"schedulingOptions":{"rrule":"FREQ=HOURLY;INTERVAL=2;","start":"2025-06-18T12:00:00","timezone":"Europe/Paris"},"tags":[],"type":"log_detection"}' + rule","name":"Test-Create_a_scheduled_detection_rule_returns_OK_response-1760389905","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"indexes":["main"],"query":"@test:true"}],"schedulingOptions":{"rrule":"FREQ=HOURLY;INTERVAL=2;","start":"2025-06-18T12:00:00","timezone":"Europe/Paris"},"tags":[],"type":"log_detection"}' headers: Accept: - application/json @@ -15,22 +15,22 @@ http_interactions: response: body: encoding: UTF-8 - string: '{"name":"Test-Create_a_scheduled_detection_rule_returns_OK_response-1753948107","createdAt":1753948107557,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs","index":"main"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a - \u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"8dd-els-oyn","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"updater":{"handle":"","name":""},"schedulingOptions":{"rrule":"FREQ=HOURLY;INTERVAL=2;","start":"2025-06-18T12:00:00","timezone":"Europe/Paris"}}' + string: '{"name":"Test-Create_a_scheduled_detection_rule_returns_OK_response-1760389905","createdAt":1760389906051,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"@test:true","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs","index":"main","indexes":["main"]}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"cases":[{"name":"","status":"info","notifications":[],"condition":"a + \u003e 0"}],"message":"Test rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"vgs-rrg-orf","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"updater":{"handle":"","name":""},"schedulingOptions":{"rrule":"FREQ=HOURLY;INTERVAL=2;","start":"2025-06-18T12:00:00","timezone":"Europe/Paris"}}' headers: Content-Type: - application/json status: code: 200 message: OK -- recorded_at: Thu, 31 Jul 2025 07:48:27 GMT +- recorded_at: Mon, 13 Oct 2025 21:11:45 GMT request: body: null headers: Accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/8dd-els-oyn + uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/vgs-rrg-orf response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.frozen index 74170d6acd0..f95a9998886 100644 --- a/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.frozen +++ b/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.frozen @@ -1 +1 @@ -2025-07-31T07:49:14.474Z \ No newline at end of file +2025-10-13T21:12:46.212Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.yml index 591bd5667e6..f7443a85264 100644 --- a/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Create-a-scheduled-rule-without-rrule-returns-Bad-Request-response.yml @@ -1,10 +1,10 @@ http_interactions: -- recorded_at: Thu, 31 Jul 2025 07:49:14 GMT +- recorded_at: Mon, 13 Oct 2025 21:12:46 GMT request: body: encoding: UTF-8 string: '{"cases":[{"condition":"a > 0","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"Test - rule","name":"Test-Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response-1753948154","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"index":"main","query":"@test:true"}],"schedulingOptions":{"start":"2025-06-18T12:00:00","timezone":"Europe/Paris"},"tags":[],"type":"log_detection"}' + rule","name":"Test-Create_a_scheduled_rule_without_rrule_returns_Bad_Request_response-1760389966","options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":[],"indexes":["main"],"query":"@test:true"}],"schedulingOptions":{"start":"2025-06-18T12:00:00","timezone":"Europe/Paris"},"tags":[],"type":"log_detection"}' headers: Accept: - application/json diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.rb b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.rb index 1463482610d..e5c3bf20fa1 100644 --- a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.rb +++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.rb @@ -11,7 +11,9 @@ aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT, group_by_fields: [], distinct_fields: [], - index: "main", + indexes: [ + "main", + ], }), ], filters: [], diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 77aa1d738ce..c83348e6898 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -308,7 +308,7 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Create a scheduled detection rule returns "OK" response Given new "CreateSecurityMonitoringRule" request - And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"indexes":["main"]}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} When the request is sent Then the response status is 200 OK And the response "name" is equal to "{{ unique }}" @@ -319,7 +319,7 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Create a scheduled rule without rrule returns "Bad Request" response Given new "CreateSecurityMonitoringRule" request - And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} + And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"indexes":["main"]}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} When the request is sent Then the response status is 400 Bad Request diff --git a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_query.rb b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_query.rb index aceb98c244a..c9d738ec3fb 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_query.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_standard_rule_query.rb @@ -43,6 +43,9 @@ class SecurityMonitoringStandardRuleQuery # The index to run the query on, if the `dataSource` is `logs`. Only used for scheduled rules - in other words, when the `schedulingOptions` field is present in the rule payload. attr_accessor :index + # List of indexes to query when the `dataSource` is `logs`. Only used for scheduled rules, such as when the `schedulingOptions` field is present in the rule payload. + attr_accessor :indexes + # (Deprecated) The target field to aggregate over when using the sum or max # aggregations. `metrics` field should be used instead. attr_accessor :metric @@ -69,6 +72,7 @@ def self.attribute_map :'group_by_fields' => :'groupByFields', :'has_optional_group_by_fields' => :'hasOptionalGroupByFields', :'index' => :'index', + :'indexes' => :'indexes', :'metric' => :'metric', :'metrics' => :'metrics', :'name' => :'name', @@ -87,6 +91,7 @@ def self.openapi_types :'group_by_fields' => :'Array', :'has_optional_group_by_fields' => :'Boolean', :'index' => :'String', + :'indexes' => :'Array', :'metric' => :'String', :'metrics' => :'Array', :'name' => :'String', @@ -144,6 +149,12 @@ def initialize(attributes = {}) self.index = attributes[:'index'] end + if attributes.key?(:'indexes') + if (value = attributes[:'indexes']).is_a?(Array) + self.indexes = value + end + end + if attributes.key?(:'metric') self.metric = attributes[:'metric'] end @@ -196,6 +207,7 @@ def ==(o) group_by_fields == o.group_by_fields && has_optional_group_by_fields == o.has_optional_group_by_fields && index == o.index && + indexes == o.indexes && metric == o.metric && metrics == o.metrics && name == o.name && @@ -207,7 +219,7 @@ def ==(o) # @return [Integer] Hash code # @!visibility private def hash - [aggregation, custom_query_extension, data_source, distinct_fields, group_by_fields, has_optional_group_by_fields, index, metric, metrics, name, query, additional_properties].hash + [aggregation, custom_query_extension, data_source, distinct_fields, group_by_fields, has_optional_group_by_fields, index, indexes, metric, metrics, name, query, additional_properties].hash end end end