Skip to content

Add OpenAPI documentation for security monitoring content packs endpoints #3662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
api-clients-generation-pipeline wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add OpenAPI documentation for security monitoring content packs endpoints #3662

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
276 changes: 276 additions & 0 deletions .generator/schemas/v2/openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52434,6 +52434,153 @@ components:
x-enum-varnames:
- DONE
- TIMEOUT
SecurityMonitoringContentPackActivation:
description: The activation status of a content pack
enum:
- never_activated
- activated
- deactivated
example: activated
type: string
x-enum-varnames:
- NEVER_ACTIVATED
- ACTIVATED
- DEACTIVATED
SecurityMonitoringContentPackIntegrationStatus:
description: The installation status of the related integration
enum:
- installed
- available
- partially_installed
- detected
- error
example: installed
type: string
x-enum-varnames:
- INSTALLED
- AVAILABLE
- PARTIALLY_INSTALLED
- DETECTED
- ERROR
SecurityMonitoringContentPackStateAttributes:
description: Attributes of a content pack state
properties:
cloud_siem_index_incorrect:
description: Whether the cloud SIEM index configuration is incorrect (only
applicable with the Cloud SIEM with index pricing model)
example: false
type: boolean
cp_activation:
$ref: '#/components/schemas/SecurityMonitoringContentPackActivation'
filters_configured_for_logs:
description: Whether filters (Security Filters or Index Query depending
on the pricing model) are configured for logs
example: true
type: boolean
integration_installed_status:
$ref: '#/components/schemas/SecurityMonitoringContentPackIntegrationStatus'
logs_last_collected:
$ref: '#/components/schemas/SecurityMonitoringContentPackTimestampBucket'
logs_seen_from_any_index:
description: Whether logs have been seen from any index
example: true
type: boolean
state:
$ref: '#/components/schemas/SecurityMonitoringContentPackStatus'
required:
- state
- cp_activation
- logs_seen_from_any_index
- logs_last_collected
- cloud_siem_index_incorrect
- filters_configured_for_logs
type: object
SecurityMonitoringContentPackStateData:
description: Content pack state data.
properties:
attributes:
$ref: '#/components/schemas/SecurityMonitoringContentPackStateAttributes'
id:
description: The content pack identifier.
example: aws-cloudtrail
type: string
type:
$ref: '#/components/schemas/SecurityMonitoringContentPackStateType'
required:
- id
- type
- attributes
type: object
SecurityMonitoringContentPackStateMeta:
description: Metadata for content pack states
properties:
cloud_siem_index_incorrect:
description: Whether the cloud SIEM index configuration is incorrect at
the organization level
example: false
type: boolean
sku:
$ref: '#/components/schemas/SecurityMonitoringSKU'
required:
- cloud_siem_index_incorrect
- sku
type: object
SecurityMonitoringContentPackStateType:
description: Type for content pack state object
enum:
- content_pack_state
example: content_pack_state
type: string
x-enum-varnames:
- CONTENT_PACK_STATE
SecurityMonitoringContentPackStatesResponse:
description: Response containing content pack states.
properties:
data:
description: Array of content pack states.
items:
$ref: '#/components/schemas/SecurityMonitoringContentPackStateData'
type: array
meta:
$ref: '#/components/schemas/SecurityMonitoringContentPackStateMeta'
required:
- data
- meta
type: object
SecurityMonitoringContentPackStatus:
description: The current status of a content pack
enum:
- install
- activate
- initializing
- active
- warning
- broken
example: active
type: string
x-enum-varnames:
- INSTALL
- ACTIVATE
- INITIALIZING
- ACTIVE
- WARNING
- BROKEN
SecurityMonitoringContentPackTimestampBucket:
description: Timestamp bucket indicating when logs were last collected
enum:
- not_seen
- within_24_hours
- within_24_to_72_hours
- over_72h_to_30d
- over_30d
example: within_24_hours
type: string
x-enum-varnames:
- NOT_SEEN
- WITHIN_24_HOURS
- WITHIN_24_TO_72_HOURS
- OVER_72H_TO_30D
- OVER_30D
SecurityMonitoringCriticalAsset:
description: The critical asset's properties.
properties:
Expand Down Expand Up @@ -53561,6 +53708,18 @@ components:
- $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload'
- $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload'
- $ref: '#/components/schemas/CloudConfigurationRulePayload'
SecurityMonitoringSKU:
description: The SIEM pricing model (SKU) for the organization
enum:
- per_gb_analyzed
- per_event_in_siem_index_2023
- add_on_2024
example: add_on_2024
type: string
x-enum-varnames:
- PER_GB_ANALYZED
- PER_EVENT_IN_SIEM_INDEX_2023
- ADD_ON_2024
SecurityMonitoringSchedulingOptions:
description: Options for scheduled rules. When this field is present, the rule
runs based on the schedule. When absent, it runs real-time on ingested logs.
Expand Down Expand Up @@ -93367,6 +93526,123 @@ paths:
summary: Get a suppression's version history
tags:
- Security Monitoring
/api/v2/security_monitoring/content_packs/states:
get:
description: 'Get the activation and configuration states for all security monitoring
content packs.

This endpoint returns status information about each content pack including
activation state,

integration status, and log collection status.'
operationId: GetContentPacksStates
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SecurityMonitoringContentPackStatesResponse'
description: OK
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/JSONAPIErrorResponse'
description: Forbidden
'404':
content:
application/json:
schema:
$ref: '#/components/schemas/JSONAPIErrorResponse'
description: Not Found
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
summary: Get content pack states
tags:
- Security Monitoring
x-unstable: '**Note**: This endpoint is in preview and is subject to change.

If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
/api/v2/security_monitoring/content_packs/{content_pack_id}/activate:
put:
description: 'Activate a security monitoring content pack. This operation configures
the necessary

log filters or security filters depending on the pricing model and updates
the content

pack activation state.'
operationId: ActivateContentPack
parameters:
- description: The ID of the content pack to activate.
in: path
name: content_pack_id
required: true
schema:
example: aws-cloudtrail
type: string
responses:
'202':
description: Accepted
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/JSONAPIErrorResponse'
description: Forbidden
'404':
content:
application/json:
schema:
$ref: '#/components/schemas/JSONAPIErrorResponse'
description: Not Found
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
summary: Activate content pack
tags:
- Security Monitoring
x-unstable: '**Note**: This endpoint is in preview and is subject to change.

If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
/api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate:
put:
description: 'Deactivate a security monitoring content pack. This operation
removes the content pack''s

configuration from log filters or security filters and updates the content
pack activation state.'
operationId: DeactivateContentPack
parameters:
- description: The ID of the content pack to deactivate.
in: path
name: content_pack_id
required: true
schema:
example: aws-cloudtrail
type: string
responses:
'202':
description: Accepted
'403':
content:
application/json:
schema:
$ref: '#/components/schemas/JSONAPIErrorResponse'
description: Forbidden
'404':
content:
application/json:
schema:
$ref: '#/components/schemas/JSONAPIErrorResponse'
description: Not Found
'429':
$ref: '#/components/responses/TooManyRequestsResponse'
summary: Deactivate content pack
tags:
- Security Monitoring
x-unstable: '**Note**: This endpoint is in preview and is subject to change.

If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
/api/v2/security_monitoring/rules:
get:
description: List rules.
Expand Down
3 changes: 3 additions & 0 deletions api/datadog/configuration.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -672,9 +672,12 @@ func NewConfiguration() *Configuration {
"v2.GetOpenAPI": false,
"v2.ListAPIs": false,
"v2.UpdateOpenAPI": false,
"v2.ActivateContentPack": false,
"v2.CancelThreatHuntingJob": false,
"v2.ConvertJobResultToSignal": false,
"v2.DeactivateContentPack": false,
"v2.DeleteThreatHuntingJob": false,
"v2.GetContentPacksStates": false,
"v2.GetFinding": false,
"v2.GetRuleVersionHistory": false,
"v2.GetSecretsRules": false,
Expand Down
Loading